xref: /openbmc/qemu/target/hppa/mem_helper.c (revision a158c63b)
1 /*
2  *  HPPA memory access helper routines
3  *
4  *  Copyright (c) 2017 Helge Deller
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "qemu/osdep.h"
21 #include "qemu/log.h"
22 #include "cpu.h"
23 #include "exec/exec-all.h"
24 #include "exec/helper-proto.h"
25 #include "hw/core/cpu.h"
26 #include "trace.h"
27 
28 hwaddr hppa_abs_to_phys_pa2_w1(vaddr addr)
29 {
30     /*
31      * Figure H-8 "62-bit Absolute Accesses when PSW W-bit is 1" describes
32      * an algorithm in which a 62-bit absolute address is transformed to
33      * a 64-bit physical address.  This must then be combined with that
34      * pictured in Figure H-11 "Physical Address Space Mapping", in which
35      * the full physical address is truncated to the N-bit physical address
36      * supported by the implementation.
37      *
38      * Since the supported physical address space is below 54 bits, the
39      * H-8 algorithm is moot and all that is left is to truncate.
40      */
41     QEMU_BUILD_BUG_ON(TARGET_PHYS_ADDR_SPACE_BITS > 54);
42     return sextract64(addr, 0, TARGET_PHYS_ADDR_SPACE_BITS);
43 }
44 
45 hwaddr hppa_abs_to_phys_pa2_w0(vaddr addr)
46 {
47     /*
48      * See Figure H-10, "Absolute Accesses when PSW W-bit is 0",
49      * combined with Figure H-11, as above.
50      */
51     if (likely(extract32(addr, 28, 4) != 0xf)) {
52         /* Memory address space */
53         addr = (uint32_t)addr;
54     } else if (extract32(addr, 24, 4) != 0) {
55         /* I/O address space */
56         addr = (int32_t)addr;
57     } else {
58         /*
59          * PDC address space:
60          * Figures H-10 and H-11 of the parisc2.0 spec do not specify
61          * where to map into the 64-bit PDC address space.
62          * We map with an offset which equals the 32-bit address, which
63          * is what can be seen on physical machines too.
64          */
65         addr = (uint32_t)addr;
66         addr |= -1ull << (TARGET_PHYS_ADDR_SPACE_BITS - 4);
67     }
68     return addr;
69 }
70 
71 static HPPATLBEntry *hppa_find_tlb(CPUHPPAState *env, vaddr addr)
72 {
73     IntervalTreeNode *i = interval_tree_iter_first(&env->tlb_root, addr, addr);
74 
75     if (i) {
76         HPPATLBEntry *ent = container_of(i, HPPATLBEntry, itree);
77         trace_hppa_tlb_find_entry(env, ent, ent->entry_valid,
78                                   ent->itree.start, ent->itree.last, ent->pa);
79         return ent;
80     }
81     trace_hppa_tlb_find_entry_not_found(env, addr);
82     return NULL;
83 }
84 
85 static void hppa_flush_tlb_ent(CPUHPPAState *env, HPPATLBEntry *ent,
86                                bool force_flush_btlb)
87 {
88     CPUState *cs = env_cpu(env);
89     bool is_btlb;
90 
91     if (!ent->entry_valid) {
92         return;
93     }
94 
95     trace_hppa_tlb_flush_ent(env, ent, ent->itree.start,
96                              ent->itree.last, ent->pa);
97 
98     tlb_flush_range_by_mmuidx(cs, ent->itree.start,
99                               ent->itree.last - ent->itree.start + 1,
100                               HPPA_MMU_FLUSH_MASK, TARGET_LONG_BITS);
101 
102     /* Never clear BTLBs, unless forced to do so. */
103     is_btlb = ent < &env->tlb[HPPA_BTLB_ENTRIES(env)];
104     if (is_btlb && !force_flush_btlb) {
105         return;
106     }
107 
108     interval_tree_remove(&ent->itree, &env->tlb_root);
109     memset(ent, 0, sizeof(*ent));
110 
111     if (!is_btlb) {
112         ent->unused_next = env->tlb_unused;
113         env->tlb_unused = ent;
114     }
115 }
116 
117 static void hppa_flush_tlb_range(CPUHPPAState *env, vaddr va_b, vaddr va_e)
118 {
119     IntervalTreeNode *i, *n;
120 
121     i = interval_tree_iter_first(&env->tlb_root, va_b, va_e);
122     for (; i ; i = n) {
123         HPPATLBEntry *ent = container_of(i, HPPATLBEntry, itree);
124 
125         /*
126          * Find the next entry now: In the normal case the current entry
127          * will be removed, but in the BTLB case it will remain.
