1 /* 2 * PowerPC exception emulation helpers for QEMU. 3 * 4 * Copyright (c) 2003-2007 Jocelyn Mayer 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 */ 19 #include "qemu/osdep.h" 20 #include "qemu/main-loop.h" 21 #include "cpu.h" 22 #include "exec/helper-proto.h" 23 #include "exec/exec-all.h" 24 #include "exec/cpu_ldst.h" 25 26 #include "helper_regs.h" 27 28 //#define DEBUG_OP 29 //#define DEBUG_SOFTWARE_TLB 30 //#define DEBUG_EXCEPTIONS 31 32 #ifdef DEBUG_EXCEPTIONS 33 # define LOG_EXCP(...) qemu_log(__VA_ARGS__) 34 #else 35 # define LOG_EXCP(...) do { } while (0) 36 #endif 37 38 /*****************************************************************************/ 39 /* Exception processing */ 40 #if defined(CONFIG_USER_ONLY) 41 void ppc_cpu_do_interrupt(CPUState *cs) 42 { 43 PowerPCCPU *cpu = POWERPC_CPU(cs); 44 CPUPPCState *env = &cpu->env; 45 46 cs->exception_index = POWERPC_EXCP_NONE; 47 env->error_code = 0; 48 } 49 50 static void ppc_hw_interrupt(CPUPPCState *env) 51 { 52 CPUState *cs = CPU(ppc_env_get_cpu(env)); 53 54 cs->exception_index = POWERPC_EXCP_NONE; 55 env->error_code = 0; 56 } 57 #else /* defined(CONFIG_USER_ONLY) */ 58 static inline void dump_syscall(CPUPPCState *env) 59 { 60 qemu_log_mask(CPU_LOG_INT, "syscall r0=%016" PRIx64 " r3=%016" PRIx64 61 " r4=%016" PRIx64 " r5=%016" PRIx64 " r6=%016" PRIx64 62 " nip=" TARGET_FMT_lx "\n", 63 ppc_dump_gpr(env, 0), ppc_dump_gpr(env, 3), 64 ppc_dump_gpr(env, 4), ppc_dump_gpr(env, 5), 65 ppc_dump_gpr(env, 6), env->nip); 66 } 67 68 /* Note that this function should be greatly optimized 69 * when called with a constant excp, from ppc_hw_interrupt 70 */ 71 static inline void powerpc_excp(PowerPCCPU *cpu, int excp_model, int excp) 72 { 73 CPUState *cs = CPU(cpu); 74 CPUPPCState *env = &cpu->env; 75 target_ulong msr, new_msr, vector; 76 int srr0, srr1, asrr0, asrr1, lev, ail; 77 bool lpes0; 78 79 qemu_log_mask(CPU_LOG_INT, "Raise exception at " TARGET_FMT_lx 80 " => %08x (%02x)\n", env->nip, excp, env->error_code); 81 82 /* new srr1 value excluding must-be-zero bits */ 83 if (excp_model == POWERPC_EXCP_BOOKE) { 84 msr = env->msr; 85 } else { 86 msr = env->msr & ~0x783f0000ULL; 87 } 88 89 /* new interrupt handler msr preserves existing HV and ME unless 90 * explicitly overriden 91 */ 92 new_msr = env->msr & (((target_ulong)1 << MSR_ME) | MSR_HVB); 93 94 /* target registers */ 95 srr0 = SPR_SRR0; 96 srr1 = SPR_SRR1; 97 asrr0 = -1; 98 asrr1 = -1; 99 100 /* check for special resume at 0x100 from doze/nap/sleep/winkle on P7/P8 */ 101 if (env->in_pm_state) { 102 env->in_pm_state = false; 103 104 /* Pretend to be returning from doze always as we don't lose state */ 105 msr |= (0x1ull << (63 - 47)); 106 107 /* Non-machine check are routed to 0x100 with a wakeup cause 108 * encoded in SRR1 109 */ 110 if (excp != POWERPC_EXCP_MCHECK) { 111 switch (excp) { 112 case POWERPC_EXCP_RESET: 113 msr |= 0x4ull << (63 - 45); 114 break; 115 case POWERPC_EXCP_EXTERNAL: 116 msr |= 0x8ull << (63 - 45); 117 break; 118 case POWERPC_EXCP_DECR: 119 msr |= 0x6ull << (63 - 45); 120 break; 121 case POWERPC_EXCP_SDOOR: 122 msr |= 0x5ull << (63 - 45); 123 break; 124 case POWERPC_EXCP_SDOOR_HV: 125 msr |= 0x3ull << (63 - 45); 126 break; 127 case POWERPC_EXCP_HV_MAINT: 128 msr |= 0xaull << (63 - 45); 129 break; 130 default: 131 cpu_abort(cs, "Unsupported exception %d in Power Save mode\n", 132 excp); 133 } 134 excp = POWERPC_EXCP_RESET; 135 } 136 } 137 138 /* Exception targetting modifiers 139 * 140 * LPES0 is supported on POWER7/8 141 * LPES1 is not supported (old iSeries mode) 142 * 143 * On anything else, we behave as if LPES0 is 1 144 * (externals don't alter MSR:HV) 145 * 146 * AIL is initialized here but can be cleared by 147 * selected exceptions 148 */ 149 #if defined(TARGET_PPC64) 150 if (excp_model == POWERPC_EXCP_POWER7 || 151 excp_model == POWERPC_EXCP_POWER8) { 152 lpes0 = !!(env->spr[SPR_LPCR] & LPCR_LPES0); 153 if (excp_model == POWERPC_EXCP_POWER8) { 154 ail = (env->spr[SPR_LPCR] & LPCR_AIL) >> LPCR_AIL_SHIFT; 155 } else { 156 ail = 0; 157 } 158 } else 159 #endif /* defined(TARGET_PPC64) */ 160 { 161 lpes0 = true; 162 ail = 0; 163 } 164 165 /* Hypervisor emulation assistance interrupt only exists on server 166 * arch 2.05 server or later. We also don't want to generate it if 167 * we don't have HVB in msr_mask (PAPR mode). 