1 /* 2 * PowerPC MMU, TLB, SLB and BAT emulation helpers for QEMU. 3 * 4 * Copyright (c) 2003-2007 Jocelyn Mayer 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 */ 19 20 #include "qemu/osdep.h" 21 #include "qemu/units.h" 22 #include "cpu.h" 23 #include "sysemu/kvm.h" 24 #include "kvm_ppc.h" 25 #include "mmu-hash64.h" 26 #include "mmu-hash32.h" 27 #include "exec/exec-all.h" 28 #include "exec/log.h" 29 #include "helper_regs.h" 30 #include "qemu/error-report.h" 31 #include "qemu/main-loop.h" 32 #include "qemu/qemu-print.h" 33 #include "internal.h" 34 #include "mmu-book3s-v3.h" 35 #include "mmu-radix64.h" 36 #include "exec/helper-proto.h" 37 #include "exec/cpu_ldst.h" 38 39 /* #define DEBUG_BATS */ 40 /* #define DEBUG_SOFTWARE_TLB */ 41 /* #define DUMP_PAGE_TABLES */ 42 /* #define FLUSH_ALL_TLBS */ 43 44 #ifdef DEBUG_SOFTWARE_TLB 45 # define LOG_SWTLB(...) qemu_log_mask(CPU_LOG_MMU, __VA_ARGS__) 46 #else 47 # define LOG_SWTLB(...) do { } while (0) 48 #endif 49 50 #ifdef DEBUG_BATS 51 # define LOG_BATS(...) qemu_log_mask(CPU_LOG_MMU, __VA_ARGS__) 52 #else 53 # define LOG_BATS(...) do { } while (0) 54 #endif 55 56 /*****************************************************************************/ 57 /* PowerPC MMU emulation */ 58 59 /* Software driven TLB helpers */ 60 static inline void ppc6xx_tlb_invalidate_all(CPUPPCState *env) 61 { 62 ppc6xx_tlb_t *tlb; 63 int nr, max; 64 65 /* LOG_SWTLB("Invalidate all TLBs\n"); */ 66 /* Invalidate all defined software TLB */ 67 max = env->nb_tlb; 68 if (env->id_tlbs == 1) { 69 max *= 2; 70 } 71 for (nr = 0; nr < max; nr++) { 72 tlb = &env->tlb.tlb6[nr]; 73 pte_invalidate(&tlb->pte0); 74 } 75 tlb_flush(env_cpu(env)); 76 } 77 78 static inline void ppc6xx_tlb_invalidate_virt2(CPUPPCState *env, 79 target_ulong eaddr, 80 int is_code, int match_epn) 81 { 82 #if !defined(FLUSH_ALL_TLBS) 83 CPUState *cs = env_cpu(env); 84 ppc6xx_tlb_t *tlb; 85 int way, nr; 86 87 /* Invalidate ITLB + DTLB, all ways */ 88 for (way = 0; way < env->nb_ways; way++) { 89 nr = ppc6xx_tlb_getnum(env, eaddr, way, is_code); 90 tlb = &env->tlb.tlb6[nr]; 91 if (pte_is_valid(tlb->pte0) && (match_epn == 0 || eaddr == tlb->EPN)) { 92 LOG_SWTLB("TLB invalidate %d/%d " TARGET_FMT_lx "\n", nr, 93 env->nb_tlb, eaddr); 94 pte_invalidate(&tlb->pte0); 95 tlb_flush_page(cs, tlb->EPN); 96 } 97 } 98 #else 99 /* XXX: PowerPC specification say this is valid as well */ 100 ppc6xx_tlb_invalidate_all(env); 101 #endif 102 } 103 104 static inline void ppc6xx_tlb_invalidate_virt(CPUPPCState *env, 105 target_ulong eaddr, int is_code) 106 { 107 ppc6xx_tlb_invalidate_virt2(env, eaddr, is_code, 0); 108 } 109 110 static void ppc6xx_tlb_store(CPUPPCState *env, target_ulong EPN, int way, 111 int is_code, target_ulong pte0, target_ulong pte1) 112 { 113 ppc6xx_tlb_t *tlb; 114 int nr; 115 116 nr = ppc6xx_tlb_getnum(env, EPN, way, is_code); 117 tlb = &env->tlb.tlb6[nr]; 118 LOG_SWTLB("Set TLB %d/%d EPN " TARGET_FMT_lx " PTE0 " TARGET_FMT_lx 119 " PTE1 " TARGET_FMT_lx "\n", nr, env->nb_tlb, EPN, pte0, pte1); 120 /* Invalidate any pending reference in QEMU for this virtual address */ 121 ppc6xx_tlb_invalidate_virt2(env, EPN, is_code, 1); 122 tlb->pte0 = pte0; 123 tlb->pte1 = pte1; 124 tlb->EPN = EPN; 125 /* Store last way for LRU mechanism */ 126 env->last_way = way; 127 } 128 129 /* Generic TLB search function for PowerPC embedded implementations */ 130 static int ppcemb_tlb_search(CPUPPCState *env, target_ulong address, 131 uint32_t pid) 132 { 133 ppcemb_tlb_t *tlb; 134 hwaddr raddr; 135 int i, ret; 136 137 /* Default return value is no match */ 138 ret = -1; 139 for (i = 0; i < env->nb_tlb; i++) { 140 tlb = &env->tlb.tlbe[i]; 141 if (ppcemb_tlb_check(env, tlb, &raddr, address, pid, 0, i) == 0) { 142 ret = i; 143 break; 144 } 145 } 146 147 return ret; 148 } 149 150 /* Helpers specific to PowerPC 40x implementations */ 151 static inline void ppc4xx_tlb_invalidate_all(CPUPPCState *env) 152 { 153 ppcemb_tlb_t *tlb; 154 int i; 155 156 for (i = 0; i < env->nb_tlb; i++) { 157 tlb = &env->tlb.tlbe[i]; 158 tlb->prot &= ~PAGE_VALID; 159 } 160 tlb_flush(env_cpu(env)); 161 } 162 163 static void booke206_flush_tlb(CPUPPCState *env, int flags, 164 const int check_iprot) 165 { 166 int tlb_size; 167 int i, j; 168 ppcmas_tlb_t *tlb = env->tlb.tlbm; 169 170 for (i = 0; i < BOOKE206_MAX_TLBN; i++) { 171 if (flags & (1 << i)) { 172 tlb_size = booke206_tlb_size(env, i); 173 for (j = 0; j < tlb_size; j++) { 174 if (!check_iprot || !