128          */
129         n = interval_tree_iter_next(i, va_b, va_e);
130         hppa_flush_tlb_ent(env, ent, false);
131     }
132 }
133 
134 static HPPATLBEntry *hppa_alloc_tlb_ent(CPUHPPAState *env)
135 {
136     HPPATLBEntry *ent = env->tlb_unused;
137 
138     if (ent == NULL) {
139         uint32_t btlb_entries = HPPA_BTLB_ENTRIES(env);
140         uint32_t i = env->tlb_last;
141 
142         if (i < btlb_entries || i >= ARRAY_SIZE(env->tlb)) {
143             i = btlb_entries;
144         }
145         env->tlb_last = i + 1;
146 
147         ent = &env->tlb[i];
148         hppa_flush_tlb_ent(env, ent, false);
149     }
150 
151     env->tlb_unused = ent->unused_next;
152     return ent;
153 }
154 
155 #define ACCESS_ID_MASK 0xffff
156 
157 /* Return the set of protections allowed by a PID match. */
158 static int match_prot_id_1(uint32_t access_id, uint32_t prot_id)
159 {
160     if (((access_id ^ (prot_id >> 1)) & ACCESS_ID_MASK) == 0) {
161         return (prot_id & 1
162                 ? PAGE_EXEC | PAGE_READ
163                 : PAGE_EXEC | PAGE_READ | PAGE_WRITE);
164     }
165     return 0;
166 }
167 
168 static int match_prot_id32(CPUHPPAState *env, uint32_t access_id)
169 {
170     int r, i;
171 
172     for (i = CR_PID1; i <= CR_PID4; ++i) {
173         r = match_prot_id_1(access_id, env->cr[i]);
174         if (r) {
175             return r;
176         }
177     }
178     return 0;
179 }
180 
181 static int match_prot_id64(CPUHPPAState *env, uint32_t access_id)
182 {
183     int r, i;
184 
185     for (i = CR_PID1; i <= CR_PID4; ++i) {
186         r = match_prot_id_1(access_id, env->cr[i]);
187         if (r) {
188             return r;
189         }
190         r = match_prot_id_1(access_id, env->cr[i] >> 32);
191         if (r) {
192             return r;
193         }
194     }
195     return 0;
196 }
197 
198 int hppa_get_physical_address(CPUHPPAState *env, vaddr addr, int mmu_idx,
199                               int type, hwaddr *pphys, int *pprot,
200                               HPPATLBEntry **tlb_entry)
201 {
202     hwaddr phys;
203     int prot, r_prot, w_prot, x_prot, priv;
204     HPPATLBEntry *ent;
205     int ret = -1;
206 
207     if (tlb_entry) {
208         *tlb_entry = NULL;
209     }
210 
211     /* Virtual translation disabled.  Map absolute to physical.  */
212     if (MMU_IDX_MMU_DISABLED(mmu_idx)) {
213         switch (mmu_idx) {
214         case MMU_ABS_W_IDX:
215             phys = hppa_abs_to_phys_pa2_w1(addr);
216             break;
217         case MMU_ABS_IDX:
218             if (hppa_is_pa20(env)) {
219                 phys = hppa_abs_to_phys_pa2_w0(addr);
220             } else {
221                 phys = (uint32_t)addr;
222             }
223             break;
224         default:
225             g_assert_not_reached();
226         }
227         prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
228         goto egress;
229     }
230 
231     /* Find a valid tlb entry that matches the virtual address.  */
232     ent = hppa_find_tlb(env, addr);
233     if (ent == NULL) {
234         phys = 0;
235         prot = 0;
236         ret = (type == PAGE_EXEC) ? EXCP_ITLB_MISS : EXCP_DTLB_MISS;
237         goto egress;
238     }
239 
240     if (tlb_entry) {
241         *tlb_entry = ent;
242     }
243 
244     /* We now know the physical address.  */
245     phys = ent->pa + (addr - ent->itree.start);
246 
247     /* Map TLB access_rights field to QEMU protection.  */
248     priv = MMU_IDX_TO_PRIV(mmu_idx);
249     r_prot = (priv <= ent->ar_pl1) * PAGE_READ;
250     w_prot = (priv <= ent->ar_pl2) * PAGE_WRITE;
251     x_prot = (ent->ar_pl2 <= priv && priv <= ent->ar_pl1) * PAGE_EXEC;
252     switch (ent->ar_type) {
253     case 0: /* read-only: data page */
254         prot = r_prot;
255         break;
256     case 1: /* read/write: dynamic data page */
