2 * PowerPC emulation helpers for qemu.
4 * Copyright (c) 2003-2007 Jocelyn Mayer
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA
30 #include "helper_regs.h"
31 #include "qemu-common.h"
37 //#define DEBUG_SOFTWARE_TLB
38 //#define DUMP_PAGE_TABLES
39 //#define DEBUG_EXCEPTIONS
40 //#define FLUSH_ALL_TLBS
43 # define LOG_MMU(...) qemu_log(__VA_ARGS__)
44 # define LOG_MMU_STATE(env) log_cpu_state((env), 0)
46 # define LOG_MMU(...) do { } while (0)
47 # define LOG_MMU_STATE(...) do { } while (0)
51 #ifdef DEBUG_SOFTWARE_TLB
52 # define LOG_SWTLB(...) qemu_log(__VA_ARGS__)
54 # define LOG_SWTLB(...) do { } while (0)
58 # define LOG_BATS(...) qemu_log(__VA_ARGS__)
60 # define LOG_BATS(...) do { } while (0)
64 # define LOG_SLB(...) qemu_log(__VA_ARGS__)
66 # define LOG_SLB(...) do { } while (0)
69 #ifdef DEBUG_EXCEPTIONS
70 # define LOG_EXCP(...) qemu_log(__VA_ARGS__)
72 # define LOG_EXCP(...) do { } while (0)
76 /*****************************************************************************/
77 /* PowerPC MMU emulation */
79 #if defined(CONFIG_USER_ONLY)
80 int cpu_ppc_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
81 int mmu_idx, int is_softmmu)
83 int exception, error_code;
86 exception = POWERPC_EXCP_ISI;
87 error_code = 0x40000000;
89 exception = POWERPC_EXCP_DSI;
90 error_code = 0x40000000;
92 error_code |= 0x02000000;
93 env->spr[SPR_DAR] = address;
94 env->spr[SPR_DSISR] = error_code;
96 env->exception_index = exception;
97 env->error_code = error_code;
102 target_phys_addr_t cpu_get_phys_page_debug (CPUState *env, target_ulong addr)
108 /* Common routines used by software and hardware TLBs emulation */
109 static always_inline int pte_is_valid (target_ulong pte0)
111 return pte0 & 0x80000000 ? 1 : 0;
114 static always_inline void pte_invalidate (target_ulong *pte0)
116 *pte0 &= ~0x80000000;
119 #if defined(TARGET_PPC64)
120 static always_inline int pte64_is_valid (target_ulong pte0)
122 return pte0 & 0x0000000000000001ULL ? 1 : 0;
125 static always_inline void pte64_invalidate (target_ulong *pte0)
127 *pte0 &= ~0x0000000000000001ULL;
131 #define PTE_PTEM_MASK 0x7FFFFFBF
132 #define PTE_CHECK_MASK (TARGET_PAGE_MASK | 0x7B)
133 #if defined(TARGET_PPC64)
134 #define PTE64_PTEM_MASK 0xFFFFFFFFFFFFFF80ULL
135 #define PTE64_CHECK_MASK (TARGET_PAGE_MASK | 0x7F)
138 static always_inline int pp_check (int key, int pp, int nx)
142 /* Compute access rights */
143 /* When pp is 3/7, the result is undefined. Set it to noaccess */
150 access |= PAGE_WRITE;
168 access = PAGE_READ | PAGE_WRITE;
178 static always_inline int check_prot (int prot, int rw, int access_type)
182 if (access_type == ACCESS_CODE) {
183 if (prot & PAGE_EXEC)
188 if (prot & PAGE_WRITE)
193 if (prot & PAGE_READ)
202 static always_inline int _pte_check (mmu_ctx_t *ctx, int is_64b,
203 target_ulong pte0, target_ulong pte1,
204 int h, int rw, int type)
206 target_ulong ptem, mmask;
207 int access, ret, pteh, ptev, pp;
211 /* Check validity and table match */
212 #if defined(TARGET_PPC64)
214 ptev = pte64_is_valid(pte0);
215 pteh = (pte0 >> 1) & 1;
219 ptev = pte_is_valid(pte0);
220 pteh = (pte0 >> 6) & 1;
222 if (ptev && h == pteh) {
223 /* Check vsid & api */
224 #if defined(TARGET_PPC64)
226 ptem = pte0 & PTE64_PTEM_MASK;
227 mmask = PTE64_CHECK_MASK;
228 pp = (pte1 & 0x00000003) | ((pte1 >> 61) & 0x00000004);
229 ctx->nx |= (pte1 >> 2) & 1; /* No execute bit */
230 ctx->nx |= (pte1 >> 3) & 1; /* Guarded bit */
234 ptem = pte0 & PTE_PTEM_MASK;
235 mmask = PTE_CHECK_MASK;
236 pp = pte1 & 0x00000003;
238 if (ptem == ctx->ptem) {
239 if (ctx->raddr != (target_phys_addr_t)-1ULL) {
240 /* all matches should have equal RPN, WIMG & PP */
241 if ((ctx->raddr & mmask) != (pte1 & mmask)) {
242 qemu_log("Bad RPN/WIMG/PP\n");
246 /* Compute access rights */
247 access = pp_check(ctx->key, pp, ctx->nx);
248 /* Keep the matching PTE informations */
251 ret = check_prot(ctx->prot, rw, type);
254 LOG_MMU("PTE access granted !\n");
256 /* Access right violation */
257 LOG_MMU("PTE access rejected\n");
265 static always_inline int pte32_check (mmu_ctx_t *ctx,
266 target_ulong pte0, target_ulong pte1,
267 int h, int rw, int type)
269 return _pte_check(ctx, 0, pte0, pte1, h, rw, type);
272 #if defined(TARGET_PPC64)
273 static always_inline int pte64_check (mmu_ctx_t *ctx,
274 target_ulong pte0, target_ulong pte1,
275 int h, int rw, int type)
277 return _pte_check(ctx, 1, pte0, pte1, h, rw, type);
281 static always_inline int pte_update_flags (mmu_ctx_t *ctx, target_ulong *pte1p,
286 /* Update page flags */
287 if (!(*pte1p & 0x00000100)) {
288 /* Update accessed flag */
289 *pte1p |= 0x00000100;
292 if (!(*pte1p & 0x00000080)) {
293 if (rw == 1 && ret == 0) {
294 /* Update changed flag */
295 *pte1p |= 0x00000080;
298 /* Force page fault for first write access */
299 ctx->prot &= ~PAGE_WRITE;
306 /* Software driven TLB helpers */
307 static always_inline int ppc6xx_tlb_getnum (CPUState *env, target_ulong eaddr,
308 int way, int is_code)
312 /* Select TLB num in a way from address */
313 nr = (eaddr >> TARGET_PAGE_BITS) & (env->tlb_per_way - 1);
315 nr += env->tlb_per_way * way;
316 /* 6xx have separate TLBs for instructions and data */
317 if (is_code && env->id_tlbs == 1)
323 static always_inline void ppc6xx_tlb_invalidate_all (CPUState *env)
328 //LOG_SWTLB("Invalidate all TLBs\n");
329 /* Invalidate all defined software TLB */
331 if (env->id_tlbs == 1)
333 for (nr = 0; nr < max; nr++) {
334 tlb = &env->tlb[nr].tlb6;
335 pte_invalidate(&tlb->pte0);
340 static always_inline void __ppc6xx_tlb_invalidate_virt (CPUState *env,
345 #if !defined(FLUSH_ALL_TLBS)
349 /* Invalidate ITLB + DTLB, all ways */
350 for (way = 0; way < env->nb_ways; way++) {
351 nr = ppc6xx_tlb_getnum(env, eaddr, way, is_code);
352 tlb = &env->tlb[nr].tlb6;
353 if (pte_is_valid(tlb->pte0) && (match_epn == 0 || eaddr == tlb->EPN)) {
354 LOG_SWTLB("TLB invalidate %d/%d " ADDRX "\n",
355 nr, env->nb_tlb, eaddr);
356 pte_invalidate(&tlb->pte0);
357 tlb_flush_page(env, tlb->EPN);
361 /* XXX: PowerPC specification say this is valid as well */
362 ppc6xx_tlb_invalidate_all(env);
366 static always_inline void ppc6xx_tlb_invalidate_virt (CPUState *env,
370 __ppc6xx_tlb_invalidate_virt(env, eaddr, is_code, 0);
373 void ppc6xx_tlb_store (CPUState *env, target_ulong EPN, int way, int is_code,
374 target_ulong pte0, target_ulong pte1)
379 nr = ppc6xx_tlb_getnum(env, EPN, way, is_code);
380 tlb = &env->tlb[nr].tlb6;
381 LOG_SWTLB("Set TLB %d/%d EPN " ADDRX " PTE0 " ADDRX
382 " PTE1 " ADDRX "\n", nr, env->nb_tlb, EPN, pte0, pte1);
383 /* Invalidate any pending reference in Qemu for this virtual address */
384 __ppc6xx_tlb_invalidate_virt(env, EPN, is_code, 1);
388 /* Store last way for LRU mechanism */
392 static always_inline int ppc6xx_tlb_check (CPUState *env, mmu_ctx_t *ctx,
393 target_ulong eaddr, int rw,
401 ret = -1; /* No TLB found */
402 for (way = 0; way < env->nb_ways; way++) {
403 nr = ppc6xx_tlb_getnum(env, eaddr, way,
404 access_type == ACCESS_CODE ? 1 : 0);
405 tlb = &env->tlb[nr].tlb6;
406 /* This test "emulates" the PTE index match for hardware TLBs */
407 if ((eaddr & TARGET_PAGE_MASK) != tlb->EPN) {
408 LOG_SWTLB("TLB %d/%d %s [" ADDRX " " ADDRX
411 pte_is_valid(tlb->pte0) ? "valid" : "inval",
412 tlb->EPN, tlb->EPN + TARGET_PAGE_SIZE, eaddr);
415 LOG_SWTLB("TLB %d/%d %s " ADDRX " <> " ADDRX " " ADDRX
418 pte_is_valid(tlb->pte0) ? "valid" : "inval",
419 tlb->EPN, eaddr, tlb->pte1,
420 rw ? 'S' : 'L', access_type == ACCESS_CODE ? 'I' : 'D');
421 switch (pte32_check(ctx, tlb->pte0, tlb->pte1, 0, rw, access_type)) {
423 /* TLB inconsistency */
426 /* Access violation */
436 /* XXX: we should go on looping to check all TLBs consistency
437 * but we can speed-up the whole thing as the
438 * result would be undefined if TLBs are not consistent.
