2 * PowerPC emulation helpers for qemu.
4 * Copyright (c) 2003-2007 Jocelyn Mayer
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
33 //#define DEBUG_SOFTWARE_TLB
34 //#define DEBUG_EXCEPTIONS
35 //#define FLUSH_ALL_TLBS
37 /*****************************************************************************/
38 /* PowerPC MMU emulation */
40 #if defined(CONFIG_USER_ONLY)
41 int cpu_ppc_handle_mmu_fault (CPUState *env, uint32_t address, int rw,
42 int is_user, int is_softmmu)
44 int exception, error_code;
53 error_code |= 0x02000000;
54 env->spr[SPR_DAR] = address;
55 env->spr[SPR_DSISR] = error_code;
57 env->exception_index = exception;
58 env->error_code = error_code;
63 target_ulong cpu_get_phys_page_debug (CPUState *env, target_ulong addr)
68 /* Common routines used by software and hardware TLBs emulation */
69 static inline int pte_is_valid (target_ulong pte0)
71 return pte0 & 0x80000000 ? 1 : 0;
74 static inline void pte_invalidate (target_ulong *pte0)
79 #define PTE_PTEM_MASK 0x7FFFFFBF
80 #define PTE_CHECK_MASK (TARGET_PAGE_MASK | 0x7B)
82 static int pte_check (mmu_ctx_t *ctx,
83 target_ulong pte0, target_ulong pte1, int h, int rw)
89 /* Check validity and table match */
90 if (pte_is_valid(pte0) && (h == ((pte0 >> 6) & 1))) {
91 /* Check vsid & api */
92 if ((pte0 & PTE_PTEM_MASK) == ctx->ptem) {
93 if (ctx->raddr != (target_ulong)-1) {
94 /* all matches should have equal RPN, WIMG & PP */
95 if ((ctx->raddr & PTE_CHECK_MASK) != (pte1 & PTE_CHECK_MASK)) {
97 fprintf(logfile, "Bad RPN/WIMG/PP\n");
101 /* Compute access rights */
104 if ((pte1 & 0x00000003) != 0x3)
105 access |= PAGE_WRITE;
107 switch (pte1 & 0x00000003) {
116 access = PAGE_READ | PAGE_WRITE;
120 /* Keep the matching PTE informations */
123 if ((rw == 0 && (access & PAGE_READ)) ||
124 (rw == 1 && (access & PAGE_WRITE))) {
126 #if defined (DEBUG_MMU)
128 fprintf(logfile, "PTE access granted !\n");
132 /* Access right violation */
133 #if defined (DEBUG_MMU)
135 fprintf(logfile, "PTE access rejected\n");
145 static int pte_update_flags (mmu_ctx_t *ctx, target_ulong *pte1p,
150 /* Update page flags */
151 if (!(*pte1p & 0x00000100)) {
152 /* Update accessed flag */
153 *pte1p |= 0x00000100;
156 if (!(*pte1p & 0x00000080)) {
157 if (rw == 1 && ret == 0) {
158 /* Update changed flag */
159 *pte1p |= 0x00000080;
162 /* Force page fault for first write access */
163 ctx->prot &= ~PAGE_WRITE;
170 /* Software driven TLB helpers */
171 static int ppc6xx_tlb_getnum (CPUState *env, target_ulong eaddr,
172 int way, int is_code)
176 /* Select TLB num in a way from address */
177 nr = (eaddr >> TARGET_PAGE_BITS) & (env->tlb_per_way - 1);
179 nr += env->tlb_per_way * way;
180 /* 6xx have separate TLBs for instructions and data */
181 if (is_code && env->id_tlbs == 1)
187 void ppc6xx_tlb_invalidate_all (CPUState *env)
192 #if defined (DEBUG_SOFTWARE_TLB) && 0
194 fprintf(logfile, "Invalidate all TLBs\n");
197 /* Invalidate all defined software TLB */
199 if (env->id_tlbs == 1)
201 for (nr = 0; nr < max; nr++) {
203 #if !defined(FLUSH_ALL_TLBS)
204 tlb_flush_page(env, tlb->EPN);
206 pte_invalidate(&tlb->pte0);
208 #if defined(FLUSH_ALL_TLBS)
213 static inline void __ppc6xx_tlb_invalidate_virt (CPUState *env,
215 int is_code, int match_epn)
220 #if !defined(FLUSH_ALL_TLBS)
221 /* Invalidate ITLB + DTLB, all ways */
222 for (way = 0; way < env->nb_ways; way++) {
223 nr = ppc6xx_tlb_getnum(env, eaddr, way, is_code);
225 if (pte_is_valid(tlb->pte0) && (match_epn == 0 || eaddr == tlb->EPN)) {
226 #if defined (DEBUG_SOFTWARE_TLB)
228 fprintf(logfile, "TLB invalidate %d/%d %08x\n",
229 nr, env->nb_tlb, eaddr);
232 pte_invalidate(&tlb->pte0);
233 tlb_flush_page(env, tlb->EPN);
237 /* XXX: PowerPC specification say this is valid as well */
238 ppc6xx_tlb_invalidate_all(env);
242 void ppc6xx_tlb_invalidate_virt (CPUState *env, target_ulong eaddr,
245 __ppc6xx_tlb_invalidate_virt(env, eaddr, is_code, 0);
248 void ppc6xx_tlb_store (CPUState *env, target_ulong EPN, int way, int is_code,
249 target_ulong pte0, target_ulong pte1)
254 nr = ppc6xx_tlb_getnum(env, EPN, way, is_code);
256 #if defined (DEBUG_SOFTWARE_TLB)
258 fprintf(logfile, "Set TLB %d/%d EPN %08lx PTE0 %08lx PTE1 %08lx\n",
259 nr, env->nb_tlb, (unsigned long)EPN,
260 (unsigned long)pte0, (unsigned long)pte1);
263 /* Invalidate any pending reference in Qemu for this virtual address */
264 __ppc6xx_tlb_invalidate_virt(env, EPN, is_code, 1);
270 /* Store last way for LRU mechanism */
274 static int ppc6xx_tlb_check (CPUState *env, mmu_ctx_t *ctx,
275 target_ulong eaddr, int rw, int access_type)
282 ret = -1; /* No TLB found */
283 for (way = 0; way < env->nb_ways; way++) {
284 nr = ppc6xx_tlb_getnum(env, eaddr, way,
285 access_type == ACCESS_CODE ? 1 : 0);
287 /* This test "emulates" the PTE index match for hardware TLBs */
288 if ((eaddr & TARGET_PAGE_MASK) != tlb->EPN) {
289 #if defined (DEBUG_SOFTWARE_TLB)
291 fprintf(logfile, "TLB %d/%d %s [%08x %08x] <> %08x\n",
293 pte_is_valid(tlb->pte0) ? "valid" : "inval",
294 tlb->EPN, tlb->EPN + TARGET_PAGE_SIZE, eaddr);
299 #if defined (DEBUG_SOFTWARE_TLB)
301 fprintf(logfile, "TLB %d/%d %s %08x <> %08x %08x %c %c\n",
303 pte_is_valid(tlb->pte0) ? "valid" : "inval",
304 tlb->EPN, eaddr, tlb->pte1,
305 rw ? 'S' : 'L', access_type == ACCESS_CODE ? 'I' : 'D');
308 switch (pte_check(ctx, tlb->pte0, tlb->pte1, 0, rw)) {
310 /* TLB inconsistency */
313 /* Access violation */
323 /* XXX: we should go on looping to check all TLBs consistency
324 * but we can speed-up the whole thing as the
325 * result would be undefined if TLBs are not consistent.
