1 #include "qemu/osdep.h" 2 #include "qapi/error.h" 3 #include "sysemu/sysemu.h" 4 #include "qemu/log.h" 5 #include "cpu.h" 6 #include "exec/exec-all.h" 7 #include "helper_regs.h" 8 #include "hw/ppc/spapr.h" 9 #include "mmu-hash64.h" 10 #include "cpu-models.h" 11 #include "trace.h" 12 #include "sysemu/kvm.h" 13 #include "kvm_ppc.h" 14 15 struct SPRSyncState { 16 CPUState *cs; 17 int spr; 18 target_ulong value; 19 target_ulong mask; 20 }; 21 22 static void do_spr_sync(void *arg) 23 { 24 struct SPRSyncState *s = arg; 25 PowerPCCPU *cpu = POWERPC_CPU(s->cs); 26 CPUPPCState *env = &cpu->env; 27 28 cpu_synchronize_state(s->cs); 29 env->spr[s->spr] &= ~s->mask; 30 env->spr[s->spr] |= s->value; 31 } 32 33 static void set_spr(CPUState *cs, int spr, target_ulong value, 34 target_ulong mask) 35 { 36 struct SPRSyncState s = { 37 .cs = cs, 38 .spr = spr, 39 .value = value, 40 .mask = mask 41 }; 42 run_on_cpu(cs, do_spr_sync, &s); 43 } 44 45 static bool has_spr(PowerPCCPU *cpu, int spr) 46 { 47 /* We can test whether the SPR is defined by checking for a valid name */ 48 return cpu->env.spr_cb[spr].name != NULL; 49 } 50 51 static inline bool valid_pte_index(CPUPPCState *env, target_ulong pte_index) 52 { 53 /* 54 * hash value/pteg group index is normalized by htab_mask 55 */ 56 if (((pte_index & ~7ULL) / HPTES_PER_GROUP) & ~env->htab_mask) { 57 return false; 58 } 59 return true; 60 } 61 62 static bool is_ram_address(sPAPRMachineState *spapr, hwaddr addr) 63 { 64 MachineState *machine = MACHINE(spapr); 65 MemoryHotplugState *hpms = &spapr->hotplug_memory; 66 67 if (addr < machine->ram_size) { 68 return true; 69 } 70 if ((addr >= hpms->base) 71 && ((addr - hpms->base) < memory_region_size(&hpms->mr))) { 72 return true; 73 } 74 75 return false; 76 } 77 78 static target_ulong h_enter(PowerPCCPU *cpu, sPAPRMachineState *spapr, 79 target_ulong opcode, target_ulong *args) 80 { 81 CPUPPCState *env = &cpu->env; 82 target_ulong flags = args[0]; 83 target_ulong pte_index = args[1]; 84 target_ulong pteh = args[2]; 85 target_ulong ptel = args[3]; 86 unsigned apshift; 87 target_ulong raddr; 88 target_ulong index; 89 uint64_t token; 90 91 apshift = ppc_hash64_hpte_page_shift_noslb(cpu, pteh, ptel); 92 if (!apshift) { 93 /* Bad page size encoding */ 94 return H_PARAMETER; 95 } 96 97 raddr = (ptel & HPTE64_R_RPN) & ~((1ULL << apshift) - 1); 98 99 if (is_ram_address(spapr, raddr)) { 100 /* Regular RAM - should have WIMG=0010 */ 101 if ((ptel & HPTE64_R_WIMG) != HPTE64_R_M) { 102 return H_PARAMETER; 103 } 104 } else { 105 target_ulong wimg_flags; 106 /* Looks like an IO address */ 107 /* FIXME: What WIMG combinations could be sensible for IO? 108 * For now we allow WIMG=010x, but are there others? */ 109 /* FIXME: Should we check against registered IO addresses? */ 110 wimg_flags = (ptel & (HPTE64_R_W | HPTE64_R_I | HPTE64_R_M)); 111 112 if (wimg_flags != HPTE64_R_I && 113 wimg_flags != (HPTE64_R_I | HPTE64_R_M)) { 114 return H_PARAMETER; 115 } 116 } 117 118 pteh &= ~0x60ULL; 119 120 if (!valid_pte_index(env, pte_index)) { 121 return H_PARAMETER; 122 } 123 124 index = 0; 125 if (likely((flags & H_EXACT) == 0)) { 126 pte_index &= ~7ULL; 127 token = ppc_hash64_start_access(cpu, pte_index); 128 for (; index < 8; index++) { 129 if (!(ppc_hash64_load_hpte0(cpu, token, index) & HPTE64_V_VALID)) { 130 break; 131 } 132 } 133 ppc_hash64_stop_access(cpu, token); 134 if (index == 8) { 135 return H_PTEG_FULL; 136 } 137 } else { 138 token = ppc_hash64_start_access(cpu, pte_index); 139 if (ppc_hash64_load_hpte0(cpu, token, 0) & HPTE64_V_VALID) { 140 ppc_hash64_stop_access(cpu, token); 141 return H_PTEG_FULL; 142 } 143 ppc_hash64_stop_access(cpu, token); 144 } 145 146 ppc_hash64_store_hpte(cpu, pte_index + index, 147 pteh | HPTE64_V_HPTE_DIRTY, ptel); 148 149 args[0] = pte_index + index; 150 return H_SUCCESS; 