257         prot = r_prot | w_prot;
258         break;
259     case 2: /* read/execute: normal code page */
260         prot = r_prot | x_prot;
261         break;
262     case 3: /* read/write/execute: dynamic code page */
263         prot = r_prot | w_prot | x_prot;
264         break;
265     default: /* execute: promote to privilege level type & 3 */
266         prot = x_prot;
267         break;
268     }
269 
270     /*
271      * No guest access type indicates a non-architectural access from
272      * within QEMU.  Bypass checks for access, D, B, P and T bits.
273      */
274     if (type == 0) {
275         goto egress;
276     }
277 
278     /* access_id == 0 means public page and no check is performed */
279     if (ent->access_id && MMU_IDX_TO_P(mmu_idx)) {
280         int access_prot = (hppa_is_pa20(env)
281                            ? match_prot_id64(env, ent->access_id)
282                            : match_prot_id32(env, ent->access_id));
283         if (unlikely(!(type & access_prot))) {
284             /* Not allowed -- Inst/Data Memory Protection Id Fault. */
285             ret = type & PAGE_EXEC ? EXCP_IMP : EXCP_DMPI;
286             goto egress;
287         }
288         /* Otherwise exclude permissions not allowed (i.e WD). */
289         prot &= access_prot;
290     }
291 
292     if (unlikely(!(prot & type))) {
293         /* Not allowed -- Inst/Data Memory Access Rights Fault. */
294         ret = (type & PAGE_EXEC) ? EXCP_IMP : EXCP_DMAR;
295         goto egress;
296     }
297 
298     /* In reverse priority order, check for conditions which raise faults.
299        As we go, remove PROT bits that cover the condition we want to check.
300        In this way, the resulting PROT will force a re-check of the
301        architectural TLB entry for the next access.  */
302     if (unlikely(!ent->d)) {
303         if (type & PAGE_WRITE) {
304             /* The D bit is not set -- TLB Dirty Bit Fault.  */
305             ret = EXCP_TLB_DIRTY;
306         }
307         prot &= PAGE_READ | PAGE_EXEC;
308     }
309     if (unlikely(ent->b)) {
310         if (type & PAGE_WRITE) {
311             /* The B bit is set -- Data Memory Break Fault.  */
312             ret = EXCP_DMB;
313         }
314         prot &= PAGE_READ | PAGE_EXEC;
315     }
316     if (unlikely(ent->t)) {
317         if (!(type & PAGE_EXEC)) {
318             /* The T bit is set -- Page Reference Fault.  */
319             ret = EXCP_PAGE_REF;
320         }
321         prot &= PAGE_EXEC;
322     }
323 
324  egress:
325     *pphys = phys;
326     *pprot = prot;
327     trace_hppa_tlb_get_physical_address(env, ret, prot, addr, phys);
328     return ret;
329 }
330 
331 hwaddr hppa_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
332 {
333     HPPACPU *cpu = HPPA_CPU(cs);
334     hwaddr phys;
335     int prot, excp, mmu_idx;
336 
337     /* If the (data) mmu is disabled, bypass translation.  */
338     /* ??? We really ought to know if the code mmu is disabled too,
339        in order to get the correct debugging dumps.  */
340     mmu_idx = (cpu->env.psw & PSW_D ? MMU_KERNEL_IDX :
341                cpu->env.psw & PSW_W ? MMU_ABS_W_IDX : MMU_ABS_IDX);
342 
343     excp = hppa_get_physical_address(&cpu->env, addr, mmu_idx, 0,
344                                      &phys, &prot, NULL);
345 
346     /* Since we're translating for debugging, the only error that is a
347        hard error is no translation at all.  Otherwise, while a real cpu
348        access might not have permission, the debugger does.  */
349     return excp == EXCP_DTLB_MISS ? -1 : phys;
350 }
351 
352 void hppa_set_ior_and_isr(CPUHPPAState *env, vaddr addr, bool mmu_disabled)
353 {
354     if (env->psw & PSW_Q) {
355         /*
356          * For pa1.x, the offset and space never overlap, and so we
357          * simply extract the high and low part of the virtual address.
