1 #include "qemu/osdep.h" 2 #include "sysemu/sysemu.h" 3 #include "cpu.h" 4 #include "helper_regs.h" 5 #include "hw/ppc/spapr.h" 6 #include "mmu-hash64.h" 7 #include "cpu-models.h" 8 #include "trace.h" 9 #include "kvm_ppc.h" 10 11 struct SPRSyncState { 12 CPUState *cs; 13 int spr; 14 target_ulong value; 15 target_ulong mask; 16 }; 17 18 static void do_spr_sync(void *arg) 19 { 20 struct SPRSyncState *s = arg; 21 PowerPCCPU *cpu = POWERPC_CPU(s->cs); 22 CPUPPCState *env = &cpu->env; 23 24 cpu_synchronize_state(s->cs); 25 env->spr[s->spr] &= ~s->mask; 26 env->spr[s->spr] |= s->value; 27 } 28 29 static void set_spr(CPUState *cs, int spr, target_ulong value, 30 target_ulong mask) 31 { 32 struct SPRSyncState s = { 33 .cs = cs, 34 .spr = spr, 35 .value = value, 36 .mask = mask 37 }; 38 run_on_cpu(cs, do_spr_sync, &s); 39 } 40 41 static bool has_spr(PowerPCCPU *cpu, int spr) 42 { 43 /* We can test whether the SPR is defined by checking for a valid name */ 44 return cpu->env.spr_cb[spr].name != NULL; 45 } 46 47 static inline bool valid_pte_index(CPUPPCState *env, target_ulong pte_index) 48 { 49 /* 50 * hash value/pteg group index is normalized by htab_mask 51 */ 52 if (((pte_index & ~7ULL) / HPTES_PER_GROUP) & ~env->htab_mask) { 53 return false; 54 } 55 return true; 56 } 57 58 static bool is_ram_address(sPAPRMachineState *spapr, hwaddr addr) 59 { 60 MachineState *machine = MACHINE(spapr); 61 MemoryHotplugState *hpms = &spapr->hotplug_memory; 62 63 if (addr < machine->ram_size) { 64 return true; 65 } 66 if ((addr >= hpms->base) 67 && ((addr - hpms->base) < memory_region_size(&hpms->mr))) { 68 return true; 69 } 70 71 return false; 72 } 73 74 static target_ulong h_enter(PowerPCCPU *cpu, sPAPRMachineState *spapr, 75 target_ulong opcode, target_ulong *args) 76 { 77 CPUPPCState *env = &cpu->env; 78 target_ulong flags = args[0]; 79 target_ulong pte_index = args[1]; 80 target_ulong pteh = args[2]; 81 target_ulong ptel = args[3]; 82 unsigned apshift, spshift; 83 target_ulong raddr; 84 target_ulong index; 85 uint64_t token; 86 87 apshift = ppc_hash64_hpte_page_shift_noslb(cpu, pteh, ptel, &spshift); 88 if (!apshift) { 89 /* Bad page size encoding */ 90 return H_PARAMETER; 91 } 92 93 raddr = (ptel & HPTE64_R_RPN) & ~((1ULL << apshift) - 1); 94 95 if (is_ram_address(spapr, raddr)) { 96 /* Regular RAM - should have WIMG=0010 */ 97 if ((ptel & HPTE64_R_WIMG) != HPTE64_R_M) { 98 return H_PARAMETER; 99 } 100 } else { 101 /* Looks like an IO address */ 102 /* FIXME: What WIMG combinations could be sensible for IO? 103 * For now we allow WIMG=010x, but are there others? */ 104 /* FIXME: Should we check against registered IO addresses? */ 105 if ((ptel & (HPTE64_R_W | HPTE64_R_I | HPTE64_R_M)) != HPTE64_R_I) { 106 return H_PARAMETER; 107 } 108 } 109 110 pteh &= ~0x60ULL; 111 112 if (!valid_pte_index(env, pte_index)) { 113 return H_PARAMETER; 114 } 115 116 index = 0; 117 if (likely((flags & H_EXACT) == 0)) { 118 pte_index &= ~7ULL; 119 token = ppc_hash64_start_access(cpu, pte_index); 120 for (; index < 8; index++) { 121 if (!(ppc_hash64_load_hpte0(cpu, token, index) & HPTE64_V_VALID)) { 122 break; 123 } 124 } 125 ppc_hash64_stop_access(cpu, token); 126 if (index == 8) { 127 return H_PTEG_FULL; 128 } 129 } else { 130 token = ppc_hash64_start_access(cpu, pte_index); 131 if (ppc_hash64_load_hpte0(cpu, token, 0) & HPTE64_V_VALID) { 132 ppc_hash64_stop_access(cpu, token); 133 return H_PTEG_FULL; 134 } 135 ppc_hash64_stop_access(cpu, token); 136 } 137 138 ppc_hash64_store_hpte(cpu, pte_index + index, 139 pteh | HPTE64_V_HPTE_DIRTY, ptel); 140 141 args[0] = pte_index + index; 142 return H_SUCCESS; 143 } 144 145 typedef enum { 146 REMOVE_SUCCESS = 0, 147 REMOVE_NOT_FOUND = 1, 148 REMOVE_PARM = 2, 149 REMOVE_HW = 3, 150 } RemoveResult; 