1 #include "qemu/osdep.h" 2 #include "qapi/error.h" 3 #include "sysemu/sysemu.h" 4 #include "qemu/log.h" 5 #include "cpu.h" 6 #include "exec/exec-all.h" 7 #include "helper_regs.h" 8 #include "hw/ppc/spapr.h" 9 #include "mmu-hash64.h" 10 #include "cpu-models.h" 11 #include "trace.h" 12 #include "sysemu/kvm.h" 13 #include "kvm_ppc.h" 14 15 struct SPRSyncState { 16 int spr; 17 target_ulong value; 18 target_ulong mask; 19 }; 20 21 static void do_spr_sync(CPUState *cs, void *arg) 22 { 23 struct SPRSyncState *s = arg; 24 PowerPCCPU *cpu = POWERPC_CPU(cs); 25 CPUPPCState *env = &cpu->env; 26 27 cpu_synchronize_state(cs); 28 env->spr[s->spr] &= ~s->mask; 29 env->spr[s->spr] |= s->value; 30 } 31 32 static void set_spr(CPUState *cs, int spr, target_ulong value, 33 target_ulong mask) 34 { 35 struct SPRSyncState s = { 36 .spr = spr, 37 .value = value, 38 .mask = mask 39 }; 40 run_on_cpu(cs, do_spr_sync, &s); 41 } 42 43 static bool has_spr(PowerPCCPU *cpu, int spr) 44 { 45 /* We can test whether the SPR is defined by checking for a valid name */ 46 return cpu->env.spr_cb[spr].name != NULL; 47 } 48 49 static inline bool valid_pte_index(CPUPPCState *env, target_ulong pte_index) 50 { 51 /* 52 * hash value/pteg group index is normalized by htab_mask 53 */ 54 if (((pte_index & ~7ULL) / HPTES_PER_GROUP) & ~env->htab_mask) { 55 return false; 56 } 57 return true; 58 } 59 60 static bool is_ram_address(sPAPRMachineState *spapr, hwaddr addr) 61 { 62 MachineState *machine = MACHINE(spapr); 63 MemoryHotplugState *hpms = &spapr->hotplug_memory; 64 65 if (addr < machine->ram_size) { 66 return true; 67 } 68 if ((addr >= hpms->base) 69 && ((addr - hpms->base) < memory_region_size(&hpms->mr))) { 70 return true; 71 } 72 73 return false; 74 } 75 76 static target_ulong h_enter(PowerPCCPU *cpu, sPAPRMachineState *spapr, 77 target_ulong opcode, target_ulong *args) 78 { 79 CPUPPCState *env = &cpu->env; 80 target_ulong flags = args[0]; 81 target_ulong pte_index = args[1]; 82 target_ulong pteh = args[2]; 83 target_ulong ptel = args[3]; 84 unsigned apshift; 85 target_ulong raddr; 86 target_ulong index; 87 uint64_t token; 88 89 apshift = ppc_hash64_hpte_page_shift_noslb(cpu, pteh, ptel); 90 if (!apshift) { 91 /* Bad page size encoding */ 92 return H_PARAMETER; 93 } 94 95 raddr = (ptel & HPTE64_R_RPN) & ~((1ULL << apshift) - 1); 96 97 if (is_ram_address(spapr, raddr)) { 98 /* Regular RAM - should have WIMG=0010 */ 99 if ((ptel & HPTE64_R_WIMG) != HPTE64_R_M) { 100 return H_PARAMETER; 101 } 102 } else { 103 target_ulong wimg_flags; 104 /* Looks like an IO address */ 105 /* FIXME: What WIMG combinations could be sensible for IO? 106 * For now we allow WIMG=010x, but are there others? */ 107 /* FIXME: Should we check against registered IO addresses? */ 108 wimg_flags = (ptel & (HPTE64_R_W | HPTE64_R_I | HPTE64_R_M)); 109 110 if (wimg_flags != HPTE64_R_I && 111 wimg_flags != (HPTE64_R_I | HPTE64_R_M)) { 112 return H_PARAMETER; 113 } 114 } 115 116 pteh &= ~0x60ULL; 117 118 if (!valid_pte_index(env, pte_index)) { 119 return H_PARAMETER; 120 } 121 122 index = 0; 123 if (likely((flags & H_EXACT) == 0)) { 124 pte_index &= ~7ULL; 125 token = ppc_hash64_start_access(cpu, pte_index); 126 for (; index < 8; index++) { 127 if (!(ppc_hash64_load_hpte0(cpu, token, index) & HPTE64_V_VALID)) { 128 break; 129 } 130 } 131 ppc_hash64_stop_access(cpu, token); 132 if (index == 8) { 133 return H_PTEG_FULL; 134 } 135 } else { 136 token = ppc_hash64_start_access(cpu, pte_index); 137 if (ppc_hash64_load_hpte0(cpu, token, 0) & HPTE64_V_VALID) { 138 ppc_hash64_stop_access(cpu, token); 139 return H_PTEG_FULL; 140 } 141 ppc_hash64_stop_access(cpu, token); 142 } 143 144 ppc_hash64_store_hpte(cpu, pte_index + index, 145 pteh | HPTE64_V_HPTE_DIRTY, ptel); 146 147 args[0] = pte_index + index; 148 return H_SUCCESS; 149 } 150 151 typedef