(tlb[j].mas1 & MAS1_IPROT)) { 175 tlb[j].mas1 &= ~MAS1_VALID; 176 } 177 } 178 } 179 tlb += booke206_tlb_size(env, i); 180 } 181 182 tlb_flush(env_cpu(env)); 183 } 184 185 static int get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx, 186 target_ulong eaddr, MMUAccessType access_type, 187 int type) 188 { 189 return get_physical_address_wtlb(env, ctx, eaddr, access_type, type, 0); 190 } 191 192 193 194 /*****************************************************************************/ 195 /* BATs management */ 196 #if !defined(FLUSH_ALL_TLBS) 197 static inline void do_invalidate_BAT(CPUPPCState *env, target_ulong BATu, 198 target_ulong mask) 199 { 200 CPUState *cs = env_cpu(env); 201 target_ulong base, end, page; 202 203 base = BATu & ~0x0001FFFF; 204 end = base + mask + 0x00020000; 205 if (((end - base) >> TARGET_PAGE_BITS) > 1024) { 206 /* Flushing 1024 4K pages is slower than a complete flush */ 207 LOG_BATS("Flush all BATs\n"); 208 tlb_flush(cs); 209 LOG_BATS("Flush done\n"); 210 return; 211 } 212 LOG_BATS("Flush BAT from " TARGET_FMT_lx " to " TARGET_FMT_lx " (" 213 TARGET_FMT_lx ")\n", base, end, mask); 214 for (page = base; page != end; page += TARGET_PAGE_SIZE) { 215 tlb_flush_page(cs, page); 216 } 217 LOG_BATS("Flush done\n"); 218 } 219 #endif 220 221 static inline void dump_store_bat(CPUPPCState *env, char ID, int ul, int nr, 222 target_ulong value) 223 { 224 LOG_BATS("Set %cBAT%d%c to " TARGET_FMT_lx " (" TARGET_FMT_lx ")\n", ID, 225 nr, ul == 0 ? 'u' : 'l', value, env->nip); 226 } 227 228 void helper_store_ibatu(CPUPPCState *env, uint32_t nr, target_ulong value) 229 { 230 target_ulong mask; 231 232 dump_store_bat(env, 'I', 0, nr, value); 233 if (env->IBAT[0][nr] != value) { 234 mask = (value << 15) & 0x0FFE0000UL; 235 #if !defined(FLUSH_ALL_TLBS) 236 do_invalidate_BAT(env, env->IBAT[0][nr], mask); 237 #endif 238 /* 239 * When storing valid upper BAT, mask BEPI and BRPN and 240 * invalidate all TLBs covered by this BAT 241 */ 242 mask = (value << 15) & 0x0FFE0000UL; 243 env->IBAT[0][nr] = (value & 0x00001FFFUL) | 244 (value & ~0x0001FFFFUL & ~mask); 245 env->IBAT[1][nr] = (env->IBAT[1][nr] & 0x0000007B) | 246 (env->IBAT[1][nr] & ~0x0001FFFF & ~mask); 247 #if !defined(FLUSH_ALL_TLBS) 248 do_invalidate_BAT(env, env->IBAT[0][nr], mask); 249 #else 250 tlb_flush(env_cpu(env)); 251 #endif 252 } 253 } 254 255 void helper_store_ibatl(CPUPPCState *env, uint32_t nr, target_ulong value) 256 { 257 dump_store_bat(env, 'I', 1, nr, value); 258 env->IBAT[1][nr] = value; 259 } 260 261 void helper_store_dbatu(CPUPPCState *env, uint32_t nr, target_ulong value) 262 { 263 target_ulong mask; 264 265 dump_store_bat(env, 'D', 0, nr, value); 266 if (env->DBAT[0][nr] != value) { 267 /* 268 * When storing valid upper BAT, mask BEPI and BRPN and 269 * invalidate all TLBs covered by this BAT 270 */ 271 mask = (value << 15) & 0x0FFE0000UL; 272 #if !defined(FLUSH_ALL_TLBS) 273 do_invalidate_BAT(env, env->DBAT[0][nr], mask); 274 #endif 275 mask = (value << 15) & 0x0FFE0000UL; 276 env->DBAT[0][nr] = (value & 0x00001FFFUL) | 277 (value & ~0x0001FFFFUL & ~mask); 278 env->DBAT[1][nr] = (env->DBAT[1][nr] & 0x0000007B) | 279 (env->DBAT[1][nr] & ~0x0001FFFF & ~mask); 280 #if !defined(FLUSH_ALL_TLBS) 281 do_invalidate_BAT(env, env->DBAT[0][nr], mask); 282 #else 283 tlb_flush(env_cpu(env)); 284 #endif 285 } 286 } 287 288 void helper_store_dbatl(CPUPPCState *env, uint32_t nr, target_ulong value) 289 { 290 dump_store_bat(env, 'D', 1, nr, value); 291 env->DBAT[1][nr] = value; 292 } 293 294 void helper_store_601_batu(CPUPPCState *env, uint32_t nr, target_ulong value) 295 { 296 target_ulong mask; 297 #if defined(FLUSH_ALL_TLBS) 298 int do_inval; 299 #endif 300 301 dump_store_bat(env, 'I', 0, nr, value); 302 if (env->IBAT[0][nr] != value) { 303 #if defined(FLUSH_ALL_TLBS) 304 do_inval = 0; 305 #endif 306 mask = (env->IBAT[1][nr] << 17) & 0x0FFE0000UL; 307 if (env->IBAT[1][nr] & 0x40) { 308 /* Invalidate BAT only if it is valid */ 309 #if !defined(FLUSH_ALL_TLBS) 310 do_invalidate_BAT(env, env->IBAT[0][nr], mask); 311 #else 312 do_inval = 1; 313 #endif 314 } 315 /* 316 * When storing valid upper BAT, mask BEPI and BRPN and 317 * invalidate all TLBs covered by this BAT 318 */ 319 env->IBAT[0][nr] = (value & 0x00001FFFUL) | 320 (value & ~0x0001FFFFUL & ~mask); 321 env->DBAT[0][nr] = env->IBAT[0][nr]; 322 if (env->IBAT[1][nr] & 0x40) { 323 #if !defined(FLUSH_ALL_TLBS) 324 do_invalidate_BAT(env, env->IBAT[0][nr], mask); 325 #else 326 do_inval = 1; 327 #endif 328 } 329 #if defined(FLUSH_ALL_TLBS) 330 if (do_inval) { 331 tlb_flush(env_cpu(env)); 332 } 333 #endif 334 } 335 } 336 337 void helper_store_601_batl(CPUPPCState *env, uint32_t nr, target_ulong value) 338 { 339 #if !defined(FLUSH_ALL_TLBS) 340 target_ulong mask; 341 #else 342 int do_inval; 343 #endif 344 345 dump_store_bat(env, 'I', 1, nr, value); 346 if (env->IBAT[1][nr] != value) { 347 #if defined(FLUSH_ALL_TLBS) 348 do_inval = 0; 349 #endif 350 if (env->IBAT[1][nr] & 0x40) { 351 #if !defined(FLUSH_ALL_TLBS) 352 mask = (env->IBAT[1][nr] << 17) & 0x0FFE0000UL; 353 