xref: /openbmc/qemu/target/sparc/mmu_helper.c (revision 873f9ca3857cfeeef45441b116c91156736d529c)
1 /*
2  *  Sparc MMU helpers
3  *
4  *  Copyright (c) 2003-2005 Fabrice Bellard
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "qemu/osdep.h"
21 #include "qemu/log.h"
22 #include "cpu.h"
23 #include "exec/exec-all.h"
24 #include "exec/page-protection.h"
25 #include "qemu/qemu-print.h"
26 #include "trace.h"
27 
28 /* Sparc MMU emulation */
29 
30 #ifndef TARGET_SPARC64
31 /*
32  * Sparc V8 Reference MMU (SRMMU)
33  */
34 static const int access_table[8][8] = {
35     { 0, 0, 0, 0, 8, 0, 12, 12 },
36     { 0, 0, 0, 0, 8, 0, 0, 0 },
37     { 8, 8, 0, 0, 0, 8, 12, 12 },
38     { 8, 8, 0, 0, 0, 8, 0, 0 },
39     { 8, 0, 8, 0, 8, 8, 12, 12 },
40     { 8, 0, 8, 0, 8, 0, 8, 0 },
41     { 8, 8, 8, 0, 8, 8, 12, 12 },
42     { 8, 8, 8, 0, 8, 8, 8, 0 }
43 };
44 
45 static const int perm_table[2][8] = {
46     {
47         PAGE_READ,
48         PAGE_READ | PAGE_WRITE,
49         PAGE_READ | PAGE_EXEC,
50         PAGE_READ | PAGE_WRITE | PAGE_EXEC,
51         PAGE_EXEC,
52         PAGE_READ | PAGE_WRITE,
53         PAGE_READ | PAGE_EXEC,
54         PAGE_READ | PAGE_WRITE | PAGE_EXEC
55     },
56     {
57         PAGE_READ,
58         PAGE_READ | PAGE_WRITE,
59         PAGE_READ | PAGE_EXEC,
60         PAGE_READ | PAGE_WRITE | PAGE_EXEC,
61         PAGE_EXEC,
62         PAGE_READ,
63         0,
64         0,
65     }
66 };
67 
get_physical_address(CPUSPARCState * env,CPUTLBEntryFull * full,int * access_index,target_ulong address,int rw,int mmu_idx)68 static int get_physical_address(CPUSPARCState *env, CPUTLBEntryFull *full,
69                                 int *access_index, target_ulong address,
70                                 int rw, int mmu_idx)
71 {
72     int access_perms = 0;
73     hwaddr pde_ptr;
74     uint32_t pde;
75     int error_code = 0, is_dirty, is_user;
76     unsigned long page_offset;
77     CPUState *cs = env_cpu(env);
78     MemTxResult result;
79 
80     is_user = mmu_idx == MMU_USER_IDX;
81 
82     if (mmu_idx == MMU_PHYS_IDX) {
83         full->lg_page_size = TARGET_PAGE_BITS;
84         /* Boot mode: instruction fetches are taken from PROM */
85         if (rw == 2 && (env->mmuregs[0] & env->def.mmu_bm)) {
86             full->phys_addr = env->prom_addr | (address & 0x7ffffULL);
87             full->prot = PAGE_READ | PAGE_EXEC;
88             return 0;
89         }
90         full->phys_addr = address;
91         full->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
92         return 0;
93     }
94 
95     *access_index = ((rw & 1) << 2) | (rw & 2) | (is_user ? 0 : 1);
96     full->phys_addr = 0xffffffffffff0000ULL;
97 
98     /* SPARC reference MMU table walk: Context table->L1->L2->PTE */
99     /* Context base + context number */
100     pde_ptr = (env->mmuregs[1] << 4) + (env->mmuregs[2] << 2);
101     pde = address_space_ldl(cs->as, pde_ptr, MEMTXATTRS_UNSPECIFIED, &result);
102     if (result != MEMTX_OK) {
103         return 4 << 2; /* Translation fault, L = 0 */
104     }
105 
106     /* Ctx pde */
107     switch (pde & PTE_ENTRYTYPE_MASK) {
108     default:
109     case 0: /* Invalid */
110         return 1 << 2;
111     case 2: /* L0 PTE, maybe should not happen? */
112     case 3: /* Reserved */
113         return 4 << 2;
114     case 1: /* L0 PDE */
115         pde_ptr = ((address >> 22) & ~3) + ((pde & ~3) << 4);
116         pde = address_space_ldl(cs->as, pde_ptr,
117                                 MEMTXATTRS_UNSPECIFIED, &result);
118         if (result != MEMTX_OK) {
119             return (1 << 8) | (4 << 2); /* Translation fault, L = 1 */
120         }
121 
122         switch (pde & PTE_ENTRYTYPE_MASK) {
123         default:
124         case 0: /* Invalid */
125             return (1 << 8) | (1 << 2);
126         case 3: /* Reserved */