151 } 152 153 typedef enum { 154 REMOVE_SUCCESS = 0, 155 REMOVE_NOT_FOUND = 1, 156 REMOVE_PARM = 2, 157 REMOVE_HW = 3, 158 } RemoveResult; 159 160 static RemoveResult remove_hpte(PowerPCCPU *cpu, target_ulong ptex, 161 target_ulong avpn, 162 target_ulong flags, 163 target_ulong *vp, target_ulong *rp) 164 { 165 CPUPPCState *env = &cpu->env; 166 uint64_t token; 167 target_ulong v, r; 168 169 if (!valid_pte_index(env, ptex)) { 170 return REMOVE_PARM; 171 } 172 173 token = ppc_hash64_start_access(cpu, ptex); 174 v = ppc_hash64_load_hpte0(cpu, token, 0); 175 r = ppc_hash64_load_hpte1(cpu, token, 0); 176 ppc_hash64_stop_access(cpu, token); 177 178 if ((v & HPTE64_V_VALID) == 0 || 179 ((flags & H_AVPN) && (v & ~0x7fULL) != avpn) || 180 ((flags & H_ANDCOND) && (v & avpn) != 0)) { 181 return REMOVE_NOT_FOUND; 182 } 183 *vp = v; 184 *rp = r; 185 ppc_hash64_store_hpte(cpu, ptex, HPTE64_V_HPTE_DIRTY, 0); 186 ppc_hash64_tlb_flush_hpte(cpu, ptex, v, r); 187 return REMOVE_SUCCESS; 188 } 189 190 static target_ulong h_remove(PowerPCCPU *cpu, sPAPRMachineState *spapr, 191 target_ulong opcode, target_ulong *args) 192 { 193 CPUPPCState *env = &cpu->env; 194 target_ulong flags = args[0]; 195 target_ulong pte_index = args[1]; 196 target_ulong avpn = args[2]; 197 RemoveResult ret; 198 199 ret = remove_hpte(cpu, pte_index, avpn, flags, 200 &args[0], &args[1]); 201 202 switch (ret) { 203 case REMOVE_SUCCESS: 204 check_tlb_flush(env, true); 205 return H_SUCCESS; 206 207 case REMOVE_NOT_FOUND: 208 return H_NOT_FOUND; 209 210 case REMOVE_PARM: 211 return H_PARAMETER; 212 213 case REMOVE_HW: 214 return H_HARDWARE; 215 } 216 217 g_assert_not_reached(); 218 } 219 220 #define H_BULK_REMOVE_TYPE 0xc000000000000000ULL 221 #define H_BULK_REMOVE_REQUEST 0x4000000000000000ULL 222 #define H_BULK_REMOVE_RESPONSE 0x8000000000000000ULL 223 #define H_BULK_REMOVE_END 0xc000000000000000ULL 224 #define H_BULK_REMOVE_CODE 0x3000000000000000ULL 225 #define H_BULK_REMOVE_SUCCESS 0x0000000000000000ULL 226 #define H_BULK_REMOVE_NOT_FOUND 0x1000000000000000ULL 227 #define H_BULK_REMOVE_PARM 0x2000000000000000ULL 228 #define H_BULK_REMOVE_HW 0x3000000000000000ULL 229 #define H_BULK_REMOVE_RC 0x0c00000000000000ULL 230 #define H_BULK_REMOVE_FLAGS 0x0300000000000000ULL 231 #define H_BULK_REMOVE_ABSOLUTE 0x0000000000000000ULL 232 #define H_BULK_REMOVE_ANDCOND 0x0100000000000000ULL 233 #define H_BULK_REMOVE_AVPN 0x0200000000000000ULL 234 #define H_BULK_REMOVE_PTEX 0x00ffffffffffffffULL 235 236 #define H_BULK_REMOVE_MAX_BATCH 4 237 238 static target_ulong h_bulk_remove(PowerPCCPU *cpu, sPAPRMachineState *spapr, 239 target_ulong opcode, target_ulong *args) 240 { 241 CPUPPCState *env = &cpu->env; 242 int i; 243 target_ulong rc = H_SUCCESS; 244 245 for (i = 0; i < H_BULK_REMOVE_MAX_BATCH; i++) { 246 target_ulong *tsh = &args[i*2]; 247 target_ulong tsl = args[i*2 + 1]; 248 target_ulong v, r, ret; 249 250 if ((*tsh & H_BULK_REMOVE_TYPE) == H_BULK_REMOVE_END) { 251 break; 252 } else if ((*tsh & H_BULK_REMOVE_TYPE) != H_BULK_REMOVE_REQUEST) { 253 return H_PARAMETER; 254 } 255 256 *tsh &= H_BULK_REMOVE_PTEX | H_BULK_REMOVE_FLAGS; 257 *tsh |= H_BULK_REMOVE_RESPONSE; 258 259 if ((*tsh & H_BULK_REMOVE_ANDCOND) && (*tsh & H_BULK_REMOVE_AVPN)) { 260 *tsh |= H_BULK_REMOVE_PARM; 261 return H_PARAMETER; 262 } 263 264 ret = remove_hpte(cpu, *tsh & H_BULK_REMOVE_PTEX, tsl, 265 (*tsh & H_BULK_REMOVE_FLAGS) >> 26, 266 &v, &r); 267 268 *tsh |= ret << 60; 269 270 switch (ret) { 271 case REMOVE_SUCCESS: 272 *tsh |= (r & (HPTE64_R_C | HPTE64_R_R)) << 43; 273 break; 274 275 case REMOVE_PARM: 276 rc = H_PARAMETER; 277 goto exit; 278 279 case REMOVE_HW: 280 rc = H_HARDWARE; 281 goto exit; 282 } 283 } 284 exit: 285 check_tlb_flush(env, true); 286 287 return rc; 288 } 289 290 static target_ulong h_protect(PowerPCCPU *cpu, sPAPRMachineState *spapr, 