168 */ 169 if (excp == POWERPC_EXCP_HV_EMU 170 #if defined(TARGET_PPC64) 171 && !((env->mmu_model & POWERPC_MMU_64) && (env->msr_mask & MSR_HVB)) 172 #endif /* defined(TARGET_PPC64) */ 173 174 ) { 175 excp = POWERPC_EXCP_PROGRAM; 176 } 177 178 switch (excp) { 179 case POWERPC_EXCP_NONE: 180 /* Should never happen */ 181 return; 182 case POWERPC_EXCP_CRITICAL: /* Critical input */ 183 switch (excp_model) { 184 case POWERPC_EXCP_40x: 185 srr0 = SPR_40x_SRR2; 186 srr1 = SPR_40x_SRR3; 187 break; 188 case POWERPC_EXCP_BOOKE: 189 srr0 = SPR_BOOKE_CSRR0; 190 srr1 = SPR_BOOKE_CSRR1; 191 break; 192 case POWERPC_EXCP_G2: 193 break; 194 default: 195 goto excp_invalid; 196 } 197 break; 198 case POWERPC_EXCP_MCHECK: /* Machine check exception */ 199 if (msr_me == 0) { 200 /* Machine check exception is not enabled. 201 * Enter checkstop state. 202 */ 203 fprintf(stderr, "Machine check while not allowed. " 204 "Entering checkstop state\n"); 205 if (qemu_log_separate()) { 206 qemu_log("Machine check while not allowed. " 207 "Entering checkstop state\n"); 208 } 209 cs->halted = 1; 210 cs->interrupt_request |= CPU_INTERRUPT_EXITTB; 211 } 212 if (env->msr_mask & MSR_HVB) { 213 /* ISA specifies HV, but can be delivered to guest with HV clear 214 * (e.g., see FWNMI in PAPR). 215 */ 216 new_msr |= (target_ulong)MSR_HVB; 217 } 218 ail = 0; 219 220 /* machine check exceptions don't have ME set */ 221 new_msr &= ~((target_ulong)1 << MSR_ME); 222 223 /* XXX: should also have something loaded in DAR / DSISR */ 224 switch (excp_model) { 225 case POWERPC_EXCP_40x: 226 srr0 = SPR_40x_SRR2; 227 srr1 = SPR_40x_SRR3; 228 break; 229 case POWERPC_EXCP_BOOKE: 230 /* FIXME: choose one or the other based on CPU type */ 231 srr0 = SPR_BOOKE_MCSRR0; 232 srr1 = SPR_BOOKE_MCSRR1; 233 asrr0 = SPR_BOOKE_CSRR0; 234 asrr1 = SPR_BOOKE_CSRR1; 235 break; 236 default: 237 break; 238 } 239 break; 240 case POWERPC_EXCP_DSI: /* Data storage exception */ 241 LOG_EXCP("DSI exception: DSISR=" TARGET_FMT_lx" DAR=" TARGET_FMT_lx 242 "\n", env->spr[SPR_DSISR], env->spr[SPR_DAR]); 243 break; 244 case POWERPC_EXCP_ISI: /* Instruction storage exception */ 245 LOG_EXCP("ISI exception: msr=" TARGET_FMT_lx ", nip=" TARGET_FMT_lx 246 "\n", msr, env->nip); 247 msr |= env->error_code; 248 break; 249 case POWERPC_EXCP_EXTERNAL: /* External input */ 250 cs = CPU(cpu); 251 252 if (!lpes0) { 253 new_msr |= (target_ulong)MSR_HVB; 254 new_msr |= env->msr & ((target_ulong)1 << MSR_RI); 255 srr0 = SPR_HSRR0; 256 srr1 = SPR_HSRR1; 257 } 258 if (env->mpic_proxy) { 259 /* IACK the IRQ on delivery */ 260 env->spr[SPR_BOOKE_EPR] = ldl_phys(cs->as, env->mpic_iack); 261 } 262 break; 263 case POWERPC_EXCP_ALIGN: /* Alignment exception */ 264 /* Get rS/rD and rA from faulting opcode */ 265 /* Note: the opcode fields will not be set properly for a direct 266 * store load/store, but nobody cares as nobody actually uses 267 * direct store segments. 268 */ 269 env->spr[SPR_DSISR] |= (env->error_code & 0x03FF0000) >> 16; 270 break; 271 case POWERPC_EXCP_PROGRAM: /* Program exception */ 272 switch (env->error_code & ~0xF) { 273 case POWERPC_EXCP_FP: 274 if ((msr_fe0 == 0 && msr_fe1 == 0) || msr_fp == 0) { 275 LOG_EXCP("Ignore floating point exception\n"); 276 cs->exception_index = POWERPC_EXCP_NONE; 277 env->error_code = 0; 278 return; 279 } 280 281 /* FP exceptions always have NIP pointing to the faulting 282 * instruction, so always use store_next and claim we are 283 * precise in the MSR. 284 */ 285 msr |= 0x00100000; 286 break; 287 case POWERPC_EXCP_INVAL: 288 LOG_EXCP("Invalid instruction at " TARGET_FMT_lx "\n", env->nip); 289 msr |= 0x00080000; 290 env->spr[SPR_BOOKE_ESR] = ESR_PIL; 291 break; 292 case POWERPC_EXCP_PRIV: 293 msr |= 0x00040000; 294 env->spr[SPR_BOOKE_ESR] = ESR_PPR; 295 break; 296 case POWERPC_EXCP_TRAP: 297 msr |= 0x00020000; 298 env->spr[SPR_BOOKE_ESR] = ESR_PTR; 299 break; 300 default: 301 /* Should never occur */ 302 cpu_abort(cs, "Invalid program exception %d. Aborting\n", 303 env->error_code); 304 break; 305 } 306 break; 307 case POWERPC_EXCP_SYSCALL: /* System call exception */ 308 dump_syscall(env); 309 lev = env->error_code; 310 311 /* We need to correct the NIP which in this case is supposed 312 * to point to the next instruction 