1 /* 2 * RISC-V Emulation Helpers for QEMU. 3 * 4 * Copyright (c) 2016-2017 Sagar Karandikar, sagark@eecs.berkeley.edu 5 * Copyright (c) 2017-2018 SiFive, Inc. 6 * Copyright (c) 2022 VRULL GmbH 7 * 8 * This program is free software; you can redistribute it and/or modify it 9 * under the terms and conditions of the GNU General Public License, 10 * version 2 or later, as published by the Free Software Foundation. 11 * 12 * This program is distributed in the hope it will be useful, but WITHOUT 13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 15 * more details. 16 * 17 * You should have received a copy of the GNU General Public License along with 18 * this program. If not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 #include "qemu/osdep.h" 22 #include "cpu.h" 23 #include "internals.h" 24 #include "qemu/main-loop.h" 25 #include "exec/exec-all.h" 26 #include "exec/cpu_ldst.h" 27 #include "exec/helper-proto.h" 28 29 /* Exceptions processing helpers */ 30 G_NORETURN void riscv_raise_exception(CPURISCVState *env, 31 uint32_t exception, uintptr_t pc) 32 { 33 CPUState *cs = env_cpu(env); 34 cs->exception_index = exception; 35 cpu_loop_exit_restore(cs, pc); 36 } 37 38 void helper_raise_exception(CPURISCVState *env, uint32_t exception) 39 { 40 riscv_raise_exception(env, exception, 0); 41 } 42 43 target_ulong helper_csrr(CPURISCVState *env, int csr) 44 { 45 /* 46 * The seed CSR must be accessed with a read-write instruction. A 47 * read-only instruction such as CSRRS/CSRRC with rs1=x0 or CSRRSI/ 48 * CSRRCI with uimm=0 will raise an illegal instruction exception. 49 */ 50 if (csr == CSR_SEED) { 51 riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, GETPC()); 52 } 53 54 target_ulong val = 0; 55 RISCVException ret = riscv_csrrw(env, csr, &val, 0, 0); 56 57 if (ret != RISCV_EXCP_NONE) { 58 riscv_raise_exception(env, ret, GETPC()); 59 } 60 return val; 61 } 62 63 void helper_csrw(CPURISCVState *env, int csr, target_ulong src) 64 { 65 target_ulong mask = env->xl == MXL_RV32 ? UINT32_MAX : (target_ulong)-1; 66 RISCVException ret = riscv_csrrw(env, csr, NULL, src, mask); 67 68 if (ret != RISCV_EXCP_NONE) { 69 riscv_raise_exception(env, ret, GETPC()); 70 } 71 } 72 73 target_ulong helper_csrrw(CPURISCVState *env, int csr, 74 target_ulong src, target_ulong write_mask) 75 { 76 target_ulong val = 0; 77 RISCVException ret = riscv_csrrw(env, csr, &val, src, write_mask); 78 79 if (ret != RISCV_EXCP_NONE) { 80 riscv_raise_exception(env, ret, GETPC()); 81 } 82 return val; 83 } 84 85 target_ulong helper_csrr_i128(CPURISCVState *env, int csr) 86 { 87 Int128 rv = int128_zero(); 88 RISCVException ret = riscv_csrrw_i128(env, csr, &rv, 89 int128_zero(), 90 int128_zero()); 91 92 if (ret != RISCV_EXCP_NONE) { 93 riscv_raise_exception(env, ret, GETPC()); 94 } 95 96 env->retxh = int128_gethi(rv); 97 return int128_getlo(rv); 98 } 99 100 void helper_csrw_i128(CPURISCVState *env, int csr, 101 target_ulong srcl, target_ulong srch) 102 { 103 RISCVException ret = riscv_csrrw_i128(env, csr, NULL, 104 int128_make128(srcl, srch), 105 UINT128_MAX); 106 107 if (ret != RISCV_EXCP_NONE) { 108 riscv_raise_exception(env, ret, GETPC()); 109 } 110 } 111 112 target_ulong helper_csrrw_i128(CPURISCVState *env, int csr, 113 target_ulong srcl, target_ulong srch, 114 target_ulong maskl, target_ulong maskh) 115 { 116 Int128 