do_invalidate_BAT(env, env->IBAT[0][nr], mask); 354 #else 355 do_inval = 1; 356 #endif 357 } 358 if (value & 0x40) { 359 #if !defined(FLUSH_ALL_TLBS) 360 mask = (value << 17) & 0x0FFE0000UL; 361 do_invalidate_BAT(env, env->IBAT[0][nr], mask); 362 #else 363 do_inval = 1; 364 #endif 365 } 366 env->IBAT[1][nr] = value; 367 env->DBAT[1][nr] = value; 368 #if defined(FLUSH_ALL_TLBS) 369 if (do_inval) { 370 tlb_flush(env_cpu(env)); 371 } 372 #endif 373 } 374 } 375 376 /*****************************************************************************/ 377 /* TLB management */ 378 void ppc_tlb_invalidate_all(CPUPPCState *env) 379 { 380 #if defined(TARGET_PPC64) 381 if (mmu_is_64bit(env->mmu_model)) { 382 env->tlb_need_flush = 0; 383 tlb_flush(env_cpu(env)); 384 } else 385 #endif /* defined(TARGET_PPC64) */ 386 switch (env->mmu_model) { 387 case POWERPC_MMU_SOFT_6xx: 388 case POWERPC_MMU_SOFT_74xx: 389 ppc6xx_tlb_invalidate_all(env); 390 break; 391 case POWERPC_MMU_SOFT_4xx: 392 case POWERPC_MMU_SOFT_4xx_Z: 393 ppc4xx_tlb_invalidate_all(env); 394 break; 395 case POWERPC_MMU_REAL: 396 cpu_abort(env_cpu(env), "No TLB for PowerPC 4xx in real mode\n"); 397 break; 398 case POWERPC_MMU_MPC8xx: 399 /* XXX: TODO */ 400 cpu_abort(env_cpu(env), "MPC8xx MMU model is not implemented\n"); 401 break; 402 case POWERPC_MMU_BOOKE: 403 tlb_flush(env_cpu(env)); 404 break; 405 case POWERPC_MMU_BOOKE206: 406 booke206_flush_tlb(env, -1, 0); 407 break; 408 case POWERPC_MMU_32B: 409 case POWERPC_MMU_601: 410 env->tlb_need_flush = 0; 411 tlb_flush(env_cpu(env)); 412 break; 413 default: 414 /* XXX: TODO */ 415 cpu_abort(env_cpu(env), "Unknown MMU model %x\n", env->mmu_model); 416 break; 417 } 418 } 419 420 void ppc_tlb_invalidate_one(CPUPPCState *env, target_ulong addr) 421 { 422 #if !defined(FLUSH_ALL_TLBS) 423 addr &= TARGET_PAGE_MASK; 424 #if defined(TARGET_PPC64) 425 if (mmu_is_64bit(env->mmu_model)) { 426 /* tlbie invalidate TLBs for all segments */ 427 /* 428 * XXX: given the fact that there are too many segments to invalidate, 429 * and we still don't have a tlb_flush_mask(env, n, mask) in QEMU, 430 * we just invalidate all TLBs 431 */ 432 env->tlb_need_flush |= TLB_NEED_LOCAL_FLUSH; 433 } else 434 #endif /* defined(TARGET_PPC64) */ 435 switch (env->mmu_model) { 436 case POWERPC_MMU_SOFT_6xx: 437 case POWERPC_MMU_SOFT_74xx: 438 ppc6xx_tlb_invalidate_virt(env, addr, 0); 439 if (env->id_tlbs == 1) { 440 ppc6xx_tlb_invalidate_virt(env, addr, 1); 441 } 442 break; 443 case POWERPC_MMU_32B: 444 case POWERPC_MMU_601: 445 /* 446 * Actual CPUs invalidate entire congruence classes based on 447 * the geometry of their TLBs and some OSes take that into 448 * account, we just mark the TLB to be flushed later (context 449 * synchronizing event or sync instruction on 32-bit). 450 */ 451 env->tlb_need_flush |= TLB_NEED_LOCAL_FLUSH; 452 break; 453 default: 454 /* Should never reach here with other MMU models */ 455 assert(0); 456 } 457 #else 458 ppc_tlb_invalidate_all(env); 459 #endif 460 } 461 462 /*****************************************************************************/ 463 /* Special registers manipulation */ 464 465 /* Segment registers load and store */ 466 target_ulong helper_load_sr(CPUPPCState *env, target_ulong sr_num) 467 { 468 #if defined(TARGET_PPC64) 469 if (mmu_is_64bit(env->mmu_model)) { 470 /* XXX */ 471 return 0; 472 } 473 #endif 474 return env->sr[sr_num]; 475 } 476 477 void helper_store_sr(CPUPPCState *env, target_ulong srnum, target_ulong value) 478 { 479 qemu_log_mask(CPU_LOG_MMU, 480 "%s: reg=%d " TARGET_FMT_lx " " TARGET_FMT_lx "\n", __func__, 481 (int)srnum, value, env->sr[srnum]); 482 #if defined(TARGET_PPC64) 483 if (mmu_is_64bit(env->mmu_model)) { 484 PowerPCCPU *cpu = env_archcpu(env); 485 uint64_t esid, vsid; 486 487 /* ESID = srnum */ 488 esid = ((uint64_t)(srnum & 0xf) << 28) | SLB_ESID_V; 489 490 /* VSID = VSID */ 491 vsid = (value & 0xfffffff) << 12; 492 /* flags = flags */ 493 vsid |= ((value >> 27) & 0xf) << 8; 494 495 ppc_store_slb(cpu, srnum, esid, vsid); 496 } else 497 #endif 498 if (env->sr[srnum] != value) { 499 env->sr[srnum] = value; 500 /* 501 * Invalidating 256MB of virtual memory in 4kB pages is way 502 * longer than flushing the whole TLB. 503 */ 504 #if !defined(FLUSH_ALL_TLBS) && 0 505 { 506 target_ulong page, end; 507 /* Invalidate 256 MB of virtual memory */ 508 page = (16 << 20) * srnum; 509 end = page + (16 << 20); 510 for (; page != end; page += TARGET_PAGE_SIZE) { 511 tlb_flush_page(env_cpu(env), page); 512 } 513 } 514 #else 515 env->tlb_need_flush |= TLB_NEED_LOCAL_FLUSH; 516 #endif 517 } 518 } 519 520 /* TLB management */ 521 void helper_tlbia(CPUPPCState *env) 522 { 523 ppc_tlb_invalidate_all(env); 524 } 525 526 void helper_tlbie(CPUPPCState *env, target_ulong addr) 527 { 528 