2 * PPC emulation helpers for qemu.
4 * Copyright (c) 2003 Jocelyn Mayer
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 #if defined (USE_OPEN_FIRMWARE)
28 //#define DEBUG_EXCEPTIONS
30 extern FILE *logfile, *stdout, *stderr;
34 void cpu_loop_exit(void)
36 longjmp(env->jmp_env, 1);
39 void do_process_exceptions (void)
44 int check_exception_state (CPUState *env)
48 /* Process PPC exceptions */
49 for (i = 1; i < EXCP_PPC_MAX; i++) {
50 if (env->exceptions & (1 << i)) {
58 if (env->errors[EXCP_PROGRAM] == EXCP_FP &&
59 msr_fe0 == 0 && msr_fe1 == 0)
65 env->exception_index = i;
66 env->error_code = env->errors[i];
74 /*****************************************************************************/
75 /* PPC MMU emulation */
76 int cpu_ppc_handle_mmu_fault (CPUState *env, uint32_t address, int rw,
77 int is_user, int is_softmmu);
79 /* Perform BAT hit & translation */
80 static int get_bat (CPUState *env, uint32_t *real, int *prot,
81 uint32_t virtual, int rw, int type)
83 uint32_t *BATlt, *BATut, *BATu, *BATl;
84 uint32_t base, BEPIl, BEPIu, bl;
88 #if defined (DEBUG_BATS)
90 fprintf(logfile, "%s: %cBAT v 0x%08x\n", __func__,
91 type == ACCESS_CODE ? 'I' : 'D', virtual);
100 BATlt = env->DBAT[1];
101 BATut = env->DBAT[0];
104 #if defined (DEBUG_BATS)
106 fprintf(logfile, "%s...: %cBAT v 0x%08x\n", __func__,
107 type == ACCESS_CODE ? 'I' : 'D', virtual);
110 base = virtual & 0xFFFC0000;
111 for (i = 0; i < 4; i++) {
114 BEPIu = *BATu & 0xF0000000;
115 BEPIl = *BATu & 0x0FFE0000;
116 bl = (*BATu & 0x00001FFC) << 15;
117 #if defined (DEBUG_BATS)
119 fprintf(logfile, "%s: %cBAT%d v 0x%08x BATu 0x%08x BATl 0x%08x\n",
120 __func__, type == ACCESS_CODE ? 'I' : 'D', i, virtual,
124 if ((virtual & 0xF0000000) == BEPIu &&
125 ((virtual & 0x0FFE0000) & ~bl) == BEPIl) {
127 if ((msr_pr == 0 && (*BATu & 0x00000002)) ||
128 (msr_pr == 1 && (*BATu & 0x00000001))) {
129 /* Get physical address */
130 *real = (*BATl & 0xF0000000) |
131 ((virtual & 0x0FFE0000 & bl) | (*BATl & 0x0FFE0000)) |
132 (virtual & 0x0001F000);
133 if (*BATl & 0x00000001)
135 if (*BATl & 0x00000002)
136 *prot = PAGE_WRITE | PAGE_READ;
137 #if defined (DEBUG_BATS)
139 fprintf(logfile, "BAT %d match: r 0x%08x prot=%c%c\n",
140 i, *real, *prot & PAGE_READ ? 'R' : '-',
141 *prot & PAGE_WRITE ? 'W' : '-');
150 #if defined (DEBUG_BATS)
151 printf("no BAT match for 0x%08x:\n", virtual);
152 for (i = 0; i < 4; i++) {
155 BEPIu = *BATu & 0xF0000000;
156 BEPIl = *BATu & 0x0FFE0000;
157 bl = (*BATu & 0x00001FFC) << 15;
158 printf("%s: %cBAT%d v 0x%08x BATu 0x%08x BATl 0x%08x \n\t"
159 "0x%08x 0x%08x 0x%08x\n",
160 __func__, type == ACCESS_CODE ? 'I' : 'D', i, virtual,
161 *BATu, *BATl, BEPIu, BEPIl, bl);
169 /* PTE table lookup */
170 static int find_pte (uint32_t *RPN, int *prot, uint32_t base, uint32_t va,
171 int h, int key, int rw)
173 uint32_t pte0, pte1, keep = 0, access = 0;
174 int i, good = -1, store = 0;
