xref: /openbmc/qemu/target/ppc/mmu-radix64.c (revision 72baef13b9dce71f20ae840d9951e559e14abf6d)
1 /*
2  *  PowerPC Radix MMU mulation helpers for QEMU.
3  *
4  *  Copyright (c) 2016 Suraj Jitindar Singh, IBM Corporation
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "qemu/osdep.h"
21 #include "cpu.h"
22 #include "exec/exec-all.h"
23 #include "exec/page-protection.h"
24 #include "qemu/error-report.h"
25 #include "sysemu/kvm.h"
26 #include "kvm_ppc.h"
27 #include "exec/log.h"
28 #include "internal.h"
29 #include "mmu-radix64.h"
30 #include "mmu-book3s-v3.h"
31 
32 static bool ppc_radix64_get_fully_qualified_addr(const CPUPPCState *env,
33                                                  vaddr eaddr,
34                                                  uint64_t *lpid, uint64_t *pid)
35 {
36     /* When EA(2:11) are nonzero, raise a segment interrupt */
37     if (eaddr & ~R_EADDR_VALID_MASK) {
38         return false;
39     }
40 
41     if (FIELD_EX64(env->msr, MSR, HV)) { /* MSR[HV] -> Hypervisor/bare metal */
42         switch (eaddr & R_EADDR_QUADRANT) {
43         case R_EADDR_QUADRANT0:
44             *lpid = 0;
45             *pid = env->spr[SPR_BOOKS_PID];
46             break;
47         case R_EADDR_QUADRANT1:
48             *lpid = env->spr[SPR_LPIDR];
49             *pid = env->spr[SPR_BOOKS_PID];
50             break;
51         case R_EADDR_QUADRANT2:
52             *lpid = env->spr[SPR_LPIDR];
53             *pid = 0;
54             break;
55         case R_EADDR_QUADRANT3:
56             *lpid = 0;
57             *pid = 0;
58             break;
59         default:
60             g_assert_not_reached();
61         }
62     } else {  /* !MSR[HV] -> Guest */
63         switch (eaddr & R_EADDR_QUADRANT) {
64         case R_EADDR_QUADRANT0: /* Guest application */
65             *lpid = env->spr[SPR_LPIDR];
66             *pid = env->spr[SPR_BOOKS_PID];
67             break;
68         case R_EADDR_QUADRANT1: /* Illegal */
69         case R_EADDR_QUADRANT2:
70             return false;
71         case R_EADDR_QUADRANT3: /* Guest OS */
72             *lpid = env->spr[SPR_LPIDR];
73             *pid = 0; /* pid set to 0 -> addresses guest operating system */
74             break;
75         default:
76             g_assert_not_reached();
77         }
78     }
79 
80     return true;
81 }
82 
83 static void ppc_radix64_raise_segi(PowerPCCPU *cpu, MMUAccessType access_type,
84                                    vaddr eaddr)
85 {
86     CPUState *cs = CPU(cpu);
87     CPUPPCState *env = &cpu->env;
88 
89     switch (access_type) {
90     case MMU_INST_FETCH:
91         /* Instruction Segment Interrupt */
92         cs->exception_index = POWERPC_EXCP_ISEG;
93         break;
94     case MMU_DATA_STORE:
95     case MMU_DATA_LOAD:
96         /* Data Segment Interrupt */
97         cs->exception_index = POWERPC_EXCP_DSEG;
98         env->spr[SPR_DAR] = eaddr;
99         break;
100     default:
101         g_assert_not_reached();
102     }
103     env->error_code = 0;
104 }
105 
106 static inline const char *access_str(MMUAccessType access_type)
107 {
108     return access_type == MMU_DATA_LOAD ? "reading" :
109         (access_type == MMU_DATA_STORE ? "writing" : "execute");
110 }
111 
112 static void ppc_radix64_raise_si(PowerPCCPU *cpu, MMUAccessType access_type,
113                                  vaddr eaddr, uint32_t cause)
114 {
115     CPUState *cs = CPU(cpu);
116     CPUPPCState *env = &cpu->env;
117 
118     qemu_log_mask(CPU_LOG_MMU, "%s for %s @0x%"VADDR_PRIx" cause %08x\n",
119                   __func__, access_str(access_type),
120                   eaddr, cause);
121 
122     switch (access_type) {
123     case MMU_INST_FETCH:
124         /* Instruction Storage Interrupt */
125         cs->exception_index = POWERPC_EXCP_ISI;
126         env->error_code = cause;
127         break;
128     case MMU_DATA_STORE:
129         cause |= DSISR_ISSTORE;
130         /* fall through */
131     case MMU_DATA_LOAD:
132         /* Data Storage Interrupt */
133         cs->exception_index = POWERPC_EXCP_DSI;
134         env->spr[SPR_DSISR] = cause;