127             return (1 << 8) | (4 << 2);
128         case 1: /* L1 PDE */
129             pde_ptr = ((address & 0xfc0000) >> 16) + ((pde & ~3) << 4);
130             pde = address_space_ldl(cs->as, pde_ptr,
131                                     MEMTXATTRS_UNSPECIFIED, &result);
132             if (result != MEMTX_OK) {
133                 return (2 << 8) | (4 << 2); /* Translation fault, L = 2 */
134             }
135 
136             switch (pde & PTE_ENTRYTYPE_MASK) {
137             default:
138             case 0: /* Invalid */
139                 return (2 << 8) | (1 << 2);
140             case 3: /* Reserved */
141                 return (2 << 8) | (4 << 2);
142             case 1: /* L2 PDE */
143                 pde_ptr = ((address & 0x3f000) >> 10) + ((pde & ~3) << 4);
144                 pde = address_space_ldl(cs->as, pde_ptr,
145                                         MEMTXATTRS_UNSPECIFIED, &result);
146                 if (result != MEMTX_OK) {
147                     return (3 << 8) | (4 << 2); /* Translation fault, L = 3 */
148                 }
149 
150                 switch (pde & PTE_ENTRYTYPE_MASK) {
151                 default:
152                 case 0: /* Invalid */
153                     return (3 << 8) | (1 << 2);
154                 case 1: /* PDE, should not happen */
155                 case 3: /* Reserved */
156                     return (3 << 8) | (4 << 2);
157                 case 2: /* L3 PTE */
158                     page_offset = 0;
159                 }
160                 full->lg_page_size = TARGET_PAGE_BITS;
161                 break;
162             case 2: /* L2 PTE */
163                 page_offset = address & 0x3f000;
164                 full->lg_page_size = 18;
165             }
166             break;
167         case 2: /* L1 PTE */
168             page_offset = address & 0xfff000;
169             full->lg_page_size = 24;
170             break;
171         }
172     }
173 
174     /* check access */
175     access_perms = (pde & PTE_ACCESS_MASK) >> PTE_ACCESS_SHIFT;
176     error_code = access_table[*access_index][access_perms];
177     if (error_code && !((env->mmuregs[0] & MMU_NF) && is_user)) {
178         return error_code;
179     }
180 
181     /* update page modified and dirty bits */
182     is_dirty = (rw & 1) && !(pde & PG_MODIFIED_MASK);
183     if (!(pde & PG_ACCESSED_MASK) || is_dirty) {
184         pde |= PG_ACCESSED_MASK;
185         if (is_dirty) {
186             pde |= PG_MODIFIED_MASK;
187         }
188         stl_phys_notdirty(cs->as, pde_ptr, pde);
189     }
190 
191     /* the page can be put in the TLB */
192     full->prot = perm_table[is_user][access_perms];
193     if (!(pde & PG_MODIFIED_MASK)) {
194         /* only set write access if already dirty... otherwise wait
195            for dirty access */
196         full->prot &= ~PAGE_WRITE;
197     }
198 
199     /* Even if large ptes, we map only one 4KB page in the cache to
200        avoid filling it too fast */
201     full->phys_addr = ((hwaddr)(pde & PTE_ADDR_MASK) << 4) + page_offset;
202     return error_code;
203 }
204 
205 /* Perform address translation */
sparc_cpu_tlb_fill(CPUState * cs,vaddr address,int size,MMUAccessType access_type,int mmu_idx,bool probe,uintptr_t retaddr)206 bool sparc_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
207                         MMUAccessType access_type, int mmu_idx,
208                         bool probe, uintptr_t retaddr)
209 {
210     CPUSPARCState *env = cpu_env(cs);
211     CPUTLBEntryFull full = {};
212     target_ulong vaddr;
213     int error_code = 0, access_index;
214 
215     /*
216      * TODO: If we ever need tlb_vaddr_to_host for this target,
217      * then we must figure out how to manipulate FSR and FAR
218      * when both MMU_NF and probe are set.  In the meantime,
219      * do not support this use case.
