2 * PowerPC emulation helpers for qemu.
4 * Copyright (c) 2003-2007 Jocelyn Mayer
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
30 #include "helper_regs.h"
34 //#define DEBUG_SOFTWARE_TLB
35 //#define DUMP_PAGE_TABLES
36 //#define DEBUG_EXCEPTIONS
37 //#define FLUSH_ALL_TLBS
39 /*****************************************************************************/
40 /* PowerPC MMU emulation */
42 #if defined(CONFIG_USER_ONLY)
43 int cpu_ppc_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
44 int mmu_idx, int is_softmmu)
46 int exception, error_code;
49 exception = POWERPC_EXCP_ISI;
50 error_code = 0x40000000;
52 exception = POWERPC_EXCP_DSI;
53 error_code = 0x40000000;
55 error_code |= 0x02000000;
56 env->spr[SPR_DAR] = address;
57 env->spr[SPR_DSISR] = error_code;
59 env->exception_index = exception;
60 env->error_code = error_code;
65 target_phys_addr_t cpu_get_phys_page_debug (CPUState *env, target_ulong addr)
71 /* Common routines used by software and hardware TLBs emulation */
72 static always_inline int pte_is_valid (target_ulong pte0)
74 return pte0 & 0x80000000 ? 1 : 0;
77 static always_inline void pte_invalidate (target_ulong *pte0)
82 #if defined(TARGET_PPC64)
83 static always_inline int pte64_is_valid (target_ulong pte0)
85 return pte0 & 0x0000000000000001ULL ? 1 : 0;
88 static always_inline void pte64_invalidate (target_ulong *pte0)
90 *pte0 &= ~0x0000000000000001ULL;
94 #define PTE_PTEM_MASK 0x7FFFFFBF
95 #define PTE_CHECK_MASK (TARGET_PAGE_MASK | 0x7B)
96 #if defined(TARGET_PPC64)
97 #define PTE64_PTEM_MASK 0xFFFFFFFFFFFFFF80ULL
98 #define PTE64_CHECK_MASK (TARGET_PAGE_MASK | 0x7F)
101 static always_inline int pp_check (int key, int pp, int nx)
105 /* Compute access rights */
106 /* When pp is 3/7, the result is undefined. Set it to noaccess */
113 access |= PAGE_WRITE;
131 access = PAGE_READ | PAGE_WRITE;
141 static always_inline int check_prot (int prot, int rw, int access_type)
145 if (access_type == ACCESS_CODE) {
146 if (prot & PAGE_EXEC)
151 if (prot & PAGE_WRITE)
156 if (prot & PAGE_READ)
165 static always_inline int _pte_check (mmu_ctx_t *ctx, int is_64b,
166 target_ulong pte0, target_ulong pte1,
167 int h, int rw, int type)
169 target_ulong ptem, mmask;
170 int access, ret, pteh, ptev, pp;
174 /* Check validity and table match */
175 #if defined(TARGET_PPC64)
177 ptev = pte64_is_valid(pte0);
178 pteh = (pte0 >> 1) & 1;
182 ptev = pte_is_valid(pte0);
183 pteh = (pte0 >> 6) & 1;
185 if (ptev && h == pteh) {
186 /* Check vsid & api */
187 #if defined(TARGET_PPC64)
189 ptem = pte0 & PTE64_PTEM_MASK;
190 mmask = PTE64_CHECK_MASK;
191 pp = (pte1 & 0x00000003) | ((pte1 >> 61) & 0x00000004);
192 ctx->nx |= (pte1 >> 2) & 1; /* No execute bit */
193 ctx->nx |= (pte1 >> 3) & 1; /* Guarded bit */
197 ptem = pte0 & PTE_PTEM_MASK;
198 mmask = PTE_CHECK_MASK;
199 pp = pte1 & 0x00000003;
201 if (ptem == ctx->ptem) {
202 if (ctx->raddr != (target_ulong)-1) {
203 /* all matches should have equal RPN, WIMG & PP */
204 if ((ctx->raddr & mmask) != (pte1 & mmask)) {
206 fprintf(logfile, "Bad RPN/WIMG/PP\n");
210 /* Compute access rights */
211 access = pp_check(ctx->key, pp, ctx->nx);
212 /* Keep the matching PTE informations */
215 ret = check_prot(ctx->prot, rw, type);
218 #if defined (DEBUG_MMU)
220 fprintf(logfile, "PTE access granted !\n");
223 /* Access right violation */
224 #if defined (DEBUG_MMU)
226 fprintf(logfile, "PTE access rejected\n");
235 static always_inline int pte32_check (mmu_ctx_t *ctx,
236 target_ulong pte0, target_ulong pte1,
237 int h, int rw, int type)
239 return _pte_check(ctx, 0, pte0, pte1, h, rw, type);
242 #if defined(TARGET_PPC64)
243 static always_inline int pte64_check (mmu_ctx_t *ctx,
244 target_ulong pte0, target_ulong pte1,
245 int h, int rw, int type)
247 return _pte_check(ctx, 1, pte0, pte1, h, rw, type);
251 static always_inline int pte_update_flags (mmu_ctx_t *ctx, target_ulong *pte1p,
256 /* Update page flags */
257 if (!(*pte1p & 0x00000100)) {
258 /* Update accessed flag */
259 *pte1p |= 0x00000100;
262 if (!(*pte1p & 0x00000080)) {
263 if (rw == 1 && ret == 0) {
264 /* Update changed flag */
265 *pte1p |= 0x00000080;
268 /* Force page fault for first write access */
269 ctx->prot &= ~PAGE_WRITE;
276 /* Software driven TLB helpers */
277 static always_inline int ppc6xx_tlb_getnum (CPUState *env, target_ulong eaddr,
278 int way, int is_code)
282 /* Select TLB num in a way from address */
283 nr = (eaddr >> TARGET_PAGE_BITS) & (env->tlb_per_way - 1);
285 nr += env->tlb_per_way * way;
286 /* 6xx have separate TLBs for instructions and data */
287 if (is_code && env->id_tlbs == 1)
293 static always_inline void ppc6xx_tlb_invalidate_all (CPUState *env)
298 #if defined (DEBUG_SOFTWARE_TLB) && 0
300 fprintf(logfile, "Invalidate all TLBs\n");
303 /* Invalidate all defined software TLB */
305 if (env->id_tlbs == 1)
307 for (nr = 0; nr < max; nr++) {
308 tlb = &env->tlb[nr].tlb6;
309 pte_invalidate(&tlb->pte0);
314 static always_inline void __ppc6xx_tlb_invalidate_virt (CPUState *env,
319 #if !defined(FLUSH_ALL_TLBS)
323 /* Invalidate ITLB + DTLB, all ways */
324 for (way = 0; way < env->nb_ways; way++) {
325 nr = ppc6xx_tlb_getnum(env, eaddr, way, is_code);
326 tlb = &env->tlb[nr].tlb6;
327 if (pte_is_valid(tlb->pte0) && (match_epn == 0 || eaddr == tlb->EPN)) {
328 #if defined (DEBUG_SOFTWARE_TLB)
330 fprintf(logfile, "TLB invalidate %d/%d " ADDRX "\n",
331 nr, env->nb_tlb, eaddr);
334 pte_invalidate(&tlb->pte0);
335 tlb_flush_page(env, tlb->EPN);
339 /* XXX: PowerPC specification say this is valid as well */
340 ppc6xx_tlb_invalidate_all(env);
344 static always_inline void ppc6xx_tlb_invalidate_virt (CPUState *env,
348 __ppc6xx_tlb_invalidate_virt(env, eaddr, is_code, 0);
351 void ppc6xx_tlb_store (CPUState *env, target_ulong EPN, int way, int is_code,
352 target_ulong pte0, target_ulong pte1)
357 nr = ppc6xx_tlb_getnum(env, EPN, way, is_code);
358 tlb = &env->tlb[nr].tlb6;
359 #if defined (DEBUG_SOFTWARE_TLB)
361 fprintf(logfile, "Set TLB %d/%d EPN " ADDRX " PTE0 " ADDRX
362 " PTE1 " ADDRX "\n", nr, env->nb_tlb, EPN, pte0, pte1);
365 /* Invalidate any pending reference in Qemu for this virtual address */
366 __ppc6xx_tlb_invalidate_virt(env, EPN, is_code, 1);
370 /* Store last way for LRU mechanism */
374 static always_inline int ppc6xx_tlb_check (CPUState *env, mmu_ctx_t *ctx,
375 target_ulong eaddr, int rw,
383 ret = -1; /* No TLB found */
384 for (way = 0; way < env->nb_ways; way++) {
385 nr = ppc6xx_tlb_getnum(env, eaddr, way,
386 access_type == ACCESS_CODE ? 1 : 0);
387 tlb = &env->tlb[nr].tlb6;
388 /* This test "emulates" the PTE index match for hardware TLBs */
389 if ((eaddr & TARGET_PAGE_MASK) != tlb->EPN) {
390 #if defined (DEBUG_SOFTWARE_TLB)
392 fprintf(logfile, "TLB %d/%d %s [" ADDRX " " ADDRX
395 pte_is_valid(tlb->pte0) ? "valid" : "inval",
396 tlb->EPN, tlb->EPN + TARGET_PAGE_SIZE, eaddr);
401 #if defined (DEBUG_SOFTWARE_TLB)
403 fprintf(logfile, "TLB %d/%d %s " ADDRX " <> " ADDRX " " ADDRX
406 pte_is_valid(tlb->pte0) ? "valid" : "inval",
407 tlb->EPN, eaddr, tlb->pte1,
408 rw ? 'S' : 'L', access_type == ACCESS_CODE ? 'I' : 'D');
411 switch (pte32_check(ctx, tlb->pte0, tlb->pte1, 0, rw, access_type)) {
413 /* TLB inconsistency */
416 /* Access violation */
426 /* XXX: we should go on looping to check all TLBs consistency
427 * but we can speed-up the whole thing as the
428 * result would be undefined if TLBs are not consistent.
