2 * PowerPC emulation helpers for qemu.
4 * Copyright (c) 2003-2007 Jocelyn Mayer
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
28 #include "helper_regs.h"
29 #include "qemu-common.h"
35 //#define DEBUG_SOFTWARE_TLB
36 //#define DUMP_PAGE_TABLES
37 //#define DEBUG_EXCEPTIONS
38 //#define FLUSH_ALL_TLBS
41 # define LOG_MMU(...) qemu_log(__VA_ARGS__)
42 # define LOG_MMU_STATE(env) log_cpu_state((env), 0)
44 # define LOG_MMU(...) do { } while (0)
45 # define LOG_MMU_STATE(...) do { } while (0)
49 #ifdef DEBUG_SOFTWARE_TLB
50 # define LOG_SWTLB(...) qemu_log(__VA_ARGS__)
52 # define LOG_SWTLB(...) do { } while (0)
56 # define LOG_BATS(...) qemu_log(__VA_ARGS__)
58 # define LOG_BATS(...) do { } while (0)
62 # define LOG_SLB(...) qemu_log(__VA_ARGS__)
64 # define LOG_SLB(...) do { } while (0)
67 #ifdef DEBUG_EXCEPTIONS
68 # define LOG_EXCP(...) qemu_log(__VA_ARGS__)
70 # define LOG_EXCP(...) do { } while (0)
74 /*****************************************************************************/
75 /* PowerPC MMU emulation */
77 #if defined(CONFIG_USER_ONLY)
78 int cpu_ppc_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
79 int mmu_idx, int is_softmmu)
81 int exception, error_code;
84 exception = POWERPC_EXCP_ISI;
85 error_code = 0x40000000;
87 exception = POWERPC_EXCP_DSI;
88 error_code = 0x40000000;
90 error_code |= 0x02000000;
91 env->spr[SPR_DAR] = address;
92 env->spr[SPR_DSISR] = error_code;
94 env->exception_index = exception;
95 env->error_code = error_code;
100 target_phys_addr_t cpu_get_phys_page_debug (CPUState *env, target_ulong addr)
106 /* Common routines used by software and hardware TLBs emulation */
107 static inline int pte_is_valid(target_ulong pte0)
109 return pte0 & 0x80000000 ? 1 : 0;
112 static inline void pte_invalidate(target_ulong *pte0)
114 *pte0 &= ~0x80000000;
117 #if defined(TARGET_PPC64)
118 static inline int pte64_is_valid(target_ulong pte0)
120 return pte0 & 0x0000000000000001ULL ? 1 : 0;
123 static inline void pte64_invalidate(target_ulong *pte0)
125 *pte0 &= ~0x0000000000000001ULL;
129 #define PTE_PTEM_MASK 0x7FFFFFBF
130 #define PTE_CHECK_MASK (TARGET_PAGE_MASK | 0x7B)
131 #if defined(TARGET_PPC64)
132 #define PTE64_PTEM_MASK 0xFFFFFFFFFFFFFF80ULL
133 #define PTE64_CHECK_MASK (TARGET_PAGE_MASK | 0x7F)
136 static inline int pp_check(int key, int pp, int nx)
140 /* Compute access rights */
141 /* When pp is 3/7, the result is undefined. Set it to noaccess */
148 access |= PAGE_WRITE;
166 access = PAGE_READ | PAGE_WRITE;
176 static inline int check_prot(int prot, int rw, int access_type)
180 if (access_type == ACCESS_CODE) {
181 if (prot & PAGE_EXEC)
186 if (prot & PAGE_WRITE)
191 if (prot & PAGE_READ)
200 static inline int _pte_check(mmu_ctx_t *ctx, int is_64b, target_ulong pte0,
201 target_ulong pte1, int h, int rw, int type)
203 target_ulong ptem, mmask;
204 int access, ret, pteh, ptev, pp;
208 /* Check validity and table match */
209 #if defined(TARGET_PPC64)
211 ptev = pte64_is_valid(pte0);
212 pteh = (pte0 >> 1) & 1;
216 ptev = pte_is_valid(pte0);
217 pteh = (pte0 >> 6) & 1;
219 if (ptev && h == pteh) {
220 /* Check vsid & api */
221 #if defined(TARGET_PPC64)
223 ptem = pte0 & PTE64_PTEM_MASK;
224 mmask = PTE64_CHECK_MASK;
225 pp = (pte1 & 0x00000003) | ((pte1 >> 61) & 0x00000004);
226 ctx->nx = (pte1 >> 2) & 1; /* No execute bit */
227 ctx->nx |= (pte1 >> 3) & 1; /* Guarded bit */
231 ptem = pte0 & PTE_PTEM_MASK;
232 mmask = PTE_CHECK_MASK;
233 pp = pte1 & 0x00000003;
235 if (ptem == ctx->ptem) {
236 if (ctx->raddr != (target_phys_addr_t)-1ULL) {
237 /* all matches should have equal RPN, WIMG & PP */
238 if ((ctx->raddr & mmask) != (pte1 & mmask)) {
239 qemu_log("Bad RPN/WIMG/PP\n");
243 /* Compute access rights */
244 access = pp_check(ctx->key, pp, ctx->nx);
245 /* Keep the matching PTE informations */
248 ret = check_prot(ctx->prot, rw, type);
251 LOG_MMU("PTE access granted !\n");
253 /* Access right violation */
254 LOG_MMU("PTE access rejected\n");
262 static inline int pte32_check(mmu_ctx_t *ctx, target_ulong pte0,
263 target_ulong pte1, int h, int rw, int type)
265 return _pte_check(ctx, 0, pte0, pte1, h, rw, type);
268 #if defined(TARGET_PPC64)
269 static inline int pte64_check(mmu_ctx_t *ctx, target_ulong pte0,
270 target_ulong pte1, int h, int rw, int type)
272 return _pte_check(ctx, 1, pte0, pte1, h, rw, type);
276 static inline int pte_update_flags(mmu_ctx_t *ctx, target_ulong *pte1p,
281 /* Update page flags */
282 if (!(*pte1p & 0x00000100)) {
283 /* Update accessed flag */
284 *pte1p |= 0x00000100;
287 if (!(*pte1p & 0x00000080)) {
288 if (rw == 1 && ret == 0) {
289 /* Update changed flag */
290 *pte1p |= 0x00000080;
293 /* Force page fault for first write access */
294 ctx->prot &= ~PAGE_WRITE;
301 /* Software driven TLB helpers */
302 static inline int ppc6xx_tlb_getnum(CPUState *env, target_ulong eaddr, int way,
307 /* Select TLB num in a way from address */
308 nr = (eaddr >> TARGET_PAGE_BITS) & (env->tlb_per_way - 1);
310 nr += env->tlb_per_way * way;
311 /* 6xx have separate TLBs for instructions and data */
312 if (is_code && env->id_tlbs == 1)
318 static inline void ppc6xx_tlb_invalidate_all(CPUState *env)
323 //LOG_SWTLB("Invalidate all TLBs\n");
324 /* Invalidate all defined software TLB */
326 if (env->id_tlbs == 1)
328 for (nr = 0; nr < max; nr++) {
329 tlb = &env->tlb[nr].tlb6;
330 pte_invalidate(&tlb->pte0);
335 static inline void __ppc6xx_tlb_invalidate_virt(CPUState *env,
337 int is_code, int match_epn)
339 #if !defined(FLUSH_ALL_TLBS)
343 /* Invalidate ITLB + DTLB, all ways */
344 for (way = 0; way < env->nb_ways; way++) {
345 nr = ppc6xx_tlb_getnum(env, eaddr, way, is_code);
346 tlb = &env->tlb[nr].tlb6;
347 if (pte_is_valid(tlb->pte0) && (match_epn == 0 || eaddr == tlb->EPN)) {
348 LOG_SWTLB("TLB invalidate %d/%d " ADDRX "\n",
349 nr, env->nb_tlb, eaddr);
350 pte_invalidate(&tlb->pte0);
351 tlb_flush_page(env, tlb->EPN);
355 /* XXX: PowerPC specification say this is valid as well */
356 ppc6xx_tlb_invalidate_all(env);
360 static inline void ppc6xx_tlb_invalidate_virt(CPUState *env,
361 target_ulong eaddr, int is_code)
363 __ppc6xx_tlb_invalidate_virt(env, eaddr, is_code, 0);
366 void ppc6xx_tlb_store (CPUState *env, target_ulong EPN, int way, int is_code,
367 target_ulong pte0, target_ulong pte1)
372 nr = ppc6xx_tlb_getnum(env, EPN, way, is_code);
373 tlb = &env->tlb[nr].tlb6;
374 LOG_SWTLB("Set TLB %d/%d EPN " ADDRX " PTE0 " ADDRX
375 " PTE1 " ADDRX "\n", nr, env->nb_tlb, EPN, pte0, pte1);
376 /* Invalidate any pending reference in Qemu for this virtual address */
377 __ppc6xx_tlb_invalidate_virt(env, EPN, is_code, 1);
381 /* Store last way for LRU mechanism */
385 static inline int ppc6xx_tlb_check(CPUState *env, mmu_ctx_t *ctx,
386 target_ulong eaddr, int rw, int access_type)
393 ret = -1; /* No TLB found */
394 for (way = 0; way < env->nb_ways; way++) {
395 nr = ppc6xx_tlb_getnum(env, eaddr, way,
396 access_type == ACCESS_CODE ? 1 : 0);
397 tlb = &env->tlb[nr].tlb6;
398 /* This test "emulates" the PTE index match for hardware TLBs */
399 if ((eaddr & TARGET_PAGE_MASK) != tlb->EPN) {
400 LOG_SWTLB("TLB %d/%d %s [" ADDRX " " ADDRX
403 pte_is_valid(tlb->pte0) ? "valid" : "inval",
404 tlb->EPN, tlb->EPN + TARGET_PAGE_SIZE, eaddr);
407 LOG_SWTLB("TLB %d/%d %s " ADDRX " <> " ADDRX " " ADDRX
410 pte_is_valid(tlb->pte0) ? "valid" : "inval",
411 tlb->EPN, eaddr, tlb->pte1,
412 rw ? 'S' : 'L', access_type == ACCESS_CODE ? 'I' : 'D');
413 switch (pte32_check(ctx, tlb->pte0, tlb->pte1, 0, rw, access_type)) {
415 /* TLB inconsistency */
418 /* Access violation */
428 /* XXX: we should go on looping to check all TLBs consistency
429 * but we can speed-up the whole thing as the
430 * result would be undefined if TLBs are not consistent.