358          *
359          * For pa2.0, the formation of these are described in section
360          * "Interruption Parameter Registers", page 2-15.
361          */
362         env->cr[CR_IOR] = (uint32_t)addr;
363         env->cr[CR_ISR] = addr >> 32;
364 
365         if (hppa_is_pa20(env)) {
366             if (mmu_disabled) {
367                 /*
368                  * If data translation was disabled, the ISR contains
369                  * the upper portion of the abs address, zero-extended.
370                  */
371                 env->cr[CR_ISR] &= 0x3fffffff;
372             } else {
373                 /*
374                  * If data translation was enabled, the upper two bits
375                  * of the IOR (the b field) are equal to the two space
376                  * bits from the base register used to form the gva.
377                  */
378                 uint64_t b;
379 
380                 b = env->unwind_breg ? env->gr[env->unwind_breg] : 0;
381                 b >>= (env->psw & PSW_W ? 62 : 30);
382                 env->cr[CR_IOR] |= b << 62;
383             }
384         }
385     }
386 }
387 
388 G_NORETURN static void
389 raise_exception_with_ior(CPUHPPAState *env, int excp, uintptr_t retaddr,
390                          vaddr addr, bool mmu_disabled)
391 {
392     CPUState *cs = env_cpu(env);
393 
394     cs->exception_index = excp;
395     cpu_restore_state(cs, retaddr);
396     hppa_set_ior_and_isr(env, addr, mmu_disabled);
397 
398     cpu_loop_exit(cs);
399 }
400 
401 void hppa_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
402                                      vaddr addr, unsigned size,
403                                      MMUAccessType access_type,
404                                      int mmu_idx, MemTxAttrs attrs,
405                                      MemTxResult response, uintptr_t retaddr)
406 {
407     CPUHPPAState *env = cpu_env(cs);
408 
409     qemu_log_mask(LOG_GUEST_ERROR, "HPMC at " TARGET_FMT_lx ":" TARGET_FMT_lx
410                 " while accessing I/O at %#08" HWADDR_PRIx "\n",
411                 env->iasq_f, env->iaoq_f, physaddr);
412 
413     /* FIXME: Enable HPMC exceptions when firmware has clean device probing */
414     if (0) {
415         raise_exception_with_ior(env, EXCP_HPMC, retaddr, addr,
416                                  MMU_IDX_MMU_DISABLED(mmu_idx));
417     }
418 }
419 
420 bool hppa_cpu_tlb_fill(CPUState *cs, vaddr addr, int size,
421                        MMUAccessType type, int mmu_idx,
422                        bool probe, uintptr_t retaddr)
423 {
424     HPPACPU *cpu = HPPA_CPU(cs);
425     CPUHPPAState *env = &cpu->env;
426     HPPATLBEntry *ent;
427     int prot, excp, a_prot;
428     hwaddr phys;
429 
430     switch (type) {
431     case MMU_INST_FETCH:
432         a_prot = PAGE_EXEC;
433         break;
434     case MMU_DATA_STORE:
435         a_prot = PAGE_WRITE;
436         break;
437     default:
438         a_prot = PAGE_READ;
439         break;
440     }
441 
442     excp = hppa_get_physical_address(env, addr, mmu_idx,
443                                      a_prot, &phys, &prot, &ent);
444     if (unlikely(excp >= 0)) {
445         if (probe) {
446             return false;
447         }
448         trace_hppa_tlb_fill_excp(env, addr, size, type, mmu_idx);
449 
450         /* Failure.  Raise the indicated exception.  */
451         raise_exception_with_ior(env, excp, retaddr, addr,
452                                  MMU_IDX_MMU_DISABLED(mmu_idx));
453     }
454 
455     trace_hppa_tlb_fill_success(env, addr & TARGET_PAGE_MASK,
456                                 phys & TARGET_PAGE_MASK, size, type, mmu_idx);
457 
458     /*
459      * Success!  Store the translation into the QEMU TLB.