220      */
221     assert(!probe);
222 
223     address &= TARGET_PAGE_MASK;
224     error_code = get_physical_address(env, &full, &access_index,
225                                       address, access_type, mmu_idx);
226     vaddr = address;
227     if (likely(error_code == 0)) {
228         qemu_log_mask(CPU_LOG_MMU,
229                       "Translate at %" VADDR_PRIx " -> "
230                       HWADDR_FMT_plx ", vaddr " TARGET_FMT_lx "\n",
231                       address, full.phys_addr, vaddr);
232         tlb_set_page_full(cs, mmu_idx, vaddr, &full);
233         return true;
234     }
235 
236     if (env->mmuregs[3]) { /* Fault status register */
237         env->mmuregs[3] = 1; /* overflow (not read before another fault) */
238     }
239     env->mmuregs[3] |= (access_index << 5) | error_code | 2;
240     env->mmuregs[4] = address; /* Fault address register */
241 
242     if ((env->mmuregs[0] & MMU_NF) || env->psret == 0)  {
243         /* No fault mode: if a mapping is available, just override
244            permissions. If no mapping is available, redirect accesses to
245            neverland. Fake/overridden mappings will be flushed when
246            switching to normal mode. */
247         full.prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
248         tlb_set_page_full(cs, mmu_idx, vaddr, &full);
249         return true;
250     } else {
251         if (access_type == MMU_INST_FETCH) {
252             cs->exception_index = TT_TFAULT;
253         } else {
254             cs->exception_index = TT_DFAULT;
255         }
256         cpu_loop_exit_restore(cs, retaddr);
257     }
258 }
259 
mmu_probe(CPUSPARCState * env,target_ulong address,int mmulev)260 target_ulong mmu_probe(CPUSPARCState *env, target_ulong address, int mmulev)
261 {
262     CPUState *cs = env_cpu(env);
263     hwaddr pde_ptr;
264     uint32_t pde;
265     MemTxResult result;
266 
267     /*
268      * TODO: MMU probe operations are supposed to set the fault
269      * status registers, but we don't do this.
270      */
271 
272     /* Context base + context number */
273     pde_ptr = (hwaddr)(env->mmuregs[1] << 4) +
274         (env->mmuregs[2] << 2);
275     pde = address_space_ldl(cs->as, pde_ptr, MEMTXATTRS_UNSPECIFIED, &result);
276     if (result != MEMTX_OK) {
277         return 0;
278     }
279 
280     switch (pde & PTE_ENTRYTYPE_MASK) {
281     default:
282     case 0: /* Invalid */
283     case 2: /* PTE, maybe should not happen? */
284     case 3: /* Reserved */
285         return 0;
286     case 1: /* L1 PDE */
287         if (mmulev == 3) {
288             return pde;
289         }
290         pde_ptr = ((address >> 22) & ~3) + ((pde & ~3) << 4);
291         pde = address_space_ldl(cs->as, pde_ptr,
292                                 MEMTXATTRS_UNSPECIFIED, &result);
293         if (result != MEMTX_OK) {
294             return 0;
295         }
296 
297         switch (pde & PTE_ENTRYTYPE_MASK) {
298         default:
299         case 0: /* Invalid */
300         case 3: /* Reserved */
301             return 0;
302         case 2: /* L1 PTE */
303             return pde;
304         case 1: /* L2 PDE */
305             if (mmulev == 2) {
306                 return pde;
307             }
308             pde_ptr = ((address & 0xfc0000) >> 16) + ((pde & ~3) << 4);
309             pde = address_space_ldl(cs->as, pde_ptr,
310                                     MEMTXATTRS_UNSPECIFIED, &result);
311             if (result != MEMTX_OK) {
312                 return 0;
313             }
314 
315             switch (pde & PTE_ENTRYTYPE_MASK) {
316             default:
317             case 0: /* Invalid */
318             case 3: /* Reserved */
319                 return 0;
320             case 2: /* L2 PTE */
321                 return pde;
322             case 1: /* L3 PDE */
323                 if (mmulev == 1) {
324                     return pde;
325                 }
326                 pde_ptr = ((address & 0x3f000) >> 10) + ((pde & ~3) << 4);
327                 pde = address_space_ldl(cs->as, pde_ptr,
328                                         MEMTXATTRS_UNSPECIFIED, &result);