437 #if defined (DEBUG_SOFTWARE_TLB)
439 fprintf(logfile, "found TLB at addr 0x%08lx prot=0x%01x ret=%d\n",
440 ctx->raddr & TARGET_PAGE_MASK, ctx->prot, ret);
443 /* Update page flags */
444 pte_update_flags(ctx, &env->tlb[best].tlb6.pte1, ret, rw);
450 /* Perform BAT hit & translation */
451 static always_inline void bat_size_prot (CPUState *env, target_ulong *blp,
452 int *validp, int *protp,
453 target_ulong *BATu, target_ulong *BATl)
458 bl = (*BATu & 0x00001FFC) << 15;
461 if (((msr_pr == 0) && (*BATu & 0x00000002)) ||
462 ((msr_pr != 0) && (*BATu & 0x00000001))) {
464 pp = *BATl & 0x00000003;
466 prot = PAGE_READ | PAGE_EXEC;
476 static always_inline void bat_601_size_prot (CPUState *env,target_ulong *blp,
477 int *validp, int *protp,
482 int key, pp, valid, prot;
484 bl = (*BATl & 0x0000003F) << 17;
485 #if defined (DEBUG_BATS)
487 fprintf(logfile, "b %02x ==> bl %08x msk %08x\n",
488 *BATl & 0x0000003F, bl, ~bl);
492 valid = (*BATl >> 6) & 1;
494 pp = *BATu & 0x00000003;
496 key = (*BATu >> 3) & 1;
498 key = (*BATu >> 2) & 1;
499 prot = pp_check(key, pp, 0);
506 static always_inline int get_bat (CPUState *env, mmu_ctx_t *ctx,
507 target_ulong virtual, int rw, int type)
509 target_ulong *BATlt, *BATut, *BATu, *BATl;
510 target_ulong base, BEPIl, BEPIu, bl;
514 #if defined (DEBUG_BATS)
516 fprintf(logfile, "%s: %cBAT v 0x" ADDRX "\n", __func__,
517 type == ACCESS_CODE ? 'I' : 'D', virtual);
522 BATlt = env->IBAT[1];
523 BATut = env->IBAT[0];
526 BATlt = env->DBAT[1];
527 BATut = env->DBAT[0];
530 #if defined (DEBUG_BATS)
532 fprintf(logfile, "%s...: %cBAT v 0x" ADDRX "\n", __func__,
533 type == ACCESS_CODE ? 'I' : 'D', virtual);
536 base = virtual & 0xFFFC0000;
537 for (i = 0; i < env->nb_BATs; i++) {
540 BEPIu = *BATu & 0xF0000000;
541 BEPIl = *BATu & 0x0FFE0000;
542 if (unlikely(env->mmu_model == POWERPC_MMU_601)) {
543 bat_601_size_prot(env, &bl, &valid, &prot, BATu, BATl);
545 bat_size_prot(env, &bl, &valid, &prot, BATu, BATl);
547 #if defined (DEBUG_BATS)
549 fprintf(logfile, "%s: %cBAT%d v 0x" ADDRX " BATu 0x" ADDRX
550 " BATl 0x" ADDRX "\n",
551 __func__, type == ACCESS_CODE ? 'I' : 'D', i, virtual,
555 if ((virtual & 0xF0000000) == BEPIu &&
556 ((virtual & 0x0FFE0000) & ~bl) == BEPIl) {
559 /* Get physical address */
560 ctx->raddr = (*BATl & 0xF0000000) |
561 ((virtual & 0x0FFE0000 & bl) | (*BATl & 0x0FFE0000)) |
562 (virtual & 0x0001F000);
563 /* Compute access rights */
565 ret = check_prot(ctx->prot, rw, type);
566 #if defined (DEBUG_BATS)
567 if (ret == 0 && loglevel != 0) {
568 fprintf(logfile, "BAT %d match: r 0x" PADDRX
570 i, ctx->raddr, ctx->prot & PAGE_READ ? 'R' : '-',
571 ctx->prot & PAGE_WRITE ? 'W' : '-');
579 #if defined (DEBUG_BATS)
581 fprintf(logfile, "no BAT match for 0x" ADDRX ":\n", virtual);
582 for (i = 0; i < 4; i++) {
585 BEPIu = *BATu & 0xF0000000;
586 BEPIl = *BATu & 0x0FFE0000;
587 bl = (*BATu & 0x00001FFC) << 15;
588 fprintf(logfile, "%s: %cBAT%d v 0x" ADDRX " BATu 0x" ADDRX
589 " BATl 0x" ADDRX " \n\t"
590 "0x" ADDRX " 0x" ADDRX " 0x" ADDRX "\n",
591 __func__, type == ACCESS_CODE ? 'I' : 'D', i, virtual,
592 *BATu, *BATl, BEPIu, BEPIl, bl);
602 /* PTE table lookup */
603 static always_inline int _find_pte (mmu_ctx_t *ctx, int is_64b, int h,
606 target_ulong base, pte0, pte1;
610 ret = -1; /* No entry found */
611 base = ctx->pg_addr[h];
612 for (i = 0; i < 8; i++) {
613 #if defined(TARGET_PPC64)
615 pte0 = ldq_phys(base + (i * 16));
616 pte1 = ldq_phys(base + (i * 16) + 8);
617 r = pte64_check(ctx, pte0, pte1, h, rw, type);
618 #if defined (DEBUG_MMU)
620 fprintf(logfile, "Load pte from 0x" ADDRX " => 0x" ADDRX
621 " 0x" ADDRX " %d %d %d 0x" ADDRX "\n",
622 base + (i * 16), pte0, pte1,
623 (int)(pte0 & 1), h, (int)((pte0 >> 1) & 1),
630 pte0 = ldl_phys(base + (i * 8));
631 pte1 = ldl_phys(base + (i * 8) + 4);
632 r = pte32_check(ctx, pte0, pte1, h, rw, type);
633 #if defined (DEBUG_MMU)
635 fprintf(logfile, "Load pte from 0x" ADDRX " => 0x" ADDRX
636 " 0x" ADDRX " %d %d %d 0x" ADDRX "\n",
637 base + (i * 8), pte0, pte1,
638 (int)(pte0 >> 31), h, (int)((pte0 >> 6) & 1),
645 /* PTE inconsistency */
648 /* Access violation */
658 /* XXX: we should go on looping to check all PTEs consistency
659 * but if we can speed-up the whole thing as the
660 * result would be undefined if PTEs are not consistent.
669 #if defined (DEBUG_MMU)
671 fprintf(logfile, "found PTE at addr 0x" PADDRX " prot=0x%01x "
673 ctx->raddr, ctx->prot, ret);
676 /* Update page flags */
678 if (pte_update_flags(ctx, &pte1, ret, rw) == 1) {
679 #if defined(TARGET_PPC64)
681 stq_phys_notdirty(base + (good * 16) + 8, pte1);
685 stl_phys_notdirty(base + (good * 8) + 4, pte1);
693 static always_inline int find_pte32 (mmu_ctx_t *ctx, int h, int rw, int type)
695 return _find_pte(ctx, 0, h, rw, type);
698 #if defined(TARGET_PPC64)
699 static always_inline int find_pte64 (mmu_ctx_t *ctx, int h, int rw, int type)
701 return _find_pte(ctx, 1, h, rw, type);
705 static always_inline int find_pte (CPUState *env, mmu_ctx_t *ctx,
706 int h, int rw, int type)
708 #if defined(TARGET_PPC64)
709 if (env->mmu_model == POWERPC_MMU_64B)
710 return find_pte64(ctx, h, rw, type);
713 return find_pte32(ctx, h, rw, type);
716 #if defined(TARGET_PPC64)
717 static always_inline int slb_is_valid (uint64_t slb64)
719 return slb64 & 0x0000000008000000ULL ? 1 : 0;
722 static always_inline void slb_invalidate (uint64_t *slb64)
724 *slb64 &= ~0x0000000008000000ULL;
727 static always_inline int slb_lookup (CPUPPCState *env, target_ulong eaddr,
729 target_ulong *page_mask, int *attr)
731 target_phys_addr_t sr_base;
738 sr_base = env->spr[SPR_ASR];
739 #if defined(DEBUG_SLB)
741 fprintf(logfile, "%s: eaddr " ADDRX " base " PADDRX "\n",
742 __func__, eaddr, sr_base);
745 mask = 0x0000000000000000ULL; /* Avoid gcc warning */
746 for (n = 0; n < env->slb_nr; n++) {
747 tmp64 = ldq_phys(sr_base);
748 tmp = ldl_phys(sr_base + 8);
749 #if defined(DEBUG_SLB)
751 fprintf(logfile, "%s: seg %d " PADDRX " %016" PRIx64 " %08"
752 PRIx32 "\n", __func__, n, sr_base, tmp64, tmp);
755 if (slb_is_valid(tmp64)) {
756 /* SLB entry is valid */
757 switch (tmp64 & 0x0000000006000000ULL) {
758 case 0x0000000000000000ULL:
760 mask = 0xFFFFFFFFF0000000ULL;
762 case 0x0000000002000000ULL:
764 mask = 0xFFFF000000000000ULL;
766 case 0x0000000004000000ULL:
767 case 0x0000000006000000ULL:
768 /* Reserved => segment is invalid */
771 if ((eaddr & mask) == (tmp64 & mask)) {
773 *vsid = ((tmp64 << 24) | (tmp >> 8)) & 0x0003FFFFFFFFFFFFULL;
786 void ppc_slb_invalidate_all (CPUPPCState *env)
788 target_phys_addr_t sr_base;
790 int n, do_invalidate;
793 sr_base = env->spr[SPR_ASR];
794 /* XXX: Warning: slbia never invalidates the first segment */
795 for (n = 1; n < env->slb_nr; n++) {
796 tmp64 = ldq_phys(sr_base);
797 if (slb_is_valid(tmp64)) {
798 slb_invalidate(&tmp64);
799 stq_phys(sr_base, tmp64);
800 /* XXX: given the fact that segment size is 256 MB or 1TB,
801 * and we still don't have a tlb_flush_mask(env, n, mask)
802 * in Qemu, we just invalidate all TLBs
812 void ppc_slb_invalidate_one (CPUPPCState *env, uint64_t T0)
814 target_phys_addr_t sr_base;
815 target_ulong vsid, page_mask;
820 n = slb_lookup(env, T0, &vsid, &page_mask, &attr);
822 sr_base = env->spr[SPR_ASR];
824 tmp64 = ldq_phys(sr_base);
825 if (slb_is_valid(tmp64)) {
826 slb_invalidate(&tmp64);
827 stq_phys(sr_base, tmp64);
828 /* XXX: given the fact that segment size is 256 MB or 1TB,
829 * and we still don't have a tlb_flush_mask(env, n, mask)
830 * in Qemu, we just invalidate all TLBs
837 target_ulong ppc_load_slb (CPUPPCState *env, int slb_nr)
839 target_phys_addr_t sr_base;
844 sr_base = env->spr[SPR_ASR];
845 sr_base += 12 * slb_nr;
846 tmp64 = ldq_phys(sr_base);
847 tmp = ldl_phys(sr_base + 8);
848 if (tmp64 & 0x0000000008000000ULL) {
849 /* SLB entry is valid */
850 /* Copy SLB bits 62:88 to Rt 37:63 (VSID 23:49) */
851 rt = tmp >> 8; /* 65:88 => 40:63 */
852 rt |= (tmp64 & 0x7) << 24; /* 62:64 => 37:39 */
853 /* Copy SLB bits 89:92 to Rt 33:36 (KsKpNL) */
854 rt |= ((tmp >> 4) & 0xF) << 27;
858 #if defined(DEBUG_SLB)
860 fprintf(logfile, "%s: " PADDRX " %016" PRIx64 " %08" PRIx32 " => %d "
861 ADDRX "\n", __func__, sr_base, tmp64, tmp, slb_nr, rt);
868 void ppc_store_slb (CPUPPCState *env, int slb_nr, target_ulong rs)