447 LOG_SWTLB("found TLB at addr " PADDRX " prot=%01x ret=%d\n",
448 ctx->raddr & TARGET_PAGE_MASK, ctx->prot, ret);
449 /* Update page flags */
450 pte_update_flags(ctx, &env->tlb[best].tlb6.pte1, ret, rw);
456 /* Perform BAT hit & translation */
457 static always_inline void bat_size_prot (CPUState *env, target_ulong *blp,
458 int *validp, int *protp,
459 target_ulong *BATu, target_ulong *BATl)
464 bl = (*BATu & 0x00001FFC) << 15;
467 if (((msr_pr == 0) && (*BATu & 0x00000002)) ||
468 ((msr_pr != 0) && (*BATu & 0x00000001))) {
470 pp = *BATl & 0x00000003;
472 prot = PAGE_READ | PAGE_EXEC;
482 static always_inline void bat_601_size_prot (CPUState *env,target_ulong *blp,
483 int *validp, int *protp,
488 int key, pp, valid, prot;
490 bl = (*BATl & 0x0000003F) << 17;
491 LOG_BATS("b %02x ==> bl " ADDRX " msk " ADDRX "\n",
492 (uint8_t)(*BATl & 0x0000003F), bl, ~bl);
494 valid = (*BATl >> 6) & 1;
496 pp = *BATu & 0x00000003;
498 key = (*BATu >> 3) & 1;
500 key = (*BATu >> 2) & 1;
501 prot = pp_check(key, pp, 0);
508 static always_inline int get_bat (CPUState *env, mmu_ctx_t *ctx,
509 target_ulong virtual, int rw, int type)
511 target_ulong *BATlt, *BATut, *BATu, *BATl;
512 target_ulong base, BEPIl, BEPIu, bl;
516 LOG_BATS("%s: %cBAT v " ADDRX "\n", __func__,
517 type == ACCESS_CODE ? 'I' : 'D', virtual);
520 BATlt = env->IBAT[1];
521 BATut = env->IBAT[0];
524 BATlt = env->DBAT[1];
525 BATut = env->DBAT[0];
528 base = virtual & 0xFFFC0000;
529 for (i = 0; i < env->nb_BATs; i++) {
532 BEPIu = *BATu & 0xF0000000;
533 BEPIl = *BATu & 0x0FFE0000;
534 if (unlikely(env->mmu_model == POWERPC_MMU_601)) {
535 bat_601_size_prot(env, &bl, &valid, &prot, BATu, BATl);
537 bat_size_prot(env, &bl, &valid, &prot, BATu, BATl);
539 LOG_BATS("%s: %cBAT%d v " ADDRX " BATu " ADDRX
540 " BATl " ADDRX "\n", __func__,
541 type == ACCESS_CODE ? 'I' : 'D', i, virtual, *BATu, *BATl);
542 if ((virtual & 0xF0000000) == BEPIu &&
543 ((virtual & 0x0FFE0000) & ~bl) == BEPIl) {
546 /* Get physical address */
547 ctx->raddr = (*BATl & 0xF0000000) |
548 ((virtual & 0x0FFE0000 & bl) | (*BATl & 0x0FFE0000)) |
549 (virtual & 0x0001F000);
550 /* Compute access rights */
552 ret = check_prot(ctx->prot, rw, type);
554 LOG_BATS("BAT %d match: r " PADDRX " prot=%c%c\n",
555 i, ctx->raddr, ctx->prot & PAGE_READ ? 'R' : '-',
556 ctx->prot & PAGE_WRITE ? 'W' : '-');
562 #if defined(DEBUG_BATS)
564 QEMU_LOG0("no BAT match for " ADDRX ":\n", virtual);
565 for (i = 0; i < 4; i++) {
568 BEPIu = *BATu & 0xF0000000;
569 BEPIl = *BATu & 0x0FFE0000;
570 bl = (*BATu & 0x00001FFC) << 15;
571 QEMU_LOG0("%s: %cBAT%d v " ADDRX " BATu " ADDRX
572 " BATl " ADDRX " \n\t" ADDRX " " ADDRX " " ADDRX "\n",
573 __func__, type == ACCESS_CODE ? 'I' : 'D', i, virtual,
574 *BATu, *BATl, BEPIu, BEPIl, bl);
583 /* PTE table lookup */
584 static always_inline int _find_pte (mmu_ctx_t *ctx, int is_64b, int h,
587 target_ulong base, pte0, pte1;
591 ret = -1; /* No entry found */
592 base = ctx->pg_addr[h];
593 for (i = 0; i < 8; i++) {
594 #if defined(TARGET_PPC64)
596 pte0 = ldq_phys(base + (i * 16));
597 pte1 = ldq_phys(base + (i * 16) + 8);
598 r = pte64_check(ctx, pte0, pte1, h, rw, type);
599 LOG_MMU("Load pte from " ADDRX " => " ADDRX " " ADDRX
600 " %d %d %d " ADDRX "\n",
601 base + (i * 16), pte0, pte1,
602 (int)(pte0 & 1), h, (int)((pte0 >> 1) & 1),
607 pte0 = ldl_phys(base + (i * 8));
608 pte1 = ldl_phys(base + (i * 8) + 4);
609 r = pte32_check(ctx, pte0, pte1, h, rw, type);
610 LOG_MMU("Load pte from " ADDRX " => " ADDRX " " ADDRX
611 " %d %d %d " ADDRX "\n",
612 base + (i * 8), pte0, pte1,
613 (int)(pte0 >> 31), h, (int)((pte0 >> 6) & 1),
618 /* PTE inconsistency */
621 /* Access violation */
631 /* XXX: we should go on looping to check all PTEs consistency
632 * but if we can speed-up the whole thing as the
633 * result would be undefined if PTEs are not consistent.
642 LOG_MMU("found PTE at addr " PADDRX " prot=%01x ret=%d\n",
643 ctx->raddr, ctx->prot, ret);
644 /* Update page flags */
646 if (pte_update_flags(ctx, &pte1, ret, rw) == 1) {
647 #if defined(TARGET_PPC64)
649 stq_phys_notdirty(base + (good * 16) + 8, pte1);
653 stl_phys_notdirty(base + (good * 8) + 4, pte1);
661 static always_inline int find_pte32 (mmu_ctx_t *ctx, int h, int rw, int type)
663 return _find_pte(ctx, 0, h, rw, type);
666 #if defined(TARGET_PPC64)
667 static always_inline int find_pte64 (mmu_ctx_t *ctx, int h, int rw, int type)
669 return _find_pte(ctx, 1, h, rw, type);
673 static always_inline int find_pte (CPUState *env, mmu_ctx_t *ctx,
674 int h, int rw, int type)
676 #if defined(TARGET_PPC64)
677 if (env->mmu_model & POWERPC_MMU_64)
678 return find_pte64(ctx, h, rw, type);
681 return find_pte32(ctx, h, rw, type);
684 #if defined(TARGET_PPC64)
685 static always_inline int slb_is_valid (uint64_t slb64)
687 return slb64 & 0x0000000008000000ULL ? 1 : 0;
690 static always_inline void slb_invalidate (uint64_t *slb64)
692 *slb64 &= ~0x0000000008000000ULL;
695 static always_inline int slb_lookup (CPUPPCState *env, target_ulong eaddr,
697 target_ulong *page_mask, int *attr)
699 target_phys_addr_t sr_base;
706 sr_base = env->spr[SPR_ASR];
707 LOG_SLB("%s: eaddr " ADDRX " base " PADDRX "\n",
708 __func__, eaddr, sr_base);
709 mask = 0x0000000000000000ULL; /* Avoid gcc warning */
710 for (n = 0; n < env->slb_nr; n++) {
711 tmp64 = ldq_phys(sr_base);
712 tmp = ldl_phys(sr_base + 8);
713 LOG_SLB("%s: seg %d " PADDRX " %016" PRIx64 " %08"
714 PRIx32 "\n", __func__, n, sr_base, tmp64, tmp);
715 if (slb_is_valid(tmp64)) {
716 /* SLB entry is valid */
717 switch (tmp64 & 0x0000000006000000ULL) {
718 case 0x0000000000000000ULL:
720 mask = 0xFFFFFFFFF0000000ULL;
722 case 0x0000000002000000ULL:
724 mask = 0xFFFF000000000000ULL;
726 case 0x0000000004000000ULL:
727 case 0x0000000006000000ULL:
728 /* Reserved => segment is invalid */
731 if ((eaddr & mask) == (tmp64 & mask)) {
733 *vsid = ((tmp64 << 24) | (tmp >> 8)) & 0x0003FFFFFFFFFFFFULL;
746 void ppc_slb_invalidate_all (CPUPPCState *env)
748 target_phys_addr_t sr_base;
750 int n, do_invalidate;
753 sr_base = env->spr[SPR_ASR];
754 /* XXX: Warning: slbia never invalidates the first segment */
755 for (n = 1; n < env->slb_nr; n++) {
756 tmp64 = ldq_phys(sr_base);
757 if (slb_is_valid(tmp64)) {
758 slb_invalidate(&tmp64);
759 stq_phys(sr_base, tmp64);
760 /* XXX: given the fact that segment size is 256 MB or 1TB,
761 * and we still don't have a tlb_flush_mask(env, n, mask)
762 * in Qemu, we just invalidate all TLBs
772 void ppc_slb_invalidate_one (CPUPPCState *env, uint64_t T0)
774 target_phys_addr_t sr_base;
775 target_ulong vsid, page_mask;
780 n = slb_lookup(env, T0, &vsid, &page_mask, &attr);
782 sr_base = env->spr[SPR_ASR];
784 tmp64 = ldq_phys(sr_base);
785 if (slb_is_valid(tmp64)) {
786 slb_invalidate(&tmp64);
787 stq_phys(sr_base, tmp64);
788 /* XXX: given the fact that segment size is 256 MB or 1TB,
789 * and we still don't have a tlb_flush_mask(env, n, mask)
790 * in Qemu, we just invalidate all TLBs
797 target_ulong ppc_load_slb (CPUPPCState *env, int slb_nr)
799 target_phys_addr_t sr_base;
804 sr_base = env->spr[SPR_ASR];
805 sr_base += 12 * slb_nr;
806 tmp64 = ldq_phys(sr_base);
807 tmp = ldl_phys(sr_base + 8);
808 if (tmp64 & 0x0000000008000000ULL) {
809 /* SLB entry is valid */
810 /* Copy SLB bits 62:88 to Rt 37:63 (VSID 23:49) */
811 rt = tmp >> 8; /* 65:88 => 40:63 */
812 rt |= (tmp64 & 0x7) << 24; /* 62:64 => 37:39 */
813 /* Copy SLB bits 89:92 to Rt 33:36 (KsKpNL) */
814 rt |= ((tmp >> 4) & 0xF) << 27;
818 LOG_SLB("%s: " PADDRX " %016" PRIx64 " %08" PRIx32 " => %d "
819 ADDRX "\n", __func__, sr_base, tmp64, tmp, slb_nr, rt);
824 void ppc_store_slb (CPUPPCState *env, int slb_nr, target_ulong rs)
826 target_phys_addr_t sr_base;
830 sr_base = env->spr[SPR_ASR];
831 sr_base += 12 * slb_nr;
832 /* Copy Rs bits 37:63 to SLB 62:88 */
834 tmp64 = (rs >> 24) & 0x7;
835 /* Copy Rs bits 33:36 to SLB 89:92 */
836 tmp |= ((rs >> 27) & 0xF) << 4;
837 /* Set the valid bit */