291 target_ulong opcode, target_ulong *args) 292 { 293 CPUPPCState *env = &cpu->env; 294 target_ulong flags = args[0]; 295 target_ulong pte_index = args[1]; 296 target_ulong avpn = args[2]; 297 uint64_t token; 298 target_ulong v, r; 299 300 if (!valid_pte_index(env, pte_index)) { 301 return H_PARAMETER; 302 } 303 304 token = ppc_hash64_start_access(cpu, pte_index); 305 v = ppc_hash64_load_hpte0(cpu, token, 0); 306 r = ppc_hash64_load_hpte1(cpu, token, 0); 307 ppc_hash64_stop_access(cpu, token); 308 309 if ((v & HPTE64_V_VALID) == 0 || 310 ((flags & H_AVPN) && (v & ~0x7fULL) != avpn)) { 311 return H_NOT_FOUND; 312 } 313 314 r &= ~(HPTE64_R_PP0 | HPTE64_R_PP | HPTE64_R_N | 315 HPTE64_R_KEY_HI | HPTE64_R_KEY_LO); 316 r |= (flags << 55) & HPTE64_R_PP0; 317 r |= (flags << 48) & HPTE64_R_KEY_HI; 318 r |= flags & (HPTE64_R_PP | HPTE64_R_N | HPTE64_R_KEY_LO); 319 ppc_hash64_store_hpte(cpu, pte_index, 320 (v & ~HPTE64_V_VALID) | HPTE64_V_HPTE_DIRTY, 0); 321 ppc_hash64_tlb_flush_hpte(cpu, pte_index, v, r); 322 /* Flush the tlb */ 323 check_tlb_flush(env, true); 324 /* Don't need a memory barrier, due to qemu's global lock */ 325 ppc_hash64_store_hpte(cpu, pte_index, v | HPTE64_V_HPTE_DIRTY, r); 326 return H_SUCCESS; 327 } 328 329 static target_ulong h_read(PowerPCCPU *cpu, sPAPRMachineState *spapr, 330 target_ulong opcode, target_ulong *args) 331 { 332 CPUPPCState *env = &cpu->env; 333 target_ulong flags = args[0]; 334 target_ulong pte_index = args[1]; 335 uint8_t *hpte; 336 int i, ridx, n_entries = 1; 337 338 if (!valid_pte_index(env, pte_index)) { 339 return H_PARAMETER; 340 } 341 342 if (flags & H_READ_4) { 343 /* Clear the two low order bits */ 344 pte_index &= ~(3ULL); 345 n_entries = 4; 346 } 347 348 hpte = env->external_htab + (pte_index * HASH_PTE_SIZE_64); 349 350 for (i = 0, ridx = 0; i < n_entries; i++) { 351 args[ridx++] = ldq_p(hpte); 352 args[ridx++] = ldq_p(hpte + (HASH_PTE_SIZE_64/2)); 353 hpte += HASH_PTE_SIZE_64; 354 } 355 356 return H_SUCCESS; 357 } 358 359 static target_ulong h_set_sprg0(PowerPCCPU *cpu, sPAPRMachineState *spapr, 360 target_ulong opcode, target_ulong *args) 361 { 362 cpu_synchronize_state(CPU(cpu)); 363 cpu->env.spr[SPR_SPRG0] = args[0]; 364 365 return H_SUCCESS; 366 } 367 368 static target_ulong h_set_dabr(PowerPCCPU *cpu, sPAPRMachineState *spapr, 369 target_ulong opcode, target_ulong *args) 370 { 371 if (!has_spr(cpu, SPR_DABR)) { 372 return H_HARDWARE; /* DABR register not available */ 373 } 374 cpu_synchronize_state(CPU(cpu)); 375 376 if (has_spr(cpu, SPR_DABRX)) { 377 cpu->env.spr[SPR_DABRX] = 0x3; /* Use Problem and Privileged state */ 378 } else if (!(args[0] & 0x4)) { /* Breakpoint Translation set? */ 379 return H_RESERVED_DABR; 380 } 381 382 cpu->env.spr[SPR_DABR] = args[0]; 383 return H_SUCCESS; 384 } 385 386 static target_ulong h_set_xdabr(PowerPCCPU *cpu, sPAPRMachineState *spapr, 387 target_ulong opcode, target_ulong *args) 388 { 389 target_ulong dabrx = args[1]; 390 391 if (!has_spr(cpu, SPR_DABR) || !has_spr(cpu, SPR_DABRX)) { 392 return H_HARDWARE; 393 } 394 395 if ((dabrx & ~0xfULL) != 0 || (dabrx & H_DABRX_HYPERVISOR) != 0 396 || (dabrx & (H_DABRX_KERNEL | H_DABRX_USER)) == 0) { 397 return H_PARAMETER; 398 } 399 400 cpu_synchronize_state(CPU(cpu)); 401 cpu->env.spr[SPR_DABRX] = dabrx; 402 cpu->env.spr[SPR_DABR] = args[0]; 403 404 return H_SUCCESS; 405 } 406 407 static target_ulong h_page_init(PowerPCCPU *cpu, sPAPRMachineState *spapr, 408 target_ulong opcode, target_ulong *args) 409 { 410 target_ulong flags = args[0]; 411 hwaddr dst = args[1]; 412 hwaddr src = args[2]; 413 hwaddr len = TARGET_PAGE_SIZE; 414 uint8_t *pdst, *psrc; 415 target_long ret = H_SUCCESS; 416 417 if (flags & ~(H_ICACHE_SYNCHRONIZE | H_ICACHE_INVALIDATE 418 | H_COPY_PAGE | H_ZERO_PAGE)) { 419 qemu_log_mask(LOG_UNIMP, "h_page_init: Bad flags (" TARGET_FMT_lx "\n", 420 flags); 421 return H_PARAMETER; 422 } 423 424 /* Map-in destination */ 425 if (!is_ram_address(spapr, dst) || (dst & ~TARGET_PAGE_MASK) != 0) { 426 return H_PARAMETER; 427 } 428 pdst = cpu_physical_memory_map(dst, &len, 1); 429 if (!pdst || len != TARGET_PAGE_SIZE) { 430 return H_PARAMETER; 431 } 432 433 if (flags & H_COPY_PAGE) { 434 /* Map-in source, copy to destination, and unmap source again */ 435 if (!is_ram_address(spapr, src) || (src & ~TARGET_PAGE_MASK) != 0) { 436 ret = H_PARAMETER; 437 goto unmap_out; 438 } 439 psrc = cpu_physical_memory_map(src, &len, 0); 440 if (!psrc || len != TARGET_PAGE_SIZE) { 441 ret = H_PARAMETER; 442 goto unmap_out; 443 } 444 memcpy(pdst, psrc, len); 445 cpu_physical_memory_unmap(psrc, len, 0, len); 446 } else if (flags & H_ZERO_PAGE) { 447 memset(pdst, 0, len); /* Just clear the destination page */ 448 } 449 450 if (kvm_enabled() && (flags & H_ICACHE_SYNCHRONIZE) != 0) { 451 kvmppc_dcbst_range(cpu, pdst, len); 452 } 453 if (flags & (H_ICACHE_SYNCHRONIZE | H_ICACHE_INVALIDATE)) { 454 if (kvm_enabled()) { 455 kvmppc_icbi_range(cpu, pdst, len); 456 } else { 457 tb_flush(CPU(cpu)); 458 } 459 } 460 461 unmap_out: 462 cpu_physical_memory_unmap(pdst, TARGET_PAGE_SIZE, 1, len); 463 return ret; 464 } 465 466 #define FLAGS_REGISTER_VPA 0x0000200000000000ULL 467 #define FLAGS_REGISTER_DTL 0x0000400000000000ULL 468 #define FLAGS_REGISTER_SLBSHADOW 0x0000600000000000ULL 469 #define FLAGS_DEREGISTER_VPA 0x0000a00000000000ULL 470 #define FLAGS_DEREGISTER_DTL 0x0000c00000000000ULL 471 #define FLAGS_DEREGISTER_SLBSHADOW 0x0000e00000000000ULL 472 473 #define VPA_MIN_SIZE 640 474 #define VPA_SIZE_OFFSET 0x4 475 #define VPA_SHARED_PROC_OFFSET 0x9 476 #define VPA_SHARED_PROC_VAL 0x2 477 478 static target_ulong register_vpa(CPUPPCState *env, target_ulong vpa) 479 { 480 CPUState *cs = CPU(ppc_env_get_cpu(env)); 481 uint16_t size; 482 uint8_t tmp; 483 484 if (vpa == 0) { 485 hcall_dprintf("Can't cope with registering a VPA at logical 0\n"); 486 return H_HARDWARE; 487 } 488 489 if (vpa % env->dcache_line_size) { 490 return H_PARAMETER; 491 } 492 /* FIXME: bounds check the address */ 493 494 size = lduw_be_phys(cs->as, vpa + 0x4); 495 496 if (size < VPA_MIN_SIZE) { 497 return H_PARAMETER; 498 } 499 500 /* VPA is not allowed to cross a page boundary */ 501 if ((vpa / 4096) != ((vpa + size - 1) / 4096)) { 502 return H_PARAMETER; 503 } 504 505 env->vpa_addr = vpa; 506 507 tmp = ldub_phys(cs->as, env->vpa_addr + VPA_SHARED_PROC_OFFSET); 508 tmp |= VPA_SHARED_PROC_VAL; 509 stb_phys(cs->as, env->vpa_addr + VPA_SHARED_PROC_OFFSET, tmp); 510 511 return H_SUCCESS; 512 } 513 514 static target_ulong deregister_vpa(CPUPPCState *env, target_ulong vpa) 515 { 516 if (env->slb_shadow_addr) { 517 return H_RESOURCE; 518 } 519 520 if (env->dtl_addr) { 521 return H_RESOURCE; 522 } 523 524 env->vpa_addr = 0; 525 return H_SUCCESS; 526 } 527 528 static target_ulong register_slb_shadow(CPUPPCState *env, target_ulong addr) 529 { 530 CPUState *cs = CPU(ppc_env_get_cpu(env)); 531 uint32_t size; 532 533 if (addr == 0) { 534 hcall_dprintf("Can't cope with SLB shadow at logical 0\n"); 535 return H_HARDWARE; 536 } 537 538 size = ldl_be_phys(cs->as, addr + 0x4); 539 if (size < 0x8) { 540 return H_PARAMETER; 541 } 542 543 if ((addr / 4096) != ((addr + size - 1) / 4096)) { 544 return H_PARAMETER; 545 } 546 547 if (!env->vpa_addr) { 548 return H_RESOURCE; 549 } 550 551 env->slb_shadow_addr = addr; 552 env->slb_shadow_size = size; 553 554 return H_SUCCESS; 555 } 556 557 static target_ulong deregister_slb_shadow(CPUPPCState *env, target_ulong addr) 558 { 559 env->slb_shadow_addr = 0; 560 env->slb_shadow_size = 0; 561 return H_SUCCESS; 562 } 563 564 static target_ulong register_dtl(CPUPPCState *env, target_ulong addr) 565 { 566 CPUState *cs = CPU(ppc_env_get_cpu(env)); 