870 target_phys_addr_t sr_base;
874 sr_base = env->spr[SPR_ASR];
875 sr_base += 12 * slb_nr;
876 /* Copy Rs bits 37:63 to SLB 62:88 */
878 tmp64 = (rs >> 24) & 0x7;
879 /* Copy Rs bits 33:36 to SLB 89:92 */
880 tmp |= ((rs >> 27) & 0xF) << 4;
881 /* Set the valid bit */
884 tmp64 |= (uint32_t)slb_nr << 28;
885 #if defined(DEBUG_SLB)
887 fprintf(logfile, "%s: %d " ADDRX " => " PADDRX " %016" PRIx64 " %08"
888 PRIx32 "\n", __func__, slb_nr, rs, sr_base, tmp64, tmp);
891 /* Write SLB entry to memory */
892 stq_phys(sr_base, tmp64);
893 stl_phys(sr_base + 8, tmp);
895 #endif /* defined(TARGET_PPC64) */
897 /* Perform segment based translation */
898 static always_inline target_phys_addr_t get_pgaddr (target_phys_addr_t sdr1,
900 target_phys_addr_t hash,
901 target_phys_addr_t mask)
903 return (sdr1 & ((target_ulong)(-1ULL) << sdr_sh)) | (hash & mask);
906 static always_inline int get_segment (CPUState *env, mmu_ctx_t *ctx,
907 target_ulong eaddr, int rw, int type)
909 target_phys_addr_t sdr, hash, mask, sdr_mask, htab_mask;
910 target_ulong sr, vsid, vsid_mask, pgidx, page_mask;
911 #if defined(TARGET_PPC64)
914 int ds, vsid_sh, sdr_sh, pr;
918 #if defined(TARGET_PPC64)
919 if (env->mmu_model == POWERPC_MMU_64B) {
920 #if defined (DEBUG_MMU)
922 fprintf(logfile, "Check SLBs\n");
925 ret = slb_lookup(env, eaddr, &vsid, &page_mask, &attr);
928 ctx->key = ((attr & 0x40) && (pr != 0)) ||
929 ((attr & 0x80) && (pr == 0)) ? 1 : 0;
931 ctx->nx = attr & 0x20 ? 1 : 0;
932 vsid_mask = 0x00003FFFFFFFFF80ULL;
937 #endif /* defined(TARGET_PPC64) */
939 sr = env->sr[eaddr >> 28];
940 page_mask = 0x0FFFFFFF;
941 ctx->key = (((sr & 0x20000000) && (pr != 0)) ||
942 ((sr & 0x40000000) && (pr == 0))) ? 1 : 0;
943 ds = sr & 0x80000000 ? 1 : 0;
944 ctx->nx = sr & 0x10000000 ? 1 : 0;
945 vsid = sr & 0x00FFFFFF;
946 vsid_mask = 0x01FFFFC0;
950 #if defined (DEBUG_MMU)
952 fprintf(logfile, "Check segment v=0x" ADDRX " %d 0x" ADDRX
953 " nip=0x" ADDRX " lr=0x" ADDRX
954 " ir=%d dr=%d pr=%d %d t=%d\n",
955 eaddr, (int)(eaddr >> 28), sr, env->nip,
956 env->lr, (int)msr_ir, (int)msr_dr, pr != 0 ? 1 : 0,
961 #if defined (DEBUG_MMU)
963 fprintf(logfile, "pte segment: key=%d ds %d nx %d vsid " ADDRX "\n",
964 ctx->key, ds, ctx->nx, vsid);
969 /* Check if instruction fetch is allowed, if needed */
970 if (type != ACCESS_CODE || ctx->nx == 0) {
971 /* Page address translation */
972 /* Primary table address */
974 pgidx = (eaddr & page_mask) >> TARGET_PAGE_BITS;
975 #if defined(TARGET_PPC64)
976 if (env->mmu_model == POWERPC_MMU_64B) {
977 htab_mask = 0x0FFFFFFF >> (28 - (sdr & 0x1F));
978 /* XXX: this is false for 1 TB segments */
979 hash = ((vsid ^ pgidx) << vsid_sh) & vsid_mask;
983 htab_mask = sdr & 0x000001FF;
984 hash = ((vsid ^ pgidx) << vsid_sh) & vsid_mask;
986 mask = (htab_mask << sdr_sh) | sdr_mask;
987 #if defined (DEBUG_MMU)
989 fprintf(logfile, "sdr " PADDRX " sh %d hash " PADDRX " mask "
990 PADDRX " " ADDRX "\n", sdr, sdr_sh, hash, mask,
994 ctx->pg_addr[0] = get_pgaddr(sdr, sdr_sh, hash, mask);
995 /* Secondary table address */
996 hash = (~hash) & vsid_mask;
997 #if defined (DEBUG_MMU)
999 fprintf(logfile, "sdr " PADDRX " sh %d hash " PADDRX " mask "
1000 PADDRX "\n", sdr, sdr_sh, hash, mask);
1003 ctx->pg_addr[1] = get_pgaddr(sdr, sdr_sh, hash, mask);
1004 #if defined(TARGET_PPC64)
1005 if (env->mmu_model == POWERPC_MMU_64B) {
1006 /* Only 5 bits of the page index are used in the AVPN */
1007 ctx->ptem = (vsid << 12) | ((pgidx >> 4) & 0x0F80);
1011 ctx->ptem = (vsid << 7) | (pgidx >> 10);
1013 /* Initialize real address with an invalid value */
1014 ctx->raddr = (target_ulong)-1;
1015 if (unlikely(env->mmu_model == POWERPC_MMU_SOFT_6xx ||
1016 env->mmu_model == POWERPC_MMU_SOFT_74xx)) {
1017 /* Software TLB search */
1018 ret = ppc6xx_tlb_check(env, ctx, eaddr, rw, type);
1020 #if defined (DEBUG_MMU)
1021 if (loglevel != 0) {
1022 fprintf(logfile, "0 sdr1=0x" PADDRX " vsid=0x%06x "
1023 "api=0x%04x hash=0x%07x pg_addr=0x" PADDRX "\n",
1024 sdr, (uint32_t)vsid, (uint32_t)pgidx,
1025 (uint32_t)hash, ctx->pg_addr[0]);
1028 /* Primary table lookup */
1029 ret = find_pte(env, ctx, 0, rw, type);
1031 /* Secondary table lookup */
1032 #if defined (DEBUG_MMU)
1033 if (eaddr != 0xEFFFFFFF && loglevel != 0) {
1035 "1 sdr1=0x" PADDRX " vsid=0x%06x api=0x%04x "
1036 "hash=0x%05x pg_addr=0x" PADDRX "\n",
1037 sdr, (uint32_t)vsid, (uint32_t)pgidx,
1038 (uint32_t)hash, ctx->pg_addr[1]);
1041 ret2 = find_pte(env, ctx, 1, rw, type);
1046 #if defined (DUMP_PAGE_TABLES)
1047 if (loglevel != 0) {
1048 target_phys_addr_t curaddr;
1049 uint32_t a0, a1, a2, a3;
1051 "Page table: " PADDRX " len " PADDRX "\n",
1053 for (curaddr = sdr; curaddr < (sdr + mask + 0x80);
1055 a0 = ldl_phys(curaddr);
1056 a1 = ldl_phys(curaddr + 4);
1057 a2 = ldl_phys(curaddr + 8);
1058 a3 = ldl_phys(curaddr + 12);
1059 if (a0 != 0 || a1 != 0 || a2 != 0 || a3 != 0) {
1061 PADDRX ": %08x %08x %08x %08x\n",
1062 curaddr, a0, a1, a2, a3);
1068 #if defined (DEBUG_MMU)
1070 fprintf(logfile, "No access allowed\n");
1075 #if defined (DEBUG_MMU)
1077 fprintf(logfile, "direct store...\n");
1079 /* Direct-store segment : absolutely *BUGGY* for now */
1082 /* Integer load/store : only access allowed */
1085 /* No code fetch is allowed in direct-store areas */
1088 /* Floating point load/store */
1091 /* lwarx, ldarx or srwcx. */
1094 /* dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi */
1095 /* Should make the instruction do no-op.
1096 * As it already do no-op, it's quite easy :-)
1101 /* eciwx or ecowx */
1105 fprintf(logfile, "ERROR: instruction should not need "
1106 "address translation\n");
1110 if ((rw == 1 || ctx->key != 1) && (rw == 0 || ctx->key != 0)) {
1121 /* Generic TLB check function for embedded PowerPC implementations */
1122 static always_inline int ppcemb_tlb_check (CPUState *env, ppcemb_tlb_t *tlb,
1123 target_phys_addr_t *raddrp,
1124 target_ulong address,
1125 uint32_t pid, int ext, int i)
1129 /* Check valid flag */
1130 if (!(tlb->prot & PAGE_VALID)) {
1132 fprintf(logfile, "%s: TLB %d not valid\n", __func__, i);
1135 mask = ~(tlb->size - 1);
1136 #if defined (DEBUG_SOFTWARE_TLB)
1137 if (loglevel != 0) {
1138 fprintf(logfile, "%s: TLB %d address " ADDRX " PID %d <=> "
1139 ADDRX " " ADDRX " %d\n",
1140 __func__, i, address, pid, tlb->EPN, mask, (int)tlb->PID);
1144 if (tlb->PID != 0 && tlb->PID != pid)
1146 /* Check effective address */
1147 if ((address & mask) != tlb->EPN)
1149 *raddrp = (tlb->RPN & mask) | (address & ~mask);
1150 #if (TARGET_PHYS_ADDR_BITS >= 36)
1152 /* Extend the physical address to 36 bits */
1153 *raddrp |= (target_phys_addr_t)(tlb->RPN & 0xF) << 32;
1160 /* Generic TLB search function for PowerPC embedded implementations */
1161 int ppcemb_tlb_search (CPUPPCState *env, target_ulong address, uint32_t pid)
1164 target_phys_addr_t raddr;
1167 /* Default return value is no match */
1169 for (i = 0; i < env->nb_tlb; i++) {
1170 tlb = &env->tlb[i].tlbe;
1171 if (ppcemb_tlb_check(env, tlb, &raddr, address, pid, 0, i) == 0) {
1180 /* Helpers specific to PowerPC 40x implementations */
1181 static always_inline void ppc4xx_tlb_invalidate_all (CPUState *env)
1186 for (i = 0; i < env->nb_tlb; i++) {
1187 tlb = &env->tlb[i].tlbe;
1188 tlb->prot &= ~PAGE_VALID;
1193 static always_inline void ppc4xx_tlb_invalidate_virt (CPUState *env,
1197 #if !defined(FLUSH_ALL_TLBS)
1199 target_phys_addr_t raddr;
1200 target_ulong page, end;
1203 for (i = 0; i < env->nb_tlb; i++) {
1204 tlb = &env->tlb[i].tlbe;
1205 if (ppcemb_tlb_check(env, tlb, &raddr, eaddr, pid, 0, i) == 0) {
1206 end = tlb->EPN + tlb->size;
1207 for (page = tlb->EPN; page < end; page += TARGET_PAGE_SIZE)
1208 tlb_flush_page(env, page);
1209 tlb->prot &= ~PAGE_VALID;
1214 ppc4xx_tlb_invalidate_all(env);
1218 int mmu40x_get_physical_address (CPUState *env, mmu_ctx_t *ctx,
1219 target_ulong address, int rw, int access_type)
1222 target_phys_addr_t raddr;
1223 int i, ret, zsel, zpr, pr;
1228 for (i = 0; i < env->nb_tlb; i++) {
1229 tlb = &env->tlb[i].tlbe;
1230 if (ppcemb_tlb_check(env, tlb, &raddr, address,
1231 env->spr[SPR_40x_PID], 0, i) < 0)
1233 zsel = (tlb->attr >> 4) & 0xF;
1234 zpr = (env->spr[SPR_40x_ZPR] >> (28 - (2 * zsel))) & 0x3;