313 */ 314 env->nip += 4; 315 316 /* "PAPR mode" built-in hypercall emulation */ 317 if ((lev == 1) && cpu->vhyp) { 318 PPCVirtualHypervisorClass *vhc = 319 PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp); 320 vhc->hypercall(cpu->vhyp, cpu); 321 return; 322 } 323 if (lev == 1) { 324 new_msr |= (target_ulong)MSR_HVB; 325 } 326 break; 327 case POWERPC_EXCP_FPU: /* Floating-point unavailable exception */ 328 case POWERPC_EXCP_APU: /* Auxiliary processor unavailable */ 329 case POWERPC_EXCP_DECR: /* Decrementer exception */ 330 break; 331 case POWERPC_EXCP_FIT: /* Fixed-interval timer interrupt */ 332 /* FIT on 4xx */ 333 LOG_EXCP("FIT exception\n"); 334 break; 335 case POWERPC_EXCP_WDT: /* Watchdog timer interrupt */ 336 LOG_EXCP("WDT exception\n"); 337 switch (excp_model) { 338 case POWERPC_EXCP_BOOKE: 339 srr0 = SPR_BOOKE_CSRR0; 340 srr1 = SPR_BOOKE_CSRR1; 341 break; 342 default: 343 break; 344 } 345 break; 346 case POWERPC_EXCP_DTLB: /* Data TLB error */ 347 case POWERPC_EXCP_ITLB: /* Instruction TLB error */ 348 break; 349 case POWERPC_EXCP_DEBUG: /* Debug interrupt */ 350 switch (excp_model) { 351 case POWERPC_EXCP_BOOKE: 352 /* FIXME: choose one or the other based on CPU type */ 353 srr0 = SPR_BOOKE_DSRR0; 354 srr1 = SPR_BOOKE_DSRR1; 355 asrr0 = SPR_BOOKE_CSRR0; 356 asrr1 = SPR_BOOKE_CSRR1; 357 break; 358 default: 359 break; 360 } 361 /* XXX: TODO */ 362 cpu_abort(cs, "Debug exception is not implemented yet !\n"); 363 break; 364 case POWERPC_EXCP_SPEU: /* SPE/embedded floating-point unavailable */ 365 env->spr[SPR_BOOKE_ESR] = ESR_SPV; 366 break; 367 case POWERPC_EXCP_EFPDI: /* Embedded floating-point data interrupt */ 368 /* XXX: TODO */ 369 cpu_abort(cs, "Embedded floating point data exception " 370 "is not implemented yet !\n"); 371 env->spr[SPR_BOOKE_ESR] = ESR_SPV; 372 break; 373 case POWERPC_EXCP_EFPRI: /* Embedded floating-point round interrupt */ 374 /* XXX: TODO */ 375 cpu_abort(cs, "Embedded floating point round exception " 376 "is not implemented yet !\n"); 377 env->spr[SPR_BOOKE_ESR] = ESR_SPV; 378 break; 379 case POWERPC_EXCP_EPERFM: /* Embedded performance monitor interrupt */ 380 /* XXX: TODO */ 381 cpu_abort(cs, 382 "Performance counter exception is not implemented yet !\n"); 383 break; 384 case POWERPC_EXCP_DOORI: /* Embedded doorbell interrupt */ 385 break; 386 case POWERPC_EXCP_DOORCI: /* Embedded doorbell critical interrupt */ 387 srr0 = SPR_BOOKE_CSRR0; 388 srr1 = SPR_BOOKE_CSRR1; 389 break; 390 case POWERPC_EXCP_RESET: /* System reset exception */ 391 /* A power-saving exception sets ME, otherwise it is unchanged */ 392 if (msr_pow) { 393 /* indicate that we resumed from power save mode */ 394 msr |= 0x10000; 395 new_msr |= ((target_ulong)1 << MSR_ME); 396 } 397 if (env->msr_mask & MSR_HVB) { 398 /* ISA specifies HV, but can be delivered to guest with HV clear 399 * (e.g., see FWNMI in PAPR, NMI injection in QEMU). 400 */ 401 new_msr |= (target_ulong)MSR_HVB; 402 } else { 403 if (msr_pow) { 404 cpu_abort(cs, "Trying to deliver power-saving system reset " 405 "exception %d with no HV support\n", excp); 406 } 407 } 408 ail = 0; 409 break; 410 case POWERPC_EXCP_DSEG: /* Data segment exception */ 411 case POWERPC_EXCP_ISEG: /* Instruction segment exception */ 412 case POWERPC_EXCP_TRACE: /* Trace exception */ 413 break; 414 case POWERPC_EXCP_HDECR: /* Hypervisor decrementer exception */ 415 case POWERPC_EXCP_HDSI: /* Hypervisor data storage exception */ 416 case POWERPC_EXCP_HISI: /* Hypervisor instruction storage exception */ 417 case POWERPC_EXCP_HDSEG: /* Hypervisor data segment exception */ 418 case POWERPC_EXCP_HISEG: /* Hypervisor instruction segment exception */ 419 case POWERPC_EXCP_HV_EMU: 420 srr0 = SPR_HSRR0; 421 srr1 = SPR_HSRR1; 422 new_msr |= (target_ulong)MSR_HVB; 423 new_msr |= env->msr & ((target_ulong)1 << MSR_RI); 424 break; 425 case POWERPC_EXCP_VPU: /* Vector unavailable exception */ 426 case POWERPC_EXCP_VSXU: /* VSX unavailable exception */ 427 case POWERPC_EXCP_FU: /* Facility unavailable exception */ 428 #ifdef TARGET_PPC64 429 env->spr[SPR_FSCR] |= ((target_ulong)env->error_code << 56); 430 #endif 431 break; 432 case POWERPC_EXCP_PIT: /* Programmable interval timer interrupt */ 433 LOG_EXCP("PIT exception\n"); 434 break; 435 case POWERPC_EXCP_IO: /* IO error exception */ 436 /* XXX: TODO */ 437 cpu_abort(cs, "601 IO error exception is not implemented yet !