151 152 static RemoveResult remove_hpte(PowerPCCPU *cpu, target_ulong ptex, 153 target_ulong avpn, 154 target_ulong flags, 155 target_ulong *vp, target_ulong *rp) 156 { 157 CPUPPCState *env = &cpu->env; 158 uint64_t token; 159 target_ulong v, r; 160 161 if (!valid_pte_index(env, ptex)) { 162 return REMOVE_PARM; 163 } 164 165 token = ppc_hash64_start_access(cpu, ptex); 166 v = ppc_hash64_load_hpte0(cpu, token, 0); 167 r = ppc_hash64_load_hpte1(cpu, token, 0); 168 ppc_hash64_stop_access(cpu, token); 169 170 if ((v & HPTE64_V_VALID) == 0 || 171 ((flags & H_AVPN) && (v & ~0x7fULL) != avpn) || 172 ((flags & H_ANDCOND) && (v & avpn) != 0)) { 173 return REMOVE_NOT_FOUND; 174 } 175 *vp = v; 176 *rp = r; 177 ppc_hash64_store_hpte(cpu, ptex, HPTE64_V_HPTE_DIRTY, 0); 178 ppc_hash64_tlb_flush_hpte(cpu, ptex, v, r); 179 return REMOVE_SUCCESS; 180 } 181 182 static target_ulong h_remove(PowerPCCPU *cpu, sPAPRMachineState *spapr, 183 target_ulong opcode, target_ulong *args) 184 { 185 target_ulong flags = args[0]; 186 target_ulong pte_index = args[1]; 187 target_ulong avpn = args[2]; 188 RemoveResult ret; 189 190 ret = remove_hpte(cpu, pte_index, avpn, flags, 191 &args[0], &args[1]); 192 193 switch (ret) { 194 case REMOVE_SUCCESS: 195 return H_SUCCESS; 196 197 case REMOVE_NOT_FOUND: 198 return H_NOT_FOUND; 199 200 case REMOVE_PARM: 201 return H_PARAMETER; 202 203 case REMOVE_HW: 204 return H_HARDWARE; 205 } 206 207 g_assert_not_reached(); 208 } 209 210 #define H_BULK_REMOVE_TYPE 0xc000000000000000ULL 211 #define H_BULK_REMOVE_REQUEST 0x4000000000000000ULL 212 #define H_BULK_REMOVE_RESPONSE 0x8000000000000000ULL 213 #define H_BULK_REMOVE_END 0xc000000000000000ULL 214 #define H_BULK_REMOVE_CODE 0x3000000000000000ULL 215 #define H_BULK_REMOVE_SUCCESS 0x0000000000000000ULL 216 #define H_BULK_REMOVE_NOT_FOUND 0x1000000000000000ULL 217 #define H_BULK_REMOVE_PARM 0x2000000000000000ULL 218 #define H_BULK_REMOVE_HW 0x3000000000000000ULL 219 #define H_BULK_REMOVE_RC 0x0c00000000000000ULL 220 #define H_BULK_REMOVE_FLAGS 0x0300000000000000ULL 221 #define H_BULK_REMOVE_ABSOLUTE 0x0000000000000000ULL 222 #define H_BULK_REMOVE_ANDCOND 0x0100000000000000ULL 223 #define H_BULK_REMOVE_AVPN 0x0200000000000000ULL 224 #define H_BULK_REMOVE_PTEX 0x00ffffffffffffffULL 225 226 #define H_BULK_REMOVE_MAX_BATCH 4 227 228 static target_ulong h_bulk_remove(PowerPCCPU *cpu, sPAPRMachineState *spapr, 229 target_ulong opcode, target_ulong *args) 230 { 231 int i; 232 233 for (i = 0; i < H_BULK_REMOVE_MAX_BATCH; i++) { 234 target_ulong *tsh = &args[i*2]; 235 target_ulong tsl = args[i*2 + 1]; 236 target_ulong v, r, ret; 237 238 if ((*tsh & H_BULK_REMOVE_TYPE) == H_BULK_REMOVE_END) { 239 break; 240 } else if ((*tsh & H_BULK_REMOVE_TYPE) != H_BULK_REMOVE_REQUEST) { 241 return H_PARAMETER; 242 } 243 244 *tsh &= H_BULK_REMOVE_PTEX | H_BULK_REMOVE_FLAGS; 245 *tsh |= H_BULK_REMOVE_RESPONSE; 246 247 if ((*tsh & H_BULK_REMOVE_ANDCOND) && (*tsh & H_BULK_REMOVE_AVPN)) { 248 *tsh |= H_BULK_REMOVE_PARM; 249 return H_PARAMETER; 250 } 251 252 ret = remove_hpte(cpu, *tsh & H_BULK_REMOVE_PTEX, tsl, 253 (*tsh & H_BULK_REMOVE_FLAGS) >> 26, 254 &v, &r); 255 256 *tsh |= ret << 60; 257 258 switch (ret) { 259 case REMOVE_SUCCESS: 260 *tsh |= (r & (HPTE64_R_C | HPTE64_R_R)) << 43; 261 break; 262 263 case REMOVE_PARM: 264 return H_PARAMETER; 265 266 case REMOVE_HW: 267 return H_HARDWARE; 268 } 269 } 270 271 return H_SUCCESS; 272 } 273 274 static target_ulong h_protect(PowerPCCPU *cpu, sPAPRMachineState *spapr, 275 target_ulong opcode, target_ulong *args) 276 { 277 CPUPPCState *env = &cpu->env; 278 target_ulong flags = args[0]; 279 target_ulong pte_index = args[1]; 280 target_ulong avpn = args[2]; 281 uint64_t token; 282 target_ulong v, r; 283 284 if (!valid_pte_index(env, pte_index)) { 285 return H_PARAMETER; 286 } 287 288 token = ppc_hash64_start_access(cpu, pte_index); 289 v = ppc_hash64_load_hpte0(cpu, token, 0); 290 r = ppc_hash64_load_hpte1(cpu, token, 0); 291 ppc_hash64_stop_access(cpu, token); 292 293 if ((v & HPTE64_V_VALID) == 0 || 294 ((flags & H_AVPN) && (v & ~0x7fULL) != avpn)) { 295 return H_NOT_FOUND; 296 } 297 298 r &= ~(HPTE64_R_PP0 | HPTE64_R_PP | HPTE64_R_N | 299 HPTE64_R_KEY_HI | HPTE64_R_KEY_LO); 300 r |= (flags << 55) & HPTE64_R_PP0; 301 r |= (flags << 48) & HPTE64_R_KEY_HI; 302 r |= flags & (HPTE64_R_PP | HPTE64_R_N | HPTE64_R_KEY_LO); 303 ppc_hash64_store_hpte(cpu, pte_index, 304 (v & ~HPTE64_V_VALID) | HPTE64_V_HPTE_DIRTY, 0); 305 ppc_hash64_tlb_flush_hpte(cpu, pte_index, v, r); 306 /* Don't need a memory barrier, due to qemu's global lock */ 307 ppc_hash64_store_hpte(cpu, pte_index, v | HPTE64_V_HPTE_DIRTY, r); 308 return H_SUCCESS; 309 } 310 311 static target_ulong h_read(PowerPCCPU *cpu, sPAPRMachineState *spapr, 312 target_ulong opcode, target_ulong *args) 313 { 314 CPUPPCState *env = &cpu->env; 315 target_ulong flags = args[0]; 316 target_ulong pte_index = args[1]; 317 uint8_t *hpte; 318 int i, ridx, n_entries = 1; 319 320 if (!valid_pte_index(env, pte_index)) { 321 return H_PARAMETER; 322 } 323 324 if (flags & H_READ_4) { 325 /* Clear the two low order bits */ 326 pte_index &= ~(3ULL); 327 n_entries = 4; 328 } 329 330 hpte = env->external_htab + (pte_index * HASH_PTE_SIZE_64); 331 332 for (i = 0, ridx = 0; i < n_entries; i++) { 333 args[ridx++] = ldq_p(hpte); 334 args[ridx++] = ldq_p(hpte + (HASH_PTE_SIZE_64/2)); 335 hpte += HASH_PTE_SIZE_64; 336 } 337 338 return H_SUCCESS; 339 } 340 341 static target_ulong h_set_sprg0(PowerPCCPU *cpu, sPAPRMachineState *spapr, 342 target_ulong opcode, target_ulong *args) 343 { 344 cpu_synchronize_state(CPU(cpu)); 345 cpu->env.spr[SPR_SPRG0] = args[0]; 346 347 return H_SUCCESS; 348 } 349 350 static target_ulong h_set_dabr(PowerPCCPU *cpu, sPAPRMachineState *spapr, 351 target_ulong opcode, target_ulong *args) 352 { 353 if (!has_spr(cpu, SPR_DABR)) { 354 return H_HARDWARE; /* DABR register not available */ 355 } 356 cpu_synchronize_state(CPU(cpu)); 357 358 if (has_spr(cpu, SPR_DABRX)) { 359 cpu->env.spr[SPR_DABRX] = 0x3; /* Use Problem and Privileged state */ 360 } else if (!(args[0] & 0x4)) { /* Breakpoint Translation set? */ 361 return H_RESERVED_DABR; 362 } 363 364 cpu->env.spr[SPR_DABR] = args[0]; 365 return H_SUCCESS; 366 } 367 368 static target_ulong h_set_xdabr(PowerPCCPU *cpu, sPAPRMachineState *spapr, 369 target_ulong opcode, target_ulong *args) 370 { 371 target_ulong dabrx = args[1]; 372 373 if (!has_spr(cpu, SPR_DABR) || !has_spr(cpu, SPR_DABRX)) { 374 return H_HARDWARE; 375 } 376 377 if ((dabrx & ~0xfULL) != 0 || (dabrx & H_DABRX_HYPERVISOR) != 0 378 || (dabrx & (H_DABRX_KERNEL | H_DABRX_USER)) == 0) { 379 return H_PARAMETER; 380 } 381 382 cpu_synchronize_state(CPU(cpu)); 383 cpu->env.spr[SPR_DABRX] = dabrx; 384 cpu->env.spr[SPR_DABR] = args[0]; 385 386 return H_SUCCESS; 387 } 388 389 static target_ulong h_page_init(PowerPCCPU *cpu, sPAPRMachineState *spapr, 390 target_ulong opcode, target_ulong *args) 391 { 392 target_ulong flags = args[0]; 393 hwaddr dst = args[1]; 394 hwaddr src = args[2]; 395 hwaddr len = TARGET_PAGE_SIZE; 396 uint8_t *pdst, *psrc; 397 target_long ret = H_SUCCESS; 398 399 if (flags & ~(H_ICACHE_SYNCHRONIZE | H_ICACHE_INVALIDATE 400 | H_COPY_PAGE | H_ZERO_PAGE)) { 401 qemu_log_mask(LOG_UNIMP, "h_page_init: Bad flags (" TARGET_FMT_lx "\n", 402 flags); 403 return H_PARAMETER; 404 } 405 406 /* Map-in destination */ 407 if (!is_ram_address(spapr, dst) || (dst & ~TARGET_PAGE_MASK) != 0) { 408 return H_PARAMETER; 409 } 410 pdst = cpu_physical_memory_map(dst, &len, 1); 411 