1235 #if defined (DEBUG_SOFTWARE_TLB)
1236 if (loglevel != 0) {
1237 fprintf(logfile, "%s: TLB %d zsel %d zpr %d rw %d attr %08x\n",
1238 __func__, i, zsel, zpr, rw, tlb->attr);
1241 /* Check execute enable bit */
1248 /* All accesses granted */
1249 ctx->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
1261 /* Check from TLB entry */
1262 /* XXX: there is a problem here or in the TLB fill code... */
1263 ctx->prot = tlb->prot;
1264 ctx->prot |= PAGE_EXEC;
1265 ret = check_prot(ctx->prot, rw, access_type);
1270 #if defined (DEBUG_SOFTWARE_TLB)
1271 if (loglevel != 0) {
1272 fprintf(logfile, "%s: access granted " ADDRX " => " REGX
1273 " %d %d\n", __func__, address, ctx->raddr, ctx->prot,
1280 #if defined (DEBUG_SOFTWARE_TLB)
1281 if (loglevel != 0) {
1282 fprintf(logfile, "%s: access refused " ADDRX " => " REGX
1283 " %d %d\n", __func__, address, raddr, ctx->prot,
1291 void store_40x_sler (CPUPPCState *env, uint32_t val)
1293 /* XXX: TO BE FIXED */
1294 if (val != 0x00000000) {
1295 cpu_abort(env, "Little-endian regions are not supported by now\n");
1297 env->spr[SPR_405_SLER] = val;
1300 int mmubooke_get_physical_address (CPUState *env, mmu_ctx_t *ctx,
1301 target_ulong address, int rw,
1305 target_phys_addr_t raddr;
1310 for (i = 0; i < env->nb_tlb; i++) {
1311 tlb = &env->tlb[i].tlbe;
1312 if (ppcemb_tlb_check(env, tlb, &raddr, address,
1313 env->spr[SPR_BOOKE_PID], 1, i) < 0)
1316 prot = tlb->prot & 0xF;
1318 prot = (tlb->prot >> 4) & 0xF;
1319 /* Check the address space */
1320 if (access_type == ACCESS_CODE) {
1321 if (msr_ir != (tlb->attr & 1))
1324 if (prot & PAGE_EXEC) {
1330 if (msr_dr != (tlb->attr & 1))
1333 if ((!rw && prot & PAGE_READ) || (rw && (prot & PAGE_WRITE))) {
1346 static always_inline int check_physical (CPUState *env, mmu_ctx_t *ctx,
1347 target_ulong eaddr, int rw)
1352 ctx->prot = PAGE_READ | PAGE_EXEC;
1354 switch (env->mmu_model) {
1355 case POWERPC_MMU_32B:
1356 case POWERPC_MMU_601:
1357 case POWERPC_MMU_SOFT_6xx:
1358 case POWERPC_MMU_SOFT_74xx:
1359 case POWERPC_MMU_SOFT_4xx:
1360 case POWERPC_MMU_REAL_4xx:
1361 case POWERPC_MMU_BOOKE:
1362 ctx->prot |= PAGE_WRITE;
1364 #if defined(TARGET_PPC64)
1365 case POWERPC_MMU_64B:
1366 /* Real address are 60 bits long */
1367 ctx->raddr &= 0x0FFFFFFFFFFFFFFFULL;
1368 ctx->prot |= PAGE_WRITE;
1371 case POWERPC_MMU_SOFT_4xx_Z:
1372 if (unlikely(msr_pe != 0)) {
1373 /* 403 family add some particular protections,
1374 * using PBL/PBU registers for accesses with no translation.
1377 /* Check PLB validity */
1378 (env->pb[0] < env->pb[1] &&
1379 /* and address in plb area */
1380 eaddr >= env->pb[0] && eaddr < env->pb[1]) ||
1381 (env->pb[2] < env->pb[3] &&
1382 eaddr >= env->pb[2] && eaddr < env->pb[3]) ? 1 : 0;
1383 if (in_plb ^ msr_px) {
1384 /* Access in protected area */
1386 /* Access is not allowed */
1390 /* Read-write access is allowed */
1391 ctx->prot |= PAGE_WRITE;
1395 case POWERPC_MMU_BOOKE_FSL:
1397 cpu_abort(env, "BookE FSL MMU model not implemented\n");
1400 cpu_abort(env, "Unknown or invalid MMU model\n");
1407 int get_physical_address (CPUState *env, mmu_ctx_t *ctx, target_ulong eaddr,
1408 int rw, int access_type)
1413 if (loglevel != 0) {
1414 fprintf(logfile, "%s\n", __func__);
1417 if ((access_type == ACCESS_CODE && msr_ir == 0) ||
1418 (access_type != ACCESS_CODE && msr_dr == 0)) {
1419 /* No address translation */
1420 ret = check_physical(env, ctx, eaddr, rw);
1423 switch (env->mmu_model) {
1424 case POWERPC_MMU_32B:
1425 case POWERPC_MMU_601:
1426 case POWERPC_MMU_SOFT_6xx:
1427 case POWERPC_MMU_SOFT_74xx:
1428 #if defined(TARGET_PPC64)
1429 case POWERPC_MMU_64B:
1431 /* Try to find a BAT */
1432 if (env->nb_BATs != 0)
1433 ret = get_bat(env, ctx, eaddr, rw, access_type);
1435 /* We didn't match any BAT entry or don't have BATs */
1436 ret = get_segment(env, ctx, eaddr, rw, access_type);
1439 case POWERPC_MMU_SOFT_4xx:
1440 case POWERPC_MMU_SOFT_4xx_Z:
1441 ret = mmu40x_get_physical_address(env, ctx, eaddr,
1444 case POWERPC_MMU_BOOKE:
1445 ret = mmubooke_get_physical_address(env, ctx, eaddr,
1448 case POWERPC_MMU_BOOKE_FSL:
1450 cpu_abort(env, "BookE FSL MMU model not implemented\n");
1452 case POWERPC_MMU_REAL_4xx:
1453 cpu_abort(env, "PowerPC 401 does not do any translation\n");
1456 cpu_abort(env, "Unknown or invalid MMU model\n");
1461 if (loglevel != 0) {
1462 fprintf(logfile, "%s address " ADDRX " => %d " PADDRX "\n",
1463 __func__, eaddr, ret, ctx->raddr);
1470 target_phys_addr_t cpu_get_phys_page_debug (CPUState *env, target_ulong addr)
1474 if (unlikely(get_physical_address(env, &ctx, addr, 0, ACCESS_INT) != 0))
1477 return ctx.raddr & TARGET_PAGE_MASK;
1480 /* Perform address translation */
1481 int cpu_ppc_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
1482 int mmu_idx, int is_softmmu)
1491 access_type = ACCESS_CODE;
1494 /* XXX: put correct access by using cpu_restore_state()
1496 access_type = ACCESS_INT;
1497 // access_type = env->access_type;
1499 ret = get_physical_address(env, &ctx, address, rw, access_type);
1501 ret = tlb_set_page_exec(env, address & TARGET_PAGE_MASK,
1502 ctx.raddr & TARGET_PAGE_MASK, ctx.prot,
1503 mmu_idx, is_softmmu);
1504 } else if (ret < 0) {
1505 #if defined (DEBUG_MMU)
1507 cpu_dump_state(env, logfile, fprintf, 0);
1509 if (access_type == ACCESS_CODE) {
1512 /* No matches in page tables or TLB */
1513 switch (env->mmu_model) {
1514 case POWERPC_MMU_SOFT_6xx:
1515 env->exception_index = POWERPC_EXCP_IFTLB;
1516 env->error_code = 1 << 18;
1517 env->spr[SPR_IMISS] = address;
1518 env->spr[SPR_ICMP] = 0x80000000 | ctx.ptem;
1520 case POWERPC_MMU_SOFT_74xx:
1521 env->exception_index = POWERPC_EXCP_IFTLB;
1523 case POWERPC_MMU_SOFT_4xx:
1524 case POWERPC_MMU_SOFT_4xx_Z:
1525 env->exception_index = POWERPC_EXCP_ITLB;
1526 env->error_code = 0;
1527 env->spr[SPR_40x_DEAR] = address;
1528 env->spr[SPR_40x_ESR] = 0x00000000;
1530 case POWERPC_MMU_32B:
1531 case POWERPC_MMU_601:
1532 #if defined(TARGET_PPC64)
1533 case POWERPC_MMU_64B:
1535 env->exception_index = POWERPC_EXCP_ISI;
1536 env->error_code = 0x40000000;
1538 case POWERPC_MMU_BOOKE:
1540 cpu_abort(env, "MMU model not implemented\n");
1542 case POWERPC_MMU_BOOKE_FSL:
1544 cpu_abort(env, "MMU model not implemented\n");
1546 case POWERPC_MMU_REAL_4xx:
1547 cpu_abort(env, "PowerPC 401 should never raise any MMU "
1551 cpu_abort(env, "Unknown or invalid MMU model\n");
1556 /* Access rights violation */
1557 env->exception_index = POWERPC_EXCP_ISI;
1558 env->error_code = 0x08000000;
1561 /* No execute protection violation */
1562 env->exception_index = POWERPC_EXCP_ISI;
1563 env->error_code = 0x10000000;
1566 /* Direct store exception */
1567 /* No code fetch is allowed in direct-store areas */
1568 env->exception_index = POWERPC_EXCP_ISI;
1569 env->error_code = 0x10000000;
1571 #if defined(TARGET_PPC64)
1573 /* No match in segment table */
1574 env->exception_index = POWERPC_EXCP_ISEG;
1575 env->error_code = 0;
1582 /* No matches in page tables or TLB */
1583 switch (env->mmu_model) {
1584 case POWERPC_MMU_SOFT_6xx:
1586 env->exception_index = POWERPC_EXCP_DSTLB;
1587 env->error_code = 1 << 16;
1589 env->exception_index = POWERPC_EXCP_DLTLB;
1590 env->error_code = 0;
1592 env->spr[SPR_DMISS] = address;
1593 env->spr[SPR_DCMP] = 0x80000000 | ctx.ptem;
1595 env->error_code |= ctx.key << 19;
1596 env->spr[SPR_HASH1] = ctx.pg_addr[0];
1597 env->spr[SPR_HASH2] = ctx.pg_addr[1];
1599 case POWERPC_MMU_SOFT_74xx:
1601 env->exception_index = POWERPC_EXCP_DSTLB;
1603 env->exception_index = POWERPC_EXCP_DLTLB;
1606 /* Implement LRU algorithm */
1607 env->error_code = ctx.key << 19;
1608 env->spr[SPR_TLBMISS] = (address & ~((target_ulong)0x3)) |
1609 ((env->last_way + 1) & (env->nb_ways - 1));
1610 env->spr[SPR_PTEHI] = 0x80000000 | ctx.ptem;
1612 case POWERPC_MMU_SOFT_4xx:
1613 case POWERPC_MMU_SOFT_4xx_Z:
1614 env->exception_index = POWERPC_EXCP_DTLB;
1615 env->error_code = 0;
1616 env->spr[SPR_40x_DEAR] = address;
1618 env->spr[SPR_40x_ESR] = 0x00800000;
1620 env->spr[SPR_40x_ESR] = 0x00000000;
1622 case POWERPC_MMU_32B:
1623 case POWERPC_MMU_601:
1624 #if defined(TARGET_PPC64)
1625 case POWERPC_MMU_64B:
1627 env->exception_index = POWERPC_EXCP_DSI;
1628 env->error_code = 0;
1629 env->spr[SPR_DAR] = address;
1631 env->spr[SPR_DSISR] = 0x42000000;
