2 * MIPS emulation helpers for qemu.
4 * Copyright (c) 2004-2005 Jocelyn Mayer
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
39 /* no MMU emulation */
40 int no_mmu_map_address (CPUState *env, target_ulong *physical, int *prot,
41 target_ulong address, int rw, int access_type)
44 *prot = PAGE_READ | PAGE_WRITE;
48 /* fixed mapping MMU emulation */
49 int fixed_mmu_map_address (CPUState *env, target_ulong *physical, int *prot,
50 target_ulong address, int rw, int access_type)
52 if (address <= (int32_t)0x7FFFFFFFUL) {
53 if (!(env->CP0_Status & (1 << CP0St_ERL)))
54 *physical = address + 0x40000000UL;
57 } else if (address <= (int32_t)0xBFFFFFFFUL)
58 *physical = address & 0x1FFFFFFF;
62 *prot = PAGE_READ | PAGE_WRITE;
66 /* MIPS32/MIPS64 R4000-style MMU emulation */
67 int r4k_map_address (CPUState *env, target_ulong *physical, int *prot,
68 target_ulong address, int rw, int access_type)
70 uint8_t ASID = env->CP0_EntryHi & 0xFF;
73 for (i = 0; i < env->tlb_in_use; i++) {
74 r4k_tlb_t *tlb = &env->mmu.r4k.tlb[i];
75 /* 1k pages are not supported. */
76 target_ulong mask = tlb->PageMask | 0x1FFF;
77 target_ulong tag = address & ~mask;
80 /* Check ASID, virtual page number & size */
81 if ((tlb->G == 1 || tlb->ASID == ASID) &&
84 n = !!(address & mask & ~(mask >> 1));
85 /* Check access rights */
86 if (!(n ? tlb->V1 : tlb->V0))
87 return TLBRET_INVALID;
88 if (rw == 0 || (n ? tlb->D1 : tlb->D0)) {
89 *physical = tlb->PFN[n] | (address & (mask >> 1));
91 if (n ? tlb->D1 : tlb->D0)
98 return TLBRET_NOMATCH;
101 static int get_physical_address (CPUState *env, target_ulong *physical,
102 int *prot, target_ulong address,
103 int rw, int access_type)
105 /* User mode can only access useg/xuseg */
106 int user_mode = (env->hflags & MIPS_HFLAG_MODE) == MIPS_HFLAG_UM;
108 int UX = (env->CP0_Status & (1 << CP0St_UX)) != 0;
109 int SX = (env->CP0_Status & (1 << CP0St_SX)) != 0;
110 int KX = (env->CP0_Status & (1 << CP0St_KX)) != 0;
112 int ret = TLBRET_MATCH;
116 fprintf(logfile, "user mode %d h %08x\n",
117 user_mode, env->hflags);
122 if (user_mode && address > 0x3FFFFFFFFFFFFFFFULL)
123 return TLBRET_BADADDR;
125 if (user_mode && address > 0x7FFFFFFFUL)
126 return TLBRET_BADADDR;
129 if (address <= (int32_t)0x7FFFFFFFUL) {
131 if (!(env->CP0_Status & (1 << CP0St_ERL) && user_mode)) {
132 ret = env->map_address(env, physical, prot, address, rw, access_type);
134 *physical = address & 0xFFFFFFFF;
135 *prot = PAGE_READ | PAGE_WRITE;
140 - PABITS = 36 (correct for MIPS64R1)
143 } else if (address < 0x3FFFFFFFFFFFFFFFULL) {
145 if (UX && address < 0x000000FFFFFFFFFFULL) {
146 ret = env->map_address(env, physical, prot, address, rw, access_type);
148 ret = TLBRET_BADADDR;
150 } else if (address < 0x7FFFFFFFFFFFFFFFULL) {
152 if (SX && address < 0x400000FFFFFFFFFFULL) {
153 ret = env->map_address(env, physical, prot, address, rw, access_type);
155 ret = TLBRET_BADADDR;
157 } else if (address < 0xBFFFFFFFFFFFFFFFULL) {
159 /* XXX: check supervisor mode */
160 if (KX && (address & 0x03FFFFFFFFFFFFFFULL) < 0X0000000FFFFFFFFFULL)
162 *physical = address & 0X000000FFFFFFFFFFULL;
163 *prot = PAGE_READ | PAGE_WRITE;
165 ret = TLBRET_BADADDR;
167 } else if (address < 0xFFFFFFFF7FFFFFFFULL) {
169 /* XXX: check supervisor mode */
170 if (KX && address < 0xC00000FF7FFFFFFFULL) {
171 ret = env->map_address(env, physical, prot, address, rw, access_type);
173 ret = TLBRET_BADADDR;
176 } else if (address < (int32_t)0xA0000000UL) {
178 /* XXX: check supervisor mode */
179 *physical = address - (int32_t)0x80000000UL;
180 *prot = PAGE_READ | PAGE_WRITE;
