xref: /openbmc/qemu/target/ppc/mmu-radix64.c (revision 30b6852c)
1 /*
2  *  PowerPC Radix MMU mulation helpers for QEMU.
3  *
4  *  Copyright (c) 2016 Suraj Jitindar Singh, IBM Corporation
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "qemu/osdep.h"
21 #include "cpu.h"
22 #include "exec/exec-all.h"
23 #include "qemu/error-report.h"
24 #include "sysemu/kvm.h"
25 #include "kvm_ppc.h"
26 #include "exec/log.h"
27 #include "internal.h"
28 #include "mmu-radix64.h"
29 #include "mmu-book3s-v3.h"
30 
31 static bool ppc_radix64_get_fully_qualified_addr(const CPUPPCState *env,
32                                                  vaddr eaddr,
33                                                  uint64_t *lpid, uint64_t *pid)
34 {
35     if (msr_hv) { /* MSR[HV] -> Hypervisor/bare metal */
36         switch (eaddr & R_EADDR_QUADRANT) {
37         case R_EADDR_QUADRANT0:
38             *lpid = 0;
39             *pid = env->spr[SPR_BOOKS_PID];
40             break;
41         case R_EADDR_QUADRANT1:
42             *lpid = env->spr[SPR_LPIDR];
43             *pid = env->spr[SPR_BOOKS_PID];
44             break;
45         case R_EADDR_QUADRANT2:
46             *lpid = env->spr[SPR_LPIDR];
47             *pid = 0;
48             break;
49         case R_EADDR_QUADRANT3:
50             *lpid = 0;
51             *pid = 0;
52             break;
53         default:
54             g_assert_not_reached();
55         }
56     } else {  /* !MSR[HV] -> Guest */
57         switch (eaddr & R_EADDR_QUADRANT) {
58         case R_EADDR_QUADRANT0: /* Guest application */
59             *lpid = env->spr[SPR_LPIDR];
60             *pid = env->spr[SPR_BOOKS_PID];
61             break;
62         case R_EADDR_QUADRANT1: /* Illegal */
63         case R_EADDR_QUADRANT2:
64             return false;
65         case R_EADDR_QUADRANT3: /* Guest OS */
66             *lpid = env->spr[SPR_LPIDR];
67             *pid = 0; /* pid set to 0 -> addresses guest operating system */
68             break;
69         default:
70             g_assert_not_reached();
71         }
72     }
73 
74     return true;
75 }
76 
77 static void ppc_radix64_raise_segi(PowerPCCPU *cpu, MMUAccessType access_type,
78                                    vaddr eaddr)
79 {
80     CPUState *cs = CPU(cpu);
81     CPUPPCState *env = &cpu->env;
82 
83     switch (access_type) {
84     case MMU_INST_FETCH:
85         /* Instruction Segment Interrupt */
86         cs->exception_index = POWERPC_EXCP_ISEG;
87         break;
88     case MMU_DATA_STORE:
89     case MMU_DATA_LOAD:
90         /* Data Segment Interrupt */
91         cs->exception_index = POWERPC_EXCP_DSEG;
92         env->spr[SPR_DAR] = eaddr;
93         break;
94     default:
95         g_assert_not_reached();
96     }
97     env->error_code = 0;
98 }
99 
100 static void ppc_radix64_raise_si(PowerPCCPU *cpu, MMUAccessType access_type,
101                                  vaddr eaddr, uint32_t cause)
102 {
103     CPUState *cs = CPU(cpu);
104     CPUPPCState *env = &cpu->env;
105 
106     switch (access_type) {
107     case MMU_INST_FETCH:
108         /* Instruction Storage Interrupt */
109         cs->exception_index = POWERPC_EXCP_ISI;
110         env->error_code = cause;
111         break;
112     case MMU_DATA_STORE:
113         cause |= DSISR_ISSTORE;
114         /* fall through */
115     case MMU_DATA_LOAD:
116         /* Data Storage Interrupt */
117         cs->exception_index = POWERPC_EXCP_DSI;
118         env->spr[SPR_DSISR] = cause;
119         env->spr[SPR_DAR] = eaddr;
120         env->error_code = 0;
121         break;
122     default:
123         g_assert_not_reached();
124     }
125 }
126 
127 static void ppc_radix64_raise_hsi(PowerPCCPU *cpu, MMUAccessType access_type,
128                                   vaddr eaddr, hwaddr g_raddr, uint32_t cause)
129 {
130     CPUState *cs = CPU(cpu);
131     CPUPPCState *env = &cpu->env;
132 
133     switch (access_type) {
134     case MMU_INST_FETCH:
135         /* H Instruction Storage Interrupt */
136         cs->exception_index = POWERPC_EXCP_HISI;
137         env->spr[SPR_ASDR] = g_raddr;
138         env->error_code = cause;
139         break;
140     case MMU_DATA_STORE:
141         cause |= DSISR_ISSTORE;
142         /* fall through */