1633 env->spr[SPR_DSISR] = 0x40000000;
1635 case POWERPC_MMU_BOOKE:
1637 cpu_abort(env, "MMU model not implemented\n");
1639 case POWERPC_MMU_BOOKE_FSL:
1641 cpu_abort(env, "MMU model not implemented\n");
1643 case POWERPC_MMU_REAL_4xx:
1644 cpu_abort(env, "PowerPC 401 should never raise any MMU "
1648 cpu_abort(env, "Unknown or invalid MMU model\n");
1653 /* Access rights violation */
1654 env->exception_index = POWERPC_EXCP_DSI;
1655 env->error_code = 0;
1656 env->spr[SPR_DAR] = address;
1658 env->spr[SPR_DSISR] = 0x0A000000;
1660 env->spr[SPR_DSISR] = 0x08000000;
1663 /* Direct store exception */
1664 switch (access_type) {
1666 /* Floating point load/store */
1667 env->exception_index = POWERPC_EXCP_ALIGN;
1668 env->error_code = POWERPC_EXCP_ALIGN_FP;
1669 env->spr[SPR_DAR] = address;
1672 /* lwarx, ldarx or stwcx. */
1673 env->exception_index = POWERPC_EXCP_DSI;
1674 env->error_code = 0;
1675 env->spr[SPR_DAR] = address;
1677 env->spr[SPR_DSISR] = 0x06000000;
1679 env->spr[SPR_DSISR] = 0x04000000;
1682 /* eciwx or ecowx */
1683 env->exception_index = POWERPC_EXCP_DSI;
1684 env->error_code = 0;
1685 env->spr[SPR_DAR] = address;
1687 env->spr[SPR_DSISR] = 0x06100000;
1689 env->spr[SPR_DSISR] = 0x04100000;
1692 printf("DSI: invalid exception (%d)\n", ret);
1693 env->exception_index = POWERPC_EXCP_PROGRAM;
1695 POWERPC_EXCP_INVAL | POWERPC_EXCP_INVAL_INVAL;
1696 env->spr[SPR_DAR] = address;
1700 #if defined(TARGET_PPC64)
1702 /* No match in segment table */
1703 env->exception_index = POWERPC_EXCP_DSEG;
1704 env->error_code = 0;
1705 env->spr[SPR_DAR] = address;
1711 printf("%s: set exception to %d %02x\n", __func__,
1712 env->exception, env->error_code);
1720 /*****************************************************************************/
1721 /* BATs management */
1722 #if !defined(FLUSH_ALL_TLBS)
1723 static always_inline void do_invalidate_BAT (CPUPPCState *env,
1727 target_ulong base, end, page;
1729 base = BATu & ~0x0001FFFF;
1730 end = base + mask + 0x00020000;
1731 #if defined (DEBUG_BATS)
1732 if (loglevel != 0) {
1733 fprintf(logfile, "Flush BAT from " ADDRX " to " ADDRX " (" ADDRX ")\n",
1737 for (page = base; page != end; page += TARGET_PAGE_SIZE)
1738 tlb_flush_page(env, page);
1739 #if defined (DEBUG_BATS)
1741 fprintf(logfile, "Flush done\n");
1746 static always_inline void dump_store_bat (CPUPPCState *env, char ID,
1747 int ul, int nr, target_ulong value)
1749 #if defined (DEBUG_BATS)
1750 if (loglevel != 0) {
1751 fprintf(logfile, "Set %cBAT%d%c to 0x" ADDRX " (0x" ADDRX ")\n",
1752 ID, nr, ul == 0 ? 'u' : 'l', value, env->nip);
1757 target_ulong do_load_ibatu (CPUPPCState *env, int nr)
1759 return env->IBAT[0][nr];
1762 target_ulong do_load_ibatl (CPUPPCState *env, int nr)
1764 return env->IBAT[1][nr];
1767 void do_store_ibatu (CPUPPCState *env, int nr, target_ulong value)
1771 dump_store_bat(env, 'I', 0, nr, value);
1772 if (env->IBAT[0][nr] != value) {
1773 mask = (value << 15) & 0x0FFE0000UL;
1774 #if !defined(FLUSH_ALL_TLBS)
1775 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1777 /* When storing valid upper BAT, mask BEPI and BRPN
1778 * and invalidate all TLBs covered by this BAT
1780 mask = (value << 15) & 0x0FFE0000UL;
1781 env->IBAT[0][nr] = (value & 0x00001FFFUL) |
1782 (value & ~0x0001FFFFUL & ~mask);
1783 env->IBAT[1][nr] = (env->IBAT[1][nr] & 0x0000007B) |
1784 (env->IBAT[1][nr] & ~0x0001FFFF & ~mask);
1785 #if !defined(FLUSH_ALL_TLBS)
1786 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1793 void do_store_ibatl (CPUPPCState *env, int nr, target_ulong value)
1795 dump_store_bat(env, 'I', 1, nr, value);
1796 env->IBAT[1][nr] = value;
1799 target_ulong do_load_dbatu (CPUPPCState *env, int nr)
1801 return env->DBAT[0][nr];
1804 target_ulong do_load_dbatl (CPUPPCState *env, int nr)
1806 return env->DBAT[1][nr];
1809 void do_store_dbatu (CPUPPCState *env, int nr, target_ulong value)
1813 dump_store_bat(env, 'D', 0, nr, value);
1814 if (env->DBAT[0][nr] != value) {
1815 /* When storing valid upper BAT, mask BEPI and BRPN
1816 * and invalidate all TLBs covered by this BAT
1818 mask = (value << 15) & 0x0FFE0000UL;
1819 #if !defined(FLUSH_ALL_TLBS)
1820 do_invalidate_BAT(env, env->DBAT[0][nr], mask);
1822 mask = (value << 15) & 0x0FFE0000UL;
1823 env->DBAT[0][nr] = (value & 0x00001FFFUL) |
1824 (value & ~0x0001FFFFUL & ~mask);
1825 env->DBAT[1][nr] = (env->DBAT[1][nr] & 0x0000007B) |
1826 (env->DBAT[1][nr] & ~0x0001FFFF & ~mask);
1827 #if !defined(FLUSH_ALL_TLBS)
1828 do_invalidate_BAT(env, env->DBAT[0][nr], mask);
1835 void do_store_dbatl (CPUPPCState *env, int nr, target_ulong value)
1837 dump_store_bat(env, 'D', 1, nr, value);
1838 env->DBAT[1][nr] = value;
1841 void do_store_ibatu_601 (CPUPPCState *env, int nr, target_ulong value)
1846 dump_store_bat(env, 'I', 0, nr, value);
1847 if (env->IBAT[0][nr] != value) {
1849 mask = (env->IBAT[1][nr] << 17) & 0x0FFE0000UL;
1850 if (env->IBAT[1][nr] & 0x40) {
1851 /* Invalidate BAT only if it is valid */
1852 #if !defined(FLUSH_ALL_TLBS)
1853 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1858 /* When storing valid upper BAT, mask BEPI and BRPN
1859 * and invalidate all TLBs covered by this BAT
1861 env->IBAT[0][nr] = (value & 0x00001FFFUL) |
1862 (value & ~0x0001FFFFUL & ~mask);
1863 env->DBAT[0][nr] = env->IBAT[0][nr];
1864 if (env->IBAT[1][nr] & 0x40) {
1865 #if !defined(FLUSH_ALL_TLBS)
1866 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1871 #if defined(FLUSH_ALL_TLBS)
1878 void do_store_ibatl_601 (CPUPPCState *env, int nr, target_ulong value)
1883 dump_store_bat(env, 'I', 1, nr, value);
1884 if (env->IBAT[1][nr] != value) {
1886 if (env->IBAT[1][nr] & 0x40) {
1887 #if !defined(FLUSH_ALL_TLBS)
1888 mask = (env->IBAT[1][nr] << 17) & 0x0FFE0000UL;
1889 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1895 #if !defined(FLUSH_ALL_TLBS)
1896 mask = (value << 17) & 0x0FFE0000UL;
1897 do_invalidate_BAT(env, env->IBAT[0][nr], mask);
1902 env->IBAT[1][nr] = value;
1903 env->DBAT[1][nr] = value;
1904 #if defined(FLUSH_ALL_TLBS)
1911 /*****************************************************************************/
1912 /* TLB management */
1913 void ppc_tlb_invalidate_all (CPUPPCState *env)
1915 switch (env->mmu_model) {
1916 case POWERPC_MMU_SOFT_6xx:
1917 case POWERPC_MMU_SOFT_74xx:
1918 ppc6xx_tlb_invalidate_all(env);
1920 case POWERPC_MMU_SOFT_4xx:
1921 case POWERPC_MMU_SOFT_4xx_Z:
1922 ppc4xx_tlb_invalidate_all(env);
1924 case POWERPC_MMU_REAL_4xx:
1925 cpu_abort(env, "No TLB for PowerPC 4xx in real mode\n");
1927 case POWERPC_MMU_BOOKE:
1929 cpu_abort(env, "MMU model not implemented\n");
1931 case POWERPC_MMU_BOOKE_FSL:
1933 cpu_abort(env, "MMU model not implemented\n");
1935 case POWERPC_MMU_32B:
1936 case POWERPC_MMU_601:
1937 #if defined(TARGET_PPC64)
1938 case POWERPC_MMU_64B:
1939 #endif /* defined(TARGET_PPC64) */
1944 cpu_abort(env, "Unknown MMU model\n");
1949 void ppc_tlb_invalidate_one (CPUPPCState *env, target_ulong addr)
1951 #if !defined(FLUSH_ALL_TLBS)
1952 addr &= TARGET_PAGE_MASK;
1953 switch (env->mmu_model) {
1954 case POWERPC_MMU_SOFT_6xx:
1955 case POWERPC_MMU_SOFT_74xx:
1956 ppc6xx_tlb_invalidate_virt(env, addr, 0);
1957 if (env->id_tlbs == 1)
1958 ppc6xx_tlb_invalidate_virt(env, addr, 1);
1960 case POWERPC_MMU_SOFT_4xx:
1961 case POWERPC_MMU_SOFT_4xx_Z:
1962 ppc4xx_tlb_invalidate_virt(env, addr, env->spr[SPR_40x_PID]);
1964 case POWERPC_MMU_REAL_4xx:
1965 cpu_abort(env, "No TLB for PowerPC 4xx in real mode\n");
1967 case POWERPC_MMU_BOOKE:
1969 cpu_abort(env, "MMU model not implemented\n");
1971 case POWERPC_MMU_BOOKE_FSL:
1973 cpu_abort(env, "MMU model not implemented\n");
1975 case POWERPC_MMU_32B:
1976 case POWERPC_MMU_601:
1977 /* tlbie invalidate TLBs for all segments */
1978 addr &= ~((target_ulong)-1 << 28);
1979 /* XXX: this case should be optimized,
1980 * giving a mask to tlb_flush_page
1982 tlb_flush_page(env, addr | (0x0 << 28));
1983 tlb_flush_page(env, addr | (0x1 << 28));
1984 tlb_flush_page(env, addr | (0x2 << 28));
1985 tlb_flush_page(env, addr | (0x3 << 28));
1986 tlb_flush_page(env, addr | (0x4 << 28));
1987 tlb_flush_page(env, addr | (0x5 << 28));
1988 tlb_flush_page(env, addr | (0x6 << 28));
1989 tlb_flush_page(env, addr | (0x7 << 28));
1990 tlb_flush_page(env, addr | (0x8 << 28));