840 tmp64 |= (uint32_t)slb_nr << 28;
841 LOG_SLB("%s: %d " ADDRX " => " PADDRX " %016" PRIx64
842 " %08" PRIx32 "\n", __func__,
843 slb_nr, rs, sr_base, tmp64, tmp);
844 /* Write SLB entry to memory */
845 stq_phys(sr_base, tmp64);
846 stl_phys(sr_base + 8, tmp);
848 #endif /* defined(TARGET_PPC64) */
850 /* Perform segment based translation */
851 static always_inline target_phys_addr_t get_pgaddr (target_phys_addr_t sdr1,
853 target_phys_addr_t hash,
854 target_phys_addr_t mask)
856 return (sdr1 & ((target_phys_addr_t)(-1ULL) << sdr_sh)) | (hash & mask);
859 static always_inline int get_segment (CPUState *env, mmu_ctx_t *ctx,
860 target_ulong eaddr, int rw, int type)
862 target_phys_addr_t sdr, hash, mask, sdr_mask, htab_mask;
863 target_ulong sr, vsid, vsid_mask, pgidx, page_mask;
864 #if defined(TARGET_PPC64)
867 int ds, vsid_sh, sdr_sh, pr;
871 #if defined(TARGET_PPC64)
872 if (env->mmu_model & POWERPC_MMU_64) {
873 LOG_MMU("Check SLBs\n");
874 ret = slb_lookup(env, eaddr, &vsid, &page_mask, &attr);
877 ctx->key = ((attr & 0x40) && (pr != 0)) ||
878 ((attr & 0x80) && (pr == 0)) ? 1 : 0;
880 ctx->nx = attr & 0x20 ? 1 : 0;
881 vsid_mask = 0x00003FFFFFFFFF80ULL;
886 #endif /* defined(TARGET_PPC64) */
888 sr = env->sr[eaddr >> 28];
889 page_mask = 0x0FFFFFFF;
890 ctx->key = (((sr & 0x20000000) && (pr != 0)) ||
891 ((sr & 0x40000000) && (pr == 0))) ? 1 : 0;
892 ds = sr & 0x80000000 ? 1 : 0;
893 ctx->nx = sr & 0x10000000 ? 1 : 0;
894 vsid = sr & 0x00FFFFFF;
895 vsid_mask = 0x01FFFFC0;
899 LOG_MMU("Check segment v=" ADDRX " %d " ADDRX
900 " nip=" ADDRX " lr=" ADDRX " ir=%d dr=%d pr=%d %d t=%d\n",
901 eaddr, (int)(eaddr >> 28), sr, env->nip,
902 env->lr, (int)msr_ir, (int)msr_dr, pr != 0 ? 1 : 0,
905 LOG_MMU("pte segment: key=%d ds %d nx %d vsid " ADDRX "\n",
906 ctx->key, ds, ctx->nx, vsid);
909 /* Check if instruction fetch is allowed, if needed */
910 if (type != ACCESS_CODE || ctx->nx == 0) {
911 /* Page address translation */
912 /* Primary table address */
914 pgidx = (eaddr & page_mask) >> TARGET_PAGE_BITS;
915 #if defined(TARGET_PPC64)
916 if (env->mmu_model & POWERPC_MMU_64) {
917 htab_mask = 0x0FFFFFFF >> (28 - (sdr & 0x1F));
918 /* XXX: this is false for 1 TB segments */
919 hash = ((vsid ^ pgidx) << vsid_sh) & vsid_mask;
923 htab_mask = sdr & 0x000001FF;
924 hash = ((vsid ^ pgidx) << vsid_sh) & vsid_mask;
926 mask = (htab_mask << sdr_sh) | sdr_mask;
927 LOG_MMU("sdr " PADDRX " sh %d hash " PADDRX
928 " mask " PADDRX " " ADDRX "\n",
929 sdr, sdr_sh, hash, mask, page_mask);
930 ctx->pg_addr[0] = get_pgaddr(sdr, sdr_sh, hash, mask);
931 /* Secondary table address */
932 hash = (~hash) & vsid_mask;
933 LOG_MMU("sdr " PADDRX " sh %d hash " PADDRX
934 " mask " PADDRX "\n",
935 sdr, sdr_sh, hash, mask);
936 ctx->pg_addr[1] = get_pgaddr(sdr, sdr_sh, hash, mask);
937 #if defined(TARGET_PPC64)
938 if (env->mmu_model & POWERPC_MMU_64) {
939 /* Only 5 bits of the page index are used in the AVPN */
940 ctx->ptem = (vsid << 12) | ((pgidx >> 4) & 0x0F80);
944 ctx->ptem = (vsid << 7) | (pgidx >> 10);
946 /* Initialize real address with an invalid value */
947 ctx->raddr = (target_phys_addr_t)-1ULL;
948 if (unlikely(env->mmu_model == POWERPC_MMU_SOFT_6xx ||
949 env->mmu_model == POWERPC_MMU_SOFT_74xx)) {
950 /* Software TLB search */
951 ret = ppc6xx_tlb_check(env, ctx, eaddr, rw, type);
953 LOG_MMU("0 sdr1=" PADDRX " vsid=" ADDRX " "
954 "api=" ADDRX " hash=" PADDRX
955 " pg_addr=" PADDRX "\n",
956 sdr, vsid, pgidx, hash, ctx->pg_addr[0]);
957 /* Primary table lookup */
958 ret = find_pte(env, ctx, 0, rw, type);
960 /* Secondary table lookup */
961 if (eaddr != 0xEFFFFFFF)
962 LOG_MMU("1 sdr1=" PADDRX " vsid=" ADDRX " "
963 "api=" ADDRX " hash=" PADDRX
964 " pg_addr=" PADDRX "\n",
965 sdr, vsid, pgidx, hash, ctx->pg_addr[1]);
966 ret2 = find_pte(env, ctx, 1, rw, type);
971 #if defined (DUMP_PAGE_TABLES)
972 if (qemu_log_enabled()) {
973 target_phys_addr_t curaddr;
974 uint32_t a0, a1, a2, a3;
975 qemu_log("Page table: " PADDRX " len " PADDRX "\n",
977 for (curaddr = sdr; curaddr < (sdr + mask + 0x80);
979 a0 = ldl_phys(curaddr);
980 a1 = ldl_phys(curaddr + 4);
981 a2 = ldl_phys(curaddr + 8);
982 a3 = ldl_phys(curaddr + 12);
983 if (a0 != 0 || a1 != 0 || a2 != 0 || a3 != 0) {
984 qemu_log(PADDRX ": %08x %08x %08x %08x\n",
985 curaddr, a0, a1, a2, a3);
991 LOG_MMU("No access allowed\n");
995 LOG_MMU("direct store...\n");
996 /* Direct-store segment : absolutely *BUGGY* for now */
999 /* Integer load/store : only access allowed */
1002 /* No code fetch is allowed in direct-store areas */
1005 /* Floating point load/store */
1008 /* lwarx, ldarx or srwcx. */
1011 /* dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi */
1012 /* Should make the instruction do no-op.
1013 * As it already do no-op, it's quite easy :-)
1018 /* eciwx or ecowx */
1021 qemu_log("ERROR: instruction should not need "
1022 "address translation\n");
1025 if ((rw == 1 || ctx->key != 1) && (rw == 0 || ctx->key != 0)) {
1036 /* Generic TLB check function for embedded PowerPC implementations */
1037 static always_inline int ppcemb_tlb_check (CPUState *env, ppcemb_tlb_t *tlb,
1038 target_phys_addr_t *raddrp,
1039 target_ulong address,
1040 uint32_t pid, int ext, int i)
1044 /* Check valid flag */
1045 if (!(tlb->prot & PAGE_VALID)) {
1046 qemu_log("%s: TLB %d not valid\n", __func__, i);
1049 mask = ~(tlb->size - 1);
1050 LOG_SWTLB("%s: TLB %d address " ADDRX " PID %u <=> " ADDRX
1052 __func__, i, address, pid, tlb->EPN, mask, (uint32_t)tlb->PID);
1054 if (tlb->PID != 0 && tlb->PID != pid)
1056 /* Check effective address */
1057 if ((address & mask) != tlb->EPN)
1059 *raddrp = (tlb->RPN & mask) | (address & ~mask);
1060 #if (TARGET_PHYS_ADDR_BITS >= 36)
1062 /* Extend the physical address to 36 bits */
1063 *raddrp |= (target_phys_addr_t)(tlb->RPN & 0xF) << 32;
1070 /* Generic TLB search function for PowerPC embedded implementations */
1071 int ppcemb_tlb_search (CPUPPCState *env, target_ulong address, uint32_t pid)
1074 target_phys_addr_t raddr;
1077 /* Default return value is no match */
1079 for (i = 0; i < env->nb_tlb; i++) {
1080 tlb = &env->tlb[i].tlbe;
1081 if (ppcemb_tlb_check(env, tlb, &raddr, address, pid, 0, i) == 0) {
1090 /* Helpers specific to PowerPC 40x implementations */
1091 static always_inline void ppc4xx_tlb_invalidate_all (CPUState *env)
1096 for (i = 0; i < env->nb_tlb; i++) {
1097 tlb = &env->tlb[i].tlbe;
1098 tlb->prot &= ~PAGE_VALID;
1103 static always_inline void ppc4xx_tlb_invalidate_virt (CPUState *env,
1107 #if !defined(FLUSH_ALL_TLBS)
1109 target_phys_addr_t raddr;
1110 target_ulong page, end;
1113 for (i = 0; i < env->nb_tlb; i++) {
1114 tlb = &env->tlb[i].tlbe;
1115 if (ppcemb_tlb_check(env, tlb, &raddr, eaddr, pid, 0, i) == 0) {
1116 end = tlb->EPN + tlb->size;
1117 for (page = tlb->EPN; page < end; page += TARGET_PAGE_SIZE)
1118 tlb_flush_page(env, page);
1119 tlb->prot &= ~PAGE_VALID;
1124 ppc4xx_tlb_invalidate_all(env);
1128 static int mmu40x_get_physical_address (CPUState *env, mmu_ctx_t *ctx,
1129 target_ulong address, int rw, int access_type)
1132 target_phys_addr_t raddr;
1133 int i, ret, zsel, zpr, pr;
1136 raddr = (target_phys_addr_t)-1ULL;
1138 for (i = 0; i < env->nb_tlb; i++) {
1139 tlb = &env->tlb[i].tlbe;
1140 if (ppcemb_tlb_check(env, tlb, &raddr, address,
1141 env->spr[SPR_40x_PID], 0, i) < 0)
1143 zsel = (tlb->attr >> 4) & 0xF;
1144 zpr = (env->spr[SPR_40x_ZPR] >> (28 - (2 * zsel))) & 0x3;
1145 LOG_SWTLB("%s: TLB %d zsel %d zpr %d rw %d attr %08x\n",
1146 __func__, i, zsel, zpr, rw, tlb->attr);
1147 /* Check execute enable bit */
1154 /* All accesses granted */
1155 ctx->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
1167 /* Check from TLB entry */
1168 /* XXX: there is a problem here or in the TLB fill code... */
1169 ctx->prot = tlb->prot;
1170 ctx->prot |= PAGE_EXEC;
1171 ret = check_prot(ctx->prot, rw, access_type);
1176 LOG_SWTLB("%s: access granted " ADDRX " => " PADDRX