439 LOG_SWTLB("found TLB at addr " PADDRX " prot=%01x ret=%d\n",
440 ctx->raddr & TARGET_PAGE_MASK, ctx->prot, ret);
441 /* Update page flags */
442 pte_update_flags(ctx, &env->tlb[best].tlb6.pte1, ret, rw);
448 /* Perform BAT hit & translation */
449 static inline void bat_size_prot(CPUState *env, target_ulong *blp, int *validp,
450 int *protp, target_ulong *BATu,
456 bl = (*BATu & 0x00001FFC) << 15;
459 if (((msr_pr == 0) && (*BATu & 0x00000002)) ||
460 ((msr_pr != 0) && (*BATu & 0x00000001))) {
462 pp = *BATl & 0x00000003;
464 prot = PAGE_READ | PAGE_EXEC;
474 static inline void bat_601_size_prot(CPUState *env, target_ulong *blp,
475 int *validp, int *protp,
476 target_ulong *BATu, target_ulong *BATl)
479 int key, pp, valid, prot;
481 bl = (*BATl & 0x0000003F) << 17;
482 LOG_BATS("b %02x ==> bl " ADDRX " msk " ADDRX "\n",
483 (uint8_t)(*BATl & 0x0000003F), bl, ~bl);
485 valid = (*BATl >> 6) & 1;
487 pp = *BATu & 0x00000003;
489 key = (*BATu >> 3) & 1;
491 key = (*BATu >> 2) & 1;
492 prot = pp_check(key, pp, 0);
499 static inline int get_bat(CPUState *env, mmu_ctx_t *ctx, target_ulong virtual,
502 target_ulong *BATlt, *BATut, *BATu, *BATl;
503 target_ulong base, BEPIl, BEPIu, bl;
507 LOG_BATS("%s: %cBAT v " ADDRX "\n", __func__,
508 type == ACCESS_CODE ? 'I' : 'D', virtual);
511 BATlt = env->IBAT[1];
512 BATut = env->IBAT[0];
515 BATlt = env->DBAT[1];
516 BATut = env->DBAT[0];
519 base = virtual & 0xFFFC0000;
520 for (i = 0; i < env->nb_BATs; i++) {
523 BEPIu = *BATu & 0xF0000000;
524 BEPIl = *BATu & 0x0FFE0000;
525 if (unlikely(env->mmu_model == POWERPC_MMU_601)) {
526 bat_601_size_prot(env, &bl, &valid, &prot, BATu, BATl);
528 bat_size_prot(env, &bl, &valid, &prot, BATu, BATl);
530 LOG_BATS("%s: %cBAT%d v " ADDRX " BATu " ADDRX
531 " BATl " ADDRX "\n", __func__,
532 type == ACCESS_CODE ? 'I' : 'D', i, virtual, *BATu, *BATl);
533 if ((virtual & 0xF0000000) == BEPIu &&
534 ((virtual & 0x0FFE0000) & ~bl) == BEPIl) {
537 /* Get physical address */
538 ctx->raddr = (*BATl & 0xF0000000) |
539 ((virtual & 0x0FFE0000 & bl) | (*BATl & 0x0FFE0000)) |
540 (virtual & 0x0001F000);
541 /* Compute access rights */
543 ret = check_prot(ctx->prot, rw, type);
545 LOG_BATS("BAT %d match: r " PADDRX " prot=%c%c\n",
546 i, ctx->raddr, ctx->prot & PAGE_READ ? 'R' : '-',
547 ctx->prot & PAGE_WRITE ? 'W' : '-');
553 #if defined(DEBUG_BATS)
554 if (qemu_log_enabled()) {
555 LOG_BATS("no BAT match for " ADDRX ":\n", virtual);
556 for (i = 0; i < 4; i++) {
559 BEPIu = *BATu & 0xF0000000;
560 BEPIl = *BATu & 0x0FFE0000;
561 bl = (*BATu & 0x00001FFC) << 15;
562 LOG_BATS("%s: %cBAT%d v " ADDRX " BATu " ADDRX
563 " BATl " ADDRX " \n\t" ADDRX " " ADDRX " " ADDRX "\n",
564 __func__, type == ACCESS_CODE ? 'I' : 'D', i, virtual,
565 *BATu, *BATl, BEPIu, BEPIl, bl);
574 /* PTE table lookup */
575 static inline int _find_pte(mmu_ctx_t *ctx, int is_64b, int h, int rw,
576 int type, int target_page_bits)
578 target_ulong base, pte0, pte1;
582 ret = -1; /* No entry found */
583 base = ctx->pg_addr[h];
584 for (i = 0; i < 8; i++) {
585 #if defined(TARGET_PPC64)
587 pte0 = ldq_phys(base + (i * 16));
588 pte1 = ldq_phys(base + (i * 16) + 8);
590 /* We have a TLB that saves 4K pages, so let's
591 * split a huge page to 4k chunks */
592 if (target_page_bits != TARGET_PAGE_BITS)
593 pte1 |= (ctx->eaddr & (( 1 << target_page_bits ) - 1))
596 r = pte64_check(ctx, pte0, pte1, h, rw, type);
597 LOG_MMU("Load pte from " ADDRX " => " ADDRX " " ADDRX
598 " %d %d %d " ADDRX "\n",
599 base + (i * 16), pte0, pte1,
600 (int)(pte0 & 1), h, (int)((pte0 >> 1) & 1),
605 pte0 = ldl_phys(base + (i * 8));
606 pte1 = ldl_phys(base + (i * 8) + 4);
607 r = pte32_check(ctx, pte0, pte1, h, rw, type);
608 LOG_MMU("Load pte from " ADDRX " => " ADDRX " " ADDRX
609 " %d %d %d " ADDRX "\n",
610 base + (i * 8), pte0, pte1,
611 (int)(pte0 >> 31), h, (int)((pte0 >> 6) & 1),
616 /* PTE inconsistency */
619 /* Access violation */
629 /* XXX: we should go on looping to check all PTEs consistency
630 * but if we can speed-up the whole thing as the
631 * result would be undefined if PTEs are not consistent.
640 LOG_MMU("found PTE at addr " PADDRX " prot=%01x ret=%d\n",
641 ctx->raddr, ctx->prot, ret);
642 /* Update page flags */
644 if (pte_update_flags(ctx, &pte1, ret, rw) == 1) {
645 #if defined(TARGET_PPC64)
647 stq_phys_notdirty(base + (good * 16) + 8, pte1);
651 stl_phys_notdirty(base + (good * 8) + 4, pte1);
659 static inline int find_pte32(mmu_ctx_t *ctx, int h, int rw, int type,
660 int target_page_bits)
662 return _find_pte(ctx, 0, h, rw, type, target_page_bits);
665 #if defined(TARGET_PPC64)
666 static inline int find_pte64(mmu_ctx_t *ctx, int h, int rw, int type,
667 int target_page_bits)
669 return _find_pte(ctx, 1, h, rw, type, target_page_bits);
673 static inline int find_pte(CPUState *env, mmu_ctx_t *ctx, int h, int rw,
674 int type, int target_page_bits)
676 #if defined(TARGET_PPC64)
677 if (env->mmu_model & POWERPC_MMU_64)
678 return find_pte64(ctx, h, rw, type, target_page_bits);
681 return find_pte32(ctx, h, rw, type, target_page_bits);
684 #if defined(TARGET_PPC64)
685 static ppc_slb_t *slb_get_entry(CPUPPCState *env, int nr)
687 ppc_slb_t *retval = &env->slb[nr];
689 #if 0 // XXX implement bridge mode?
690 if (env->spr[SPR_ASR] & 1) {
691 target_phys_addr_t sr_base;
693 sr_base = env->spr[SPR_ASR] & 0xfffffffffffff000;
694 sr_base += (12 * nr);
696 retval->tmp64 = ldq_phys(sr_base);
697 retval->tmp = ldl_phys(sr_base + 8);
704 static void slb_set_entry(CPUPPCState *env, int nr, ppc_slb_t *slb)
706 ppc_slb_t *entry = &env->slb[nr];
711 entry->tmp64 = slb->tmp64;
712 entry->tmp = slb->tmp;
715 static inline int slb_is_valid(ppc_slb_t *slb)
717 return (int)(slb->tmp64 & 0x0000000008000000ULL);
720 static inline void slb_invalidate(ppc_slb_t *slb)
722 slb->tmp64 &= ~0x0000000008000000ULL;
725 static inline int slb_lookup(CPUPPCState *env, target_ulong eaddr,
726 target_ulong *vsid, target_ulong *page_mask,
727 int *attr, int *target_page_bits)
733 LOG_SLB("%s: eaddr " ADDRX "\n", __func__, eaddr);
734 mask = 0x0000000000000000ULL; /* Avoid gcc warning */
735 for (n = 0; n < env->slb_nr; n++) {
736 ppc_slb_t *slb = slb_get_entry(env, n);
738 LOG_SLB("%s: seg %d %016" PRIx64 " %08"
739 PRIx32 "\n", __func__, n, slb->tmp64, slb->tmp);
740 if (slb_is_valid(slb)) {
741 /* SLB entry is valid */
742 if (slb->tmp & 0x8) {
744 mask = 0xFFFF000000000000ULL;
745 if (target_page_bits)
746 *target_page_bits = 24; // XXX 16M pages?
