1 /* 2 * Sparc MMU helpers 3 * 4 * Copyright (c) 2003-2005 Fabrice Bellard 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 */ 19 20 #include "qemu/osdep.h" 21 #include "cpu.h" 22 #include "exec/exec-all.h" 23 #include "qemu/qemu-print.h" 24 #include "trace.h" 25 26 /* Sparc MMU emulation */ 27 28 #ifndef TARGET_SPARC64 29 /* 30 * Sparc V8 Reference MMU (SRMMU) 31 */ 32 static const int access_table[8][8] = { 33 { 0, 0, 0, 0, 8, 0, 12, 12 }, 34 { 0, 0, 0, 0, 8, 0, 0, 0 }, 35 { 8, 8, 0, 0, 0, 8, 12, 12 }, 36 { 8, 8, 0, 0, 0, 8, 0, 0 }, 37 { 8, 0, 8, 0, 8, 8, 12, 12 }, 38 { 8, 0, 8, 0, 8, 0, 8, 0 }, 39 { 8, 8, 8, 0, 8, 8, 12, 12 }, 40 { 8, 8, 8, 0, 8, 8, 8, 0 } 41 }; 42 43 static const int perm_table[2][8] = { 44 { 45 PAGE_READ, 46 PAGE_READ | PAGE_WRITE, 47 PAGE_READ | PAGE_EXEC, 48 PAGE_READ | PAGE_WRITE | PAGE_EXEC, 49 PAGE_EXEC, 50 PAGE_READ | PAGE_WRITE, 51 PAGE_READ | PAGE_EXEC, 52 PAGE_READ | PAGE_WRITE | PAGE_EXEC 53 }, 54 { 55 PAGE_READ, 56 PAGE_READ | PAGE_WRITE, 57 PAGE_READ | PAGE_EXEC, 58 PAGE_READ | PAGE_WRITE | PAGE_EXEC, 59 PAGE_EXEC, 60 PAGE_READ, 61 0, 62 0, 63 } 64 }; 65 66 static int get_physical_address(CPUSPARCState *env, hwaddr *physical, 67 int *prot, int *access_index, MemTxAttrs *attrs, 68 target_ulong address, int rw, int mmu_idx, 69 target_ulong *page_size) 70 { 71 int access_perms = 0; 72 hwaddr pde_ptr; 73 uint32_t pde; 74 int error_code = 0, is_dirty, is_user; 75 unsigned long page_offset; 76 CPUState *cs = env_cpu(env); 77 MemTxResult result; 78 79 is_user = mmu_idx == MMU_USER_IDX; 80 81 if (mmu_idx == MMU_PHYS_IDX) { 82 *page_size = TARGET_PAGE_SIZE; 83 /* Boot mode: instruction fetches are taken from PROM */ 84 if (rw == 2 && (env->mmuregs[0] & env->def.mmu_bm)) { 85 *physical = env->prom_addr | (address & 0x7ffffULL); 86 *prot = PAGE_READ | PAGE_EXEC; 87 return 0; 88 } 89 *physical = address; 90 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; 91 return 0; 92 } 93 94 *access_index = ((rw & 1) << 2) | (rw & 2) | (is_user ? 0 : 1); 95 *physical = 0xffffffffffff0000ULL; 96 97 /* SPARC reference MMU table walk: Context table->L1->L2->PTE */ 98 /* Context base + context number */ 99 pde_ptr = (env->mmuregs[1] << 4) + (env->mmuregs[2] << 2); 100 pde = address_space_ldl(cs->as, pde_ptr, MEMTXATTRS_UNSPECIFIED, &result); 101 if (result != MEMTX_OK) { 102 return 4 << 2; /* Translation fault, L = 0 */ 103 } 104 105 /* Ctx pde */ 106 switch (pde & PTE_ENTRYTYPE_MASK) { 107 default: 108 case 0: /* Invalid */ 109 return 1 << 2; 110 case 2: /* L0 PTE, maybe should not happen? */ 111 case 3: /* Reserved */ 112 return 4 << 2; 113 case 1: /* L0 PDE */ 114 pde_ptr = ((address >> 22) & ~3) + ((pde & ~3) << 4); 115 pde = address_space_ldl(cs->as, pde_ptr, 116 MEMTXATTRS_UNSPECIFIED, &result); 117 if (result != MEMTX_OK) { 118 return (1 << 8) | (4 << 2); /* Translation fault, L = 1 */ 119 } 120 121 switch (pde & PTE_ENTRYTYPE_MASK) { 122 default: 123 case 0: /* Invalid */ 124 return (1 << 