1 /* 2 * PowerPC Radix MMU mulation helpers for QEMU. 3 * 4 * Copyright (c) 2016 Suraj Jitindar Singh, IBM Corporation 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 */ 19 20 #include "qemu/osdep.h" 21 #include "cpu.h" 22 #include "exec/exec-all.h" 23 #include "qemu/error-report.h" 24 #include "sysemu/kvm.h" 25 #include "kvm_ppc.h" 26 #include "exec/log.h" 27 #include "internal.h" 28 #include "mmu-radix64.h" 29 #include "mmu-book3s-v3.h" 30 31 static bool ppc_radix64_get_fully_qualified_addr(const CPUPPCState *env, 32 vaddr eaddr, 33 uint64_t *lpid, uint64_t *pid) 34 { 35 /* When EA(2:11) are nonzero, raise a segment interrupt */ 36 if (eaddr & ~R_EADDR_VALID_MASK) { 37 return false; 38 } 39 40 if (FIELD_EX64(env->msr, MSR, HV)) { /* MSR[HV] -> Hypervisor/bare metal */ 41 switch (eaddr & R_EADDR_QUADRANT) { 42 case R_EADDR_QUADRANT0: 43 *lpid = 0; 44 *pid = env->spr[SPR_BOOKS_PID]; 45 break; 46 case R_EADDR_QUADRANT1: 47 *lpid = env->spr[SPR_LPIDR]; 48 *pid = env->spr[SPR_BOOKS_PID]; 49 break; 50 case R_EADDR_QUADRANT2: 51 *lpid = env->spr[SPR_LPIDR]; 52 *pid = 0; 53 break; 54 case R_EADDR_QUADRANT3: 55 *lpid = 0; 56 *pid = 0; 57 break; 58 default: 59 g_assert_not_reached(); 60 } 61 } else { /* !MSR[HV] -> Guest */ 62 switch (eaddr & R_EADDR_QUADRANT) { 63 case R_EADDR_QUADRANT0: /* Guest application */ 64 *lpid = env->spr[SPR_LPIDR]; 65 *pid = env->spr[SPR_BOOKS_PID]; 66 break; 67 case R_EADDR_QUADRANT1: /* Illegal */ 68 case R_EADDR_QUADRANT2: 69 return false; 70 case R_EADDR_QUADRANT3: /* Guest OS */ 71 *lpid = env->spr[SPR_LPIDR]; 72 *pid = 0; /* pid set to 0 -> addresses guest operating system */ 73 break; 74 default: 75 g_assert_not_reached(); 76 } 77 } 78 79 return true; 80 } 81 82 static void ppc_radix64_raise_segi(PowerPCCPU *cpu, MMUAccessType access_type, 83 vaddr eaddr) 84 { 85 CPUState *cs = CPU(cpu); 86 CPUPPCState *env = &cpu->env; 87 88 switch (access_type) { 89 case MMU_INST_FETCH: 90 /* Instruction Segment Interrupt */ 91 cs->exception_index = POWERPC_EXCP_ISEG; 92 break; 93 case MMU_DATA_STORE: 94 case MMU_DATA_LOAD: 95 /* Data Segment Interrupt */ 96 cs->exception_index = POWERPC_EXCP_DSEG; 97 env->spr[SPR_DAR] = eaddr; 98 break; 99 default: 100 g_assert_not_reached(); 101 } 102 env->error_code = 0; 103 } 104 105 static inline const char *access_str(MMUAccessType access_type) 106 { 107 return access_type == MMU_DATA_LOAD ? "reading" : 108 (access_type == MMU_DATA_STORE ? "writing" : "execute"); 109 } 110 111 static void ppc_radix64_raise_si(PowerPCCPU *cpu, MMUAccessType access_type, 112 vaddr eaddr, uint32_t cause) 113 { 114 CPUState *cs = CPU(cpu); 115 CPUPPCState *env = &cpu->env; 116 117 qemu_log_mask(CPU_LOG_MMU, "%s for %s @0x%"VADDR_PRIx" cause %08x\n", 118 __func__, access_str(access_type), 119 eaddr, cause); 120 121 switch (access_type) { 122 case MMU_INST_FETCH: 123 /* Instruction Storage Interrupt */ 124 cs->exception_index = POWERPC_EXCP_ISI; 125 env->error_code = cause; 126 break; 127 case MMU_DATA_STORE: 128 cause |= DSISR_ISSTORE; 129 /* fall through */ 130 case MMU_DATA_LOAD: 131 /* Data Storage Interrupt */ 132 cs->exception_index = POWERPC_EXCP_DSI; 133 env->spr[SPR_DSISR] = cause; 134 env->spr[SPR_DAR] = eaddr; 135 env->error_code = 0; 136 break; 137 default: 138 g_assert_not_reached(); 139 } 140 } 141 142 static void ppc_radix64_raise_hsi(PowerPCCPU *cpu, MMUAccessType access_type, 143 vaddr eaddr, hwaddr g_raddr, uint32_t cause) 144 { 145 CPUState *cs = CPU(cpu); 146 CPUPPCState *env = &cpu->env; 147 148 env->error_code = 0; 149 if (cause & DSISR_PRTABLE_FAULT) { 150 /* HDSI PRTABLE_FAULT gets the originating access type in error_code */ 151 env->error_code = access_type; 152 access_type = MMU_DATA_LOAD; 153 } 154 155 qemu_log_mask(CPU_LOG_MMU, "%s for %s @0x%"VADDR_PRIx" 0x%" 156 HWADDR_PRIx" cause %08x\n", 157 __func__, access_str(access_type), 158 eaddr, g_raddr, cause); 159 160 switch (access_type) { 161 case MMU_INST_FETCH: 162 /* H Instruction Storage Interrupt */ 163 cs->exception_index = POWERPC_EXCP_HISI; 164 env->spr[SPR_ASDR] = g_raddr; 165 env->error_code = cause; 166 break; 167 case MMU_DATA_STORE: 168 cause |= DSISR_ISSTORE; 169 /* fall through */ 170 case MMU_DATA_LOAD: 171 /* H Data Storage Interrupt */ 172 cs->exception_index = POWERPC_EXCP_HDSI; 173 env->spr[SPR_HDSISR] = cause; 174 env->spr[SPR_HDAR] = eaddr; 175 env->spr[SPR_ASDR] = g_raddr; 176 break; 177 default: 178 g_assert_not_reached(); 179 } 180 } 181 182 static bool ppc_radix64_check_prot(PowerPCCPU *cpu, MMUAccessType access_type, 183 uint64_t pte, int *fault_cause, int *prot, 184 int mmu_idx, bool partition_scoped) 185 { 186 CPUPPCState *env = &cpu->env; 187 int need_prot; 188 189 /* Check Page Attributes (pte58:59) */ 190 if ((pte & R_PTE_ATT) == R_PTE_ATT_NI_IO && access_type == MMU_INST_FETCH) { 191 /* 192 * Radix PTE entries with the non-idempotent I/O attribute are treated 193 * as guarded storage 194 */ 195 *fault_cause |= SRR1_NOEXEC_GUARD; 196 return true; 197 } 198 199 /* Determine permissions allowed by Encoded Access Authority */ 200 if (!partition_scoped && (pte & R_PTE_EAA_PRIV) && 201 FIELD_EX64(env->msr, MSR, PR)) { 202 *prot = 0; 203 } else if (mmuidx_pr(mmu_idx) || (pte & R_PTE_EAA_PRIV) || 204 partition_scoped) { 205 *prot = ppc_radix64_get_prot_eaa(pte); 206 } else { /* !MSR_PR && !(pte & R_PTE_EAA_PRIV) && !partition_scoped */ 207 *prot = ppc_radix64_get_prot_eaa(pte); 208 *prot &= ppc_radix64_get_prot_amr(cpu); /* Least combined permissions */ 209 } 210 211 /* Check if requested access type is allowed */ 212 need_prot = prot_for_access_type(access_type); 213 if (need_prot & ~*prot) { /* Page Protected for that Access */ 214 *fault_cause |= access_type == MMU_INST_FETCH ? SRR1_NOEXEC_GUARD : 215 DSISR_PROTFAULT; 216 return true; 217 } 218 219 return false; 220 } 221 222 static int ppc_radix64_check_rc(MMUAccessType access_type, uint64_t pte) 223 { 224 switch (access_type) { 225 case MMU_DATA_STORE: 226 if (!(pte & R_PTE_C)) { 227 break; 228 } 229 /* fall through */ 230 case MMU_INST_FETCH: 231 case MMU_DATA_LOAD: 232 if (!