\n"); 438 break; 439 case POWERPC_EXCP_RUNM: /* Run mode exception */ 440 /* XXX: TODO */ 441 cpu_abort(cs, "601 run mode exception is not implemented yet !\n"); 442 break; 443 case POWERPC_EXCP_EMUL: /* Emulation trap exception */ 444 /* XXX: TODO */ 445 cpu_abort(cs, "602 emulation trap exception " 446 "is not implemented yet !\n"); 447 break; 448 case POWERPC_EXCP_IFTLB: /* Instruction fetch TLB error */ 449 switch (excp_model) { 450 case POWERPC_EXCP_602: 451 case POWERPC_EXCP_603: 452 case POWERPC_EXCP_603E: 453 case POWERPC_EXCP_G2: 454 goto tlb_miss_tgpr; 455 case POWERPC_EXCP_7x5: 456 goto tlb_miss; 457 case POWERPC_EXCP_74xx: 458 goto tlb_miss_74xx; 459 default: 460 cpu_abort(cs, "Invalid instruction TLB miss exception\n"); 461 break; 462 } 463 break; 464 case POWERPC_EXCP_DLTLB: /* Data load TLB miss */ 465 switch (excp_model) { 466 case POWERPC_EXCP_602: 467 case POWERPC_EXCP_603: 468 case POWERPC_EXCP_603E: 469 case POWERPC_EXCP_G2: 470 goto tlb_miss_tgpr; 471 case POWERPC_EXCP_7x5: 472 goto tlb_miss; 473 case POWERPC_EXCP_74xx: 474 goto tlb_miss_74xx; 475 default: 476 cpu_abort(cs, "Invalid data load TLB miss exception\n"); 477 break; 478 } 479 break; 480 case POWERPC_EXCP_DSTLB: /* Data store TLB miss */ 481 switch (excp_model) { 482 case POWERPC_EXCP_602: 483 case POWERPC_EXCP_603: 484 case POWERPC_EXCP_603E: 485 case POWERPC_EXCP_G2: 486 tlb_miss_tgpr: 487 /* Swap temporary saved registers with GPRs */ 488 if (!(new_msr & ((target_ulong)1 << MSR_TGPR))) { 489 new_msr |= (target_ulong)1 << MSR_TGPR; 490 hreg_swap_gpr_tgpr(env); 491 } 492 goto tlb_miss; 493 case POWERPC_EXCP_7x5: 494 tlb_miss: 495 #if defined(DEBUG_SOFTWARE_TLB) 496 if (qemu_log_enabled()) { 497 const char *es; 498 target_ulong *miss, *cmp; 499 int en; 500 501 if (excp == POWERPC_EXCP_IFTLB) { 502 es = "I"; 503 en = 'I'; 504 miss = &env->spr[SPR_IMISS]; 505 cmp = &env->spr[SPR_ICMP]; 506 } else { 507 if (excp == POWERPC_EXCP_DLTLB) { 508 es = "DL"; 509 } else { 510 es = "DS"; 511 } 512 en = 'D'; 513 miss = &env->spr[SPR_DMISS]; 514 cmp = &env->spr[SPR_DCMP]; 515 } 516 qemu_log("6xx %sTLB miss: %cM " TARGET_FMT_lx " %cC " 517 TARGET_FMT_lx " H1 " TARGET_FMT_lx " H2 " 518 TARGET_FMT_lx " %08x\n", es, en, *miss, en, *cmp, 519 env->spr[SPR_HASH1], env->spr[SPR_HASH2], 520 env->error_code); 521 } 522 #endif 523 msr |= env->crf[0] << 28; 524 msr |= env->error_code; /* key, D/I, S/L bits */ 525 /* Set way using a LRU mechanism */ 526 msr |= ((env->last_way + 1) & (env->nb_ways - 1)) << 17; 527 break; 528 case POWERPC_EXCP_74xx: 529 tlb_miss_74xx: 530 #if defined(DEBUG_SOFTWARE_TLB) 531 if (qemu_log_enabled()) { 532 const char *es; 533 target_ulong *miss, *cmp; 534 int en; 535 536 if (excp == POWERPC_EXCP_IFTLB) { 537 es = "I"; 538 en = 'I'; 539 miss = &env->spr[SPR_TLBMISS]; 540 cmp = &env->spr[SPR_PTEHI]; 541 } else { 542 if (excp == POWERPC_EXCP_DLTLB) { 543 es = "DL"; 544 } else { 545 es = "DS"; 546 } 547 en = 'D'; 548 miss = &env->spr[SPR_TLBMISS]; 549 cmp = &env->spr[SPR_PTEHI]; 550 } 551 qemu_log("74xx %sTLB miss: %cM " TARGET_FMT_lx " %cC " 552 TARGET_FMT_lx " %08x\n", es, en, *miss, en, *cmp, 553 env->error_code); 554 } 555 #endif 556 msr |= env->error_code; /* key bit */ 557 break; 558 default: 559 cpu_abort(cs, "Invalid data store TLB miss exception\n"); 560 break; 561 } 562 break; 563 case POWERPC_EXCP_FPA: /* Floating-point assist exception */ 564 /* XXX: TODO */ 565 cpu_abort(cs, "Floating point assist exception " 566 "is not implemented yet !\n"); 567 break; 568 case POWERPC_EXCP_DABR: /* Data address breakpoint */ 569 /* XXX: TODO */ 570 cpu_abort(cs, "DABR exception is not implemented yet !\n"); 571 break; 572 case POWERPC_EXCP_IABR: /* Instruction address breakpoint */ 573 /* XXX: TODO */ 574 cpu_abort(cs, "IABR exception is not implemented yet !\n"); 575 break; 576 case POWERPC_EXCP_SMI: /* System management interrupt */ 577 /* XXX: TODO */ 578 cpu_abort(cs, "SMI exception is not implemented yet !\n"); 579 break; 580 case POWERPC_EXCP_THERM: /* Thermal interrupt */ 581 /* XXX: TODO */ 582 cpu_abort(cs, "Thermal management exception " 583 "is not implemented yet !