8) | (1 << 2); 125 case 3: /* Reserved */ 126 return (1 << 8) | (4 << 2); 127 case 1: /* L1 PDE */ 128 pde_ptr = ((address & 0xfc0000) >> 16) + ((pde & ~3) << 4); 129 pde = address_space_ldl(cs->as, pde_ptr, 130 MEMTXATTRS_UNSPECIFIED, &result); 131 if (result != MEMTX_OK) { 132 return (2 << 8) | (4 << 2); /* Translation fault, L = 2 */ 133 } 134 135 switch (pde & PTE_ENTRYTYPE_MASK) { 136 default: 137 case 0: /* Invalid */ 138 return (2 << 8) | (1 << 2); 139 case 3: /* Reserved */ 140 return (2 << 8) | (4 << 2); 141 case 1: /* L2 PDE */ 142 pde_ptr = ((address & 0x3f000) >> 10) + ((pde & ~3) << 4); 143 pde = address_space_ldl(cs->as, pde_ptr, 144 MEMTXATTRS_UNSPECIFIED, &result); 145 if (result != MEMTX_OK) { 146 return (3 << 8) | (4 << 2); /* Translation fault, L = 3 */ 147 } 148 149 switch (pde & PTE_ENTRYTYPE_MASK) { 150 default: 151 case 0: /* Invalid */ 152 return (3 << 8) | (1 << 2); 153 case 1: /* PDE, should not happen */ 154 case 3: /* Reserved */ 155 return (3 << 8) | (4 << 2); 156 case 2: /* L3 PTE */ 157 page_offset = 0; 158 } 159 *page_size = TARGET_PAGE_SIZE; 160 break; 161 case 2: /* L2 PTE */ 162 page_offset = address & 0x3f000; 163 *page_size = 0x40000; 164 } 165 break; 166 case 2: /* L1 PTE */ 167 page_offset = address & 0xfff000; 168 *page_size = 0x1000000; 169 } 170 } 171 172 /* check access */ 173 access_perms = (pde & PTE_ACCESS_MASK) >> PTE_ACCESS_SHIFT; 174 error_code = access_table[*access_index][access_perms]; 175 if (error_code && !((env->mmuregs[0] & MMU_NF) && is_user)) { 176 return error_code; 177 } 178 179 /* update page modified and dirty bits */ 180 is_dirty = (rw & 1) && !(pde & PG_MODIFIED_MASK); 181 if (!(pde & PG_ACCESSED_MASK) || is_dirty) { 182 pde |= PG_ACCESSED_MASK; 183 if (is_dirty) { 184 pde |= PG_MODIFIED_MASK; 185 } 186 stl_phys_notdirty(cs->as, pde_ptr, pde); 187 } 188 189 /* the page can be put in the TLB */ 190 *prot = perm_table[is_user][access_perms]; 191 if (!(pde & PG_MODIFIED_MASK)) { 192 /* only set write access if already dirty... otherwise wait 193 for dirty access */ 194 *prot &= ~PAGE_WRITE; 195 } 196 197 /* Even if large ptes, we map only one 4KB page in the cache to 198 avoid filling it too fast */ 199 *physical = ((hwaddr)(pde & PTE_ADDR_MASK) << 4) + page_offset; 200 return error_code; 201 } 202 203 /* Perform address translation */ 204 bool sparc_cpu_tlb_fill(CPUState *cs, vaddr address, int size, 205 MMUAccessType access_type, int mmu_idx, 206 bool probe, uintptr_t retaddr) 207 { 208 SPARCCPU *cpu = SPARC_CPU(cs); 209 CPUSPARCState *env = &cpu->env; 210 hwaddr paddr; 211 target_ulong vaddr; 212 target_ulong page_size; 213 int error_code = 0, prot, access_index; 214 MemTxAttrs attrs = {}; 215 216 /* 217 * TODO: If we ever need tlb_vaddr_to_host for this target, 218 * then we must figure out how to manipulate FSR and FAR 219 * when both MMU_NF and probe are set. In the meantime, 220 * do not support this use case. 221 */ 222 assert(!probe); 223 224 address &= TARGET_PAGE_MASK; 225 error_code = get_physical_address(env, &paddr, &prot, &access_index, &attrs, 226 address, access_type, 227 mmu_idx, &page_size); 228 vaddr = address; 229 if (likely(error_code == 0)) { 230 qemu_log_mask(CPU_LOG_MMU, 231 "Translate at %" VADDR_PRIx " -> " 232 TARGET_FMT_plx ", vaddr " TARGET_FMT_lx "\n", 233 address, paddr, vaddr); 234 tlb_set_page(cs, vaddr, paddr, prot, mmu_idx, page_size); 235 return true; 236 } 237 238 if (env->mmuregs[3]) { /* Fault status register */ 239 env->mmuregs[3] = 1; /* overflow (not read before another fault) */ 240 } 241 env->mmuregs[3] |= (access_index << 5) | error_code | 2; 242 env->mmuregs[4] = address; /* Fault address register */ 243 244 if ((env->mmuregs[0] & MMU_NF) || env->psret == 0) { 245 /* No fault mode: if a mapping is available, just override 246 permissions. If no mapping is available, redirect accesses to 247 neverland. Fake/overridden mappings will be flushed when 248 switching to normal mode. */ 249 prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; 250 tlb_set_page(cs, vaddr, paddr, prot, mmu_idx, TARGET_PAGE_SIZE); 251 return true; 252 } else { 253 if (access_type == MMU_INST_FETCH) { 254 cs->exception_index = TT_TFAULT; 255 } else { 256 cs->exception_index = TT_DFAULT; 257 } 258 cpu_loop_exit_restore(cs, retaddr); 259 } 260 } 261 262 target_ulong mmu_probe(CPUSPARCState *env, target_ulong address, int mmulev) 263 { 264 CPUState *cs = env_cpu(env); 265 hwaddr pde_ptr; 266 uint32_t pde; 267 MemTxResult result; 268 269 /* 270 * TODO: MMU probe operations are supposed to set the fault 271 * status registers, but we don't do this. 272 */ 273 274 /* Context base + context number */ 275 pde_ptr = (hwaddr)(env->mmuregs[1] << 4) + 276 (env->mmuregs[2] << 2); 277 pde = address_space_ldl(cs->as, pde_ptr, MEMTXATTRS_UNSPECIFIED, &result); 278 if (result != MEMTX_OK) { 279 return 0; 280 } 281 282 switch (pde & PTE_ENTRYTYPE_MASK) { 283 default: 284 case 0: /* Invalid */ 285 case 2: /* PTE, maybe should not happen? */ 286 case 3: /* Reserved */ 287 return 0; 288 case 1: /* L1 PDE */ 289 if (mmulev == 3) { 290 return pde; 291 } 292 pde_ptr = ((address >> 22) & ~3) + ((pde & ~3) << 4); 293 pde = address_space_ldl(cs->as, pde_ptr, 294 MEMTXATTRS_UNSPECIFIED, &result); 295 if (result != MEMTX_OK) { 296 return 0; 297 } 298 299 switch (pde & PTE_ENTRYTYPE_MASK) { 300 default: 301 case 0: /* Invalid */ 302 case 3: /* Reserved */ 303 return 0; 304 case 2: /* L1 PTE */ 305 return pde; 306 case 1: /* L2 PDE */ 307 if (mmulev == 2) { 308 return pde; 309 } 310 pde_ptr = ((address & 0xfc0000) >> 16) + ((pde & ~3) << 4); 311 pde = address_space_ldl(cs->as, pde_ptr, 312 MEMTXATTRS_UNSPECIFIED, &result); 313 if (result != MEMTX_OK) { 314 return 0; 315 } 316 317 switch (pde & PTE_ENTRYTYPE_MASK) { 318 default: 319 case 0: /* Invalid */ 320 case 3: /* Reserved */ 321 return 0; 322 case 2: /* L2 PTE */ 323 return pde; 324 case 1: /* L3 PDE */ 325 if (mmulev == 