(pte & R_PTE_R)) { 233 break; 234 } 235 236 /* R/C bits are already set appropriately for this access */ 237 return 0; 238 } 239 240 return 1; 241 } 242 243 static bool ppc_radix64_is_valid_level(int level, int psize, uint64_t nls) 244 { 245 bool ret; 246 247 /* 248 * Check if this is a valid level, according to POWER9 and POWER10 249 * Processor User's Manuals, sections 4.10.4.1 and 5.10.6.1, respectively: 250 * Supported Radix Tree Configurations and Resulting Page Sizes. 251 * 252 * Note: these checks are specific to POWER9 and POWER10 CPUs. Any future 253 * CPUs that supports a different Radix MMU configuration will need their 254 * own implementation. 255 */ 256 switch (level) { 257 case 0: /* Root Page Dir */ 258 ret = psize == 52 && nls == 13; 259 break; 260 case 1: 261 case 2: 262 ret = nls == 9; 263 break; 264 case 3: 265 ret = nls == 9 || nls == 5; 266 break; 267 default: 268 ret = false; 269 } 270 271 if (unlikely(!ret)) { 272 qemu_log_mask(LOG_GUEST_ERROR, "invalid radix configuration: " 273 "level %d size %d nls %"PRIu64"\n", 274 level, psize, nls); 275 } 276 return ret; 277 } 278 279 static int ppc_radix64_next_level(AddressSpace *as, vaddr eaddr, 280 uint64_t *pte_addr, uint64_t *nls, 281 int *psize, uint64_t *pte, int *fault_cause) 282 { 283 uint64_t index, mask, nlb, pde; 284 285 /* Read page <directory/table> entry from guest address space */ 286 pde = ldq_phys(as, *pte_addr); 287 if (!(pde & R_PTE_VALID)) { /* Invalid Entry */ 288 *fault_cause |= DSISR_NOPTE; 289 return 1; 290 } 291 292 *pte = pde; 293 *psize -= *nls; 294 if (!(pde & R_PTE_LEAF)) { /* Prepare for next iteration */ 295 *nls = pde & R_PDE_NLS; 296 index = eaddr >> (*psize - *nls); /* Shift */ 297 index &= ((1UL << *nls) - 1); /* Mask */ 298 nlb = pde & R_PDE_NLB; 299 mask = MAKE_64BIT_MASK(0, *nls + 3); 300 301 if (nlb & mask) { 302 qemu_log_mask(LOG_GUEST_ERROR, 303 "%s: misaligned page dir/table base: 0x"TARGET_FMT_lx 304 " page dir size: 0x"TARGET_FMT_lx"\n", 305 __func__, nlb, mask + 1); 306 nlb &= ~mask; 307 } 308 *pte_addr = nlb + index * sizeof(pde); 309 } 310 return 0; 311 } 312 313 static int ppc_radix64_walk_tree(AddressSpace *as, vaddr eaddr, 314 uint64_t base_addr, uint64_t nls, 315 hwaddr *raddr, int *psize, uint64_t *pte, 316 int *fault_cause, hwaddr *pte_addr) 317 { 318 uint64_t index, pde, rpn, mask; 319 int level = 0; 320 321 index = eaddr >> (*psize - nls); /* Shift */ 322 index &= ((1UL << nls) - 1); /* Mask */ 323 mask = MAKE_64BIT_MASK(0, nls + 3); 324 325 if (base_addr & mask) { 326 qemu_log_mask(LOG_GUEST_ERROR, 327 "%s: misaligned page dir base: 0x"TARGET_FMT_lx 328 " page dir size: 0x"TARGET_FMT_lx"\n", 329 __func__, base_addr, mask + 1); 330 base_addr &= ~mask; 331 } 332 *pte_addr = base_addr + index * sizeof(pde); 333 334 do { 335 int ret; 336 337 if (!ppc_radix64_is_valid_level(level++, *psize, nls)) { 338 *fault_cause |= DSISR_R_BADCONFIG; 339 return 1; 340 } 341 342 ret = ppc_radix64_next_level(as, eaddr, pte_addr, &nls, psize, &pde, 343 fault_cause); 344 if (ret) { 345 return ret; 346 } 347 } while (!