1 /* 2 * HPPA memory access helper routines 3 * 4 * Copyright (c) 2017 Helge Deller 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 */ 19 20 #include "qemu/osdep.h" 21 #include "qemu/log.h" 22 #include "cpu.h" 23 #include "exec/exec-all.h" 24 #include "exec/helper-proto.h" 25 #include "hw/core/cpu.h" 26 #include "trace.h" 27 28 static hppa_tlb_entry *hppa_find_tlb(CPUHPPAState *env, vaddr addr) 29 { 30 int i; 31 32 for (i = 0; i < ARRAY_SIZE(env->tlb); ++i) { 33 hppa_tlb_entry *ent = &env->tlb[i]; 34 if (ent->va_b <= addr && addr <= ent->va_e) { 35 trace_hppa_tlb_find_entry(env, ent + i, ent->entry_valid, 36 ent->va_b, ent->va_e, ent->pa); 37 return ent; 38 } 39 } 40 trace_hppa_tlb_find_entry_not_found(env, addr); 41 return NULL; 42 } 43 44 static void hppa_flush_tlb_ent(CPUHPPAState *env, hppa_tlb_entry *ent) 45 { 46 CPUState *cs = env_cpu(env); 47 unsigned i, n = 1 << (2 * ent->page_size); 48 uint64_t addr = ent->va_b; 49 50 trace_hppa_tlb_flush_ent(env, ent, ent->va_b, ent->va_e, ent->pa); 51 52 for (i = 0; i < n; ++i, addr += TARGET_PAGE_SIZE) { 53 tlb_flush_page_by_mmuidx(cs, addr, HPPA_MMU_FLUSH_MASK); 54 } 55 56 memset(ent, 0, sizeof(*ent)); 57 ent->va_b = -1; 58 } 59 60 static hppa_tlb_entry *hppa_alloc_tlb_ent(CPUHPPAState *env) 61 { 62 hppa_tlb_entry *ent; 63 uint32_t i = env->tlb_last; 64 65 env->tlb_last = (i == ARRAY_SIZE(env->tlb) - 1 ? 0 : i + 1); 66 ent = &env->tlb[i]; 67 68 hppa_flush_tlb_ent(env, ent); 69 return ent; 70 } 71 72 int hppa_get_physical_address(CPUHPPAState *env, vaddr addr, int mmu_idx, 73 int type, hwaddr *pphys, int *pprot) 74 { 75 hwaddr phys; 76 int prot, r_prot, w_prot, x_prot, priv; 77 hppa_tlb_entry *ent; 78 int ret = -1; 79 80 /* Virtual translation disabled. Direct map virtual to physical. */ 81 if (mmu_idx == MMU_PHYS_IDX) { 82 phys = addr; 83 prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; 84 goto egress; 85 } 86 87 /* Find a valid tlb entry that matches the virtual address. */ 88 ent = hppa_find_tlb(env, addr); 89 if (ent == NULL || !ent->entry_valid) { 90 phys = 0; 91 prot = 0; 92 ret = (type == PAGE_EXEC) ? EXCP_ITLB_MISS : EXCP_DTLB_MISS; 93 goto egress; 94 } 95 96 /* We now know the physical address. */ 97 phys = ent->pa + (addr & ~TARGET_PAGE_MASK); 98 99 /* Map TLB access_rights field to QEMU protection. */ 100 priv = MMU_IDX_TO_PRIV(mmu_idx); 101 r_prot = (priv <= ent->ar_pl1) * PAGE_READ; 102 w_prot = (priv <= ent->ar_pl2) * PAGE_WRITE; 103 x_prot = (ent->ar_pl2 <= priv && priv <= ent->ar_pl1) * PAGE_EXEC; 104 switch (ent->ar_type) { 105 case 0: /* read-only: data page */ 106 prot = r_prot; 107 break; 108 case 1: /* read/write: dynamic data page */ 109 prot = r_prot | w_prot; 110 break; 111 case 2: /* read/execute: normal code page */ 112 prot = r_prot | x_prot; 113 break; 114 case 3: /* read/write/execute: dynamic code page */ 115 prot = r_prot | w_prot | x_prot; 116 break; 117 default: /* execute: promote to privilege level type & 3 */ 118 prot = x_prot; 119 break; 120 } 121 122 /* access_id == 0 means public page and no check is performed */ 123 if ((env->psw & PSW_P) && ent->access_id) { 124 /* If bits [31:1] match, and bit 0 is set, suppress write. */ 125 int match = ent->access_id * 2 + 1; 126 127 if (match == env->cr[CR_PID1] || match == env->cr[CR_PID2] || 128 match == env->cr[CR_PID3] || match == env->cr[CR_PID4]) { 129 prot &= PAGE_READ | PAGE_EXEC; 130 if (type == PAGE_WRITE) { 131 ret = EXCP_DMPI; 132 goto egress; 133 } 134 } 135 } 136 137 /* No guest access type indicates a non-architectural access from 138 within QEMU. Bypass checks for access, D, B and T bits. */ 139 if (type == 0) { 140 goto egress; 141 } 142 143 if (unlikely(!