1177 " %d %d\n", __func__, address, ctx->raddr, ctx->prot,
1182 LOG_SWTLB("%s: access refused " ADDRX " => " PADDRX
1183 " %d %d\n", __func__, address, raddr, ctx->prot,
1189 void store_40x_sler (CPUPPCState *env, uint32_t val)
1191 /* XXX: TO BE FIXED */
1192 if (val != 0x00000000) {
1193 cpu_abort(env, "Little-endian regions are not supported by now\n");
1195 env->spr[SPR_405_SLER] = val;
1198 static int mmubooke_get_physical_address (CPUState *env, mmu_ctx_t *ctx,
1199 target_ulong address, int rw,
1203 target_phys_addr_t raddr;
1207 raddr = (target_phys_addr_t)-1ULL;
1208 for (i = 0; i < env->nb_tlb; i++) {
1209 tlb = &env->tlb[i].tlbe;
1210 if (ppcemb_tlb_check(env, tlb, &raddr, address,
1211 env->spr[SPR_BOOKE_PID], 1, i) < 0)
1214 prot = tlb->prot & 0xF;
1216 prot = (tlb->prot >> 4) & 0xF;
1217 /* Check the address space */
1218 if (access_type == ACCESS_CODE) {
1219 if (msr_ir != (tlb->attr & 1))
1222 if (prot & PAGE_EXEC) {
1228 if (msr_dr != (tlb->attr & 1))
1231 if ((!rw && prot & PAGE_READ) || (rw && (prot & PAGE_WRITE))) {
1244 static always_inline int check_physical (CPUState *env, mmu_ctx_t *ctx,
1245 target_ulong eaddr, int rw)
1250 ctx->prot = PAGE_READ | PAGE_EXEC;
1252 switch (env->mmu_model) {
1253 case POWERPC_MMU_32B:
1254 case POWERPC_MMU_601:
1255 case POWERPC_MMU_SOFT_6xx:
1256 case POWERPC_MMU_SOFT_74xx:
1257 case POWERPC_MMU_SOFT_4xx:
1258 case POWERPC_MMU_REAL:
1259 case POWERPC_MMU_BOOKE:
1260 ctx->prot |= PAGE_WRITE;
1262 #if defined(TARGET_PPC64)
1263 case POWERPC_MMU_620:
1264 case POWERPC_MMU_64B:
1265 /* Real address are 60 bits long */
1266 ctx->raddr &= 0x0FFFFFFFFFFFFFFFULL;
1267 ctx->prot |= PAGE_WRITE;
1270 case POWERPC_MMU_SOFT_4xx_Z:
1271 if (unlikely(msr_pe != 0)) {
1272 /* 403 family add some particular protections,
1273 * using PBL/PBU registers for accesses with no translation.
1276 /* Check PLB validity */
1277 (env->pb[0] < env->pb[1] &&
1278 /* and address in plb area */
1279 eaddr >= env->pb[0] && eaddr < env->pb[1]) ||
1280 (env->pb[2] < env->pb[3] &&
1281 eaddr >= env->pb[2] && eaddr < env->pb[3]) ? 1 : 0;
1282 if (in_plb ^ msr_px) {
1283 /* Access in protected area */
1285 /* Access is not allowed */
1289 /* Read-write access is allowed */
1290 ctx->prot |= PAGE_WRITE;
1294 case POWERPC_MMU_MPC8xx:
1296 cpu_abort(env, "MPC8xx MMU model is not implemented\n");
1298 case POWERPC_MMU_BOOKE_FSL:
1300 cpu_abort(env, "BookE FSL MMU model not implemented\n");
1303 cpu_abort(env, "Unknown or invalid MMU model\n");
1310 int get_physical_address (CPUState *env, mmu_ctx_t *ctx, target_ulong eaddr,
1311 int rw, int access_type)
1316 qemu_log("%s\n", __func__);
1318 if ((access_type == ACCESS_CODE && msr_ir == 0) ||
1319 (access_type != ACCESS_CODE && msr_dr == 0)) {
1320 /* No address translation */
1321 ret = check_physical(env, ctx, eaddr, rw);
1324 switch (env->mmu_model) {
1325 case POWERPC_MMU_32B:
1326 case POWERPC_MMU_601:
1327 case POWERPC_MMU_SOFT_6xx:
1328 case POWERPC_MMU_SOFT_74xx:
1329 #if defined(TARGET_PPC64)
1330 case POWERPC_MMU_620:
1331 case POWERPC_MMU_64B:
1333 /* Try to find a BAT */
1334 if (env->nb_BATs != 0)
1335 ret = get_bat(env, ctx, eaddr, rw, access_type);
1337 /* We didn't match any BAT entry or don't have BATs */
1338 ret = get_segment(env, ctx, eaddr, rw, access_type);
1341 case POWERPC_MMU_SOFT_4xx:
1342 case POWERPC_MMU_SOFT_4xx_Z:
1343 ret = mmu40x_get_physical_address(env, ctx, eaddr,
1346 case POWERPC_MMU_BOOKE:
1347 ret = mmubooke_get_physical_address(env, ctx, eaddr,
1350 case POWERPC_MMU_MPC8xx:
1352 cpu_abort(env, "MPC8xx MMU model is not implemented\n");
1354 case POWERPC_MMU_BOOKE_FSL:
1356 cpu_abort(env, "BookE FSL MMU model not implemented\n");
1358 case POWERPC_MMU_REAL:
1359 cpu_abort(env, "PowerPC in real mode do not do any translation\n");
1362 cpu_abort(env, "Unknown or invalid MMU model\n");
1367 qemu_log("%s address " ADDRX " => %d " PADDRX "\n",
1368 __func__, eaddr, ret, ctx->raddr);
1374 target_phys_addr_t cpu_get_phys_page_debug (CPUState *env, target_ulong addr)
1378 if (unlikely(get_physical_address(env, &ctx, addr, 0, ACCESS_INT) != 0))
1381 return ctx.raddr & TARGET_PAGE_MASK;
1384 /* Perform address translation */
1385 int cpu_ppc_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
1386 int mmu_idx, int is_softmmu)
1395 access_type = ACCESS_CODE;
1398 access_type = env->access_type;
1400 ret = get_physical_address(env, &ctx, address, rw, access_type);
1402 ret = tlb_set_page_exec(env, address & TARGET_PAGE_MASK,
1403 ctx.raddr & TARGET_PAGE_MASK, ctx.prot,
1404 mmu_idx, is_softmmu);
1405 } else if (ret < 0) {
1407 if (access_type == ACCESS_CODE) {
1410 /* No matches in page tables or TLB */
1411 switch (env->mmu_model) {
1412 case POWERPC_MMU_SOFT_6xx:
1413 env->exception_index = POWERPC_EXCP_IFTLB;
1414 env->error_code = 1 << 18;
1415 env->spr[SPR_IMISS] = address;
1416 env->spr[SPR_ICMP] = 0x80000000 | ctx.ptem;
1418 case POWERPC_MMU_SOFT_74xx:
1419 env->exception_index = POWERPC_EXCP_IFTLB;
1421 case POWERPC_MMU_SOFT_4xx:
1422 case POWERPC_MMU_SOFT_4xx_Z:
1423 env->exception_index = POWERPC_EXCP_ITLB;
1424 env->error_code = 0;
1425 env->spr[SPR_40x_DEAR] = address;
1426 env->spr[SPR_40x_ESR] = 0x00000000;
1428 case POWERPC_MMU_32B:
1429 case POWERPC_MMU_601:
1430 #if defined(TARGET_PPC64)
1431 case POWERPC_MMU_620:
1432 case POWERPC_MMU_64B:
1434 env->exception_index = POWERPC_EXCP_ISI;
1435 env->error_code = 0x40000000;
1437 case POWERPC_MMU_BOOKE:
1439 cpu_abort(env, "BookE MMU model is not implemented\n");
1441 case POWERPC_MMU_BOOKE_FSL:
1443 cpu_abort(env, "BookE FSL MMU model is not implemented\n");
1445 case POWERPC_MMU_MPC8xx:
1447 cpu_abort(env, "MPC8xx MMU model is not implemented\n");
1449 case POWERPC_MMU_REAL:
1450 cpu_abort(env, "PowerPC in real mode should never raise "
1451 "any MMU exceptions\n");
1454 cpu_abort(env, "Unknown or invalid MMU model\n");
1459 /* Access rights violation */
1460 env->exception_index = POWERPC_EXCP_ISI;
1461 env->error_code = 0x08000000;
1464 /* No execute protection violation */
1465 env->exception_index = POWERPC_EXCP_ISI;
1466 env->error_code = 0x10000000;
1469 /* Direct store exception */
1470 /* No code fetch is allowed in direct-store areas */
1471 env->exception_index = POWERPC_EXCP_ISI;
1472 env->error_code = 0x10000000;
1474 #if defined(TARGET_PPC64)
1476 /* No match in segment table */
1477 if (env->mmu_model == POWERPC_MMU_620) {
1478 env->exception_index = POWERPC_EXCP_ISI;
1479 /* XXX: this might be incorrect */
1480 env->error_code = 0x40000000;
1482 env->exception_index = POWERPC_EXCP_ISEG;
1483 env->error_code = 0;
1491 /* No matches in page tables or TLB */
1492 switch (env->mmu_model) {
1493 case POWERPC_MMU_SOFT_6xx:
1495 env->exception_index = POWERPC_EXCP_DSTLB;
1496 env->error_code = 1 << 16;
1498 env->exception_index = POWERPC_EXCP_DLTLB;
1499 env->error_code = 0;
1501 env->spr[SPR_DMISS] = address;
1502 env->spr[SPR_DCMP] = 0x80000000 | ctx.ptem;
1504 env->error_code |= ctx.key << 19;
1505 env->spr[SPR_HASH1] = ctx.pg_addr[0];
1506 env->spr[SPR_HASH2] = ctx.pg_addr[1];
1508 case POWERPC_MMU_SOFT_74xx:
1510 env->exception_index = POWERPC_EXCP_DSTLB;
1512 env->exception_index = POWERPC_EXCP_DLTLB;
1515 /* Implement LRU algorithm */
1516 env->error_code = ctx.key << 19;
1517 env->spr[SPR_TLBMISS] = (address & ~((target_ulong)0x3)) |
1518 ((env->last_way + 1) & (env->nb_ways - 1));
1519 env->spr[SPR_PTEHI] = 0x80000000 | ctx.ptem;
1521 case POWERPC_MMU_SOFT_4xx:
1522 case POWERPC_MMU_SOFT_4xx_Z:
1523 env->exception_index = POWERPC_EXCP_DTLB;
1524 env->error_code = 0;
1525 env->spr[SPR_40x_DEAR] = address;
1527 env->spr[SPR_40x_ESR] = 0x00800000;
1529 env->spr[SPR_40x_ESR] = 0x00000000;
1531 case POWERPC_MMU_32B:
1532 case POWERPC_MMU_601:
1533 #if defined(TARGET_PPC64)
1534 case POWERPC_MMU_620:
1535 case POWERPC_MMU_64B:
1537 env->exception_index = POWERPC_EXCP_DSI;
1538 env->error_code = 0;
1539 env->spr[SPR_DAR] = address;
1541 env->spr[SPR_DSISR] = 0x42000000;