567 uint32_t size; 568 569 if (addr == 0) { 570 hcall_dprintf("Can't cope with DTL at logical 0\n"); 571 return H_HARDWARE; 572 } 573 574 size = ldl_be_phys(cs->as, addr + 0x4); 575 576 if (size < 48) { 577 return H_PARAMETER; 578 } 579 580 if (!env->vpa_addr) { 581 return H_RESOURCE; 582 } 583 584 env->dtl_addr = addr; 585 env->dtl_size = size; 586 587 return H_SUCCESS; 588 } 589 590 static target_ulong deregister_dtl(CPUPPCState *env, target_ulong addr) 591 { 592 env->dtl_addr = 0; 593 env->dtl_size = 0; 594 595 return H_SUCCESS; 596 } 597 598 static target_ulong h_register_vpa(PowerPCCPU *cpu, sPAPRMachineState *spapr, 599 target_ulong opcode, target_ulong *args) 600 { 601 target_ulong flags = args[0]; 602 target_ulong procno = args[1]; 603 target_ulong vpa = args[2]; 604 target_ulong ret = H_PARAMETER; 605 CPUPPCState *tenv; 606 PowerPCCPU *tcpu; 607 608 tcpu = ppc_get_vcpu_by_dt_id(procno); 609 if (!tcpu) { 610 return H_PARAMETER; 611 } 612 tenv = &tcpu->env; 613 614 switch (flags) { 615 case FLAGS_REGISTER_VPA: 616 ret = register_vpa(tenv, vpa); 617 break; 618 619 case FLAGS_DEREGISTER_VPA: 620 ret = deregister_vpa(tenv, vpa); 621 break; 622 623 case FLAGS_REGISTER_SLBSHADOW: 624 ret = register_slb_shadow(tenv, vpa); 625 break; 626 627 case FLAGS_DEREGISTER_SLBSHADOW: 628 ret = deregister_slb_shadow(tenv, vpa); 629 break; 630 631 case FLAGS_REGISTER_DTL: 632 ret = register_dtl(tenv, vpa); 633 break; 634 635 case FLAGS_DEREGISTER_DTL: 636 ret = deregister_dtl(tenv, vpa); 637 break; 638 } 639 640 return ret; 641 } 642 643 static target_ulong h_cede(PowerPCCPU *cpu, sPAPRMachineState *spapr, 644 target_ulong opcode, target_ulong *args) 645 { 646 CPUPPCState *env = &cpu->env; 647 CPUState *cs = CPU(cpu); 648 649 env->msr |= (1ULL << MSR_EE); 650 hreg_compute_hflags(env); 651 if (!cpu_has_work(cs)) { 652 cs->halted = 1; 653 cs->exception_index = EXCP_HLT; 654 cs->exit_request = 1; 655 } 656 return H_SUCCESS; 657 } 658 659 static target_ulong h_rtas(PowerPCCPU *cpu, sPAPRMachineState *spapr, 660 target_ulong opcode, target_ulong *args) 661 { 662 target_ulong rtas_r3 = args[0]; 663 uint32_t token = rtas_ld(rtas_r3, 0); 664 uint32_t nargs = rtas_ld(rtas_r3, 1); 665 uint32_t nret = rtas_ld(rtas_r3, 2); 666 667 return spapr_rtas_call(cpu, spapr, token, nargs, rtas_r3 + 12, 668 nret, rtas_r3 + 12 + 4*nargs); 669 } 670 671 static target_ulong h_logical_load(PowerPCCPU *cpu, sPAPRMachineState *spapr, 672 target_ulong opcode, target_ulong *args) 673 { 674 CPUState *cs = CPU(cpu); 675 target_ulong size = args[0]; 676 target_ulong addr = args[1]; 677 678 switch (size) { 679 case 1: 680 args[0] = ldub_phys(cs->as, addr); 681 return H_SUCCESS; 682 case 2: 683 args[0] = lduw_phys(cs->as, addr); 684 return H_SUCCESS; 685 case 4: 686 args[0] = ldl_phys(cs->as, addr); 687 return H_SUCCESS; 688 case 8: 689 args[0] = ldq_phys(cs->as, addr); 690 return H_SUCCESS; 691 } 692 return H_PARAMETER; 693 } 694 695 static target_ulong h_logical_store(PowerPCCPU *cpu, sPAPRMachineState *spapr, 696 target_ulong opcode, target_ulong *args) 697 { 698 CPUState *cs = CPU(cpu); 699 700 target_ulong size = args[0]; 701 target_ulong addr = args[1]; 702 target_ulong val = args[2]; 703 704 switch (size) { 705 case 1: 706 stb_phys(cs->as, addr, val); 707 return H_SUCCESS; 708 case 2: 709 stw_phys(cs->as, addr, val); 710 return H_SUCCESS; 711 case 4: 712 stl_phys(cs->as, addr, val); 713 return H_SUCCESS; 714 case 8: 715 stq_phys(cs->as, addr, val); 716 return H_SUCCESS; 717 } 718 return H_PARAMETER; 719 } 720 721 static target_ulong h_logical_memop(PowerPCCPU *cpu, sPAPRMachineState *spapr, 722 target_ulong opcode, target_ulong *args) 723 { 724 CPUState *cs = CPU(cpu); 725 726 target_ulong dst = args[0]; /* Destination address */ 727 target_ulong src = args[1]; /* Source address */ 728 target_ulong