135         env->spr[SPR_DAR] = eaddr;
136         env->error_code = 0;
137         break;
138     default:
139         g_assert_not_reached();
140     }
141 }
142 
143 static void ppc_radix64_raise_hsi(PowerPCCPU *cpu, MMUAccessType access_type,
144                                   vaddr eaddr, hwaddr g_raddr, uint32_t cause)
145 {
146     CPUState *cs = CPU(cpu);
147     CPUPPCState *env = &cpu->env;
148 
149     env->error_code = 0;
150     if (cause & DSISR_PRTABLE_FAULT) {
151         /* HDSI PRTABLE_FAULT gets the originating access type in error_code */
152         env->error_code = access_type;
153         access_type = MMU_DATA_LOAD;
154     }
155 
156     qemu_log_mask(CPU_LOG_MMU, "%s for %s @0x%"VADDR_PRIx" 0x%"
157                   HWADDR_PRIx" cause %08x\n",
158                   __func__, access_str(access_type),
159                   eaddr, g_raddr, cause);
160 
161     switch (access_type) {
162     case MMU_INST_FETCH:
163         /* H Instruction Storage Interrupt */
164         cs->exception_index = POWERPC_EXCP_HISI;
165         env->spr[SPR_ASDR] = g_raddr;
166         env->error_code = cause;
167         break;
168     case MMU_DATA_STORE:
169         cause |= DSISR_ISSTORE;
170         /* fall through */
171     case MMU_DATA_LOAD:
172         /* H Data Storage Interrupt */
173         cs->exception_index = POWERPC_EXCP_HDSI;
174         env->spr[SPR_HDSISR] = cause;
175         env->spr[SPR_HDAR] = eaddr;
176         env->spr[SPR_ASDR] = g_raddr;
177         break;
178     default:
179         g_assert_not_reached();
180     }
181 }
182 
183 static bool ppc_radix64_check_prot(PowerPCCPU *cpu, MMUAccessType access_type,
184                                    uint64_t pte, int *fault_cause, int *prot,
185                                    int mmu_idx, bool partition_scoped)
186 {
187     CPUPPCState *env = &cpu->env;
188 
189     /* Check Page Attributes (pte58:59) */
190     if ((pte & R_PTE_ATT) == R_PTE_ATT_NI_IO && access_type == MMU_INST_FETCH) {
191         /*
192          * Radix PTE entries with the non-idempotent I/O attribute are treated
193          * as guarded storage
194          */
195         *fault_cause |= SRR1_NOEXEC_GUARD;
196         return true;
197     }
198 
199     /* Determine permissions allowed by Encoded Access Authority */
200     if (!partition_scoped && (pte & R_PTE_EAA_PRIV) &&
201         FIELD_EX64(env->msr, MSR, PR)) {
202         *prot = 0;
203     } else if (mmuidx_pr(mmu_idx) || (pte & R_PTE_EAA_PRIV) ||
204                partition_scoped) {
205         *prot = ppc_radix64_get_prot_eaa(pte);
206     } else { /* !MSR_PR && !(pte & R_PTE_EAA_PRIV) && !partition_scoped */
207         *prot = ppc_radix64_get_prot_eaa(pte);
208         *prot &= ppc_radix64_get_prot_amr(cpu); /* Least combined permissions */
209     }
210 
211     /* Check if requested access type is allowed */
212     if (!check_prot_access_type(*prot, access_type)) {
213         /* Page Protected for that Access */
214         *fault_cause |= access_type == MMU_INST_FETCH ? SRR1_NOEXEC_GUARD :
215                                                         DSISR_PROTFAULT;
216         return true;
217     }
218 
219     return false;
220 }
221 
222 static int ppc_radix64_check_rc(MMUAccessType access_type, uint64_t pte)
223 {
224     switch (access_type) {
225     case MMU_DATA_STORE:
226         if (!(pte & R_PTE_C)) {
227             break;
228         }
229         /* fall through */
230     case MMU_INST_FETCH:
231     case MMU_DATA_LOAD:
232         if (!(pte & R_PTE_R)) {
233             break;
234         }
235 
236         /* R/C bits are already set appropriately for this access */
237         return 0;
238     }
239 
240     return 1;
241 }
242 
243 static bool ppc_radix64_is_valid_level(int level, int psize, uint64_t nls)
244 {
245     bool ret;
246 
247     /*
248      * Check if this is a valid level, according to POWER9 and POWER10
249      * Processor User's Manuals, sections 4.10.4.1 and 5.10.6.1, respectively:
250      * Supported Radix Tree Configurations and Resulting Page Sizes.