1543 env->spr[SPR_DSISR] = 0x40000000;
1545 case POWERPC_MMU_MPC8xx:
1547 cpu_abort(env, "MPC8xx MMU model is not implemented\n");
1549 case POWERPC_MMU_BOOKE:
1551 cpu_abort(env, "BookE MMU model is not implemented\n");
1553 case POWERPC_MMU_BOOKE_FSL:
1555 cpu_abort(env, "BookE FSL MMU model is not implemented\n");
1557 case POWERPC_MMU_REAL:
1558 cpu_abort(env, "PowerPC in real mode should never raise "
1559 "any MMU exceptions\n");
1562 cpu_abort(env, "Unknown or invalid MMU model\n");
1567 /* Access rights violation */
1568 env->exception_index = POWERPC_EXCP_DSI;
1569 env->error_code = 0;
1570 env->spr[SPR_DAR] = address;
1572 env->spr[SPR_DSISR] = 0x0A000000;
1574 env->spr[SPR_DSISR] = 0x08000000;
1577 /* Direct store exception */
1578 switch (access_type) {
1580 /* Floating point load/store */
1581 env->exception_index = POWERPC_EXCP_ALIGN;
1582 env->error_code = POWERPC_EXCP_ALIGN_FP;
1583 env->spr[SPR_DAR] = address;
1586 /* lwarx, ldarx or stwcx. */
1587 env->exception_index = POWERPC_EXCP_DSI;
1588 env->error_code = 0;
1589 env->spr[SPR_DAR] = address;
1591 env->spr[SPR_DSISR] = 0x06000000;
1593 env->spr[SPR_DSISR] = 0x04000000;
1596 /* eciwx or ecowx */
1597 env->exception_index = POWERPC_EXCP_DSI;
1598 env->error_code = 0;
1599 env->spr[SPR_DAR] = address;
1601 env->spr[SPR_DSISR] = 0x06100000;
1603 env->spr[SPR_DSISR] = 0x04100000;
1606 printf("DSI: invalid exception (%d)\n", ret);
1607 env->exception_index = POWERPC_EXCP_PROGRAM;
1609 POWERPC_EXCP_INVAL | POWERPC_EXCP_INVAL_INVAL;
1610 env->spr[SPR_DAR] = address;
1614 #if defined(TARGET_PPC64)
1616 /* No match in segment table */
1617 if (env->mmu_model == POWERPC_MMU_620) {
1618 env->exception_index = POWERPC_EXCP_DSI;
1619 env->error_code = 0;
1620 env->spr[SPR_DAR] = address;
1621 /* XXX: this might be incorrect */
1623 env->spr[SPR_DSISR] = 0x42000000;
1625 env->spr[SPR_DSISR] = 0x40000000;
1627 env->exception_index = POWERPC_EXCP_DSEG;
1628 env->error_code = 0;
1629 env->spr[SPR_DAR] = address;
1636 printf("%s: set exception to %d %02x\n", __func__,
1637 env->exception, env->error_code);
1645 /*****************************************************************************/
1646 /* BATs management */
1647 #if !defined(FLUSH_ALL_TLBS)
1648 static always_inline void do_invalidate_BAT (CPUPPCState *env,
1652 target_ulong base, end, page;
1654 base = BATu & ~0x0001FFFF;
1655 end = base + mask + 0x00020000;
1656 LOG_BATS("Flush BAT from " ADDRX " to " ADDRX " (" ADDRX ")\n",
1658 for (page = base; page != end; page += TARGET_PAGE_SIZE)
1659 tlb_flush_page(env, page);
1660 LOG_BATS("Flush done\n");
1664 static always_inline void dump_store_bat (CPUPPCState *env, char ID,
1665 int ul, int nr, target_ulong value)
1667 LOG_BATS("Set %cBAT%d%c to " ADDRX " (" ADDRX ")\n",
1668 ID, nr, ul == 0 ? 'u' : 'l', value, env->nip);
1671 void ppc_store_ibatu (CPUPPCState *env, int nr, target_ulong value)
1675 dump_store_bat(env, 'I', 0, nr, value);
1676 if (env->IBAT[0][nr] != value) {
1677 mask = (value << 15) & 0x0FFE0000UL;
1678 #if !defined(FLUSH_ALL_TLBS)
1679 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1681 /* When storing valid upper BAT, mask BEPI and BRPN
1682 * and invalidate all TLBs covered by this BAT
1684 mask = (value << 15) & 0x0FFE0000UL;
1685 env->IBAT[0][nr] = (value & 0x00001FFFUL) |
1686 (value & ~0x0001FFFFUL & ~mask);
1687 env->IBAT[1][nr] = (env->IBAT[1][nr] & 0x0000007B) |
1688 (env->IBAT[1][nr] & ~0x0001FFFF & ~mask);
1689 #if !defined(FLUSH_ALL_TLBS)
1690 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1697 void ppc_store_ibatl (CPUPPCState *env, int nr, target_ulong value)
1699 dump_store_bat(env, 'I', 1, nr, value);
1700 env->IBAT[1][nr] = value;
1703 void ppc_store_dbatu (CPUPPCState *env, int nr, target_ulong value)
1707 dump_store_bat(env, 'D', 0, nr, value);
1708 if (env->DBAT[0][nr] != value) {
1709 /* When storing valid upper BAT, mask BEPI and BRPN
1710 * and invalidate all TLBs covered by this BAT
1712 mask = (value << 15) & 0x0FFE0000UL;
1713 #if !defined(FLUSH_ALL_TLBS)
1714 do_invalidate_BAT(env, env->DBAT[0][nr], mask);
1716 mask = (value << 15) & 0x0FFE0000UL;
1717 env->DBAT[0][nr] = (value & 0x00001FFFUL) |
1718 (value & ~0x0001FFFFUL & ~mask);
1719 env->DBAT[1][nr] = (env->DBAT[1][nr] & 0x0000007B) |
1720 (env->DBAT[1][nr] & ~0x0001FFFF & ~mask);
1721 #if !defined(FLUSH_ALL_TLBS)
1722 do_invalidate_BAT(env, env->DBAT[0][nr], mask);
1729 void ppc_store_dbatl (CPUPPCState *env, int nr, target_ulong value)
1731 dump_store_bat(env, 'D', 1, nr, value);
1732 env->DBAT[1][nr] = value;
1735 void ppc_store_ibatu_601 (CPUPPCState *env, int nr, target_ulong value)
1740 dump_store_bat(env, 'I', 0, nr, value);
1741 if (env->IBAT[0][nr] != value) {
1743 mask = (env->IBAT[1][nr] << 17) & 0x0FFE0000UL;
1744 if (env->IBAT[1][nr] & 0x40) {
1745 /* Invalidate BAT only if it is valid */
1746 #if !defined(FLUSH_ALL_TLBS)
1747 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1752 /* When storing valid upper BAT, mask BEPI and BRPN
1753 * and invalidate all TLBs covered by this BAT
1755 env->IBAT[0][nr] = (value & 0x00001FFFUL) |
1756 (value & ~0x0001FFFFUL & ~mask);
1757 env->DBAT[0][nr] = env->IBAT[0][nr];
1758 if (env->IBAT[1][nr] & 0x40) {
1759 #if !defined(FLUSH_ALL_TLBS)
1760 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1765 #if defined(FLUSH_ALL_TLBS)
1772 void ppc_store_ibatl_601 (CPUPPCState *env, int nr, target_ulong value)
1777 dump_store_bat(env, 'I', 1, nr, value);
1778 if (env->IBAT[1][nr] != value) {
1780 if (env->IBAT[1][nr] & 0x40) {
1781 #if !defined(FLUSH_ALL_TLBS)
1782 mask = (env->IBAT[1][nr] << 17) & 0x0FFE0000UL;
1783 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1789 #if !defined(FLUSH_ALL_TLBS)
1790 mask = (value << 17) & 0x0FFE0000UL;
1791 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1796 env->IBAT[1][nr] = value;
1797 env->DBAT[1][nr] = value;
1798 #if defined(FLUSH_ALL_TLBS)
1805 /*****************************************************************************/
1806 /* TLB management */
1807 void ppc_tlb_invalidate_all (CPUPPCState *env)
1809 switch (env->mmu_model) {
1810 case POWERPC_MMU_SOFT_6xx:
1811 case POWERPC_MMU_SOFT_74xx:
1812 ppc6xx_tlb_invalidate_all(env);
1814 case POWERPC_MMU_SOFT_4xx:
1815 case POWERPC_MMU_SOFT_4xx_Z:
1816 ppc4xx_tlb_invalidate_all(env);
1818 case POWERPC_MMU_REAL:
1819 cpu_abort(env, "No TLB for PowerPC 4xx in real mode\n");
1821 case POWERPC_MMU_MPC8xx:
1823 cpu_abort(env, "MPC8xx MMU model is not implemented\n");
1825 case POWERPC_MMU_BOOKE:
1827 cpu_abort(env, "BookE MMU model is not implemented\n");
1829 case POWERPC_MMU_BOOKE_FSL:
1832 cpu_abort(env, "BookE MMU model is not implemented\n");
1834 case POWERPC_MMU_32B:
1835 case POWERPC_MMU_601:
1836 #if defined(TARGET_PPC64)
1837 case POWERPC_MMU_620:
1838 case POWERPC_MMU_64B:
1839 #endif /* defined(TARGET_PPC64) */
1844 cpu_abort(env, "Unknown MMU model\n");
1849 void ppc_tlb_invalidate_one (CPUPPCState *env, target_ulong addr)
1851 #if !defined(FLUSH_ALL_TLBS)
1852 addr &= TARGET_PAGE_MASK;
1853 switch (env->mmu_model) {
1854 case POWERPC_MMU_SOFT_6xx:
1855 case POWERPC_MMU_SOFT_74xx:
1856 ppc6xx_tlb_invalidate_virt(env, addr, 0);
1857 if (env->id_tlbs == 1)
1858 ppc6xx_tlb_invalidate_virt(env, addr, 1);
1860 case POWERPC_MMU_SOFT_4xx:
1861 case POWERPC_MMU_SOFT_4xx_Z:
1862 ppc4xx_tlb_invalidate_virt(env, addr, env->spr[SPR_40x_PID]);
1864 case POWERPC_MMU_REAL:
1865 cpu_abort(env, "No TLB for PowerPC 4xx in real mode\n");
1867 case POWERPC_MMU_MPC8xx:
1869 cpu_abort(env, "MPC8xx MMU model is not implemented\n");
1871 case POWERPC_MMU_BOOKE:
1873 cpu_abort(env, "BookE MMU model is not implemented\n");
1875 case POWERPC_MMU_BOOKE_FSL:
1877 cpu_abort(env, "BookE FSL MMU model is not implemented\n");
1879 case POWERPC_MMU_32B:
1880 case POWERPC_MMU_601:
1881 /* tlbie invalidate TLBs for all segments */
1882 addr &= ~((target_ulong)-1ULL << 28);
1883 /* XXX: this case should be optimized,
1884 * giving a mask to tlb_flush_page