460      * Note that we always install a single-page entry, because that
461      * is what works best with softmmu -- anything else will trigger
462      * the large page protection mask.  We do not require this,
463      * because we record the large page here in the hppa tlb.
464      */
465     tlb_set_page(cs, addr & TARGET_PAGE_MASK, phys & TARGET_PAGE_MASK,
466                  prot, mmu_idx, TARGET_PAGE_SIZE);
467     return true;
468 }
469 
470 /* Insert (Insn/Data) TLB Address.  Note this is PA 1.1 only.  */
471 void HELPER(itlba_pa11)(CPUHPPAState *env, target_ulong addr, target_ulong reg)
472 {
473     HPPATLBEntry *ent;
474 
475     /* Zap any old entries covering ADDR. */
476     addr &= TARGET_PAGE_MASK;
477     hppa_flush_tlb_range(env, addr, addr + TARGET_PAGE_SIZE - 1);
478 
479     ent = env->tlb_partial;
480     if (ent == NULL) {
481         ent = hppa_alloc_tlb_ent(env);
482         env->tlb_partial = ent;
483     }
484 
485     /* Note that ent->entry_valid == 0 already.  */
486     ent->itree.start = addr;
487     ent->itree.last = addr + TARGET_PAGE_SIZE - 1;
488     ent->pa = extract32(reg, 5, 20) << TARGET_PAGE_BITS;
489     trace_hppa_tlb_itlba(env, ent, ent->itree.start, ent->itree.last, ent->pa);
490 }
491 
492 static void set_access_bits_pa11(CPUHPPAState *env, HPPATLBEntry *ent,
493                                  target_ulong reg)
494 {
495     ent->access_id = extract32(reg, 1, 18);
496     ent->u = extract32(reg, 19, 1);
497     ent->ar_pl2 = extract32(reg, 20, 2);
498     ent->ar_pl1 = extract32(reg, 22, 2);
499     ent->ar_type = extract32(reg, 24, 3);
500     ent->b = extract32(reg, 27, 1);
501     ent->d = extract32(reg, 28, 1);
502     ent->t = extract32(reg, 29, 1);
503     ent->entry_valid = 1;
504 
505     interval_tree_insert(&ent->itree, &env->tlb_root);
506     trace_hppa_tlb_itlbp(env, ent, ent->access_id, ent->u, ent->ar_pl2,
507                          ent->ar_pl1, ent->ar_type, ent->b, ent->d, ent->t);
508 }
509 
510 /* Insert (Insn/Data) TLB Protection.  Note this is PA 1.1 only.  */
511 void HELPER(itlbp_pa11)(CPUHPPAState *env, target_ulong addr, target_ulong reg)
512 {
513     HPPATLBEntry *ent = env->tlb_partial;
514 
515     if (ent) {
516         env->tlb_partial = NULL;
517         if (ent->itree.start <= addr && addr <= ent->itree.last) {
518             set_access_bits_pa11(env, ent, reg);
519             return;
520         }
521     }
522     qemu_log_mask(LOG_GUEST_ERROR, "ITLBP not following ITLBA\n");