329                 if (result != MEMTX_OK) {
330                     return 0;
331                 }
332 
333                 switch (pde & PTE_ENTRYTYPE_MASK) {
334                 default:
335                 case 0: /* Invalid */
336                 case 1: /* PDE, should not happen */
337                 case 3: /* Reserved */
338                     return 0;
339                 case 2: /* L3 PTE */
340                     return pde;
341                 }
342             }
343         }
344     }
345     return 0;
346 }
347 
dump_mmu(CPUSPARCState * env)348 void dump_mmu(CPUSPARCState *env)
349 {
350     CPUState *cs = env_cpu(env);
351     target_ulong va, va1, va2;
352     unsigned int n, m, o;
353     hwaddr pa;
354     uint32_t pde;
355 
356     qemu_printf("Root ptr: " HWADDR_FMT_plx ", ctx: %d\n",
357                 (hwaddr)env->mmuregs[1] << 4, env->mmuregs[2]);
358     for (n = 0, va = 0; n < 256; n++, va += 16 * 1024 * 1024) {
359         pde = mmu_probe(env, va, 2);
360         if (pde) {
361             pa = cpu_get_phys_page_debug(cs, va);
362             qemu_printf("VA: " TARGET_FMT_lx ", PA: " HWADDR_FMT_plx
363                         " PDE: " TARGET_FMT_lx "\n", va, pa, pde);
364             for (m = 0, va1 = va; m < 64; m++, va1 += 256 * 1024) {
365                 pde = mmu_probe(env, va1, 1);
366                 if (pde) {
367                     pa = cpu_get_phys_page_debug(cs, va1);
368                     qemu_printf(" VA: " TARGET_FMT_lx ", PA: "
369                                 HWADDR_FMT_plx " PDE: " TARGET_FMT_lx "\n",
370                                 va1, pa, pde);
371                     for (o = 0, va2 = va1; o < 64; o++, va2 += 4 * 1024) {
372                         pde = mmu_probe(env, va2, 0);
373                         if (pde) {
374                             pa = cpu_get_phys_page_debug(cs, va2);
375                             qemu_printf("  VA: " TARGET_FMT_lx ", PA: "
376                                         HWADDR_FMT_plx " PTE: "
377                                         TARGET_FMT_lx "\n",
378                                         va2, pa, pde);
379                         }
380                     }
381                 }
382             }
383         }
384     }
385 }
386 
387 /* Gdb expects all registers windows to be flushed in ram. This function handles
388  * reads (and only reads) in stack frames as if windows were flushed. We assume
389  * that the sparc ABI is followed.
390  */
sparc_cpu_memory_rw_debug(CPUState * cs,vaddr address,uint8_t * buf,int len,bool is_write)391 int sparc_cpu_memory_rw_debug(CPUState *cs, vaddr address,
392                               uint8_t *buf, int len, bool is_write)
393 {
394     CPUSPARCState *env = cpu_env(cs);
395     target_ulong addr = address;
396     int i;
397     int len1;
398     int cwp = env->cwp;
399 
400     if (!is_write) {
401         for (i = 0; i < env->nwindows; i++) {
402             int off;
403             target_ulong fp = env->regbase[cwp * 16 + 22];
404 
405             /* Assume fp == 0 means end of frame.  */
406             if (fp == 0) {
407                 break;
408             }
409 
410             cwp = cpu_cwp_inc(env, cwp + 1);
411 
412             /* Invalid window ? */
413             if (env->wim & (1 << cwp)) {
414                 break;
415             }
416 
417             /* According to the ABI, the stack is growing downward.  */
418             if (addr + len < fp) {
419                 break;
420             }
421 
422             /* Not in this frame.  */
423             if (addr > fp + 64) {
424                 continue;
425             }
426 
427             /* Handle access before this window.  */
428             if (addr < fp) {
429                 len1 = fp - addr;
430                 if (cpu_memory_rw_debug(cs, addr, buf, len1, is_write) != 0) {
431                     return -1;
432                 }
433                 addr += len1;
434                 len -= len1;
435                 buf += len1;
436             }
437 
438             /* Access byte per byte to registers. Not very efficient but speed
439              * is not critical.