175 int ret = -1; /* No entry found */
177 for (i = 0; i < 8; i++) {
178 pte0 = ldl_raw(phys_ram_base + base + (i * 8));
179 pte1 = ldl_raw(phys_ram_base + base + (i * 8) + 4);
180 #if defined (DEBUG_MMU)
182 fprintf(logfile, "Load pte from 0x%08x => 0x%08x 0x%08x "
183 "%d %d %d 0x%08x\n", base + (i * 8), pte0, pte1,
184 pte0 >> 31, h, (pte0 >> 6) & 1, va);
187 /* Check validity and table match */
188 if (pte0 & 0x80000000 && (h == ((pte0 >> 6) & 1))) {
189 /* Check vsid & api */
190 if ((pte0 & 0x7FFFFFBF) == va) {
195 /* All matches should have equal RPN, WIMG & PP */
196 if ((keep & 0xFFFFF07B) != (pte1 & 0xFFFFF07B)) {
198 fprintf(logfile, "Bad RPN/WIMG/PP\n");
202 /* Check access rights */
205 if ((pte1 & 0x00000003) != 0x3)
206 access |= PAGE_WRITE;
208 switch (pte1 & 0x00000003) {
217 access = PAGE_READ | PAGE_WRITE;
222 if ((rw == 0 && (access & PAGE_READ)) ||
223 (rw == 1 && (access & PAGE_WRITE))) {
224 #if defined (DEBUG_MMU)
226 fprintf(logfile, "PTE access granted !\n");
232 /* Access right violation */
234 #if defined (DEBUG_MMU)
236 fprintf(logfile, "PTE access rejected\n");
245 *RPN = keep & 0xFFFFF000;
246 #if defined (DEBUG_MMU)
248 fprintf(logfile, "found PTE at addr 0x%08x prot=0x%01x ret=%d\n",
252 /* Update page flags */
253 if (!(keep & 0x00000100)) {
258 if (!(keep & 0x00000080)) {
259 if (rw && ret == 0) {
264 /* Force page fault for first write access */
265 *prot &= ~PAGE_WRITE;
269 stl_raw(phys_ram_base + base + (good * 8) + 4, keep);
276 static inline uint32_t get_pgaddr (uint32_t sdr1, uint32_t hash, uint32_t mask)
278 return (sdr1 & 0xFFFF0000) | (hash & mask);
281 /* Perform segment based translation */
282 static int get_segment (CPUState *env, uint32_t *real, int *prot,
283 uint32_t virtual, int rw, int type)
285 uint32_t pg_addr, sdr, ptem, vsid, pgidx;
291 sr = env->sr[virtual >> 28];
292 #if defined (DEBUG_MMU)
294 fprintf(logfile, "Check segment v=0x%08x %d 0x%08x nip=0x%08x "
295 "lr=0x%08x ir=%d dr=%d pr=%d %d t=%d\n",
296 virtual, virtual >> 28, sr, env->nip,
297 env->lr, msr_ir, msr_dr, msr_pr, rw, type);
300 key = (((sr & 0x20000000) && msr_pr == 1) ||
301 ((sr & 0x40000000) && msr_pr == 0)) ? 1 : 0;
302 if ((sr & 0x80000000) == 0) {
303 #if defined (DEBUG_MMU)
305 fprintf(logfile, "pte segment: key=%d n=0x%08x\n",
306 key, sr & 0x10000000);
308 /* Check if instruction fetch is allowed, if needed */
309 if (type != ACCESS_CODE || (sr & 0x10000000) == 0) {
310 /* Page address translation */
311 vsid = sr & 0x00FFFFFF;
312 pgidx = (virtual >> 12) & 0xFFFF;
314 hash = ((vsid ^ pgidx) & 0x0007FFFF) << 6;
315 mask = ((sdr & 0x000001FF) << 16) | 0xFFC0;
316 pg_addr = get_pgaddr(sdr, hash, mask);
317 ptem = (vsid << 7) | (pgidx >> 10);
318 #if defined (DEBUG_MMU)
320 fprintf(logfile, "0 sdr1=0x%08x vsid=0x%06x api=0x%04x "
321 "hash=0x%07x pg_addr=0x%08x\n", sdr, vsid, pgidx, hash,
325 /* Primary table lookup */