rv = int128_zero(); 117 RISCVException ret = riscv_csrrw_i128(env, csr, &rv, 118 int128_make128(srcl, srch), 119 int128_make128(maskl, maskh)); 120 121 if (ret != RISCV_EXCP_NONE) { 122 riscv_raise_exception(env, ret, GETPC()); 123 } 124 125 env->retxh = int128_gethi(rv); 126 return int128_getlo(rv); 127 } 128 129 130 /* 131 * check_zicbo_envcfg 132 * 133 * Raise virtual exceptions and illegal instruction exceptions for 134 * Zicbo[mz] instructions based on the settings of [mhs]envcfg as 135 * specified in section 2.5.1 of the CMO specification. 136 */ 137 static void check_zicbo_envcfg(CPURISCVState *env, target_ulong envbits, 138 uintptr_t ra) 139 { 140 #ifndef CONFIG_USER_ONLY 141 if ((env->priv < PRV_M) && !get_field(env->menvcfg, envbits)) { 142 riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, ra); 143 } 144 145 if (env->virt_enabled && 146 (((env->priv <= PRV_S) && !get_field(env->henvcfg, envbits)) || 147 ((env->priv < PRV_S) && !get_field(env->senvcfg, envbits)))) { 148 riscv_raise_exception(env, RISCV_EXCP_VIRT_INSTRUCTION_FAULT, ra); 149 } 150 151 if ((env->priv < PRV_S) && !get_field(env->senvcfg, envbits)) { 152 riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, ra); 153 } 154 #endif 155 } 156 157 void helper_cbo_zero(CPURISCVState *env, target_ulong address) 158 { 159 RISCVCPU *cpu = env_archcpu(env); 160 uint16_t cbozlen = cpu->cfg.cboz_blocksize; 161 int mmu_idx = cpu_mmu_index(env, false); 162 uintptr_t ra = GETPC(); 163 void *mem; 164 165 check_zicbo_envcfg(env, MENVCFG_CBZE, ra); 166 167 /* Mask off low-bits to align-down to the cache-block. */ 168 address &= ~(cbozlen - 1); 169 170 /* 171 * cbo.zero requires MMU_DATA_STORE access. Do a probe_write() 172 * to raise any exceptions, including PMP. 173 */ 174 mem = probe_write(env, address, cbozlen, mmu_idx, ra); 175 176 if (likely(mem)) { 177 memset(mem, 0, cbozlen); 178 } else { 179 /* 180 * This means that we're dealing with an I/O page. Section 4.2 181 * of cmobase v1.0.1 says: 182 * 183 * "Cache-block zero instructions store zeros independently 184 * of whether data from the underlying memory locations are 185 * cacheable." 186 * 187 * Write zeros in address + cbozlen regardless of not being 188 * a RAM page. 189 */ 190 for (int i = 0; i < cbozlen; i++) { 191 cpu_stb_mmuidx_ra(env, address + i, 0, mmu_idx, ra); 192 } 193 } 194 } 195 196 /* 197 * check_zicbom_access 198 * 199 * Check access permissions (LOAD, STORE or FETCH as specified in 200 * section 2.5.2 of the CMO specification) for Zicbom, raising 201 * either store page-fault (non-virtualized) or store guest-page 202 * fault (virtualized). 203 */ 204 static void check_zicbom_access(CPURISCVState *env, 205 target_ulong address, 206 uintptr_t ra) 207 { 208 RISCVCPU *cpu = env_archcpu(env); 209 int mmu_idx = cpu_mmu_index(env, false); 210 uint16_t cbomlen = cpu->cfg.cbom_blocksize; 211 void *phost; 212 int ret; 213 214 /* Mask off low-bits to align-down to the cache-block. */ 215 address &= ~(cbomlen - 1); 216 217 /* 218 * Section 2.5.2 of cmobase v1.0.1: 219 * 220 * "A cache-block management instruction is permitted to 221 * access the specified cache block whenever a load instruction 222 * or store instruction is permitted to access the corresponding 223 * physical addresses. If neither a load instruction nor store 224 * instruction is permitted to access the physical addresses, 225 * but an instruction fetch is permitted to access the physical 226 * addresses, whether a cache-block management instruction is 227 * permitted to access the cache block is UNSPECIFIED." 