440              */
441             off = addr - fp;
442             len1 = 64 - off;
443 
444             if (len1 > len) {
445                 len1 = len;
446             }
447 
448             for (; len1; len1--) {
449                 int reg = cwp * 16 + 8 + (off >> 2);
450                 union {
451                     uint32_t v;
452                     uint8_t c[4];
453                 } u;
454                 u.v = cpu_to_be32(env->regbase[reg]);
455                 *buf++ = u.c[off & 3];
456                 addr++;
457                 len--;
458                 off++;
459             }
460 
461             if (len == 0) {
462                 return 0;
463             }
464         }
465     }
466     return cpu_memory_rw_debug(cs, addr, buf, len, is_write);
467 }
468 
469 #else /* !TARGET_SPARC64 */
470 
471 /* 41 bit physical address space */
ultrasparc_truncate_physical(uint64_t x)472 static inline hwaddr ultrasparc_truncate_physical(uint64_t x)
473 {
474     return x & 0x1ffffffffffULL;
475 }
476 
477 /*
478  * UltraSparc IIi I/DMMUs
479  */
480 
481 /* Returns true if TTE tag is valid and matches virtual address value
482    in context requires virtual address mask value calculated from TTE
483    entry size */
ultrasparc_tag_match(SparcTLBEntry * tlb,uint64_t address,uint64_t context,hwaddr * physical)484 static inline int ultrasparc_tag_match(SparcTLBEntry *tlb,
485                                        uint64_t address, uint64_t context,
486                                        hwaddr *physical)
487 {
488     uint64_t mask = -(8192ULL << 3 * TTE_PGSIZE(tlb->tte));
489 
490     /* valid, context match, virtual address match? */
491     if (TTE_IS_VALID(tlb->tte) &&
492         (TTE_IS_GLOBAL(tlb->tte) || tlb_compare_context(tlb, context))
493         && compare_masked(address, tlb->tag, mask)) {
494         /* decode physical address */
495         *physical = ((tlb->tte & mask) | (address & ~mask)) & 0x1ffffffe000ULL;
496         return 1;
497     }
498 
499     return 0;
500 }
501 
build_sfsr(CPUSPARCState * env,int mmu_idx,int rw)502 static uint64_t build_sfsr(CPUSPARCState *env, int mmu_idx, int rw)
503 {
504     uint64_t sfsr = SFSR_VALID_BIT;
505 
506     switch (mmu_idx) {
507     case MMU_PHYS_IDX:
508         sfsr |= SFSR_CT_NOTRANS;
509         break;
510     case MMU_USER_IDX:
511     case MMU_KERNEL_IDX:
512         sfsr |= SFSR_CT_PRIMARY;
513         break;
514     case MMU_USER_SECONDARY_IDX:
515     case MMU_KERNEL_SECONDARY_IDX:
516         sfsr |= SFSR_CT_SECONDARY;
517         break;
518     case MMU_NUCLEUS_IDX:
519         sfsr |= SFSR_CT_NUCLEUS;
520         break;
521     default:
522         g_assert_not_reached();
523     }
524 
525     if (rw == 1) {
526         sfsr |= SFSR_WRITE_BIT;
527     } else if (rw == 4) {
528         sfsr |= SFSR_NF_BIT;
529     }
530 
531     if (env->pstate & PS_PRIV) {
532         sfsr |= SFSR_PR_BIT;
533     }
534 
535     if (env->dmmu.sfsr & SFSR_VALID_BIT) { /* Fault status register */
536         sfsr |= SFSR_OW_BIT; /* overflow (not read before another fault) */
537     }
538 
539     /* FIXME: ASI field in SFSR must be set */
540 
541     return sfsr;
542 }
543 
get_physical_address_data(CPUSPARCState * env,CPUTLBEntryFull * full,target_ulong address,int rw,int mmu_idx)544 static int get_physical_address_data(CPUSPARCState *env, CPUTLBEntryFull *full,
545                                      target_ulong address, int rw, int mmu_idx)
546 {
547     CPUState *cs = env_cpu(env);
548     unsigned int i;
549     uint64_t sfsr;
550     uint64_t context;
551     bool is_user = false;
552 
553     sfsr = build_sfsr(env, mmu_idx, rw);
554 
555     switch (mmu_idx) {
556     case MMU_PHYS_IDX:
557         g_assert_not_reached();
558     case MMU_USER_IDX:
559         is_user = true;
560         /* fallthru */
561     case MMU_KERNEL_IDX:
562         context = env->dmmu.mmu_primary_context & 0x1fff;
563         break;
564     case MMU_USER_SECONDARY_IDX:
565         is_user = true;
566         /* fallthru */
567     case MMU_KERNEL_SECONDARY_IDX:
568         context = env->dmmu.mmu_secondary_context & 0x1fff;
569         break;
570     default:
571         context = 0;
572         break;
573     }
574 
575     for (i = 0; i < 64; i++) {
576         /* ctx match, vaddr match, valid? */
577         if (ultrasparc_tag_match(&env->dtlb[i], address, context,
578                                  &full->phys_addr)) {
579             int do_fault = 0;
580 
581             if (TTE_IS_IE(env->dtlb[i].tte)) {