334 #if defined (DEBUG_SOFTWARE_TLB)
336 fprintf(logfile, "found TLB at addr 0x%08lx prot=0x%01x ret=%d\n",
337 ctx->raddr & TARGET_PAGE_MASK, ctx->prot, ret);
340 /* Update page flags */
341 pte_update_flags(ctx, &env->tlb[best].pte1, ret, rw);
347 /* Perform BAT hit & translation */
348 static int get_bat (CPUState *env, mmu_ctx_t *ctx,
349 target_ulong virtual, int rw, int type)
351 target_ulong *BATlt, *BATut, *BATu, *BATl;
352 target_ulong base, BEPIl, BEPIu, bl;
356 #if defined (DEBUG_BATS)
358 fprintf(logfile, "%s: %cBAT v 0x%08x\n", __func__,
359 type == ACCESS_CODE ? 'I' : 'D', virtual);
364 BATlt = env->IBAT[1];
365 BATut = env->IBAT[0];
368 BATlt = env->DBAT[1];
369 BATut = env->DBAT[0];
372 #if defined (DEBUG_BATS)
374 fprintf(logfile, "%s...: %cBAT v 0x%08x\n", __func__,
375 type == ACCESS_CODE ? 'I' : 'D', virtual);
378 base = virtual & 0xFFFC0000;
379 for (i = 0; i < 4; i++) {
382 BEPIu = *BATu & 0xF0000000;
383 BEPIl = *BATu & 0x0FFE0000;
384 bl = (*BATu & 0x00001FFC) << 15;
385 #if defined (DEBUG_BATS)
387 fprintf(logfile, "%s: %cBAT%d v 0x%08x BATu 0x%08x BATl 0x%08x\n",
388 __func__, type == ACCESS_CODE ? 'I' : 'D', i, virtual,
392 if ((virtual & 0xF0000000) == BEPIu &&
393 ((virtual & 0x0FFE0000) & ~bl) == BEPIl) {
395 if ((msr_pr == 0 && (*BATu & 0x00000002)) ||
396 (msr_pr == 1 && (*BATu & 0x00000001))) {
397 /* Get physical address */
398 ctx->raddr = (*BATl & 0xF0000000) |
399 ((virtual & 0x0FFE0000 & bl) | (*BATl & 0x0FFE0000)) |
400 (virtual & 0x0001F000);
401 if (*BATl & 0x00000001)
402 ctx->prot = PAGE_READ;
403 if (*BATl & 0x00000002)
404 ctx->prot = PAGE_WRITE | PAGE_READ;
405 #if defined (DEBUG_BATS)
407 fprintf(logfile, "BAT %d match: r 0x%08x prot=%c%c\n",
408 i, ctx->raddr, ctx->prot & PAGE_READ ? 'R' : '-',
409 ctx->prot & PAGE_WRITE ? 'W' : '-');
418 #if defined (DEBUG_BATS)
419 printf("no BAT match for 0x%08x:\n", virtual);
420 for (i = 0; i < 4; i++) {
423 BEPIu = *BATu & 0xF0000000;
424 BEPIl = *BATu & 0x0FFE0000;
425 bl = (*BATu & 0x00001FFC) << 15;
426 printf("%s: %cBAT%d v 0x%08x BATu 0x%08x BATl 0x%08x \n\t"
427 "0x%08x 0x%08x 0x%08x\n",
428 __func__, type == ACCESS_CODE ? 'I' : 'D', i, virtual,
429 *BATu, *BATl, BEPIu, BEPIl, bl);
437 /* PTE table lookup */
438 static int find_pte (mmu_ctx_t *ctx, int h, int rw)
440 target_ulong base, pte0, pte1;
444 ret = -1; /* No entry found */
445 base = ctx->pg_addr[h];
446 for (i = 0; i < 8; i++) {
447 pte0 = ldl_phys(base + (i * 8));
448 pte1 = ldl_phys(base + (i * 8) + 4);
449 #if defined (DEBUG_MMU)
451 fprintf(logfile, "Load pte from 0x%08x => 0x%08x 0x%08x "
452 "%d %d %d 0x%08x\n", base + (i * 8), pte0, pte1,
453 pte0 >> 31, h, (pte0 >> 6) & 1, ctx->ptem);
456 switch (pte_check(ctx, pte0, pte1, h, rw)) {
458 /* PTE inconsistency */
461 /* Access violation */
471 /* XXX: we should go on looping to check all PTEs consistency
472 * but if we can speed-up the whole thing as the
473 * result would be undefined if PTEs are not consistent.