(pde & R_PTE_LEAF)); 348 349 *pte = pde; 350 rpn = pde & R_PTE_RPN; 351 mask = (1UL << *psize) - 1; 352 353 /* Or high bits of rpn and low bits to ea to form whole real addr */ 354 *raddr = (rpn & ~mask) | (eaddr & mask); 355 return 0; 356 } 357 358 static bool validate_pate(PowerPCCPU *cpu, uint64_t lpid, ppc_v3_pate_t *pate) 359 { 360 CPUPPCState *env = &cpu->env; 361 362 if (!(pate->dw0 & PATE0_HR)) { 363 return false; 364 } 365 if (lpid == 0 && !FIELD_EX64(env->msr, MSR, HV)) { 366 return false; 367 } 368 if ((pate->dw0 & PATE1_R_PRTS) < 5) { 369 return false; 370 } 371 /* More checks ... */ 372 return true; 373 } 374 375 static int ppc_radix64_partition_scoped_xlate(PowerPCCPU *cpu, 376 MMUAccessType orig_access_type, 377 vaddr eaddr, hwaddr g_raddr, 378 ppc_v3_pate_t pate, 379 hwaddr *h_raddr, int *h_prot, 380 int *h_page_size, bool pde_addr, 381 int mmu_idx, uint64_t lpid, 382 bool guest_visible) 383 { 384 MMUAccessType access_type = orig_access_type; 385 int fault_cause = 0; 386 hwaddr pte_addr; 387 uint64_t pte; 388 389 if (pde_addr) { 390 /* 391 * Translation of process-scoped tables/directories is performed as 392 * a read-access. 393 */ 394 access_type = MMU_DATA_LOAD; 395 } 396 397 qemu_log_mask(CPU_LOG_MMU, "%s for %s @0x%"VADDR_PRIx 398 " mmu_idx %u 0x%"HWADDR_PRIx"\n", 399 __func__, access_str(access_type), 400 eaddr, mmu_idx, g_raddr); 401 402 *h_page_size = PRTBE_R_GET_RTS(pate.dw0); 403 /* No valid pte or access denied due to protection */ 404 if (ppc_radix64_walk_tree(CPU(cpu)->as, g_raddr, pate.dw0 & PRTBE_R_RPDB, 405 pate.dw0 & PRTBE_R_RPDS, h_raddr, h_page_size, 406 &pte, &fault_cause, &pte_addr) || 407 ppc_radix64_check_prot(cpu, access_type, pte, 408 &fault_cause, h_prot, mmu_idx, true)) { 409 if (pde_addr) { /* address being translated was that of a guest pde */ 410 fault_cause |= DSISR_PRTABLE_FAULT; 411 } 412 if (guest_visible) { 413 ppc_radix64_raise_hsi(cpu, orig_access_type, 414 eaddr, g_raddr, fault_cause); 415 } 416 return 1; 417 } 418 419 if (guest_visible) { 420 if (ppc_radix64_check_rc(access_type, pte)) { 421 /* 422 * Per ISA 3.1 Book III, 7.5.3 and 7.5.5, failure to set R/C during 423 * partition-scoped translation when effLPID = 0 results in normal 424 * (non-Hypervisor) Data and Instruction Storage Interrupts 425 * respectively. 426 * 427 * ISA 3.0 is ambiguous about this, but tests on POWER9 hardware 428 * seem to exhibit the same behavior. 429 */ 430 if (lpid > 0) { 431 ppc_radix64_raise_hsi(cpu, access_type, eaddr, g_raddr, 432 DSISR_ATOMIC_RC); 433 } else { 434 ppc_radix64_raise_si(cpu, access_type, eaddr, DSISR_ATOMIC_RC); 435 } 436 return 1; 437 } 438 } 439 440 return 0; 441 } 442 443 /* 444 * The spapr vhc has a flat partition scope provided by qemu memory when 445 * not nested. 446 * 447 * When running a nested guest, the addressing is 2-level radix on top of the 448 * vhc memory, so it works practically identically to the bare metal 2-level 449 * radix. So that code is selected directly. A cleaner and more flexible nested 450 * hypervisor implementation would allow the vhc to provide a ->nested_xlate() 451 * function but that is not required for the moment. 