esize = args[2]; /* Element size (0=1,1=2,2=4,3=8) */ 729 target_ulong count = args[3]; /* Element count */ 730 target_ulong op = args[4]; /* 0 = copy, 1 = invert */ 731 uint64_t tmp; 732 unsigned int mask = (1 << esize) - 1; 733 int step = 1 << esize; 734 735 if (count > 0x80000000) { 736 return H_PARAMETER; 737 } 738 739 if ((dst & mask) || (src & mask) || (op > 1)) { 740 return H_PARAMETER; 741 } 742 743 if (dst >= src && dst < (src + (count << esize))) { 744 dst = dst + ((count - 1) << esize); 745 src = src + ((count - 1) << esize); 746 step = -step; 747 } 748 749 while (count--) { 750 switch (esize) { 751 case 0: 752 tmp = ldub_phys(cs->as, src); 753 break; 754 case 1: 755 tmp = lduw_phys(cs->as, src); 756 break; 757 case 2: 758 tmp = ldl_phys(cs->as, src); 759 break; 760 case 3: 761 tmp = ldq_phys(cs->as, src); 762 break; 763 default: 764 return H_PARAMETER; 765 } 766 if (op == 1) { 767 tmp = ~tmp; 768 } 769 switch (esize) { 770 case 0: 771 stb_phys(cs->as, dst, tmp); 772 break; 773 case 1: 774 stw_phys(cs->as, dst, tmp); 775 break; 776 case 2: 777 stl_phys(cs->as, dst, tmp); 778 break; 779 case 3: 780 stq_phys(cs->as, dst, tmp); 781 break; 782 } 783 dst = dst + step; 784 src = src + step; 785 } 786 787 return H_SUCCESS; 788 } 789 790 static target_ulong h_logical_icbi(PowerPCCPU *cpu, sPAPRMachineState *spapr, 791 target_ulong opcode, target_ulong *args) 792 { 793 /* Nothing to do on emulation, KVM will trap this in the kernel */ 794 return H_SUCCESS; 795 } 796 797 static target_ulong h_logical_dcbf(PowerPCCPU *cpu, sPAPRMachineState *spapr, 798 target_ulong opcode, target_ulong *args) 799 { 800 /* Nothing to do on emulation, KVM will trap this in the kernel */ 801 return H_SUCCESS; 802 } 803 804 static target_ulong h_set_mode_resource_le(PowerPCCPU *cpu, 805 target_ulong mflags, 806 target_ulong value1, 807 target_ulong value2) 808 { 809 CPUState *cs; 810 811 if (value1) { 812 return H_P3; 813 } 814 if (value2) { 815 return H_P4; 816 } 817 818 switch (mflags) { 819 case H_SET_MODE_ENDIAN_BIG: 820 CPU_FOREACH(cs) { 821 set_spr(cs, SPR_LPCR, 0, LPCR_ILE); 822 } 823 spapr_pci_switch_vga(true); 824 return H_SUCCESS; 825 826 case H_SET_MODE_ENDIAN_LITTLE: 827 CPU_FOREACH(cs) { 828 set_spr(cs, SPR_LPCR, LPCR_ILE, LPCR_ILE); 829 } 830 spapr_pci_switch_vga(false); 831 return H_SUCCESS; 832 } 833 834 return H_UNSUPPORTED_FLAG; 835 } 836 837 static target_ulong h_set_mode_resource_addr_trans_mode(PowerPCCPU *cpu, 838 target_ulong mflags, 839 target_ulong value1, 840 target_ulong value2) 841 { 842 CPUState *cs; 843 PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu); 844 845 if (!(pcc->insns_flags2 & PPC2_ISA207S)) { 846 return H_P2; 847 } 848 if (value1) { 849 return H_P3; 850 } 851 if (value2) { 852 return H_P4; 853 } 854 855 if (mflags == AIL_RESERVED) { 856 return H_UNSUPPORTED_FLAG; 857 } 858 859 CPU_FOREACH(cs) { 860 set_spr(cs, SPR_LPCR, mflags << LPCR_AIL_SHIFT, LPCR_AIL); 861 } 862 863 return H_SUCCESS; 864 } 865 866 static target_ulong h_set_mode(PowerPCCPU *cpu, sPAPRMachineState *spapr, 867 target_ulong opcode, target_ulong *args) 868 { 869 target_ulong resource = args[1]; 870 target_ulong ret = H_P2; 871 872 switch (resource) { 873 case H_SET_MODE_RESOURCE_LE: 874 ret = h_set_mode_resource_le(cpu, args[0], args[2], args[3]); 875 break; 876 case H_SET_MODE_RESOURCE_ADDR_TRANS_MODE: 877 ret = h_set_mode_resource_addr_trans_mode(cpu, args[0], 878 args[2], args[3]); 879 break; 880 } 881 882 return ret; 883 } 884 885 /* 886 * Return the offset to the requested option vector @vector in the 887 * option vector table @table. 