143     case MMU_DATA_LOAD:
144         /* H Data Storage Interrupt */
145         cs->exception_index = POWERPC_EXCP_HDSI;
146         env->spr[SPR_HDSISR] = cause;
147         env->spr[SPR_HDAR] = eaddr;
148         env->spr[SPR_ASDR] = g_raddr;
149         env->error_code = 0;
150         break;
151     default:
152         g_assert_not_reached();
153     }
154 }
155 
156 static bool ppc_radix64_check_prot(PowerPCCPU *cpu, MMUAccessType access_type,
157                                    uint64_t pte, int *fault_cause, int *prot,
158                                    int mmu_idx, bool partition_scoped)
159 {
160     CPUPPCState *env = &cpu->env;
161     int need_prot;
162 
163     /* Check Page Attributes (pte58:59) */
164     if ((pte & R_PTE_ATT) == R_PTE_ATT_NI_IO && access_type == MMU_INST_FETCH) {
165         /*
166          * Radix PTE entries with the non-idempotent I/O attribute are treated
167          * as guarded storage
168          */
169         *fault_cause |= SRR1_NOEXEC_GUARD;
170         return true;
171     }
172 
173     /* Determine permissions allowed by Encoded Access Authority */
174     if (!partition_scoped && (pte & R_PTE_EAA_PRIV) && msr_pr) {
175         *prot = 0;
176     } else if (mmuidx_pr(mmu_idx) || (pte & R_PTE_EAA_PRIV) ||
177                partition_scoped) {
178         *prot = ppc_radix64_get_prot_eaa(pte);
179     } else { /* !msr_pr && !(pte & R_PTE_EAA_PRIV) && !partition_scoped */
180         *prot = ppc_radix64_get_prot_eaa(pte);
181         *prot &= ppc_radix64_get_prot_amr(cpu); /* Least combined permissions */
182     }
183 
184     /* Check if requested access type is allowed */
185     need_prot = prot_for_access_type(access_type);
186     if (need_prot & ~*prot) { /* Page Protected for that Access */
187         *fault_cause |= DSISR_PROTFAULT;
188         return true;
189     }
190 
191     return false;
192 }
193 
194 static void ppc_radix64_set_rc(PowerPCCPU *cpu, MMUAccessType access_type,
195                                uint64_t pte, hwaddr pte_addr, int *prot)
196 {
197     CPUState *cs = CPU(cpu);
198     uint64_t npte;
199 
200     npte = pte | R_PTE_R; /* Always set reference bit */
201 
202     if (access_type == MMU_DATA_STORE) { /* Store/Write */
203         npte |= R_PTE_C; /* Set change bit */
204     } else {
205         /*
206          * Treat the page as read-only for now, so that a later write
207          * will pass through this function again to set the C bit.
208          */
209         *prot &= ~PAGE_WRITE;
210     }
211 
212     if (pte ^ npte) { /* If pte has changed then write it back */
213         stq_phys(cs->as, pte_addr, npte);
214     }
215 }
216 
217 static int ppc_radix64_next_level(AddressSpace *as, vaddr eaddr,
218                                   uint64_t *pte_addr, uint64_t *nls,
219                                   int *psize, uint64_t *pte, int *fault_cause)
220 {
221     uint64_t index, pde;
222 
223     if (*nls < 5) { /* Directory maps less than 2**5 entries */
224         *fault_cause |= DSISR_R_BADCONFIG;
225         return 1;
226     }
227 
228     /* Read page <directory/table> entry from guest address space */
229     pde = ldq_phys(as, *pte_addr);
230     if (!(pde & R_PTE_VALID)) {         /* Invalid Entry */
231         *fault_cause |= DSISR_NOPTE;
232         return 1;
233     }
234 
235     *pte = pde;
236     *psize -= *nls;
237     if (!(pde & R_PTE_LEAF)) { /* Prepare for next iteration */
238         *nls = pde & R_PDE_NLS;
239         index = eaddr >> (*psize - *nls);       /* Shift */
240         index &= ((1UL << *nls) - 1);           /* Mask */
241         *pte_addr = (pde & R_PDE_NLB) + (index * sizeof(pde));
242     }
243     return 0;
244 }
245 
246 static int ppc_radix64_walk_tree(AddressSpace *as, vaddr eaddr,
247                                  uint64_t base_addr, uint64_t nls,
248                                  hwaddr *raddr, int *psize, uint64_t *pte,
249                                  int *fault_cause, hwaddr *pte_addr)
250 {
251     uint64_t index, pde, rpn , mask;
252 
253     if (nls < 5) { /* Directory maps less than 2**5 entries */
254         *fault_cause |= DSISR_R_BADCONFIG;
255         return 1;
256     }
257 
258     index = eaddr >> (*psize - nls);    /* Shift */