482 #if defined (DEBUG_MMU)
484 fprintf(logfile, "found PTE at addr 0x%08x prot=0x%01x ret=%d\n",
485 ctx->raddr, ctx->prot, ret);
488 /* Update page flags */
490 if (pte_update_flags(ctx, &pte1, ret, rw) == 1)
491 stl_phys_notdirty(base + (good * 8) + 4, pte1);
497 static inline target_phys_addr_t get_pgaddr (target_phys_addr_t sdr1,
498 target_phys_addr_t hash,
499 target_phys_addr_t mask)
501 return (sdr1 & 0xFFFF0000) | (hash & mask);
504 /* Perform segment based translation */
505 static int get_segment (CPUState *env, mmu_ctx_t *ctx,
506 target_ulong eaddr, int rw, int type)
508 target_phys_addr_t sdr, hash, mask;
509 target_ulong sr, vsid, pgidx;
512 sr = env->sr[eaddr >> 28];
513 #if defined (DEBUG_MMU)
515 fprintf(logfile, "Check segment v=0x%08x %d 0x%08x nip=0x%08x "
516 "lr=0x%08x ir=%d dr=%d pr=%d %d t=%d\n",
517 eaddr, eaddr >> 28, sr, env->nip,
518 env->lr, msr_ir, msr_dr, msr_pr, rw, type);
521 ctx->key = (((sr & 0x20000000) && msr_pr == 1) ||
522 ((sr & 0x40000000) && msr_pr == 0)) ? 1 : 0;
523 if ((sr & 0x80000000) == 0) {
524 #if defined (DEBUG_MMU)
526 fprintf(logfile, "pte segment: key=%d n=0x%08x\n",
527 ctx->key, sr & 0x10000000);
529 /* Check if instruction fetch is allowed, if needed */
530 if (type != ACCESS_CODE || (sr & 0x10000000) == 0) {
531 /* Page address translation */
532 pgidx = (eaddr >> TARGET_PAGE_BITS) & 0xFFFF;
533 vsid = sr & 0x00FFFFFF;
534 hash = ((vsid ^ pgidx) & 0x0007FFFF) << 6;
535 /* Primary table address */
537 mask = ((sdr & 0x000001FF) << 16) | 0xFFC0;
538 ctx->pg_addr[0] = get_pgaddr(sdr, hash, mask);
539 /* Secondary table address */
540 hash = (~hash) & 0x01FFFFC0;
541 ctx->pg_addr[1] = get_pgaddr(sdr, hash, mask);
542 ctx->ptem = (vsid << 7) | (pgidx >> 10);
543 /* Initialize real address with an invalid value */
544 ctx->raddr = (target_ulong)-1;
545 if (unlikely(PPC_MMU(env) == PPC_FLAGS_MMU_SOFT_6xx)) {
546 /* Software TLB search */
547 ret = ppc6xx_tlb_check(env, ctx, eaddr, rw, type);
548 } else if (unlikely(PPC_MMU(env) == PPC_FLAGS_MMU_SOFT_4xx)) {
551 #if defined (DEBUG_MMU)
553 fprintf(logfile, "0 sdr1=0x%08x vsid=0x%06x api=0x%04x "
554 "hash=0x%07x pg_addr=0x%08x\n", sdr, vsid, pgidx,
555 hash, ctx->pg_addr[0]);
558 /* Primary table lookup */
559 ret = find_pte(ctx, 0, rw);
561 /* Secondary table lookup */
562 #if defined (DEBUG_MMU)
563 if (eaddr != 0xEFFFFFFF && loglevel > 0) {
565 "1 sdr1=0x%08x vsid=0x%06x api=0x%04x "
566 "hash=0x%05x pg_addr=0x%08x\n", sdr, vsid,
567 pgidx, hash, ctx->pg_addr[1]);
570 ret2 = find_pte(ctx, 1, rw);
576 #if defined (DEBUG_MMU)
578 fprintf(logfile, "No access allowed\n");
583 #if defined (DEBUG_MMU)
585 fprintf(logfile, "direct store...\n");
587 /* Direct-store segment : absolutely *BUGGY* for now */
590 /* Integer load/store : only access allowed */
593 /* No code fetch is allowed in direct-store areas */
596 /* Floating point load/store */
599 /* lwarx, ldarx or srwcx. */
602 /* dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi */
603 /* Should make the instruction do no-op.
604 * As it already do no-op, it's quite easy :-)
613 fprintf(logfile, "ERROR: instruction should not need "
614 "address translation\n");
616 printf("ERROR: instruction should not need "
617 "address translation\n");
620 if ((rw == 1 || ctx->key != 1) && (rw == 0 || ctx->key != 0)) {
631 static int check_physical (CPUState *env, mmu_ctx_t *ctx,
632 target_ulong eaddr, int rw)
637 ctx->prot = PAGE_READ;
639 if (unlikely(msr_pe != 0 && PPC_MMU(env) == PPC_FLAGS_MMU_403)) {
640 /* 403 family add some particular protections,
641 * using PBL/PBU registers for accesses with no translation.