181 } else if (address < (int32_t)0xC0000000UL) {
183 /* XXX: check supervisor mode */
184 *physical = address - (int32_t)0xA0000000UL;
185 *prot = PAGE_READ | PAGE_WRITE;
186 } else if (address < (int32_t)0xE0000000UL) {
188 ret = env->map_address(env, physical, prot, address, rw, access_type);
191 /* XXX: check supervisor mode */
192 /* XXX: debug segment is not emulated */
193 ret = env->map_address(env, physical, prot, address, rw, access_type);
197 fprintf(logfile, TARGET_FMT_lx " %d %d => " TARGET_FMT_lx " %d (%d)\n",
198 address, rw, access_type, *physical, *prot, ret);
205 #if defined(CONFIG_USER_ONLY)
206 target_phys_addr_t cpu_get_phys_page_debug(CPUState *env, target_ulong addr)
211 target_phys_addr_t cpu_get_phys_page_debug(CPUState *env, target_ulong addr)
213 target_ulong phys_addr;
216 if (get_physical_address(env, &phys_addr, &prot, addr, 0, ACCESS_INT) != 0)
221 void cpu_mips_init_mmu (CPUState *env)
224 #endif /* !defined(CONFIG_USER_ONLY) */
226 int cpu_mips_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
227 int is_user, int is_softmmu)
229 target_ulong physical;
231 int exception = 0, error_code = 0;
237 cpu_dump_state(env, logfile, fprintf, 0);
239 fprintf(logfile, "%s pc " TARGET_FMT_lx " ad " TARGET_FMT_lx " rw %d is_user %d smmu %d\n",
240 __func__, env->PC, address, rw, is_user, is_softmmu);
246 /* XXX: put correct access by using cpu_restore_state()
248 access_type = ACCESS_INT;
249 if (env->user_mode_only) {
250 /* user mode only emulation */
251 ret = TLBRET_NOMATCH;
254 ret = get_physical_address(env, &physical, &prot,
255 address, rw, access_type);
257 fprintf(logfile, "%s address=" TARGET_FMT_lx " ret %d physical " TARGET_FMT_lx " prot %d\n",
258 __func__, address, ret, physical, prot);
260 if (ret == TLBRET_MATCH) {
261 ret = tlb_set_page(env, address & TARGET_PAGE_MASK,
262 physical & TARGET_PAGE_MASK, prot,
263 is_user, is_softmmu);
264 } else if (ret < 0) {
269 /* Reference to kernel address from user mode or supervisor mode */
270 /* Reference to supervisor address from user mode */
272 exception = EXCP_AdES;
274 exception = EXCP_AdEL;
277 /* No TLB match for a mapped address */
279 exception = EXCP_TLBS;
281 exception = EXCP_TLBL;
285 /* TLB match with no valid bit */
287 exception = EXCP_TLBS;
289 exception = EXCP_TLBL;
292 /* TLB match but 'D' bit is cleared */
293 exception = EXCP_LTLBL;
297 /* Raise exception */
298 env->CP0_BadVAddr = address;
299 env->CP0_Context = (env->CP0_Context & 0xff800000) |
300 ((address >> 9) & 0x007ffff0);
302 (env->CP0_EntryHi & 0xFF) | (address & (TARGET_PAGE_MASK << 1));
303 env->exception_index = exception;
304 env->error_code = error_code;
311 #if defined(CONFIG_USER_ONLY)
312 void do_interrupt (CPUState *env)
314 env->exception_index = EXCP_NONE;
317 void do_interrupt (CPUState *env)
322 if (logfile && env->exception_index != EXCP_EXT_INTERRUPT) {
323 fprintf(logfile, "%s enter: PC " TARGET_FMT_lx " EPC " TARGET_FMT_lx " cause %d excp %d\n",
324 __func__, env->PC, env->CP0_EPC, cause, env->exception_index);
326 if (env->exception_index == EXCP_EXT_INTERRUPT &&
327 (env->hflags & MIPS_HFLAG_DM))
328 env->exception_index = EXCP_DINT;
330 switch (env->exception_index) {
332 env->CP0_Debug |= 1 << CP0DB_DSS;
333 /* Debug single step cannot be raised inside a delay slot and
334 * resume will always occur on the next instruction
335 * (but we assume the pc has always been updated during
338 env->CP0_DEPC = env->PC;
339 goto enter_debug_mode;
341 env->CP0_Debug |= 1 << CP0DB_DINT;
344 env->CP0_Debug |= 1 << CP0DB_DIB;