749 mask = 0xFFFFFFFFF0000000ULL;
750 if (target_page_bits)
751 *target_page_bits = TARGET_PAGE_BITS;
753 if ((eaddr & mask) == (slb->tmp64 & mask)) {
755 *vsid = ((slb->tmp64 << 24) | (slb->tmp >> 8)) & 0x0003FFFFFFFFFFFFULL;
757 *attr = slb->tmp & 0xFF;
767 void ppc_slb_invalidate_all (CPUPPCState *env)
769 int n, do_invalidate;
772 /* XXX: Warning: slbia never invalidates the first segment */
773 for (n = 1; n < env->slb_nr; n++) {
774 ppc_slb_t *slb = slb_get_entry(env, n);
776 if (slb_is_valid(slb)) {
778 slb_set_entry(env, n, slb);
779 /* XXX: given the fact that segment size is 256 MB or 1TB,
780 * and we still don't have a tlb_flush_mask(env, n, mask)
781 * in Qemu, we just invalidate all TLBs
790 void ppc_slb_invalidate_one (CPUPPCState *env, uint64_t T0)
792 target_ulong vsid, page_mask;
796 n = slb_lookup(env, T0, &vsid, &page_mask, &attr, NULL);
798 ppc_slb_t *slb = slb_get_entry(env, n);
800 if (slb_is_valid(slb)) {
802 slb_set_entry(env, n, slb);
803 /* XXX: given the fact that segment size is 256 MB or 1TB,
804 * and we still don't have a tlb_flush_mask(env, n, mask)
805 * in Qemu, we just invalidate all TLBs
812 target_ulong ppc_load_slb (CPUPPCState *env, int slb_nr)
815 ppc_slb_t *slb = slb_get_entry(env, slb_nr);
817 if (slb_is_valid(slb)) {
818 /* SLB entry is valid */
819 /* Copy SLB bits 62:88 to Rt 37:63 (VSID 23:49) */
820 rt = slb->tmp >> 8; /* 65:88 => 40:63 */
821 rt |= (slb->tmp64 & 0x7) << 24; /* 62:64 => 37:39 */
822 /* Copy SLB bits 89:92 to Rt 33:36 (KsKpNL) */
823 rt |= ((slb->tmp >> 4) & 0xF) << 27;
827 LOG_SLB("%s: %016" PRIx64 " %08" PRIx32 " => %d "
828 ADDRX "\n", __func__, slb->tmp64, slb->tmp, slb_nr, rt);
833 void ppc_store_slb (CPUPPCState *env, target_ulong rb, target_ulong rs)
839 int flags, valid, slb_nr;
842 flags = ((rs >> 8) & 0xf);
845 valid = (rb & (1 << 27));
848 slb = slb_get_entry(env, slb_nr);
849 slb->tmp64 = (esid << 28) | valid | (vsid >> 24);
850 slb->tmp = (vsid << 8) | (flags << 3);
852 LOG_SLB("%s: %d " ADDRX " - " ADDRX " => %016" PRIx64
853 " %08" PRIx32 "\n", __func__,
854 slb_nr, rb, rs, slb->tmp64, slb->tmp);
856 slb_set_entry(env, slb_nr, slb);
858 #endif /* defined(TARGET_PPC64) */
860 /* Perform segment based translation */
861 static inline target_phys_addr_t get_pgaddr(target_phys_addr_t sdr1,
863 target_phys_addr_t hash,
864 target_phys_addr_t mask)
866 return (sdr1 & ((target_phys_addr_t)(-1ULL) << sdr_sh)) | (hash & mask);
869 static inline int get_segment(CPUState *env, mmu_ctx_t *ctx,
870 target_ulong eaddr, int rw, int type)
872 target_phys_addr_t sdr, hash, mask, sdr_mask, htab_mask;
873 target_ulong sr, vsid, vsid_mask, pgidx, page_mask;
874 #if defined(TARGET_PPC64)
877 int ds, vsid_sh, sdr_sh, pr, target_page_bits;
881 #if defined(TARGET_PPC64)
882 if (env->mmu_model & POWERPC_MMU_64) {
883 LOG_MMU("Check SLBs\n");
884 ret = slb_lookup(env, eaddr, &vsid, &page_mask, &attr,
888 ctx->key = ((attr & 0x40) && (pr != 0)) ||
889 ((attr & 0x80) && (pr == 0)) ? 1 : 0;
891 ctx->nx = attr & 0x10 ? 1 : 0;
893 vsid_mask = 0x00003FFFFFFFFF80ULL;
898 #endif /* defined(TARGET_PPC64) */
900 sr = env->sr[eaddr >> 28];
901 page_mask = 0x0FFFFFFF;
902 ctx->key = (((sr & 0x20000000) && (pr != 0)) ||
903 ((sr & 0x40000000) && (pr == 0))) ? 1 : 0;
904 ds = sr & 0x80000000 ? 1 : 0;
905 ctx->nx = sr & 0x10000000 ? 1 : 0;
906 vsid = sr & 0x00FFFFFF;
907 vsid_mask = 0x01FFFFC0;
911 target_page_bits = TARGET_PAGE_BITS;
912 LOG_MMU("Check segment v=" ADDRX " %d " ADDRX
913 " nip=" ADDRX " lr=" ADDRX " ir=%d dr=%d pr=%d %d t=%d\n",
914 eaddr, (int)(eaddr >> 28), sr, env->nip,
915 env->lr, (int)msr_ir, (int)msr_dr, pr != 0 ? 1 : 0,
918 LOG_MMU("pte segment: key=%d ds %d nx %d vsid " ADDRX "\n",
919 ctx->key, ds, ctx->nx, vsid);
922 /* Check if instruction fetch is allowed, if needed */
923 if (type != ACCESS_CODE || ctx->nx == 0) {
924 /* Page address translation */
925 /* Primary table address */
927 pgidx = (eaddr & page_mask) >> target_page_bits;
928 #if defined(TARGET_PPC64)
929 if (env->mmu_model & POWERPC_MMU_64) {
930 htab_mask = 0x0FFFFFFF >> (28 - (sdr & 0x1F));
931 /* XXX: this is false for 1 TB segments */
932 hash = ((vsid ^ pgidx) << vsid_sh) & vsid_mask;
936 htab_mask = sdr & 0x000001FF;
937 hash = ((vsid ^ pgidx) << vsid_sh) & vsid_mask;
939 mask = (htab_mask << sdr_sh) | sdr_mask;
940 LOG_MMU("sdr " PADDRX " sh %d hash " PADDRX
941 " mask " PADDRX " " ADDRX "\n",
942 sdr, sdr_sh, hash, mask, page_mask);
943 ctx->pg_addr[0] = get_pgaddr(sdr, sdr_sh, hash, mask);
944 /* Secondary table address */
945 hash = (~hash) & vsid_mask;
946 LOG_MMU("sdr " PADDRX " sh %d hash " PADDRX
947 " mask " PADDRX "\n",
948 sdr, sdr_sh, hash, mask);
949 ctx->pg_addr[1] = get_pgaddr(sdr, sdr_sh, hash, mask);
950 #if defined(TARGET_PPC64)
951 if (env->mmu_model & POWERPC_MMU_64) {
952 /* Only 5 bits of the page index are used in the AVPN */
953 if (target_page_bits > 23) {
954 ctx->ptem = (vsid << 12) |
955 ((pgidx << (target_page_bits - 16)) & 0xF80);
957 ctx->ptem = (vsid << 12) | ((pgidx >> 4) & 0x0F80);
962 ctx->ptem = (vsid << 7) | (pgidx >> 10);
964 /* Initialize real address with an invalid value */
965 ctx->raddr = (target_phys_addr_t)-1ULL;
966 if (unlikely(env->mmu_model == POWERPC_MMU_SOFT_6xx ||
967 env->mmu_model == POWERPC_MMU_SOFT_74xx)) {
968 /* Software TLB search */
969 ret = ppc6xx_tlb_check(env, ctx, eaddr, rw, type);
971 LOG_MMU("0 sdr1=" PADDRX " vsid=" ADDRX " "
972 "api=" ADDRX " hash=" PADDRX
973 " pg_addr=" PADDRX "\n",
974 sdr, vsid, pgidx, hash, ctx->pg_addr[0]);
975 /* Primary table lookup */
976 ret = find_pte(env, ctx, 0, rw, type, target_page_bits);
978 /* Secondary table lookup */
979 if (eaddr != 0xEFFFFFFF)
980 LOG_MMU("1 sdr1=" PADDRX " vsid=" ADDRX " "
981 "api=" ADDRX " hash=" PADDRX
982 " pg_addr=" PADDRX "\n",
983 sdr, vsid, pgidx, hash, ctx->pg_addr[1]);
984 ret2 = find_pte(env, ctx, 1, rw, type,
990 #if defined (DUMP_PAGE_TABLES)
991 if (qemu_log_enabled()) {
992 target_phys_addr_t curaddr;
993 uint32_t a0, a1, a2, a3;
994 qemu_log("Page table: " PADDRX " len " PADDRX "\n",
996 for (curaddr = sdr; curaddr < (sdr + mask + 0x80);
998 a0 = ldl_phys(curaddr);
999 a1 = ldl_phys(curaddr + 4);
1000 a2 = ldl_phys(curaddr + 8);
1001 a3 = ldl_phys(curaddr + 12);
1002 if (a0 != 0 || a1 != 0 || a2 != 0 || a3 != 0) {
1003 qemu_log(PADDRX ": %08x %08x %08x %08x\n",
1004 curaddr, a0, a1, a2, a3);
1010 LOG_MMU("No access allowed\n");
1014 LOG_MMU("direct store...\n");
1015 /* Direct-store segment : absolutely *BUGGY* for now */
1018 /* Integer load/store : only access allowed */
1021 /* No code fetch is allowed in direct-store areas */
1024 /* Floating point load/store */
1027 /* lwarx, ldarx or srwcx. */
1030 /* dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi */
1031 /* Should make the instruction do no-op.
1032 * As it already do no-op, it's quite easy :-)
1037 /* eciwx or ecowx */
1040 qemu_log("ERROR: instruction should not need "
1041 "address translation\n");
1044 if ((rw == 1 || ctx->key != 1) && (rw == 0 || ctx->key != 0)) {
1055 /* Generic TLB check function for embedded PowerPC implementations */
1056 static inline int ppcemb_tlb_check(CPUState *env, ppcemb_tlb_t *tlb,
1057 target_phys_addr_t *raddrp,
1058 target_ulong address, uint32_t pid, int ext,
1063 /* Check valid flag */
1064 if (!(tlb->prot & PAGE_VALID)) {
1065 qemu_log("%s: TLB %d not valid\n", __func__, i);
1068 mask = ~(tlb->size - 1);
1069 LOG_SWTLB("%s: TLB %d address " ADDRX " PID %u <=> " ADDRX
1071 __func__, i, address, pid, tlb->EPN, mask, (uint32_t)tlb->PID);
1073 if (tlb->PID != 0 && tlb->PID != pid)
1075 /* Check effective address */
1076 if ((address & mask) != tlb->EPN)
1078 *raddrp = (tlb->RPN & mask) | (address & ~mask);
1079 #if (TARGET_PHYS_ADDR_BITS >= 36)
1081 /* Extend the physical address to 36 bits */
1082 *raddrp |= (target_phys_addr_t)(tlb->RPN & 0xF) << 32;
1089 /* Generic TLB search function for PowerPC embedded implementations */
1090 int ppcemb_tlb_search (CPUPPCState *env, target_ulong address, uint32_t pid)
1093 target_phys_addr_t raddr;
1096 /* Default return value is no match */
1098 for (i = 0; i < env->nb_tlb; i++) {
1099 tlb = &env->tlb[i].tlbe;
1100 if (ppcemb_tlb_check(env, tlb, &raddr, address, pid, 0, i) == 0) {
1109 /* Helpers specific to PowerPC 40x implementations */
1110 static inline void ppc4xx_tlb_invalidate_all(CPUState *env)
1115 for (i = 0; i < env->nb_tlb; i++) {