(prot & type))) { 144 /* The access isn't allowed -- Inst/Data Memory Protection Fault. */ 145 ret = (type & PAGE_EXEC) ? EXCP_IMP : EXCP_DMAR; 146 goto egress; 147 } 148 149 /* In reverse priority order, check for conditions which raise faults. 150 As we go, remove PROT bits that cover the condition we want to check. 151 In this way, the resulting PROT will force a re-check of the 152 architectural TLB entry for the next access. */ 153 if (unlikely(!ent->d)) { 154 if (type & PAGE_WRITE) { 155 /* The D bit is not set -- TLB Dirty Bit Fault. */ 156 ret = EXCP_TLB_DIRTY; 157 } 158 prot &= PAGE_READ | PAGE_EXEC; 159 } 160 if (unlikely(ent->b)) { 161 if (type & PAGE_WRITE) { 162 /* The B bit is set -- Data Memory Break Fault. */ 163 ret = EXCP_DMB; 164 } 165 prot &= PAGE_READ | PAGE_EXEC; 166 } 167 if (unlikely(ent->t)) { 168 if (!(type & PAGE_EXEC)) { 169 /* The T bit is set -- Page Reference Fault. */ 170 ret = EXCP_PAGE_REF; 171 } 172 prot &= PAGE_EXEC; 173 } 174 175 egress: 176 *pphys = phys; 177 *pprot = prot; 178 trace_hppa_tlb_get_physical_address(env, ret, prot, addr, phys); 179 return ret; 180 } 181 182 hwaddr hppa_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) 183 { 184 HPPACPU *cpu = HPPA_CPU(cs); 185 hwaddr phys; 186 int prot, excp; 187 188 /* If the (data) mmu is disabled, bypass translation. */ 189 /* ??? We really ought to know if the code mmu is disabled too, 190 in order to get the correct debugging dumps. */ 191 if (!(cpu->env.psw & PSW_D)) { 192 return addr; 193 } 194 195 excp = hppa_get_physical_address(&cpu->env, addr, MMU_KERNEL_IDX, 0, 196 &phys, &prot); 197 198 /* Since we're translating for debugging, the only error that is a 199 hard error is no translation at all. Otherwise, while a real cpu 200 access might not have permission, the debugger does. */ 201 return excp == EXCP_DTLB_MISS ? -1 : phys; 202 } 203 204 bool hppa_cpu_tlb_fill(CPUState *cs, vaddr addr, int size, 205 MMUAccessType type, int mmu_idx, 206 bool probe, uintptr_t retaddr) 207 { 208 HPPACPU *cpu = HPPA_CPU(cs); 209 CPUHPPAState *env = &cpu->env; 210 int prot, excp, a_prot; 211 hwaddr phys; 212 213 switch (type) { 214 case MMU_INST_FETCH: 215 a_prot = PAGE_EXEC; 216 break; 217 case MMU_DATA_STORE: 218 a_prot = PAGE_WRITE; 219 break; 220 default: 221 a_prot = PAGE_READ; 222 break; 223 } 224 225 excp = hppa_get_physical_address(env, addr, mmu_idx, 226 a_prot, &phys, &prot); 227 if (unlikely(excp >= 0)) { 228 if (probe) { 229 return false; 230 } 231 trace_hppa_tlb_fill_excp(env, addr, size, type, mmu_idx); 232 /* Failure. Raise the indicated exception. */ 233 cs->exception_index = excp; 234 if (cpu->env.psw & PSW_Q) { 235 /* ??? Needs tweaking for hppa64. */ 236 cpu->env.cr[CR_IOR] = addr; 237 cpu->env.cr[CR_ISR] = addr >> 32; 238 } 239 cpu_loop_exit_restore(cs, retaddr); 240 } 241 242 trace_hppa_tlb_fill_success(env, addr & TARGET_PAGE_MASK, 243 phys & TARGET_PAGE_MASK, size, type, mmu_idx); 244 /* Success! Store the translation into the QEMU TLB. */ 245 tlb_set_page(cs, addr & TARGET_PAGE_MASK, phys & TARGET_PAGE_MASK, 246 prot, mmu_idx, TARGET_PAGE_SIZE); 247 return true; 248 } 249 250 /* Insert (Insn/Data) TLB Address. Note this is PA 1.1 only. */ 251 void HELPER(itlba)(CPUHPPAState *env, target_ulong addr, target_ureg reg) 252 { 253 hppa_tlb_entry *empty = NULL; 254 int i; 255 256 /* Zap any old entries covering ADDR; notice empty entries on the way. */ 257 for (i = 0; i < ARRAY_SIZE(env->tlb); ++i) { 258 hppa_tlb_entry *ent = &env->tlb[i]; 259 if (ent->va_b <= addr && addr <= ent->va_e) { 260 if (ent->entry_valid) { 261 hppa_flush_tlb_ent(env, ent); 262 } 263 if (!empty) { 264 empty = ent; 265 } 266 } 267 } 268 269 /* If we didn't see an empty entry, evict one. */ 270 if (empty == NULL) { 271 empty = hppa_alloc_tlb_ent(env); 272 } 273 274 /* Note that empty->entry_valid == 0 already. */ 275 empty->va_b = addr & TARGET_PAGE_MASK; 276 empty->va_e = empty->va_b + TARGET_PAGE_SIZE - 1; 277 empty->pa = extract32(reg, 5, 20) << TARGET_PAGE_BITS; 278 trace_hppa_tlb_itlba(env, empty, empty->va_b, empty->va_e, empty->pa); 279 } 280 281 /* Insert (Insn/Data) TLB Protection. Note this is PA 1.1 only. */ 282 void HELPER(itlbp)(CPUHPPAState *env, target_ulong addr, target_ureg reg) 283 { 284 hppa_tlb_entry *ent = hppa_find_tlb(env, addr); 285 286 if (unlikely(ent == NULL)) { 287 qemu_log_mask(LOG_GUEST_ERROR, "ITLBP not following ITLBA\n"); 288 return; 289 } 290 291 ent->access_id = extract32(reg, 1, 18); 292 ent->u = extract32(reg, 19, 1); 293 ent->ar_pl2 = extract32(reg, 20, 2); 294 ent->ar_pl1 = extract32(reg, 22, 2); 295 ent->ar_type = extract32(reg, 24, 3); 296 ent->b = extract32(reg, 27, 1); 297 ent->d = extract32(reg, 28, 1); 298 ent->t = extract32(reg, 29, 1); 299 ent->entry_valid = 1; 300 trace_hppa_tlb_itlbp(env, ent, ent->access_id, ent->u, ent->ar_pl2, 301 ent->ar_pl1, ent->ar_type, ent->b, ent->d, ent->t); 302 } 303 304 /* Purge (Insn/Data) TLB. This is explicitly page-based, and is 305 synchronous across all processors. */ 306 static void ptlb_work(CPUState *cpu, run_on_cpu_data data) 307 { 308 CPUHPPAState *env = cpu->env_ptr; 309 target_ulong addr = (target_ulong) data.target_ptr; 310 hppa_tlb_entry *ent = hppa_find_tlb(env, addr); 311 312 if (ent && ent->entry_valid) { 313 hppa_flush_tlb_ent(env, ent); 314 } 315 } 316 317 void HELPER(ptlb)(CPUHPPAState *env, target_ulong addr) 318 { 319 CPUState *src = env_cpu(env); 320 CPUState *cpu; 321 trace_hppa_tlb_ptlb(env); 322 run_on_cpu_data data = RUN_ON_CPU_TARGET_PTR(addr); 323 324 CPU_FOREACH(cpu) { 325 if (cpu != src) { 326 async_run_on_cpu(cpu, ptlb_work, data); 327 } 328 } 329 async_safe_run_on_cpu(src, ptlb_work, data); 330 } 331 332 /* Purge (Insn/Data) TLB entry. This affects an implementation-defined 333 number of pages/entries (we choose all), and is local to the cpu. */ 334 void HELPER(ptlbe)(CPUHPPAState *env) 335 { 336 trace_hppa_tlb_ptlbe(env); 337 memset(env->tlb, 0, sizeof(env->tlb)); 338 tlb_flush_by_mmuidx(env_cpu(env), HPPA_MMU_FLUSH_MASK); 339 } 340 341 void cpu_hppa_change_prot_id(CPUHPPAState *env) 342 { 343 if (env->psw & PSW_P) { 344 tlb_flush_by_mmuidx(env_cpu(env), HPPA_MMU_FLUSH_MASK); 345 } 346 } 347 348 void HELPER(change_prot_id)(CPUHPPAState *env) 349 { 350 cpu_hppa_change_prot_id(env); 351 } 352 353 target_ureg HELPER(lpa)(CPUHPPAState *env, target_ulong addr) 354 { 355 hwaddr phys; 356 int prot, excp; 357 358 excp = hppa_get_physical_address(env, addr, MMU_KERNEL_IDX, 0, 359 &phys, &prot); 360 if (excp >= 0) { 361 if (env->psw & PSW_Q) { 362 /* ??? Needs tweaking for hppa64. */ 363 env->cr[CR_IOR] = addr; 364 env->cr[CR_ISR] = addr >> 32; 365 } 366 if (excp == EXCP_DTLB_MISS) { 367 excp = EXCP_NA_DTLB_MISS; 368 } 369 trace_hppa_tlb_lpa_failed(env, addr); 370 hppa_dynamic_excp(env, excp, GETPC()); 371 } 372 trace_hppa_tlb_lpa_success(env, addr, phys); 373 return phys; 374 } 375 376 /* Return the ar_type of the TLB at VADDR, or -1. */ 377 int hppa_artype_for_page(CPUHPPAState *env, target_ulong vaddr) 378 { 379 hppa_tlb_entry *ent = hppa_find_tlb(env, vaddr); 380 return ent ? ent->ar_type : -1; 381 } 382