259     index &= ((1UL << nls) - 1);       /* Mask */
260     *pte_addr = base_addr + (index * sizeof(pde));
261     do {
262         int ret;
263 
264         ret = ppc_radix64_next_level(as, eaddr, pte_addr, &nls, psize, &pde,
265                                      fault_cause);
266         if (ret) {
267             return ret;
268         }
269     } while (!(pde & R_PTE_LEAF));
270 
271     *pte = pde;
272     rpn = pde & R_PTE_RPN;
273     mask = (1UL << *psize) - 1;
274 
275     /* Or high bits of rpn and low bits to ea to form whole real addr */
276     *raddr = (rpn & ~mask) | (eaddr & mask);
277     return 0;
278 }
279 
280 static bool validate_pate(PowerPCCPU *cpu, uint64_t lpid, ppc_v3_pate_t *pate)
281 {
282     CPUPPCState *env = &cpu->env;
283 
284     if (!(pate->dw0 & PATE0_HR)) {
285         return false;
286     }
287     if (lpid == 0 && !msr_hv) {
288         return false;
289     }
290     if ((pate->dw0 & PATE1_R_PRTS) < 5) {
291         return false;
292     }
293     /* More checks ... */
294     return true;
295 }
296 
297 static int ppc_radix64_partition_scoped_xlate(PowerPCCPU *cpu,
298                                               MMUAccessType access_type,
299                                               vaddr eaddr, hwaddr g_raddr,
300                                               ppc_v3_pate_t pate,
301                                               hwaddr *h_raddr, int *h_prot,
302                                               int *h_page_size, bool pde_addr,
303                                               int mmu_idx, bool guest_visible)
304 {
305     int fault_cause = 0;
306     hwaddr pte_addr;
307     uint64_t pte;
308 
309     *h_page_size = PRTBE_R_GET_RTS(pate.dw0);
310     /* No valid pte or access denied due to protection */
311     if (ppc_radix64_walk_tree(CPU(cpu)->as, g_raddr, pate.dw0 & PRTBE_R_RPDB,
312                               pate.dw0 & PRTBE_R_RPDS, h_raddr, h_page_size,
313                               &pte, &fault_cause, &pte_addr) ||
314         ppc_radix64_check_prot(cpu, access_type, pte,
315                                &fault_cause, h_prot, mmu_idx, true)) {
316         if (pde_addr) { /* address being translated was that of a guest pde */
317             fault_cause |= DSISR_PRTABLE_FAULT;
318         }
319         if (guest_visible) {
320             ppc_radix64_raise_hsi(cpu, access_type, eaddr, g_raddr, fault_cause);
321         }
322         return 1;
323     }
324 
325     if (guest_visible) {
326         ppc_radix64_set_rc(cpu, access_type, pte, pte_addr, h_prot);
327     }
328 
329     return 0;
330 }
331 
332 static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu,
333                                             MMUAccessType access_type,
334                                             vaddr eaddr, uint64_t pid,
335                                             ppc_v3_pate_t pate, hwaddr *g_raddr,
336                                             int *g_prot, int *g_page_size,
337                                             int mmu_idx, bool guest_visible)
338 {
339     CPUState *cs = CPU(cpu);
340     CPUPPCState *env = &cpu->env;
341     uint64_t offset, size, prtbe_addr, prtbe0, base_addr, nls, index, pte;
342     int fault_cause = 0, h_page_size, h_prot;
343     hwaddr h_raddr, pte_addr;
344     int ret;
345 
346     /* Index Process Table by PID to Find Corresponding Process Table Entry */
347     offset = pid * sizeof(struct prtb_entry);
348     size = 1ULL << ((pate.dw1 & PATE1_R_PRTS) + 12);
349     if (offset >= size) {
350         /* offset exceeds size of the process table */
351         if (guest_visible) {
352             ppc_radix64_raise_si(cpu, access_type, eaddr, DSISR_NOPTE);
353         }
354         return 1;
355     }
356     prtbe_addr = (pate.dw1 & PATE1_R_PRTB) + offset;
357 
358     if (cpu->vhyp) {
359         prtbe0 = ldq_phys(cs->as, prtbe_addr);
360     } else {
361         /*
362          * Process table addresses are subject to partition-scoped
363          * translation
364          *
365          * On a Radix host, the partition-scoped page table for LPID=0
366          * is only used to translate the effective addresses of the
367          * process table entries.