1886 tlb_flush_page(env, addr | (0x0 << 28));
1887 tlb_flush_page(env, addr | (0x1 << 28));
1888 tlb_flush_page(env, addr | (0x2 << 28));
1889 tlb_flush_page(env, addr | (0x3 << 28));
1890 tlb_flush_page(env, addr | (0x4 << 28));
1891 tlb_flush_page(env, addr | (0x5 << 28));
1892 tlb_flush_page(env, addr | (0x6 << 28));
1893 tlb_flush_page(env, addr | (0x7 << 28));
1894 tlb_flush_page(env, addr | (0x8 << 28));
1895 tlb_flush_page(env, addr | (0x9 << 28));
1896 tlb_flush_page(env, addr | (0xA << 28));
1897 tlb_flush_page(env, addr | (0xB << 28));
1898 tlb_flush_page(env, addr | (0xC << 28));
1899 tlb_flush_page(env, addr | (0xD << 28));
1900 tlb_flush_page(env, addr | (0xE << 28));
1901 tlb_flush_page(env, addr | (0xF << 28));
1903 #if defined(TARGET_PPC64)
1904 case POWERPC_MMU_620:
1905 case POWERPC_MMU_64B:
1906 /* tlbie invalidate TLBs for all segments */
1907 /* XXX: given the fact that there are too many segments to invalidate,
1908 * and we still don't have a tlb_flush_mask(env, n, mask) in Qemu,
1909 * we just invalidate all TLBs
1913 #endif /* defined(TARGET_PPC64) */
1916 cpu_abort(env, "Unknown MMU model\n");
1920 ppc_tlb_invalidate_all(env);
1924 /*****************************************************************************/
1925 /* Special registers manipulation */
1926 #if defined(TARGET_PPC64)
1927 void ppc_store_asr (CPUPPCState *env, target_ulong value)
1929 if (env->asr != value) {
1936 void ppc_store_sdr1 (CPUPPCState *env, target_ulong value)
1938 LOG_MMU("%s: " ADDRX "\n", __func__, value);
1939 if (env->sdr1 != value) {
1940 /* XXX: for PowerPC 64, should check that the HTABSIZE value
1948 void ppc_store_sr (CPUPPCState *env, int srnum, target_ulong value)
1950 LOG_MMU("%s: reg=%d " ADDRX " " ADDRX "\n",
1951 __func__, srnum, value, env->sr[srnum]);
1952 if (env->sr[srnum] != value) {
1953 env->sr[srnum] = value;
1954 #if !defined(FLUSH_ALL_TLBS) && 0
1956 target_ulong page, end;
1957 /* Invalidate 256 MB of virtual memory */
1958 page = (16 << 20) * srnum;
1959 end = page + (16 << 20);
1960 for (; page != end; page += TARGET_PAGE_SIZE)
1961 tlb_flush_page(env, page);
1968 #endif /* !defined (CONFIG_USER_ONLY) */
1970 /* GDBstub can read and write MSR... */
1971 void ppc_store_msr (CPUPPCState *env, target_ulong value)
1973 hreg_store_msr(env, value, 0);
1976 /*****************************************************************************/
1977 /* Exception processing */
1978 #if defined (CONFIG_USER_ONLY)
1979 void do_interrupt (CPUState *env)
1981 env->exception_index = POWERPC_EXCP_NONE;
1982 env->error_code = 0;
1985 void ppc_hw_interrupt (CPUState *env)
1987 env->exception_index = POWERPC_EXCP_NONE;
1988 env->error_code = 0;
1990 #else /* defined (CONFIG_USER_ONLY) */
1991 static always_inline void dump_syscall (CPUState *env)
1993 qemu_log_mask(CPU_LOG_INT, "syscall r0=" REGX " r3=" REGX " r4=" REGX
1994 " r5=" REGX " r6=" REGX " nip=" ADDRX "\n",
1995 ppc_dump_gpr(env, 0), ppc_dump_gpr(env, 3), ppc_dump_gpr(env, 4),
1996 ppc_dump_gpr(env, 5), ppc_dump_gpr(env, 6), env->nip);
1999 /* Note that this function should be greatly optimized
2000 * when called with a constant excp, from ppc_hw_interrupt
2002 static always_inline void powerpc_excp (CPUState *env,
2003 int excp_model, int excp)
2005 target_ulong msr, new_msr, vector;
2006 int srr0, srr1, asrr0, asrr1;
2007 int lpes0, lpes1, lev;
2010 /* XXX: find a suitable condition to enable the hypervisor mode */
2011 lpes0 = (env->spr[SPR_LPCR] >> 1) & 1;
2012 lpes1 = (env->spr[SPR_LPCR] >> 2) & 1;
2014 /* Those values ensure we won't enter the hypervisor mode */
2019 qemu_log_mask(CPU_LOG_INT, "Raise exception at " ADDRX " => %08x (%02x)\n",
2020 env->nip, excp, env->error_code);
2027 msr &= ~((target_ulong)0x783F0000);
2029 case POWERPC_EXCP_NONE:
2030 /* Should never happen */
2032 case POWERPC_EXCP_CRITICAL: /* Critical input */
2033 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2034 switch (excp_model) {
2035 case POWERPC_EXCP_40x:
2036 srr0 = SPR_40x_SRR2;
2037 srr1 = SPR_40x_SRR3;
2039 case POWERPC_EXCP_BOOKE:
2040 srr0 = SPR_BOOKE_CSRR0;
2041 srr1 = SPR_BOOKE_CSRR1;
2043 case POWERPC_EXCP_G2:
2049 case POWERPC_EXCP_MCHECK: /* Machine check exception */
2051 /* Machine check exception is not enabled.
2052 * Enter checkstop state.
2054 if (qemu_log_enabled()) {
2055 qemu_log("Machine check while not allowed. "
2056 "Entering checkstop state\n");
2058 fprintf(stderr, "Machine check while not allowed. "
2059 "Entering checkstop state\n");
2062 env->interrupt_request |= CPU_INTERRUPT_EXITTB;
2064 new_msr &= ~((target_ulong)1 << MSR_RI);
2065 new_msr &= ~((target_ulong)1 << MSR_ME);
2067 /* XXX: find a suitable condition to enable the hypervisor mode */
2068 new_msr |= (target_ulong)MSR_HVB;
2070 /* XXX: should also have something loaded in DAR / DSISR */
2071 switch (excp_model) {
2072 case POWERPC_EXCP_40x:
2073 srr0 = SPR_40x_SRR2;
2074 srr1 = SPR_40x_SRR3;
2076 case POWERPC_EXCP_BOOKE:
2077 srr0 = SPR_BOOKE_MCSRR0;
2078 srr1 = SPR_BOOKE_MCSRR1;
2079 asrr0 = SPR_BOOKE_CSRR0;
2080 asrr1 = SPR_BOOKE_CSRR1;
2086 case POWERPC_EXCP_DSI: /* Data storage exception */
2087 LOG_EXCP("DSI exception: DSISR=" ADDRX" DAR=" ADDRX "\n",
2088 env->spr[SPR_DSISR], env->spr[SPR_DAR]);
2089 new_msr &= ~((target_ulong)1 << MSR_RI);
2091 new_msr |= (target_ulong)MSR_HVB;
2093 case POWERPC_EXCP_ISI: /* Instruction storage exception */
2094 LOG_EXCP("ISI exception: msr=" ADDRX ", nip=" ADDRX "\n",
2096 new_msr &= ~((target_ulong)1 << MSR_RI);
2098 new_msr |= (target_ulong)MSR_HVB;
2099 msr |= env->error_code;
2101 case POWERPC_EXCP_EXTERNAL: /* External input */
2102 new_msr &= ~((target_ulong)1 << MSR_RI);
2104 new_msr |= (target_ulong)MSR_HVB;
2106 case POWERPC_EXCP_ALIGN: /* Alignment exception */
2107 new_msr &= ~((target_ulong)1 << MSR_RI);
2109 new_msr |= (target_ulong)MSR_HVB;
2110 /* XXX: this is false */
2111 /* Get rS/rD and rA from faulting opcode */
2112 env->spr[SPR_DSISR] |= (ldl_code((env->nip - 4)) & 0x03FF0000) >> 16;
2114 case POWERPC_EXCP_PROGRAM: /* Program exception */
2115 switch (env->error_code & ~0xF) {
2116 case POWERPC_EXCP_FP:
2117 if ((msr_fe0 == 0 && msr_fe1 == 0) || msr_fp == 0) {
2118 LOG_EXCP("Ignore floating point exception\n");
2119 env->exception_index = POWERPC_EXCP_NONE;
2120 env->error_code = 0;
2123 new_msr &= ~((target_ulong)1 << MSR_RI);
2125 new_msr |= (target_ulong)MSR_HVB;
2127 if (msr_fe0 == msr_fe1)
2131 case POWERPC_EXCP_INVAL:
2132 LOG_EXCP("Invalid instruction at " ADDRX "\n",
2134 new_msr &= ~((target_ulong)1 << MSR_RI);
2136 new_msr |= (target_ulong)MSR_HVB;
2139 case POWERPC_EXCP_PRIV:
2140 new_msr &= ~((target_ulong)1 << MSR_RI);
2142 new_msr |= (target_ulong)MSR_HVB;
2145 case POWERPC_EXCP_TRAP:
2146 new_msr &= ~((target_ulong)1 << MSR_RI);
2148 new_msr |= (target_ulong)MSR_HVB;
2152 /* Should never occur */
2153 cpu_abort(env, "Invalid program exception %d. Aborting\n",
2158 case POWERPC_EXCP_FPU: /* Floating-point unavailable exception */
2159 new_msr &= ~((target_ulong)1 << MSR_RI);
2161 new_msr |= (target_ulong)MSR_HVB;
2163 case POWERPC_EXCP_SYSCALL: /* System call exception */
2164 /* NOTE: this is a temporary hack to support graphics OSI
2165 calls from the MOL driver */
2166 /* XXX: To be removed */
2167 if (env->gpr[3] == 0x113724fa && env->gpr[4] == 0x77810f9b &&
2169 if (env->osi_call(env) != 0) {
2170 env->exception_index = POWERPC_EXCP_NONE;
2171 env->error_code = 0;
2176 new_msr &= ~((target_ulong)1 << MSR_RI);
2177 lev = env->error_code;
2178 if (lev == 1 || (lpes0 == 0 && lpes1 == 0))
2179 new_msr |= (target_ulong)MSR_HVB;
2181 case POWERPC_EXCP_APU: /* Auxiliary processor unavailable */
2182 new_msr &= ~((target_ulong)1 << MSR_RI);
2184 case POWERPC_EXCP_DECR: /* Decrementer exception */
2185 new_msr &= ~((target_ulong)1 << MSR_RI);
2187 new_msr |= (target_ulong)MSR_HVB;
2189 case POWERPC_EXCP_FIT: /* Fixed-interval timer interrupt */
2191 LOG_EXCP("FIT exception\n");