644 /* Check PLB validity */
645 (env->pb[0] < env->pb[1] &&
646 /* and address in plb area */
647 eaddr >= env->pb[0] && eaddr < env->pb[1]) ||
648 (env->pb[2] < env->pb[3] &&
649 eaddr >= env->pb[2] && eaddr < env->pb[3]) ? 1 : 0;
650 if (in_plb ^ msr_px) {
651 /* Access in protected area */
653 /* Access is not allowed */
657 /* Read-write access is allowed */
658 ctx->prot |= PAGE_WRITE;
661 ctx->prot |= PAGE_WRITE;
667 int get_physical_address (CPUState *env, mmu_ctx_t *ctx, target_ulong eaddr,
668 int rw, int access_type, int check_BATs)
673 fprintf(logfile, "%s\n", __func__);
676 if ((access_type == ACCESS_CODE && msr_ir == 0) ||
677 (access_type != ACCESS_CODE && msr_dr == 0)) {
678 /* No address translation */
679 ret = check_physical(env, ctx, eaddr, rw);
681 /* Try to find a BAT */
684 ret = get_bat(env, ctx, eaddr, rw, access_type);
686 /* We didn't match any BAT entry */
687 ret = get_segment(env, ctx, eaddr, rw, access_type);
692 fprintf(logfile, "%s address %08x => %08lx\n",
693 __func__, eaddr, ctx->raddr);
700 target_ulong cpu_get_phys_page_debug (CPUState *env, target_ulong addr)
704 if (unlikely(get_physical_address(env, &ctx, addr, 0, ACCESS_INT, 1) != 0))
707 return ctx.raddr & TARGET_PAGE_MASK;
710 /* Perform address translation */
711 int cpu_ppc_handle_mmu_fault (CPUState *env, uint32_t address, int rw,
712 int is_user, int is_softmmu)
715 int exception = 0, error_code = 0;
722 access_type = ACCESS_CODE;
725 /* XXX: put correct access by using cpu_restore_state()
727 access_type = ACCESS_INT;
728 // access_type = env->access_type;
730 ret = get_physical_address(env, &ctx, address, rw, access_type, 1);
732 ret = tlb_set_page(env, address & TARGET_PAGE_MASK,
733 ctx.raddr & TARGET_PAGE_MASK, ctx.prot,
734 is_user, is_softmmu);
735 } else if (ret < 0) {
736 #if defined (DEBUG_MMU)
738 cpu_dump_state(env, logfile, fprintf, 0);
740 if (access_type == ACCESS_CODE) {
741 exception = EXCP_ISI;
744 /* No matches in page tables or TLB */
745 if (unlikely(PPC_MMU(env) == PPC_FLAGS_MMU_SOFT_6xx)) {
746 exception = EXCP_I_TLBMISS;
747 env->spr[SPR_IMISS] = address;
748 env->spr[SPR_ICMP] = 0x80000000 | ctx.ptem;
749 error_code = 1 << 18;
751 } else if (unlikely(PPC_MMU(env) == PPC_FLAGS_MMU_SOFT_4xx)) {
754 error_code = 0x40000000;
758 /* Access rights violation */
759 error_code = 0x08000000;
762 /* No execute protection violation */
763 error_code = 0x10000000;
766 /* Direct store exception */
767 /* No code fetch is allowed in direct-store areas */
768 error_code = 0x10000000;
771 /* No match in segment table */
772 exception = EXCP_ISEG;
777 exception = EXCP_DSI;
780 /* No matches in page tables or TLB */
781 if (unlikely(PPC_MMU(env) == PPC_FLAGS_MMU_SOFT_6xx)) {
783 exception = EXCP_DS_TLBMISS;
784 error_code = 1 << 16;
786 exception = EXCP_DL_TLBMISS;
789 env->spr[SPR_DMISS] = address;
790 env->spr[SPR_DCMP] = 0x80000000 | ctx.ptem;
792 error_code |= ctx.key << 19;
793 env->spr[SPR_HASH1] = ctx.pg_addr[0];
794 env->spr[SPR_HASH2] = ctx.pg_addr[1];
795 /* Do not alter DAR nor DSISR */
797 } else if (unlikely(PPC_MMU(env) == PPC_FLAGS_MMU_SOFT_4xx)) {
800 error_code = 0x40000000;
804 /* Access rights violation */
805 error_code = 0x08000000;
808 /* Direct store exception */
809 switch (access_type) {
811 /* Floating point load/store */
812 exception = EXCP_ALIGN;
813 error_code = EXCP_ALIGN_FP;
816 /* lwarx, ldarx or srwcx. */
817 error_code = 0x04000000;
821 error_code = 0x04100000;
824 printf("DSI: invalid exception (%d)\n", ret);
825 exception = EXCP_PROGRAM;
826 error_code = EXCP_INVAL | EXCP_INVAL_INVAL;
831 /* No match in segment table */
832 exception = EXCP_DSEG;
836 if (exception == EXCP_DSI && rw == 1)
837 error_code |= 0x02000000;
838 /* Store fault address */
839 env->spr[SPR_DAR] = address;
840 env->spr[SPR_DSISR] = error_code;
844 printf("%s: set exception to %d %02x\n",
845 __func__, exception, error_code);
847 env->exception_index = exception;
848 env->error_code = error_code;
855 /*****************************************************************************/
856 /* BATs management */
857 #if !defined(FLUSH_ALL_TLBS)
858 static inline void do_invalidate_BAT (CPUPPCState *env,
859 target_ulong BATu, target_ulong mask)
861 target_ulong base, end, page;
863 base = BATu & ~0x0001FFFF;
864 end = base + mask + 0x00020000;
865 #if defined (DEBUG_BATS)
867 fprintf(logfile, "Flush BAT from %08x to %08x (%08x)\n",
871 for (page = base; page != end; page += TARGET_PAGE_SIZE)
872 tlb_flush_page(env, page);