1116 tlb = &env->tlb[i].tlbe;
1117 tlb->prot &= ~PAGE_VALID;
1122 static inline void ppc4xx_tlb_invalidate_virt(CPUState *env,
1123 target_ulong eaddr, uint32_t pid)
1125 #if !defined(FLUSH_ALL_TLBS)
1127 target_phys_addr_t raddr;
1128 target_ulong page, end;
1131 for (i = 0; i < env->nb_tlb; i++) {
1132 tlb = &env->tlb[i].tlbe;
1133 if (ppcemb_tlb_check(env, tlb, &raddr, eaddr, pid, 0, i) == 0) {
1134 end = tlb->EPN + tlb->size;
1135 for (page = tlb->EPN; page < end; page += TARGET_PAGE_SIZE)
1136 tlb_flush_page(env, page);
1137 tlb->prot &= ~PAGE_VALID;
1142 ppc4xx_tlb_invalidate_all(env);
1146 static int mmu40x_get_physical_address (CPUState *env, mmu_ctx_t *ctx,
1147 target_ulong address, int rw, int access_type)
1150 target_phys_addr_t raddr;
1151 int i, ret, zsel, zpr, pr;
1154 raddr = (target_phys_addr_t)-1ULL;
1156 for (i = 0; i < env->nb_tlb; i++) {
1157 tlb = &env->tlb[i].tlbe;
1158 if (ppcemb_tlb_check(env, tlb, &raddr, address,
1159 env->spr[SPR_40x_PID], 0, i) < 0)
1161 zsel = (tlb->attr >> 4) & 0xF;
1162 zpr = (env->spr[SPR_40x_ZPR] >> (28 - (2 * zsel))) & 0x3;
1163 LOG_SWTLB("%s: TLB %d zsel %d zpr %d rw %d attr %08x\n",
1164 __func__, i, zsel, zpr, rw, tlb->attr);
1165 /* Check execute enable bit */
1172 /* All accesses granted */
1173 ctx->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
1185 /* Check from TLB entry */
1186 /* XXX: there is a problem here or in the TLB fill code... */
1187 ctx->prot = tlb->prot;
1188 ctx->prot |= PAGE_EXEC;
1189 ret = check_prot(ctx->prot, rw, access_type);
1194 LOG_SWTLB("%s: access granted " ADDRX " => " PADDRX
1195 " %d %d\n", __func__, address, ctx->raddr, ctx->prot,
1200 LOG_SWTLB("%s: access refused " ADDRX " => " PADDRX
1201 " %d %d\n", __func__, address, raddr, ctx->prot,
1207 void store_40x_sler (CPUPPCState *env, uint32_t val)
1209 /* XXX: TO BE FIXED */
1210 if (val != 0x00000000) {
1211 cpu_abort(env, "Little-endian regions are not supported by now\n");
1213 env->spr[SPR_405_SLER] = val;
1216 static int mmubooke_get_physical_address (CPUState *env, mmu_ctx_t *ctx,
1217 target_ulong address, int rw,
1221 target_phys_addr_t raddr;
1225 raddr = (target_phys_addr_t)-1ULL;
1226 for (i = 0; i < env->nb_tlb; i++) {
1227 tlb = &env->tlb[i].tlbe;
1228 if (ppcemb_tlb_check(env, tlb, &raddr, address,
1229 env->spr[SPR_BOOKE_PID], 1, i) < 0)
1232 prot = tlb->prot & 0xF;
1234 prot = (tlb->prot >> 4) & 0xF;
1235 /* Check the address space */
1236 if (access_type == ACCESS_CODE) {
1237 if (msr_ir != (tlb->attr & 1))
1240 if (prot & PAGE_EXEC) {
1246 if (msr_dr != (tlb->attr & 1))
1249 if ((!rw && prot & PAGE_READ) || (rw && (prot & PAGE_WRITE))) {
1262 static inline int check_physical(CPUState *env, mmu_ctx_t *ctx,
1263 target_ulong eaddr, int rw)
1268 ctx->prot = PAGE_READ | PAGE_EXEC;
1270 switch (env->mmu_model) {
1271 case POWERPC_MMU_32B:
1272 case POWERPC_MMU_601:
1273 case POWERPC_MMU_SOFT_6xx:
1274 case POWERPC_MMU_SOFT_74xx:
1275 case POWERPC_MMU_SOFT_4xx:
1276 case POWERPC_MMU_REAL:
1277 case POWERPC_MMU_BOOKE:
1278 ctx->prot |= PAGE_WRITE;
1280 #if defined(TARGET_PPC64)
1281 case POWERPC_MMU_620:
1282 case POWERPC_MMU_64B:
1283 /* Real address are 60 bits long */
1284 ctx->raddr &= 0x0FFFFFFFFFFFFFFFULL;
1285 ctx->prot |= PAGE_WRITE;
1288 case POWERPC_MMU_SOFT_4xx_Z:
1289 if (unlikely(msr_pe != 0)) {
1290 /* 403 family add some particular protections,
1291 * using PBL/PBU registers for accesses with no translation.
1294 /* Check PLB validity */
1295 (env->pb[0] < env->pb[1] &&
1296 /* and address in plb area */
1297 eaddr >= env->pb[0] && eaddr < env->pb[1]) ||
1298 (env->pb[2] < env->pb[3] &&
1299 eaddr >= env->pb[2] && eaddr < env->pb[3]) ? 1 : 0;
1300 if (in_plb ^ msr_px) {
1301 /* Access in protected area */
1303 /* Access is not allowed */
1307 /* Read-write access is allowed */
1308 ctx->prot |= PAGE_WRITE;
1312 case POWERPC_MMU_MPC8xx:
1314 cpu_abort(env, "MPC8xx MMU model is not implemented\n");
1316 case POWERPC_MMU_BOOKE_FSL:
1318 cpu_abort(env, "BookE FSL MMU model not implemented\n");
1321 cpu_abort(env, "Unknown or invalid MMU model\n");
1328 int get_physical_address (CPUState *env, mmu_ctx_t *ctx, target_ulong eaddr,
1329 int rw, int access_type)
1334 qemu_log("%s\n", __func__);
1336 if ((access_type == ACCESS_CODE && msr_ir == 0) ||
1337 (access_type != ACCESS_CODE && msr_dr == 0)) {
1338 /* No address translation */
1339 ret = check_physical(env, ctx, eaddr, rw);
1342 switch (env->mmu_model) {
1343 case POWERPC_MMU_32B:
1344 case POWERPC_MMU_601:
1345 case POWERPC_MMU_SOFT_6xx:
1346 case POWERPC_MMU_SOFT_74xx:
1347 /* Try to find a BAT */
1348 if (env->nb_BATs != 0)
1349 ret = get_bat(env, ctx, eaddr, rw, access_type);
1350 #if defined(TARGET_PPC64)
1351 case POWERPC_MMU_620:
1352 case POWERPC_MMU_64B:
1355 /* We didn't match any BAT entry or don't have BATs */
1356 ret = get_segment(env, ctx, eaddr, rw, access_type);
1359 case POWERPC_MMU_SOFT_4xx:
1360 case POWERPC_MMU_SOFT_4xx_Z:
1361 ret = mmu40x_get_physical_address(env, ctx, eaddr,
1364 case POWERPC_MMU_BOOKE:
1365 ret = mmubooke_get_physical_address(env, ctx, eaddr,
1368 case POWERPC_MMU_MPC8xx:
1370 cpu_abort(env, "MPC8xx MMU model is not implemented\n");
1372 case POWERPC_MMU_BOOKE_FSL:
1374 cpu_abort(env, "BookE FSL MMU model not implemented\n");
1376 case POWERPC_MMU_REAL:
1377 cpu_abort(env, "PowerPC in real mode do not do any translation\n");
1380 cpu_abort(env, "Unknown or invalid MMU model\n");
1385 qemu_log("%s address " ADDRX " => %d " PADDRX "\n",
1386 __func__, eaddr, ret, ctx->raddr);
1392 target_phys_addr_t cpu_get_phys_page_debug (CPUState *env, target_ulong addr)
1396 if (unlikely(get_physical_address(env, &ctx, addr, 0, ACCESS_INT) != 0))
1399 return ctx.raddr & TARGET_PAGE_MASK;
1402 /* Perform address translation */
1403 int cpu_ppc_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
1404 int mmu_idx, int is_softmmu)
1413 access_type = ACCESS_CODE;
1416 access_type = env->access_type;
1418 ret = get_physical_address(env, &ctx, address, rw, access_type);
1420 ret = tlb_set_page_exec(env, address & TARGET_PAGE_MASK,
1421 ctx.raddr & TARGET_PAGE_MASK, ctx.prot,
1422 mmu_idx, is_softmmu);
1423 } else if (ret < 0) {
1425 if (access_type == ACCESS_CODE) {
1428 /* No matches in page tables or TLB */
1429 switch (env->mmu_model) {
1430 case POWERPC_MMU_SOFT_6xx:
1431 env->exception_index = POWERPC_EXCP_IFTLB;
1432 env->error_code = 1 << 18;
1433 env->spr[SPR_IMISS] = address;
1434 env->spr[SPR_ICMP] = 0x80000000 | ctx.ptem;
1436 case POWERPC_MMU_SOFT_74xx:
1437 env->exception_index = POWERPC_EXCP_IFTLB;
1439 case POWERPC_MMU_SOFT_4xx:
1440 case POWERPC_MMU_SOFT_4xx_Z:
1441 env->exception_index = POWERPC_EXCP_ITLB;
1442 env->error_code = 0;
1443 env->spr[SPR_40x_DEAR] = address;
1444 env->spr[SPR_40x_ESR] = 0x00000000;
1446 case POWERPC_MMU_32B:
1447 case POWERPC_MMU_601:
1448 #if defined(TARGET_PPC64)
1449 case POWERPC_MMU_620:
1450 case POWERPC_MMU_64B:
1452 env->exception_index = POWERPC_EXCP_ISI;
1453 env->error_code = 0x40000000;
1455 case POWERPC_MMU_BOOKE:
1457 cpu_abort(env, "BookE MMU model is not implemented\n");
1459 case POWERPC_MMU_BOOKE_FSL:
1461 cpu_abort(env, "BookE FSL MMU model is not implemented\n");
1463 case POWERPC_MMU_MPC8xx:
1465 cpu_abort(env, "MPC8xx MMU model is not implemented\n");
1467 case POWERPC_MMU_REAL:
1468 cpu_abort(env, "PowerPC in real mode should never raise "
1469 "any MMU exceptions\n");
1472 cpu_abort(env, "Unknown or invalid MMU model\n");
1477 /* Access rights violation */
1478 env->exception_index = POWERPC_EXCP_ISI;
1479 env->error_code = 0x08000000;
1482 /* No execute protection violation */
1483 env->exception_index = POWERPC_EXCP_ISI;
1484 env->error_code = 0x10000000;
1487 /* Direct store exception */
1488 /* No code fetch is allowed in direct-store areas */
1489 env->exception_index = POWERPC_EXCP_ISI;
1490 env->error_code = 0x10000000;
1492 #if defined(TARGET_PPC64)
1494 /* No match in segment table */
1495 if (env->mmu_model == POWERPC_MMU_620) {
1496 env->exception_index = POWERPC_EXCP_ISI;
1497 /* XXX: this might be incorrect */
1498 env->error_code = 0x40000000;
1500 env->exception_index = POWERPC_EXCP_ISEG;
1501 env->error_code = 0;
1509 /* No matches in page tables or TLB */
1510 switch (env->mmu_model) {
1511 case POWERPC_MMU_SOFT_6xx:
1513 env->exception_index = POWERPC_EXCP_DSTLB;
1514 env->error_code = 1 << 16;
1516 env->exception_index = POWERPC_EXCP_DLTLB;