582                 full->tlb_fill_flags |= TLB_BSWAP;
583             }
584 
585             /* access ok? */
586             /* multiple bits in SFSR.FT may be set on TT_DFAULT */
587             if (TTE_IS_PRIV(env->dtlb[i].tte) && is_user) {
588                 do_fault = 1;
589                 sfsr |= SFSR_FT_PRIV_BIT; /* privilege violation */
590                 trace_mmu_helper_dfault(address, context, mmu_idx, env->tl);
591             }
592             if (rw == 4) {
593                 if (TTE_IS_SIDEEFFECT(env->dtlb[i].tte)) {
594                     do_fault = 1;
595                     sfsr |= SFSR_FT_NF_E_BIT;
596                 }
597             } else {
598                 if (TTE_IS_NFO(env->dtlb[i].tte)) {
599                     do_fault = 1;
600                     sfsr |= SFSR_FT_NFO_BIT;
601                 }
602             }
603 
604             if (do_fault) {
605                 /* faults above are reported with TT_DFAULT. */
606                 cs->exception_index = TT_DFAULT;
607             } else if (!TTE_IS_W_OK(env->dtlb[i].tte) && (rw == 1)) {
608                 do_fault = 1;
609                 cs->exception_index = TT_DPROT;
610 
611                 trace_mmu_helper_dprot(address, context, mmu_idx, env->tl);
612             }
613 
614             if (!do_fault) {
615                 full->prot = PAGE_READ;
616                 if (TTE_IS_W_OK(env->dtlb[i].tte)) {
617                     full->prot |= PAGE_WRITE;
618                 }
619 
620                 TTE_SET_USED(env->dtlb[i].tte);
621 
622                 return 0;
623             }
624 
625             env->dmmu.sfsr = sfsr;
626             env->dmmu.sfar = address; /* Fault address register */
627             env->dmmu.tag_access = (address & ~0x1fffULL) | context;
628             return 1;
629         }
630     }
631 
632     trace_mmu_helper_dmiss(address, context);
633 
634     /*
635      * On MMU misses:
636      * - UltraSPARC IIi: SFSR and SFAR unmodified
637      * - JPS1: SFAR updated and some fields of SFSR updated
638      */
639     env->dmmu.tag_access = (address & ~0x1fffULL) | context;
640     cs->exception_index = TT_DMISS;
641     return 1;
642 }
643 
get_physical_address_code(CPUSPARCState * env,CPUTLBEntryFull * full,target_ulong address,int mmu_idx)644 static int get_physical_address_code(CPUSPARCState *env, CPUTLBEntryFull *full,
645                                      target_ulong address, int mmu_idx)
646 {
647     CPUState *cs = env_cpu(env);
648     unsigned int i;
649     uint64_t context;
650     bool is_user = false;
651 
652     switch (mmu_idx) {
653     case MMU_PHYS_IDX:
654     case MMU_USER_SECONDARY_IDX:
655     case MMU_KERNEL_SECONDARY_IDX:
656         g_assert_not_reached();
657     case MMU_USER_IDX:
658         is_user = true;
659         /* fallthru */
660     case MMU_KERNEL_IDX:
661         context = env->dmmu.mmu_primary_context & 0x1fff;
662         break;
663     default:
664         context = 0;
665         break;
666     }
667 
668     if (env->tl == 0) {
669         /* PRIMARY context */
670         context = env->dmmu.mmu_primary_context & 0x1fff;
671     } else {
672         /* NUCLEUS context */
673         context = 0;
674     }
675 
676     for (i = 0; i < 64; i++) {
677         /* ctx match, vaddr match, valid? */
678         if (ultrasparc_tag_match(&env->itlb[i],
679                                  address, context, &full->phys_addr)) {
680             /* access ok? */
681             if (TTE_IS_PRIV(env->itlb[i].tte) && is_user) {
682                 /* Fault status register */
683                 if (env->immu.sfsr & SFSR_VALID_BIT) {
684                     env->immu.sfsr = SFSR_OW_BIT; /* overflow (not read before
685                                                      another fault) */
686                 } else {
687                     env->immu.sfsr = 0;
688                 }
689                 if (env->pstate & PS_PRIV) {
690                     env->immu.sfsr |= SFSR_PR_BIT;
691                 }
692                 if (env->tl > 0) {
693                     env->immu.sfsr |= SFSR_CT_NUCLEUS;
694                 }
695 
696                 /* FIXME: ASI field in SFSR must be set */
697                 env->immu.sfsr |= SFSR_FT_PRIV_BIT | SFSR_VALID_BIT;
698                 cs->exception_index = TT_TFAULT;
699 
700                 env->immu.tag_access = (address & ~0x1fffULL) | context;
701 
702                 trace_mmu_helper_tfault(address, context);
703 
704                 return 1;