873 #if defined (DEBUG_BATS)
875 fprintf(logfile, "Flush done\n");
880 static inline void dump_store_bat (CPUPPCState *env, char ID, int ul, int nr,
883 #if defined (DEBUG_BATS)
885 fprintf(logfile, "Set %cBAT%d%c to 0x%08lx (0x%08lx)\n",
886 ID, nr, ul == 0 ? 'u' : 'l', (unsigned long)value,
887 (unsigned long)env->nip);
892 target_ulong do_load_ibatu (CPUPPCState *env, int nr)
894 return env->IBAT[0][nr];
897 target_ulong do_load_ibatl (CPUPPCState *env, int nr)
899 return env->IBAT[1][nr];
902 void do_store_ibatu (CPUPPCState *env, int nr, target_ulong value)
906 dump_store_bat(env, 'I', 0, nr, value);
907 if (env->IBAT[0][nr] != value) {
908 mask = (value << 15) & 0x0FFE0000UL;
909 #if !defined(FLUSH_ALL_TLBS)
910 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
912 /* When storing valid upper BAT, mask BEPI and BRPN
913 * and invalidate all TLBs covered by this BAT
915 mask = (value << 15) & 0x0FFE0000UL;
916 env->IBAT[0][nr] = (value & 0x00001FFFUL) |
917 (value & ~0x0001FFFFUL & ~mask);
918 env->IBAT[1][nr] = (env->IBAT[1][nr] & 0x0000007B) |
919 (env->IBAT[1][nr] & ~0x0001FFFF & ~mask);
920 #if !defined(FLUSH_ALL_TLBS)
921 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
928 void do_store_ibatl (CPUPPCState *env, int nr, target_ulong value)
930 dump_store_bat(env, 'I', 1, nr, value);
931 env->IBAT[1][nr] = value;
934 target_ulong do_load_dbatu (CPUPPCState *env, int nr)
936 return env->DBAT[0][nr];
939 target_ulong do_load_dbatl (CPUPPCState *env, int nr)
941 return env->DBAT[1][nr];
944 void do_store_dbatu (CPUPPCState *env, int nr, target_ulong value)
948 dump_store_bat(env, 'D', 0, nr, value);
949 if (env->DBAT[0][nr] != value) {
950 /* When storing valid upper BAT, mask BEPI and BRPN
951 * and invalidate all TLBs covered by this BAT
953 mask = (value << 15) & 0x0FFE0000UL;
954 #if !defined(FLUSH_ALL_TLBS)
955 do_invalidate_BAT(env, env->DBAT[0][nr], mask);
957 mask = (value << 15) & 0x0FFE0000UL;
958 env->DBAT[0][nr] = (value & 0x00001FFFUL) |
959 (value & ~0x0001FFFFUL & ~mask);
960 env->DBAT[1][nr] = (env->DBAT[1][nr] & 0x0000007B) |
961 (env->DBAT[1][nr] & ~0x0001FFFF & ~mask);
962 #if !defined(FLUSH_ALL_TLBS)
963 do_invalidate_BAT(env, env->DBAT[0][nr], mask);
970 void do_store_dbatl (CPUPPCState *env, int nr, target_ulong value)
972 dump_store_bat(env, 'D', 1, nr, value);
973 env->DBAT[1][nr] = value;
976 /*****************************************************************************/
977 /* Special registers manipulation */
978 target_ulong do_load_sdr1 (CPUPPCState *env)
983 void do_store_sdr1 (CPUPPCState *env, target_ulong value)
985 #if defined (DEBUG_MMU)
987 fprintf(logfile, "%s: 0x%08lx\n", __func__, (unsigned long)value);
990 if (env->sdr1 != value) {
996 target_ulong do_load_sr (CPUPPCState *env, int srnum)
998 return env->sr[srnum];
1001 void do_store_sr (CPUPPCState *env, int srnum, target_ulong value)
1003 #if defined (DEBUG_MMU)
1004 if (loglevel != 0) {
1005 fprintf(logfile, "%s: reg=%d 0x%08lx %08lx\n",
1006 __func__, srnum, (unsigned long)value, env->sr[srnum]);
1009 if (env->sr[srnum] != value) {
1010 env->sr[srnum] = value;
1011 #if !defined(FLUSH_ALL_TLBS) && 0
1013 target_ulong page, end;
1014 /* Invalidate 256 MB of virtual memory */
1015 page = (16 << 20) * srnum;
1016 end = page + (16 << 20);
1017 for (; page != end; page += TARGET_PAGE_SIZE)
1018 tlb_flush_page(env, page);
1025 #endif /* !defined (CONFIG_USER_ONLY) */
1027 uint32_t ppc_load_xer (CPUPPCState *env)
1029 return (xer_so << XER_SO) |
1030 (xer_ov << XER_OV) |
1031 (xer_ca << XER_CA) |
1032 (xer_bc << XER_BC) |
1033 (xer_cmp << XER_CMP);
1036 void ppc_store_xer (CPUPPCState *env, uint32_t value)
1038 xer_so = (value >> XER_SO) & 0x01;
1039 xer_ov = (value >> XER_OV) & 0x01;
1040 xer_ca = (value >> XER_CA) & 0x01;
1041 xer_cmp = (value >> XER_CMP) & 0xFF;
1042 xer_bc = (value >> XER_BC) & 0x3F;
1045 /* Swap temporary saved registers with GPRs */
1046 static inline void swap_gpr_tgpr (CPUPPCState *env)
1051 env->gpr[0] = env->tgpr[0];
1054 env->gpr[1] = env->tgpr[1];
1057 env->gpr[2] = env->tgpr[2];
1060 env->gpr[3] = env->tgpr[3];
1064 /* GDBstub can read and write MSR... */
1065 target_ulong do_load_msr (CPUPPCState *env)
1068 #if defined (TARGET_PPC64)
1069 (msr_sf << MSR_SF) |
1070 (msr_isf << MSR_ISF) |
1071 (msr_hv << MSR_HV) |
1073 (msr_ucle << MSR_UCLE) |
1074 (msr_vr << MSR_VR) | /* VR / SPE */
1075 (msr_ap << MSR_AP) |
1076 (msr_sa << MSR_SA) |
1077 (msr_key << MSR_KEY) |