ppc_tlb_invalidate_one(env, addr); 529 } 530 531 void helper_tlbiva(CPUPPCState *env, target_ulong addr) 532 { 533 /* tlbiva instruction only exists on BookE */ 534 assert(env->mmu_model == POWERPC_MMU_BOOKE); 535 /* XXX: TODO */ 536 cpu_abort(env_cpu(env), "BookE MMU model is not implemented\n"); 537 } 538 539 /* Software driven TLBs management */ 540 /* PowerPC 602/603 software TLB load instructions helpers */ 541 static void do_6xx_tlb(CPUPPCState *env, target_ulong new_EPN, int is_code) 542 { 543 target_ulong RPN, CMP, EPN; 544 int way; 545 546 RPN = env->spr[SPR_RPA]; 547 if (is_code) { 548 CMP = env->spr[SPR_ICMP]; 549 EPN = env->spr[SPR_IMISS]; 550 } else { 551 CMP = env->spr[SPR_DCMP]; 552 EPN = env->spr[SPR_DMISS]; 553 } 554 way = (env->spr[SPR_SRR1] >> 17) & 1; 555 (void)EPN; /* avoid a compiler warning */ 556 LOG_SWTLB("%s: EPN " TARGET_FMT_lx " " TARGET_FMT_lx " PTE0 " TARGET_FMT_lx 557 " PTE1 " TARGET_FMT_lx " way %d\n", __func__, new_EPN, EPN, CMP, 558 RPN, way); 559 /* Store this TLB */ 560 ppc6xx_tlb_store(env, (uint32_t)(new_EPN & TARGET_PAGE_MASK), 561 way, is_code, CMP, RPN); 562 } 563 564 void helper_6xx_tlbd(CPUPPCState *env, target_ulong EPN) 565 { 566 do_6xx_tlb(env, EPN, 0); 567 } 568 569 void helper_6xx_tlbi(CPUPPCState *env, target_ulong EPN) 570 { 571 do_6xx_tlb(env, EPN, 1); 572 } 573 574 /* PowerPC 74xx software TLB load instructions helpers */ 575 static void do_74xx_tlb(CPUPPCState *env, target_ulong new_EPN, int is_code) 576 { 577 target_ulong RPN, CMP, EPN; 578 int way; 579 580 RPN = env->spr[SPR_PTELO]; 581 CMP = env->spr[SPR_PTEHI]; 582 EPN = env->spr[SPR_TLBMISS] & ~0x3; 583 way = env->spr[SPR_TLBMISS] & 0x3; 584 (void)EPN; /* avoid a compiler warning */ 585 LOG_SWTLB("%s: EPN " TARGET_FMT_lx " " TARGET_FMT_lx " PTE0 " TARGET_FMT_lx 586 " PTE1 " TARGET_FMT_lx " way %d\n", __func__, new_EPN, EPN, CMP, 587 RPN, way); 588 /* Store this TLB */ 589 ppc6xx_tlb_store(env, (uint32_t)(new_EPN & TARGET_PAGE_MASK), 590 way, is_code, CMP, RPN); 591 } 592 593 void helper_74xx_tlbd(CPUPPCState *env, target_ulong EPN) 594 { 595 do_74xx_tlb(env, EPN, 0); 596 } 597 598 void helper_74xx_tlbi(CPUPPCState *env, target_ulong EPN) 599 { 600 do_74xx_tlb(env, EPN, 1); 601 } 602 603 /*****************************************************************************/ 604 /* PowerPC 601 specific instructions (POWER bridge) */ 605 606 target_ulong helper_rac(CPUPPCState *env, target_ulong addr) 607 { 608 mmu_ctx_t ctx; 609 int nb_BATs; 610 target_ulong ret = 0; 611 612 /* 613 * We don't have to generate many instances of this instruction, 614 * as rac is supervisor only. 615 * 616 * XXX: FIX THIS: Pretend we have no BAT 617 */ 618 nb_BATs = env->nb_BATs; 619 env->nb_BATs = 0; 620 if (get_physical_address(env, &ctx, addr, 0, ACCESS_INT) == 0) { 621 ret = ctx.raddr; 622 } 623 env->nb_BATs = nb_BATs; 624 return ret; 625 } 626 627 static inline target_ulong booke_tlb_to_page_size(int size) 628 { 629 return 1024 << (2 * size); 630 } 631 632 static inline int booke_page_size_to_tlb(target_ulong page_size) 633 { 634 int size; 635 636 switch (page_size) { 637 case 0x00000400UL: 638 size = 0x0; 639 break; 640 case 0x00001000UL: 641 size = 0x1; 642 break; 643 case 0x00004000UL: 644 size = 0x2; 645 break; 646 case 0x00010000UL: 647 size = 0x3; 648 break; 649 case 0x00040000UL: 650 size = 0x4; 651 break; 652 case 0x00100000UL: 653 size = 0x5; 654 break; 655 case 0x00400000UL: 656 size = 0x6; 657 break; 658 case 0x01000000UL: 659 size = 0x7; 660 break; 661 case 0x04000000UL: 662 size = 0x8; 663 break; 664 case 0x10000000UL: 665 size = 0x9; 666 break; 667 case 0x40000000UL: 668 size = 0xA; 669 break; 670 #if defined(TARGET_PPC64) 671 case 0x000100000000ULL: 672 size = 0xB; 673 break; 674 case 0x000400000000ULL: 675 size = 0xC; 676 break; 677 case 0x001000000000ULL: 678 size = 0xD; 679 break; 680 case 0x004000000000ULL: 681 size = 0xE; 682 break; 683 case 0x010000000000ULL: 684 size = 0xF; 685 break; 686 #endif 687 default: 688 size = -1; 689 break; 690 } 691 692 return size; 693 } 694 695 /* Helpers for 4xx TLB management */ 696 #define PPC4XX_TLB_ENTRY_MASK 0x0000003f /* Mask for 64 TLB entries */ 697 698 #define PPC4XX_TLBHI_V 0x00000040 699 #define PPC4XX_TLBHI_E 0x00000020 700 #define PPC4XX_TLBHI_SIZE_MIN 0 701 #define PPC4XX_TLBHI_SIZE_MAX 7 702 #define PPC4XX_TLBHI_SIZE_DEFAULT 1 703 #define PPC4XX_TLBHI_SIZE_SHIFT 7 704 #define PPC4XX_TLBHI_SIZE_MASK 0x00000007 705 706 #define PPC4XX_TLBLO_EX 0x00000200 707 #define PPC4XX_TLBLO_WR 0x00000100 708 #define PPC4XX_TLBLO_ATTR_MASK 0x000000FF 709 #define PPC4XX_TLBLO_RPN_MASK 0xFFFFFC00 710 711 target_ulong helper_4xx_tlbre_hi(CPUPPCState *env, target_ulong entry) 712 { 713 ppcemb_tlb_t *tlb; 714 target_ulong ret; 715 int size; 716 717 entry &= PPC4XX_TLB_ENTRY_MASK; 718 tlb = &env->tlb.tlbe[entry]; 719 ret = tlb->EPN; 720 if (tlb->prot & PAGE_VALID) { 721 ret |= PPC4XX_TLBHI_V; 722 } 723 size = booke_page_size_to_tlb(tlb->size); 724 if (size < PPC4XX_TLBHI_SIZE_MIN || size > PPC4XX_TLBHI_SIZE_MAX) { 725 size = PPC4XX_TLBHI_SIZE_DEFAULT; 726 } 727 ret |= size << PPC4XX_TLBHI_SIZE_SHIFT; 728 env->spr[SPR_40x_PID] = tlb->PID; 729 return ret; 730 } 731 732 target_ulong helper_4xx_tlbre_lo(CPUPPCState *env, target_ulong entry) 733 { 734 ppcemb_tlb_t *tlb; 735 target_ulong ret; 736 737 entry &= PPC4XX_TLB_ENTRY_MASK; 738 tlb = &env->tlb.tlbe[entry]; 739 ret = tlb->RPN; 740 if (tlb->prot & PAGE_EXEC) { 741 ret |= PPC4XX_TLBLO_EX; 742 } 743 if (tlb->prot & PAGE_WRITE) { 744 ret |= PPC4XX_TLBLO_WR; 745 } 746 return ret; 747 } 748 749 void helper_4xx_tlbwe_hi(CPUPPCState *env, target_ulong entry, 750 target_ulong val) 751 { 752 CPUState *cs = env_cpu(env); 753 ppcemb_tlb_t *tlb; 754 target_ulong page, end; 755 756 LOG_SWTLB("%s entry %d val " TARGET_FMT_lx "\n", __func__, (int)entry, 757 val); 758 entry &= PPC4XX_TLB_ENTRY_MASK; 759 tlb = &env->tlb.tlbe[entry]; 760 /* Invalidate previous TLB (if it's valid) */ 761 if (tlb->prot & PAGE_VALID) { 762 end = tlb->EPN + tlb->size; 763 LOG_SWTLB("%s: invalidate old TLB %d start " TARGET_FMT_lx " end " 764 TARGET_FMT_lx "\n", __func__, (int)entry, tlb->EPN, end); 765 for (page = tlb->EPN; page < end; page += TARGET_PAGE_SIZE) { 766 tlb_flush_page(cs, page); 767 } 768 } 769 tlb->size = booke_tlb_to_page_size((val >> PPC4XX_TLBHI_SIZE_SHIFT) 770 & PPC4XX_TLBHI_SIZE_MASK); 771 /* 772 * We cannot handle TLB size < TARGET_PAGE_SIZE. 773 * If this ever occurs, we should implement TARGET_PAGE_BITS_VARY 774 */ 775 if ((val & PPC4XX_TLBHI_V) && tlb->size < TARGET_PAGE_SIZE) { 776 cpu_abort(cs, "TLB size " TARGET_FMT_lu " < %u " 777 "are not supported (%d)\n" 778 "Please implement TARGET_PAGE_BITS_VARY\n", 779 tlb->size, TARGET_PAGE_SIZE, (int)((val >> 7) & 0x7)); 780 } 781 tlb->EPN = val & ~(tlb->size - 1); 782 if (val & PPC4XX_TLBHI_V) { 783 tlb->prot |= PAGE_VALID; 784 if (val & PPC4XX_TLBHI_E) { 785 /* XXX: TO BE FIXED */ 786 cpu_abort(cs, 787 "Little-endian TLB entries are not supported by now\n"); 788 } 789 } else { 790 tlb->prot &= ~PAGE_VALID; 791 } 792 tlb->PID = env->spr[SPR_40x_PID]; /* PID */ 793 LOG_SWTLB("%s: set up TLB %d RPN " TARGET_FMT_plx " EPN " TARGET_FMT_lx 794 " size " TARGET_FMT_lx " prot %c%c%c%c PID %d\n", __func__, 795 (int)entry, tlb->RPN, tlb->EPN, tlb->size, 796 tlb->prot & PAGE_READ ? 'r' : '-', 797 tlb->prot & PAGE_WRITE ? 'w' : '-', 798 tlb->prot & PAGE_EXEC ? 'x' : '-', 799 tlb->prot & PAGE_VALID ? 'v' : '-', (int)tlb->PID); 800 /* Invalidate new TLB (if valid) */ 801 if (tlb->prot & PAGE_VALID) { 802 end = tlb->EPN + tlb->size; 803 LOG_SWTLB("%s: invalidate TLB %d start " TARGET_FMT_lx " end " 804 TARGET_FMT_lx "\n", __func__, (int)entry, tlb->EPN, end); 805 for (page = tlb->EPN; page < end; page += TARGET_PAGE_SIZE) { 806 tlb_flush_page(cs, page); 807 } 808 } 809 } 810 811 void helper_4xx_tlbwe_lo(CPUPPCState *env, target_ulong entry, 812 target_ulong val) 813 { 814 ppcemb_tlb_t *tlb; 815 816 LOG_SWTLB("%s entry %i val " TARGET_FMT_lx "\n", __func__, (int)entry, 817 val); 818 entry &= PPC4XX_TLB_ENTRY_MASK; 819 tlb = &env->tlb.tlbe[entry]; 820 tlb->attr = val & PPC4XX_TLBLO_ATTR_MASK; 821 tlb->RPN = val & PPC4XX_TLBLO_RPN_MASK; 822 tlb->prot = PAGE_READ; 823 if (val & PPC4XX_TLBLO_EX) { 824 tlb->prot |= PAGE_EXEC; 825 } 826 if (val & PPC4XX_TLBLO_WR) { 827 tlb->prot |= PAGE_WRITE; 828 } 829 LOG_SWTLB("%s: set up TLB %d RPN " TARGET_FMT_plx " EPN " TARGET_FMT_lx 830 " size " TARGET_FMT_lx " prot %c%c%c%c PID %d\n", __func__, 831 (int)entry, tlb->RPN, tlb->EPN, tlb->size, 832 tlb->prot & PAGE_READ ? 'r' : '-', 833 tlb->prot & PAGE_WRITE ? 'w' : '-', 834 tlb->prot & PAGE_EXEC ? 'x' : '-', 835 tlb->prot & PAGE_VALID ? 'v' : '-', (int)tlb->PID); 836 } 837 838 target_ulong helper_4xx_tlbsx(CPUPPCState *env, target_ulong address) 839 { 840 return ppcemb_tlb_search(env, address, env->spr[SPR_40x_PID]); 841 } 842 843 /* PowerPC 440 TLB management */ 844 void helper_440_tlbwe(CPUPPCState *env, uint32_t word, target_ulong entry, 845 target_ulong value) 846 { 847 ppcemb_tlb_t *tlb; 848 target_ulong EPN, RPN, size; 849 int do_flush_tlbs; 850 851 LOG_SWTLB("%s word %d entry %d value " TARGET_FMT_lx "\n", 852 __func__, word, (int)entry, value); 853 do_flush_tlbs = 0; 854 entry &= 0x3F; 855 tlb = &env->tlb.tlbe[entry]; 856 switch (word) { 857 default: 858 /* Just here to please gcc */ 859 case 0: 860 EPN = value & 0xFFFFFC00; 861 if ((tlb->prot & PAGE_VALID) && EPN != tlb->EPN) { 862 do_flush_tlbs = 1; 863 } 864 tlb->EPN = EPN; 865 size = booke_tlb_to_page_size((value >> 4) & 0xF); 