1991 tlb_flush_page(env, addr | (0x9 << 28));
1992 tlb_flush_page(env, addr | (0xA << 28));
1993 tlb_flush_page(env, addr | (0xB << 28));
1994 tlb_flush_page(env, addr | (0xC << 28));
1995 tlb_flush_page(env, addr | (0xD << 28));
1996 tlb_flush_page(env, addr | (0xE << 28));
1997 tlb_flush_page(env, addr | (0xF << 28));
1999 #if defined(TARGET_PPC64)
2000 case POWERPC_MMU_64B:
2001 /* tlbie invalidate TLBs for all segments */
2002 /* XXX: given the fact that there are too many segments to invalidate,
2003 * and we still don't have a tlb_flush_mask(env, n, mask) in Qemu,
2004 * we just invalidate all TLBs
2008 #endif /* defined(TARGET_PPC64) */
2011 cpu_abort(env, "Unknown MMU model\n");
2015 ppc_tlb_invalidate_all(env);
2019 /*****************************************************************************/
2020 /* Special registers manipulation */
2021 #if defined(TARGET_PPC64)
2022 target_ulong ppc_load_asr (CPUPPCState *env)
2027 void ppc_store_asr (CPUPPCState *env, target_ulong value)
2029 if (env->asr != value) {
2036 target_ulong do_load_sdr1 (CPUPPCState *env)
2041 void do_store_sdr1 (CPUPPCState *env, target_ulong value)
2043 #if defined (DEBUG_MMU)
2044 if (loglevel != 0) {
2045 fprintf(logfile, "%s: 0x" ADDRX "\n", __func__, value);
2048 if (env->sdr1 != value) {
2049 /* XXX: for PowerPC 64, should check that the HTABSIZE value
2058 target_ulong do_load_sr (CPUPPCState *env, int srnum)
2060 return env->sr[srnum];
2064 void do_store_sr (CPUPPCState *env, int srnum, target_ulong value)
2066 #if defined (DEBUG_MMU)
2067 if (loglevel != 0) {
2068 fprintf(logfile, "%s: reg=%d 0x" ADDRX " " ADDRX "\n",
2069 __func__, srnum, value, env->sr[srnum]);
2072 if (env->sr[srnum] != value) {
2073 env->sr[srnum] = value;
2074 #if !defined(FLUSH_ALL_TLBS) && 0
2076 target_ulong page, end;
2077 /* Invalidate 256 MB of virtual memory */
2078 page = (16 << 20) * srnum;
2079 end = page + (16 << 20);
2080 for (; page != end; page += TARGET_PAGE_SIZE)
2081 tlb_flush_page(env, page);
2088 #endif /* !defined (CONFIG_USER_ONLY) */
2090 target_ulong ppc_load_xer (CPUPPCState *env)
2092 return hreg_load_xer(env);
2095 void ppc_store_xer (CPUPPCState *env, target_ulong value)
2097 hreg_store_xer(env, value);
2100 /* GDBstub can read and write MSR... */
2101 void ppc_store_msr (CPUPPCState *env, target_ulong value)
2103 hreg_store_msr(env, value);
2106 /*****************************************************************************/
2107 /* Exception processing */
2108 #if defined (CONFIG_USER_ONLY)
2109 void do_interrupt (CPUState *env)
2111 env->exception_index = POWERPC_EXCP_NONE;
2112 env->error_code = 0;
2115 void ppc_hw_interrupt (CPUState *env)
2117 env->exception_index = POWERPC_EXCP_NONE;
2118 env->error_code = 0;
2120 #else /* defined (CONFIG_USER_ONLY) */
2121 static always_inline void dump_syscall (CPUState *env)
2123 fprintf(logfile, "syscall r0=0x" REGX " r3=0x" REGX " r4=0x" REGX
2124 " r5=0x" REGX " r6=0x" REGX " nip=0x" ADDRX "\n",
2125 env->gpr[0], env->gpr[3], env->gpr[4],
2126 env->gpr[5], env->gpr[6], env->nip);
2129 /* Note that this function should be greatly optimized
2130 * when called with a constant excp, from ppc_hw_interrupt
2132 static always_inline void powerpc_excp (CPUState *env,
2133 int excp_model, int excp)
2135 target_ulong msr, new_msr, vector;
2136 int srr0, srr1, asrr0, asrr1;
2137 #if defined(TARGET_PPC64H)
2138 int lpes0, lpes1, lev;
2140 lpes0 = (env->spr[SPR_LPCR] >> 1) & 1;
2141 lpes1 = (env->spr[SPR_LPCR] >> 2) & 1;
2144 if (loglevel & CPU_LOG_INT) {
2145 fprintf(logfile, "Raise exception at 0x" ADDRX " => 0x%08x (%02x)\n",
2146 env->nip, excp, env->error_code);
2154 msr &= ~((target_ulong)0x783F0000);
2156 case POWERPC_EXCP_NONE:
2157 /* Should never happen */
2159 case POWERPC_EXCP_CRITICAL: /* Critical input */
2160 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2161 switch (excp_model) {
2162 case POWERPC_EXCP_40x:
2163 srr0 = SPR_40x_SRR2;
2164 srr1 = SPR_40x_SRR3;
2166 case POWERPC_EXCP_BOOKE:
2167 srr0 = SPR_BOOKE_CSRR0;
2168 srr1 = SPR_BOOKE_CSRR1;
2170 case POWERPC_EXCP_G2:
2176 case POWERPC_EXCP_MCHECK: /* Machine check exception */
2178 /* Machine check exception is not enabled.
2179 * Enter checkstop state.
2181 if (loglevel != 0) {
2182 fprintf(logfile, "Machine check while not allowed. "
2183 "Entering checkstop state\n");
2185 fprintf(stderr, "Machine check while not allowed. "
2186 "Entering checkstop state\n");
2189 env->interrupt_request |= CPU_INTERRUPT_EXITTB;
2191 new_msr &= ~((target_ulong)1 << MSR_RI);
2192 new_msr &= ~((target_ulong)1 << MSR_ME);
2193 #if defined(TARGET_PPC64H)
2194 new_msr |= (target_ulong)1 << MSR_HV;
2196 /* XXX: should also have something loaded in DAR / DSISR */
2197 switch (excp_model) {
2198 case POWERPC_EXCP_40x:
2199 srr0 = SPR_40x_SRR2;
2200 srr1 = SPR_40x_SRR3;
2202 case POWERPC_EXCP_BOOKE:
2203 srr0 = SPR_BOOKE_MCSRR0;
2204 srr1 = SPR_BOOKE_MCSRR1;
2205 asrr0 = SPR_BOOKE_CSRR0;
2206 asrr1 = SPR_BOOKE_CSRR1;
2212 case POWERPC_EXCP_DSI: /* Data storage exception */
2213 #if defined (DEBUG_EXCEPTIONS)
2214 if (loglevel != 0) {
2215 fprintf(logfile, "DSI exception: DSISR=0x" ADDRX" DAR=0x" ADDRX
2216 "\n", env->spr[SPR_DSISR], env->spr[SPR_DAR]);
2219 new_msr &= ~((target_ulong)1 << MSR_RI);
2220 #if defined(TARGET_PPC64H)
2222 new_msr |= (target_ulong)1 << MSR_HV;
2225 case POWERPC_EXCP_ISI: /* Instruction storage exception */
2226 #if defined (DEBUG_EXCEPTIONS)
2227 if (loglevel != 0) {
2228 fprintf(logfile, "ISI exception: msr=0x" ADDRX ", nip=0x" ADDRX
2229 "\n", msr, env->nip);
2232 new_msr &= ~((target_ulong)1 << MSR_RI);
2233 #if defined(TARGET_PPC64H)
2235 new_msr |= (target_ulong)1 << MSR_HV;
2237 msr |= env->error_code;
2239 case POWERPC_EXCP_EXTERNAL: /* External input */
2240 new_msr &= ~((target_ulong)1 << MSR_RI);
2241 #if defined(TARGET_PPC64H)
2243 new_msr |= (target_ulong)1 << MSR_HV;
2246 case POWERPC_EXCP_ALIGN: /* Alignment exception */
2247 new_msr &= ~((target_ulong)1 << MSR_RI);
2248 #if defined(TARGET_PPC64H)
2250 new_msr |= (target_ulong)1 << MSR_HV;
2252 /* XXX: this is false */
2253 /* Get rS/rD and rA from faulting opcode */
2254 env->spr[SPR_DSISR] |= (ldl_code((env->nip - 4)) & 0x03FF0000) >> 16;
2256 case POWERPC_EXCP_PROGRAM: /* Program exception */
2257 switch (env->error_code & ~0xF) {
2258 case POWERPC_EXCP_FP:
2259 if ((msr_fe0 == 0 && msr_fe1 == 0) || msr_fp == 0) {
2260 #if defined (DEBUG_EXCEPTIONS)
2261 if (loglevel != 0) {
2262 fprintf(logfile, "Ignore floating point exception\n");
2265 env->exception_index = POWERPC_EXCP_NONE;
2266 env->error_code = 0;
2269 new_msr &= ~((target_ulong)1 << MSR_RI);
2270 #if defined(TARGET_PPC64H)
2272 new_msr |= (target_ulong)1 << MSR_HV;
2275 if (msr_fe0 == msr_fe1)
2279 case POWERPC_EXCP_INVAL:
2280 #if defined (DEBUG_EXCEPTIONS)
2281 if (loglevel != 0) {
2282 fprintf(logfile, "Invalid instruction at 0x" ADDRX "\n",
2286 new_msr &= ~((target_ulong)1 << MSR_RI);
2287 #if defined(TARGET_PPC64H)
2289 new_msr |= (target_ulong)1 << MSR_HV;
2293 case POWERPC_EXCP_PRIV:
2294 new_msr &= ~((target_ulong)1 << MSR_RI);
2295 #if defined(TARGET_PPC64H)
2297 new_msr |= (target_ulong)1 << MSR_HV;
2301 case POWERPC_EXCP_TRAP:
2302 new_msr &= ~((target_ulong)1 << MSR_RI);
2303 #if defined(TARGET_PPC64H)
2305 new_msr |= (target_ulong)1 << MSR_HV;
2310 /* Should never occur */
2311 cpu_abort(env, "Invalid program exception %d. Aborting\n",
2316 case POWERPC_EXCP_FPU: /* Floating-point unavailable exception */
2317 new_msr &= ~((target_ulong)1 << MSR_RI);
2318 #if defined(TARGET_PPC64H)
2320 new_msr |= (target_ulong)1 << MSR_HV;
2323 case POWERPC_EXCP_SYSCALL: /* System call exception */
2324 /* NOTE: this is a temporary hack to support graphics OSI
2325 calls from the MOL driver */
2326 /* XXX: To be removed */
2327 if (env->gpr[3] == 0x113724fa && env->gpr[4] == 0x77810f9b &&
2329 if (env->osi_call(env) != 0) {
2330 env->exception_index = POWERPC_EXCP_NONE;
2331 env->error_code = 0;
2335 if (loglevel & CPU_LOG_INT) {
2338 new_msr &= ~((target_ulong)1 << MSR_RI);
2339 #if defined(TARGET_PPC64H)
2340 lev = env->error_code;
2341 if (lev == 1 || (lpes0 == 0 && lpes1 == 0))
2342 new_msr |= (target_ulong)1 << MSR_HV;
2345 case POWERPC_EXCP_APU: /* Auxiliary processor unavailable */