326 ret = find_pte(real, prot, pg_addr, ptem, 0, key, rw);
328 /* Secondary table lookup */
329 hash = (~hash) & 0x01FFFFC0;
330 pg_addr = get_pgaddr(sdr, hash, mask);
331 #if defined (DEBUG_MMU)
332 if (virtual != 0xEFFFFFFF && loglevel > 0) {
333 fprintf(logfile, "1 sdr1=0x%08x vsid=0x%06x api=0x%04x "
334 "hash=0x%05x pg_addr=0x%08x\n", sdr, vsid, pgidx,
338 ret2 = find_pte(real, prot, pg_addr, ptem, 1, key, rw);
343 #if defined (DEBUG_MMU)
345 fprintf(logfile, "No access allowed\n");
350 #if defined (DEBUG_MMU)
352 fprintf(logfile, "direct store...\n");
354 /* Direct-store segment : absolutely *BUGGY* for now */
357 /* Integer load/store : only access allowed */
360 /* No code fetch is allowed in direct-store areas */
363 /* Floating point load/store */
366 /* lwarx, ldarx or srwcx. */
369 /* dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi */
370 /* Should make the instruction do no-op.
371 * As it already do no-op, it's quite easy :-)
380 fprintf(logfile, "ERROR: instruction should not need "
381 "address translation\n");
383 printf("ERROR: instruction should not need "
384 "address translation\n");
387 if ((rw == 1 || key != 1) && (rw == 0 || key != 0)) {
398 int get_physical_address (CPUState *env, uint32_t *physical, int *prot,
399 uint32_t address, int rw, int access_type)
404 fprintf(logfile, "%s\n", __func__);
407 if ((access_type == ACCESS_CODE && msr_ir == 0) || msr_dr == 0) {
408 /* No address translation */
409 *physical = address & ~0xFFF;
410 *prot = PAGE_READ | PAGE_WRITE;
413 /* Try to find a BAT */
414 ret = get_bat(env, physical, prot, address, rw, access_type);
416 /* We didn't match any BAT entry */
417 ret = get_segment(env, physical, prot, address, rw, access_type);
421 fprintf(logfile, "%s address %08x => %08x\n",
422 __func__, address, *physical);
428 #if defined(CONFIG_USER_ONLY)
429 target_ulong cpu_get_phys_page_debug(CPUState *env, target_ulong addr)
434 target_ulong cpu_get_phys_page_debug(CPUState *env, target_ulong addr)
439 if (get_physical_address(env, &phys_addr, &prot, addr, 0, ACCESS_INT) != 0)
445 #if !defined(CONFIG_USER_ONLY)
447 #define MMUSUFFIX _mmu
448 #define GETPC() (__builtin_return_address(0))
451 #include "softmmu_template.h"
454 #include "softmmu_template.h"
457 #include "softmmu_template.h"
460 #include "softmmu_template.h"
462 /* try to fill the TLB and return an exception if error. If retaddr is
463 NULL, it means that the function was called in C code (i.e. not
464 from generated code or from helper.c) */
465 /* XXX: fix it to restore all registers */
466 void tlb_fill(unsigned long addr, int is_write, int is_user, void *retaddr)
468 TranslationBlock *tb;
473 /* XXX: hack to restore env in all cases, even if not called from
476 env = cpu_single_env;
478 unsigned long tlb_addrr, tlb_addrw;
480 index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
481 tlb_addrr = env->tlb_read[is_user][index].address;