\n"); 584 break; 585 case POWERPC_EXCP_PERFM: /* Embedded performance monitor interrupt */ 586 /* XXX: TODO */ 587 cpu_abort(cs, 588 "Performance counter exception is not implemented yet !\n"); 589 break; 590 case POWERPC_EXCP_VPUA: /* Vector assist exception */ 591 /* XXX: TODO */ 592 cpu_abort(cs, "VPU assist exception is not implemented yet !\n"); 593 break; 594 case POWERPC_EXCP_SOFTP: /* Soft patch exception */ 595 /* XXX: TODO */ 596 cpu_abort(cs, 597 "970 soft-patch exception is not implemented yet !\n"); 598 break; 599 case POWERPC_EXCP_MAINT: /* Maintenance exception */ 600 /* XXX: TODO */ 601 cpu_abort(cs, 602 "970 maintenance exception is not implemented yet !\n"); 603 break; 604 case POWERPC_EXCP_MEXTBR: /* Maskable external breakpoint */ 605 /* XXX: TODO */ 606 cpu_abort(cs, "Maskable external exception " 607 "is not implemented yet !\n"); 608 break; 609 case POWERPC_EXCP_NMEXTBR: /* Non maskable external breakpoint */ 610 /* XXX: TODO */ 611 cpu_abort(cs, "Non maskable external exception " 612 "is not implemented yet !\n"); 613 break; 614 default: 615 excp_invalid: 616 cpu_abort(cs, "Invalid PowerPC exception %d. Aborting\n", excp); 617 break; 618 } 619 620 /* Save PC */ 621 env->spr[srr0] = env->nip; 622 623 /* Save MSR */ 624 env->spr[srr1] = msr; 625 626 /* Sanity check */ 627 if (!(env->msr_mask & MSR_HVB)) { 628 if (new_msr & MSR_HVB) { 629 cpu_abort(cs, "Trying to deliver HV exception (MSR) %d with " 630 "no HV support\n", excp); 631 } 632 if (srr0 == SPR_HSRR0) { 633 cpu_abort(cs, "Trying to deliver HV exception (HSRR) %d with " 634 "no HV support\n", excp); 635 } 636 } 637 638 /* If any alternate SRR register are defined, duplicate saved values */ 639 if (asrr0 != -1) { 640 env->spr[asrr0] = env->spr[srr0]; 641 } 642 if (asrr1 != -1) { 643 env->spr[asrr1] = env->spr[srr1]; 644 } 645 646 /* Sort out endianness of interrupt, this differs depending on the 647 * CPU, the HV mode, etc... 648 */ 649 #ifdef TARGET_PPC64 650 if (excp_model == POWERPC_EXCP_POWER7) { 651 if (!(new_msr & MSR_HVB) && (env->spr[SPR_LPCR] & LPCR_ILE)) { 652 new_msr |= (target_ulong)1 << MSR_LE; 653 } 654 } else if (excp_model == POWERPC_EXCP_POWER8) { 655 if (new_msr & MSR_HVB) { 656 if (env->spr[SPR_HID0] & HID0_HILE) { 657 new_msr |= (target_ulong)1 << MSR_LE; 658 } 659 } else if (env->spr[SPR_LPCR] & LPCR_ILE) { 660 new_msr |= (target_ulong)1 << MSR_LE; 661 } 662 } else if (msr_ile) { 663 new_msr |= (target_ulong)1 << MSR_LE; 664 } 665 #else 666 if (msr_ile) { 667 new_msr |= (target_ulong)1 << MSR_LE; 668 } 669 #endif 670 671 /* Jump to handler */ 672 vector = env->excp_vectors[excp]; 673 if (vector == (target_ulong)-1ULL) { 674 cpu_abort(cs, "Raised an exception without defined vector %d\n", 675 excp); 676 } 677 vector |= env->excp_prefix; 678 679 /* AIL only works if there is no HV transition and we are running with 680 * translations enabled 681 */ 682 if (!((msr >> MSR_IR) & 1) || !((msr >> MSR_DR) & 1) || 683 ((new_msr & MSR_HVB) && !(msr & MSR_HVB))) { 684 ail = 0; 685 } 686 /* Handle AIL */ 687 if (ail) { 688 new_msr |= (1 << MSR_IR) | (1 << MSR_DR); 689 switch(ail) { 690 case AIL_0001_8000: 691 vector |= 0x18000; 692 break; 693 case AIL_C000_0000_0000_4000: 694 vector |= 0xc000000000004000ull; 695 break; 696 default: 697 cpu_abort(cs, "Invalid AIL combination %d\n", ail); 698 break; 699 } 700 } 701 702 #if defined(TARGET_PPC64) 703 if (excp_model == POWERPC_EXCP_BOOKE) { 704 if (env->spr[SPR_BOOKE_EPCR] & EPCR_ICM) { 705 /* Cat.64-bit: EPCR.ICM is copied to MSR.CM */ 706 new_msr |= (target_ulong)1 << MSR_CM; 707 } else { 708 vector = (uint32_t)vector; 709 } 710 } else { 711 if (!msr_isf && !(env->mmu_model & POWERPC_MMU_64)) { 712 vector = (uint32_t)vector; 713 } else { 714 new_msr |= (target_ulong)1 << MSR_SF; 715 } 716 } 717 #endif 718 /* We don't use hreg_store_msr here as already have treated 719 * any special case that could occur. Just store MSR and update hflags 720 * 721 * Note: We *MUST* not use hreg_store_msr() as-is anyway because it 722 * will prevent setting of the HV bit which some exceptions might need 723 * to do. 724 */ 725 env->msr = new_msr & env->msr_mask; 726 hreg_compute_hflags(env); 727 env->nip = vector; 728 /* Reset exception state */ 729 cs->exception_index = POWERPC_EXCP_NONE; 730 env->error_code = 0; 731 732 /* Reset the reservation */ 