enum { 152 REMOVE_SUCCESS = 0, 153 REMOVE_NOT_FOUND = 1, 154 REMOVE_PARM = 2, 155 REMOVE_HW = 3, 156 } RemoveResult; 157 158 static RemoveResult remove_hpte(PowerPCCPU *cpu, target_ulong ptex, 159 target_ulong avpn, 160 target_ulong flags, 161 target_ulong *vp, target_ulong *rp) 162 { 163 CPUPPCState *env = &cpu->env; 164 uint64_t token; 165 target_ulong v, r; 166 167 if (!valid_pte_index(env, ptex)) { 168 return REMOVE_PARM; 169 } 170 171 token = ppc_hash64_start_access(cpu, ptex); 172 v = ppc_hash64_load_hpte0(cpu, token, 0); 173 r = ppc_hash64_load_hpte1(cpu, token, 0); 174 ppc_hash64_stop_access(cpu, token); 175 176 if ((v & HPTE64_V_VALID) == 0 || 177 ((flags & H_AVPN) && (v & ~0x7fULL) != avpn) || 178 ((flags & H_ANDCOND) && (v & avpn) != 0)) { 179 return REMOVE_NOT_FOUND; 180 } 181 *vp = v; 182 *rp = r; 183 ppc_hash64_store_hpte(cpu, ptex, HPTE64_V_HPTE_DIRTY, 0); 184 ppc_hash64_tlb_flush_hpte(cpu, ptex, v, r); 185 return REMOVE_SUCCESS; 186 } 187 188 static target_ulong h_remove(PowerPCCPU *cpu, sPAPRMachineState *spapr, 189 target_ulong opcode, target_ulong *args) 190 { 191 CPUPPCState *env = &cpu->env; 192 target_ulong flags = args[0]; 193 target_ulong pte_index = args[1]; 194 target_ulong avpn = args[2]; 195 RemoveResult ret; 196 197 ret = remove_hpte(cpu, pte_index, avpn, flags, 198 &args[0], &args[1]); 199 200 switch (ret) { 201 case REMOVE_SUCCESS: 202 check_tlb_flush(env, true); 203 return H_SUCCESS; 204 205 case REMOVE_NOT_FOUND: 206 return H_NOT_FOUND; 207 208 case REMOVE_PARM: 209 return H_PARAMETER; 210 211 case REMOVE_HW: 212 return H_HARDWARE; 213 } 214 215 g_assert_not_reached(); 216 } 217 218 #define H_BULK_REMOVE_TYPE 0xc000000000000000ULL 219 #define H_BULK_REMOVE_REQUEST 0x4000000000000000ULL 220 #define H_BULK_REMOVE_RESPONSE 0x8000000000000000ULL 221 #define H_BULK_REMOVE_END 0xc000000000000000ULL 222 #define H_BULK_REMOVE_CODE 0x3000000000000000ULL 223 #define H_BULK_REMOVE_SUCCESS 0x0000000000000000ULL 224 #define H_BULK_REMOVE_NOT_FOUND 0x1000000000000000ULL 225 #define H_BULK_REMOVE_PARM 0x2000000000000000ULL 226 #define H_BULK_REMOVE_HW 0x3000000000000000ULL 227 #define H_BULK_REMOVE_RC 0x0c00000000000000ULL 228 #define H_BULK_REMOVE_FLAGS 0x0300000000000000ULL 229 #define H_BULK_REMOVE_ABSOLUTE 0x0000000000000000ULL 230 #define H_BULK_REMOVE_ANDCOND 0x0100000000000000ULL 231 #define H_BULK_REMOVE_AVPN 0x0200000000000000ULL 232 #define H_BULK_REMOVE_PTEX 0x00ffffffffffffffULL 233 234 #define H_BULK_REMOVE_MAX_BATCH 4 235 236 static target_ulong h_bulk_remove(PowerPCCPU *cpu, sPAPRMachineState *spapr, 237 target_ulong opcode, target_ulong *args) 238 { 239 CPUPPCState *env = &cpu->env; 240 int i; 241 target_ulong rc = H_SUCCESS; 242 243 for (i = 0; i < H_BULK_REMOVE_MAX_BATCH; i++) { 244 target_ulong *tsh = &args[i*2]; 245 target_ulong tsl = args[i*2 + 1]; 246 target_ulong v, r, ret; 247 248 if ((*tsh & H_BULK_REMOVE_TYPE) == H_BULK_REMOVE_END) { 249 break; 250 } else if ((*tsh & H_BULK_REMOVE_TYPE) != H_BULK_REMOVE_REQUEST) { 251 return H_PARAMETER; 252 } 253 254 *tsh &= H_BULK_REMOVE_PTEX | H_BULK_REMOVE_FLAGS; 255 *tsh |= H_BULK_REMOVE_RESPONSE; 256 257 if ((*tsh & H_BULK_REMOVE_ANDCOND) && (*tsh & H_BULK_REMOVE_AVPN)) { 258 *tsh |= H_BULK_REMOVE_PARM; 259 return H_PARAMETER; 260 } 261 262 ret = remove_hpte(cpu, *tsh & H_BULK_REMOVE_PTEX, tsl, 263 (*tsh & H_BULK_REMOVE_FLAGS) >> 26, 264 &v, &r); 265 266 *tsh |= ret << 60; 267 268 switch (ret) { 269 case REMOVE_SUCCESS: 270 *tsh |= (r & (HPTE64_R_C | HPTE64_R_R)) << 43; 271 break; 272 273 case REMOVE_PARM: 274 rc = H_PARAMETER; 275 goto exit; 276 277 case REMOVE_HW: 278 rc = H_HARDWARE; 279 goto exit; 280 } 281 } 282 exit: 283 check_tlb_flush(env, true); 284 285 return rc; 286 } 287 288 static target_ulong h_protect(PowerPCCPU *cpu, sPAPRMachineState *spapr, 289 target_ulong