Add a new mmu-booke.c file for BookE and related MMU bits from
mmu_common.c.
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
target/ppc/cpu.h | 4 -
target/ppc/meson.build | 1 +
target/ppc/mmu-booke.c | 532 ++++++++++++++++++++++++++++++++++++++++
target/ppc/mmu-booke.h | 17 ++
target/ppc/mmu_common.c | 509 +-------------------------------------
target/ppc/mmu_helper.c | 1 +
6 files changed, 552 insertions(+), 512 deletions(-)
create mode 100644 target/ppc/mmu-booke.c
create mode 100644 target/ppc/mmu-booke.h
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index cfb3ba5ac8..92b50a1be2 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1606,10 +1606,6 @@ void ppc_tlb_invalidate_all(CPUPPCState *env);
void ppc_tlb_invalidate_one(CPUPPCState *env, target_ulong addr);
void cpu_ppc_set_vhyp(PowerPCCPU *cpu, PPCVirtualHypervisor *vhyp);
void cpu_ppc_set_1lpar(PowerPCCPU *cpu);
-int ppcmas_tlb_check(CPUPPCState *env, ppcmas_tlb_t *tlb, hwaddr *raddrp,
- target_ulong address, uint32_t pid);
-int ppcemb_tlb_search(CPUPPCState *env, target_ulong address, uint32_t pid);
-hwaddr booke206_tlb_to_page_size(CPUPPCState *env, ppcmas_tlb_t *tlb);
#endif
void ppc_store_fpscr(CPUPPCState *env, target_ulong val);
diff --git a/target/ppc/meson.build b/target/ppc/meson.build
index 0b89f9b89f..db3b7a0c33 100644
--- a/target/ppc/meson.build
+++ b/target/ppc/meson.build
@@ -37,6 +37,7 @@ ppc_system_ss.add(files(
'arch_dump.c',
'machine.c',
'mmu-hash32.c',
+ 'mmu-booke.c',
'mmu_common.c',
'ppc-qmp-cmds.c',
))
diff --git a/target/ppc/mmu-booke.c b/target/ppc/mmu-booke.c
new file mode 100644
index 0000000000..cc93dc1c8c
--- /dev/null
+++ b/target/ppc/mmu-booke.c
@@ -0,0 +1,532 @@
+/*
+ * PowerPC BookE MMU, TLB emulation helpers for QEMU.
+ *
+ * Copyright (c) 2003-2007 Jocelyn Mayer
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu/osdep.h"
+#include "exec/page-protection.h"
+#include "exec/log.h"
+#include "cpu.h"
+#include "internal.h"
+#include "mmu-booke.h"
+
+/* Generic TLB check function for embedded PowerPC implementations */
+static bool ppcemb_tlb_check(CPUPPCState *env, ppcemb_tlb_t *tlb,
+ hwaddr *raddrp,
+ target_ulong address, uint32_t pid, int i)
+{
+ target_ulong mask;
+
+ /* Check valid flag */
+ if (!(tlb->prot & PAGE_VALID)) {
+ return false;
+ }
+ mask = ~(tlb->size - 1);
+ qemu_log_mask(CPU_LOG_MMU, "%s: TLB %d address " TARGET_FMT_lx
+ " PID %u <=> " TARGET_FMT_lx " " TARGET_FMT_lx " %u %x\n",
+ __func__, i, address, pid, tlb->EPN,
+ mask, (uint32_t)tlb->PID, tlb->prot);
+ /* Check PID */
+ if (tlb->PID != 0 && tlb->PID != pid) {
+ return false;
+ }
+ /* Check effective address */
+ if ((address & mask) != tlb->EPN) {
+ return false;
+ }
+ *raddrp = (tlb->RPN & mask) | (address & ~mask);
+ return true;
+}
+