482 tlb_addrw = env->tlb_write[is_user][index].address;
484 printf("%s 1 %p %p idx=%d addr=0x%08lx tbl_addr=0x%08lx 0x%08lx "
485 "(0x%08lx 0x%08lx)\n", __func__, env,
486 &env->tlb_read[is_user][index], index, addr,
487 tlb_addrr, tlb_addrw, addr & TARGET_PAGE_MASK,
488 tlb_addrr & (TARGET_PAGE_MASK | TLB_INVALID_MASK));
491 ret = cpu_ppc_handle_mmu_fault(env, addr, is_write, is_user, 1);
494 /* now we have a real cpu fault */
495 pc = (unsigned long)retaddr;
498 /* the PC is inside the translated code. It means that we have
499 a virtual CPU fault */
500 cpu_restore_state(tb, env, pc, NULL);
503 do_queue_exception_err(env->exception_index, env->error_code);
504 do_process_exceptions();
507 unsigned long tlb_addrr, tlb_addrw;
509 index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
510 tlb_addrr = env->tlb_read[is_user][index].address;
511 tlb_addrw = env->tlb_write[is_user][index].address;
513 printf("%s 2 %p %p idx=%d addr=0x%08lx tbl_addr=0x%08lx 0x%08lx "
514 "(0x%08lx 0x%08lx)\n", __func__, env,
515 &env->tlb_read[is_user][index], index, addr,
516 tlb_addrr, tlb_addrw, addr & TARGET_PAGE_MASK,
517 tlb_addrr & (TARGET_PAGE_MASK | TLB_INVALID_MASK));
523 void cpu_ppc_init_mmu(CPUState *env)
525 /* Nothing to do: all translation are disabled */
529 /* Perform address translation */
530 int cpu_ppc_handle_mmu_fault (CPUState *env, uint32_t address, int rw,
531 int is_user, int is_softmmu)
535 int exception = 0, error_code = 0;
539 // printf("%s 0\n", __func__);
540 access_type = env->access_type;
541 if (env->user_mode_only) {
542 /* user mode only emulation */
546 /* NASTY BUG workaround */
547 if (access_type == ACCESS_CODE && rw) {
548 printf("%s: ERROR WRITE CODE ACCESS\n", __func__);
549 access_type = ACCESS_INT;
551 ret = get_physical_address(env, &physical, &prot,
552 address, rw, access_type);
554 ret = tlb_set_page(env, address & ~0xFFF, physical, prot,
555 is_user, is_softmmu);
556 } else if (ret < 0) {
558 #if defined (DEBUG_MMU)
560 cpu_ppc_dump_state(env, logfile, 0);
562 if (access_type == ACCESS_CODE) {
563 exception = EXCP_ISI;
566 /* No matches in page tables */
567 error_code = EXCP_ISI_TRANSLATE;
570 /* Access rights violation */
571 error_code = EXCP_ISI_PROT;
574 /* No execute protection violation */
575 error_code = EXCP_ISI_NOEXEC;
578 /* Direct store exception */
579 /* No code fetch is allowed in direct-store areas */
580 error_code = EXCP_ISI_DIRECT;
584 exception = EXCP_DSI;
587 /* No matches in page tables */
588 error_code = EXCP_DSI_TRANSLATE;
591 /* Access rights violation */
592 error_code = EXCP_DSI_PROT;
595 /* Direct store exception */
596 switch (access_type) {
598 /* Floating point load/store */
599 exception = EXCP_ALIGN;
600 error_code = EXCP_ALIGN_FP;
603 /* lwarx, ldarx or srwcx. */
604 exception = EXCP_DSI;
605 error_code = EXCP_DSI_NOTSUP | EXCP_DSI_DIRECT;
609 exception = EXCP_DSI;
610 error_code = EXCP_DSI_NOTSUP | EXCP_DSI_DIRECT |