opcode, target_ulong *args) 290 { 291 CPUPPCState *env = &cpu->env; 292 target_ulong flags = args[0]; 293 target_ulong pte_index = args[1]; 294 target_ulong avpn = args[2]; 295 uint64_t token; 296 target_ulong v, r; 297 298 if (!valid_pte_index(env, pte_index)) { 299 return H_PARAMETER; 300 } 301 302 token = ppc_hash64_start_access(cpu, pte_index); 303 v = ppc_hash64_load_hpte0(cpu, token, 0); 304 r = ppc_hash64_load_hpte1(cpu, token, 0); 305 ppc_hash64_stop_access(cpu, token); 306 307 if ((v & HPTE64_V_VALID) == 0 || 308 ((flags & H_AVPN) && (v & ~0x7fULL) != avpn)) { 309 return H_NOT_FOUND; 310 } 311 312 r &= ~(HPTE64_R_PP0 | HPTE64_R_PP | HPTE64_R_N | 313 HPTE64_R_KEY_HI | HPTE64_R_KEY_LO); 314 r |= (flags << 55) & HPTE64_R_PP0; 315 r |= (flags << 48) & HPTE64_R_KEY_HI; 316 r |= flags & (HPTE64_R_PP | HPTE64_R_N | HPTE64_R_KEY_LO); 317 ppc_hash64_store_hpte(cpu, pte_index, 318 (v & ~HPTE64_V_VALID) | HPTE64_V_HPTE_DIRTY, 0); 319 ppc_hash64_tlb_flush_hpte(cpu, pte_index, v, r); 320 /* Flush the tlb */ 321 check_tlb_flush(env, true); 322 /* Don't need a memory barrier, due to qemu's global lock */ 323 ppc_hash64_store_hpte(cpu, pte_index, v | HPTE64_V_HPTE_DIRTY, r); 324 return H_SUCCESS; 325 } 326 327 static target_ulong h_read(PowerPCCPU *cpu, sPAPRMachineState *spapr, 328 target_ulong opcode, target_ulong *args) 329 { 330 CPUPPCState *env = &cpu->env; 331 target_ulong flags = args[0]; 332 target_ulong pte_index = args[1]; 333 uint8_t *hpte; 334 int i, ridx, n_entries = 1; 335 336 if (!valid_pte_index(env, pte_index)) { 337 return H_PARAMETER; 338 } 339 340 if (flags & H_READ_4) { 341 /* Clear the two low order bits */ 342 pte_index &= ~(3ULL); 343 n_entries = 4; 344 } 345 346 hpte = env->external_htab + (pte_index * HASH_PTE_SIZE_64); 347 348 for (i = 0, ridx = 0; i < n_entries; i++) { 349 args[ridx++] = ldq_p(hpte); 350 args[ridx++] = ldq_p(hpte + (HASH_PTE_SIZE_64/2)); 351 hpte += HASH_PTE_SIZE_64; 352 } 353 354 return H_SUCCESS; 355 } 356 357 static target_ulong h_set_sprg0(PowerPCCPU *cpu, sPAPRMachineState *spapr, 358 target_ulong opcode, target_ulong *args) 359 { 360 cpu_synchronize_state(CPU(cpu)); 361 cpu->env.spr[SPR_SPRG0] = args[0]; 362 363 return H_SUCCESS; 364 } 365 366 static target_ulong h_set_dabr(PowerPCCPU *cpu, sPAPRMachineState *spapr, 367 target_ulong opcode, target_ulong *args) 368 { 369 if (!has_spr(cpu, SPR_DABR)) { 370 return H_HARDWARE; /* DABR register not available */ 371 } 372 cpu_synchronize_state(CPU(cpu)); 373 374 if (has_spr(cpu, SPR_DABRX)) { 375 cpu->env.spr[SPR_DABRX] = 0x3; /* Use Problem and Privileged state */ 376 } else if (!(args[0] & 0x4)) { /* Breakpoint Translation set? */ 377 return H_RESERVED_DABR; 378 } 379 380 cpu->env.spr[SPR_DABR] = args[0]; 381 return H_SUCCESS; 382 } 383 384 static target_ulong h_set_xdabr(PowerPCCPU *cpu, sPAPRMachineState *spapr, 385 target_ulong opcode, target_ulong *args) 386 { 387 target_ulong dabrx = args[1]; 388 389 if (!has_spr(cpu, SPR_DABR) || !has_spr(cpu, SPR_DABRX)) { 390 return H_HARDWARE; 391 } 392 393 if ((dabrx & ~0xfULL) != 0 || (dabrx & H_DABRX_HYPERVISOR) != 0 394 || (dabrx & (H_DABRX_KERNEL | H_DABRX_USER)) == 0) { 395 return H_PARAMETER; 396 } 397 398 cpu_synchronize_state(CPU(cpu)); 399 cpu->env.spr[SPR_DABRX] = dabrx; 400 cpu->env.spr[SPR_DABR] = args[0]; 401 402 return H_SUCCESS; 403 } 404 405 static target_ulong h_page_init(PowerPCCPU *cpu, sPAPRMachineState *spapr, 406 target_ulong opcode, target_ulong *args) 407 { 408 target_ulong flags = args[0]; 409 hwaddr dst = args[1]; 410 hwaddr src = args[2]; 411 hwaddr len = TARGET_PAGE_SIZE; 412 uint8_t *pdst, *psrc; 413 target_long ret = H_SUCCESS; 414 415 if (flags & ~(H_ICACHE_SYNCHRONIZE | H_ICACHE_INVALIDATE 416 | H_COPY_PAGE | H_ZERO_PAGE)) { 417 qemu_log_mask(LOG_UNIMP, "h_page_init: Bad flags (" TARGET_FMT_lx "\n", 418 flags); 419 return H_PARAMETER; 420 } 421 422 /* Map-in destination */ 423 if (!is_ram_address(spapr, dst) || (dst & ~TARGET_PAGE_MASK) != 0) { 424 return H_PARAMETER; 425 } 426 pdst = cpu_physical_memory_map(dst, &len, 1); 427 if (!pdst || len != TARGET_PAGE_SIZE) { 428 return H_PARAMETER; 429 } 430 431 if (flags & H_COPY_PAGE) { 432 /* Map-in source, copy to destination, and unmap source again */ 433 if (!is_ram_address(spapr, src) || (src & ~TARGET_PAGE_MASK) != 0) { 434 ret = H_PARAMETER; 435 goto unmap_out; 436 } 437 psrc = cpu_physical_memory_map(src, &len, 0); 438 if (!psrc || len != TARGET_PAGE_SIZE) { 439 ret = H_PARAMETER; 440 goto unmap_out; 441 } 442 memcpy(pdst, psrc, len); 443 cpu_physical_memory_unmap(psrc, len, 0, len); 444 } else if (flags & H_ZERO_PAGE) { 445 memset(pdst, 0, len); /* Just clear the destination page */ 446 } 447 448 if (kvm_enabled() && (flags & H_ICACHE_SYNCHRONIZE) != 0) { 449 kvmppc_dcbst_range(cpu, pdst, len); 450 } 451 if (flags & (H_ICACHE_SYNCHRONIZE | H_ICACHE_INVALIDATE)) { 452 if (kvm_enabled()) { 453 kvmppc_icbi_range(cpu, pdst, len); 454 } else { 455 tb_flush(CPU(cpu)); 456 } 457 } 458 459 unmap_out: 460 cpu_physical_memory_unmap(pdst, TARGET_PAGE_SIZE, 1, len); 461 return ret; 462 } 463 464 #define FLAGS_REGISTER_VPA 0x0000200000000000ULL 465 #define FLAGS_REGISTER_DTL 0x0000400000000000ULL 466 #define FLAGS_REGISTER_SLBSHADOW 0x0000600000000000ULL 467 #define FLAGS_DEREGISTER_VPA 0x0000a00000000000ULL 468 #define FLAGS_DEREGISTER_DTL 0x0000c00000000000ULL 469 #define FLAGS_DEREGISTER_SLBSHADOW 0x0000e00000000000ULL 470 471 #define VPA_MIN_SIZE 640 472 #define VPA_SIZE_OFFSET 0x4 473 #define VPA_SHARED_PROC_OFFSET 0x9 474 #define VPA_SHARED_PROC_VAL 0x2 475 476 static target_ulong register_vpa(CPUPPCState *env, target_ulong vpa) 477 { 478 CPUState *cs = CPU(ppc_env_get_cpu(env)); 479 uint16_t size; 480 uint8_t tmp; 481 482 if (vpa == 0) { 483 hcall_dprintf("Can't cope with registering a VPA at logical 0\n"); 484 return H_HARDWARE; 485 } 486 487 if (vpa % env->dcache_line_size) { 488 return H_PARAMETER; 489 } 490 /* FIXME: bounds check the address */ 491 492 size = lduw_be_phys(cs->as, vpa + 0x4); 493 494 if (size < VPA_MIN_SIZE) { 495 return H_PARAMETER; 496 } 497 498 /* VPA is not allowed to cross a page boundary */ 499 if ((vpa / 4096) != ((vpa + size - 1) / 4096)) { 500 return H_PARAMETER; 501 } 502 503 env->vpa_addr = vpa; 504 505 tmp = ldub_phys(cs->as, env->vpa_addr + VPA_SHARED_PROC_OFFSET); 506 tmp |= VPA_SHARED_PROC_VAL; 507 stb_phys(cs->as, env->vpa_addr + VPA_SHARED_PROC_OFFSET, tmp); 508 509 return H_SUCCESS; 510 } 511 512 static target_ulong deregister_vpa(CPUPPCState *env, target_ulong vpa) 513 { 514 if (env->slb_shadow_addr) { 515 return H_RESOURCE; 516 } 517 518 if (env->dtl_addr) { 519 return H_RESOURCE; 520 } 521 522 env->vpa_addr = 0; 523 return H_SUCCESS; 524 } 525 526 static target_ulong register_slb_shadow(CPUPPCState *env, target_ulong addr) 527 { 528 CPUState *cs = CPU(ppc_env_get_cpu(env)); 529 uint32_t size; 530 531 if (addr == 0) { 532 hcall_dprintf("Can't cope with SLB shadow at logical 0\n"); 533 return H_HARDWARE; 534 } 535 536 size = ldl_be_phys(cs->as, addr + 0x4); 537 if (size < 0x8) { 538 return H_PARAMETER; 539 } 540 541 if ((addr / 4096) != ((addr + size - 1) / 4096)) { 542 return H_PARAMETER; 543 } 544 545 if (!env->vpa_addr) { 546 return H_RESOURCE; 547 } 548 549 env->slb_shadow_addr = addr; 550 env->slb_shadow_size = size; 551 552 return H_SUCCESS; 553 } 554 555 static target_ulong deregister_slb_shadow(CPUPPCState *env, target_ulong addr) 556 { 557 env->slb_shadow_addr = 0; 558 env->slb_shadow_size = 0; 559 return H_SUCCESS; 560 } 561 562 static target_ulong register_dtl(CPUPPCState *env, target_ulong addr) 563 { 564 CPUState *cs = CPU(ppc_env_get_cpu(env)); 