+/* Generic TLB search function for PowerPC embedded implementations */
+int ppcemb_tlb_search(CPUPPCState *env, target_ulong address, uint32_t pid)
+{
+ ppcemb_tlb_t *tlb;
+ hwaddr raddr;
+ int i;
+
+ for (i = 0; i < env->nb_tlb; i++) {
+ tlb = &env->tlb.tlbe[i];
+ if (ppcemb_tlb_check(env, tlb, &raddr, address, pid, i)) {
+ return i;
+ }
+ }
+ return -1;
+}
+
+int mmu40x_get_physical_address(CPUPPCState *env, hwaddr *raddr, int *prot,
+ target_ulong address,
+ MMUAccessType access_type)
+{
+ ppcemb_tlb_t *tlb;
+ int i, ret, zsel, zpr, pr;
+
+ ret = -1;
+ *prot = 0;
+ pr = FIELD_EX64(env->msr, MSR, PR);
+ for (i = 0; i < env->nb_tlb; i++) {
+ tlb = &env->tlb.tlbe[i];
+ if (!ppcemb_tlb_check(env, tlb, raddr, address,
+ env->spr[SPR_40x_PID], i)) {
+ continue;
+ }
+ zsel = (tlb->attr >> 4) & 0xF;
+ zpr = (env->spr[SPR_40x_ZPR] >> (30 - (2 * zsel))) & 0x3;
+ qemu_log_mask(CPU_LOG_MMU,
+ "%s: TLB %d zsel %d zpr %d ty %d attr %08x\n",
+ __func__, i, zsel, zpr, access_type, tlb->attr);
+ /* Check execute enable bit */
+ switch (zpr) {
+ case 0x2:
+ if (pr != 0) {
+ goto check_perms;
+ }
+ /* fall through */
+ case 0x3:
+ /* All accesses granted */
+ *prot = PAGE_RWX;
+ ret = 0;
+ break;
+
+ case 0x0:
+ if (pr != 0) {
+ /* Raise Zone protection fault. */
+ env->spr[SPR_40x_ESR] = 1 << 22;
+ *prot = 0;
+ ret = -2;
+ break;
+ }
+ /* fall through */
+ case 0x1:
+check_perms:
+ /* Check from TLB entry */
+ *prot = tlb->prot;
+ if (CHECK_PROT_ACCESS(*prot, access_type)) {
+ ret = 0;
+ } else {
+ env->spr[SPR_40x_ESR] = 0;
+ ret = -2;
+ }
+ break;
+ }
+ }
+ qemu_log_mask(CPU_LOG_MMU, "%s: access %s " TARGET_FMT_lx " => "
+ HWADDR_FMT_plx " %d %d\n", __func__,
+ ret < 0 ? "refused" : "granted", address,
+ ret < 0 ? 0 : *raddr, *prot, ret);
+
+ return ret;
+}
+
+static bool mmubooke_check_pid(CPUPPCState *env, ppcemb_tlb_t *tlb,
+ hwaddr *raddr, target_ulong addr, int i)
+{
+ if (ppcemb_tlb_check(env, tlb, raddr, addr, env->spr[SPR_BOOKE_PID], i)) {
+ if (!env->nb_pids) {
+ /* Extend the physical address to 36 bits */
+ *raddr |= (uint64_t)(tlb->RPN & 0xF) << 32;
+ }
+ return true;
+ } else if (!env->nb_pids) {
+ return false;
+ }
+ if (env->spr[SPR_BOOKE_PID1] &&
+ ppcemb_tlb_check(env, tlb, raddr, addr, env->spr[SPR_BOOKE_PID1], i)) {
+ return true;
+ }
+ if (env->spr[SPR_BOOKE_PID2] &&
+ ppcemb_tlb_check(env, tlb, raddr, addr, env->spr[SPR_BOOKE_PID2], i)) {
+ return true;
+ }
+ return false;
+}
+
+static int mmubooke_check_tlb(CPUPPCState *env, ppcemb_tlb_t *tlb,
+ hwaddr *raddr, int *prot, target_ulong address,
+ MMUAccessType access_type, int i)
+{
+ if (!mmubooke_check_pid(env, tlb, raddr, address, i)) {
+ qemu_log_mask(CPU_LOG_MMU, "%s: TLB entry not found\n", __func__);
+ return -1;
+ }
+
+ /* Check the address space */
+ if ((access_type == MMU_INST_FETCH ?