251      *
252      * Note: these checks are specific to POWER9 and POWER10 CPUs. Any future
253      * CPUs that supports a different Radix MMU configuration will need their
254      * own implementation.
255      */
256     switch (level) {
257     case 0:     /* Root Page Dir */
258         ret = psize == 52 && nls == 13;
259         break;
260     case 1:
261     case 2:
262         ret = nls == 9;
263         break;
264     case 3:
265         ret = nls == 9 || nls == 5;
266         break;
267     default:
268         ret = false;
269     }
270 
271     if (unlikely(!ret)) {
272         qemu_log_mask(LOG_GUEST_ERROR, "invalid radix configuration: "
273                       "level %d size %d nls %"PRIu64"\n",
274                       level, psize, nls);
275     }
276     return ret;
277 }
278 
279 static int ppc_radix64_next_level(AddressSpace *as, vaddr eaddr,
280                                   uint64_t *pte_addr, uint64_t *nls,
281                                   int *psize, uint64_t *pte, int *fault_cause)
282 {
283     uint64_t index, mask, nlb, pde;
284 
285     /* Read page <directory/table> entry from guest address space */
286     pde = ldq_phys(as, *pte_addr);
287     if (!(pde & R_PTE_VALID)) {         /* Invalid Entry */
288         *fault_cause |= DSISR_NOPTE;
289         return 1;
290     }
291 
292     *pte = pde;
293     *psize -= *nls;
294     if (!(pde & R_PTE_LEAF)) { /* Prepare for next iteration */
295         *nls = pde & R_PDE_NLS;
296         index = eaddr >> (*psize - *nls);       /* Shift */
297         index &= ((1UL << *nls) - 1);           /* Mask */
298         nlb = pde & R_PDE_NLB;
299         mask = MAKE_64BIT_MASK(0, *nls + 3);
300 
301         if (nlb & mask) {
302             qemu_log_mask(LOG_GUEST_ERROR,
303                 "%s: misaligned page dir/table base: 0x%" PRIx64
304                 " page dir size: 0x%" PRIx64 "\n",
305                 __func__, nlb, mask + 1);
306             nlb &= ~mask;
307         }
308         *pte_addr = nlb + index * sizeof(pde);
309     }
310     return 0;
311 }
312 
313 static int ppc_radix64_walk_tree(AddressSpace *as, vaddr eaddr,
314                                  uint64_t base_addr, uint64_t nls,
315                                  hwaddr *raddr, int *psize, uint64_t *pte,
316                                  int *fault_cause, hwaddr *pte_addr)
317 {
318     uint64_t index, pde, rpn, mask;
319     int level = 0;
320 
321     index = eaddr >> (*psize - nls);    /* Shift */
322     index &= ((1UL << nls) - 1);        /* Mask */
323     mask = MAKE_64BIT_MASK(0, nls + 3);
324 
325     if (base_addr & mask) {
326         qemu_log_mask(LOG_GUEST_ERROR,
327             "%s: misaligned page dir base: 0x%" PRIx64
328             " page dir size: 0x%" PRIx64 "\n",
329             __func__, base_addr, mask + 1);
330         base_addr &= ~mask;
331     }
332     *pte_addr = base_addr + index * sizeof(pde);
333 
334     do {
335         int ret;
336 
337         if (!ppc_radix64_is_valid_level(level++, *psize, nls)) {
338             *fault_cause |= DSISR_R_BADCONFIG;
339             return 1;
340         }
341 
342         ret = ppc_radix64_next_level(as, eaddr, pte_addr, &nls, psize, &pde,
343                                      fault_cause);
344         if (ret) {
345             return ret;
346         }
347     } while (!(pde & R_PTE_LEAF));
348 
349     *pte = pde;
350     rpn = pde & R_PTE_RPN;
351     mask = (1UL << *psize) - 1;
352 
353     /* Or high bits of rpn and low bits to ea to form whole real addr */
354     *raddr = (rpn & ~mask) | (eaddr & mask);
355     return 0;
356 }
357 
358 static bool validate_pate(PowerPCCPU *cpu, uint64_t lpid, ppc_v3_pate_t *pate)
359 {
360     CPUPPCState *env = &cpu->env;
361 