2346 new_msr &= ~((target_ulong)1 << MSR_RI);
2348 case POWERPC_EXCP_DECR: /* Decrementer exception */
2349 new_msr &= ~((target_ulong)1 << MSR_RI);
2350 #if defined(TARGET_PPC64H)
2352 new_msr |= (target_ulong)1 << MSR_HV;
2355 case POWERPC_EXCP_FIT: /* Fixed-interval timer interrupt */
2357 #if defined (DEBUG_EXCEPTIONS)
2359 fprintf(logfile, "FIT exception\n");
2361 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2363 case POWERPC_EXCP_WDT: /* Watchdog timer interrupt */
2364 #if defined (DEBUG_EXCEPTIONS)
2366 fprintf(logfile, "WDT exception\n");
2368 switch (excp_model) {
2369 case POWERPC_EXCP_BOOKE:
2370 srr0 = SPR_BOOKE_CSRR0;
2371 srr1 = SPR_BOOKE_CSRR1;
2376 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2378 case POWERPC_EXCP_DTLB: /* Data TLB error */
2379 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2381 case POWERPC_EXCP_ITLB: /* Instruction TLB error */
2382 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2384 case POWERPC_EXCP_DEBUG: /* Debug interrupt */
2385 switch (excp_model) {
2386 case POWERPC_EXCP_BOOKE:
2387 srr0 = SPR_BOOKE_DSRR0;
2388 srr1 = SPR_BOOKE_DSRR1;
2389 asrr0 = SPR_BOOKE_CSRR0;
2390 asrr1 = SPR_BOOKE_CSRR1;
2396 cpu_abort(env, "Debug exception is not implemented yet !\n");
2398 #if defined(TARGET_PPCEMB)
2399 case POWERPC_EXCP_SPEU: /* SPE/embedded floating-point unavailable */
2400 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2402 case POWERPC_EXCP_EFPDI: /* Embedded floating-point data interrupt */
2404 cpu_abort(env, "Embedded floating point data exception "
2405 "is not implemented yet !\n");
2407 case POWERPC_EXCP_EFPRI: /* Embedded floating-point round interrupt */
2409 cpu_abort(env, "Embedded floating point round exception "
2410 "is not implemented yet !\n");
2412 case POWERPC_EXCP_EPERFM: /* Embedded performance monitor interrupt */
2413 new_msr &= ~((target_ulong)1 << MSR_RI);
2416 "Performance counter exception is not implemented yet !\n");
2418 case POWERPC_EXCP_DOORI: /* Embedded doorbell interrupt */
2421 "Embedded doorbell interrupt is not implemented yet !\n");
2423 case POWERPC_EXCP_DOORCI: /* Embedded doorbell critical interrupt */
2424 switch (excp_model) {
2425 case POWERPC_EXCP_BOOKE:
2426 srr0 = SPR_BOOKE_CSRR0;
2427 srr1 = SPR_BOOKE_CSRR1;
2433 cpu_abort(env, "Embedded doorbell critical interrupt "
2434 "is not implemented yet !\n");
2436 #endif /* defined(TARGET_PPCEMB) */
2437 case POWERPC_EXCP_RESET: /* System reset exception */
2438 new_msr &= ~((target_ulong)1 << MSR_RI);
2439 #if defined(TARGET_PPC64H)
2440 new_msr |= (target_ulong)1 << MSR_HV;
2443 #if defined(TARGET_PPC64)
2444 case POWERPC_EXCP_DSEG: /* Data segment exception */
2445 new_msr &= ~((target_ulong)1 << MSR_RI);
2446 #if defined(TARGET_PPC64H)
2448 new_msr |= (target_ulong)1 << MSR_HV;
2451 case POWERPC_EXCP_ISEG: /* Instruction segment exception */
2452 new_msr &= ~((target_ulong)1 << MSR_RI);
2453 #if defined(TARGET_PPC64H)
2455 new_msr |= (target_ulong)1 << MSR_HV;
2458 #endif /* defined(TARGET_PPC64) */
2459 #if defined(TARGET_PPC64H)
2460 case POWERPC_EXCP_HDECR: /* Hypervisor decrementer exception */
2463 new_msr |= (target_ulong)1 << MSR_HV;
2466 case POWERPC_EXCP_TRACE: /* Trace exception */
2467 new_msr &= ~((target_ulong)1 << MSR_RI);
2468 #if defined(TARGET_PPC64H)
2470 new_msr |= (target_ulong)1 << MSR_HV;
2473 #if defined(TARGET_PPC64H)
2474 case POWERPC_EXCP_HDSI: /* Hypervisor data storage exception */
2477 new_msr |= (target_ulong)1 << MSR_HV;
2479 case POWERPC_EXCP_HISI: /* Hypervisor instruction storage exception */
2482 new_msr |= (target_ulong)1 << MSR_HV;
2484 case POWERPC_EXCP_HDSEG: /* Hypervisor data segment exception */
2487 new_msr |= (target_ulong)1 << MSR_HV;
2489 case POWERPC_EXCP_HISEG: /* Hypervisor instruction segment exception */
2492 new_msr |= (target_ulong)1 << MSR_HV;
2494 #endif /* defined(TARGET_PPC64H) */
2495 case POWERPC_EXCP_VPU: /* Vector unavailable exception */
2496 new_msr &= ~((target_ulong)1 << MSR_RI);
2497 #if defined(TARGET_PPC64H)
2499 new_msr |= (target_ulong)1 << MSR_HV;
2502 case POWERPC_EXCP_PIT: /* Programmable interval timer interrupt */
2503 #if defined (DEBUG_EXCEPTIONS)
2505 fprintf(logfile, "PIT exception\n");
2507 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2509 case POWERPC_EXCP_IO: /* IO error exception */
2511 cpu_abort(env, "601 IO error exception is not implemented yet !\n");
2513 case POWERPC_EXCP_RUNM: /* Run mode exception */
2515 cpu_abort(env, "601 run mode exception is not implemented yet !\n");
2517 case POWERPC_EXCP_EMUL: /* Emulation trap exception */
2519 cpu_abort(env, "602 emulation trap exception "
2520 "is not implemented yet !\n");
2522 case POWERPC_EXCP_IFTLB: /* Instruction fetch TLB error */
2523 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2524 #if defined(TARGET_PPC64H) /* XXX: check this */
2526 new_msr |= (target_ulong)1 << MSR_HV;
2528 switch (excp_model) {
2529 case POWERPC_EXCP_602:
2530 case POWERPC_EXCP_603:
2531 case POWERPC_EXCP_603E:
2532 case POWERPC_EXCP_G2:
2534 case POWERPC_EXCP_7x5:
2536 case POWERPC_EXCP_74xx:
2539 cpu_abort(env, "Invalid instruction TLB miss exception\n");
2543 case POWERPC_EXCP_DLTLB: /* Data load TLB miss */
2544 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2545 #if defined(TARGET_PPC64H) /* XXX: check this */
2547 new_msr |= (target_ulong)1 << MSR_HV;
2549 switch (excp_model) {
2550 case POWERPC_EXCP_602:
2551 case POWERPC_EXCP_603:
2552 case POWERPC_EXCP_603E:
2553 case POWERPC_EXCP_G2:
2555 case POWERPC_EXCP_7x5:
2557 case POWERPC_EXCP_74xx:
2560 cpu_abort(env, "Invalid data load TLB miss exception\n");
2564 case POWERPC_EXCP_DSTLB: /* Data store TLB miss */
2565 new_msr &= ~((target_ulong)1 << MSR_RI); /* XXX: check this */
2566 #if defined(TARGET_PPC64H) /* XXX: check this */
2568 new_msr |= (target_ulong)1 << MSR_HV;
2570 switch (excp_model) {
2571 case POWERPC_EXCP_602:
2572 case POWERPC_EXCP_603:
2573 case POWERPC_EXCP_603E:
2574 case POWERPC_EXCP_G2:
2576 /* Swap temporary saved registers with GPRs */
2577 if (!(new_msr & ((target_ulong)1 << MSR_TGPR))) {
2578 new_msr |= (target_ulong)1 << MSR_TGPR;
2579 hreg_swap_gpr_tgpr(env);
2582 case POWERPC_EXCP_7x5:
2584 #if defined (DEBUG_SOFTWARE_TLB)
2585 if (loglevel != 0) {
2586 const unsigned char *es;
2587 target_ulong *miss, *cmp;
2589 if (excp == POWERPC_EXCP_IFTLB) {
2592 miss = &env->spr[SPR_IMISS];
2593 cmp = &env->spr[SPR_ICMP];
2595 if (excp == POWERPC_EXCP_DLTLB)
2600 miss = &env->spr[SPR_DMISS];
2601 cmp = &env->spr[SPR_DCMP];
2603 fprintf(logfile, "6xx %sTLB miss: %cM " ADDRX " %cC " ADDRX
2604 " H1 " ADDRX " H2 " ADDRX " %08x\n",
2605 es, en, *miss, en, *cmp,
2606 env->spr[SPR_HASH1], env->spr[SPR_HASH2],
2610 msr |= env->crf[0] << 28;
2611 msr |= env->error_code; /* key, D/I, S/L bits */
2612 /* Set way using a LRU mechanism */
2613 msr |= ((env->last_way + 1) & (env->nb_ways - 1)) << 17;
2615 case POWERPC_EXCP_74xx:
2617 #if defined (DEBUG_SOFTWARE_TLB)
2618 if (loglevel != 0) {
2619 const unsigned char *es;
2620 target_ulong *miss, *cmp;
2622 if (excp == POWERPC_EXCP_IFTLB) {
2625 miss = &env->spr[SPR_TLBMISS];
2626 cmp = &env->spr[SPR_PTEHI];
2628 if (excp == POWERPC_EXCP_DLTLB)
2633 miss = &env->spr[SPR_TLBMISS];
2634 cmp = &env->spr[SPR_PTEHI];
2636 fprintf(logfile, "74xx %sTLB miss: %cM " ADDRX " %cC " ADDRX
2638 es, en, *miss, en, *cmp, env->error_code);
2641 msr |= env->error_code; /* key bit */
2644 cpu_abort(env, "Invalid data store TLB miss exception\n");
2648 case POWERPC_EXCP_FPA: /* Floating-point assist exception */
2650 cpu_abort(env, "Floating point assist exception "
2651 "is not implemented yet !\n");
2653 case POWERPC_EXCP_IABR: /* Instruction address breakpoint */
2655 cpu_abort(env, "IABR exception is not implemented yet !\n");
2657 case POWERPC_EXCP_SMI: /* System management interrupt */
2659 cpu_abort(env, "SMI exception is not implemented yet !\n");
2661 case POWERPC_EXCP_THERM: /* Thermal interrupt */
2663 cpu_abort(env, "Thermal management exception "
2664 "is not implemented yet !\n");
2666 case POWERPC_EXCP_PERFM: /* Embedded performance monitor interrupt */
2667 new_msr &= ~((target_ulong)1 << MSR_RI);
2668 #if defined(TARGET_PPC64H)
2670 new_msr |= (target_ulong)1 << MSR_HV;