705             }
706             full->prot = PAGE_EXEC;
707             TTE_SET_USED(env->itlb[i].tte);
708             return 0;
709         }
710     }
711 
712     trace_mmu_helper_tmiss(address, context);
713 
714     /* Context is stored in DMMU (dmmuregs[1]) also for IMMU */
715     env->immu.tag_access = (address & ~0x1fffULL) | context;
716     cs->exception_index = TT_TMISS;
717     return 1;
718 }
719 
get_physical_address(CPUSPARCState * env,CPUTLBEntryFull * full,int * access_index,target_ulong address,int rw,int mmu_idx)720 static int get_physical_address(CPUSPARCState *env, CPUTLBEntryFull *full,
721                                 int *access_index, target_ulong address,
722                                 int rw, int mmu_idx)
723 {
724     /* ??? We treat everything as a small page, then explicitly flush
725        everything when an entry is evicted.  */
726     full->lg_page_size = TARGET_PAGE_BITS;
727 
728     /* safety net to catch wrong softmmu index use from dynamic code */
729     if (env->tl > 0 && mmu_idx != MMU_NUCLEUS_IDX) {
730         if (rw == 2) {
731             trace_mmu_helper_get_phys_addr_code(env->tl, mmu_idx,
732                                                 env->dmmu.mmu_primary_context,
733                                                 env->dmmu.mmu_secondary_context,
734                                                 address);
735         } else {
736             trace_mmu_helper_get_phys_addr_data(env->tl, mmu_idx,
737                                                 env->dmmu.mmu_primary_context,
738                                                 env->dmmu.mmu_secondary_context,
739                                                 address);
740         }
741     }
742 
743     if (mmu_idx == MMU_PHYS_IDX) {
744         full->phys_addr = ultrasparc_truncate_physical(address);
745         full->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
746         return 0;
747     }
748 
749     if (rw == 2) {
750         return get_physical_address_code(env, full, address, mmu_idx);
751     } else {
752         return get_physical_address_data(env, full, address, rw, mmu_idx);
753     }
754 }
755 
756 /* Perform address translation */
sparc_cpu_tlb_fill(CPUState * cs,vaddr address,int size,MMUAccessType access_type,int mmu_idx,bool probe,uintptr_t retaddr)757 bool sparc_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
758                         MMUAccessType access_type, int mmu_idx,
759                         bool probe, uintptr_t retaddr)
760 {
761     CPUSPARCState *env = cpu_env(cs);
762     CPUTLBEntryFull full = {};
763     int error_code = 0, access_index;
764 
765     address &= TARGET_PAGE_MASK;
766     error_code = get_physical_address(env, &full, &access_index,
767                                       address, access_type, mmu_idx);
768     if (likely(error_code == 0)) {
769         trace_mmu_helper_mmu_fault(address, full.phys_addr, mmu_idx, env->tl,
770                                    env->dmmu.mmu_primary_context,
771                                    env->dmmu.mmu_secondary_context);
772         tlb_set_page_full(cs, mmu_idx, address, &full);
773         return true;
774     }
775     if (probe) {
776         return false;
777     }
778     cpu_loop_exit_restore(cs, retaddr);
779 }
780 
dump_mmu(CPUSPARCState * env)781 void dump_mmu(CPUSPARCState *env)
782 {
783     unsigned int i;
784     const char *mask;
785 
786     qemu_printf("MMU contexts: Primary: %" PRId64 ", Secondary: %"
787                 PRId64 "\n",
788                 env->dmmu.mmu_primary_context,
789                 env->dmmu.mmu_secondary_context);
790     qemu_printf("DMMU Tag Access: %" PRIx64 ", TSB Tag Target: %" PRIx64
791                 "\n", env->dmmu.tag_access, env->dmmu.tsb_tag_target);
792     if ((env->lsu & DMMU_E) == 0) {
793         qemu_printf("DMMU disabled\n");
794     } else {
795         qemu_printf("DMMU dump\n");
796         for (i = 0; i < 64; i++) {
797             switch (TTE_PGSIZE(env->dtlb[i].tte)) {
798             default:
799             case 0x0:
800                 mask = "  8k";
801                 break;
802             case 0x1:
803                 mask = " 64k";
804                 break;
805             case 0x2:
806                 mask = "512k";
807                 break;
808             case 0x3:
809                 mask = "  4M";
810                 break;
811             }
812             if (TTE_IS_VALID(env->dtlb[i].tte)) {
813                 qemu_printf("[%02u] VA: %" PRIx64 ", PA: %llx"