if (!pdst || len != TARGET_PAGE_SIZE) { 412 return H_PARAMETER; 413 } 414 415 if (flags & H_COPY_PAGE) { 416 /* Map-in source, copy to destination, and unmap source again */ 417 if (!is_ram_address(spapr, src) || (src & ~TARGET_PAGE_MASK) != 0) { 418 ret = H_PARAMETER; 419 goto unmap_out; 420 } 421 psrc = cpu_physical_memory_map(src, &len, 0); 422 if (!psrc || len != TARGET_PAGE_SIZE) { 423 ret = H_PARAMETER; 424 goto unmap_out; 425 } 426 memcpy(pdst, psrc, len); 427 cpu_physical_memory_unmap(psrc, len, 0, len); 428 } else if (flags & H_ZERO_PAGE) { 429 memset(pdst, 0, len); /* Just clear the destination page */ 430 } 431 432 if (kvm_enabled() && (flags & H_ICACHE_SYNCHRONIZE) != 0) { 433 kvmppc_dcbst_range(cpu, pdst, len); 434 } 435 if (flags & (H_ICACHE_SYNCHRONIZE | H_ICACHE_INVALIDATE)) { 436 if (kvm_enabled()) { 437 kvmppc_icbi_range(cpu, pdst, len); 438 } else { 439 tb_flush(CPU(cpu)); 440 } 441 } 442 443 unmap_out: 444 cpu_physical_memory_unmap(pdst, TARGET_PAGE_SIZE, 1, len); 445 return ret; 446 } 447 448 #define FLAGS_REGISTER_VPA 0x0000200000000000ULL 449 #define FLAGS_REGISTER_DTL 0x0000400000000000ULL 450 #define FLAGS_REGISTER_SLBSHADOW 0x0000600000000000ULL 451 #define FLAGS_DEREGISTER_VPA 0x0000a00000000000ULL 452 #define FLAGS_DEREGISTER_DTL 0x0000c00000000000ULL 453 #define FLAGS_DEREGISTER_SLBSHADOW 0x0000e00000000000ULL 454 455 #define VPA_MIN_SIZE 640 456 #define VPA_SIZE_OFFSET 0x4 457 #define VPA_SHARED_PROC_OFFSET 0x9 458 #define VPA_SHARED_PROC_VAL 0x2 459 460 static target_ulong register_vpa(CPUPPCState *env, target_ulong vpa) 461 { 462 CPUState *cs = CPU(ppc_env_get_cpu(env)); 463 uint16_t size; 464 uint8_t tmp; 465 466 if (vpa == 0) { 467 hcall_dprintf("Can't cope with registering a VPA at logical 0\n"); 468 return H_HARDWARE; 469 } 470 471 if (vpa % env->dcache_line_size) { 472 return H_PARAMETER; 473 } 474 /* FIXME: bounds check the address */ 475 476 size = lduw_be_phys(cs->as, vpa + 0x4); 477 478 if (size < VPA_MIN_SIZE) { 479 return H_PARAMETER; 480 } 481 482 /* VPA is not allowed to cross a page boundary */ 483 if ((vpa / 4096) != ((vpa + size - 1) / 4096)) { 484 return H_PARAMETER; 485 } 486 487 env->vpa_addr = vpa; 488 489 tmp = ldub_phys(cs->as, env->vpa_addr + VPA_SHARED_PROC_OFFSET); 490 tmp |= VPA_SHARED_PROC_VAL; 491 stb_phys(cs->as, env->vpa_addr + VPA_SHARED_PROC_OFFSET, tmp); 492 493 return H_SUCCESS; 494 } 495 496 static target_ulong deregister_vpa(CPUPPCState *env, target_ulong vpa) 497 { 498 if (env->slb_shadow_addr) { 499 return H_RESOURCE; 500 } 501 502 if (env->dtl_addr) { 503 return H_RESOURCE; 504 } 505 506 env->vpa_addr = 0; 507 return H_SUCCESS; 508 } 509 510 static target_ulong register_slb_shadow(CPUPPCState *env, target_ulong addr) 511 { 512 CPUState *cs = CPU(ppc_env_get_cpu(env)); 513 uint32_t size; 514 515 if (addr == 0) { 516 hcall_dprintf("Can't cope with SLB shadow at logical 0\n"); 517 return H_HARDWARE; 518 } 519 520 size = ldl_be_phys(cs->as, addr + 0x4); 521 if (size < 0x8) { 522 return H_PARAMETER; 523 } 524 525 if ((addr / 4096) != ((addr + size - 1) / 4096)) { 526 return H_PARAMETER; 527 } 528 529 if (!env->vpa_addr) { 530 return H_RESOURCE; 531 } 532 533 env->slb_shadow_addr = addr; 534 env->slb_shadow_size = size; 535 536 return H_SUCCESS; 537 } 538 539 static target_ulong deregister_slb_shadow(CPUPPCState *env, target_ulong addr) 540 { 541 env->slb_shadow_addr = 0; 542 env->slb_shadow_size = 0; 543 return H_SUCCESS; 544 } 545 546 static target_ulong register_dtl(CPUPPCState *env, target_ulong addr) 547 { 548 CPUState *cs = CPU(ppc_env_get_cpu(env)); 549 uint32_t size; 550 551 if (addr == 0) { 552 hcall_dprintf("Can't cope with DTL at logical 0\n"); 553 return H_HARDWARE; 554 } 555 556 size = ldl_be_phys(cs->as, addr + 0x4); 