523 }
524 
525 static void itlbt_pa20(CPUHPPAState *env, target_ulong r1,
526                        target_ulong r2, vaddr va_b)
527 {
528     HPPATLBEntry *ent;
529     vaddr va_e;
530     uint64_t va_size;
531     int mask_shift;
532 
533     mask_shift = 2 * (r1 & 0xf);
534     va_size = (uint64_t)TARGET_PAGE_SIZE << mask_shift;
535     va_b &= -va_size;
536     va_e = va_b + va_size - 1;
537 
538     hppa_flush_tlb_range(env, va_b, va_e);
539     ent = hppa_alloc_tlb_ent(env);
540 
541     ent->itree.start = va_b;
542     ent->itree.last = va_e;
543 
544     /* Extract all 52 bits present in the page table entry. */
545     ent->pa = r1 << (TARGET_PAGE_BITS - 5);
546     /* Align per the page size. */
547     ent->pa &= TARGET_PAGE_MASK << mask_shift;
548     /* Ignore the bits beyond physical address space. */
549     ent->pa = sextract64(ent->pa, 0, TARGET_PHYS_ADDR_SPACE_BITS);
550 
551     ent->t = extract64(r2, 61, 1);
552     ent->d = extract64(r2, 60, 1);
553     ent->b = extract64(r2, 59, 1);
554     ent->ar_type = extract64(r2, 56, 3);
555     ent->ar_pl1 = extract64(r2, 54, 2);
556     ent->ar_pl2 = extract64(r2, 52, 2);
557     ent->u = extract64(r2, 51, 1);
558     /* o = bit 50 */
559     /* p = bit 49 */
560     ent->access_id = extract64(r2, 1, 31);
561     ent->entry_valid = 1;
562 
563     interval_tree_insert(&ent->itree, &env->tlb_root);
564     trace_hppa_tlb_itlba(env, ent, ent->itree.start, ent->itree.last, ent->pa);
565     trace_hppa_tlb_itlbp(env, ent, ent->access_id, ent->u,
566                          ent->ar_pl2, ent->ar_pl1, ent->ar_type,
567                          ent->b, ent->d, ent->t);
568 }
569 
570 void HELPER(idtlbt_pa20)(CPUHPPAState *env, target_ulong r1, target_ulong r2)
571 {
572     vaddr va_b = deposit64(env->cr[CR_IOR], 32, 32, env->cr[CR_ISR]);
573     itlbt_pa20(env, r1, r2, va_b);
574 }
575 
576 void HELPER(iitlbt_pa20)(CPUHPPAState *env, target_ulong r1, target_ulong r2)
577 {
578     vaddr va_b = deposit64(env->cr[CR_IIAOQ], 32, 32, env->cr[CR_IIASQ]);
579     itlbt_pa20(env, r1, r2, va_b);
580 }
581 
582 /* Purge (Insn/Data) TLB. */
583 static void ptlb_work(CPUState *cpu, run_on_cpu_data data)
584 {
585     vaddr start = data.target_ptr;
586     vaddr end;
587 
588     /*
589      * PA2.0 allows a range of pages encoded into GR[b], which we have
590      * copied into the bottom bits of the otherwise page-aligned address.
591      * PA1.x will always provide zero here, for a single page flush.