565 uint32_t size; 566 567 if (addr == 0) { 568 hcall_dprintf("Can't cope with DTL at logical 0\n"); 569 return H_HARDWARE; 570 } 571 572 size = ldl_be_phys(cs->as, addr + 0x4); 573 574 if (size < 48) { 575 return H_PARAMETER; 576 } 577 578 if (!env->vpa_addr) { 579 return H_RESOURCE; 580 } 581 582 env->dtl_addr = addr; 583 env->dtl_size = size; 584 585 return H_SUCCESS; 586 } 587 588 static target_ulong deregister_dtl(CPUPPCState *env, target_ulong addr) 589 { 590 env->dtl_addr = 0; 591 env->dtl_size = 0; 592 593 return H_SUCCESS; 594 } 595 596 static target_ulong h_register_vpa(PowerPCCPU *cpu, sPAPRMachineState *spapr, 597 target_ulong opcode, target_ulong *args) 598 { 599 target_ulong flags = args[0]; 600 target_ulong procno = args[1]; 601 target_ulong vpa = args[2]; 602 target_ulong ret = H_PARAMETER; 603 CPUPPCState *tenv; 604 PowerPCCPU *tcpu; 605 606 tcpu = ppc_get_vcpu_by_dt_id(procno); 607 if (!tcpu) { 608 return H_PARAMETER; 609 } 610 tenv = &tcpu->env; 611 612 switch (flags) { 613 case FLAGS_REGISTER_VPA: 614 ret = register_vpa(tenv, vpa); 615 break; 616 617 case FLAGS_DEREGISTER_VPA: 618 ret = deregister_vpa(tenv, vpa); 619 break; 620 621 case FLAGS_REGISTER_SLBSHADOW: 622 ret = register_slb_shadow(tenv, vpa); 623 break; 624 625 case FLAGS_DEREGISTER_SLBSHADOW: 626 ret = deregister_slb_shadow(tenv, vpa); 627 break; 628 629 case FLAGS_REGISTER_DTL: 630 ret = register_dtl(tenv, vpa); 631 break; 632 633 case FLAGS_DEREGISTER_DTL: 634 ret = deregister_dtl(tenv, vpa); 635 break; 636 } 637 638 return ret; 639 } 640 641 static target_ulong h_cede(PowerPCCPU *cpu, sPAPRMachineState *spapr, 642 target_ulong opcode, target_ulong *args) 643 { 644 CPUPPCState *env = &cpu->env; 645 CPUState *cs = CPU(cpu); 646 647 env->msr |= (1ULL << MSR_EE); 648 hreg_compute_hflags(env); 649 if (!cpu_has_work(cs)) { 650 cs->halted = 1; 651 cs->exception_index = EXCP_HLT; 652 cs->exit_request = 1; 653 } 654 return H_SUCCESS; 655 } 656 657 static target_ulong h_rtas(PowerPCCPU *cpu, sPAPRMachineState *spapr, 658 target_ulong opcode, target_ulong *args) 659 { 660 target_ulong rtas_r3 = args[0]; 661 uint32_t token = rtas_ld(rtas_r3, 0); 662 uint32_t nargs = rtas_ld(rtas_r3, 1); 663 uint32_t nret = rtas_ld(rtas_r3, 2); 664 665 return spapr_rtas_call(cpu, spapr, token, nargs, rtas_r3 + 12, 666 nret, rtas_r3 + 12 + 4*nargs); 667 } 668 669 static target_ulong h_logical_load(PowerPCCPU *cpu, sPAPRMachineState *spapr, 670 target_ulong opcode, target_ulong *args) 671 { 672 CPUState *cs = CPU(cpu); 673 target_ulong size = args[0]; 674 target_ulong addr = args[1]; 675 676 switch (size) { 677 case 1: 678 args[0] = ldub_phys(cs->as, addr); 679 return H_SUCCESS; 680 case 2: 681 args[0] = lduw_phys(cs->as, addr); 682 return H_SUCCESS; 683 case 4: 684 args[0] = ldl_phys(cs->as, addr); 685 return H_SUCCESS; 686 case 8: 687 args[0] = ldq_phys(cs->as, addr); 688 return H_SUCCESS; 689 } 690 return H_PARAMETER; 691 } 692 693 static target_ulong h_logical_store(PowerPCCPU *cpu, sPAPRMachineState *spapr, 694 target_ulong opcode, target_ulong *args) 695 { 696 CPUState *cs = CPU(cpu); 697 698 target_ulong size = args[0]; 699 target_ulong addr = args[1]; 700 target_ulong val = args[2]; 701 702 switch (size) { 703 case 1: 704 stb_phys(cs->as, addr, val); 705 return H_SUCCESS; 706 case 2: 707 stw_phys(cs->as, addr, val); 708 return H_SUCCESS; 709 case 4: 710 stl_phys(cs->as, addr, val); 711 return H_SUCCESS; 712 case 8: 713 stq_phys(cs->as, addr, val); 714 return H_SUCCESS; 715 } 716 return H_PARAMETER; 717 } 718 719 static target_ulong h_logical_memop(PowerPCCPU *cpu, sPAPRMachineState *spapr, 720 target_ulong opcode, target_ulong *args) 721 { 722 CPUState *cs = CPU(cpu); 723 724 target_ulong dst = args[0]; /* Destination address */ 725 target_ulong src = args[1]; /* Source address */ 726 target_ulong