+ FIELD_EX64(env->msr, MSR, IR) :
+ FIELD_EX64(env->msr, MSR, DR)) != (tlb->attr & 1)) {
+ qemu_log_mask(CPU_LOG_MMU, "%s: AS doesn't match\n", __func__);
+ return -1;
+ }
+
+ if (FIELD_EX64(env->msr, MSR, PR)) {
+ *prot = tlb->prot & 0xF;
+ } else {
+ *prot = (tlb->prot >> 4) & 0xF;
+ }
+ if (CHECK_PROT_ACCESS(*prot, access_type)) {
+ qemu_log_mask(CPU_LOG_MMU, "%s: good TLB!\n", __func__);
+ return 0;
+ }
+
+ qemu_log_mask(CPU_LOG_MMU, "%s: no prot match: %x\n", __func__, *prot);
+ return access_type == MMU_INST_FETCH ? -3 : -2;
+}
+
+static int mmubooke_get_physical_address(CPUPPCState *env, hwaddr *raddr,
+ int *prot, target_ulong address,
+ MMUAccessType access_type)
+{
+ ppcemb_tlb_t *tlb;
+ int i, ret = -1;
+
+ for (i = 0; i < env->nb_tlb; i++) {
+ tlb = &env->tlb.tlbe[i];
+ ret = mmubooke_check_tlb(env, tlb, raddr, prot, address,
+ access_type, i);
+ if (ret != -1) {
+ break;
+ }
+ }
+ qemu_log_mask(CPU_LOG_MMU,
+ "%s: access %s " TARGET_FMT_lx " => " HWADDR_FMT_plx
+ " %d %d\n", __func__, ret < 0 ? "refused" : "granted",
+ address, ret < 0 ? -1 : *raddr, ret == -1 ? 0 : *prot, ret);
+ return ret;
+}
+
+hwaddr booke206_tlb_to_page_size(CPUPPCState *env, ppcmas_tlb_t *tlb)
+{
+ int tlbm_size;
+
+ tlbm_size = (tlb->mas1 & MAS1_TSIZE_MASK) >> MAS1_TSIZE_SHIFT;
+
+ return 1024ULL << tlbm_size;
+}
+
+/* TLB check function for MAS based SoftTLBs */
+int ppcmas_tlb_check(CPUPPCState *env, ppcmas_tlb_t *tlb, hwaddr *raddrp,
+ target_ulong address, uint32_t pid)
+{
+ hwaddr mask;
+ uint32_t tlb_pid;
+
+ if (!FIELD_EX64(env->msr, MSR, CM)) {
+ /* In 32bit mode we can only address 32bit EAs */
+ address = (uint32_t)address;
+ }
+
+ /* Check valid flag */
+ if (!(tlb->mas1 & MAS1_VALID)) {
+ return -1;
+ }
+
+ mask = ~(booke206_tlb_to_page_size(env, tlb) - 1);
+ qemu_log_mask(CPU_LOG_MMU, "%s: TLB ADDR=0x" TARGET_FMT_lx
+ " PID=0x%x MAS1=0x%x MAS2=0x%" PRIx64 " mask=0x%"
+ HWADDR_PRIx " MAS7_3=0x%" PRIx64 " MAS8=0x%" PRIx32 "\n",
+ __func__, address, pid, tlb->mas1, tlb->mas2, mask,
+ tlb->mas7_3, tlb->mas8);
+
+ /* Check PID */
+ tlb_pid = (tlb->mas1 & MAS1_TID_MASK) >> MAS1_TID_SHIFT;
+ if (tlb_pid != 0 && tlb_pid != pid) {
+ return -1;
+ }
+
+ /* Check effective address */
+ if ((address & mask) != (tlb->mas2 & MAS2_EPN_MASK)) {
+ return -1;
+ }
+
+ if (raddrp) {
+ *raddrp = (tlb->mas7_3 & mask) | (address & ~mask);
+ }
+
+ return 0;
+}
+
+static bool is_epid_mmu(int mmu_idx)
+{
+ return mmu_idx == PPC_TLB_EPID_STORE || mmu_idx == PPC_TLB_EPID_LOAD;
+}
+
+static uint32_t mmubooke206_esr(int mmu_idx, MMUAccessType access_type)
+{
+ uint32_t esr = 0;
+ if (access_type == MMU_DATA_STORE) {
+ esr |= ESR_ST;
+ }
+ if (is_epid_mmu(mmu_idx)) {
+ esr |= ESR_EPID;
+ }
+ return esr;
+}
+
+/*
+ * Get EPID register given the mmu_idx. If this is regular load,
+ * construct the EPID access bits from current processor state
+ *
+ * Get the effective AS and PR bits and the PID. The PID is returned
+ * only if EPID load is requested, otherwise the caller must detect
+ * the correct EPID. Return true if valid EPID is returned.