733 env->reserve_addr = -1; 734 735 /* Any interrupt is context synchronizing, check if TCG TLB 736 * needs a delayed flush on ppc64 737 */ 738 check_tlb_flush(env, false); 739 } 740 741 void ppc_cpu_do_interrupt(CPUState *cs) 742 { 743 PowerPCCPU *cpu = POWERPC_CPU(cs); 744 CPUPPCState *env = &cpu->env; 745 746 powerpc_excp(cpu, env->excp_model, cs->exception_index); 747 } 748 749 static void ppc_hw_interrupt(CPUPPCState *env) 750 { 751 PowerPCCPU *cpu = ppc_env_get_cpu(env); 752 #if 0 753 CPUState *cs = CPU(cpu); 754 755 qemu_log_mask(CPU_LOG_INT, "%s: %p pending %08x req %08x me %d ee %d\n", 756 __func__, env, env->pending_interrupts, 757 cs->interrupt_request, (int)msr_me, (int)msr_ee); 758 #endif 759 /* External reset */ 760 if (env->pending_interrupts & (1 << PPC_INTERRUPT_RESET)) { 761 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_RESET); 762 powerpc_excp(cpu, env->excp_model, POWERPC_EXCP_RESET); 763 return; 764 } 765 /* Machine check exception */ 766 if (env->pending_interrupts & (1 << PPC_INTERRUPT_MCK)) { 767 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_MCK); 768 powerpc_excp(cpu, env->excp_model, POWERPC_EXCP_MCHECK); 769 return; 770 } 771 #if 0 /* TODO */ 772 /* External debug exception */ 773 if (env->pending_interrupts & (1 << PPC_INTERRUPT_DEBUG)) { 774 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_DEBUG); 775 powerpc_excp(cpu, env->excp_model, POWERPC_EXCP_DEBUG); 776 return; 777 } 778 #endif 779 /* Hypervisor decrementer exception */ 780 if (env->pending_interrupts & (1 << PPC_INTERRUPT_HDECR)) { 781 /* LPCR will be clear when not supported so this will work */ 782 bool hdice = !!(env->spr[SPR_LPCR] & LPCR_HDICE); 783 if ((msr_ee != 0 || msr_hv == 0) && hdice) { 784 /* HDEC clears on delivery */ 785 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_HDECR); 786 powerpc_excp(cpu, env->excp_model, POWERPC_EXCP_HDECR); 787 return; 788 } 789 } 790 /* Extermal interrupt can ignore MSR:EE under some circumstances */ 791 if (env->pending_interrupts & (1 << PPC_INTERRUPT_EXT)) { 792 bool lpes0 = !!(env->spr[SPR_LPCR] & LPCR_LPES0); 793 if (msr_ee != 0 || (env->has_hv_mode && msr_hv == 0 && !lpes0)) { 794 powerpc_excp(cpu, env->excp_model, POWERPC_EXCP_EXTERNAL); 795 return; 796 } 797 } 798 if (msr_ce != 0) { 799 /* External critical interrupt */ 800 if (env->pending_interrupts & (1 << PPC_INTERRUPT_CEXT)) { 801 /* Taking a critical external interrupt does not clear the external 802 * critical interrupt status 803 */ 804 #if 0 805 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_CEXT); 806 #endif 807 powerpc_excp(cpu, env->excp_model, POWERPC_EXCP_CRITICAL); 808 return; 809 } 810 } 811 if (msr_ee != 0) { 812 /* Watchdog timer on embedded PowerPC */ 813 if (env->pending_interrupts & (1 << PPC_INTERRUPT_WDT)) { 814 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_WDT); 815 powerpc_excp(cpu, env->excp_model, POWERPC_EXCP_WDT); 816 return; 817 } 818 if (env->pending_interrupts & (1 << PPC_INTERRUPT_CDOORBELL)) { 819 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_CDOORBELL); 820 powerpc_excp(cpu, env->excp_model, POWERPC_EXCP_DOORCI); 821 return; 822 } 823 /* Fixed interval timer on embedded PowerPC */ 824 if (env->pending_interrupts & (1 << PPC_INTERRUPT_FIT)) { 825 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_FIT); 826 powerpc_excp(cpu, env->excp_model, POWERPC_EXCP_FIT); 827 return; 828 } 829 /* Programmable interval timer on embedded PowerPC */ 830 if (env->pending_interrupts & (1 << PPC_INTERRUPT_PIT)) { 831 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_PIT); 832 powerpc_excp(cpu, env->excp_model, POWERPC_EXCP_PIT); 833 return; 834 } 835 /* Decrementer exception */ 836 if (env->pending_interrupts & (1 << PPC_INTERRUPT_DECR)) { 837 if (ppc_decr_clear_on_delivery(env)) { 838 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_DECR); 839 } 840 powerpc_excp(cpu, env->excp_model, POWERPC_EXCP_DECR); 841 return; 842 } 843 if (env->pending_interrupts & (1 << PPC_INTERRUPT_DOORBELL)) { 844 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_DOORBELL); 845 powerpc_excp(cpu, env->excp_model, POWERPC_EXCP_DOORI); 846 return; 847 } 848 if (env->pending_interrupts & (1 << PPC_INTERRUPT_PERFM)) { 849 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_PERFM); 