esize = args[2]; /* Element size (0=1,1=2,2=4,3=8) */ 727 target_ulong count = args[3]; /* Element count */ 728 target_ulong op = args[4]; /* 0 = copy, 1 = invert */ 729 uint64_t tmp; 730 unsigned int mask = (1 << esize) - 1; 731 int step = 1 << esize; 732 733 if (count > 0x80000000) { 734 return H_PARAMETER; 735 } 736 737 if ((dst & mask) || (src & mask) || (op > 1)) { 738 return H_PARAMETER; 739 } 740 741 if (dst >= src && dst < (src + (count << esize))) { 742 dst = dst + ((count - 1) << esize); 743 src = src + ((count - 1) << esize); 744 step = -step; 745 } 746 747 while (count--) { 748 switch (esize) { 749 case 0: 750 tmp = ldub_phys(cs->as, src); 751 break; 752 case 1: 753 tmp = lduw_phys(cs->as, src); 754 break; 755 case 2: 756 tmp = ldl_phys(cs->as, src); 757 break; 758 case 3: 759 tmp = ldq_phys(cs->as, src); 760 break; 761 default: 762 return H_PARAMETER; 763 } 764 if (op == 1) { 765 tmp = ~tmp; 766 } 767 switch (esize) { 768 case 0: 769 stb_phys(cs->as, dst, tmp); 770 break; 771 case 1: 772 stw_phys(cs->as, dst, tmp); 773 break; 774 case 2: 775 stl_phys(cs->as, dst, tmp); 776 break; 777 case 3: 778 stq_phys(cs->as, dst, tmp); 779 break; 780 } 781 dst = dst + step; 782 src = src + step; 783 } 784 785 return H_SUCCESS; 786 } 787 788 static target_ulong h_logical_icbi(PowerPCCPU *cpu, sPAPRMachineState *spapr, 789 target_ulong opcode, target_ulong *args) 790 { 791 /* Nothing to do on emulation, KVM will trap this in the kernel */ 792 return H_SUCCESS; 793 } 794 795 static target_ulong h_logical_dcbf(PowerPCCPU *cpu, sPAPRMachineState *spapr, 796 target_ulong opcode, target_ulong *args) 797 { 798 /* Nothing to do on emulation, KVM will trap this in the kernel */ 799 return H_SUCCESS; 800 } 801 802 static target_ulong h_set_mode_resource_le(PowerPCCPU *cpu, 803 target_ulong mflags, 804 target_ulong value1, 805 target_ulong value2) 806 { 807 CPUState *cs; 808 809 if (value1) { 810 return H_P3; 811 } 812 if (value2) { 813 return H_P4; 814 } 815 816 switch (mflags) { 817 case H_SET_MODE_ENDIAN_BIG: 818 CPU_FOREACH(cs) { 819 set_spr(cs, SPR_LPCR, 0, LPCR_ILE); 820 } 821 spapr_pci_switch_vga(true); 822 return H_SUCCESS; 823 824 case H_SET_MODE_ENDIAN_LITTLE: 825 CPU_FOREACH(cs) { 826 set_spr(cs, SPR_LPCR, LPCR_ILE, LPCR_ILE); 827 } 828 spapr_pci_switch_vga(false); 829 return H_SUCCESS; 830 } 831 832 return H_UNSUPPORTED_FLAG; 833 } 834 835 static target_ulong h_set_mode_resource_addr_trans_mode(PowerPCCPU *cpu, 836 target_ulong mflags, 837 target_ulong value1, 838 target_ulong value2) 839 { 840 CPUState *cs; 841 PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu); 842 843 if (!(pcc->insns_flags2 & PPC2_ISA207S)) { 844 return H_P2; 845 } 846 if (value1) { 847 return H_P3; 848 } 849 if (value2) { 850 return H_P4; 851 } 852 853 if (mflags == AIL_RESERVED) { 854 return H_UNSUPPORTED_FLAG; 855 } 856 857 CPU_FOREACH(cs) { 858 set_spr(cs, SPR_LPCR, mflags << LPCR_AIL_SHIFT, LPCR_AIL); 859 } 860 861 return H_SUCCESS; 862 } 863 864 static target_ulong h_set_mode(PowerPCCPU *cpu, sPAPRMachineState *spapr, 865 target_ulong opcode, target_ulong *args) 866 { 867 target_ulong resource = args[1]; 868 target_ulong ret = H_P2; 869 870 switch (resource) { 871 case H_SET_MODE_RESOURCE_LE: 872 ret = h_set_mode_resource_le(cpu, args[0], args[2], args[3]); 873 break; 874 case H_SET_MODE_RESOURCE_ADDR_TRANS_MODE: 875 ret = h_set_mode_resource_addr_trans_mode(cpu, args[0], 876 args[2], args[3]); 877 break; 878 } 879 880 return ret; 881 } 882 883 /* 884 * Return the offset to the requested option vector @vector in the 885 * option vector table @table. 