866 if ((tlb->prot & PAGE_VALID) && tlb->size < size) { 867 do_flush_tlbs = 1; 868 } 869 tlb->size = size; 870 tlb->attr &= ~0x1; 871 tlb->attr |= (value >> 8) & 1; 872 if (value & 0x200) { 873 tlb->prot |= PAGE_VALID; 874 } else { 875 if (tlb->prot & PAGE_VALID) { 876 tlb->prot &= ~PAGE_VALID; 877 do_flush_tlbs = 1; 878 } 879 } 880 tlb->PID = env->spr[SPR_440_MMUCR] & 0x000000FF; 881 if (do_flush_tlbs) { 882 tlb_flush(env_cpu(env)); 883 } 884 break; 885 case 1: 886 RPN = value & 0xFFFFFC0F; 887 if ((tlb->prot & PAGE_VALID) && tlb->RPN != RPN) { 888 tlb_flush(env_cpu(env)); 889 } 890 tlb->RPN = RPN; 891 break; 892 case 2: 893 tlb->attr = (tlb->attr & 0x1) | (value & 0x0000FF00); 894 tlb->prot = tlb->prot & PAGE_VALID; 895 if (value & 0x1) { 896 tlb->prot |= PAGE_READ << 4; 897 } 898 if (value & 0x2) { 899 tlb->prot |= PAGE_WRITE << 4; 900 } 901 if (value & 0x4) { 902 tlb->prot |= PAGE_EXEC << 4; 903 } 904 if (value & 0x8) { 905 tlb->prot |= PAGE_READ; 906 } 907 if (value & 0x10) { 908 tlb->prot |= PAGE_WRITE; 909 } 910 if (value & 0x20) { 911 tlb->prot |= PAGE_EXEC; 912 } 913 break; 914 } 915 } 916 917 target_ulong helper_440_tlbre(CPUPPCState *env, uint32_t word, 918 target_ulong entry) 919 { 920 ppcemb_tlb_t *tlb; 921 target_ulong ret; 922 int size; 923 924 entry &= 0x3F; 925 tlb = &env->tlb.tlbe[entry]; 926 switch (word) { 927 default: 928 /* Just here to please gcc */ 929 case 0: 930 ret = tlb->EPN; 931 size = booke_page_size_to_tlb(tlb->size); 932 if (size < 0 || size > 0xF) { 933 size = 1; 934 } 935 ret |= size << 4; 936 if (tlb->attr & 0x1) { 937 ret |= 0x100; 938 } 939 if (tlb->prot & PAGE_VALID) { 940 ret |= 0x200; 941 } 942 env->spr[SPR_440_MMUCR] &= ~0x000000FF; 943 env->spr[SPR_440_MMUCR] |= tlb->PID; 944 break; 945 case 1: 946 ret = tlb->RPN; 947 break; 948 case 2: 949 ret = tlb->attr & ~0x1; 950 if (tlb->prot & (PAGE_READ << 4)) { 951 ret |= 0x1; 952 } 953 if (tlb->prot & (PAGE_WRITE << 4)) { 954 ret |= 0x2; 955 } 956 if (tlb->prot & (PAGE_EXEC << 4)) { 957 ret |= 0x4; 958 } 959 if (tlb->prot & PAGE_READ) { 960 ret |= 0x8; 961 } 962 if (tlb->prot & PAGE_WRITE) { 963 ret |= 0x10; 964 } 965 if (tlb->prot & PAGE_EXEC) { 966 ret |= 0x20; 967 } 968 break; 969 } 970 return ret; 971 } 972 973 target_ulong helper_440_tlbsx(CPUPPCState *env, target_ulong address) 974 { 975 return ppcemb_tlb_search(env, address, env->spr[SPR_440_MMUCR] & 0xFF); 976 } 977 978 /* PowerPC BookE 2.06 TLB management */ 979 980 static ppcmas_tlb_t *booke206_cur_tlb(CPUPPCState *env) 981 { 982 uint32_t tlbncfg = 0; 983 int esel = (env->spr[SPR_BOOKE_MAS0] & MAS0_ESEL_MASK) >> MAS0_ESEL_SHIFT; 984 int ea = (env->spr[SPR_BOOKE_MAS2] & MAS2_EPN_MASK); 985 int tlb; 986 987 tlb = (env->spr[SPR_BOOKE_MAS0] & MAS0_TLBSEL_MASK) >> MAS0_TLBSEL_SHIFT; 988 tlbncfg = env->spr[SPR_BOOKE_TLB0CFG + tlb]; 989 990 if ((tlbncfg & TLBnCFG_HES) && (env->spr[SPR_BOOKE_MAS0] & MAS0_HES)) { 991 cpu_abort(env_cpu(env), "we don't support HES yet\n"); 992 } 993 994 return booke206_get_tlbm(env, tlb, ea, esel); 995 } 996 997 void helper_booke_setpid(CPUPPCState *env, uint32_t pidn, target_ulong pid) 998 { 999 env->spr[pidn] = pid; 1000 /* changing PIDs mean we're in a different address space now */ 1001 tlb_flush(env_cpu(env)); 1002 } 1003 1004 void helper_booke_set_eplc(CPUPPCState *env, target_ulong val) 1005 { 1006 env->spr[SPR_BOOKE_EPLC] = val & EPID_MASK; 1007 tlb_flush_by_mmuidx(env_cpu(env), 1 << PPC_TLB_EPID_LOAD); 1008 } 1009 void helper_booke_set_epsc(CPUPPCState *env, target_ulong val) 1010 { 1011 env->spr[SPR_BOOKE_EPSC] = val & EPID_MASK; 1012 tlb_flush_by_mmuidx(env_cpu(env), 1 << PPC_TLB_EPID_STORE); 1013 } 1014 1015 static inline void flush_page(CPUPPCState *env, ppcmas_tlb_t *tlb) 1016 { 1017 if (booke206_tlb_to_page_size(env, tlb) == TARGET_PAGE_SIZE) { 1018 tlb_flush_page(env_cpu(env), tlb->mas2 & MAS2_EPN_MASK); 1019 } else { 1020 tlb_flush(env_cpu(env)); 1021 } 1022 } 1023 1024 void helper_booke206_tlbwe(CPUPPCState *env) 1025 { 1026 uint32_t tlbncfg, tlbn; 1027 ppcmas_tlb_t *tlb; 1028 uint32_t size_tlb, size_ps; 1029 target_ulong mask; 1030 1031 1032 switch (env->spr[SPR_BOOKE_MAS0] & MAS0_WQ_MASK) { 1033 case MAS0_WQ_ALWAYS: 1034 /* good to go, write that entry */ 1035 break; 1036 case MAS0_WQ_COND: 1037 /* XXX check if reserved */ 1038 if (0) { 1039 return; 1040 } 1041 break; 1042 case MAS0_WQ_CLR_RSRV: 1043 /* XXX clear entry */ 1044 return; 1045 default: 1046 /* no idea what to do */ 1047 return; 1048 } 1049 1050 if (((env->spr[SPR_BOOKE_MAS0] & MAS0_ATSEL) == MAS0_ATSEL_LRAT) && 1051 !msr_gs) { 1052 /* XXX we don't support direct LRAT setting yet */ 1053 fprintf(stderr, "cpu: don't support LRAT setting yet\n"); 1054 return; 1055 } 1056 1057 tlbn = (env->spr[SPR_BOOKE_MAS0] & MAS0_TLBSEL_MASK) >> MAS0_TLBSEL_SHIFT; 1058 tlbncfg = env->spr[SPR_BOOKE_TLB0CFG + tlbn]; 1059 1060 tlb = booke206_cur_tlb(env); 1061 1062 if (!tlb) { 1063 raise_exception_err_ra(env, POWERPC_EXCP_PROGRAM, 1064 POWERPC_EXCP_INVAL | 1065 POWERPC_EXCP_INVAL_INVAL, GETPC()); 1066 } 1067 1068 /* check that we support the targeted size */ 1069 size_tlb = (env->spr[SPR_BOOKE_MAS1] & MAS1_TSIZE_MASK) >> MAS1_TSIZE_SHIFT; 1070 size_ps = booke206_tlbnps(env, tlbn); 1071 if ((env->spr[SPR_BOOKE_MAS1] & MAS1_VALID) && (tlbncfg & TLBnCFG_AVAIL) && 1072 !