557 558 if (size < 48) { 559 return H_PARAMETER; 560 } 561 562 if (!env->vpa_addr) { 563 return H_RESOURCE; 564 } 565 566 env->dtl_addr = addr; 567 env->dtl_size = size; 568 569 return H_SUCCESS; 570 } 571 572 static target_ulong deregister_dtl(CPUPPCState *env, target_ulong addr) 573 { 574 env->dtl_addr = 0; 575 env->dtl_size = 0; 576 577 return H_SUCCESS; 578 } 579 580 static target_ulong h_register_vpa(PowerPCCPU *cpu, sPAPRMachineState *spapr, 581 target_ulong opcode, target_ulong *args) 582 { 583 target_ulong flags = args[0]; 584 target_ulong procno = args[1]; 585 target_ulong vpa = args[2]; 586 target_ulong ret = H_PARAMETER; 587 CPUPPCState *tenv; 588 PowerPCCPU *tcpu; 589 590 tcpu = ppc_get_vcpu_by_dt_id(procno); 591 if (!tcpu) { 592 return H_PARAMETER; 593 } 594 tenv = &tcpu->env; 595 596 switch (flags) { 597 case FLAGS_REGISTER_VPA: 598 ret = register_vpa(tenv, vpa); 599 break; 600 601 case FLAGS_DEREGISTER_VPA: 602 ret = deregister_vpa(tenv, vpa); 603 break; 604 605 case FLAGS_REGISTER_SLBSHADOW: 606 ret = register_slb_shadow(tenv, vpa); 607 break; 608 609 case FLAGS_DEREGISTER_SLBSHADOW: 610 ret = deregister_slb_shadow(tenv, vpa); 611 break; 612 613 case FLAGS_REGISTER_DTL: 614 ret = register_dtl(tenv, vpa); 615 break; 616 617 case FLAGS_DEREGISTER_DTL: 618 ret = deregister_dtl(tenv, vpa); 619 break; 620 } 621 622 return ret; 623 } 624 625 static target_ulong h_cede(PowerPCCPU *cpu, sPAPRMachineState *spapr, 626 target_ulong opcode, target_ulong *args) 627 { 628 CPUPPCState *env = &cpu->env; 629 CPUState *cs = CPU(cpu); 630 631 env->msr |= (1ULL << MSR_EE); 632 hreg_compute_hflags(env); 633 if (!cpu_has_work(cs)) { 634 cs->halted = 1; 635 cs->exception_index = EXCP_HLT; 636 cs->exit_request = 1; 637 } 638 return H_SUCCESS; 639 } 640 641 static target_ulong h_rtas(PowerPCCPU *cpu, sPAPRMachineState *spapr, 642 target_ulong opcode, target_ulong *args) 643 { 644 target_ulong rtas_r3 = args[0]; 645 uint32_t token = rtas_ld(rtas_r3, 0); 646 uint32_t nargs = rtas_ld(rtas_r3, 1); 647 uint32_t nret = rtas_ld(rtas_r3, 2); 648 649 return spapr_rtas_call(cpu, spapr, token, nargs, rtas_r3 + 12, 650 nret, rtas_r3 + 12 + 4*nargs); 651 } 652 653 static target_ulong h_logical_load(PowerPCCPU *cpu, sPAPRMachineState *spapr, 654 target_ulong opcode, target_ulong *args) 655 { 656 CPUState *cs = CPU(cpu); 657 target_ulong size = args[0]; 658 target_ulong addr = args[1]; 659 660 switch (size) { 661 case 1: 662 args[0] = ldub_phys(cs->as, addr); 663 return H_SUCCESS; 664 case 2: 665 args[0] = lduw_phys(cs->as, addr); 666 return H_SUCCESS; 667 case 4: 668 args[0] = ldl_phys(cs->as, addr); 669 return H_SUCCESS; 670 case 8: 671 args[0] = ldq_phys(cs->as, addr); 672 return H_SUCCESS; 673 } 674 return H_PARAMETER; 675 } 676 677 static target_ulong h_logical_store(PowerPCCPU *cpu, sPAPRMachineState *spapr, 678 target_ulong opcode, target_ulong *args) 679 { 680 CPUState *cs = CPU(cpu); 681 682 target_ulong size = args[0]; 683 target_ulong addr = args[1]; 684 target_ulong val = args[2]; 685 686 switch (size) { 687 case 1: 688 stb_phys(cs->as, addr, val); 689 return H_SUCCESS; 690 case 2: 691 stw_phys(cs->as, addr, val); 692 return H_SUCCESS; 693 case 4: 694 stl_phys(cs->as, addr, val); 695 return H_SUCCESS; 696 case 8: 697 stq_phys(cs->as, addr, val); 698 return H_SUCCESS; 699 } 700 return H_PARAMETER; 701 } 702 703 static target_ulong h_logical_memop(PowerPCCPU *cpu, sPAPRMachineState *spapr, 704 target_ulong opcode, target_ulong *args) 705 { 706 CPUState *cs = CPU(cpu); 707 708 target_ulong dst = args[0]; /* Destination address */ 709 target_ulong src = args[1]; /* Source address */ 710 target_ulong esize = args[2]; /* Element size (0=1,1=2,2=4,3=8) */ 711 target_ulong count = args[3]; /* Element count */ 712 