1 /* 2 * PowerPC Radix MMU mulation helpers for QEMU. 3 * 4 * Copyright (c) 2016 Suraj Jitindar Singh, IBM Corporation 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 */ 19 20 #include "qemu/osdep.h" 21 #include "qapi/error.h" 22 #include "cpu.h" 23 #include "exec/exec-all.h" 24 #include "exec/helper-proto.h" 25 #include "qemu/error-report.h" 26 #include "sysemu/kvm.h" 27 #include "kvm_ppc.h" 28 #include "exec/log.h" 29 #include "mmu-radix64.h" 30 #include "mmu-book3s-v3.h" 31 32 static bool ppc_radix64_get_fully_qualified_addr(CPUPPCState *env, vaddr eaddr, 33 uint64_t *lpid, uint64_t *pid) 34 { 35 /* We don't have HV support yet and shouldn't get here with it set anyway */ 36 assert(!msr_hv); 37 38 if (!msr_hv) { /* !MSR[HV] -> Guest */ 39 switch (eaddr & R_EADDR_QUADRANT) { 40 case R_EADDR_QUADRANT0: /* Guest application */ 41 *lpid = env->spr[SPR_LPIDR]; 42 *pid = env->spr[SPR_BOOKS_PID]; 43 break; 44 case R_EADDR_QUADRANT1: /* Illegal */ 45 case R_EADDR_QUADRANT2: 46 return false; 47 case R_EADDR_QUADRANT3: /* Guest OS */ 48 *lpid = env->spr[SPR_LPIDR]; 49 *pid = 0; /* pid set to 0 -> addresses guest operating system */ 50 break; 51 } 52 } 53 54 return true; 55 } 56 57 static void ppc_radix64_raise_segi(PowerPCCPU *cpu, int rwx, vaddr eaddr) 58 { 59 CPUState *cs = CPU(cpu); 60 CPUPPCState *env = &cpu->env; 61 62 if (rwx == 2) { /* Instruction Segment Interrupt */ 63 cs->exception_index = POWERPC_EXCP_ISEG; 64 } else { /* Data Segment Interrupt */ 65 cs->exception_index = POWERPC_EXCP_DSEG; 66 env->spr[SPR_DAR] = eaddr; 67 } 68 env->error_code = 0; 69 } 70 71 static void ppc_radix64_raise_si(PowerPCCPU *cpu, int rwx, vaddr eaddr, 72 uint32_t cause) 73 { 74 CPUState *cs = CPU(cpu); 75 CPUPPCState *env = &cpu->env; 76 77 if (rwx == 2) { /* Instruction Storage Interrupt */ 78 cs->exception_index = POWERPC_EXCP_ISI; 79 env->error_code = cause; 80 } else { /* Data Storage Interrupt */ 81 cs->exception_index = POWERPC_EXCP_DSI; 82 if (rwx == 1) { /* Write -> Store */ 83 cause |= DSISR_ISSTORE; 84 } 85 env->spr[SPR_DSISR] = cause; 86 env->spr[SPR_DAR] = eaddr; 87 env->error_code = 0; 88 } 89 } 90 91 92 static bool ppc_radix64_check_prot(PowerPCCPU *cpu, int rwx, uint64_t pte, 93 int *fault_cause, int *prot) 94 { 95 CPUPPCState *env = &cpu->env; 96 const int need_prot[] = { PAGE_READ, PAGE_WRITE, PAGE_EXEC }; 97 98 /* Check Page Attributes (pte58:59) */ 99 if (((pte & R_PTE_ATT) == R_PTE_ATT_NI_IO) && (rwx == 2)) { 100 /* 101 * Radix PTE entries with the non-idempotent I/O attribute are treated 102 * as guarded storage 103 */ 104 *fault_cause |= SRR1_NOEXEC_GUARD; 105 return true; 106 } 107 108 /* Determine permissions allowed by Encoded Access Authority */ 109 if ((pte & R_PTE_EAA_PRIV) && msr_pr) { /* Insufficient Privilege */ 110 *prot = 0; 111 } else if (msr_pr || (pte & R_PTE_EAA_PRIV)) { 112 *prot = ppc_radix64_get_prot_eaa(pte); 113 } else { /* !msr_pr && !