228 */ 229 ret = probe_access_flags(env, address, cbomlen, MMU_DATA_LOAD, 230 mmu_idx, true, &phost, ra); 231 if (ret != TLB_INVALID_MASK) { 232 /* Success: readable */ 233 return; 234 } 235 236 /* 237 * Since not readable, must be writable. On failure, store 238 * fault/store guest amo fault will be raised by 239 * riscv_cpu_tlb_fill(). PMP exceptions will be caught 240 * there as well. 241 */ 242 probe_write(env, address, cbomlen, mmu_idx, ra); 243 } 244 245 void helper_cbo_clean_flush(CPURISCVState *env, target_ulong address) 246 { 247 uintptr_t ra = GETPC(); 248 check_zicbo_envcfg(env, MENVCFG_CBCFE, ra); 249 check_zicbom_access(env, address, ra); 250 251 /* We don't emulate the cache-hierarchy, so we're done. */ 252 } 253 254 void helper_cbo_inval(CPURISCVState *env, target_ulong address) 255 { 256 uintptr_t ra = GETPC(); 257 check_zicbo_envcfg(env, MENVCFG_CBIE, ra); 258 check_zicbom_access(env, address, ra); 259 260 /* We don't emulate the cache-hierarchy, so we're done. */ 261 } 262 263 #ifndef CONFIG_USER_ONLY 264 265 target_ulong helper_sret(CPURISCVState *env) 266 { 267 uint64_t mstatus; 268 target_ulong prev_priv, prev_virt; 269 270 if (!(env->priv >= PRV_S)) { 271 riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, GETPC()); 272 } 273 274 target_ulong retpc = env->sepc; 275 if (!riscv_has_ext(env, RVC) && (retpc & 0x3)) { 276 riscv_raise_exception(env, RISCV_EXCP_INST_ADDR_MIS, GETPC()); 277 } 278 279 if (get_field(env->mstatus, MSTATUS_TSR) && !(env->priv >= PRV_M)) { 280 riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, GETPC()); 281 } 282 283 if (env->virt_enabled && get_field(env->hstatus, HSTATUS_VTSR)) { 284 riscv_raise_exception(env, RISCV_EXCP_VIRT_INSTRUCTION_FAULT, GETPC()); 285 } 286 287 mstatus = env->mstatus; 288 prev_priv = get_field(mstatus, MSTATUS_SPP); 289 mstatus = set_field(mstatus, MSTATUS_SIE, 290 get_field(mstatus, MSTATUS_SPIE)); 291 mstatus = set_field(mstatus, MSTATUS_SPIE, 1); 292 mstatus = set_field(mstatus, MSTATUS_SPP, PRV_U); 293 if (env->priv_ver >= PRIV_VERSION_1_12_0) { 294 mstatus = set_field(mstatus, MSTATUS_MPRV, 0); 295 } 296 env->mstatus = mstatus; 297 298 if (riscv_has_ext(env, RVH) && !env->virt_enabled) { 299 /* We support Hypervisor extensions and virtulisation is disabled */ 300 target_ulong hstatus = env->hstatus; 301 302 prev_virt = get_field(hstatus, HSTATUS_SPV); 303 304 hstatus = set_field(hstatus, HSTATUS_SPV, 0); 305 306 env->hstatus = hstatus; 307 308 if (prev_virt) { 309 riscv_cpu_swap_hypervisor_regs(env); 310 } 311 312 riscv_cpu_set_virt_enabled(env, prev_virt); 313 } 314 315 riscv_cpu_set_mode(env, prev_priv); 316 317 return retpc; 318 } 319 320 target_ulong helper_mret(CPURISCVState *env) 321 { 322 if (!