1) { 326 return pde; 327 } 328 pde_ptr = ((address & 0x3f000) >> 10) + ((pde & ~3) << 4); 329 pde = address_space_ldl(cs->as, pde_ptr, 330 MEMTXATTRS_UNSPECIFIED, &result); 331 if (result != MEMTX_OK) { 332 return 0; 333 } 334 335 switch (pde & PTE_ENTRYTYPE_MASK) { 336 default: 337 case 0: /* Invalid */ 338 case 1: /* PDE, should not happen */ 339 case 3: /* Reserved */ 340 return 0; 341 case 2: /* L3 PTE */ 342 return pde; 343 } 344 } 345 } 346 } 347 return 0; 348 } 349 350 void dump_mmu(CPUSPARCState *env) 351 { 352 CPUState *cs = env_cpu(env); 353 target_ulong va, va1, va2; 354 unsigned int n, m, o; 355 hwaddr pa; 356 uint32_t pde; 357 358 qemu_printf("Root ptr: " TARGET_FMT_plx ", ctx: %d\n", 359 (hwaddr)env->mmuregs[1] << 4, env->mmuregs[2]); 360 for (n = 0, va = 0; n < 256; n++, va += 16 * 1024 * 1024) { 361 pde = mmu_probe(env, va, 2); 362 if (pde) { 363 pa = cpu_get_phys_page_debug(cs, va); 364 qemu_printf("VA: " TARGET_FMT_lx ", PA: " TARGET_FMT_plx 365 " PDE: " TARGET_FMT_lx "\n", va, pa, pde); 366 for (m = 0, va1 = va; m < 64; m++, va1 += 256 * 1024) { 367 pde = mmu_probe(env, va1, 1); 368 if (pde) { 369 pa = cpu_get_phys_page_debug(cs, va1); 370 qemu_printf(" VA: " TARGET_FMT_lx ", PA: " 371 TARGET_FMT_plx " PDE: " TARGET_FMT_lx "\n", 372 va1, pa, pde); 373 for (o = 0, va2 = va1; o < 64; o++, va2 += 4 * 1024) { 374 pde = mmu_probe(env, va2, 0); 375 if (pde) { 376 pa = cpu_get_phys_page_debug(cs, va2); 377 qemu_printf(" VA: " TARGET_FMT_lx ", PA: " 378 TARGET_FMT_plx " PTE: " 379 TARGET_FMT_lx "\n", 380 va2, pa, pde); 381 } 382 } 383 } 384 } 385 } 386 } 387 } 388 389 /* Gdb expects all registers windows to be flushed in ram. This function handles 390 * reads (and only reads) in stack frames as if windows were flushed. We assume 391 * that the sparc ABI is followed. 392 */ 393 int sparc_cpu_memory_rw_debug(CPUState *cs, vaddr address, 394 uint8_t *buf, int len, bool is_write) 395 { 396 SPARCCPU *cpu = SPARC_CPU(cs); 397 CPUSPARCState *env = &cpu->env; 398 target_ulong addr = address; 399 int i; 400 int len1; 401 int cwp = env->cwp; 402 403 if (!is_write) { 404 for (i = 0; i < env->nwindows; i++) { 405 int off; 406 target_ulong fp = env->regbase[cwp * 16 + 22]; 407 408 /* Assume fp == 0 means end of frame. */ 409 if (fp == 0) { 410 break; 411 } 412 413 cwp = cpu_cwp_inc(env, cwp + 1); 414 415 /* Invalid window ? */ 416 if (env->wim & (1 << cwp)) { 417 break; 418 } 419 420 /* According to the ABI, the stack is growing downward. */ 421 if (addr + len < fp) { 422 break; 423 } 424 425 /* Not in this frame. */ 426 if (addr > fp + 64) { 427 continue; 428 } 429 430 /* Handle access before this window. */ 431 if (addr < fp) { 432 len1 = fp - addr; 433 if (cpu_memory_rw_debug(cs, addr, buf, len1, is_write) != 0) { 434 return -1; 435 } 436 addr += len1; 437 len -= len1; 438 buf += len1; 439 } 440 441 /* Access byte per byte to registers. Not very efficient but speed 442 * is not critical. 