850 powerpc_excp(cpu, env->excp_model, POWERPC_EXCP_PERFM); 851 return; 852 } 853 /* Thermal interrupt */ 854 if (env->pending_interrupts & (1 << PPC_INTERRUPT_THERM)) { 855 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_THERM); 856 powerpc_excp(cpu, env->excp_model, POWERPC_EXCP_THERM); 857 return; 858 } 859 } 860 } 861 862 void ppc_cpu_do_system_reset(CPUState *cs) 863 { 864 PowerPCCPU *cpu = POWERPC_CPU(cs); 865 CPUPPCState *env = &cpu->env; 866 867 powerpc_excp(cpu, env->excp_model, POWERPC_EXCP_RESET); 868 } 869 #endif /* !CONFIG_USER_ONLY */ 870 871 bool ppc_cpu_exec_interrupt(CPUState *cs, int interrupt_request) 872 { 873 PowerPCCPU *cpu = POWERPC_CPU(cs); 874 CPUPPCState *env = &cpu->env; 875 876 if (interrupt_request & CPU_INTERRUPT_HARD) { 877 ppc_hw_interrupt(env); 878 if (env->pending_interrupts == 0) { 879 cs->interrupt_request &= ~CPU_INTERRUPT_HARD; 880 } 881 return true; 882 } 883 return false; 884 } 885 886 #if defined(DEBUG_OP) 887 static void cpu_dump_rfi(target_ulong RA, target_ulong msr) 888 { 889 qemu_log("Return from exception at " TARGET_FMT_lx " with flags " 890 TARGET_FMT_lx "\n", RA, msr); 891 } 892 #endif 893 894 /*****************************************************************************/ 895 /* Exceptions processing helpers */ 896 897 void raise_exception_err_ra(CPUPPCState *env, uint32_t exception, 898 uint32_t error_code, uintptr_t raddr) 899 { 900 CPUState *cs = CPU(ppc_env_get_cpu(env)); 901 902 cs->exception_index = exception; 903 env->error_code = error_code; 904 cpu_loop_exit_restore(cs, raddr); 905 } 906 907 void raise_exception_err(CPUPPCState *env, uint32_t exception, 908 uint32_t error_code) 909 { 910 raise_exception_err_ra(env, exception, error_code, 0); 911 } 912 913 void raise_exception(CPUPPCState *env, uint32_t exception) 914 { 915 raise_exception_err_ra(env, exception, 0, 0); 916 } 917 918 void raise_exception_ra(CPUPPCState *env, uint32_t exception, 919 uintptr_t raddr) 920 { 921 raise_exception_err_ra(env, exception, 0, raddr); 922 } 923 924 void helper_raise_exception_err(CPUPPCState *env, uint32_t exception, 925 uint32_t error_code) 926 { 927 raise_exception_err_ra(env, exception, error_code, 0); 928 } 929 930 void helper_raise_exception(CPUPPCState *env, uint32_t exception) 931 { 932 raise_exception_err_ra(env, exception, 0, 0); 933 } 934 935 #if !defined(CONFIG_USER_ONLY) 936 void helper_store_msr(CPUPPCState *env, target_ulong val) 937 { 938 uint32_t excp = hreg_store_msr(env, val, 0); 939 940 if (excp != 0) { 941 CPUState *cs = CPU(ppc_env_get_cpu(env)); 942 cs->interrupt_request |= CPU_INTERRUPT_EXITTB; 943 raise_exception(env, excp); 944 } 945 } 946 947 #if defined(TARGET_PPC64) 948 void helper_pminsn(CPUPPCState *env, powerpc_pm_insn_t insn) 949 { 950 CPUState *cs; 951 952 cs = CPU(ppc_env_get_cpu(env)); 953 cs->halted = 1; 954 env->in_pm_state = true; 955 956 /* The architecture specifies that HDEC interrupts are 957 * discarded in PM states 958 */ 959 env->pending_interrupts &= ~(1 << PPC_INTERRUPT_HDECR); 960 961 /* Technically, nap doesn't set EE, but if we don't set it 962 * then ppc_hw_interrupt() won't deliver. We could add some 963 * other tests there based on LPCR but it's simpler to just 964 * whack EE in. It will be cleared by the 0x100 at wakeup 965 * anyway. It will still be observable by the guest in SRR1 966 * but this doesn't seem to be a problem. 967 */ 968 env->msr |= (1ull << MSR_EE); 969 raise_exception(env, EXCP_HLT); 970 } 971 #endif /* defined(TARGET_PPC64) */ 972 973 static inline void do_rfi(CPUPPCState *env, target_ulong nip, target_ulong msr) 974 { 975 CPUState *cs = CPU(ppc_env_get_cpu(env)); 976 977 /* MSR:POW cannot be set by any form of rfi */ 978 msr &= ~(1ULL << MSR_POW); 979 980 #if defined(TARGET_PPC64) 981 /* Switching to 32-bit ? Crop the nip */ 982 if (!msr_is_64bit(env, msr)) { 983 nip = (uint32_t)nip; 984 } 985 #else 986 nip = (uint32_t)nip; 987 #endif 988 /* XXX: beware: this is false if VLE is supported */ 989 env->nip = nip & ~((target_ulong)0x00000003); 990 hreg_store_msr(env, msr, 1); 991 #if defined(DEBUG_OP) 992 cpu_dump_rfi(env->nip, env->msr); 993 #endif 994 /* No need to raise an exception here, 995 * as rfi is always the last insn of a TB 996 */ 997 cs->interrupt_request |= CPU_INTERRUPT_EXITTB; 