1078 (msr_pow << MSR_POW) | /* POW / WE */
1079 (msr_tlb << MSR_TLB) | /* TLB / TGPE / CE */
1080 (msr_ile << MSR_ILE) |
1081 (msr_ee << MSR_EE) |
1082 (msr_pr << MSR_PR) |
1083 (msr_fp << MSR_FP) |
1084 (msr_me << MSR_ME) |
1085 (msr_fe0 << MSR_FE0) |
1086 (msr_se << MSR_SE) | /* SE / DWE / UBLE */
1087 (msr_be << MSR_BE) | /* BE / DE */
1088 (msr_fe1 << MSR_FE1) |
1089 (msr_al << MSR_AL) |
1090 (msr_ip << MSR_IP) |
1091 (msr_ir << MSR_IR) | /* IR / IS */
1092 (msr_dr << MSR_DR) | /* DR / DS */
1093 (msr_pe << MSR_PE) | /* PE / EP */
1094 (msr_px << MSR_PX) | /* PX / PMM */
1095 (msr_ri << MSR_RI) |
1099 void do_store_msr (CPUPPCState *env, target_ulong value)
1103 value &= env->msr_mask;
1104 if (((value >> MSR_IR) & 1) != msr_ir ||
1105 ((value >> MSR_DR) & 1) != msr_dr) {
1106 /* Flush all tlb when changing translation mode */
1108 env->interrupt_request |= CPU_INTERRUPT_EXITTB;
1111 if (loglevel != 0) {
1112 fprintf(logfile, "%s: T0 %08lx\n", __func__, value);
1115 switch (PPC_EXCP(env)) {
1116 case PPC_FLAGS_EXCP_602:
1117 case PPC_FLAGS_EXCP_603:
1118 if (((value >> MSR_TGPR) & 1) != msr_tgpr) {
1119 /* Swap temporary saved registers with GPRs */
1126 #if defined (TARGET_PPC64)
1127 msr_sf = (value >> MSR_SF) & 1;
1128 msr_isf = (value >> MSR_ISF) & 1;
1129 msr_hv = (value >> MSR_HV) & 1;
1131 msr_ucle = (value >> MSR_UCLE) & 1;
1132 msr_vr = (value >> MSR_VR) & 1; /* VR / SPE */
1133 msr_ap = (value >> MSR_AP) & 1;
1134 msr_sa = (value >> MSR_SA) & 1;
1135 msr_key = (value >> MSR_KEY) & 1;
1136 msr_pow = (value >> MSR_POW) & 1; /* POW / WE */
1137 msr_tlb = (value >> MSR_TLB) & 1; /* TLB / TGPR / CE */
1138 msr_ile = (value >> MSR_ILE) & 1;
1139 msr_ee = (value >> MSR_EE) & 1;
1140 msr_pr = (value >> MSR_PR) & 1;
1141 msr_fp = (value >> MSR_FP) & 1;
1142 msr_me = (value >> MSR_ME) & 1;
1143 msr_fe0 = (value >> MSR_FE0) & 1;
1144 msr_se = (value >> MSR_SE) & 1; /* SE / DWE / UBLE */
1145 msr_be = (value >> MSR_BE) & 1; /* BE / DE */
1146 msr_fe1 = (value >> MSR_FE1) & 1;
1147 msr_al = (value >> MSR_AL) & 1;
1148 msr_ip = (value >> MSR_IP) & 1;
1149 msr_ir = (value >> MSR_IR) & 1; /* IR / IS */
1150 msr_dr = (value >> MSR_DR) & 1; /* DR / DS */
1151 msr_pe = (value >> MSR_PE) & 1; /* PE / EP */
1152 msr_px = (value >> MSR_PX) & 1; /* PX / PMM */
1153 msr_ri = (value >> MSR_RI) & 1;
1154 msr_le = (value >> MSR_LE) & 1;
1155 do_compute_hflags(env);
1158 switch (PPC_EXCP(env)) {
1159 case PPC_FLAGS_EXCP_7x0:
1160 if (msr_pow == 1 && (env->spr[SPR_HID0] & 0x00E00000) != 0)
1167 /* power save: exit cpu loop */
1169 env->exception_index = EXCP_HLT;
1174 void do_compute_hflags (CPUPPCState *env)
1176 /* Compute current hflags */
1177 env->hflags = (msr_pr << MSR_PR) | (msr_le << MSR_LE) |
1178 (msr_fp << MSR_FP) | (msr_fe0 << MSR_FE0) | (msr_fe1 << MSR_FE1) |
1179 (msr_vr << MSR_VR) | (msr_ap << MSR_AP) | (msr_sa << MSR_SA) |
1180 (msr_se << MSR_SE) | (msr_be << MSR_BE);
1181 #if defined (TARGET_PPC64)
1182 env->hflags |= (msr_sf << MSR_SF) | (msr_hv << MSR_HV);
1186 /*****************************************************************************/
1187 /* Exception processing */
1188 #if defined (CONFIG_USER_ONLY)
1189 void do_interrupt (CPUState *env)
1191 env->exception_index = -1;
1193 #else /* defined (CONFIG_USER_ONLY) */
1194 static void dump_syscall(CPUState *env)
1196 fprintf(logfile, "syscall r0=0x%08x r3=0x%08x r4=0x%08x "
1197 "r5=0x%08x r6=0x%08x nip=0x%08x\n",
1198 env->gpr[0], env->gpr[3], env->gpr[4],
1199 env->gpr[5], env->gpr[6], env->nip);
1202 void do_interrupt (CPUState *env)
1204 target_ulong msr, *srr_0, *srr_1;
1207 excp = env->exception_index;
1208 msr = do_load_msr(env);
1209 /* The default is to use SRR0 & SRR1 to save the exception context */
1210 srr_0 = &env->spr[SPR_SRR0];
1211 srr_1 = &env->spr[SPR_SRR1];
1212 #if defined (DEBUG_EXCEPTIONS)
1213 if ((excp == EXCP_PROGRAM || excp == EXCP_DSI) && msr_pr == 1) {
1214 if (loglevel != 0) {
1215 fprintf(logfile, "Raise exception at 0x%08lx => 0x%08x (%02x)\n",
1216 (unsigned long)env->nip, excp, env->error_code);
1217 cpu_dump_state(env, logfile, fprintf, 0);
1221 if (loglevel & CPU_LOG_INT) {
1222 fprintf(logfile, "Raise exception at 0x%08lx => 0x%08x (%02x)\n",
1223 (unsigned long)env->nip, excp, env->error_code);
1226 /* Generate informations in save/restore registers */
1228 /* Generic PowerPC exceptions */
1229 case EXCP_RESET: /* 0x0100 */
1230 if (PPC_EXCP(env) != PPC_FLAGS_EXCP_40x) {
1235 srr_0 = &env->spr[SPR_40x_SRR2];
1236 srr_1 = &env->spr[SPR_40x_SRR3];