362     if (!(pate->dw0 & PATE0_HR)) {
363         return false;
364     }
365     if (lpid == 0 && !FIELD_EX64(env->msr, MSR, HV)) {
366         return false;
367     }
368     if ((pate->dw0 & PATE1_R_PRTS) < 5) {
369         return false;
370     }
371     /* More checks ... */
372     return true;
373 }
374 
375 static int ppc_radix64_partition_scoped_xlate(PowerPCCPU *cpu,
376                                               MMUAccessType orig_access_type,
377                                               vaddr eaddr, hwaddr g_raddr,
378                                               ppc_v3_pate_t pate,
379                                               hwaddr *h_raddr, int *h_prot,
380                                               int *h_page_size, bool pde_addr,
381                                               int mmu_idx, uint64_t lpid,
382                                               bool guest_visible)
383 {
384     MMUAccessType access_type = orig_access_type;
385     int fault_cause = 0;
386     hwaddr pte_addr;
387     uint64_t pte;
388 
389     if (pde_addr) {
390         /*
391          * Translation of process-scoped tables/directories is performed as
392          * a read-access.
393          */
394         access_type = MMU_DATA_LOAD;
395     }
396 
397     qemu_log_mask(CPU_LOG_MMU, "%s for %s @0x%"VADDR_PRIx
398                   " mmu_idx %u 0x%"HWADDR_PRIx"\n",
399                   __func__, access_str(access_type),
400                   eaddr, mmu_idx, g_raddr);
401 
402     *h_page_size = PRTBE_R_GET_RTS(pate.dw0);
403     /* No valid pte or access denied due to protection */
404     if (ppc_radix64_walk_tree(CPU(cpu)->as, g_raddr, pate.dw0 & PRTBE_R_RPDB,
405                               pate.dw0 & PRTBE_R_RPDS, h_raddr, h_page_size,
406                               &pte, &fault_cause, &pte_addr) ||
407         ppc_radix64_check_prot(cpu, access_type, pte,
408                                &fault_cause, h_prot, mmu_idx, true)) {
409         if (pde_addr) { /* address being translated was that of a guest pde */
410             fault_cause |= DSISR_PRTABLE_FAULT;
411         }
412         if (guest_visible) {
413             ppc_radix64_raise_hsi(cpu, orig_access_type,
414                                   eaddr, g_raddr, fault_cause);
415         }
416         return 1;
417     }
418 
419     if (guest_visible) {
420         if (ppc_radix64_check_rc(access_type, pte)) {
421             /*
422              * Per ISA 3.1 Book III, 7.5.3 and 7.5.5, failure to set R/C during
423              * partition-scoped translation when effLPID = 0 results in normal
424              * (non-Hypervisor) Data and Instruction Storage Interrupts
425              * respectively.
426              *
427              * ISA 3.0 is ambiguous about this, but tests on POWER9 hardware
428              * seem to exhibit the same behavior.
429              */
430             if (lpid > 0) {
431                 ppc_radix64_raise_hsi(cpu, access_type, eaddr, g_raddr,
432                                       DSISR_ATOMIC_RC);
433             } else {
434                 ppc_radix64_raise_si(cpu, access_type, eaddr, DSISR_ATOMIC_RC);
435             }
436             return 1;
437         }
438     }
439 
440     return 0;
441 }
442 
443 /*
444  * The spapr vhc has a flat partition scope provided by qemu memory when
445  * not nested.
446  *
447  * When running a nested guest, the addressing is 2-level radix on top of the
448  * vhc memory, so it works practically identically to the bare metal 2-level
449  * radix. So that code is selected directly. A cleaner and more flexible nested
450  * hypervisor implementation would allow the vhc to provide a ->nested_xlate()
451  * function but that is not required for the moment.