886 */ 887 static target_ulong cas_get_option_vector(int vector, target_ulong table) 888 { 889 int i; 890 char nr_vectors, nr_entries; 891 892 if (!table) { 893 return 0; 894 } 895 896 nr_vectors = (ldl_phys(&address_space_memory, table) >> 24) + 1; 897 if (!vector || vector > nr_vectors) { 898 return 0; 899 } 900 table++; /* skip nr option vectors */ 901 902 for (i = 0; i < vector - 1; i++) { 903 nr_entries = ldl_phys(&address_space_memory, table) >> 24; 904 table += nr_entries + 2; 905 } 906 return table; 907 } 908 909 typedef struct { 910 uint32_t cpu_version; 911 Error *err; 912 } SetCompatState; 913 914 static void do_set_compat(CPUState *cs, void *arg) 915 { 916 PowerPCCPU *cpu = POWERPC_CPU(cs); 917 SetCompatState *s = arg; 918 919 cpu_synchronize_state(cs); 920 ppc_set_compat(cpu, s->cpu_version, &s->err); 921 } 922 923 #define get_compat_level(cpuver) ( \ 924 ((cpuver) == CPU_POWERPC_LOGICAL_2_05) ? 2050 : \ 925 ((cpuver) == CPU_POWERPC_LOGICAL_2_06) ? 2060 : \ 926 ((cpuver) == CPU_POWERPC_LOGICAL_2_06_PLUS) ? 2061 : \ 927 ((cpuver) == CPU_POWERPC_LOGICAL_2_07) ? 2070 : 0) 928 929 static void cas_handle_compat_cpu(PowerPCCPUClass *pcc, uint32_t pvr, 930 unsigned max_lvl, unsigned *compat_lvl, 931 unsigned *cpu_version) 932 { 933 unsigned lvl = get_compat_level(pvr); 934 bool is205, is206, is207; 935 936 if (!lvl) { 937 return; 938 } 939 940 /* If it is a logical PVR, try to determine the highest level */ 941 is205 = (pcc->pcr_supported & PCR_COMPAT_2_05) && 942 (lvl == get_compat_level(CPU_POWERPC_LOGICAL_2_05)); 943 is206 = (pcc->pcr_supported & PCR_COMPAT_2_06) && 944 ((lvl == get_compat_level(CPU_POWERPC_LOGICAL_2_06)) || 945 (lvl == get_compat_level(CPU_POWERPC_LOGICAL_2_06_PLUS))); 946 is207 = (pcc->pcr_supported & PCR_COMPAT_2_07) && 947 (lvl == get_compat_level(CPU_POWERPC_LOGICAL_2_07)); 948 949 if (is205 || is206 || is207) { 950 if (!max_lvl) { 951 /* User did not set the level, choose the highest */ 952 if (*compat_lvl <= lvl) { 953 *compat_lvl = lvl; 954 *cpu_version = pvr; 955 } 956 } else if (max_lvl >= lvl) { 957 /* User chose the level, don't set higher than this */ 958 *compat_lvl = lvl; 959 *cpu_version = pvr; 960 } 961 } 962 } 963 964 #define OV5_DRCONF_MEMORY 0x20 965 966 static target_ulong h_client_architecture_support(PowerPCCPU *cpu_, 967 sPAPRMachineState *spapr, 968 target_ulong opcode, 969 target_ulong *args) 970 { 971 target_ulong list = ppc64_phys_to_real(args[0]); 972 target_ulong ov_table, ov5; 973 PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu_); 974 CPUState *cs; 975 bool cpu_match = false, cpu_update = true, memory_update = false; 976 unsigned old_cpu_version = cpu_->cpu_version; 977 unsigned compat_lvl = 0, cpu_version = 0; 978 unsigned max_lvl = get_compat_level(cpu_->max_compat); 979 int counter; 980 char ov5_byte2; 981 982 /* Parse PVR list */ 983 for (counter = 0; counter < 512; ++counter) { 984 uint32_t pvr, pvr_mask; 985 986 pvr_mask = ldl_be_phys(&address_space_memory, list); 987 list += 4; 988 pvr = ldl_be_phys(&address_space_memory, list); 989 list += 4; 990 991 trace_spapr_cas_pvr_try(pvr); 992 if (!max_lvl && 993 ((cpu_->env.spr[SPR_PVR] & pvr_mask) == (pvr & pvr_mask))) { 994 cpu_match = true; 995 cpu_version = 0; 996 } else if (pvr == cpu_->cpu_version) { 997 cpu_match = true; 998 cpu_version = cpu_->cpu_version; 999 } else if (!cpu_match) { 1000 cas_handle_compat_cpu(pcc, pvr, max_lvl, &compat_lvl, &cpu_version); 1001 } 1002 /* Terminator record */ 1003 if (~pvr_mask & pvr) { 1004 break; 1005 } 1006 } 1007 1008 /* Parsing finished */ 1009 trace_spapr_cas_pvr(cpu_->cpu_version, cpu_match, 1010 cpu_version, pcc->pcr_mask); 1011 1012 /* Update CPUs */ 1013 if (old_cpu_version != cpu_version) { 1014 CPU_FOREACH(cs) { 1015 SetCompatState s = { 1016 .cpu_version = cpu_version, 1017 .err = NULL, 1018 }; 1019 1020 run_on_cpu(cs, do_set_compat, &s); 1021 1022 if (s.err) { 1023 error_report_err(s.err); 1024 return H_HARDWARE; 1025 } 1026 } 1027 } 1028 1029 if (!cpu_version) { 1030 cpu_update = false; 1031 } 1032 1033 /* For