592      */
593     end = start & 0xf;
594     start &= TARGET_PAGE_MASK;
595     end = (vaddr)TARGET_PAGE_SIZE << (2 * end);
596     end = start + end - 1;
597 
598     hppa_flush_tlb_range(cpu_env(cpu), start, end);
599 }
600 
601 /* This is local to the current cpu. */
602 void HELPER(ptlb_l)(CPUHPPAState *env, target_ulong addr)
603 {
604     trace_hppa_tlb_ptlb_local(env);
605     ptlb_work(env_cpu(env), RUN_ON_CPU_TARGET_PTR(addr));
606 }
607 
608 /* This is synchronous across all processors.  */
609 void HELPER(ptlb)(CPUHPPAState *env, target_ulong addr)
610 {
611     CPUState *src = env_cpu(env);
612     CPUState *cpu;
613     bool wait = false;
614 
615     trace_hppa_tlb_ptlb(env);
616     run_on_cpu_data data = RUN_ON_CPU_TARGET_PTR(addr);
617 
618     CPU_FOREACH(cpu) {
619         if (cpu != src) {
620             async_run_on_cpu(cpu, ptlb_work, data);
621             wait = true;
622         }
623     }
624     if (wait) {
625         async_safe_run_on_cpu(src, ptlb_work, data);
626     } else {
627         ptlb_work(src, data);
628     }
629 }
630 
631 void hppa_ptlbe(CPUHPPAState *env)
632 {
633     uint32_t btlb_entries = HPPA_BTLB_ENTRIES(env);
634     uint32_t i;
635 
636     /* Zap the (non-btlb) tlb entries themselves. */
637     memset(&env->tlb[btlb_entries], 0,
638            sizeof(env->tlb) - btlb_entries * sizeof(env->tlb[0]));
639     env->tlb_last = btlb_entries;
640     env->tlb_partial = NULL;
641 
642     /* Put them all onto the unused list. */
643     env->tlb_unused = &env->tlb[btlb_entries];
644     for (i = btlb_entries; i < ARRAY_SIZE(env->tlb) - 1; ++i) {
645         env->tlb[i].unused_next = &env->tlb[i + 1];
646     }
647 
648     /* Re-initialize the interval tree with only the btlb entries. */
649     memset(&env->tlb_root, 0, sizeof(env->tlb_root));
650     for (i = 0; i < btlb_entries; ++i) {
651         if (env->tlb[i].entry_valid) {
652             interval_tree_insert(&env->tlb[i].itree, &env->tlb_root);
653         }
654     }
655 
656     tlb_flush_by_mmuidx(env_cpu(env), HPPA_MMU_FLUSH_MASK);
657 }
658 
659 /* Purge (Insn/Data) TLB entry.  This affects an implementation-defined
660    number of pages/entries (we choose all), and is local to the cpu.  */
661 void HELPER(ptlbe)(CPUHPPAState *env)
662 {
663     trace_hppa_tlb_ptlbe(env);
664     qemu_log_mask(CPU_LOG_MMU, "FLUSH ALL TLB ENTRIES\n");
665     hppa_ptlbe(env);
666 }
667 
668 void cpu_hppa_change_prot_id(CPUHPPAState *env)
669 {
670     tlb_flush_by_mmuidx(env_cpu(env), HPPA_MMU_FLUSH_P_MASK);
671 }
672 
673 void HELPER(change_prot_id)(CPUHPPAState *env)
674 {
675     cpu_hppa_change_prot_id(env);
676 }
677 
678 target_ulong HELPER(lpa)(CPUHPPAState *env, target_ulong addr)
679 {
680     hwaddr phys;
681     int prot, excp;
682 
683     excp = hppa_get_physical_address(env, addr, MMU_KERNEL_IDX, 0,
684                                      &phys, &prot, NULL);
685     if (excp >= 0) {
686         if (excp == EXCP_DTLB_MISS) {
687             excp = EXCP_NA_DTLB_MISS;
688         }
689         trace_hppa_tlb_lpa_failed(env, addr);
690         raise_exception_with_ior(env, excp, GETPC(), addr, false);
691     }
692     trace_hppa_tlb_lpa_success(env, addr, phys);
693     return phys;
694 }
695 
696 /* Return the ar_type of the TLB at VADDR, or -1.  */
697 int hppa_artype_for_page(CPUHPPAState *env, target_ulong vaddr)
698 {
699     HPPATLBEntry *ent = hppa_find_tlb(env, vaddr);
700     return ent ? ent->ar_type : -1;
701 }
702 
703 /*
704  * diag_btlb() emulates the PDC PDC_BLOCK_TLB firmware call to
705  * allow operating systems to modify the Block TLB (BTLB) entries.