1239 case EXCP_MACHINE_CHECK: /* 0x0200 */
1241 cpu_abort(env, "Machine check exception while not allowed\n");
1243 if (unlikely(PPC_EXCP(env) == PPC_FLAGS_EXCP_40x)) {
1244 srr_0 = &env->spr[SPR_40x_SRR2];
1245 srr_1 = &env->spr[SPR_40x_SRR3];
1249 case EXCP_DSI: /* 0x0300 */
1250 /* Store exception cause */
1251 /* data location address has been stored
1252 * when the fault has been detected
1255 #if defined (DEBUG_EXCEPTIONS)
1257 fprintf(logfile, "DSI exception: DSISR=0x%08x, DAR=0x%08x\n",
1258 env->spr[SPR_DSISR], env->spr[SPR_DAR]);
1260 printf("DSI exception: DSISR=0x%08x, DAR=0x%08x\n",
1261 env->spr[SPR_DSISR], env->spr[SPR_DAR]);
1265 case EXCP_ISI: /* 0x0400 */
1266 /* Store exception cause */
1268 msr |= env->error_code;
1269 #if defined (DEBUG_EXCEPTIONS)
1270 if (loglevel != 0) {
1271 fprintf(logfile, "ISI exception: msr=0x%08x, nip=0x%08x\n",
1276 case EXCP_EXTERNAL: /* 0x0500 */
1278 #if defined (DEBUG_EXCEPTIONS)
1280 fprintf(logfile, "Skipping hardware interrupt\n");
1284 env->interrupt_request |= CPU_INTERRUPT_HARD;
1288 case EXCP_ALIGN: /* 0x0600 */
1289 if (likely(PPC_EXCP(env) != PPC_FLAGS_EXCP_601)) {
1290 /* Store exception cause */
1291 /* Get rS/rD and rA from faulting opcode */
1292 env->spr[SPR_DSISR] |=
1293 (ldl_code((env->nip - 4)) & 0x03FF0000) >> 16;
1294 /* data location address has been stored
1295 * when the fault has been detected
1298 /* IO error exception on PowerPC 601 */
1301 "601 IO error exception is not implemented yet !\n");
1304 case EXCP_PROGRAM: /* 0x0700 */
1306 switch (env->error_code & ~0xF) {
1308 if (msr_fe0 == 0 && msr_fe1 == 0) {
1309 #if defined (DEBUG_EXCEPTIONS)
1310 printf("Ignore floating point exception\n");
1316 env->fpscr[7] |= 0x8;
1317 /* Finally, update FEX */
1318 if ((((env->fpscr[7] & 0x3) << 3) | (env->fpscr[6] >> 1)) &
1319 ((env->fpscr[1] << 1) | (env->fpscr[0] >> 3)))
1320 env->fpscr[7] |= 0x4;
1323 // printf("Invalid instruction at 0x%08x\n", env->nip);
1333 /* Should never occur */
1338 case EXCP_NO_FP: /* 0x0800 */
1345 env->interrupt_request |= CPU_INTERRUPT_TIMER;
1350 case EXCP_SYSCALL: /* 0x0C00 */
1351 /* NOTE: this is a temporary hack to support graphics OSI
1352 calls from the MOL driver */
1353 if (env->gpr[3] == 0x113724fa && env->gpr[4] == 0x77810f9b &&
1355 if (env->osi_call(env) != 0)
1358 if (loglevel & CPU_LOG_INT) {
1362 case EXCP_TRACE: /* 0x0D00 */
1364 case EXCP_PERF: /* 0x0F00 */
1367 "Performance counter exception is not implemented yet !\n");
1369 /* 32 bits PowerPC specific exceptions */
1370 case EXCP_FP_ASSIST: /* 0x0E00 */
1372 cpu_abort(env, "Floating point assist exception "
1373 "is not implemented yet !\n");
1375 /* 64 bits PowerPC exceptions */
1376 case EXCP_DSEG: /* 0x0380 */
1378 cpu_abort(env, "Data segment exception is not implemented yet !\n");
1380 case EXCP_ISEG: /* 0x0480 */
1383 "Instruction segment exception is not implemented yet !\n");
1385 case EXCP_HDECR: /* 0x0980 */
1389 env->interrupt_request |= CPU_INTERRUPT_TIMER;
1394 cpu_abort(env, "Hypervisor decrementer exception is not implemented "
1397 /* Implementation specific exceptions */
1399 if (likely(env->spr[SPR_PVR] == CPU_PPC_G2 ||
1400 env->spr[SPR_PVR] == CPU_PPC_G2LE)) {
1401 /* Critical interrupt on G2 */
1403 cpu_abort(env, "G2 critical interrupt is not implemented yet !\n");
1406 cpu_abort(env, "Invalid exception 0x0A00 !\n");
1410 switch (PPC_EXCP(env)) {
1411 case PPC_FLAGS_EXCP_40x:
1412 /* APU unavailable on 405 */
1415 "APU unavailable exception is not implemented yet !\n");
1417 case PPC_FLAGS_EXCP_74xx:
1418 /* Altivec unavailable */
1420 cpu_abort(env, "Altivec unavailable exception "
1421 "is not implemented yet !\n");
1424 cpu_abort(env, "Invalid exception 0x0F20 !\n");
1429 switch (PPC_EXCP(env)) {
1430 case PPC_FLAGS_EXCP_40x:
1433 cpu_abort(env, "40x PIT exception is not implemented yet !\n");
1435 case PPC_FLAGS_EXCP_602:
1436 case PPC_FLAGS_EXCP_603:
1437 /* ITLBMISS on 602/603 */
1439 case PPC_FLAGS_EXCP_7x5:
1440 /* ITLBMISS on 745/755 */
1443 cpu_abort(env, "Invalid exception 0x1000 !\n");
1448 switch (PPC_EXCP(env)) {
1449 case PPC_FLAGS_EXCP_40x:
1452 cpu_abort(env, "40x FIT exception is not implemented yet !\n");
1455 cpu_abort(env, "Invalid exception 0x1010 !\n");
1460 switch (PPC_EXCP(env)) {
1461 case PPC_FLAGS_EXCP_40x:
1462 /* Watchdog on 4xx */
1465 "40x watchdog exception is not implemented yet !\n");
1468 cpu_abort(env, "Invalid exception 0x1020 !\n");
1473 switch (PPC_EXCP(env)) {