2674 "Performance counter exception is not implemented yet !\n");
2676 case POWERPC_EXCP_VPUA: /* Vector assist exception */
2678 cpu_abort(env, "VPU assist exception is not implemented yet !\n");
2680 case POWERPC_EXCP_SOFTP: /* Soft patch exception */
2683 "970 soft-patch exception is not implemented yet !\n");
2685 case POWERPC_EXCP_MAINT: /* Maintenance exception */
2688 "970 maintenance exception is not implemented yet !\n");
2692 cpu_abort(env, "Invalid PowerPC exception %d. Aborting\n", excp);
2695 /* save current instruction location */
2696 env->spr[srr0] = env->nip - 4;
2699 /* save next instruction location */
2700 env->spr[srr0] = env->nip;
2704 env->spr[srr1] = msr;
2705 /* If any alternate SRR register are defined, duplicate saved values */
2707 env->spr[asrr0] = env->spr[srr0];
2709 env->spr[asrr1] = env->spr[srr1];
2710 /* If we disactivated any translation, flush TLBs */
2711 if (new_msr & ((1 << MSR_IR) | (1 << MSR_DR)))
2713 /* reload MSR with correct bits */
2714 new_msr &= ~((target_ulong)1 << MSR_EE);
2715 new_msr &= ~((target_ulong)1 << MSR_PR);
2716 new_msr &= ~((target_ulong)1 << MSR_FP);
2717 new_msr &= ~((target_ulong)1 << MSR_FE0);
2718 new_msr &= ~((target_ulong)1 << MSR_SE);
2719 new_msr &= ~((target_ulong)1 << MSR_BE);
2720 new_msr &= ~((target_ulong)1 << MSR_FE1);
2721 new_msr &= ~((target_ulong)1 << MSR_IR);
2722 new_msr &= ~((target_ulong)1 << MSR_DR);
2723 #if 0 /* Fix this: not on all targets */
2724 new_msr &= ~((target_ulong)1 << MSR_PMM);
2726 new_msr &= ~((target_ulong)1 << MSR_LE);
2728 new_msr |= (target_ulong)1 << MSR_LE;
2730 new_msr &= ~((target_ulong)1 << MSR_LE);
2731 /* Jump to handler */
2732 vector = env->excp_vectors[excp];
2733 if (vector == (target_ulong)-1) {
2734 cpu_abort(env, "Raised an exception without defined vector %d\n",
2737 vector |= env->excp_prefix;
2738 #if defined(TARGET_PPC64)
2739 if (excp_model == POWERPC_EXCP_BOOKE) {
2741 new_msr &= ~((target_ulong)1 << MSR_CM);
2742 vector = (uint32_t)vector;
2744 new_msr |= (target_ulong)1 << MSR_CM;
2748 new_msr &= ~((target_ulong)1 << MSR_SF);
2749 vector = (uint32_t)vector;
2751 new_msr |= (target_ulong)1 << MSR_SF;
2755 /* XXX: we don't use hreg_store_msr here as already have treated
2756 * any special case that could occur. Just store MSR and update hflags
2759 env->hflags_nmsr = 0x00000000;
2760 hreg_compute_hflags(env);
2762 /* Reset exception state */
2763 env->exception_index = POWERPC_EXCP_NONE;
2764 env->error_code = 0;
2767 void do_interrupt (CPUState *env)
2769 powerpc_excp(env, env->excp_model, env->exception_index);
2772 void ppc_hw_interrupt (CPUPPCState *env)
2774 #if defined(TARGET_PPC64H)
2779 if (loglevel & CPU_LOG_INT) {
2780 fprintf(logfile, "%s: %p pending %08x req %08x me %d ee %d\n",
2781 __func__, env, env->pending_interrupts,
2782 env->interrupt_request, (int)msr_me, (int)msr_ee);
2785 /* External reset */
2786 if (env->pending_interrupts & (1 << PPC_INTERRUPT_RESET)) {
2787 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_RESET);
2788 powerpc_excp(env, env->excp_model, POWERPC_EXCP_RESET);
2791 /* Machine check exception */
2792 if (env->pending_interrupts & (1 << PPC_INTERRUPT_MCK)) {
2793 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_MCK);
2794 powerpc_excp(env, env->excp_model, POWERPC_EXCP_MCHECK);
2798 /* External debug exception */
2799 if (env->pending_interrupts & (1 << PPC_INTERRUPT_DEBUG)) {
2800 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_DEBUG);
2801 powerpc_excp(env, env->excp_model, POWERPC_EXCP_DEBUG);
2805 #if defined(TARGET_PPC64H)
2806 hdice = env->spr[SPR_LPCR] & 1;
2807 if ((msr_ee != 0 || msr_hv == 0 || msr_pr != 0) && hdice != 0) {
2808 /* Hypervisor decrementer exception */
2809 if (env->pending_interrupts & (1 << PPC_INTERRUPT_HDECR)) {
2810 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_HDECR);
2811 powerpc_excp(env, env->excp_model, POWERPC_EXCP_HDECR);
2817 /* External critical interrupt */
2818 if (env->pending_interrupts & (1 << PPC_INTERRUPT_CEXT)) {
2819 /* Taking a critical external interrupt does not clear the external
2820 * critical interrupt status
2823 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_CEXT);
2825 powerpc_excp(env, env->excp_model, POWERPC_EXCP_CRITICAL);
2830 /* Watchdog timer on embedded PowerPC */
2831 if (env->pending_interrupts & (1 << PPC_INTERRUPT_WDT)) {
2832 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_WDT);
2833 powerpc_excp(env, env->excp_model, POWERPC_EXCP_WDT);
2836 #if defined(TARGET_PPCEMB)
2837 if (env->pending_interrupts & (1 << PPC_INTERRUPT_CDOORBELL)) {
2838 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_CDOORBELL);
2839 powerpc_excp(env, env->excp_model, POWERPC_EXCP_DOORCI);
2843 #if defined(TARGET_PPCEMB)
2844 /* External interrupt */
2845 if (env->pending_interrupts & (1 << PPC_INTERRUPT_EXT)) {
2846 /* Taking an external interrupt does not clear the external
2850 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_EXT);
2852 powerpc_excp(env, env->excp_model, POWERPC_EXCP_EXTERNAL);
2856 /* Fixed interval timer on embedded PowerPC */
2857 if (env->pending_interrupts & (1 << PPC_INTERRUPT_FIT)) {
2858 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_FIT);
2859 powerpc_excp(env, env->excp_model, POWERPC_EXCP_FIT);
2862 /* Programmable interval timer on embedded PowerPC */
2863 if (env->pending_interrupts & (1 << PPC_INTERRUPT_PIT)) {
2864 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_PIT);
2865 powerpc_excp(env, env->excp_model, POWERPC_EXCP_PIT);
2868 /* Decrementer exception */
2869 if (env->pending_interrupts & (1 << PPC_INTERRUPT_DECR)) {
2870 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_DECR);
2871 powerpc_excp(env, env->excp_model, POWERPC_EXCP_DECR);
2874 #if !defined(TARGET_PPCEMB)
2875 /* External interrupt */
2876 if (env->pending_interrupts & (1 << PPC_INTERRUPT_EXT)) {
2877 /* Taking an external interrupt does not clear the external
2881 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_EXT);
2883 powerpc_excp(env, env->excp_model, POWERPC_EXCP_EXTERNAL);
2887 #if defined(TARGET_PPCEMB)
2888 if (env->pending_interrupts & (1 << PPC_INTERRUPT_DOORBELL)) {
2889 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_DOORBELL);
2890 powerpc_excp(env, env->excp_model, POWERPC_EXCP_DOORI);
2894 if (env->pending_interrupts & (1 << PPC_INTERRUPT_PERFM)) {
2895 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_PERFM);
2896 powerpc_excp(env, env->excp_model, POWERPC_EXCP_PERFM);
2899 /* Thermal interrupt */
2900 if (env->pending_interrupts & (1 << PPC_INTERRUPT_THERM)) {
2901 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_THERM);
2902 powerpc_excp(env, env->excp_model, POWERPC_EXCP_THERM);
2907 #endif /* !CONFIG_USER_ONLY */
2909 void cpu_dump_EA (target_ulong EA)
2919 fprintf(f, "Memory access at address " ADDRX "\n", EA);
2922 void cpu_dump_rfi (target_ulong RA, target_ulong msr)
2932 fprintf(f, "Return from exception at " ADDRX " with flags " ADDRX "\n",
2936 void cpu_ppc_reset (void *opaque)
2942 msr = (target_ulong)0;
2943 #if defined(TARGET_PPC64)
2944 msr |= (target_ulong)0 << MSR_HV; /* Should be 1... */
2946 msr |= (target_ulong)0 << MSR_AP; /* TO BE CHECKED */
2947 msr |= (target_ulong)0 << MSR_SA; /* TO BE CHECKED */
2948 msr |= (target_ulong)1 << MSR_EP;
2949 #if defined (DO_SINGLE_STEP) && 0
2950 /* Single step trace mode */
2951 msr |= (target_ulong)1 << MSR_SE;
2952 msr |= (target_ulong)1 << MSR_BE;
2954 #if defined(CONFIG_USER_ONLY)
2955 msr |= (target_ulong)1 << MSR_FP; /* Allow floating point usage */
2956 msr |= (target_ulong)1 << MSR_PR;
2958 env->nip = env->hreset_vector | env->excp_prefix;
2959 if (env->mmu_model != POWERPC_MMU_REAL_4xx)
2960 ppc_tlb_invalidate_all(env);
2963 hreg_compute_hflags(env);
2965 /* Be sure no exception or interrupt is pending */
2966 env->pending_interrupts = 0;
2967 env->exception_index = POWERPC_EXCP_NONE;
2968 env->error_code = 0;
2969 /* Flush all TLBs */
2973 CPUPPCState *cpu_ppc_init (const char *cpu_model)
2976 const ppc_def_t *def;
2978 def = cpu_ppc_find_by_name(cpu_model);
2982 env = qemu_mallocz(sizeof(CPUPPCState));
2986 cpu_ppc_register_internal(env, def);
2991 void cpu_ppc_close (CPUPPCState *env)
2993 /* Should also remove all opcode tables... */
projects / qemu / blob