2192 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2194 case POWERPC_EXCP_WDT: /* Watchdog timer interrupt */
2195 LOG_EXCP("WDT exception\n");
2196 switch (excp_model) {
2197 case POWERPC_EXCP_BOOKE:
2198 srr0 = SPR_BOOKE_CSRR0;
2199 srr1 = SPR_BOOKE_CSRR1;
2204 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2206 case POWERPC_EXCP_DTLB: /* Data TLB error */
2207 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2209 case POWERPC_EXCP_ITLB: /* Instruction TLB error */
2210 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2212 case POWERPC_EXCP_DEBUG: /* Debug interrupt */
2213 switch (excp_model) {
2214 case POWERPC_EXCP_BOOKE:
2215 srr0 = SPR_BOOKE_DSRR0;
2216 srr1 = SPR_BOOKE_DSRR1;
2217 asrr0 = SPR_BOOKE_CSRR0;
2218 asrr1 = SPR_BOOKE_CSRR1;
2224 cpu_abort(env, "Debug exception is not implemented yet !\n");
2226 case POWERPC_EXCP_SPEU: /* SPE/embedded floating-point unavailable */
2227 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2229 case POWERPC_EXCP_EFPDI: /* Embedded floating-point data interrupt */
2231 cpu_abort(env, "Embedded floating point data exception "
2232 "is not implemented yet !\n");
2234 case POWERPC_EXCP_EFPRI: /* Embedded floating-point round interrupt */
2236 cpu_abort(env, "Embedded floating point round exception "
2237 "is not implemented yet !\n");
2239 case POWERPC_EXCP_EPERFM: /* Embedded performance monitor interrupt */
2240 new_msr &= ~((target_ulong)1 << MSR_RI);
2243 "Performance counter exception is not implemented yet !\n");
2245 case POWERPC_EXCP_DOORI: /* Embedded doorbell interrupt */
2248 "Embedded doorbell interrupt is not implemented yet !\n");
2250 case POWERPC_EXCP_DOORCI: /* Embedded doorbell critical interrupt */
2251 switch (excp_model) {
2252 case POWERPC_EXCP_BOOKE:
2253 srr0 = SPR_BOOKE_CSRR0;
2254 srr1 = SPR_BOOKE_CSRR1;
2260 cpu_abort(env, "Embedded doorbell critical interrupt "
2261 "is not implemented yet !\n");
2263 case POWERPC_EXCP_RESET: /* System reset exception */
2264 new_msr &= ~((target_ulong)1 << MSR_RI);
2266 /* XXX: find a suitable condition to enable the hypervisor mode */
2267 new_msr |= (target_ulong)MSR_HVB;
2270 case POWERPC_EXCP_DSEG: /* Data segment exception */
2271 new_msr &= ~((target_ulong)1 << MSR_RI);
2273 new_msr |= (target_ulong)MSR_HVB;
2275 case POWERPC_EXCP_ISEG: /* Instruction segment exception */
2276 new_msr &= ~((target_ulong)1 << MSR_RI);
2278 new_msr |= (target_ulong)MSR_HVB;
2280 case POWERPC_EXCP_HDECR: /* Hypervisor decrementer exception */
2283 new_msr |= (target_ulong)MSR_HVB;
2285 case POWERPC_EXCP_TRACE: /* Trace exception */
2286 new_msr &= ~((target_ulong)1 << MSR_RI);
2288 new_msr |= (target_ulong)MSR_HVB;
2290 case POWERPC_EXCP_HDSI: /* Hypervisor data storage exception */
2293 new_msr |= (target_ulong)MSR_HVB;
2295 case POWERPC_EXCP_HISI: /* Hypervisor instruction storage exception */
2298 new_msr |= (target_ulong)MSR_HVB;
2300 case POWERPC_EXCP_HDSEG: /* Hypervisor data segment exception */
2303 new_msr |= (target_ulong)MSR_HVB;
2305 case POWERPC_EXCP_HISEG: /* Hypervisor instruction segment exception */
2308 new_msr |= (target_ulong)MSR_HVB;
2310 case POWERPC_EXCP_VPU: /* Vector unavailable exception */
2311 new_msr &= ~((target_ulong)1 << MSR_RI);
2313 new_msr |= (target_ulong)MSR_HVB;
2315 case POWERPC_EXCP_PIT: /* Programmable interval timer interrupt */
2316 LOG_EXCP("PIT exception\n");
2317 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2319 case POWERPC_EXCP_IO: /* IO error exception */
2321 cpu_abort(env, "601 IO error exception is not implemented yet !\n");
2323 case POWERPC_EXCP_RUNM: /* Run mode exception */
2325 cpu_abort(env, "601 run mode exception is not implemented yet !\n");
2327 case POWERPC_EXCP_EMUL: /* Emulation trap exception */
2329 cpu_abort(env, "602 emulation trap exception "
2330 "is not implemented yet !\n");
2332 case POWERPC_EXCP_IFTLB: /* Instruction fetch TLB error */
2333 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2334 if (lpes1 == 0) /* XXX: check this */
2335 new_msr |= (target_ulong)MSR_HVB;
2336 switch (excp_model) {
2337 case POWERPC_EXCP_602:
2338 case POWERPC_EXCP_603:
2339 case POWERPC_EXCP_603E:
2340 case POWERPC_EXCP_G2:
2342 case POWERPC_EXCP_7x5:
2344 case POWERPC_EXCP_74xx:
2347 cpu_abort(env, "Invalid instruction TLB miss exception\n");
2351 case POWERPC_EXCP_DLTLB: /* Data load TLB miss */
2352 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2353 if (lpes1 == 0) /* XXX: check this */
2354 new_msr |= (target_ulong)MSR_HVB;
2355 switch (excp_model) {
2356 case POWERPC_EXCP_602:
2357 case POWERPC_EXCP_603:
2358 case POWERPC_EXCP_603E:
2359 case POWERPC_EXCP_G2:
2361 case POWERPC_EXCP_7x5:
2363 case POWERPC_EXCP_74xx:
2366 cpu_abort(env, "Invalid data load TLB miss exception\n");
2370 case POWERPC_EXCP_DSTLB: /* Data store TLB miss */
2371 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2372 if (lpes1 == 0) /* XXX: check this */
2373 new_msr |= (target_ulong)MSR_HVB;
2374 switch (excp_model) {
2375 case POWERPC_EXCP_602:
2376 case POWERPC_EXCP_603:
2377 case POWERPC_EXCP_603E:
2378 case POWERPC_EXCP_G2:
2380 /* Swap temporary saved registers with GPRs */
2381 if (!(new_msr & ((target_ulong)1 << MSR_TGPR))) {
2382 new_msr |= (target_ulong)1 << MSR_TGPR;
2383 hreg_swap_gpr_tgpr(env);
2386 case POWERPC_EXCP_7x5:
2388 #if defined (DEBUG_SOFTWARE_TLB)
2389 if (qemu_log_enabled()) {
2390 const unsigned char *es;
2391 target_ulong *miss, *cmp;
2393 if (excp == POWERPC_EXCP_IFTLB) {
2396 miss = &env->spr[SPR_IMISS];
2397 cmp = &env->spr[SPR_ICMP];
2399 if (excp == POWERPC_EXCP_DLTLB)
2404 miss = &env->spr[SPR_DMISS];
2405 cmp = &env->spr[SPR_DCMP];
2407 qemu_log("6xx %sTLB miss: %cM " ADDRX " %cC " ADDRX
2408 " H1 " ADDRX " H2 " ADDRX " %08x\n",
2409 es, en, *miss, en, *cmp,
2410 env->spr[SPR_HASH1], env->spr[SPR_HASH2],
2414 msr |= env->crf[0] << 28;
2415 msr |= env->error_code; /* key, D/I, S/L bits */
2416 /* Set way using a LRU mechanism */
2417 msr |= ((env->last_way + 1) & (env->nb_ways - 1)) << 17;
2419 case POWERPC_EXCP_74xx:
2421 #if defined (DEBUG_SOFTWARE_TLB)
2422 if (qemu_log_enabled()) {
2423 const unsigned char *es;
2424 target_ulong *miss, *cmp;
2426 if (excp == POWERPC_EXCP_IFTLB) {
2429 miss = &env->spr[SPR_TLBMISS];
2430 cmp = &env->spr[SPR_PTEHI];
2432 if (excp == POWERPC_EXCP_DLTLB)
2437 miss = &env->spr[SPR_TLBMISS];
2438 cmp = &env->spr[SPR_PTEHI];
2440 qemu_log("74xx %sTLB miss: %cM " ADDRX " %cC " ADDRX
2442 es, en, *miss, en, *cmp, env->error_code);
2445 msr |= env->error_code; /* key bit */
2448 cpu_abort(env, "Invalid data store TLB miss exception\n");
2452 case POWERPC_EXCP_FPA: /* Floating-point assist exception */
2454 cpu_abort(env, "Floating point assist exception "
2455 "is not implemented yet !\n");
2457 case POWERPC_EXCP_DABR: /* Data address breakpoint */
2459 cpu_abort(env, "DABR exception is not implemented yet !\n");
2461 case POWERPC_EXCP_IABR: /* Instruction address breakpoint */
2463 cpu_abort(env, "IABR exception is not implemented yet !\n");
2465 case POWERPC_EXCP_SMI: /* System management interrupt */
2467 cpu_abort(env, "SMI exception is not implemented yet !\n");
2469 case POWERPC_EXCP_THERM: /* Thermal interrupt */
2471 cpu_abort(env, "Thermal management exception "
2472 "is not implemented yet !\n");
2474 case POWERPC_EXCP_PERFM: /* Embedded performance monitor interrupt */
2475 new_msr &= ~((target_ulong)1 << MSR_RI);
2477 new_msr |= (target_ulong)MSR_HVB;
2480 "Performance counter exception is not implemented yet !\n");
2482 case POWERPC_EXCP_VPUA: /* Vector assist exception */
2484 cpu_abort(env, "VPU assist exception is not implemented yet !\n");
2486 case POWERPC_EXCP_SOFTP: /* Soft patch exception */
2489 "970 soft-patch exception is not implemented yet !\n");
2491 case POWERPC_EXCP_MAINT: /* Maintenance exception */
2494 "970 maintenance exception is not implemented yet !\n");
2496 case POWERPC_EXCP_MEXTBR: /* Maskable external breakpoint */
2498 cpu_abort(env, "Maskable external exception "