1517 env->error_code = 0;
1519 env->spr[SPR_DMISS] = address;
1520 env->spr[SPR_DCMP] = 0x80000000 | ctx.ptem;
1522 env->error_code |= ctx.key << 19;
1523 env->spr[SPR_HASH1] = ctx.pg_addr[0];
1524 env->spr[SPR_HASH2] = ctx.pg_addr[1];
1526 case POWERPC_MMU_SOFT_74xx:
1528 env->exception_index = POWERPC_EXCP_DSTLB;
1530 env->exception_index = POWERPC_EXCP_DLTLB;
1533 /* Implement LRU algorithm */
1534 env->error_code = ctx.key << 19;
1535 env->spr[SPR_TLBMISS] = (address & ~((target_ulong)0x3)) |
1536 ((env->last_way + 1) & (env->nb_ways - 1));
1537 env->spr[SPR_PTEHI] = 0x80000000 | ctx.ptem;
1539 case POWERPC_MMU_SOFT_4xx:
1540 case POWERPC_MMU_SOFT_4xx_Z:
1541 env->exception_index = POWERPC_EXCP_DTLB;
1542 env->error_code = 0;
1543 env->spr[SPR_40x_DEAR] = address;
1545 env->spr[SPR_40x_ESR] = 0x00800000;
1547 env->spr[SPR_40x_ESR] = 0x00000000;
1549 case POWERPC_MMU_32B:
1550 case POWERPC_MMU_601:
1551 #if defined(TARGET_PPC64)
1552 case POWERPC_MMU_620:
1553 case POWERPC_MMU_64B:
1555 env->exception_index = POWERPC_EXCP_DSI;
1556 env->error_code = 0;
1557 env->spr[SPR_DAR] = address;
1559 env->spr[SPR_DSISR] = 0x42000000;
1561 env->spr[SPR_DSISR] = 0x40000000;
1563 case POWERPC_MMU_MPC8xx:
1565 cpu_abort(env, "MPC8xx MMU model is not implemented\n");
1567 case POWERPC_MMU_BOOKE:
1569 cpu_abort(env, "BookE MMU model is not implemented\n");
1571 case POWERPC_MMU_BOOKE_FSL:
1573 cpu_abort(env, "BookE FSL MMU model is not implemented\n");
1575 case POWERPC_MMU_REAL:
1576 cpu_abort(env, "PowerPC in real mode should never raise "
1577 "any MMU exceptions\n");
1580 cpu_abort(env, "Unknown or invalid MMU model\n");
1585 /* Access rights violation */
1586 env->exception_index = POWERPC_EXCP_DSI;
1587 env->error_code = 0;
1588 env->spr[SPR_DAR] = address;
1590 env->spr[SPR_DSISR] = 0x0A000000;
1592 env->spr[SPR_DSISR] = 0x08000000;
1595 /* Direct store exception */
1596 switch (access_type) {
1598 /* Floating point load/store */
1599 env->exception_index = POWERPC_EXCP_ALIGN;
1600 env->error_code = POWERPC_EXCP_ALIGN_FP;
1601 env->spr[SPR_DAR] = address;
1604 /* lwarx, ldarx or stwcx. */
1605 env->exception_index = POWERPC_EXCP_DSI;
1606 env->error_code = 0;
1607 env->spr[SPR_DAR] = address;
1609 env->spr[SPR_DSISR] = 0x06000000;
1611 env->spr[SPR_DSISR] = 0x04000000;
1614 /* eciwx or ecowx */
1615 env->exception_index = POWERPC_EXCP_DSI;
1616 env->error_code = 0;
1617 env->spr[SPR_DAR] = address;
1619 env->spr[SPR_DSISR] = 0x06100000;
1621 env->spr[SPR_DSISR] = 0x04100000;
1624 printf("DSI: invalid exception (%d)\n", ret);
1625 env->exception_index = POWERPC_EXCP_PROGRAM;
1627 POWERPC_EXCP_INVAL | POWERPC_EXCP_INVAL_INVAL;
1628 env->spr[SPR_DAR] = address;
1632 #if defined(TARGET_PPC64)
1634 /* No match in segment table */
1635 if (env->mmu_model == POWERPC_MMU_620) {
1636 env->exception_index = POWERPC_EXCP_DSI;
1637 env->error_code = 0;
1638 env->spr[SPR_DAR] = address;
1639 /* XXX: this might be incorrect */
1641 env->spr[SPR_DSISR] = 0x42000000;
1643 env->spr[SPR_DSISR] = 0x40000000;
1645 env->exception_index = POWERPC_EXCP_DSEG;
1646 env->error_code = 0;
1647 env->spr[SPR_DAR] = address;
1654 printf("%s: set exception to %d %02x\n", __func__,
1655 env->exception, env->error_code);
1663 /*****************************************************************************/
1664 /* BATs management */
1665 #if !defined(FLUSH_ALL_TLBS)
1666 static inline void do_invalidate_BAT(CPUPPCState *env, target_ulong BATu,
1669 target_ulong base, end, page;
1671 base = BATu & ~0x0001FFFF;
1672 end = base + mask + 0x00020000;
1673 LOG_BATS("Flush BAT from " ADDRX " to " ADDRX " (" ADDRX ")\n",
1675 for (page = base; page != end; page += TARGET_PAGE_SIZE)
1676 tlb_flush_page(env, page);
1677 LOG_BATS("Flush done\n");
1681 static inline void dump_store_bat(CPUPPCState *env, char ID, int ul, int nr,
1684 LOG_BATS("Set %cBAT%d%c to " ADDRX " (" ADDRX ")\n",
1685 ID, nr, ul == 0 ? 'u' : 'l', value, env->nip);
1688 void ppc_store_ibatu (CPUPPCState *env, int nr, target_ulong value)
1692 dump_store_bat(env, 'I', 0, nr, value);
1693 if (env->IBAT[0][nr] != value) {
1694 mask = (value << 15) & 0x0FFE0000UL;
1695 #if !defined(FLUSH_ALL_TLBS)
1696 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1698 /* When storing valid upper BAT, mask BEPI and BRPN
1699 * and invalidate all TLBs covered by this BAT
1701 mask = (value << 15) & 0x0FFE0000UL;
1702 env->IBAT[0][nr] = (value & 0x00001FFFUL) |
1703 (value & ~0x0001FFFFUL & ~mask);
1704 env->IBAT[1][nr] = (env->IBAT[1][nr] & 0x0000007B) |
1705 (env->IBAT[1][nr] & ~0x0001FFFF & ~mask);
1706 #if !defined(FLUSH_ALL_TLBS)
1707 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1714 void ppc_store_ibatl (CPUPPCState *env, int nr, target_ulong value)
1716 dump_store_bat(env, 'I', 1, nr, value);
1717 env->IBAT[1][nr] = value;
1720 void ppc_store_dbatu (CPUPPCState *env, int nr, target_ulong value)
1724 dump_store_bat(env, 'D', 0, nr, value);
1725 if (env->DBAT[0][nr] != value) {
1726 /* When storing valid upper BAT, mask BEPI and BRPN
1727 * and invalidate all TLBs covered by this BAT
1729 mask = (value << 15) & 0x0FFE0000UL;
1730 #if !defined(FLUSH_ALL_TLBS)
1731 do_invalidate_BAT(env, env->DBAT[0][nr], mask);
1733 mask = (value << 15) & 0x0FFE0000UL;
1734 env->DBAT[0][nr] = (value & 0x00001FFFUL) |
1735 (value & ~0x0001FFFFUL & ~mask);
1736 env->DBAT[1][nr] = (env->DBAT[1][nr] & 0x0000007B) |
1737 (env->DBAT[1][nr] & ~0x0001FFFF & ~mask);
1738 #if !defined(FLUSH_ALL_TLBS)
1739 do_invalidate_BAT(env, env->DBAT[0][nr], mask);
1746 void ppc_store_dbatl (CPUPPCState *env, int nr, target_ulong value)
1748 dump_store_bat(env, 'D', 1, nr, value);
1749 env->DBAT[1][nr] = value;
1752 void ppc_store_ibatu_601 (CPUPPCState *env, int nr, target_ulong value)
1757 dump_store_bat(env, 'I', 0, nr, value);
1758 if (env->IBAT[0][nr] != value) {
1760 mask = (env->IBAT[1][nr] << 17) & 0x0FFE0000UL;
1761 if (env->IBAT[1][nr] & 0x40) {
1762 /* Invalidate BAT only if it is valid */
1763 #if !defined(FLUSH_ALL_TLBS)
1764 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1769 /* When storing valid upper BAT, mask BEPI and BRPN
1770 * and invalidate all TLBs covered by this BAT
1772 env->IBAT[0][nr] = (value & 0x00001FFFUL) |
1773 (value & ~0x0001FFFFUL & ~mask);
1774 env->DBAT[0][nr] = env->IBAT[0][nr];
1775 if (env->IBAT[1][nr] & 0x40) {
1776 #if !defined(FLUSH_ALL_TLBS)
1777 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1782 #if defined(FLUSH_ALL_TLBS)
1789 void ppc_store_ibatl_601 (CPUPPCState *env, int nr, target_ulong value)
1794 dump_store_bat(env, 'I', 1, nr, value);
1795 if (env->IBAT[1][nr] != value) {
1797 if (env->IBAT[1][nr] & 0x40) {
1798 #if !defined(FLUSH_ALL_TLBS)
1799 mask = (env->IBAT[1][nr] << 17) & 0x0FFE0000UL;
1800 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1806 #if !defined(FLUSH_ALL_TLBS)
1807 mask = (value << 17) & 0x0FFE0000UL;
1808 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1813 env->IBAT[1][nr] = value;
1814 env->DBAT[1][nr] = value;
1815 #if defined(FLUSH_ALL_TLBS)
1822 /*****************************************************************************/
1823 /* TLB management */
1824 void ppc_tlb_invalidate_all (CPUPPCState *env)
1826 switch (env->mmu_model) {
1827 case POWERPC_MMU_SOFT_6xx:
1828 case POWERPC_MMU_SOFT_74xx:
1829 ppc6xx_tlb_invalidate_all(env);
1831 case POWERPC_MMU_SOFT_4xx:
1832 case POWERPC_MMU_SOFT_4xx_Z:
1833 ppc4xx_tlb_invalidate_all(env);
1835 case POWERPC_MMU_REAL:
1836 cpu_abort(env, "No TLB for PowerPC 4xx in real mode\n");
1838 case POWERPC_MMU_MPC8xx:
1840 cpu_abort(env, "MPC8xx MMU model is not implemented\n");
1842 case POWERPC_MMU_BOOKE:
1844 cpu_abort(env, "BookE MMU model is not implemented\n");
1846 case POWERPC_MMU_BOOKE_FSL:
1849 cpu_abort(env, "BookE MMU model is not implemented\n");
1851 case POWERPC_MMU_32B:
1852 case POWERPC_MMU_601:
1853 #if defined(TARGET_PPC64)
1854 case POWERPC_MMU_620:
1855 case POWERPC_MMU_64B:
1856 #endif /* defined(TARGET_PPC64) */
1861 cpu_abort(env, "Unknown MMU model\n");
1866 void ppc_tlb_invalidate_one (CPUPPCState *env, target_ulong addr)
1868 #if !defined(FLUSH_ALL_TLBS)
1869 addr &= TARGET_PAGE_MASK;
1870 switch (env->mmu_model) {
1871 case POWERPC_MMU_SOFT_6xx:
1872 case POWERPC_MMU_SOFT_74xx:
1873 ppc6xx_tlb_invalidate_virt(env, addr, 0);
1874 if (env->id_tlbs == 1)
1875 ppc6xx_tlb_invalidate_virt(env, addr, 1);
1877 case POWERPC_MMU_SOFT_4xx:
1878 case POWERPC_MMU_SOFT_4xx_Z:
1879 ppc4xx_tlb_invalidate_virt(env, addr, env->spr[SPR_40x_PID]);
1881 case POWERPC_MMU_REAL:
1882 cpu_abort(env, "No TLB for PowerPC 4xx in real mode\n");
1884 case POWERPC_MMU_MPC8xx:
1886 cpu_abort(env, "MPC8xx MMU model is not implemented\n");
1888 case POWERPC_MMU_BOOKE:
1890 cpu_abort(env, "BookE MMU model is not implemented\n");
1892 case POWERPC_MMU_BOOKE_FSL:
1894 cpu_abort(env, "BookE FSL MMU model is not implemented\n");
1896 case POWERPC_MMU_32B:
1897 case POWERPC_MMU_601:
1898 /* tlbie invalidate TLBs for all segments */
1899 addr &= ~((target_ulong)-1ULL << 28);
1900 /* XXX: this case should be optimized,
1901 * giving a mask to tlb_flush_page
1903 tlb_flush_page(env, addr | (0x0 << 28));
1904 tlb_flush_page(env, addr | (0x1 << 28));
1905 tlb_flush_page(env, addr | (0x2 << 28));
1906 tlb_flush_page(env, addr | (0x3 << 28));
1907 tlb_flush_page(env, addr | (0x4 << 28));
1908 tlb_flush_page(env, addr | (0x5 << 28));
1909 tlb_flush_page(env, addr | (0x6 << 28));
1910 tlb_flush_page(env, addr | (0x7 << 28));
1911 tlb_flush_page(env, addr | (0x8 << 28));
1912 tlb_flush_page(env, addr | (0x9 << 28));
1913 tlb_flush_page(env, addr | (0xA << 28));
1914 tlb_flush_page(env, addr | (0xB << 28));
1915 tlb_flush_page(env, addr | (0xC << 28));
1916 tlb_flush_page(env, addr | (0xD << 28));
1917 tlb_flush_page(env, addr | (0xE << 28));
1918 tlb_flush_page(env, addr | (0xF << 28));
1920 #if defined(TARGET_PPC64)
1921 case POWERPC_MMU_620:
1922 case POWERPC_MMU_64B:
1923 /* tlbie invalidate TLBs for all segments */
1924 /* XXX: given the fact that there are too many segments to invalidate,
1925 * and we still don't have a tlb_flush_mask(env, n, mask) in Qemu,
1926 * we just invalidate all TLBs
1930 #endif /* defined(TARGET_PPC64) */
1933 cpu_abort(env, "Unknown MMU model\n");
1937 ppc_tlb_invalidate_all(env);
1941 /*****************************************************************************/
1942 /* Special registers manipulation */
1943 #if defined(TARGET_PPC64)
1944 void ppc_store_asr (CPUPPCState *env, target_ulong value)
1946 if (env->asr != value) {
1953 void ppc_store_sdr1 (CPUPPCState *env, target_ulong value)
1955 LOG_MMU("%s: " ADDRX "\n", __func__, value);
1956 if (env->sdr1 != value) {
1957 /* XXX: for PowerPC 64, should check that the HTABSIZE value
1965 #if defined(TARGET_PPC64)
1966 target_ulong ppc_load_sr (CPUPPCState *env, int slb_nr)
1973 void ppc_store_sr (CPUPPCState *env, int srnum, target_ulong value)
1975 LOG_MMU("%s: reg=%d " ADDRX " " ADDRX "\n",
1976 __func__, srnum, value, env->sr[srnum]);
1977 #if defined(TARGET_PPC64)
1978 if (env->mmu_model & POWERPC_MMU_64) {
1979 uint64_t rb = 0, rs = 0;
1982 rb |= ((uint32_t)srnum & 0xf) << 28;
1983 /* Set the valid bit */
1986 rb |= (uint32_t)srnum;
1989 rs |= (value & 0xfffffff) << 12;
1991 rs |= ((value >> 27) & 0xf) << 9;
1993 ppc_store_slb(env, rb, rs);
1996 if (env->sr[srnum] != value) {
1997 env->sr[srnum] = value;
1998 /* Invalidating 256MB of virtual memory in 4kB pages is way longer than
1999 flusing the whole TLB. */
2000 #if !defined(FLUSH_ALL_TLBS) && 0
2002 target_ulong page, end;
2003 /* Invalidate 256 MB of virtual memory */
2004 page = (16 << 20) * srnum;
2005 end = page + (16 << 20);
2006 for (; page != end; page += TARGET_PAGE_SIZE)
2007 tlb_flush_page(env, page);
2014 #endif /* !defined (CONFIG_USER_ONLY) */
2016 /* GDBstub can read and write MSR... */
2017 void ppc_store_msr (CPUPPCState *env, target_ulong value)
2019 hreg_store_msr(env, value, 0);
2022 /*****************************************************************************/
2023 /* Exception processing */
2024 #if defined (CONFIG_USER_ONLY)
2025 void do_interrupt (CPUState *env)
2027 env->exception_index = POWERPC_EXCP_NONE;
2028 env->error_code = 0;
2031 void ppc_hw_interrupt (CPUState *env)
2033 env->exception_index = POWERPC_EXCP_NONE;
2034 env->error_code = 0;
2036 #else /* defined (CONFIG_USER_ONLY) */
2037 static inline void dump_syscall(CPUState *env)
2039 qemu_log_mask(CPU_LOG_INT, "syscall r0=" REGX " r3=" REGX " r4=" REGX
2040 " r5=" REGX " r6=" REGX " nip=" ADDRX "\n",
2041 ppc_dump_gpr(env, 0), ppc_dump_gpr(env, 3), ppc_dump_gpr(env, 4),
2042 ppc_dump_gpr(env, 5), ppc_dump_gpr(env, 6), env->nip);
2045 /* Note that this function should be greatly optimized
2046 * when called with a constant excp, from ppc_hw_interrupt
2048 static inline void powerpc_excp(CPUState *env, int excp_model, int excp)
2050 target_ulong msr, new_msr, vector;
2051 int srr0, srr1, asrr0, asrr1;
2052 int lpes0, lpes1, lev;
2055 /* XXX: find a suitable condition to enable the hypervisor mode */
2056 lpes0 = (env->spr[SPR_LPCR] >> 1) & 1;
2057 lpes1 = (env->spr[SPR_LPCR] >> 2) & 1;
2059 /* Those values ensure we won't enter the hypervisor mode */
2064 qemu_log_mask(CPU_LOG_INT, "Raise exception at " ADDRX " => %08x (%02x)\n",
2065 env->nip, excp, env->error_code);
2072 msr &= ~((target_ulong)0x783F0000);
2074 case POWERPC_EXCP_NONE:
2075 /* Should never happen */
2077 case POWERPC_EXCP_CRITICAL: /* Critical input */
2078 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2079 switch (excp_model) {
2080 case POWERPC_EXCP_40x:
2081 srr0 = SPR_40x_SRR2;
2082 srr1 = SPR_40x_SRR3;
2084 case POWERPC_EXCP_BOOKE:
2085 srr0 = SPR_BOOKE_CSRR0;
2086 srr1 = SPR_BOOKE_CSRR1;
2088 case POWERPC_EXCP_G2:
2094 case POWERPC_EXCP_MCHECK: /* Machine check exception */
2096 /* Machine check exception is not enabled.
2097 * Enter checkstop state.
2099 if (qemu_log_enabled()) {
2100 qemu_log("Machine check while not allowed. "
2101 "Entering checkstop state\n");
2103 fprintf(stderr, "Machine check while not allowed. "
2104 "Entering checkstop state\n");
2107 env->interrupt_request |= CPU_INTERRUPT_EXITTB;
2109 new_msr &= ~((target_ulong)1 << MSR_RI);
2110 new_msr &= ~((target_ulong)1 << MSR_ME);
2112 /* XXX: find a suitable condition to enable the hypervisor mode */
2113 new_msr |= (target_ulong)MSR_HVB;
2115 /* XXX: should also have something loaded in DAR / DSISR */
2116 switch (excp_model) {
2117 case POWERPC_EXCP_40x:
2118 srr0 = SPR_40x_SRR2;
2119 srr1 = SPR_40x_SRR3;
2121 case POWERPC_EXCP_BOOKE:
2122 srr0 = SPR_BOOKE_MCSRR0;
2123 srr1 = SPR_BOOKE_MCSRR1;
2124 asrr0 = SPR_BOOKE_CSRR0;
2125 asrr1 = SPR_BOOKE_CSRR1;
2131 case POWERPC_EXCP_DSI: /* Data storage exception */
2132 LOG_EXCP("DSI exception: DSISR=" ADDRX" DAR=" ADDRX "\n",
2133 env->spr[SPR_DSISR], env->spr[SPR_DAR]);
2134 new_msr &= ~((target_ulong)1 << MSR_RI);
2136 new_msr |= (target_ulong)MSR_HVB;
2138 case POWERPC_EXCP_ISI: /* Instruction storage exception */
2139 LOG_EXCP("ISI exception: msr=" ADDRX ", nip=" ADDRX "\n",
2141 new_msr &= ~((target_ulong)1 << MSR_RI);
2143 new_msr |= (target_ulong)MSR_HVB;
2144 msr |= env->error_code;
2146 case POWERPC_EXCP_EXTERNAL: /* External input */
2147 new_msr &= ~((target_ulong)1 << MSR_RI);
2149 new_msr |= (target_ulong)MSR_HVB;
2151 case POWERPC_EXCP_ALIGN: /* Alignment exception */
2152 new_msr &= ~((target_ulong)1 << MSR_RI);
2154 new_msr |= (target_ulong)MSR_HVB;
2155 /* XXX: this is false */
2156 /* Get rS/rD and rA from faulting opcode */
2157 env->spr[SPR_DSISR] |= (ldl_code((env->nip - 4)) & 0x03FF0000) >> 16;
2159 case POWERPC_EXCP_PROGRAM: /* Program exception */
2160 switch (env->error_code & ~0xF) {
2161 case POWERPC_EXCP_FP:
2162 if ((msr_fe0 == 0 && msr_fe1 == 0) || msr_fp == 0) {
2163 LOG_EXCP("Ignore floating point exception\n");
2164 env->exception_index = POWERPC_EXCP_NONE;
2165 env->error_code = 0;
2168 new_msr &= ~((target_ulong)1 << MSR_RI);
2170 new_msr |= (target_ulong)MSR_HVB;
2172 if (msr_fe0 == msr_fe1)
2176 case POWERPC_EXCP_INVAL:
2177 LOG_EXCP("Invalid instruction at " ADDRX "\n",
2179 new_msr &= ~((target_ulong)1 << MSR_RI);
2181 new_msr |= (target_ulong)MSR_HVB;
2184 case POWERPC_EXCP_PRIV:
2185 new_msr &= ~((target_ulong)1 << MSR_RI);
2187 new_msr |= (target_ulong)MSR_HVB;
2190 case POWERPC_EXCP_TRAP:
2191 new_msr &= ~((target_ulong)1 << MSR_RI);
2193 new_msr |= (target_ulong)MSR_HVB;
2197 /* Should never occur */
2198 cpu_abort(env, "Invalid program exception %d. Aborting\n",
2203 case POWERPC_EXCP_FPU: /* Floating-point unavailable exception */
2204 new_msr &= ~((target_ulong)1 << MSR_RI);
2206 new_msr |= (target_ulong)MSR_HVB;
2208 case POWERPC_EXCP_SYSCALL: /* System call exception */
2209 /* NOTE: this is a temporary hack to support graphics OSI
2210 calls from the MOL driver */