(env->priv >= PRV_M)) { 323 riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, GETPC()); 324 } 325 326 target_ulong retpc = env->mepc; 327 if (!riscv_has_ext(env, RVC) && (retpc & 0x3)) { 328 riscv_raise_exception(env, RISCV_EXCP_INST_ADDR_MIS, GETPC()); 329 } 330 331 uint64_t mstatus = env->mstatus; 332 target_ulong prev_priv = get_field(mstatus, MSTATUS_MPP); 333 334 if (riscv_cpu_cfg(env)->pmp && 335 !pmp_get_num_rules(env) && (prev_priv != PRV_M)) { 336 riscv_raise_exception(env, RISCV_EXCP_INST_ACCESS_FAULT, GETPC()); 337 } 338 339 target_ulong prev_virt = get_field(env->mstatus, MSTATUS_MPV) && 340 (prev_priv != PRV_M); 341 mstatus = set_field(mstatus, MSTATUS_MIE, 342 get_field(mstatus, MSTATUS_MPIE)); 343 mstatus = set_field(mstatus, MSTATUS_MPIE, 1); 344 mstatus = set_field(mstatus, MSTATUS_MPP, 345 riscv_has_ext(env, RVU) ? PRV_U : PRV_M); 346 mstatus = set_field(mstatus, MSTATUS_MPV, 0); 347 if ((env->priv_ver >= PRIV_VERSION_1_12_0) && (prev_priv != PRV_M)) { 348 mstatus = set_field(mstatus, MSTATUS_MPRV, 0); 349 } 350 env->mstatus = mstatus; 351 riscv_cpu_set_mode(env, prev_priv); 352 353 if (riscv_has_ext(env, RVH)) { 354 if (prev_virt) { 355 riscv_cpu_swap_hypervisor_regs(env); 356 } 357 358 riscv_cpu_set_virt_enabled(env, prev_virt); 359 } 360 361 return retpc; 362 } 363 364 void helper_wfi(CPURISCVState *env) 365 { 366 CPUState *cs = env_cpu(env); 367 bool rvs = riscv_has_ext(env, RVS); 368 bool prv_u = env->priv == PRV_U; 369 bool prv_s = env->priv == PRV_S; 370 371 if (((prv_s || (!rvs && prv_u)) && get_field(env->mstatus, MSTATUS_TW)) || 372 (rvs && prv_u && !env->virt_enabled)) { 373 riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, GETPC()); 374 } else if (env->virt_enabled && 375 (prv_u || (prv_s && get_field(env->hstatus, HSTATUS_VTW)))) { 376 riscv_raise_exception(env, RISCV_EXCP_VIRT_INSTRUCTION_FAULT, GETPC()); 377 } else { 378 cs->halted = 1; 379 cs->exception_index = EXCP_HLT; 380 cpu_loop_exit(cs); 381 } 382 } 383 384 void helper_tlb_flush(CPURISCVState *env) 385 { 386 CPUState *cs = env_cpu(env); 387 if (!env->virt_enabled && 388 (env->priv == PRV_U || 389 (env->priv == PRV_S && get_field(env->mstatus, MSTATUS_TVM)))) { 390 riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, GETPC()); 391 } else if (env->virt_enabled && 392 (env->priv == PRV_U || get_field(env->hstatus, HSTATUS_VTVM))) { 393 riscv_raise_exception(env, RISCV_EXCP_VIRT_INSTRUCTION_FAULT, GETPC()); 394 } else { 395 tlb_flush(cs); 396 } 397 } 398 399 void helper_tlb_flush_all(CPURISCVState *env) 400 { 401 CPUState *cs = env_cpu(env); 402 tlb_flush_all_cpus_synced(cs); 403 } 404 405 void helper_hyp_tlb_flush(CPURISCVState *env) 406 { 407 CPUState *cs = env_cpu(env); 408 409 if (env->virt_enabled) { 410 riscv_raise_exception(env, RISCV_EXCP_VIRT_INSTRUCTION_FAULT, GETPC()); 411 } 412 413 if (env->priv == PRV_M || 414 (env->priv == PRV_S && !env->virt_enabled)) { 415 tlb_flush(cs); 416 return; 417 } 418 419 riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, GETPC()); 420 } 421 422 void helper_hyp_gvma_tlb_flush(CPURISCVState *env) 423 { 424 if (env->priv == PRV_S && !env->virt_enabled && 425 get_field(env->mstatus, MSTATUS_TVM)) { 426 riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, GETPC()); 427 } 428 429 helper_hyp_tlb_flush(env); 430 } 431 432 static int check_access_hlsv(CPURISCVState *env, bool x, uintptr_t ra) 433 { 434 if (env->priv == PRV_M) { 435 /* always allowed */ 436 } else if (env->virt_enabled) { 437 riscv_raise_exception(env, RISCV_EXCP_VIRT_INSTRUCTION_FAULT, ra); 438 } else if (env->priv == PRV_U && !get_field(env->hstatus, HSTATUS_HU)) { 439 riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, ra); 440 } 