368          */
369         ret = ppc_radix64_partition_scoped_xlate(cpu, 0, eaddr, prtbe_addr,
370                                                  pate, &h_raddr, &h_prot,
371                                                  &h_page_size, true,
372             /* mmu_idx is 5 because we're translating from hypervisor scope */
373                                                  5, guest_visible);
374         if (ret) {
375             return ret;
376         }
377         prtbe0 = ldq_phys(cs->as, h_raddr);
378     }
379 
380     /* Walk Radix Tree from Process Table Entry to Convert EA to RA */
381     *g_page_size = PRTBE_R_GET_RTS(prtbe0);
382     base_addr = prtbe0 & PRTBE_R_RPDB;
383     nls = prtbe0 & PRTBE_R_RPDS;
384     if (msr_hv || cpu->vhyp) {
385         /*
386          * Can treat process table addresses as real addresses
387          */
388         ret = ppc_radix64_walk_tree(cs->as, eaddr & R_EADDR_MASK, base_addr,
389                                     nls, g_raddr, g_page_size, &pte,
390                                     &fault_cause, &pte_addr);
391         if (ret) {
392             /* No valid PTE */
393             if (guest_visible) {
394                 ppc_radix64_raise_si(cpu, access_type, eaddr, fault_cause);
395             }
396             return ret;
397         }
398     } else {
399         uint64_t rpn, mask;
400 
401         index = (eaddr & R_EADDR_MASK) >> (*g_page_size - nls); /* Shift */
402         index &= ((1UL << nls) - 1);                            /* Mask */
403         pte_addr = base_addr + (index * sizeof(pte));
404 
405         /*
406          * Each process table address is subject to a partition-scoped
407          * translation
408          */
409         do {
410             ret = ppc_radix64_partition_scoped_xlate(cpu, 0, eaddr, pte_addr,
411                                                      pate, &h_raddr, &h_prot,
412                                                      &h_page_size, true,
413             /* mmu_idx is 5 because we're translating from hypervisor scope */
414                                                      5, guest_visible);
415             if (ret) {
416                 return ret;
417             }
418 
419             ret = ppc_radix64_next_level(cs->as, eaddr & R_EADDR_MASK, &h_raddr,
420                                          &nls, g_page_size, &pte, &fault_cause);
421             if (ret) {
422                 /* No valid pte */
423                 if (guest_visible) {
424                     ppc_radix64_raise_si(cpu, access_type, eaddr, fault_cause);
425                 }
426                 return ret;
427             }
428             pte_addr = h_raddr;
429         } while (!(pte & R_PTE_LEAF));
430 
431         rpn = pte & R_PTE_RPN;
432         mask = (1UL << *g_page_size) - 1;
433 
434         /* Or high bits of rpn and low bits to ea to form whole real addr */
435         *g_raddr = (rpn & ~mask) | (eaddr & mask);
436     }
437 
438     if (ppc_radix64_check_prot(cpu, access_type, pte, &fault_cause,
439                                g_prot, mmu_idx, false)) {
440         /* Access denied due to protection */
441         if (guest_visible) {
442             ppc_radix64_raise_si(cpu, access_type, eaddr, fault_cause);
443         }
444         return 1;
445     }
446 
447     if (guest_visible) {
448         ppc_radix64_set_rc(cpu, access_type, pte, pte_addr, g_prot);
449     }
450 
451     return 0;
452 }
453 
454 /*
455  * Radix tree translation is a 2 steps translation process:
456  *
457  * 1. Process-scoped translation:   Guest Eff Addr  -> Guest Real Addr
458  * 2. Partition-scoped translation: Guest Real Addr -> Host Real Addr
459  *
460  *                                  MSR[HV]
461  *              +-------------+----------------+---------------+
462  *              |             |     HV = 0     |     HV = 1    |
463  *              +-------------+----------------+---------------+
464  *              | Relocation  |    Partition   |      No       |
465  *              | = Off       |     Scoped     |  Translation  |
466  *  Relocation  +-------------+----------------+---------------+
467  *              | Relocation  |   Partition &  |    Process    |
468  *              | = On        | Process Scoped |    Scoped     |
469  *              +-------------+----------------+---------------+
470  */