443 */ 444 off = addr - fp; 445 len1 = 64 - off; 446 447 if (len1 > len) { 448 len1 = len; 449 } 450 451 for (; len1; len1--) { 452 int reg = cwp * 16 + 8 + (off >> 2); 453 union { 454 uint32_t v; 455 uint8_t c[4]; 456 } u; 457 u.v = cpu_to_be32(env->regbase[reg]); 458 *buf++ = u.c[off & 3]; 459 addr++; 460 len--; 461 off++; 462 } 463 464 if (len == 0) { 465 return 0; 466 } 467 } 468 } 469 return cpu_memory_rw_debug(cs, addr, buf, len, is_write); 470 } 471 472 #else /* !TARGET_SPARC64 */ 473 474 /* 41 bit physical address space */ 475 static inline hwaddr ultrasparc_truncate_physical(uint64_t x) 476 { 477 return x & 0x1ffffffffffULL; 478 } 479 480 /* 481 * UltraSparc IIi I/DMMUs 482 */ 483 484 /* Returns true if TTE tag is valid and matches virtual address value 485 in context requires virtual address mask value calculated from TTE 486 entry size */ 487 static inline int ultrasparc_tag_match(SparcTLBEntry *tlb, 488 uint64_t address, uint64_t context, 489 hwaddr *physical) 490 { 491 uint64_t mask = -(8192ULL << 3 * TTE_PGSIZE(tlb->tte)); 492 493 /* valid, context match, virtual address match? */ 494 if (TTE_IS_VALID(tlb->tte) && 495 (TTE_IS_GLOBAL(tlb->tte) || tlb_compare_context(tlb, context)) 496 && compare_masked(address, tlb->tag, mask)) { 497 /* decode physical address */ 498 *physical = ((tlb->tte & mask) | (address & ~mask)) & 0x1ffffffe000ULL; 499 return 1; 500 } 501 502 return 0; 503 } 504 505 static int get_physical_address_data(CPUSPARCState *env, hwaddr *physical, 506 int *prot, MemTxAttrs *attrs, 507 target_ulong address, int rw, int mmu_idx) 508 { 509 CPUState *cs = env_cpu(env); 510 unsigned int i; 511 uint64_t context; 512 uint64_t sfsr = 0; 513 bool is_user = false; 514 515 switch (mmu_idx) { 516 case MMU_PHYS_IDX: 517 g_assert_not_reached(); 518 case MMU_USER_IDX: 519 is_user = true; 520 /* fallthru */ 521 case MMU_KERNEL_IDX: 522 context = env->dmmu.mmu_primary_context & 0x1fff; 523 sfsr |= SFSR_CT_PRIMARY; 524 break; 525 case MMU_USER_SECONDARY_IDX: 526 is_user = true; 527 /* fallthru */ 528 case MMU_KERNEL_SECONDARY_IDX: 529 context = env->dmmu.mmu_secondary_context & 0x1fff; 530 sfsr |= SFSR_CT_SECONDARY; 531 break; 532 case MMU_NUCLEUS_IDX: 533 sfsr |= SFSR_CT_NUCLEUS; 534 /* FALLTHRU */ 535 default: 536 context = 0; 537 break; 538 } 539 540 if (rw == 1) { 541 sfsr |= SFSR_WRITE_BIT; 542 } else if (rw == 4) { 543 sfsr |= SFSR_NF_BIT; 544 } 545 546 for (i = 0; i < 64; i++) { 547 /* ctx match, vaddr match, valid? */ 548 if (ultrasparc_tag_match(&env->dtlb[i], address, context, physical)) { 549 int do_fault = 0; 550 551 if (TTE_IS_IE(env->dtlb[i].tte)) { 552 attrs->byte_swap = true; 553 } 554 555 /* access ok? */ 556 /* multiple bits in SFSR.FT may be set on TT_DFAULT */ 557 if (TTE_IS_PRIV(env->dtlb[i].tte) && is_user) { 558 do_fault = 1; 559 sfsr |= SFSR_FT_PRIV_BIT; /* privilege violation */ 560 trace_mmu_helper_dfault(address, context, mmu_idx, env->tl); 561 } 562 if (rw == 4) { 563 if (TTE_IS_SIDEEFFECT(env->dtlb[i].tte)) { 