706  * For implementation details see page 1-13 in
707  * https://parisc.wiki.kernel.org/images-parisc/e/ef/Pdc11-v0.96-Ch1-procs.pdf
708  */
709 void HELPER(diag_btlb)(CPUHPPAState *env)
710 {
711     unsigned int phys_page, len, slot;
712     int mmu_idx = cpu_mmu_index(env_cpu(env), 0);
713     uintptr_t ra = GETPC();
714     HPPATLBEntry *btlb;
715     uint64_t virt_page;
716     uint32_t *vaddr;
717     uint32_t btlb_entries = HPPA_BTLB_ENTRIES(env);
718 
719     /* BTLBs are not supported on 64-bit CPUs */
720     if (btlb_entries == 0) {
721         env->gr[28] = -1; /* nonexistent procedure */
722         return;
723     }
724 
725     env->gr[28] = 0; /* PDC_OK */
726 
727     switch (env->gr[25]) {
728     case 0:
729         /* return BTLB parameters */
730         qemu_log_mask(CPU_LOG_MMU, "PDC_BLOCK_TLB: PDC_BTLB_INFO\n");
731         vaddr = probe_access(env, env->gr[24], 4 * sizeof(uint32_t),
732                              MMU_DATA_STORE, mmu_idx, ra);
733         if (vaddr == NULL) {
734             env->gr[28] = -10; /* invalid argument */
735         } else {
736             vaddr[0] = cpu_to_be32(1);
737             vaddr[1] = cpu_to_be32(16 * 1024);
738             vaddr[2] = cpu_to_be32(PA10_BTLB_FIXED);
739             vaddr[3] = cpu_to_be32(PA10_BTLB_VARIABLE);
740         }
741         break;
742     case 1:
743         /* insert BTLB entry */
744         virt_page = env->gr[24];        /* upper 32 bits */
745         virt_page <<= 32;
746         virt_page |= env->gr[23];       /* lower 32 bits */
747         phys_page = env->gr[22];
748         len = env->gr[21];
749         slot = env->gr[19];
750         qemu_log_mask(CPU_LOG_MMU, "PDC_BLOCK_TLB: PDC_BTLB_INSERT "
751                     "0x%08llx-0x%08llx: vpage 0x%llx for phys page 0x%04x len %d "
752                     "into slot %d\n",
753                     (long long) virt_page << TARGET_PAGE_BITS,
754                     (long long) (virt_page + len) << TARGET_PAGE_BITS,
755                     (long long) virt_page, phys_page, len, slot);
756         if (slot < btlb_entries) {
757             btlb = &env->tlb[slot];
758 
759             /* Force flush of possibly existing BTLB entry. */
760             hppa_flush_tlb_ent(env, btlb, true);
761 
762             /* Create new BTLB entry */
763             btlb->itree.start = virt_page << TARGET_PAGE_BITS;
764             btlb->itree.last = btlb->itree.start + len * TARGET_PAGE_SIZE - 1;
765             btlb->pa = phys_page << TARGET_PAGE_BITS;
766             set_access_bits_pa11(env, btlb, env->gr[20]);
767             btlb->t = 0;
768             btlb->d = 1;
769         } else {
770             env->gr[28] = -10; /* invalid argument */
771         }
772         break;
773     case 2:
774         /* Purge BTLB entry */
775         slot = env->gr[22];
776         qemu_log_mask(CPU_LOG_MMU, "PDC_BLOCK_TLB: PDC_BTLB_PURGE slot %d\n",
777                                     slot);
778         if (slot < btlb_entries) {
779             btlb = &env->tlb[slot];
780             hppa_flush_tlb_ent(env, btlb, true);
781         } else {
782             env->gr[28] = -10; /* invalid argument */
783         }
784         break;
785     case 3:
786         /* Purge all BTLB entries */
787         qemu_log_mask(CPU_LOG_MMU, "PDC_BLOCK_TLB: PDC_BTLB_PURGE_ALL\n");
788         for (slot = 0; slot < btlb_entries; slot++) {
789             btlb = &env->tlb[slot];
790             hppa_flush_tlb_ent(env, btlb, true);
791         }
792         break;
793     default:
794         env->gr[28] = -2; /* nonexistent option */
795         break;
796     }
797 }
798