452 */ 453 static bool vhyp_flat_addressing(PowerPCCPU *cpu) 454 { 455 if (cpu->vhyp) { 456 return !vhyp_cpu_in_nested(cpu); 457 } 458 return false; 459 } 460 461 static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu, 462 MMUAccessType access_type, 463 vaddr eaddr, uint64_t pid, 464 ppc_v3_pate_t pate, hwaddr *g_raddr, 465 int *g_prot, int *g_page_size, 466 int mmu_idx, uint64_t lpid, 467 bool guest_visible) 468 { 469 CPUState *cs = CPU(cpu); 470 CPUPPCState *env = &cpu->env; 471 uint64_t offset, size, prtb, prtbe_addr, prtbe0, base_addr, nls, index, pte; 472 int fault_cause = 0, h_page_size, h_prot; 473 hwaddr h_raddr, pte_addr; 474 int ret; 475 476 qemu_log_mask(CPU_LOG_MMU, "%s for %s @0x%"VADDR_PRIx 477 " mmu_idx %u pid %"PRIu64"\n", 478 __func__, access_str(access_type), 479 eaddr, mmu_idx, pid); 480 481 prtb = (pate.dw1 & PATE1_R_PRTB); 482 size = 1ULL << ((pate.dw1 & PATE1_R_PRTS) + 12); 483 if (prtb & (size - 1)) { 484 /* Process Table not properly aligned */ 485 if (guest_visible) { 486 ppc_radix64_raise_si(cpu, access_type, eaddr, DSISR_R_BADCONFIG); 487 } 488 return 1; 489 } 490 491 /* Index Process Table by PID to Find Corresponding Process Table Entry */ 492 offset = pid * sizeof(struct prtb_entry); 493 if (offset >= size) { 494 /* offset exceeds size of the process table */ 495 if (guest_visible) { 496 ppc_radix64_raise_si(cpu, access_type, eaddr, DSISR_NOPTE); 497 } 498 return 1; 499 } 500 prtbe_addr = prtb + offset; 501 502 if (vhyp_flat_addressing(cpu)) { 503 prtbe0 = ldq_phys(cs->as, prtbe_addr); 504 } else { 505 /* 506 * Process table addresses are subject to partition-scoped 507 * translation 508 * 509 * On a Radix host, the partition-scoped page table for LPID=0 510 * is only used to translate the effective addresses of the 511 * process table entries. 512 */ 513 /* mmu_idx is 5 because we're translating from hypervisor scope */ 514 ret = ppc_radix64_partition_scoped_xlate(cpu, access_type, eaddr, 515 prtbe_addr, pate, &h_raddr, 516 &h_prot, &h_page_size, true, 517 5, lpid, guest_visible); 518 if (ret) { 519 return ret; 520 } 521 prtbe0 = ldq_phys(cs->as, h_raddr); 522 } 523 524 /* Walk Radix Tree from Process Table Entry to Convert EA to RA */ 525 *g_page_size = PRTBE_R_GET_RTS(prtbe0); 526 base_addr = prtbe0 & PRTBE_R_RPDB; 527 nls = prtbe0 & PRTBE_R_RPDS; 528 if (FIELD_EX64(env->msr, MSR, HV) || vhyp_flat_addressing(cpu)) { 529 /* 530 * Can treat process table addresses as real addresses 531 */ 532 ret = ppc_radix64_walk_tree(cs->as, eaddr & R_EADDR_MASK, base_addr, 533 nls, g_raddr, g_page_size, &pte, 534 &fault_cause, &pte_addr); 535 if (ret) { 536 /* No valid PTE */ 537 if (guest_visible) { 538 ppc_radix64_raise_si(cpu, access_type, eaddr, fault_cause); 539 } 540 return ret; 541 } 542 } else { 543 uint64_t rpn, mask; 544 int level = 0; 545 546 index = (eaddr & R_EADDR_MASK) >> (*g_page_size - nls); /* Shift */ 547 index &= ((1UL << nls) - 1); /* Mask */ 548 pte_addr = base_addr + (index * sizeof(pte)); 549 550 /* 551 * Each process table address is subject to a partition-scoped 552 * translation 553 */ 554 do { 555 /* mmu_idx is 5 because we're translating from hypervisor scope */ 556 ret = ppc_radix64_partition_scoped_xlate(cpu, access_type, eaddr, 557 pte_addr, pate, &h_raddr, 558 &h_prot, &h_page_size, 559 true, 5, lpid, 560 guest_visible); 561 if (ret) { 562 return ret; 563 } 564 565 if (!ppc_radix64_is_valid_level(level++, *g_page_size, nls)) { 566 fault_cause |= DSISR_R_BADCONFIG; 567 ret = 1; 568 } else { 569 ret = ppc_radix64_next_level(cs->as, eaddr & R_EADDR_MASK, 570 &h_raddr, &nls, g_page_size, 571 &pte, &fault_cause); 572 } 573 574 if (ret) { 575 /* No valid pte */ 576 if (guest_visible) { 577 ppc_radix64_raise_si(cpu, access_type, eaddr, fault_cause); 578 } 579 return ret; 580 } 581 pte_addr = h_raddr; 582 } while (!(pte & R_PTE_LEAF)); 583 584 rpn = pte & R_PTE_RPN; 585 mask = (1UL << *g_page_size) - 1; 586 587 /* Or high bits of rpn and low bits to ea to form whole real addr */ 588 *g_raddr = (rpn & ~mask) | (eaddr & mask); 589 } 590 591 if (ppc_radix64_check_prot(cpu, access_type, pte, &fault_cause, 592 g_prot, mmu_idx, false)) { 593 /* Access denied due to protection */ 594 if (guest_visible) { 595 ppc_radix64_raise_si(cpu, access_type, eaddr, fault_cause); 596 } 597 return 1; 598 } 599 600 if (guest_visible) { 601 /* R/C bits not appropriately set for access */ 602 if (ppc_radix64_check_rc(access_type, pte)) { 603 ppc_radix64_raise_si(cpu, access_type, eaddr, DSISR_ATOMIC_RC); 604 return 1; 605 } 606 } 607 608 return 0; 609 } 610 611 /* 612 * Radix tree translation is a 2 steps translation process: 613 * 614 * 1. Process-scoped translation: Guest Eff Addr -> Guest Real Addr 615 * 2. Partition-scoped translation: Guest Real Addr -> Host Real Addr 616 * 617 * MSR[HV] 618 * +-------------+----------------+---------------+ 619 * | | HV = 0 | HV = 1 | 620 * +-------------+----------------+---------------+ 621 * | Relocation | Partition | No | 622 * | = Off | Scoped | Translation | 623 * Relocation +-------------+----------------+---------------+ 624 * | Relocation | Partition & | Process | 625 * | = On | Process Scoped | Scoped | 626 * +-------------+----------------+---------------+ 627 */ 628 static bool ppc_radix64_xlate_impl(PowerPCCPU *cpu, vaddr eaddr, 629 MMUAccessType access_type, hwaddr *raddr, 630 int *psizep, int *protp, int mmu_idx, 631 bool guest_visible) 632 { 633 CPUPPCState *env = &cpu->env; 634 uint64_t lpid, pid; 635 ppc_v3_pate_t pate; 636 int psize, prot; 637 hwaddr g_raddr; 638 bool relocation; 639 640 assert(!(mmuidx_hv(mmu_idx) && cpu->vhyp)); 641 642 relocation = !mmuidx_real(mmu_idx); 643 644 /* HV or virtual hypervisor Real Mode Access */ 645 if (!relocation && (mmuidx_hv(mmu_idx) || vhyp_flat_addressing(cpu))) { 646 /* In real mode top 4 effective addr bits (mostly) ignored */ 647 *raddr = eaddr & 0x0FFFFFFFFFFFFFFFULL; 648 649 /* In HV mode, add HRMOR if top EA bit is clear */ 650 if (mmuidx_hv(mmu_idx) || !env->has_hv_mode) { 651 if (!(eaddr >> 63)) { 652 *raddr |= env->spr[SPR_HRMOR]; 653 } 654 } 655 *protp = PAGE_READ | PAGE_WRITE | PAGE_EXEC; 656 *psizep = TARGET_PAGE_BITS; 657 return true; 658 } 659 660 /* 661 * Check UPRT (we avoid the check in real mode to deal with 662 * transitional states during kexec. 