452  */
453 static bool vhyp_flat_addressing(PowerPCCPU *cpu)
454 {
455     if (cpu->vhyp) {
456         return !vhyp_cpu_in_nested(cpu);
457     }
458     return false;
459 }
460 
461 static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu,
462                                             MMUAccessType access_type,
463                                             vaddr eaddr, uint64_t pid,
464                                             ppc_v3_pate_t pate, hwaddr *g_raddr,
465                                             int *g_prot, int *g_page_size,
466                                             int mmu_idx, uint64_t lpid,
467                                             bool guest_visible)
468 {
469     CPUState *cs = CPU(cpu);
470     CPUPPCState *env = &cpu->env;
471     uint64_t offset, size, prtb, prtbe_addr, prtbe0, base_addr, nls, index, pte;
472     int fault_cause = 0, h_page_size, h_prot;
473     hwaddr h_raddr, pte_addr;
474     int ret;
475 
476     qemu_log_mask(CPU_LOG_MMU, "%s for %s @0x%"VADDR_PRIx
477                   " mmu_idx %u pid %"PRIu64"\n",
478                   __func__, access_str(access_type),
479                   eaddr, mmu_idx, pid);
480 
481     prtb = (pate.dw1 & PATE1_R_PRTB);
482     size = 1ULL << ((pate.dw1 & PATE1_R_PRTS) + 12);
483     if (prtb & (size - 1)) {
484         /* Process Table not properly aligned */
485         if (guest_visible) {
486             ppc_radix64_raise_si(cpu, access_type, eaddr, DSISR_R_BADCONFIG);
487         }
488         return 1;
489     }
490 
491     /* Index Process Table by PID to Find Corresponding Process Table Entry */
492     offset = pid * sizeof(struct prtb_entry);
493     if (offset >= size) {
494         /* offset exceeds size of the process table */
495         if (guest_visible) {
496             ppc_radix64_raise_si(cpu, access_type, eaddr, DSISR_NOPTE);
497         }
498         return 1;
499     }
500     prtbe_addr = prtb + offset;
501 
502     if (vhyp_flat_addressing(cpu)) {
503         prtbe0 = ldq_phys(cs->as, prtbe_addr);
504     } else {
505         /*
506          * Process table addresses are subject to partition-scoped
507          * translation
508          *
509          * On a Radix host, the partition-scoped page table for LPID=0
510          * is only used to translate the effective addresses of the
511          * process table entries.
512          */
513         /* mmu_idx is 5 because we're translating from hypervisor scope */
514         ret = ppc_radix64_partition_scoped_xlate(cpu, access_type, eaddr,
515                                                  prtbe_addr, pate, &h_raddr,
516                                                  &h_prot, &h_page_size, true,
517                                                  5, lpid, guest_visible);
518         if (ret) {
519             return ret;
520         }
521         prtbe0 = ldq_phys(cs->as, h_raddr);
522     }
523 
524     /* Walk Radix Tree from Process Table Entry to Convert EA to RA */
525     *g_page_size = PRTBE_R_GET_RTS(prtbe0);
526     base_addr = prtbe0 & PRTBE_R_RPDB;
527     nls = prtbe0 & PRTBE_R_RPDS;
528     if (FIELD_EX64(env->msr, MSR, HV) || vhyp_flat_addressing(cpu)) {
529         /*
530          * Can treat process table addresses as real addresses
531          */
532         ret = ppc_radix64_walk_tree(cs->as, eaddr & R_EADDR_MASK, base_addr,
533                                     nls, g_raddr, g_page_size, &pte,
534                                     &fault_cause, &pte_addr);
535         if (ret) {
536             /* No valid PTE */
537             if (guest_visible) {
538                 ppc_radix64_raise_si(cpu, access_type, eaddr, fault_cause);
539             }
540             return ret;
541         }
542     } else {
543         uint64_t rpn, mask;
544         int level = 0;
545 
546         index = (eaddr & R_EADDR_MASK) >> (*g_page_size - nls); /* Shift */
547         index &= ((1UL << nls) - 1);                            /* Mask */
548         pte_addr = base_addr + (index * sizeof(pte));
549 
550         /*
551          * Each process table address is subject to a partition-scoped
552          * translation
553          */
554         do {
555             /* mmu_idx is 5 because we're translating from hypervisor scope */
556             ret = ppc_radix64_partition_scoped_xlate(cpu, access_type, eaddr,