target_ulong op = args[4]; /* 0 = copy, 1 = invert */ 713 uint64_t tmp; 714 unsigned int mask = (1 << esize) - 1; 715 int step = 1 << esize; 716 717 if (count > 0x80000000) { 718 return H_PARAMETER; 719 } 720 721 if ((dst & mask) || (src & mask) || (op > 1)) { 722 return H_PARAMETER; 723 } 724 725 if (dst >= src && dst < (src + (count << esize))) { 726 dst = dst + ((count - 1) << esize); 727 src = src + ((count - 1) << esize); 728 step = -step; 729 } 730 731 while (count--) { 732 switch (esize) { 733 case 0: 734 tmp = ldub_phys(cs->as, src); 735 break; 736 case 1: 737 tmp = lduw_phys(cs->as, src); 738 break; 739 case 2: 740 tmp = ldl_phys(cs->as, src); 741 break; 742 case 3: 743 tmp = ldq_phys(cs->as, src); 744 break; 745 default: 746 return H_PARAMETER; 747 } 748 if (op == 1) { 749 tmp = ~tmp; 750 } 751 switch (esize) { 752 case 0: 753 stb_phys(cs->as, dst, tmp); 754 break; 755 case 1: 756 stw_phys(cs->as, dst, tmp); 757 break; 758 case 2: 759 stl_phys(cs->as, dst, tmp); 760 break; 761 case 3: 762 stq_phys(cs->as, dst, tmp); 763 break; 764 } 765 dst = dst + step; 766 src = src + step; 767 } 768 769 return H_SUCCESS; 770 } 771 772 static target_ulong h_logical_icbi(PowerPCCPU *cpu, sPAPRMachineState *spapr, 773 target_ulong opcode, target_ulong *args) 774 { 775 /* Nothing to do on emulation, KVM will trap this in the kernel */ 776 return H_SUCCESS; 777 } 778 779 static target_ulong h_logical_dcbf(PowerPCCPU *cpu, sPAPRMachineState *spapr, 780 target_ulong opcode, target_ulong *args) 781 { 782 /* Nothing to do on emulation, KVM will trap this in the kernel */ 783 return H_SUCCESS; 784 } 785 786 static target_ulong h_set_mode_resource_le(PowerPCCPU *cpu, 787 target_ulong mflags, 788 target_ulong value1, 789 target_ulong value2) 790 { 791 CPUState *cs; 792 793 if (value1) { 794 return H_P3; 795 } 796 if (value2) { 797 return H_P4; 798 } 799 800 switch (mflags) { 801 case H_SET_MODE_ENDIAN_BIG: 802 CPU_FOREACH(cs) { 803 set_spr(cs, SPR_LPCR, 0, LPCR_ILE); 804 } 805 spapr_pci_switch_vga(true); 806 return H_SUCCESS; 807 808 case H_SET_MODE_ENDIAN_LITTLE: 809 CPU_FOREACH(cs) { 810 set_spr(cs, SPR_LPCR, LPCR_ILE, LPCR_ILE); 811 } 812 spapr_pci_switch_vga(false); 813 return H_SUCCESS; 814 } 815 816 return H_UNSUPPORTED_FLAG; 817 } 818 819 static target_ulong h_set_mode_resource_addr_trans_mode(PowerPCCPU *cpu, 820 target_ulong mflags, 821 target_ulong value1, 822 target_ulong value2) 823 { 824 CPUState *cs; 825 PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu); 826 target_ulong prefix; 827 828 if (!(pcc->insns_flags2 & PPC2_ISA207S)) { 829 return H_P2; 830 } 831 if (value1) { 832 return H_P3; 833 } 834 if (value2) { 835 return H_P4; 836 } 837 838 switch (mflags) { 839 case H_SET_MODE_ADDR_TRANS_NONE: 840 prefix = 0; 841 break; 842 case H_SET_MODE_ADDR_TRANS_0001_8000: 843 prefix = 0x18000; 844 break; 845 case H_SET_MODE_ADDR_TRANS_C000_0000_0000_4000: 846 prefix = 0xC000000000004000ULL; 847 break; 848 default: 849 return H_UNSUPPORTED_FLAG; 850 } 851 852 CPU_FOREACH(cs) { 853 CPUPPCState *env = &POWERPC_CPU(cpu)->env; 854 855 set_spr(cs, SPR_LPCR, mflags << LPCR_AIL_SHIFT, LPCR_AIL); 856 env->excp_prefix = prefix; 857 } 858 859 return H_SUCCESS; 860 } 861 862 static target_ulong h_set_mode(PowerPCCPU *cpu, sPAPRMachineState *spapr, 863 target_ulong opcode, target_ulong *args) 864 { 865 target_ulong resource = args[1]; 866 target_ulong ret = H_P2; 867 868 switch (resource) { 869 case H_SET_MODE_RESOURCE_LE: 870 ret = h_set_mode_resource_le(cpu, args[0], args[2], args[3]); 871 break; 872 case H_SET_MODE_RESOURCE_ADDR_TRANS_MODE: 873 ret = h_set_mode_resource_addr_trans_mode(cpu, args[0], 874 args[2], args[3]); 875 break; 876 } 877 878 return ret; 879 } 880 881 /* 882 * Return the offset to the requested option vector @vector in the 883 * option vector table @table. 