1474 case PPC_FLAGS_EXCP_40x:
1475 /* DTLBMISS on 4xx */
1478 "40x DTLBMISS exception is not implemented yet !\n");
1480 case PPC_FLAGS_EXCP_602:
1481 case PPC_FLAGS_EXCP_603:
1482 /* DLTLBMISS on 602/603 */
1484 case PPC_FLAGS_EXCP_7x5:
1485 /* DLTLBMISS on 745/755 */
1488 cpu_abort(env, "Invalid exception 0x1100 !\n");
1493 switch (PPC_EXCP(env)) {
1494 case PPC_FLAGS_EXCP_40x:
1495 /* ITLBMISS on 4xx */
1498 "40x ITLBMISS exception is not implemented yet !\n");
1500 case PPC_FLAGS_EXCP_602:
1501 case PPC_FLAGS_EXCP_603:
1502 /* DSTLBMISS on 602/603 */
1504 /* Swap temporary saved registers with GPRs */
1507 #if defined (DEBUG_SOFTWARE_TLB)
1508 if (loglevel != 0) {
1509 const unsigned char *es;
1510 target_ulong *miss, *cmp;
1512 if (excp == 0x1000) {
1515 miss = &env->spr[SPR_IMISS];
1516 cmp = &env->spr[SPR_ICMP];
1523 miss = &env->spr[SPR_DMISS];
1524 cmp = &env->spr[SPR_DCMP];
1526 fprintf(logfile, "6xx %sTLB miss: %cM %08x %cC %08x "
1527 "H1 %08x H2 %08x %08x\n", es, en, *miss, en, *cmp,
1528 env->spr[SPR_HASH1], env->spr[SPR_HASH2],
1533 case PPC_FLAGS_EXCP_7x5:
1534 /* DSTLBMISS on 745/755 */
1537 msr |= env->crf[0] << 28;
1538 msr |= env->error_code; /* key, D/I, S/L bits */
1539 /* Set way using a LRU mechanism */
1540 msr |= ((env->last_way + 1) & (env->nb_ways - 1)) << 17;
1543 cpu_abort(env, "Invalid exception 0x1200 !\n");
1548 switch (PPC_EXCP(env)) {
1549 case PPC_FLAGS_EXCP_601:
1550 case PPC_FLAGS_EXCP_602:
1551 case PPC_FLAGS_EXCP_603:
1552 case PPC_FLAGS_EXCP_604:
1553 case PPC_FLAGS_EXCP_7x0:
1554 case PPC_FLAGS_EXCP_7x5:
1555 /* IABR on 6xx/7xx */
1557 cpu_abort(env, "IABR exception is not implemented yet !\n");
1560 cpu_abort(env, "Invalid exception 0x1300 !\n");
1565 switch (PPC_EXCP(env)) {
1566 case PPC_FLAGS_EXCP_601:
1567 case PPC_FLAGS_EXCP_602:
1568 case PPC_FLAGS_EXCP_603:
1569 case PPC_FLAGS_EXCP_604:
1570 case PPC_FLAGS_EXCP_7x0:
1571 case PPC_FLAGS_EXCP_7x5:
1572 /* SMI on 6xx/7xx */
1574 cpu_abort(env, "SMI exception is not implemented yet !\n");
1577 cpu_abort(env, "Invalid exception 0x1400 !\n");
1582 switch (PPC_EXCP(env)) {
1583 case PPC_FLAGS_EXCP_602:
1584 /* Watchdog on 602 */
1587 "602 watchdog exception is not implemented yet !\n");
1589 case PPC_FLAGS_EXCP_970:
1590 /* Soft patch exception on 970 */
1593 "970 soft-patch exception is not implemented yet !\n");
1595 case PPC_FLAGS_EXCP_74xx:
1596 /* VPU assist on 74xx */
1598 cpu_abort(env, "VPU assist exception is not implemented yet !\n");
1601 cpu_abort(env, "Invalid exception 0x1500 !\n");
1606 switch (PPC_EXCP(env)) {
1607 case PPC_FLAGS_EXCP_602:
1608 /* Emulation trap on 602 */
1610 cpu_abort(env, "602 emulation trap exception "
1611 "is not implemented yet !\n");
1613 case PPC_FLAGS_EXCP_970:
1614 /* Maintenance exception on 970 */
1617 "970 maintenance exception is not implemented yet !\n");
1620 cpu_abort(env, "Invalid exception 0x1600 !\n");
1625 switch (PPC_EXCP(env)) {
1626 case PPC_FLAGS_EXCP_7x0:
1627 case PPC_FLAGS_EXCP_7x5:
1628 /* Thermal management interrupt on G3 */
1630 cpu_abort(env, "G3 thermal management exception "
1631 "is not implemented yet !\n");
1633 case PPC_FLAGS_EXCP_970:
1634 /* VPU assist on 970 */
1637 "970 VPU assist exception is not implemented yet !\n");
1640 cpu_abort(env, "Invalid exception 0x1700 !\n");
1645 switch (PPC_EXCP(env)) {
1646 case PPC_FLAGS_EXCP_970:
1647 /* Thermal exception on 970 */
1649 cpu_abort(env, "970 thermal management exception "
1650 "is not implemented yet !\n");
1653 cpu_abort(env, "Invalid exception 0x1800 !\n");
1658 switch (PPC_EXCP(env)) {
1659 case PPC_FLAGS_EXCP_40x:
1662 cpu_abort(env, "40x debug exception is not implemented yet !\n");
1664 case PPC_FLAGS_EXCP_601:
1665 /* Run mode exception on 601 */
1668 "601 run mode exception is not implemented yet !\n");
1671 cpu_abort(env, "Invalid exception 0x1800 !\n");
1675 /* Other exceptions */
1676 /* Qemu internal exceptions:
1677 * we should never come here with those values: abort execution
1680 cpu_abort(env, "Invalid exception: code %d (%04x)\n", excp, excp);
1683 /* save current instruction location */
1684 *srr_0 = (env->nip - 4) & 0xFFFFFFFFULL;
1687 /* save next instruction location */
1688 *srr_0 = env->nip & 0xFFFFFFFFULL;
1693 /* If we disactivated any translation, flush TLBs */
1694 if (msr_ir || msr_dr) {
1697 /* reload MSR with correct bits */
1710 do_compute_hflags(env);
1711 /* Jump to handler */
1713 env->exception_index = EXCP_NONE;
1715 #endif /* !CONFIG_USER_ONLY */
projects / qemu / blob