557                                                      pte_addr, pate, &h_raddr,
558                                                      &h_prot, &h_page_size,
559                                                      true, 5, lpid,
560                                                      guest_visible);
561             if (ret) {
562                 return ret;
563             }
564 
565             if (!ppc_radix64_is_valid_level(level++, *g_page_size, nls)) {
566                 fault_cause |= DSISR_R_BADCONFIG;
567                 ret = 1;
568             } else {
569                 ret = ppc_radix64_next_level(cs->as, eaddr & R_EADDR_MASK,
570                                              &h_raddr, &nls, g_page_size,
571                                              &pte, &fault_cause);
572             }
573 
574             if (ret) {
575                 /* No valid pte */
576                 if (guest_visible) {
577                     ppc_radix64_raise_si(cpu, access_type, eaddr, fault_cause);
578                 }
579                 return ret;
580             }
581             pte_addr = h_raddr;
582         } while (!(pte & R_PTE_LEAF));
583 
584         rpn = pte & R_PTE_RPN;
585         mask = (1UL << *g_page_size) - 1;
586 
587         /* Or high bits of rpn and low bits to ea to form whole real addr */
588         *g_raddr = (rpn & ~mask) | (eaddr & mask);
589     }
590 
591     if (ppc_radix64_check_prot(cpu, access_type, pte, &fault_cause,
592                                g_prot, mmu_idx, false)) {
593         /* Access denied due to protection */
594         if (guest_visible) {
595             ppc_radix64_raise_si(cpu, access_type, eaddr, fault_cause);
596         }
597         return 1;
598     }
599 
600     if (guest_visible) {
601         /* R/C bits not appropriately set for access */
602         if (ppc_radix64_check_rc(access_type, pte)) {
603             ppc_radix64_raise_si(cpu, access_type, eaddr, DSISR_ATOMIC_RC);
604             return 1;
605         }
606     }
607 
608     return 0;
609 }
610 
611 /*
612  * Radix tree translation is a 2 steps translation process:
613  *
614  * 1. Process-scoped translation:   Guest Eff Addr  -> Guest Real Addr
615  * 2. Partition-scoped translation: Guest Real Addr -> Host Real Addr
616  *
617  *                                  MSR[HV]
618  *              +-------------+----------------+---------------+
619  *              |             |     HV = 0     |     HV = 1    |
620  *              +-------------+----------------+---------------+
621  *              | Relocation  |    Partition   |      No       |
622  *              | = Off       |     Scoped     |  Translation  |
623  *  Relocation  +-------------+----------------+---------------+
624  *              | Relocation  |   Partition &  |    Process    |
625  *              | = On        | Process Scoped |    Scoped     |
626  *              +-------------+----------------+---------------+
627  */
628 static bool ppc_radix64_xlate_impl(PowerPCCPU *cpu, vaddr eaddr,
629                                    MMUAccessType access_type, hwaddr *raddr,
630                                    int *psizep, int *protp, int mmu_idx,
631                                    bool guest_visible)
632 {
633     CPUPPCState *env = &cpu->env;
634     uint64_t lpid, pid;
635     ppc_v3_pate_t pate;
636     int psize, prot;
637     hwaddr g_raddr;
638     bool relocation;
639 
640     assert(!(mmuidx_hv(mmu_idx) && cpu->vhyp));
641 
642     relocation = !mmuidx_real(mmu_idx);
643 
644     /* HV or virtual hypervisor Real Mode Access */
645     if (!relocation && (mmuidx_hv(mmu_idx) || vhyp_flat_addressing(cpu))) {
646         /* In real mode top 4 effective addr bits (mostly) ignored */
647         *raddr = eaddr & 0x0FFFFFFFFFFFFFFFULL;
648 
649         /* In HV mode, add HRMOR if top EA bit is clear */
650         if (mmuidx_hv(mmu_idx) || !env->has_hv_mode) {
651             if (!(eaddr >> 63)) {
652                 *raddr |= env->spr[SPR_HRMOR];
653            }
654         }
655         *protp = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
656         *psizep = TARGET_PAGE_BITS;
657         return true;
658     }
659 
660     /*
661      * Check UPRT (we avoid the check in real mode to deal with
662      * transitional states during kexec.