998 999 /* Reset the reservation */ 1000 env->reserve_addr = -1; 1001 1002 /* Context synchronizing: check if TCG TLB needs flush */ 1003 check_tlb_flush(env, false); 1004 } 1005 1006 void helper_rfi(CPUPPCState *env) 1007 { 1008 do_rfi(env, env->spr[SPR_SRR0], env->spr[SPR_SRR1] & 0xfffffffful); 1009 } 1010 1011 #define MSR_BOOK3S_MASK 1012 #if defined(TARGET_PPC64) 1013 void helper_rfid(CPUPPCState *env) 1014 { 1015 /* The architeture defines a number of rules for which bits 1016 * can change but in practice, we handle this in hreg_store_msr() 1017 * which will be called by do_rfi(), so there is no need to filter 1018 * here 1019 */ 1020 do_rfi(env, env->spr[SPR_SRR0], env->spr[SPR_SRR1]); 1021 } 1022 1023 void helper_hrfid(CPUPPCState *env) 1024 { 1025 do_rfi(env, env->spr[SPR_HSRR0], env->spr[SPR_HSRR1]); 1026 } 1027 #endif 1028 1029 /*****************************************************************************/ 1030 /* Embedded PowerPC specific helpers */ 1031 void helper_40x_rfci(CPUPPCState *env) 1032 { 1033 do_rfi(env, env->spr[SPR_40x_SRR2], env->spr[SPR_40x_SRR3]); 1034 } 1035 1036 void helper_rfci(CPUPPCState *env) 1037 { 1038 do_rfi(env, env->spr[SPR_BOOKE_CSRR0], env->spr[SPR_BOOKE_CSRR1]); 1039 } 1040 1041 void helper_rfdi(CPUPPCState *env) 1042 { 1043 /* FIXME: choose CSRR1 or DSRR1 based on cpu type */ 1044 do_rfi(env, env->spr[SPR_BOOKE_DSRR0], env->spr[SPR_BOOKE_DSRR1]); 1045 } 1046 1047 void helper_rfmci(CPUPPCState *env) 1048 { 1049 /* FIXME: choose CSRR1 or MCSRR1 based on cpu type */ 1050 do_rfi(env, env->spr[SPR_BOOKE_MCSRR0], env->spr[SPR_BOOKE_MCSRR1]); 1051 } 1052 #endif 1053 1054 void helper_tw(CPUPPCState *env, target_ulong arg1, target_ulong arg2, 1055 uint32_t flags) 1056 { 1057 if (!likely(!(((int32_t)arg1 < (int32_t)arg2 && (flags & 0x10)) || 1058 ((int32_t)arg1 > (int32_t)arg2 && (flags & 0x08)) || 1059 ((int32_t)arg1 == (int32_t)arg2 && (flags & 0x04)) || 1060 ((uint32_t)arg1 < (uint32_t)arg2 && (flags & 0x02)) || 1061 ((uint32_t)arg1 > (uint32_t)arg2 && (flags & 0x01))))) { 1062 raise_exception_err_ra(env, POWERPC_EXCP_PROGRAM, 1063 POWERPC_EXCP_TRAP, GETPC()); 1064 } 1065 } 1066 1067 #if defined(TARGET_PPC64) 1068 void helper_td(CPUPPCState *env, target_ulong arg1, target_ulong arg2, 1069 uint32_t flags) 1070 { 1071 if (!likely(!(((int64_t)arg1 < (int64_t)arg2 && (flags & 0x10)) || 1072 ((int64_t)arg1 > (int64_t)arg2 && (flags & 0x08)) || 1073 ((int64_t)arg1 == (int64_t)arg2 && (flags & 0x04)) || 1074 ((uint64_t)arg1 < (uint64_t)arg2 && (flags & 0x02)) || 1075 ((uint64_t)arg1 > (uint64_t)arg2 && (flags & 0x01))))) { 1076 raise_exception_err_ra(env, POWERPC_EXCP_PROGRAM, 1077 POWERPC_EXCP_TRAP, GETPC()); 1078 } 1079 } 1080 #endif 1081 1082 #if !defined(CONFIG_USER_ONLY) 1083 /*****************************************************************************/ 1084 /* PowerPC 601 specific instructions (POWER bridge) */ 1085 1086 void helper_rfsvc(CPUPPCState *env) 1087 { 1088 do_rfi(env, env->lr, env->ctr & 0x0000FFFF); 1089 } 1090 1091 /* Embedded.Processor Control */ 1092 static int dbell2irq(target_ulong rb) 1093 { 1094 int msg = rb & DBELL_TYPE_MASK; 1095 int irq = -1; 1096 1097 switch (msg) { 1098 case DBELL_TYPE_DBELL: 1099 irq = PPC_INTERRUPT_DOORBELL; 1100 break; 1101 case DBELL_TYPE_DBELL_CRIT: 1102 irq = PPC_INTERRUPT_CDOORBELL; 1103 break; 1104 case DBELL_TYPE_G_DBELL: 1105 case DBELL_TYPE_G_DBELL_CRIT: 1106 case DBELL_TYPE_G_DBELL_MC: 1107 /* XXX implement */ 1108 default: 1109 break; 1110 } 1111 1112 return irq; 1113 } 1114 1115 void helper_msgclr(CPUPPCState *env, target_ulong rb) 1116 { 1117 int irq = dbell2irq(rb); 1118 1119 if (irq < 0) { 1120 return; 1121 } 1122 1123 env->pending_interrupts &= ~(1 << irq); 1124 } 1125 1126 void helper_msgsnd(target_ulong rb) 1127 { 1128 int irq = dbell2irq(rb); 1129 int pir = rb & DBELL_PIRTAG_MASK; 1130 CPUState *cs; 1131 1132 if (irq < 0) { 1133 return; 1134 } 1135 1136 qemu_mutex_lock_iothread(); 1137 CPU_FOREACH(cs) { 1138 PowerPCCPU *cpu = POWERPC_CPU(cs); 1139 CPUPPCState *cenv = &cpu->env; 1140 1141 if ((rb & DBELL_BRDCAST) || (cenv->spr[SPR_BOOKE_PIR] == pir)) { 1142 cenv->pending_interrupts |= 1 << irq; 1143 cpu_interrupt(cs, CPU_INTERRUPT_HARD); 1144 } 1145 } 1146 qemu_mutex_unlock_iothread(); 1147 } 1148 #endif 1149