347 env->CP0_Debug |= 1 << CP0DB_DBp;
350 env->CP0_Debug |= 1 << CP0DB_DDBS;
353 env->CP0_Debug |= 1 << CP0DB_DDBL;
355 if (env->hflags & MIPS_HFLAG_BMASK) {
356 /* If the exception was raised from a delay slot,
357 come back to the jump. */
358 env->CP0_DEPC = env->PC - 4;
359 env->hflags &= ~MIPS_HFLAG_BMASK;
361 env->CP0_DEPC = env->PC;
364 env->hflags |= MIPS_HFLAG_DM;
365 env->hflags &= ~MIPS_HFLAG_UM;
366 /* EJTAG probe trap enable is not implemented... */
367 if (!(env->CP0_Status & (1 << CP0St_EXL)))
368 env->CP0_Cause &= ~(1 << CP0Ca_BD);
369 env->PC = (int32_t)0xBFC00480;
375 env->CP0_Status |= (1 << CP0St_SR);
376 env->CP0_WatchLo = 0;
379 env->CP0_Status |= (1 << CP0St_NMI);
381 if (env->hflags & MIPS_HFLAG_BMASK) {
382 /* If the exception was raised from a delay slot,
383 come back to the jump. */
384 env->CP0_ErrorEPC = env->PC - 4;
385 env->hflags &= ~MIPS_HFLAG_BMASK;
387 env->CP0_ErrorEPC = env->PC;
389 env->CP0_Status |= (1 << CP0St_ERL) | (1 << CP0St_BEV);
390 env->hflags &= ~MIPS_HFLAG_UM;
391 if (!(env->CP0_Status & (1 << CP0St_EXL)))
392 env->CP0_Cause &= ~(1 << CP0Ca_BD);
393 env->PC = (int32_t)0xBFC00000;
398 case EXCP_EXT_INTERRUPT:
400 if (env->CP0_Cause & (1 << CP0Ca_IV))
405 /* XXX: TODO: manage defered watch exceptions */
415 if (env->error_code == 1 && !(env->CP0_Status & (1 << CP0St_EXL)))
435 env->CP0_Cause = (env->CP0_Cause & ~(0x3 << CP0Ca_CE)) |
436 (env->error_code << CP0Ca_CE);
452 if (env->error_code == 1 && !(env->CP0_Status & (1 << CP0St_EXL)))
455 if (!(env->CP0_Status & (1 << CP0St_EXL))) {
456 if (env->hflags & MIPS_HFLAG_BMASK) {
457 /* If the exception was raised from a delay slot,
458 come back to the jump. */
459 env->CP0_EPC = env->PC - 4;
460 env->CP0_Cause |= (1 << CP0Ca_BD);
462 env->CP0_EPC = env->PC;
463 env->CP0_Cause &= ~(1 << CP0Ca_BD);
465 env->CP0_Status |= (1 << CP0St_EXL);
466 env->hflags &= ~MIPS_HFLAG_UM;
468 env->hflags &= ~MIPS_HFLAG_BMASK;
469 if (env->CP0_Status & (1 << CP0St_BEV)) {
470 env->PC = (int32_t)0xBFC00200;
472 env->PC = (int32_t)(env->CP0_EBase & ~0x3ff);
475 env->CP0_Cause = (env->CP0_Cause & ~(0x1f << CP0Ca_EC)) | (cause << CP0Ca_EC);
479 fprintf(logfile, "Invalid MIPS exception %d. Exiting\n",
480 env->exception_index);
482 printf("Invalid MIPS exception %d. Exiting\n", env->exception_index);
485 if (logfile && env->exception_index != EXCP_EXT_INTERRUPT) {
486 fprintf(logfile, "%s: PC " TARGET_FMT_lx " EPC " TARGET_FMT_lx " cause %d excp %d\n"
487 " S %08x C %08x A " TARGET_FMT_lx " D " TARGET_FMT_lx "\n",
488 __func__, env->PC, env->CP0_EPC, cause, env->exception_index,
489 env->CP0_Status, env->CP0_Cause, env->CP0_BadVAddr,
492 env->exception_index = EXCP_NONE;
494 #endif /* !defined(CONFIG_USER_ONLY) */
496 void r4k_invalidate_tlb (CPUState *env, int idx, int use_extra)
501 uint8_t ASID = env->CP0_EntryHi & 0xFF;
504 tlb = &env->mmu.r4k.tlb[idx];
505 /* The qemu TLB is flushed then the ASID changes, so no need to
506 flush these entries again. */
507 if (tlb->G == 0 && tlb->ASID != ASID) {
511 if (use_extra && env->tlb_in_use < MIPS_TLB_MAX) {
512 /* For tlbwr, we can shadow the discarded entry into
513 a new (fake) TLB entry, as long as the guest can not
514 tell that it's there. */
515 env->mmu.r4k.tlb[env->tlb_in_use] = *tlb;
520 /* 1k pages are not supported. */
521 mask = tlb->PageMask | 0x1FFF;
524 end = addr | (mask >> 1);
526 tlb_flush_page (env, addr);
527 addr += TARGET_PAGE_SIZE;
531 addr = tlb->VPN | ((mask >> 1) + 1);
532 addr = tlb->VPN + TARGET_PAGE_SIZE;
535 tlb_flush_page (env, addr);
536 addr += TARGET_PAGE_SIZE;