663 */ 664 if (guest_visible && !ppc64_use_proc_tbl(cpu)) { 665 qemu_log_mask(LOG_GUEST_ERROR, 666 "LPCR:UPRT not set in radix mode ! LPCR=" 667 TARGET_FMT_lx "\n", env->spr[SPR_LPCR]); 668 } 669 670 /* Virtual Mode Access - get the fully qualified address */ 671 if (!ppc_radix64_get_fully_qualified_addr(&cpu->env, eaddr, &lpid, &pid)) { 672 if (guest_visible) { 673 ppc_radix64_raise_segi(cpu, access_type, eaddr); 674 } 675 return false; 676 } 677 678 /* Get Partition Table */ 679 if (cpu->vhyp) { 680 PPCVirtualHypervisorClass *vhc; 681 vhc = PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp); 682 if (!vhc->get_pate(cpu->vhyp, cpu, lpid, &pate)) { 683 if (guest_visible) { 684 ppc_radix64_raise_hsi(cpu, access_type, eaddr, eaddr, 685 DSISR_R_BADCONFIG); 686 } 687 return false; 688 } 689 } else { 690 if (!ppc64_v3_get_pate(cpu, lpid, &pate)) { 691 if (guest_visible) { 692 ppc_radix64_raise_hsi(cpu, access_type, eaddr, eaddr, 693 DSISR_R_BADCONFIG); 694 } 695 return false; 696 } 697 if (!validate_pate(cpu, lpid, &pate)) { 698 if (guest_visible) { 699 ppc_radix64_raise_hsi(cpu, access_type, eaddr, eaddr, 700 DSISR_R_BADCONFIG); 701 } 702 return false; 703 } 704 } 705 706 *psizep = INT_MAX; 707 *protp = PAGE_READ | PAGE_WRITE | PAGE_EXEC; 708 709 /* 710 * Perform process-scoped translation if relocation enabled. 711 * 712 * - Translates an effective address to a host real address in 713 * quadrants 0 and 3 when HV=1. 714 * 715 * - Translates an effective address to a guest real address. 716 */ 717 if (relocation) { 718 int ret = ppc_radix64_process_scoped_xlate(cpu, access_type, eaddr, pid, 719 pate, &g_raddr, &prot, 720 &psize, mmu_idx, lpid, 721 guest_visible); 722 if (ret) { 723 return false; 724 } 725 *psizep = MIN(*psizep, psize); 726 *protp &= prot; 727 } else { 728 g_raddr = eaddr & R_EADDR_MASK; 729 } 730 731 if (vhyp_flat_addressing(cpu)) { 732 *raddr = g_raddr; 733 } else { 734 /* 735 * Perform partition-scoped translation if !HV or HV access to 736 * quadrants 1 or 2. Translates a guest real address to a host 737 * real address. 738 */ 739 if (lpid || !mmuidx_hv(mmu_idx)) { 740 int ret; 741 742 ret = ppc_radix64_partition_scoped_xlate(cpu, access_type, eaddr, 743 g_raddr, pate, raddr, 744 &prot, &psize, false, 745 mmu_idx, lpid, 746 guest_visible); 747 if (ret) { 748 return false; 749 } 750 *psizep = MIN(*psizep, psize); 751 *protp &= prot; 752 } else { 753 *raddr = g_raddr; 754 } 755 } 756 757 return true; 758 } 759 760 bool ppc_radix64_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type, 761 hwaddr *raddrp, int *psizep, int *protp, int mmu_idx, 762 bool guest_visible) 763 { 764 bool ret = ppc_radix64_xlate_impl(cpu, eaddr, access_type, raddrp, 765 psizep, protp, mmu_idx, guest_visible); 766 767 qemu_log_mask(CPU_LOG_MMU, "%s for %s @0x%"VADDR_PRIx 768 " mmu_idx %u (prot %c%c%c) -> 0x%"HWADDR_PRIx"\n", 769 __func__, access_str(access_type), 770 eaddr, mmu_idx, 771 *protp & PAGE_READ ? 'r' : '-', 772 *protp & PAGE_WRITE ? 'w' : '-', 773 *protp & PAGE_EXEC ? 'x' : '-', 774 *raddrp); 775 776 return ret; 777 } 778