888 */ 889 static target_ulong cas_get_option_vector(int vector, target_ulong table) 890 { 891 int i; 892 char nr_vectors, nr_entries; 893 894 if (!table) { 895 return 0; 896 } 897 898 nr_vectors = (ldl_phys(&address_space_memory, table) >> 24) + 1; 899 if (!vector || vector > nr_vectors) { 900 return 0; 901 } 902 table++; /* skip nr option vectors */ 903 904 for (i = 0; i < vector - 1; i++) { 905 nr_entries = ldl_phys(&address_space_memory, table) >> 24; 906 table += nr_entries + 2; 907 } 908 return table; 909 } 910 911 typedef struct { 912 PowerPCCPU *cpu; 913 uint32_t cpu_version; 914 Error *err; 915 } SetCompatState; 916 917 static void do_set_compat(void *arg) 918 { 919 SetCompatState *s = arg; 920 921 cpu_synchronize_state(CPU(s->cpu)); 922 ppc_set_compat(s->cpu, s->cpu_version, &s->err); 923 } 924 925 #define get_compat_level(cpuver) ( \ 926 ((cpuver) == CPU_POWERPC_LOGICAL_2_05) ? 2050 : \ 927 ((cpuver) == CPU_POWERPC_LOGICAL_2_06) ? 2060 : \ 928 ((cpuver) == CPU_POWERPC_LOGICAL_2_06_PLUS) ? 2061 : \ 929 ((cpuver) == CPU_POWERPC_LOGICAL_2_07) ? 2070 : 0) 930 931 static void cas_handle_compat_cpu(PowerPCCPUClass *pcc, uint32_t pvr, 932 unsigned max_lvl, unsigned *compat_lvl, 933 unsigned *cpu_version) 934 { 935 unsigned lvl = get_compat_level(pvr); 936 bool is205, is206, is207; 937 938 if (!lvl) { 939 return; 940 } 941 942 /* If it is a logical PVR, try to determine the highest level */ 943 is205 = (pcc->pcr_supported & PCR_COMPAT_2_05) && 944 (lvl == get_compat_level(CPU_POWERPC_LOGICAL_2_05)); 945 is206 = (pcc->pcr_supported & PCR_COMPAT_2_06) && 946 ((lvl == get_compat_level(CPU_POWERPC_LOGICAL_2_06)) || 947 (lvl == get_compat_level(CPU_POWERPC_LOGICAL_2_06_PLUS))); 948 is207 = (pcc->pcr_supported & PCR_COMPAT_2_07) && 949 (lvl == get_compat_level(CPU_POWERPC_LOGICAL_2_07)); 950 951 if (is205 || is206 || is207) { 952 if (!max_lvl) { 953 /* User did not set the level, choose the highest */ 954 if (*compat_lvl <= lvl) { 955 *compat_lvl = lvl; 956 *cpu_version = pvr; 957 } 958 } else if (max_lvl >= lvl) { 959 /* User chose the level, don't set higher than this */ 960 *compat_lvl = lvl; 961 *cpu_version = pvr; 962 } 963 } 964 } 965 966 #define OV5_DRCONF_MEMORY 0x20 967 968 static target_ulong h_client_architecture_support(PowerPCCPU *cpu_, 969 sPAPRMachineState *spapr, 970 target_ulong opcode, 971 target_ulong *args) 972 { 973 target_ulong list = ppc64_phys_to_real(args[0]); 974 target_ulong ov_table, ov5; 975 PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu_); 976 CPUState *cs; 977 bool cpu_match = false, cpu_update = true, memory_update = false; 978 unsigned old_cpu_version = cpu_->cpu_version; 979 unsigned compat_lvl = 0, cpu_version = 0; 980 unsigned max_lvl = get_compat_level(cpu_->max_compat); 981 int counter; 982 char ov5_byte2; 983 984 /* Parse PVR list */ 985 for (counter = 0; counter < 512; ++counter) { 986 uint32_t pvr, pvr_mask; 987 988 pvr_mask = ldl_be_phys(&address_space_memory, list); 989 list += 4; 990 pvr = ldl_be_phys(&address_space_memory, list); 991 list += 4; 992 993 trace_spapr_cas_pvr_try(pvr); 994 if (!max_lvl && 995 ((cpu_->env.spr[SPR_PVR] & pvr_mask) == (pvr & pvr_mask))) { 996 cpu_match = true; 997 cpu_version = 0; 998 } else if (pvr == cpu_->cpu_version) { 999 cpu_match = true; 1000 cpu_version = cpu_->cpu_version; 1001 } else if (!cpu_match) { 1002 cas_handle_compat_cpu(pcc, pvr, max_lvl, &compat_lvl, &cpu_version); 1003 } 1004 /* Terminator record */ 1005 if (~pvr_mask & pvr) { 1006 break; 1007 } 1008 } 1009 1010 /* Parsing finished */ 1011 trace_spapr_cas_pvr(cpu_->cpu_version, cpu_match, 1012 cpu_version, pcc->pcr_mask); 1013 1014 /* Update CPUs */ 1015 if (old_cpu_version != cpu_version) { 1016 CPU_FOREACH(cs) { 1017 SetCompatState s = { 1018 .cpu = POWERPC_CPU(cs), 1019 .cpu_version = cpu_version, 1020 .err = NULL, 1021 }; 1022 1023 run_on_cpu(cs, do_set_compat, &s); 1024 1025 if (s.err) { 1026 error_report_err(s.err); 1027 return H_HARDWARE; 1028 } 1029 } 1030 } 1031 1032 if (!cpu_version) { 1033 cpu_update = false; 1034 } 1035 1036 /* For the future use: here @ov_table points to the first option vector */ 1037 ov_table = list; 1038 1039 ov5 = cas_get_option_vector(5, ov_table); 1040 if (!ov5) { 1041 return H_SUCCESS; 1042 } 1043 1044 /* @list now points to OV 5 */ 1045 ov5_byte2 = ldub_phys(&address_space_memory, ov5 + 2); 1046 if (ov5_byte2 & OV5_DRCONF_MEMORY) { 1047 memory_update = true; 1048 } 1049 1050 if (spapr_h_cas_compose_response(spapr, args[1], args[2], 1051 cpu_update, memory_update)) { 1052 qemu_system_reset_request(); 1053 } 1054 1055 return H_SUCCESS; 1056 } 1057 1058 static spapr_hcall_fn papr_hypercall_table[(MAX_HCALL_OPCODE / 4) + 1]; 1059 static spapr_hcall_fn kvmppc_hypercall_table[KVMPPC_HCALL_MAX - KVMPPC_HCALL_BASE + 1]; 1060 1061 void spapr_register_hypercall(target_ulong opcode, spapr_hcall_fn fn) 1062 { 1063 spapr_hcall_fn *slot; 1064 1065 if (opcode <= MAX_HCALL_OPCODE) { 1066 assert((opcode & 0x3) == 0); 1067 1068 slot = &papr_hypercall_table[opcode / 4]; 1069 } else { 1070 assert((opcode >= KVMPPC_HCALL_BASE) && (opcode <= KVMPPC_HCALL_MAX)); 1071 1072 slot = &kvmppc_hypercall_table[opcode - KVMPPC_HCALL_BASE]; 1073 } 1074 1075 assert(!(*slot)); 1076 *slot = fn; 1077 } 1078 1079 target_ulong spapr_hypercall(PowerPCCPU *cpu, target_ulong opcode, 1080 target_ulong *args) 1081 { 1082 sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine()); 1083 1084 if ((opcode <= MAX_HCALL_OPCODE) 1085 && ((opcode & 0x3) == 0)) { 1086 spapr_hcall_fn fn = papr_hypercall_table[opcode / 4]; 1087 1088 if (fn) { 1089 return fn(cpu, spapr, opcode, args); 1090 } 1091 } else if ((opcode >= KVMPPC_HCALL_BASE) && 1092 (opcode <= KVMPPC_HCALL_MAX)) { 1093 spapr_hcall_fn fn = kvmppc_hypercall_table[opcode - KVMPPC_HCALL_BASE]; 1094 1095 if (fn) { 1096 return fn(cpu, spapr, opcode, args); 1097 } 1098 } 1099 1100 qemu_log_mask(LOG_UNIMP, "Unimplemented SPAPR hcall 0x" TARGET_FMT_lx "\n", 1101 opcode); 1102 return H_FUNCTION; 1103 } 1104 1105 static void hypercall_register_types(void) 1106 { 1107 /* hcall-pft */ 1108 spapr_register_hypercall(H_ENTER, h_enter); 1109 spapr_register_hypercall(H_REMOVE, h_remove); 1110 spapr_register_hypercall(H_PROTECT, h_protect); 1111 spapr_register_hypercall(H_READ, h_read); 1112 1113 /* hcall-bulk */ 1114 spapr_register_hypercall(H_BULK_REMOVE, h_bulk_remove); 1115 1116 /* hcall-splpar */ 1117 spapr_register_hypercall(H_REGISTER_VPA, h_register_vpa); 1118 spapr_register_hypercall(H_CEDE, h_cede); 1119 1120 /* processor register resource access h-calls */ 1121 spapr_register_hypercall(H_SET_SPRG0, h_set_sprg0); 1122 spapr_register_hypercall(H_SET_DABR, h_set_dabr); 1123 spapr_register_hypercall(H_SET_XDABR, h_set_xdabr); 1124 spapr_register_hypercall(H_PAGE_INIT, h_page_init); 1125 spapr_register_hypercall(H_SET_MODE, h_set_mode); 1126 1127 /* "debugger" hcalls (also used by SLOF). Note: We do -not- differenciate 1128 * here between the "CI" and the "CACHE" variants, they will use whatever 1129 * mapping attributes qemu is using. When using KVM, the kernel will 1130 * enforce the attributes more strongly 1131 */ 1132 spapr_register_hypercall(H_LOGICAL_CI_LOAD, h_logical_load); 1133 spapr_register_hypercall(H_LOGICAL_CI_STORE, h_logical_store); 1134 spapr_register_hypercall(H_LOGICAL_CACHE_LOAD, h_logical_load); 1135 spapr_register_hypercall(H_LOGICAL_CACHE_STORE, h_logical_store); 1136 spapr_register_hypercall(H_LOGICAL_ICBI, h_logical_icbi); 1137 spapr_register_hypercall(H_LOGICAL_DCBF, h_logical_dcbf); 1138 spapr_register_hypercall(KVMPPC_H_LOGICAL_MEMOP, h_logical_memop); 1139 1140 /* qemu/KVM-PPC specific hcalls */ 1141 spapr_register_hypercall(KVMPPC_H_RTAS, h_rtas); 1142 1143 /* ibm,client-architecture-support support */ 1144 spapr_register_hypercall(KVMPPC_H_CAS, h_client_architecture_support); 1145 } 1146 1147 type_init(hypercall_register_types) 1148