614 printf("DSI: invalid exception (%d)\n", ret);
615 exception = EXCP_PROGRAM;
616 error_code = EXCP_INVAL | EXCP_INVAL_INVAL;
621 error_code |= EXCP_DSI_STORE;
622 /* Store fault address */
623 env->spr[DAR] = address;
626 printf("%s: set exception to %d %02x\n",
627 __func__, exception, error_code);
629 env->exception_index = exception;
630 env->error_code = error_code;
637 uint32_t _load_xer (CPUState *env)
639 return (xer_so << XER_SO) |
645 void _store_xer (CPUState *env, uint32_t value)
647 xer_so = (value >> XER_SO) & 0x01;
648 xer_ov = (value >> XER_OV) & 0x01;
649 xer_ca = (value >> XER_CA) & 0x01;
650 xer_bc = (value >> XER_BC) & 0x1f;
653 uint32_t _load_msr (CPUState *env)
655 return (msr_pow << MSR_POW) |
656 (msr_ile << MSR_ILE) |
661 (msr_fe0 << MSR_FE0) |
664 (msr_fe1 << MSR_FE1) |
672 void _store_msr (CPUState *env, uint32_t value)
674 if (((value >> MSR_IR) & 0x01) != msr_ir ||
675 ((value >> MSR_DR) & 0x01) != msr_dr) {
676 /* Flush all tlb when changing translation mode or privilege level */
679 msr_pow = (value >> MSR_POW) & 0x03;
680 msr_ile = (value >> MSR_ILE) & 0x01;
681 msr_ee = (value >> MSR_EE) & 0x01;
682 msr_pr = (value >> MSR_PR) & 0x01;
683 msr_fp = (value >> MSR_FP) & 0x01;
684 msr_me = (value >> MSR_ME) & 0x01;
685 msr_fe0 = (value >> MSR_FE0) & 0x01;
686 msr_se = (value >> MSR_SE) & 0x01;
687 msr_be = (value >> MSR_BE) & 0x01;
688 msr_fe1 = (value >> MSR_FE1) & 0x01;
689 msr_ip = (value >> MSR_IP) & 0x01;
690 msr_ir = (value >> MSR_IR) & 0x01;
691 msr_dr = (value >> MSR_DR) & 0x01;
692 msr_ri = (value >> MSR_RI) & 0x01;
693 msr_le = (value >> MSR_LE) & 0x01;
696 void do_interrupt (CPUState *env)
698 #if defined (CONFIG_USER_ONLY)
699 env->exception_index |= 0x100;
702 int excp = env->exception_index;
704 /* Dequeue PPC exceptions */
705 if (excp < EXCP_PPC_MAX)
706 env->exceptions &= ~(1 << excp);
707 msr = _load_msr(env);
708 #if defined (DEBUG_EXCEPTIONS)
709 if ((excp == EXCP_PROGRAM || excp == EXCP_DSI) && msr_pr == 1)
712 fprintf(logfile, "Raise exception at 0x%08x => 0x%08x (%02x)\n",
713 env->nip, excp << 8, env->error_code);
716 cpu_ppc_dump_state(env, logfile, 0);
719 /* Generate informations in save/restore registers */
722 #if defined (USE_OPEN_FIRMWARE)
723 env->gpr[3] = OF_client_entry((void *)env->gpr[3]);
727 #if defined (USE_OPEN_FIRMWARE)
728 printf("RTAS call !\n");
729 env->gpr[3] = RTAS_entry((void *)env->gpr[3]);
730 printf("RTAS call done\n");
735 #if defined (DEBUG_EXCEPTIONS)
736 printf("%s: escape EXCP_NONE\n", __func__);
743 case EXCP_MACHINE_CHECK:
745 printf("Machine check exception while not allowed !\n");
748 "Machine check exception while not allowed !\n");
755 /* Store exception cause */
756 /* data location address has been stored
757 * when the fault has been detected
761 if (env->error_code & EXCP_DSI_TRANSLATE)
762 env->spr[DSISR] |= 0x40000000;
763 else if (env->error_code & EXCP_DSI_PROT)