2499 "is not implemented yet !\n");
2501 case POWERPC_EXCP_NMEXTBR: /* Non maskable external breakpoint */
2503 cpu_abort(env, "Non maskable external exception "
2504 "is not implemented yet !\n");
2508 cpu_abort(env, "Invalid PowerPC exception %d. Aborting\n", excp);
2511 /* save current instruction location */
2512 env->spr[srr0] = env->nip - 4;
2515 /* save next instruction location */
2516 env->spr[srr0] = env->nip;
2520 env->spr[srr1] = msr;
2521 /* If any alternate SRR register are defined, duplicate saved values */
2523 env->spr[asrr0] = env->spr[srr0];
2525 env->spr[asrr1] = env->spr[srr1];
2526 /* If we disactivated any translation, flush TLBs */
2527 if (new_msr & ((1 << MSR_IR) | (1 << MSR_DR)))
2529 /* reload MSR with correct bits */
2530 new_msr &= ~((target_ulong)1 << MSR_EE);
2531 new_msr &= ~((target_ulong)1 << MSR_PR);
2532 new_msr &= ~((target_ulong)1 << MSR_FP);
2533 new_msr &= ~((target_ulong)1 << MSR_FE0);
2534 new_msr &= ~((target_ulong)1 << MSR_SE);
2535 new_msr &= ~((target_ulong)1 << MSR_BE);
2536 new_msr &= ~((target_ulong)1 << MSR_FE1);
2537 new_msr &= ~((target_ulong)1 << MSR_IR);
2538 new_msr &= ~((target_ulong)1 << MSR_DR);
2539 #if 0 /* Fix this: not on all targets */
2540 new_msr &= ~((target_ulong)1 << MSR_PMM);
2542 new_msr &= ~((target_ulong)1 << MSR_LE);
2544 new_msr |= (target_ulong)1 << MSR_LE;
2546 new_msr &= ~((target_ulong)1 << MSR_LE);
2547 /* Jump to handler */
2548 vector = env->excp_vectors[excp];
2549 if (vector == (target_ulong)-1ULL) {
2550 cpu_abort(env, "Raised an exception without defined vector %d\n",
2553 vector |= env->excp_prefix;
2554 #if defined(TARGET_PPC64)
2555 if (excp_model == POWERPC_EXCP_BOOKE) {
2557 new_msr &= ~((target_ulong)1 << MSR_CM);
2558 vector = (uint32_t)vector;
2560 new_msr |= (target_ulong)1 << MSR_CM;
2564 new_msr &= ~((target_ulong)1 << MSR_SF);
2565 vector = (uint32_t)vector;
2567 new_msr |= (target_ulong)1 << MSR_SF;
2571 /* XXX: we don't use hreg_store_msr here as already have treated
2572 * any special case that could occur. Just store MSR and update hflags
2574 env->msr = new_msr & env->msr_mask;
2575 hreg_compute_hflags(env);
2577 /* Reset exception state */
2578 env->exception_index = POWERPC_EXCP_NONE;
2579 env->error_code = 0;
2582 void do_interrupt (CPUState *env)
2584 powerpc_excp(env, env->excp_model, env->exception_index);
2587 void ppc_hw_interrupt (CPUPPCState *env)
2592 qemu_log_mask(CPU_LOG_INT, "%s: %p pending %08x req %08x me %d ee %d\n",
2593 __func__, env, env->pending_interrupts,
2594 env->interrupt_request, (int)msr_me, (int)msr_ee);
2596 /* External reset */
2597 if (env->pending_interrupts & (1 << PPC_INTERRUPT_RESET)) {
2598 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_RESET);
2599 powerpc_excp(env, env->excp_model, POWERPC_EXCP_RESET);
2602 /* Machine check exception */
2603 if (env->pending_interrupts & (1 << PPC_INTERRUPT_MCK)) {
2604 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_MCK);
2605 powerpc_excp(env, env->excp_model, POWERPC_EXCP_MCHECK);
2609 /* External debug exception */
2610 if (env->pending_interrupts & (1 << PPC_INTERRUPT_DEBUG)) {
2611 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_DEBUG);
2612 powerpc_excp(env, env->excp_model, POWERPC_EXCP_DEBUG);
2617 /* XXX: find a suitable condition to enable the hypervisor mode */
2618 hdice = env->spr[SPR_LPCR] & 1;
2622 if ((msr_ee != 0 || msr_hv == 0 || msr_pr != 0) && hdice != 0) {
2623 /* Hypervisor decrementer exception */
2624 if (env->pending_interrupts & (1 << PPC_INTERRUPT_HDECR)) {
2625 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_HDECR);
2626 powerpc_excp(env, env->excp_model, POWERPC_EXCP_HDECR);
2631 /* External critical interrupt */
2632 if (env->pending_interrupts & (1 << PPC_INTERRUPT_CEXT)) {
2633 /* Taking a critical external interrupt does not clear the external
2634 * critical interrupt status
2637 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_CEXT);
2639 powerpc_excp(env, env->excp_model, POWERPC_EXCP_CRITICAL);
2644 /* Watchdog timer on embedded PowerPC */
2645 if (env->pending_interrupts & (1 << PPC_INTERRUPT_WDT)) {
2646 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_WDT);
2647 powerpc_excp(env, env->excp_model, POWERPC_EXCP_WDT);
2650 if (env->pending_interrupts & (1 << PPC_INTERRUPT_CDOORBELL)) {
2651 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_CDOORBELL);
2652 powerpc_excp(env, env->excp_model, POWERPC_EXCP_DOORCI);
2655 /* Fixed interval timer on embedded PowerPC */
2656 if (env->pending_interrupts & (1 << PPC_INTERRUPT_FIT)) {
2657 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_FIT);
2658 powerpc_excp(env, env->excp_model, POWERPC_EXCP_FIT);
2661 /* Programmable interval timer on embedded PowerPC */
2662 if (env->pending_interrupts & (1 << PPC_INTERRUPT_PIT)) {
2663 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_PIT);
2664 powerpc_excp(env, env->excp_model, POWERPC_EXCP_PIT);
2667 /* Decrementer exception */
2668 if (env->pending_interrupts & (1 << PPC_INTERRUPT_DECR)) {
2669 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_DECR);
2670 powerpc_excp(env, env->excp_model, POWERPC_EXCP_DECR);
2673 /* External interrupt */
2674 if (env->pending_interrupts & (1 << PPC_INTERRUPT_EXT)) {
2675 /* Taking an external interrupt does not clear the external
2679 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_EXT);
2681 powerpc_excp(env, env->excp_model, POWERPC_EXCP_EXTERNAL);
2684 if (env->pending_interrupts & (1 << PPC_INTERRUPT_DOORBELL)) {
2685 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_DOORBELL);
2686 powerpc_excp(env, env->excp_model, POWERPC_EXCP_DOORI);
2689 if (env->pending_interrupts & (1 << PPC_INTERRUPT_PERFM)) {
2690 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_PERFM);
2691 powerpc_excp(env, env->excp_model, POWERPC_EXCP_PERFM);
2694 /* Thermal interrupt */
2695 if (env->pending_interrupts & (1 << PPC_INTERRUPT_THERM)) {
2696 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_THERM);
2697 powerpc_excp(env, env->excp_model, POWERPC_EXCP_THERM);
2702 #endif /* !CONFIG_USER_ONLY */
2704 void cpu_dump_rfi (target_ulong RA, target_ulong msr)
2706 qemu_log("Return from exception at " ADDRX " with flags " ADDRX "\n",
2710 void cpu_ppc_reset (void *opaque)
2712 CPUPPCState *env = opaque;
2715 if (qemu_loglevel_mask(CPU_LOG_RESET)) {
2716 qemu_log("CPU Reset (CPU %d)\n", env->cpu_index);
2717 log_cpu_state(env, 0);
2720 msr = (target_ulong)0;
2722 /* XXX: find a suitable condition to enable the hypervisor mode */
2723 msr |= (target_ulong)MSR_HVB;
2725 msr |= (target_ulong)0 << MSR_AP; /* TO BE CHECKED */
2726 msr |= (target_ulong)0 << MSR_SA; /* TO BE CHECKED */
2727 msr |= (target_ulong)1 << MSR_EP;
2728 #if defined (DO_SINGLE_STEP) && 0
2729 /* Single step trace mode */
2730 msr |= (target_ulong)1 << MSR_SE;
2731 msr |= (target_ulong)1 << MSR_BE;
2733 #if defined(CONFIG_USER_ONLY)
2734 msr |= (target_ulong)1 << MSR_FP; /* Allow floating point usage */
2735 msr |= (target_ulong)1 << MSR_VR; /* Allow altivec usage */
2736 msr |= (target_ulong)1 << MSR_SPE; /* Allow SPE usage */
2737 msr |= (target_ulong)1 << MSR_PR;
2739 env->nip = env->hreset_vector | env->excp_prefix;
2740 if (env->mmu_model != POWERPC_MMU_REAL)
2741 ppc_tlb_invalidate_all(env);
2743 env->msr = msr & env->msr_mask;
2744 hreg_compute_hflags(env);
2745 env->reserve = (target_ulong)-1ULL;
2746 /* Be sure no exception or interrupt is pending */
2747 env->pending_interrupts = 0;
2748 env->exception_index = POWERPC_EXCP_NONE;
2749 env->error_code = 0;
2750 /* Flush all TLBs */
2754 CPUPPCState *cpu_ppc_init (const char *cpu_model)
2757 const ppc_def_t *def;
2759 def = cpu_ppc_find_by_name(cpu_model);
2763 env = qemu_mallocz(sizeof(CPUPPCState));
2765 ppc_translate_init();
2766 env->cpu_model_str = cpu_model;
2767 cpu_ppc_register_internal(env, def);
2776 void cpu_ppc_close (CPUPPCState *env)
2778 /* Should also remove all opcode tables... */
projects / qemu / blob