814                             ", %s, %s, %s, %s, ie %s, ctx %" PRId64 " %s\n",
815                             i,
816                             env->dtlb[i].tag & (uint64_t)~0x1fffULL,
817                             TTE_PA(env->dtlb[i].tte),
818                             mask,
819                             TTE_IS_PRIV(env->dtlb[i].tte) ? "priv" : "user",
820                             TTE_IS_W_OK(env->dtlb[i].tte) ? "RW" : "RO",
821                             TTE_IS_LOCKED(env->dtlb[i].tte) ?
822                             "locked" : "unlocked",
823                             TTE_IS_IE(env->dtlb[i].tte) ?
824                             "yes" : "no",
825                             env->dtlb[i].tag & (uint64_t)0x1fffULL,
826                             TTE_IS_GLOBAL(env->dtlb[i].tte) ?
827                             "global" : "local");
828             }
829         }
830     }
831     if ((env->lsu & IMMU_E) == 0) {
832         qemu_printf("IMMU disabled\n");
833     } else {
834         qemu_printf("IMMU dump\n");
835         for (i = 0; i < 64; i++) {
836             switch (TTE_PGSIZE(env->itlb[i].tte)) {
837             default:
838             case 0x0:
839                 mask = "  8k";
840                 break;
841             case 0x1:
842                 mask = " 64k";
843                 break;
844             case 0x2:
845                 mask = "512k";
846                 break;
847             case 0x3:
848                 mask = "  4M";
849                 break;
850             }
851             if (TTE_IS_VALID(env->itlb[i].tte)) {
852                 qemu_printf("[%02u] VA: %" PRIx64 ", PA: %llx"
853                             ", %s, %s, %s, ctx %" PRId64 " %s\n",
854                             i,
855                             env->itlb[i].tag & (uint64_t)~0x1fffULL,
856                             TTE_PA(env->itlb[i].tte),
857                             mask,
858                             TTE_IS_PRIV(env->itlb[i].tte) ? "priv" : "user",
859                             TTE_IS_LOCKED(env->itlb[i].tte) ?
860                             "locked" : "unlocked",
861                             env->itlb[i].tag & (uint64_t)0x1fffULL,
862                             TTE_IS_GLOBAL(env->itlb[i].tte) ?
863                             "global" : "local");
864             }
865         }
866     }
867 }
868 
869 #endif /* TARGET_SPARC64 */
870 
cpu_sparc_get_phys_page(CPUSPARCState * env,hwaddr * phys,target_ulong addr,int rw,int mmu_idx)871 static int cpu_sparc_get_phys_page(CPUSPARCState *env, hwaddr *phys,
872                                    target_ulong addr, int rw, int mmu_idx)
873 {
874     CPUTLBEntryFull full = {};
875     int access_index, ret;
876 
877     ret = get_physical_address(env, &full, &access_index, addr, rw, mmu_idx);
878     if (ret == 0) {
879         *phys = full.phys_addr;
880     }
881     return ret;
882 }
883 
884 #if defined(TARGET_SPARC64)
cpu_get_phys_page_nofault(CPUSPARCState * env,target_ulong addr,int mmu_idx)885 hwaddr cpu_get_phys_page_nofault(CPUSPARCState *env, target_ulong addr,
886                                            int mmu_idx)
887 {
888     hwaddr phys_addr;
889 
890     if (cpu_sparc_get_phys_page(env, &phys_addr, addr, 4, mmu_idx) != 0) {
891         return -1;
892     }
893     return phys_addr;
894 }
895 #endif
896 
sparc_cpu_get_phys_page_debug(CPUState * cs,vaddr addr)897 hwaddr sparc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
898 {
899     CPUSPARCState *env = cpu_env(cs);
900     hwaddr phys_addr;
901     int mmu_idx = cpu_mmu_index(cs, false);
902 
903     if (cpu_sparc_get_phys_page(env, &phys_addr, addr, 2, mmu_idx) != 0) {
904         if (cpu_sparc_get_phys_page(env, &phys_addr, addr, 0, mmu_idx) != 0) {
905             return -1;
906         }
907     }
908     return phys_addr;
909 }
910 
sparc_cpu_do_unaligned_access(CPUState * cs,vaddr addr,MMUAccessType access_type,int mmu_idx,uintptr_t retaddr)911 G_NORETURN void sparc_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
912                                               MMUAccessType access_type,
913                                               int mmu_idx,
914                                               uintptr_t retaddr)
915 {
916     CPUSPARCState *env = cpu_env(cs);
917 
918 #ifdef TARGET_SPARC64
919     env->dmmu.sfsr = build_sfsr(env, mmu_idx, access_type);
920     env->dmmu.sfar = addr;
921 #else
922     env->mmuregs[4] = addr;
923 #endif
924 
925     cpu_raise_exception_ra(env, TT_UNALIGNED, retaddr);
926 }
927