(size_ps & (1 << size_tlb))) { 1073 raise_exception_err_ra(env, POWERPC_EXCP_PROGRAM, 1074 POWERPC_EXCP_INVAL | 1075 POWERPC_EXCP_INVAL_INVAL, GETPC()); 1076 } 1077 1078 if (msr_gs) { 1079 cpu_abort(env_cpu(env), "missing HV implementation\n"); 1080 } 1081 1082 if (tlb->mas1 & MAS1_VALID) { 1083 /* 1084 * Invalidate the page in QEMU TLB if it was a valid entry. 1085 * 1086 * In "PowerPC e500 Core Family Reference Manual, Rev. 1", 1087 * Section "12.4.2 TLB Write Entry (tlbwe) Instruction": 1088 * (https://www.nxp.com/docs/en/reference-manual/E500CORERM.pdf) 1089 * 1090 * "Note that when an L2 TLB entry is written, it may be displacing an 1091 * already valid entry in the same L2 TLB location (a victim). If a 1092 * valid L1 TLB entry corresponds to the L2 MMU victim entry, that L1 1093 * TLB entry is automatically invalidated." 1094 */ 1095 flush_page(env, tlb); 1096 } 1097 1098 tlb->mas7_3 = ((uint64_t)env->spr[SPR_BOOKE_MAS7] << 32) | 1099 env->spr[SPR_BOOKE_MAS3]; 1100 tlb->mas1 = env->spr[SPR_BOOKE_MAS1]; 1101 1102 if ((env->spr[SPR_MMUCFG] & MMUCFG_MAVN) == MMUCFG_MAVN_V2) { 1103 /* For TLB which has a fixed size TSIZE is ignored with MAV2 */ 1104 booke206_fixed_size_tlbn(env, tlbn, tlb); 1105 } else { 1106 if (!(tlbncfg & TLBnCFG_AVAIL)) { 1107 /* force !AVAIL TLB entries to correct page size */ 1108 tlb->mas1 &= ~MAS1_TSIZE_MASK; 1109 /* XXX can be configured in MMUCSR0 */ 1110 tlb->mas1 |= (tlbncfg & TLBnCFG_MINSIZE) >> 12; 1111 } 1112 } 1113 1114 /* Make a mask from TLB size to discard invalid bits in EPN field */ 1115 mask = ~(booke206_tlb_to_page_size(env, tlb) - 1); 1116 /* Add a mask for page attributes */ 1117 mask |= MAS2_ACM | MAS2_VLE | MAS2_W | MAS2_I | MAS2_M | MAS2_G | MAS2_E; 1118 1119 if (!msr_cm) { 1120 /* 1121 * Executing a tlbwe instruction in 32-bit mode will set bits 1122 * 0:31 of the TLB EPN field to zero. 1123 */ 1124 mask &= 0xffffffff; 1125 } 1126 1127 tlb->mas2 = env->spr[SPR_BOOKE_MAS2] & mask; 1128 1129 if (!(tlbncfg & TLBnCFG_IPROT)) { 1130 /* no IPROT supported by TLB */ 1131 tlb->mas1 &= ~MAS1_IPROT; 1132 } 1133 1134 flush_page(env, tlb); 1135 } 1136 1137 static inline void booke206_tlb_to_mas(CPUPPCState *env, ppcmas_tlb_t *tlb) 1138 { 1139 int tlbn = booke206_tlbm_to_tlbn(env, tlb); 1140 int way = booke206_tlbm_to_way(env, tlb); 1141 1142 env->spr[SPR_BOOKE_MAS0] = tlbn << MAS0_TLBSEL_SHIFT; 1143 env->spr[SPR_BOOKE_MAS0] |= way << MAS0_ESEL_SHIFT; 1144 env->spr[SPR_BOOKE_MAS0] |= env->last_way << MAS0_NV_SHIFT; 1145 1146 env->spr[SPR_BOOKE_MAS1] = tlb->mas1; 1147 env->spr[SPR_BOOKE_MAS2] = tlb->mas2; 1148 env->spr[SPR_BOOKE_MAS3] = tlb->mas7_3; 1149 env->spr[SPR_BOOKE_MAS7] = tlb->mas7_3 >> 32; 1150 } 1151 1152 void helper_booke206_tlbre(CPUPPCState *env) 1153 { 1154 ppcmas_tlb_t *tlb = NULL; 1155 1156 tlb = booke206_cur_tlb(env); 1157 if (!tlb) { 1158 env->spr[SPR_BOOKE_MAS1] = 0; 1159 } else { 1160 booke206_tlb_to_mas(env, tlb); 1161 } 1162 } 1163 1164 void helper_booke206_tlbsx(CPUPPCState *env, target_ulong address) 1165 { 1166 ppcmas_tlb_t *tlb = NULL; 1167 int i, j; 1168 hwaddr raddr; 1169 uint32_t spid, sas; 1170 1171 spid = (env->spr[SPR_BOOKE_MAS6] & MAS6_SPID_MASK) >> MAS6_SPID_SHIFT; 1172 sas = env->spr[SPR_BOOKE_MAS6] & MAS6_SAS; 1173 1174 for (i = 0; i < BOOKE206_MAX_TLBN; i++) { 1175 int ways = booke206_tlb_ways(env, i); 1176 1177 for (j = 0; j < ways; j++) { 1178 tlb = booke206_get_tlbm(env, i, address, j); 1179 1180 if (!tlb) { 1181 continue; 1182 } 1183 1184 if (ppcmas_tlb_check(env, tlb, &raddr, address, spid)) { 1185 continue; 1186 } 1187 1188 if (sas != ((tlb->mas1 & MAS1_TS) >> MAS1_TS_SHIFT)) { 1189 continue; 1190 } 1191 1192 booke206_tlb_to_mas(env, tlb); 1193 return; 1194 } 1195 } 1196 1197 /* no entry found, fill with defaults */ 1198 env->spr[SPR_BOOKE_MAS0] = env->spr[SPR_BOOKE_MAS4] & MAS4_TLBSELD_MASK; 1199 env->spr[SPR_BOOKE_MAS1] = env->spr[SPR_BOOKE_MAS4] & MAS4_TSIZED_MASK; 1200 env->spr[SPR_BOOKE_MAS2] = env->spr[SPR_BOOKE_MAS4] & MAS4_WIMGED_MASK; 1201 env->spr[SPR_BOOKE_MAS3] = 0; 1202 env->spr[SPR_BOOKE_MAS7] = 0; 1203 1204 if (env->spr[SPR_BOOKE_MAS6] & MAS6_SAS) { 1205 env->spr[SPR_BOOKE_MAS1] |= MAS1_TS; 1206 } 1207 1208 env->spr[SPR_BOOKE_MAS1] |= (env->spr[SPR_BOOKE_MAS6] >> 16) 1209 << MAS1_TID_SHIFT; 1210 1211 /* next victim logic */ 1212 env->spr[SPR_BOOKE_MAS0] |= env->last_way << MAS0_ESEL_SHIFT; 1213 env->last_way++; 1214 env->last_way &= booke206_tlb_ways(env, 0) - 1; 1215 env->spr[SPR_BOOKE_MAS0] |= env->last_way << MAS0_NV_SHIFT; 1216 } 1217 1218 static inline void booke206_invalidate_ea_tlb(CPUPPCState *env, int tlbn, 1219 vaddr ea) 1220 { 1221 int i; 1222 int ways = booke206_tlb_ways(env, tlbn); 1223 target_ulong mask; 1224 1225 for (i = 0; i < ways; i++) { 1226 ppcmas_tlb_t *tlb = booke206_get_tlbm(env, tlbn, ea, i); 1227 if (!tlb) { 1228 continue; 1229 } 1230 mask = ~(booke206_tlb_to_page_size(env, tlb) - 1); 1231 if (((tlb->mas2 & MAS2_EPN_MASK) == (ea & mask)) && 1232 !