764 env->spr[DSISR] |= 0x08000000;
765 else if (env->error_code & EXCP_DSI_NOTSUP) {
766 env->spr[DSISR] |= 0x80000000;
767 if (env->error_code & EXCP_DSI_DIRECT)
768 env->spr[DSISR] |= 0x04000000;
770 if (env->error_code & EXCP_DSI_STORE)
771 env->spr[DSISR] |= 0x02000000;
772 if ((env->error_code & 0xF) == EXCP_DSI_DABR)
773 env->spr[DSISR] |= 0x00400000;
774 if (env->error_code & EXCP_DSI_ECXW)
775 env->spr[DSISR] |= 0x00100000;
776 #if defined (DEBUG_EXCEPTIONS)
778 fprintf(logfile, "DSI exception: DSISR=0x%08x, DAR=0x%08x\n",
779 env->spr[DSISR], env->spr[DAR]);
781 printf("DSI exception: DSISR=0x%08x, DAR=0x%08x nip=0x%08x\n",
782 env->spr[DSISR], env->spr[DAR], env->nip);
787 /* Store exception cause */
789 if (env->error_code == EXCP_ISI_TRANSLATE)
791 else if (env->error_code == EXCP_ISI_NOEXEC ||
792 env->error_code == EXCP_ISI_GUARD ||
793 env->error_code == EXCP_ISI_DIRECT)
797 #if defined (DEBUG_EXCEPTIONS)
799 fprintf(logfile, "ISI exception: msr=0x%08x, nip=0x%08x\n",
802 printf("ISI exception: msr=0x%08x, nip=0x%08x tbl:0x%08x\n",
803 msr, env->nip, env->spr[V_TBL]);
809 #if defined (DEBUG_EXCEPTIONS)
811 fprintf(logfile, "Skipping hardware interrupt\n");
815 do_queue_exception(EXCP_EXTERNAL);
820 /* Store exception cause */
821 /* Get rS/rD and rA from faulting opcode */
823 (ldl_code((void *)(env->nip - 4)) & 0x03FF0000) >> 16;
824 /* data location address has been stored
825 * when the fault has been detected
830 switch (env->error_code & ~0xF) {
832 if (msr_fe0 == 0 && msr_fe1 == 0) {
833 #if defined (DEBUG_EXCEPTIONS)
834 printf("Ignore floating point exception\n");
840 env->fpscr[7] |= 0x8;
841 /* Finally, update FEX */
842 if ((((env->fpscr[7] & 0x3) << 3) | (env->fpscr[6] >> 1)) &
843 ((env->fpscr[1] << 1) | (env->fpscr[0] >> 3)))
844 env->fpscr[7] |= 0x4;
847 printf("Invalid instruction at 0x%08x\n", env->nip);
857 /* Should never occur */
867 do_queue_exception(EXCP_DECR);
872 #if defined (DEBUG_EXCEPTIONS)
875 fprintf(logfile, "syscall %d 0x%08x 0x%08x 0x%08x 0x%08x\n",
876 env->gpr[0], env->gpr[3], env->gpr[4],
877 env->gpr[5], env->gpr[6]);
879 printf("syscall %d from 0x%08x 0x%08x 0x%08x 0x%08x 0x%08x\n",
880 env->gpr[0], env->nip, env->gpr[3], env->gpr[4],
881 env->gpr[5], env->gpr[6]);
897 /* Restore user-mode state */
899 #if defined (DEBUG_EXCEPTIONS)
901 printf("Return from exception => 0x%08x\n", (uint32_t)env->nip);
905 /* SRR0 is set to current instruction */
906 env->spr[SRR0] = (uint32_t)env->nip - 4;
909 /* SRR0 is set to next instruction */
910 env->spr[SRR0] = (uint32_t)env->nip;
913 env->spr[SRR1] = msr;
914 /* reload MSR with correct bits */
927 /* Jump to handler */
928 env->nip = excp << 8;
929 env->exception_index = EXCP_NONE;
930 /* Invalidate all TLB as we may have changed translation mode */
932 /* ensure that no TB jump will be modified as
933 the program flow was changed */
projects / qemu / blob