884 */ 885 static target_ulong cas_get_option_vector(int vector, target_ulong table) 886 { 887 int i; 888 char nr_vectors, nr_entries; 889 890 if (!table) { 891 return 0; 892 } 893 894 nr_vectors = (ldl_phys(&address_space_memory, table) >> 24) + 1; 895 if (!vector || vector > nr_vectors) { 896 return 0; 897 } 898 table++; /* skip nr option vectors */ 899 900 for (i = 0; i < vector - 1; i++) { 901 nr_entries = ldl_phys(&address_space_memory, table) >> 24; 902 table += nr_entries + 2; 903 } 904 return table; 905 } 906 907 typedef struct { 908 PowerPCCPU *cpu; 909 uint32_t cpu_version; 910 Error *err; 911 } SetCompatState; 912 913 static void do_set_compat(void *arg) 914 { 915 SetCompatState *s = arg; 916 917 cpu_synchronize_state(CPU(s->cpu)); 918 ppc_set_compat(s->cpu, s->cpu_version, &s->err); 919 } 920 921 #define get_compat_level(cpuver) ( \ 922 ((cpuver) == CPU_POWERPC_LOGICAL_2_05) ? 2050 : \ 923 ((cpuver) == CPU_POWERPC_LOGICAL_2_06) ? 2060 : \ 924 ((cpuver) == CPU_POWERPC_LOGICAL_2_06_PLUS) ? 2061 : \ 925 ((cpuver) == CPU_POWERPC_LOGICAL_2_07) ? 2070 : 0) 926 927 #define OV5_DRCONF_MEMORY 0x20 928 929 static target_ulong h_client_architecture_support(PowerPCCPU *cpu_, 930 sPAPRMachineState *spapr, 931 target_ulong opcode, 932 target_ulong *args) 933 { 934 target_ulong list = ppc64_phys_to_real(args[0]); 935 target_ulong ov_table, ov5; 936 PowerPCCPUClass *pcc_ = POWERPC_CPU_GET_CLASS(cpu_); 937 CPUState *cs; 938 bool cpu_match = false, cpu_update = true, memory_update = false; 939 unsigned old_cpu_version = cpu_->cpu_version; 940 unsigned compat_lvl = 0, cpu_version = 0; 941 unsigned max_lvl = get_compat_level(cpu_->max_compat); 942 int counter; 943 char ov5_byte2; 944 945 /* Parse PVR list */ 946 for (counter = 0; counter < 512; ++counter) { 947 uint32_t pvr, pvr_mask; 948 949 pvr_mask = ldl_be_phys(&address_space_memory, list); 950 list += 4; 951 pvr = ldl_be_phys(&address_space_memory, list); 952 list += 4; 953 954 trace_spapr_cas_pvr_try(pvr); 955 if (!max_lvl && 956 ((cpu_->env.spr[SPR_PVR] & pvr_mask) == (pvr & pvr_mask))) { 957 cpu_match = true; 958 cpu_version = 0; 959 } else if (pvr == cpu_->cpu_version) { 960 cpu_match = true; 961 cpu_version = cpu_->cpu_version; 962 } else if (!cpu_match) { 963 /* If it is a logical PVR, try to determine the highest level */ 964 unsigned lvl = get_compat_level(pvr); 965 if (lvl) { 966 bool is205 = (pcc_->pcr_mask & PCR_COMPAT_2_05) && 967 (lvl == get_compat_level(CPU_POWERPC_LOGICAL_2_05)); 968 bool is206 = (pcc_->pcr_mask & PCR_COMPAT_2_06) && 969 ((lvl == get_compat_level(CPU_POWERPC_LOGICAL_2_06)) || 970 (lvl == get_compat_level(CPU_POWERPC_LOGICAL_2_06_PLUS))); 971 972 if (is205 || is206) { 973 if (!max_lvl) { 974 /* User did not set the level, choose the highest */ 975 if (compat_lvl <= lvl) { 976 compat_lvl = lvl; 977 cpu_version = pvr; 978 } 979 } else if (max_lvl >= lvl) { 980 /* User chose the level, don't set higher than this */ 981 compat_lvl = lvl; 982 cpu_version = pvr; 983 } 984 } 985 } 986 } 987 /* Terminator record */ 988 if (~pvr_mask & pvr) { 989 break; 990 } 991 } 992 993 /* Parsing finished */ 994 trace_spapr_cas_pvr(cpu_->cpu_version, cpu_match, 995 cpu_version, pcc_->pcr_mask); 996 997 /* Update CPUs */ 998 if (old_cpu_version != cpu_version) { 999 CPU_FOREACH(cs) { 1000 SetCompatState s = { 1001 .cpu = POWERPC_CPU(cs), 1002 .cpu_version = cpu_version, 1003 .err = NULL, 1004 }; 1005 1006 run_on_cpu(cs, do_set_compat, &s); 1007 1008 if (s.err) { 1009 error_report_err(s.err); 1010 return H_HARDWARE; 1011 } 1012 } 1013 } 1014 1015 if (!cpu_version) { 1016 cpu_update = false; 1017 } 1018 1019 /* For the future use: here @ov_table points to the first option vector */ 1020 ov_table = list; 1021 1022 ov5 = cas_get_option_vector(5, ov_table); 1023 if (!ov5) { 1024 return H_SUCCESS; 1025 } 1026 1027 /* @list now points to OV 5 */ 1028 ov5_byte2 = ldub_phys(&address_space_memory, ov5 + 2); 1029 if (ov5_byte2 & OV5_DRCONF_MEMORY) { 1030 memory_update = true; 1031 } 1032 1033 if (spapr_h_cas_compose_response(spapr, args[1], args[2], 1034 cpu_update, memory_update)) { 1035 qemu_system_reset_request(); 1036 } 1037 1038 return H_SUCCESS; 1039 } 1040 1041 static spapr_hcall_fn papr_hypercall_table[(MAX_HCALL_OPCODE / 4) + 1]; 1042 static spapr_hcall_fn kvmppc_hypercall_table[KVMPPC_HCALL_MAX - KVMPPC_HCALL_BASE + 1]; 1043 1044 void spapr_register_hypercall(target_ulong opcode, spapr_hcall_fn fn) 1045 { 1046 spapr_hcall_fn *slot; 1047 1048 if (opcode <= MAX_HCALL_OPCODE) { 1049 assert((opcode & 0x3) == 0); 1050 1051 slot = &papr_hypercall_table[opcode / 4]; 1052 } else { 1053 assert((opcode >= KVMPPC_HCALL_BASE) && (opcode <= KVMPPC_HCALL_MAX)); 1054 1055 slot = &kvmppc_hypercall_table[opcode - KVMPPC_HCALL_BASE]; 1056 } 1057 1058 assert(!(*slot)); 1059 *slot = fn; 1060 } 1061 1062 target_ulong spapr_hypercall(PowerPCCPU *cpu, target_ulong opcode, 1063 target_ulong *args) 1064 { 1065 sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine()); 1066 1067 if ((opcode <= MAX_HCALL_OPCODE) 1068 && ((opcode & 0x3) == 0)) { 1069 spapr_hcall_fn fn = papr_hypercall_table[opcode / 4]; 1070 1071 if (fn) { 1072 return fn(cpu, spapr, opcode, args); 1073 } 1074 } else if ((opcode >= KVMPPC_HCALL_BASE) && 1075 (opcode <= KVMPPC_HCALL_MAX)) { 1076 spapr_hcall_fn fn = kvmppc_hypercall_table[opcode - KVMPPC_HCALL_BASE]; 1077 1078 if (fn) { 1079 return fn(cpu, spapr, opcode, args); 1080 } 1081 } 1082 1083 qemu_log_mask(LOG_UNIMP, "Unimplemented SPAPR hcall 0x" TARGET_FMT_lx "\n", 1084 opcode); 1085 return H_FUNCTION; 1086 } 1087 1088 static void hypercall_register_types(void) 1089 { 1090 /* hcall-pft */ 1091 spapr_register_hypercall(H_ENTER, h_enter); 1092 spapr_register_hypercall(H_REMOVE, h_remove); 1093 spapr_register_hypercall(H_PROTECT, h_protect); 1094 spapr_register_hypercall(H_READ, h_read); 1095 1096 /* hcall-bulk */ 1097 spapr_register_hypercall(H_BULK_REMOVE, h_bulk_remove); 1098 1099 /* hcall-splpar */ 1100 spapr_register_hypercall(H_REGISTER_VPA, h_register_vpa); 1101 spapr_register_hypercall(H_CEDE, h_cede); 1102 1103 /* processor register resource access h-calls */ 1104 spapr_register_hypercall(H_SET_SPRG0, h_set_sprg0); 1105 spapr_register_hypercall(H_SET_DABR, h_set_dabr); 1106 spapr_register_hypercall(H_SET_XDABR, h_set_xdabr); 1107 spapr_register_hypercall(H_PAGE_INIT, h_page_init); 1108 spapr_register_hypercall(H_SET_MODE, h_set_mode); 1109 1110 /* "debugger" hcalls (also used by SLOF). Note: We do -not- differenciate 1111 * here between the "CI" and the "CACHE" variants, they will use whatever 1112 * mapping attributes qemu is using. When using KVM, the kernel will 1113 * enforce the attributes more strongly 1114 */ 1115 spapr_register_hypercall(H_LOGICAL_CI_LOAD, h_logical_load); 1116 spapr_register_hypercall(H_LOGICAL_CI_STORE, h_logical_store); 1117 spapr_register_hypercall(H_LOGICAL_CACHE_LOAD, h_logical_load); 1118 spapr_register_hypercall(H_LOGICAL_CACHE_STORE, h_logical_store); 1119 spapr_register_hypercall(H_LOGICAL_ICBI, h_logical_icbi); 1120 spapr_register_hypercall(H_LOGICAL_DCBF, h_logical_dcbf); 1121 spapr_register_hypercall(KVMPPC_H_LOGICAL_MEMOP, h_logical_memop); 1122 1123 /* qemu/KVM-PPC specific hcalls */ 1124 spapr_register_hypercall(KVMPPC_H_RTAS, h_rtas); 1125 1126 /* ibm,client-architecture-support support */ 1127 spapr_register_hypercall(KVMPPC_H_CAS, h_client_architecture_support); 1128 } 1129 1130 type_init(hypercall_register_types) 1131