441 442 int mode = get_field(env->hstatus, HSTATUS_SPVP); 443 if (!x && mode == PRV_S && get_field(env->vsstatus, MSTATUS_SUM)) { 444 mode = MMUIdx_S_SUM; 445 } 446 return mode | MMU_2STAGE_BIT; 447 } 448 449 target_ulong helper_hyp_hlv_bu(CPURISCVState *env, target_ulong addr) 450 { 451 uintptr_t ra = GETPC(); 452 int mmu_idx = check_access_hlsv(env, false, ra); 453 MemOpIdx oi = make_memop_idx(MO_UB, mmu_idx); 454 455 return cpu_ldb_mmu(env, addr, oi, ra); 456 } 457 458 target_ulong helper_hyp_hlv_hu(CPURISCVState *env, target_ulong addr) 459 { 460 uintptr_t ra = GETPC(); 461 int mmu_idx = check_access_hlsv(env, false, ra); 462 MemOpIdx oi = make_memop_idx(MO_TEUW, mmu_idx); 463 464 return cpu_ldw_mmu(env, addr, oi, ra); 465 } 466 467 target_ulong helper_hyp_hlv_wu(CPURISCVState *env, target_ulong addr) 468 { 469 uintptr_t ra = GETPC(); 470 int mmu_idx = check_access_hlsv(env, false, ra); 471 MemOpIdx oi = make_memop_idx(MO_TEUL, mmu_idx); 472 473 return cpu_ldl_mmu(env, addr, oi, ra); 474 } 475 476 target_ulong helper_hyp_hlv_d(CPURISCVState *env, target_ulong addr) 477 { 478 uintptr_t ra = GETPC(); 479 int mmu_idx = check_access_hlsv(env, false, ra); 480 MemOpIdx oi = make_memop_idx(MO_TEUQ, mmu_idx); 481 482 return cpu_ldq_mmu(env, addr, oi, ra); 483 } 484 485 void helper_hyp_hsv_b(CPURISCVState *env, target_ulong addr, target_ulong val) 486 { 487 uintptr_t ra = GETPC(); 488 int mmu_idx = check_access_hlsv(env, false, ra); 489 MemOpIdx oi = make_memop_idx(MO_UB, mmu_idx); 490 491 cpu_stb_mmu(env, addr, val, oi, ra); 492 } 493 494 void helper_hyp_hsv_h(CPURISCVState *env, target_ulong addr, target_ulong val) 495 { 496 uintptr_t ra = GETPC(); 497 int mmu_idx = check_access_hlsv(env, false, ra); 498 MemOpIdx oi = make_memop_idx(MO_TEUW, mmu_idx); 499 500 cpu_stw_mmu(env, addr, val, oi, ra); 501 } 502 503 void helper_hyp_hsv_w(CPURISCVState *env, target_ulong addr, target_ulong val) 504 { 505 uintptr_t ra = GETPC(); 506 int mmu_idx = check_access_hlsv(env, false, ra); 507 MemOpIdx oi = make_memop_idx(MO_TEUL, mmu_idx); 508 509 cpu_stl_mmu(env, addr, val, oi, ra); 510 } 511 512 void helper_hyp_hsv_d(CPURISCVState *env, target_ulong addr, target_ulong val) 513 { 514 uintptr_t ra = GETPC(); 515 int mmu_idx = check_access_hlsv(env, false, ra); 516 MemOpIdx oi = make_memop_idx(MO_TEUQ, mmu_idx); 517 518 cpu_stq_mmu(env, addr, val, oi, ra); 519 } 520 521 /* 522 * TODO: These implementations are not quite correct. They perform the 523 * access using execute permission just fine, but the final PMP check 524 * is supposed to have read permission as well. Without replicating 525 * a fair fraction of cputlb.c, fixing this requires adding new mmu_idx 526 * which would imply that exact check in tlb_fill. 527 */ 528 target_ulong helper_hyp_hlvx_hu(CPURISCVState *env, target_ulong addr) 529 { 530 uintptr_t ra = GETPC(); 531 int mmu_idx = check_access_hlsv(env, true, ra); 532 MemOpIdx oi = make_memop_idx(MO_TEUW, mmu_idx); 533 534 return cpu_ldw_code_mmu(env, addr, oi, GETPC()); 535 } 536 537 target_ulong helper_hyp_hlvx_wu(CPURISCVState *env, target_ulong addr) 538 { 539 uintptr_t ra = GETPC(); 540 int mmu_idx = check_access_hlsv(env, true, ra); 541 MemOpIdx oi = make_memop_idx(MO_TEUL, mmu_idx); 542 543 return cpu_ldl_code_mmu(env, addr, oi, ra); 544 } 545 546 #endif /* !CONFIG_USER_ONLY */ 547