the future use: here @ov_table points to the first option vector */ 1034 ov_table = list; 1035 1036 ov5 = cas_get_option_vector(5, ov_table); 1037 if (!ov5) { 1038 return H_SUCCESS; 1039 } 1040 1041 /* @list now points to OV 5 */ 1042 ov5_byte2 = ldub_phys(&address_space_memory, ov5 + 2); 1043 if (ov5_byte2 & OV5_DRCONF_MEMORY) { 1044 memory_update = true; 1045 } 1046 1047 if (spapr_h_cas_compose_response(spapr, args[1], args[2], 1048 cpu_update, memory_update)) { 1049 qemu_system_reset_request(); 1050 } 1051 1052 return H_SUCCESS; 1053 } 1054 1055 static spapr_hcall_fn papr_hypercall_table[(MAX_HCALL_OPCODE / 4) + 1]; 1056 static spapr_hcall_fn kvmppc_hypercall_table[KVMPPC_HCALL_MAX - KVMPPC_HCALL_BASE + 1]; 1057 1058 void spapr_register_hypercall(target_ulong opcode, spapr_hcall_fn fn) 1059 { 1060 spapr_hcall_fn *slot; 1061 1062 if (opcode <= MAX_HCALL_OPCODE) { 1063 assert((opcode & 0x3) == 0); 1064 1065 slot = &papr_hypercall_table[opcode / 4]; 1066 } else { 1067 assert((opcode >= KVMPPC_HCALL_BASE) && (opcode <= KVMPPC_HCALL_MAX)); 1068 1069 slot = &kvmppc_hypercall_table[opcode - KVMPPC_HCALL_BASE]; 1070 } 1071 1072 assert(!(*slot)); 1073 *slot = fn; 1074 } 1075 1076 target_ulong spapr_hypercall(PowerPCCPU *cpu, target_ulong opcode, 1077 target_ulong *args) 1078 { 1079 sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine()); 1080 1081 if ((opcode <= MAX_HCALL_OPCODE) 1082 && ((opcode & 0x3) == 0)) { 1083 spapr_hcall_fn fn = papr_hypercall_table[opcode / 4]; 1084 1085 if (fn) { 1086 return fn(cpu, spapr, opcode, args); 1087 } 1088 } else if ((opcode >= KVMPPC_HCALL_BASE) && 1089 (opcode <= KVMPPC_HCALL_MAX)) { 1090 spapr_hcall_fn fn = kvmppc_hypercall_table[opcode - KVMPPC_HCALL_BASE]; 1091 1092 if (fn) { 1093 return fn(cpu, spapr, opcode, args); 1094 } 1095 } 1096 1097 qemu_log_mask(LOG_UNIMP, "Unimplemented SPAPR hcall 0x" TARGET_FMT_lx "\n", 1098 opcode); 1099 return H_FUNCTION; 1100 } 1101 1102 static void hypercall_register_types(void) 1103 { 1104 /* hcall-pft */ 1105 spapr_register_hypercall(H_ENTER, h_enter); 1106 spapr_register_hypercall(H_REMOVE, h_remove); 1107 spapr_register_hypercall(H_PROTECT, h_protect); 1108 spapr_register_hypercall(H_READ, h_read); 1109 1110 /* hcall-bulk */ 1111 spapr_register_hypercall(H_BULK_REMOVE, h_bulk_remove); 1112 1113 /* hcall-splpar */ 1114 spapr_register_hypercall(H_REGISTER_VPA, h_register_vpa); 1115 spapr_register_hypercall(H_CEDE, h_cede); 1116 1117 /* processor register resource access h-calls */ 1118 spapr_register_hypercall(H_SET_SPRG0, h_set_sprg0); 1119 spapr_register_hypercall(H_SET_DABR, h_set_dabr); 1120 spapr_register_hypercall(H_SET_XDABR, h_set_xdabr); 1121 spapr_register_hypercall(H_PAGE_INIT, h_page_init); 1122 spapr_register_hypercall(H_SET_MODE, h_set_mode); 1123 1124 /* "debugger" hcalls (also used by SLOF). Note: We do -not- differenciate 1125 * here between the "CI" and the "CACHE" variants, they will use whatever 1126 * mapping attributes qemu is using. When using KVM, the kernel will 1127 * enforce the attributes more strongly 1128 */ 1129 spapr_register_hypercall(H_LOGICAL_CI_LOAD, h_logical_load); 1130 spapr_register_hypercall(H_LOGICAL_CI_STORE, h_logical_store); 1131 spapr_register_hypercall(H_LOGICAL_CACHE_LOAD, h_logical_load); 1132 spapr_register_hypercall(H_LOGICAL_CACHE_STORE, h_logical_store); 1133 spapr_register_hypercall(H_LOGICAL_ICBI, h_logical_icbi); 1134 spapr_register_hypercall(H_LOGICAL_DCBF, h_logical_dcbf); 1135 spapr_register_hypercall(KVMPPC_H_LOGICAL_MEMOP, h_logical_memop); 1136 1137 /* qemu/KVM-PPC specific hcalls */ 1138 spapr_register_hypercall(KVMPPC_H_RTAS, h_rtas); 1139 1140 /* ibm,client-architecture-support support */ 1141 spapr_register_hypercall(KVMPPC_H_CAS, h_client_architecture_support); 1142 } 1143 1144 type_init(hypercall_register_types) 1145