(pte & R_PTE_EAA_PRIV) */ 114 *prot = ppc_radix64_get_prot_eaa(pte); 115 *prot &= ppc_radix64_get_prot_amr(cpu); /* Least combined permissions */ 116 } 117 118 /* Check if requested access type is allowed */ 119 if (need_prot[rwx] & ~(*prot)) { /* Page Protected for that Access */ 120 *fault_cause |= DSISR_PROTFAULT; 121 return true; 122 } 123 124 return false; 125 } 126 127 static void ppc_radix64_set_rc(PowerPCCPU *cpu, int rwx, uint64_t pte, 128 hwaddr pte_addr, int *prot) 129 { 130 CPUState *cs = CPU(cpu); 131 uint64_t npte; 132 133 npte = pte | R_PTE_R; /* Always set reference bit */ 134 135 if (rwx == 1) { /* Store/Write */ 136 npte |= R_PTE_C; /* Set change bit */ 137 } else { 138 /* 139 * Treat the page as read-only for now, so that a later write 140 * will pass through this function again to set the C bit. 141 */ 142 *prot &= ~PAGE_WRITE; 143 } 144 145 if (pte ^ npte) { /* If pte has changed then write it back */ 146 stq_phys(cs->as, pte_addr, npte); 147 } 148 } 149 150 static uint64_t ppc_radix64_walk_tree(PowerPCCPU *cpu, vaddr eaddr, 151 uint64_t base_addr, uint64_t nls, 152 hwaddr *raddr, int *psize, 153 int *fault_cause, hwaddr *pte_addr) 154 { 155 CPUState *cs = CPU(cpu); 156 uint64_t index, pde; 157 158 if (nls < 5) { /* Directory maps less than 2**5 entries */ 159 *fault_cause |= DSISR_R_BADCONFIG; 160 return 0; 161 } 162 163 /* Read page <directory/table> entry from guest address space */ 164 index = eaddr >> (*psize - nls); /* Shift */ 165 index &= ((1UL << nls) - 1); /* Mask */ 166 pde = ldq_phys(cs->as, base_addr + (index * sizeof(pde))); 167 if (!(pde & R_PTE_VALID)) { /* Invalid Entry */ 168 *fault_cause |= DSISR_NOPTE; 169 return 0; 170 } 171 172 *psize -= nls; 173 174 /* Check if Leaf Entry -> Page Table Entry -> Stop the Search */ 175 if (pde & R_PTE_LEAF) { 176 uint64_t rpn = pde & R_PTE_RPN; 177 uint64_t mask = (1UL << *psize) - 1; 178 179 /* Or high bits of rpn and low bits to ea to form whole real addr */ 180 *raddr = (rpn & ~mask) | (eaddr & mask); 181 *pte_addr = base_addr + (index * sizeof(pde)); 182 return pde; 183 } 184 185 /* Next Level of Radix Tree */ 186 return ppc_radix64_walk_tree(cpu, eaddr, pde & R_PDE_NLB, pde & R_PDE_NLS, 187 raddr, psize, fault_cause, pte_addr); 188 } 189 190 int ppc_radix64_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int rwx, 191 int mmu_idx) 192 { 193 CPUState *cs = CPU(cpu); 194 CPUPPCState *env = &cpu->env; 195 PPCVirtualHypervisorClass *vhc = 196 PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp); 197 hwaddr raddr, pte_addr; 198 uint64_t lpid = 0, pid = 0, offset, size, patbe, prtbe0, pte; 199 int page_size, prot, fault_cause = 0; 200 201 assert((rwx == 0) || (rwx == 1) || (rwx == 2)); 202 assert(!msr_hv); /* For now there is no Radix PowerNV Support */ 203 assert(cpu->vhyp); 204 assert(ppc64_use_proc_tbl(cpu)); 205 206 /* Real Mode Access */ 207 if (((rwx == 2) && (msr_ir == 0)) || ((rwx != 2) && (msr_dr == 0))) { 208 /* In real mode top 4 effective addr bits (mostly) ignored */ 209 raddr = eaddr & 0x0FFFFFFFFFFFFFFFULL; 210 211 tlb_set_page(cs, eaddr & TARGET_PAGE_MASK, raddr & TARGET_PAGE_MASK, 212 PAGE_READ | PAGE_WRITE | PAGE_EXEC, mmu_idx, 213 TARGET_PAGE_SIZE); 214 return 0; 215 } 216 217 /* Virtual Mode Access - get the fully qualified address */ 218 if (!ppc_radix64_get_fully_qualified_addr(env, eaddr, &lpid, &pid)) { 219 ppc_radix64_raise_segi(cpu, rwx, eaddr); 220 return 1; 221 } 222 223 /* Get Process Table */ 224 patbe = vhc->get_patbe(cpu->vhyp); 225 226 /* Index Process Table by PID to Find Corresponding Process Table Entry */ 227 offset = pid * sizeof(struct prtb_entry); 228 size = 1ULL << ((patbe & PATBE1_R_PRTS) + 12); 229 if (offset >= size) { 230 /* offset exceeds size of the process table */ 231 ppc_radix64_raise_si(cpu, rwx, eaddr, DSISR_NOPTE); 232 return 1; 233 } 234 prtbe0 = ldq_phys(cs->as, (patbe & PATBE1_R_PRTB) + offset); 235 236 /* Walk Radix Tree from Process Table Entry to Convert EA to RA */ 237 page_size = PRTBE_R_GET_RTS(prtbe0); 238 pte = ppc_radix64_walk_tree(cpu, eaddr & R_EADDR_MASK, 239 prtbe0 & PRTBE_R_RPDB, prtbe0 & PRTBE_R_RPDS, 240 &raddr, &page_size, &fault_cause, &pte_addr); 241 if (!pte || ppc_radix64_check_prot(cpu, rwx, pte, &fault_cause, &prot)) { 242 /* Couldn't get pte or access denied due to protection */ 243 ppc_radix64_raise_si(cpu, rwx, eaddr, fault_cause); 244 return 1; 245 } 246 247 /* Update Reference and Change Bits */ 248 ppc_radix64_set_rc(cpu, rwx, pte, pte_addr, &prot); 249 250 tlb_set_page(cs, eaddr & TARGET_PAGE_MASK, raddr & TARGET_PAGE_MASK, 251 prot, mmu_idx, 1UL << page_size); 252 return 0; 253 } 254 255 hwaddr ppc_radix64_get_phys_page_debug(PowerPCCPU *cpu, target_ulong eaddr) 256 { 257 CPUState *cs = CPU(cpu); 258 CPUPPCState *env = &cpu->env; 259 PPCVirtualHypervisorClass *vhc = 260 PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp); 261 hwaddr raddr, pte_addr; 262 uint64_t lpid = 0, pid = 0, offset, size, patbe, prtbe0, pte; 263 int page_size, fault_cause = 0; 264 265 /* Handle Real Mode */ 266 if (msr_dr == 0) { 267 /* In real mode top 4 effective addr bits (mostly) ignored */ 268 return eaddr & 0x0FFFFFFFFFFFFFFFULL; 269 } 270 271 /* Virtual Mode Access - get the fully qualified address */ 272 if (!ppc_radix64_get_fully_qualified_addr(env, eaddr, &lpid, &pid)) { 273 return -1; 274 } 275 276 /* Get Process Table */ 277 patbe = vhc->get_patbe(cpu->vhyp); 278 279 /* Index Process Table by PID to Find Corresponding Process Table Entry */ 280 offset = pid * sizeof(struct prtb_entry); 281 size = 1ULL << ((patbe & PATBE1_R_PRTS) + 12); 282 if (offset >= size) { 283 /* offset exceeds size of the process table */ 284 return -1; 285 } 286 prtbe0 = ldq_phys(cs->as, (patbe & PATBE1_R_PRTB) + offset); 287 288 /* Walk Radix Tree from Process Table Entry to Convert EA to RA */ 289 page_size = PRTBE_R_GET_RTS(prtbe0); 290 pte = ppc_radix64_walk_tree(cpu, eaddr & R_EADDR_MASK, 291 prtbe0 & PRTBE_R_RPDB, prtbe0 & PRTBE_R_RPDS, 292 &raddr, &page_size, &fault_cause, &pte_addr); 293 if (!pte) { 294 return -1; 295 } 296 297 return raddr & TARGET_PAGE_MASK; 298 } 299