564 do_fault = 1; 565 sfsr |= SFSR_FT_NF_E_BIT; 566 } 567 } else { 568 if (TTE_IS_NFO(env->dtlb[i].tte)) { 569 do_fault = 1; 570 sfsr |= SFSR_FT_NFO_BIT; 571 } 572 } 573 574 if (do_fault) { 575 /* faults above are reported with TT_DFAULT. */ 576 cs->exception_index = TT_DFAULT; 577 } else if (!TTE_IS_W_OK(env->dtlb[i].tte) && (rw == 1)) { 578 do_fault = 1; 579 cs->exception_index = TT_DPROT; 580 581 trace_mmu_helper_dprot(address, context, mmu_idx, env->tl); 582 } 583 584 if (!do_fault) { 585 *prot = PAGE_READ; 586 if (TTE_IS_W_OK(env->dtlb[i].tte)) { 587 *prot |= PAGE_WRITE; 588 } 589 590 TTE_SET_USED(env->dtlb[i].tte); 591 592 return 0; 593 } 594 595 if (env->dmmu.sfsr & SFSR_VALID_BIT) { /* Fault status register */ 596 sfsr |= SFSR_OW_BIT; /* overflow (not read before 597 another fault) */ 598 } 599 600 if (env->pstate & PS_PRIV) { 601 sfsr |= SFSR_PR_BIT; 602 } 603 604 /* FIXME: ASI field in SFSR must be set */ 605 env->dmmu.sfsr = sfsr | SFSR_VALID_BIT; 606 607 env->dmmu.sfar = address; /* Fault address register */ 608 609 env->dmmu.tag_access = (address & ~0x1fffULL) | context; 610 611 return 1; 612 } 613 } 614 615 trace_mmu_helper_dmiss(address, context); 616 617 /* 618 * On MMU misses: 619 * - UltraSPARC IIi: SFSR and SFAR unmodified 620 * - JPS1: SFAR updated and some fields of SFSR updated 621 */ 622 env->dmmu.tag_access = (address & ~0x1fffULL) | context; 623 cs->exception_index = TT_DMISS; 624 return 1; 625 } 626 627 static int get_physical_address_code(CPUSPARCState *env, hwaddr *physical, 628 int *prot, MemTxAttrs *attrs, 629 target_ulong address, int mmu_idx) 630 { 631 CPUState *cs = env_cpu(env); 632 unsigned int i; 633 uint64_t context; 634 bool is_user = false; 635 636 switch (mmu_idx) { 637 case MMU_PHYS_IDX: 638 case MMU_USER_SECONDARY_IDX: 639 case MMU_KERNEL_SECONDARY_IDX: 640 g_assert_not_reached(); 641 case MMU_USER_IDX: 642 is_user = true; 643 /* fallthru */ 644 case MMU_KERNEL_IDX: 645 context = env->dmmu.mmu_primary_context & 0x1fff; 646 break; 647 default: 648 context = 0; 649 break; 650 } 651 652 if (env->tl == 0) { 653 /* PRIMARY context */ 654 context = env->dmmu.mmu_primary_context & 0x1fff; 655 } else { 656 /* NUCLEUS context */ 657 context = 0; 658 } 659 660 for (i = 0; i < 64; i++) { 661 /* ctx match, vaddr match, valid? */ 662 if (ultrasparc_tag_match(&env->itlb[i], 663 address, context, physical)) { 664 /* access ok? */ 665 if (TTE_IS_PRIV(env->itlb[i].tte) && is_user) { 666 /* Fault status register */ 667 if (env->immu.sfsr & SFSR_VALID_BIT) { 668 env->immu.sfsr = SFSR_OW_BIT; /* overflow (not read before 669 another fault) */ 670 } else { 671 env->immu.sfsr = 0; 672 } 673 if (env->pstate & PS_PRIV) { 674 env->immu.sfsr |= SFSR_PR_BIT; 675 } 676 if (env->tl > 0) { 677 env->immu.sfsr |= SFSR_CT_NUCLEUS; 678 } 679 680 /* FIXME: ASI field in SFSR must be set */ 681 env->immu.sfsr |= SFSR_FT_PRIV_BIT | SFSR_VALID_BIT; 682 cs->exception_index = TT_TFAULT; 683 684 env->immu.tag_access = (address & ~0x1fffULL) | context; 685 686 trace_mmu_helper_tfault(address, context); 687 688 return 1; 689 } 690 *prot = PAGE_EXEC; 691 TTE_SET_USED(env->itlb[i].tte); 692 return 0; 693 } 694 } 695 696 trace_mmu_helper_tmiss(address, context); 697 698 /* Context is stored in DMMU (dmmuregs[1]) also for IMMU */ 699 env->immu.tag_access = (address & ~0x1fffULL) | context; 700 cs->exception_index = TT_TMISS; 701 return 1; 702 } 703 704 static int get_physical_address(CPUSPARCState *env, hwaddr *physical, 705 int *prot, int *access_index, MemTxAttrs *attrs, 706 target_ulong address, int rw, int mmu_idx, 707 target_ulong *page_size) 708 { 709 /* ??? We treat everything as a small page, then explicitly flush 710 everything when an entry is evicted. */ 711 *page_size = TARGET_PAGE_SIZE; 712 713 /* safety net to catch wrong softmmu index use from dynamic code */ 714 if (env->tl > 0 && mmu_idx != MMU_NUCLEUS_IDX) { 715 if (rw == 2) { 716 trace_mmu_helper_get_phys_addr_code(env->tl, mmu_idx, 717 env->dmmu.mmu_primary_context, 718 env->dmmu.mmu_secondary_context, 719 address); 720 } else { 721 trace_mmu_helper_get_phys_addr_data(env->tl, mmu_idx, 722 env->dmmu.mmu_primary_context, 723 env->dmmu.mmu_secondary_context, 724 address); 725 } 726 } 727 728 if (mmu_idx == MMU_PHYS_IDX) { 729 *physical = ultrasparc_truncate_physical(address); 730 *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; 731 return 0; 732 } 733 734 if (rw == 2) { 735 return get_physical_address_code(env, physical, prot, attrs, address, 736 mmu_idx); 737 } else { 738 return get_physical_address_data(env, physical, prot, attrs, address, 739 rw, mmu_idx); 740 } 741 } 742 743 /* Perform address translation */ 744 bool sparc_cpu_tlb_fill(CPUState *cs, vaddr address, int size, 745 MMUAccessType access_type, int mmu_idx, 746 bool probe, uintptr_t retaddr) 747 { 748 SPARCCPU *cpu = SPARC_CPU(cs); 749 CPUSPARCState *env = &cpu->env; 750 target_ulong vaddr; 751 hwaddr paddr; 752 target_ulong page_size; 753 MemTxAttrs attrs = {}; 754 int error_code = 0, prot, access_index; 755 756 address &= TARGET_PAGE_MASK; 757 error_code = get_physical_address(env, &paddr, &prot, &access_index, &attrs, 758 address, access_type, 759 mmu_idx, &page_size); 760 if (likely(error_code == 0)) { 761 vaddr = address; 762 763 trace_mmu_helper_mmu_fault(address, paddr, mmu_idx, env->tl, 764 env->dmmu.mmu_primary_context, 765 env->dmmu.mmu_secondary_context); 766 767 tlb_set_page_with_attrs(cs, vaddr, paddr, attrs, prot, mmu_idx, 768 page_size); 769 return true; 770 } 771 if (probe) { 772 return false; 773 } 774 cpu_loop_exit_restore(cs, retaddr); 775 } 776 777 void dump_mmu(CPUSPARCState *env) 778 { 779 unsigned int i; 780 const char *mask; 781 782 qemu_printf("MMU contexts: Primary: %" PRId64 ", Secondary: %" 783 PRId64 "\n", 784 env->dmmu.mmu_primary_context, 785 env->dmmu.mmu_secondary_context); 786 qemu_printf("DMMU Tag Access: %" PRIx64 ", TSB Tag Target: %" PRIx64 787 "\n", env->dmmu.tag_access, env->dmmu.tsb_tag_target); 788 if ((env->lsu & DMMU_E) == 0) { 789 qemu_printf("DMMU disabled\n"); 790 } else { 791 qemu_printf("DMMU dump\n"); 792 for (i = 0; i < 64; i++) { 793 switch (TTE_PGSIZE(env->dtlb[i].tte)) { 794 default: 795 case 0x0: 796 mask = " 8k"; 797 break; 798 case 0x1: 799 mask = " 64k"; 800 break; 801 case 0x2: 802 mask = "512k"; 803 break; 804 case 0x3: 805 mask = " 4M"; 806 break; 807 } 808 if (TTE_IS_VALID(env->dtlb[i].tte)) { 809 qemu_printf("[%02u] VA: %" PRIx64 ", PA: %llx" 810 ", %s, %s, %s, %s, ie %s, ctx %" PRId64 " %s\n", 811 i, 812 env->dtlb[i].tag & (uint64_t)~0x1fffULL, 813 TTE_PA(env->dtlb[i].tte), 814 mask, 815 TTE_IS_PRIV(env->dtlb[i].tte) ? "priv" : "user", 816 TTE_IS_W_OK(env->dtlb[i].tte) ? "RW" : "RO", 817 TTE_IS_LOCKED(env->dtlb[i].tte) ? 818 "locked" : "unlocked", 819 TTE_IS_IE(env->dtlb[i].tte) ? 820 "yes" : "no", 821 env->dtlb[i].tag & (uint64_t)0x1fffULL, 822 TTE_IS_GLOBAL(env->dtlb[i].tte) ? 823 "global" : "local"); 824 } 825 } 826 } 827 if ((env->lsu & IMMU_E) == 0) { 828 qemu_printf("IMMU disabled\n"); 829 } else { 830 qemu_printf("IMMU dump\n"); 831 for (i = 0; i < 64; i++) { 832 switch (TTE_PGSIZE(env->itlb[i].tte)) { 833 default: 834 case 0x0: 835 mask = " 8k"; 836 break; 837 case 0x1: 838 mask = " 64k"; 839 break; 840 case 0x2: 841 mask = "512k"; 842 break; 843 case 0x3: 844 mask = " 4M"; 845 break; 846 } 847 if (TTE_IS_VALID(env->itlb[i].tte)) { 848 qemu_printf("[%02u] VA: %" PRIx64 ", PA: %llx" 849 ", %s, %s, %s, ctx %" PRId64 " %s\n", 850 i, 851 env->itlb[i].tag & (uint64_t)~0x1fffULL, 852 TTE_PA(env->itlb[i].tte), 853 mask, 854 TTE_IS_PRIV(env->itlb[i].tte) ? "priv" : "user", 855 TTE_IS_LOCKED(env->itlb[i].tte) ? 856 "locked" : "unlocked", 857 env->itlb[i].tag & (uint64_t)0x1fffULL, 858 TTE_IS_GLOBAL(env->itlb[i].tte) ? 859 "global" : "local"); 860 } 861 } 862 } 863 } 864 865 #endif /* TARGET_SPARC64 */ 866 867 static int cpu_sparc_get_phys_page(CPUSPARCState *env, hwaddr *phys, 868 target_ulong addr, int rw, int mmu_idx) 869 { 870 target_ulong page_size; 871 int prot, access_index; 872 MemTxAttrs attrs = {}; 873 874 return get_physical_address(env, phys, &prot, &access_index, &attrs, addr, 875 rw, mmu_idx, &page_size); 876 } 877 878 #if defined(TARGET_SPARC64) 879 hwaddr cpu_get_phys_page_nofault(CPUSPARCState *env, target_ulong addr, 880 int mmu_idx) 881 { 882 hwaddr phys_addr; 883 884 if (cpu_sparc_get_phys_page(env, &phys_addr, addr, 4, mmu_idx) != 0) { 885 return -1; 886 } 887 return phys_addr; 888 } 889 #endif 890 891 hwaddr sparc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) 892 { 893 SPARCCPU *cpu = SPARC_CPU(cs); 894 CPUSPARCState *env = &cpu->env; 895 hwaddr phys_addr; 896 int mmu_idx = cpu_mmu_index(env, false); 897 898 if (cpu_sparc_get_phys_page(env, &phys_addr, addr, 2, mmu_idx) != 0) { 899 if (cpu_sparc_get_phys_page(env, &phys_addr, addr, 0, mmu_idx) != 0) { 900 return -1; 901 } 902 } 903 return phys_addr; 904 } 905