2211 /* XXX: To be removed */
2212 if (env->gpr[3] == 0x113724fa && env->gpr[4] == 0x77810f9b &&
2214 if (env->osi_call(env) != 0) {
2215 env->exception_index = POWERPC_EXCP_NONE;
2216 env->error_code = 0;
2221 new_msr &= ~((target_ulong)1 << MSR_RI);
2222 lev = env->error_code;
2223 if (lev == 1 || (lpes0 == 0 && lpes1 == 0))
2224 new_msr |= (target_ulong)MSR_HVB;
2226 case POWERPC_EXCP_APU: /* Auxiliary processor unavailable */
2227 new_msr &= ~((target_ulong)1 << MSR_RI);
2229 case POWERPC_EXCP_DECR: /* Decrementer exception */
2230 new_msr &= ~((target_ulong)1 << MSR_RI);
2232 new_msr |= (target_ulong)MSR_HVB;
2234 case POWERPC_EXCP_FIT: /* Fixed-interval timer interrupt */
2236 LOG_EXCP("FIT exception\n");
2237 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2239 case POWERPC_EXCP_WDT: /* Watchdog timer interrupt */
2240 LOG_EXCP("WDT exception\n");
2241 switch (excp_model) {
2242 case POWERPC_EXCP_BOOKE:
2243 srr0 = SPR_BOOKE_CSRR0;
2244 srr1 = SPR_BOOKE_CSRR1;
2249 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2251 case POWERPC_EXCP_DTLB: /* Data TLB error */
2252 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2254 case POWERPC_EXCP_ITLB: /* Instruction TLB error */
2255 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2257 case POWERPC_EXCP_DEBUG: /* Debug interrupt */
2258 switch (excp_model) {
2259 case POWERPC_EXCP_BOOKE:
2260 srr0 = SPR_BOOKE_DSRR0;
2261 srr1 = SPR_BOOKE_DSRR1;
2262 asrr0 = SPR_BOOKE_CSRR0;
2263 asrr1 = SPR_BOOKE_CSRR1;
2269 cpu_abort(env, "Debug exception is not implemented yet !\n");
2271 case POWERPC_EXCP_SPEU: /* SPE/embedded floating-point unavailable */
2272 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2274 case POWERPC_EXCP_EFPDI: /* Embedded floating-point data interrupt */
2276 cpu_abort(env, "Embedded floating point data exception "
2277 "is not implemented yet !\n");
2279 case POWERPC_EXCP_EFPRI: /* Embedded floating-point round interrupt */
2281 cpu_abort(env, "Embedded floating point round exception "
2282 "is not implemented yet !\n");
2284 case POWERPC_EXCP_EPERFM: /* Embedded performance monitor interrupt */
2285 new_msr &= ~((target_ulong)1 << MSR_RI);
2288 "Performance counter exception is not implemented yet !\n");
2290 case POWERPC_EXCP_DOORI: /* Embedded doorbell interrupt */
2293 "Embedded doorbell interrupt is not implemented yet !\n");
2295 case POWERPC_EXCP_DOORCI: /* Embedded doorbell critical interrupt */
2296 switch (excp_model) {
2297 case POWERPC_EXCP_BOOKE:
2298 srr0 = SPR_BOOKE_CSRR0;
2299 srr1 = SPR_BOOKE_CSRR1;
2305 cpu_abort(env, "Embedded doorbell critical interrupt "
2306 "is not implemented yet !\n");
2308 case POWERPC_EXCP_RESET: /* System reset exception */
2309 new_msr &= ~((target_ulong)1 << MSR_RI);
2311 /* XXX: find a suitable condition to enable the hypervisor mode */
2312 new_msr |= (target_ulong)MSR_HVB;
2315 case POWERPC_EXCP_DSEG: /* Data segment exception */
2316 new_msr &= ~((target_ulong)1 << MSR_RI);
2318 new_msr |= (target_ulong)MSR_HVB;
2320 case POWERPC_EXCP_ISEG: /* Instruction segment exception */
2321 new_msr &= ~((target_ulong)1 << MSR_RI);
2323 new_msr |= (target_ulong)MSR_HVB;
2325 case POWERPC_EXCP_HDECR: /* Hypervisor decrementer exception */
2328 new_msr |= (target_ulong)MSR_HVB;
2330 case POWERPC_EXCP_TRACE: /* Trace exception */
2331 new_msr &= ~((target_ulong)1 << MSR_RI);
2333 new_msr |= (target_ulong)MSR_HVB;
2335 case POWERPC_EXCP_HDSI: /* Hypervisor data storage exception */
2338 new_msr |= (target_ulong)MSR_HVB;
2340 case POWERPC_EXCP_HISI: /* Hypervisor instruction storage exception */
2343 new_msr |= (target_ulong)MSR_HVB;
2345 case POWERPC_EXCP_HDSEG: /* Hypervisor data segment exception */
2348 new_msr |= (target_ulong)MSR_HVB;
2350 case POWERPC_EXCP_HISEG: /* Hypervisor instruction segment exception */
2353 new_msr |= (target_ulong)MSR_HVB;
2355 case POWERPC_EXCP_VPU: /* Vector unavailable exception */
2356 new_msr &= ~((target_ulong)1 << MSR_RI);
2358 new_msr |= (target_ulong)MSR_HVB;
2360 case POWERPC_EXCP_PIT: /* Programmable interval timer interrupt */
2361 LOG_EXCP("PIT exception\n");
2362 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2364 case POWERPC_EXCP_IO: /* IO error exception */
2366 cpu_abort(env, "601 IO error exception is not implemented yet !\n");
2368 case POWERPC_EXCP_RUNM: /* Run mode exception */
2370 cpu_abort(env, "601 run mode exception is not implemented yet !\n");
2372 case POWERPC_EXCP_EMUL: /* Emulation trap exception */
2374 cpu_abort(env, "602 emulation trap exception "
2375 "is not implemented yet !\n");
2377 case POWERPC_EXCP_IFTLB: /* Instruction fetch TLB error */
2378 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2379 if (lpes1 == 0) /* XXX: check this */
2380 new_msr |= (target_ulong)MSR_HVB;
2381 switch (excp_model) {
2382 case POWERPC_EXCP_602:
2383 case POWERPC_EXCP_603:
2384 case POWERPC_EXCP_603E:
2385 case POWERPC_EXCP_G2:
2387 case POWERPC_EXCP_7x5:
2389 case POWERPC_EXCP_74xx:
2392 cpu_abort(env, "Invalid instruction TLB miss exception\n");
2396 case POWERPC_EXCP_DLTLB: /* Data load TLB miss */
2397 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2398 if (lpes1 == 0) /* XXX: check this */
2399 new_msr |= (target_ulong)MSR_HVB;
2400 switch (excp_model) {
2401 case POWERPC_EXCP_602:
2402 case POWERPC_EXCP_603:
2403 case POWERPC_EXCP_603E:
2404 case POWERPC_EXCP_G2:
2406 case POWERPC_EXCP_7x5:
2408 case POWERPC_EXCP_74xx:
2411 cpu_abort(env, "Invalid data load TLB miss exception\n");
2415 case POWERPC_EXCP_DSTLB: /* Data store TLB miss */
2416 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2417 if (lpes1 == 0) /* XXX: check this */
2418 new_msr |= (target_ulong)MSR_HVB;
2419 switch (excp_model) {
2420 case POWERPC_EXCP_602:
2421 case POWERPC_EXCP_603:
2422 case POWERPC_EXCP_603E:
2423 case POWERPC_EXCP_G2:
2425 /* Swap temporary saved registers with GPRs */
2426 if (!(new_msr & ((target_ulong)1 << MSR_TGPR))) {
2427 new_msr |= (target_ulong)1 << MSR_TGPR;
2428 hreg_swap_gpr_tgpr(env);
2431 case POWERPC_EXCP_7x5:
2433 #if defined (DEBUG_SOFTWARE_TLB)
2434 if (qemu_log_enabled()) {
2436 target_ulong *miss, *cmp;
2438 if (excp == POWERPC_EXCP_IFTLB) {
2441 miss = &env->spr[SPR_IMISS];
2442 cmp = &env->spr[SPR_ICMP];
2444 if (excp == POWERPC_EXCP_DLTLB)
2449 miss = &env->spr[SPR_DMISS];
2450 cmp = &env->spr[SPR_DCMP];
2452 qemu_log("6xx %sTLB miss: %cM " ADDRX " %cC " ADDRX
2453 " H1 " ADDRX " H2 " ADDRX " %08x\n",
2454 es, en, *miss, en, *cmp,
2455 env->spr[SPR_HASH1], env->spr[SPR_HASH2],
2459 msr |= env->crf[0] << 28;
2460 msr |= env->error_code; /* key, D/I, S/L bits */
2461 /* Set way using a LRU mechanism */
2462 msr |= ((env->last_way + 1) & (env->nb_ways - 1)) << 17;
2464 case POWERPC_EXCP_74xx:
2466 #if defined (DEBUG_SOFTWARE_TLB)
2467 if (qemu_log_enabled()) {
2469 target_ulong *miss, *cmp;
2471 if (excp == POWERPC_EXCP_IFTLB) {
2474 miss = &env->spr[SPR_TLBMISS];
2475 cmp = &env->spr[SPR_PTEHI];
2477 if (excp == POWERPC_EXCP_DLTLB)
2482 miss = &env->spr[SPR_TLBMISS];
2483 cmp = &env->spr[SPR_PTEHI];
2485 qemu_log("74xx %sTLB miss: %cM " ADDRX " %cC " ADDRX
2487 es, en, *miss, en, *cmp, env->error_code);
2490 msr |= env->error_code; /* key bit */
2493 cpu_abort(env, "Invalid data store TLB miss exception\n");
2497 case POWERPC_EXCP_FPA: /* Floating-point assist exception */
2499 cpu_abort(env, "Floating point assist exception "
2500 "is not implemented yet !\n");
2502 case POWERPC_EXCP_DABR: /* Data address breakpoint */
2504 cpu_abort(env, "DABR exception is not implemented yet !\n");
2506 case POWERPC_EXCP_IABR: /* Instruction address breakpoint */
2508 cpu_abort(env, "IABR exception is not implemented yet !\n");
2510 case POWERPC_EXCP_SMI: /* System management interrupt */
2512 cpu_abort(env, "SMI exception is not implemented yet !\n");
2514 case POWERPC_EXCP_THERM: /* Thermal interrupt */
2516 cpu_abort(env, "Thermal management exception "
2517 "is not implemented yet !\n");
2519 case POWERPC_EXCP_PERFM: /* Embedded performance monitor interrupt */
2520 new_msr &= ~((target_ulong)1 << MSR_RI);
2522 new_msr |= (target_ulong)MSR_HVB;
2525 "Performance counter exception is not implemented yet !\n");
2527 case POWERPC_EXCP_VPUA: /* Vector assist exception */
2529 cpu_abort(env, "VPU assist exception is not implemented yet !\n");
2531 case POWERPC_EXCP_SOFTP: /* Soft patch exception */
2534 "970 soft-patch exception is not implemented yet !\n");