663      */
664     if (guest_visible && !ppc64_use_proc_tbl(cpu)) {
665         qemu_log_mask(LOG_GUEST_ERROR,
666                       "LPCR:UPRT not set in radix mode ! LPCR="
667                       TARGET_FMT_lx "\n", env->spr[SPR_LPCR]);
668     }
669 
670     /* Virtual Mode Access - get the fully qualified address */
671     if (!ppc_radix64_get_fully_qualified_addr(&cpu->env, eaddr, &lpid, &pid)) {
672         if (guest_visible) {
673             ppc_radix64_raise_segi(cpu, access_type, eaddr);
674         }
675         return false;
676     }
677 
678     /* Get Partition Table */
679     if (cpu->vhyp) {
680         if (!cpu->vhyp_class->get_pate(cpu->vhyp, cpu, lpid, &pate)) {
681             if (guest_visible) {
682                 ppc_radix64_raise_hsi(cpu, access_type, eaddr, eaddr,
683                                       DSISR_R_BADCONFIG);
684             }
685             return false;
686         }
687     } else {
688         if (!ppc64_v3_get_pate(cpu, lpid, &pate)) {
689             if (guest_visible) {
690                 ppc_radix64_raise_hsi(cpu, access_type, eaddr, eaddr,
691                                       DSISR_R_BADCONFIG);
692             }
693             return false;
694         }
695         if (!validate_pate(cpu, lpid, &pate)) {
696             if (guest_visible) {
697                 ppc_radix64_raise_hsi(cpu, access_type, eaddr, eaddr,
698                                       DSISR_R_BADCONFIG);
699             }
700             return false;
701         }
702     }
703 
704     *psizep = INT_MAX;
705     *protp = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
706 
707     /*
708      * Perform process-scoped translation if relocation enabled.
709      *
710      * - Translates an effective address to a host real address in
711      *   quadrants 0 and 3 when HV=1.
712      *
713      * - Translates an effective address to a guest real address.
714      */
715     if (relocation) {
716         int ret = ppc_radix64_process_scoped_xlate(cpu, access_type, eaddr, pid,
717                                                    pate, &g_raddr, &prot,
718                                                    &psize, mmu_idx, lpid,
719                                                    guest_visible);
720         if (ret) {
721             return false;
722         }
723         *psizep = MIN(*psizep, psize);
724         *protp &= prot;
725     } else {
726         g_raddr = eaddr & R_EADDR_MASK;
727     }
728 
729     if (vhyp_flat_addressing(cpu)) {
730         *raddr = g_raddr;
731     } else {
732         /*
733          * Perform partition-scoped translation if !HV or HV access to
734          * quadrants 1 or 2. Translates a guest real address to a host
735          * real address.
736          */
737         if (lpid || !mmuidx_hv(mmu_idx)) {
738             int ret;
739 
740             ret = ppc_radix64_partition_scoped_xlate(cpu, access_type, eaddr,
741                                                      g_raddr, pate, raddr,
742                                                      &prot, &psize, false,
743                                                      mmu_idx, lpid,
744                                                      guest_visible);
745             if (ret) {
746                 return false;
747             }
748             *psizep = MIN(*psizep, psize);
749             *protp &= prot;
750         } else {
751             *raddr = g_raddr;
752         }
753     }
754 
755     return true;
756 }
757 
758 bool ppc_radix64_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
759                        hwaddr *raddrp, int *psizep, int *protp, int mmu_idx,
760                        bool guest_visible)
761 {
762     bool ret = ppc_radix64_xlate_impl(cpu, eaddr, access_type, raddrp,
763                                       psizep, protp, mmu_idx, guest_visible);
764 
765     qemu_log_mask(CPU_LOG_MMU, "%s for %s @0x%"VADDR_PRIx
766                   " mmu_idx %u (prot %c%c%c) -> 0x%"HWADDR_PRIx"\n",
767                   __func__, access_str(access_type),
768                   eaddr, mmu_idx,
769                   *protp & PAGE_READ ? 'r' : '-',
770                   *protp & PAGE_WRITE ? 'w' : '-',
771                   *protp & PAGE_EXEC ? 'x' : '-',
772                   *raddrp);
773 
774     return ret;
775 }
776