(tlb->mas1 & MAS1_IPROT)) { 1233 tlb->mas1 &= ~MAS1_VALID; 1234 } 1235 } 1236 } 1237 1238 void helper_booke206_tlbivax(CPUPPCState *env, target_ulong address) 1239 { 1240 CPUState *cs; 1241 1242 if (address & 0x4) { 1243 /* flush all entries */ 1244 if (address & 0x8) { 1245 /* flush all of TLB1 */ 1246 booke206_flush_tlb(env, BOOKE206_FLUSH_TLB1, 1); 1247 } else { 1248 /* flush all of TLB0 */ 1249 booke206_flush_tlb(env, BOOKE206_FLUSH_TLB0, 0); 1250 } 1251 return; 1252 } 1253 1254 if (address & 0x8) { 1255 /* flush TLB1 entries */ 1256 booke206_invalidate_ea_tlb(env, 1, address); 1257 CPU_FOREACH(cs) { 1258 tlb_flush(cs); 1259 } 1260 } else { 1261 /* flush TLB0 entries */ 1262 booke206_invalidate_ea_tlb(env, 0, address); 1263 CPU_FOREACH(cs) { 1264 tlb_flush_page(cs, address & MAS2_EPN_MASK); 1265 } 1266 } 1267 } 1268 1269 void helper_booke206_tlbilx0(CPUPPCState *env, target_ulong address) 1270 { 1271 /* XXX missing LPID handling */ 1272 booke206_flush_tlb(env, -1, 1); 1273 } 1274 1275 void helper_booke206_tlbilx1(CPUPPCState *env, target_ulong address) 1276 { 1277 int i, j; 1278 int tid = (env->spr[SPR_BOOKE_MAS6] & MAS6_SPID); 1279 ppcmas_tlb_t *tlb = env->tlb.tlbm; 1280 int tlb_size; 1281 1282 /* XXX missing LPID handling */ 1283 for (i = 0; i < BOOKE206_MAX_TLBN; i++) { 1284 tlb_size = booke206_tlb_size(env, i); 1285 for (j = 0; j < tlb_size; j++) { 1286 if (!(tlb[j].mas1 & MAS1_IPROT) && 1287 ((tlb[j].mas1 & MAS1_TID_MASK) == tid)) { 1288 tlb[j].mas1 &= ~MAS1_VALID; 1289 } 1290 } 1291 tlb += booke206_tlb_size(env, i); 1292 } 1293 tlb_flush(env_cpu(env)); 1294 } 1295 1296 void helper_booke206_tlbilx3(CPUPPCState *env, target_ulong address) 1297 { 1298 int i, j; 1299 ppcmas_tlb_t *tlb; 1300 int tid = (env->spr[SPR_BOOKE_MAS6] & MAS6_SPID); 1301 int pid = tid >> MAS6_SPID_SHIFT; 1302 int sgs = env->spr[SPR_BOOKE_MAS5] & MAS5_SGS; 1303 int ind = (env->spr[SPR_BOOKE_MAS6] & MAS6_SIND) ? MAS1_IND : 0; 1304 /* XXX check for unsupported isize and raise an invalid opcode then */ 1305 int size = env->spr[SPR_BOOKE_MAS6] & MAS6_ISIZE_MASK; 1306 /* XXX implement MAV2 handling */ 1307 bool mav2 = false; 1308 1309 /* XXX missing LPID handling */ 1310 /* flush by pid and ea */ 1311 for (i = 0; i < BOOKE206_MAX_TLBN; i++) { 1312 int ways = booke206_tlb_ways(env, i); 1313 1314 for (j = 0; j < ways; j++) { 1315 tlb = booke206_get_tlbm(env, i, address, j); 1316 if (!tlb) { 1317 continue; 1318 } 1319 if ((ppcmas_tlb_check(env, tlb, NULL, address, pid) != 0) || 1320 (tlb->mas1 & MAS1_IPROT) || 1321 ((tlb->mas1 & MAS1_IND) != ind) || 1322 ((tlb->mas8 & MAS8_TGS) != sgs)) { 1323 continue; 1324 } 1325 if (mav2 && ((tlb->mas1 & MAS1_TSIZE_MASK) != size)) { 1326 /* XXX only check when MMUCFG[TWC] || TLBnCFG[HES] */ 1327 continue; 1328 } 1329 /* XXX e500mc doesn't match SAS, but other cores might */ 1330 tlb->mas1 &= ~MAS1_VALID; 1331 } 1332 } 1333 tlb_flush(env_cpu(env)); 1334 } 1335 1336 void helper_booke206_tlbflush(CPUPPCState *env, target_ulong type) 1337 { 1338 int flags = 0; 1339 1340 if (type & 2) { 1341 flags |= BOOKE206_FLUSH_TLB1; 1342 } 1343 1344 if (type & 4) { 1345 flags |= BOOKE206_FLUSH_TLB0; 1346 } 1347 1348 booke206_flush_tlb(env, flags, 1); 1349 } 1350 1351 1352 void helper_check_tlb_flush_local(CPUPPCState *env) 1353 { 1354 check_tlb_flush(env, false); 1355 } 1356 1357 void helper_check_tlb_flush_global(CPUPPCState *env) 1358 { 1359 check_tlb_flush(env, true); 1360 } 1361 1362 1363 bool ppc_cpu_tlb_fill(CPUState *cs, vaddr eaddr, int size, 1364 MMUAccessType access_type, int mmu_idx, 1365 bool probe, uintptr_t retaddr) 1366 { 1367 PowerPCCPU *cpu = POWERPC_CPU(cs); 1368 hwaddr raddr; 1369 int page_size, prot; 1370 1371 if (ppc_xlate(cpu, eaddr, access_type, &raddr, 1372 &page_size, &prot, mmu_idx, !probe)) { 1373 tlb_set_page(cs, eaddr & TARGET_PAGE_MASK, raddr & TARGET_PAGE_MASK, 1374 prot, mmu_idx, 1UL << page_size); 1375 return true; 1376 } 1377 if (probe) { 1378 return false; 1379 } 1380 raise_exception_err_ra(&cpu->env, cs->exception_index, 1381 cpu->env.error_code, retaddr); 1382 } 1383