2536 case POWERPC_EXCP_MAINT: /* Maintenance exception */
2539 "970 maintenance exception is not implemented yet !\n");
2541 case POWERPC_EXCP_MEXTBR: /* Maskable external breakpoint */
2543 cpu_abort(env, "Maskable external exception "
2544 "is not implemented yet !\n");
2546 case POWERPC_EXCP_NMEXTBR: /* Non maskable external breakpoint */
2548 cpu_abort(env, "Non maskable external exception "
2549 "is not implemented yet !\n");
2553 cpu_abort(env, "Invalid PowerPC exception %d. Aborting\n", excp);
2556 /* save current instruction location */
2557 env->spr[srr0] = env->nip - 4;
2560 /* save next instruction location */
2561 env->spr[srr0] = env->nip;
2565 env->spr[srr1] = msr;
2566 /* If any alternate SRR register are defined, duplicate saved values */
2568 env->spr[asrr0] = env->spr[srr0];
2570 env->spr[asrr1] = env->spr[srr1];
2571 /* If we disactivated any translation, flush TLBs */
2572 if (new_msr & ((1 << MSR_IR) | (1 << MSR_DR)))
2574 /* reload MSR with correct bits */
2575 new_msr &= ~((target_ulong)1 << MSR_EE);
2576 new_msr &= ~((target_ulong)1 << MSR_PR);
2577 new_msr &= ~((target_ulong)1 << MSR_FP);
2578 new_msr &= ~((target_ulong)1 << MSR_FE0);
2579 new_msr &= ~((target_ulong)1 << MSR_SE);
2580 new_msr &= ~((target_ulong)1 << MSR_BE);
2581 new_msr &= ~((target_ulong)1 << MSR_FE1);
2582 new_msr &= ~((target_ulong)1 << MSR_IR);
2583 new_msr &= ~((target_ulong)1 << MSR_DR);
2584 #if 0 /* Fix this: not on all targets */
2585 new_msr &= ~((target_ulong)1 << MSR_PMM);
2587 new_msr &= ~((target_ulong)1 << MSR_LE);
2589 new_msr |= (target_ulong)1 << MSR_LE;
2591 new_msr &= ~((target_ulong)1 << MSR_LE);
2592 /* Jump to handler */
2593 vector = env->excp_vectors[excp];
2594 if (vector == (target_ulong)-1ULL) {
2595 cpu_abort(env, "Raised an exception without defined vector %d\n",
2598 vector |= env->excp_prefix;
2599 #if defined(TARGET_PPC64)
2600 if (excp_model == POWERPC_EXCP_BOOKE) {
2602 new_msr &= ~((target_ulong)1 << MSR_CM);
2603 vector = (uint32_t)vector;
2605 new_msr |= (target_ulong)1 << MSR_CM;
2608 if (!msr_isf && !(env->mmu_model & POWERPC_MMU_64)) {
2609 new_msr &= ~((target_ulong)1 << MSR_SF);
2610 vector = (uint32_t)vector;
2612 new_msr |= (target_ulong)1 << MSR_SF;
2616 /* XXX: we don't use hreg_store_msr here as already have treated
2617 * any special case that could occur. Just store MSR and update hflags
2619 env->msr = new_msr & env->msr_mask;
2620 hreg_compute_hflags(env);
2622 /* Reset exception state */
2623 env->exception_index = POWERPC_EXCP_NONE;
2624 env->error_code = 0;
2627 void do_interrupt (CPUState *env)
2629 powerpc_excp(env, env->excp_model, env->exception_index);
2632 void ppc_hw_interrupt (CPUPPCState *env)
2637 qemu_log_mask(CPU_LOG_INT, "%s: %p pending %08x req %08x me %d ee %d\n",
2638 __func__, env, env->pending_interrupts,
2639 env->interrupt_request, (int)msr_me, (int)msr_ee);
2641 /* External reset */
2642 if (env->pending_interrupts & (1 << PPC_INTERRUPT_RESET)) {
2643 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_RESET);
2644 powerpc_excp(env, env->excp_model, POWERPC_EXCP_RESET);
2647 /* Machine check exception */
2648 if (env->pending_interrupts & (1 << PPC_INTERRUPT_MCK)) {
2649 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_MCK);
2650 powerpc_excp(env, env->excp_model, POWERPC_EXCP_MCHECK);
2654 /* External debug exception */
2655 if (env->pending_interrupts & (1 << PPC_INTERRUPT_DEBUG)) {
2656 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_DEBUG);
2657 powerpc_excp(env, env->excp_model, POWERPC_EXCP_DEBUG);
2662 /* XXX: find a suitable condition to enable the hypervisor mode */
2663 hdice = env->spr[SPR_LPCR] & 1;
2667 if ((msr_ee != 0 || msr_hv == 0 || msr_pr != 0) && hdice != 0) {
2668 /* Hypervisor decrementer exception */
2669 if (env->pending_interrupts & (1 << PPC_INTERRUPT_HDECR)) {
2670 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_HDECR);
2671 powerpc_excp(env, env->excp_model, POWERPC_EXCP_HDECR);
2676 /* External critical interrupt */
2677 if (env->pending_interrupts & (1 << PPC_INTERRUPT_CEXT)) {
2678 /* Taking a critical external interrupt does not clear the external
2679 * critical interrupt status
2682 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_CEXT);
2684 powerpc_excp(env, env->excp_model, POWERPC_EXCP_CRITICAL);
2689 /* Watchdog timer on embedded PowerPC */
2690 if (env->pending_interrupts & (1 << PPC_INTERRUPT_WDT)) {
2691 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_WDT);
2692 powerpc_excp(env, env->excp_model, POWERPC_EXCP_WDT);
2695 if (env->pending_interrupts & (1 << PPC_INTERRUPT_CDOORBELL)) {
2696 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_CDOORBELL);
2697 powerpc_excp(env, env->excp_model, POWERPC_EXCP_DOORCI);
2700 /* Fixed interval timer on embedded PowerPC */
2701 if (env->pending_interrupts & (1 << PPC_INTERRUPT_FIT)) {
2702 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_FIT);
2703 powerpc_excp(env, env->excp_model, POWERPC_EXCP_FIT);
2706 /* Programmable interval timer on embedded PowerPC */
2707 if (env->pending_interrupts & (1 << PPC_INTERRUPT_PIT)) {
2708 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_PIT);
2709 powerpc_excp(env, env->excp_model, POWERPC_EXCP_PIT);
2712 /* Decrementer exception */
2713 if (env->pending_interrupts & (1 << PPC_INTERRUPT_DECR)) {
2714 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_DECR);
2715 powerpc_excp(env, env->excp_model, POWERPC_EXCP_DECR);
2718 /* External interrupt */
2719 if (env->pending_interrupts & (1 << PPC_INTERRUPT_EXT)) {
2720 /* Taking an external interrupt does not clear the external
2724 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_EXT);
2726 powerpc_excp(env, env->excp_model, POWERPC_EXCP_EXTERNAL);
2729 if (env->pending_interrupts & (1 << PPC_INTERRUPT_DOORBELL)) {
2730 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_DOORBELL);
2731 powerpc_excp(env, env->excp_model, POWERPC_EXCP_DOORI);
2734 if (env->pending_interrupts & (1 << PPC_INTERRUPT_PERFM)) {
2735 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_PERFM);
2736 powerpc_excp(env, env->excp_model, POWERPC_EXCP_PERFM);
2739 /* Thermal interrupt */
2740 if (env->pending_interrupts & (1 << PPC_INTERRUPT_THERM)) {
2741 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_THERM);
2742 powerpc_excp(env, env->excp_model, POWERPC_EXCP_THERM);
2747 #endif /* !CONFIG_USER_ONLY */
2749 void cpu_dump_rfi (target_ulong RA, target_ulong msr)
2751 qemu_log("Return from exception at " ADDRX " with flags " ADDRX "\n",
2755 void cpu_ppc_reset (void *opaque)
2757 CPUPPCState *env = opaque;
2760 if (qemu_loglevel_mask(CPU_LOG_RESET)) {
2761 qemu_log("CPU Reset (CPU %d)\n", env->cpu_index);
2762 log_cpu_state(env, 0);
2765 msr = (target_ulong)0;
2767 /* XXX: find a suitable condition to enable the hypervisor mode */
2768 msr |= (target_ulong)MSR_HVB;
2770 msr |= (target_ulong)0 << MSR_AP; /* TO BE CHECKED */
2771 msr |= (target_ulong)0 << MSR_SA; /* TO BE CHECKED */
2772 msr |= (target_ulong)1 << MSR_EP;
2773 #if defined (DO_SINGLE_STEP) && 0
2774 /* Single step trace mode */
2775 msr |= (target_ulong)1 << MSR_SE;
2776 msr |= (target_ulong)1 << MSR_BE;
2778 #if defined(CONFIG_USER_ONLY)
2779 msr |= (target_ulong)1 << MSR_FP; /* Allow floating point usage */
2780 msr |= (target_ulong)1 << MSR_VR; /* Allow altivec usage */
2781 msr |= (target_ulong)1 << MSR_SPE; /* Allow SPE usage */
2782 msr |= (target_ulong)1 << MSR_PR;
2784 env->excp_prefix = env->hreset_excp_prefix;
2785 env->nip = env->hreset_vector | env->excp_prefix;
2786 if (env->mmu_model != POWERPC_MMU_REAL)
2787 ppc_tlb_invalidate_all(env);
2789 env->msr = msr & env->msr_mask;
2790 #if defined(TARGET_PPC64)
2791 if (env->mmu_model & POWERPC_MMU_64)
2792 env->msr |= (1ULL << MSR_SF);
2794 hreg_compute_hflags(env);
2795 env->reserve_addr = (target_ulong)-1ULL;
2796 /* Be sure no exception or interrupt is pending */
2797 env->pending_interrupts = 0;
2798 env->exception_index = POWERPC_EXCP_NONE;
2799 env->error_code = 0;
2800 /* Flush all TLBs */
2804 CPUPPCState *cpu_ppc_init (const char *cpu_model)
2807 const ppc_def_t *def;
2809 def = cpu_ppc_find_by_name(cpu_model);
2813 env = qemu_mallocz(sizeof(CPUPPCState));
2815 ppc_translate_init();
2816 env->cpu_model_str = cpu_model;
2817 cpu_ppc_register_internal(env, def);
2820 qemu_init_vcpu(env);
2825 void cpu_ppc_close (CPUPPCState *env)
2827 /* Should also remove all opcode tables... */
projects / qemu / blob