471 bool ppc_radix64_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
472                        hwaddr *raddr, int *psizep, int *protp, int mmu_idx,
473                        bool guest_visible)
474 {
475     CPUPPCState *env = &cpu->env;
476     uint64_t lpid, pid;
477     ppc_v3_pate_t pate;
478     int psize, prot;
479     hwaddr g_raddr;
480     bool relocation;
481 
482     assert(!(mmuidx_hv(mmu_idx) && cpu->vhyp));
483 
484     relocation = !mmuidx_real(mmu_idx);
485 
486     /* HV or virtual hypervisor Real Mode Access */
487     if (!relocation && (mmuidx_hv(mmu_idx) || cpu->vhyp)) {
488         /* In real mode top 4 effective addr bits (mostly) ignored */
489         *raddr = eaddr & 0x0FFFFFFFFFFFFFFFULL;
490 
491         /* In HV mode, add HRMOR if top EA bit is clear */
492         if (mmuidx_hv(mmu_idx) || !env->has_hv_mode) {
493             if (!(eaddr >> 63)) {
494                 *raddr |= env->spr[SPR_HRMOR];
495            }
496         }
497         *protp = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
498         *psizep = TARGET_PAGE_BITS;
499         return true;
500     }
501 
502     /*
503      * Check UPRT (we avoid the check in real mode to deal with
504      * transitional states during kexec.
505      */
506     if (guest_visible && !ppc64_use_proc_tbl(cpu)) {
507         qemu_log_mask(LOG_GUEST_ERROR,
508                       "LPCR:UPRT not set in radix mode ! LPCR="
509                       TARGET_FMT_lx "\n", env->spr[SPR_LPCR]);
510     }
511 
512     /* Virtual Mode Access - get the fully qualified address */
513     if (!ppc_radix64_get_fully_qualified_addr(&cpu->env, eaddr, &lpid, &pid)) {
514         if (guest_visible) {
515             ppc_radix64_raise_segi(cpu, access_type, eaddr);
516         }
517         return false;
518     }
519 
520     /* Get Process Table */
521     if (cpu->vhyp) {
522         PPCVirtualHypervisorClass *vhc;
523         vhc = PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp);
524         vhc->get_pate(cpu->vhyp, &pate);
525     } else {
526         if (!ppc64_v3_get_pate(cpu, lpid, &pate)) {
527             if (guest_visible) {
528                 ppc_radix64_raise_si(cpu, access_type, eaddr, DSISR_NOPTE);
529             }
530             return false;
531         }
532         if (!validate_pate(cpu, lpid, &pate)) {
533             if (guest_visible) {
534                 ppc_radix64_raise_si(cpu, access_type, eaddr, DSISR_R_BADCONFIG);
535             }
536             return false;
537         }
538     }
539 
540     *psizep = INT_MAX;
541     *protp = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
542 
543     /*
544      * Perform process-scoped translation if relocation enabled.
545      *
546      * - Translates an effective address to a host real address in
547      *   quadrants 0 and 3 when HV=1.
548      *
549      * - Translates an effective address to a guest real address.
550      */
551     if (relocation) {
552         int ret = ppc_radix64_process_scoped_xlate(cpu, access_type, eaddr, pid,
553                                                    pate, &g_raddr, &prot,
554                                                    &psize, mmu_idx, guest_visible);
555         if (ret) {
556             return false;
557         }
558         *psizep = MIN(*psizep, psize);
559         *protp &= prot;
560     } else {
561         g_raddr = eaddr & R_EADDR_MASK;
562     }
563 
564     if (cpu->vhyp) {
565         *raddr = g_raddr;
566     } else {
567         /*
568          * Perform partition-scoped translation if !HV or HV access to
569          * quadrants 1 or 2. Translates a guest real address to a host
570          * real address.
571          */
572         if (lpid || !mmuidx_hv(mmu_idx)) {
573             int ret;
574 
575             ret = ppc_radix64_partition_scoped_xlate(cpu, access_type, eaddr,
576                                                      g_raddr, pate, raddr,
577                                                      &prot, &psize, false,
578                                                      mmu_idx, guest_visible);
579             if (ret) {
580                 return false;
581             }
582             *psizep = MIN(*psizep, psize);
583             *protp &= prot;
584         } else {
585             *raddr = g_raddr;
586         }
587     }
588 
589     return true;
590 }
591