+ */
+static bool mmubooke206_get_as(CPUPPCState *env,
+ int mmu_idx, uint32_t *epid_out,
+ bool *as_out, bool *pr_out)
+{
+ if (is_epid_mmu(mmu_idx)) {
+ uint32_t epidr;
+ if (mmu_idx == PPC_TLB_EPID_STORE) {
+ epidr = env->spr[SPR_BOOKE_EPSC];
+ } else {
+ epidr = env->spr[SPR_BOOKE_EPLC];
+ }
+ *epid_out = (epidr & EPID_EPID) >> EPID_EPID_SHIFT;
+ *as_out = !!(epidr & EPID_EAS);
+ *pr_out = !!(epidr & EPID_EPR);
+ return true;
+ } else {
+ *as_out = FIELD_EX64(env->msr, MSR, DS);
+ *pr_out = FIELD_EX64(env->msr, MSR, PR);
+ return false;
+ }
+}
+
+/* Check if the tlb found by hashing really matches */
+static int mmubooke206_check_tlb(CPUPPCState *env, ppcmas_tlb_t *tlb,
+ hwaddr *raddr, int *prot,
+ target_ulong address,
+ MMUAccessType access_type, int mmu_idx)
+{
+ uint32_t epid;
+ bool as, pr;
+ bool use_epid = mmubooke206_get_as(env, mmu_idx, &epid, &as, &pr);
+
+ if (!use_epid) {
+ if (ppcmas_tlb_check(env, tlb, raddr, address,
+ env->spr[SPR_BOOKE_PID]) >= 0) {
+ goto found_tlb;
+ }
+
+ if (env->spr[SPR_BOOKE_PID1] &&
+ ppcmas_tlb_check(env, tlb, raddr, address,
+ env->spr[SPR_BOOKE_PID1]) >= 0) {
+ goto found_tlb;
+ }
+
+ if (env->spr[SPR_BOOKE_PID2] &&
+ ppcmas_tlb_check(env, tlb, raddr, address,
+ env->spr[SPR_BOOKE_PID2]) >= 0) {
+ goto found_tlb;
+ }
+ } else {
+ if (ppcmas_tlb_check(env, tlb, raddr, address, epid) >= 0) {
+ goto found_tlb;
+ }
+ }
+
+ qemu_log_mask(CPU_LOG_MMU, "%s: No TLB entry found for effective address "
+ "0x" TARGET_FMT_lx "\n", __func__, address);
+ return -1;
+
+found_tlb:
+
+ /* Check the address space and permissions */
+ if (access_type == MMU_INST_FETCH) {
+ /* There is no way to fetch code using epid load */
+ assert(!use_epid);
+ as = FIELD_EX64(env->msr, MSR, IR);
+ }
+
+ if (as != ((tlb->mas1 & MAS1_TS) >> MAS1_TS_SHIFT)) {
+ qemu_log_mask(CPU_LOG_MMU, "%s: AS doesn't match\n", __func__);
+ return -1;
+ }
+
+ *prot = 0;
+ if (pr) {
+ if (tlb->mas7_3 & MAS3_UR) {
+ *prot |= PAGE_READ;
+ }
+ if (tlb->mas7_3 & MAS3_UW) {
+ *prot |= PAGE_WRITE;
+ }
+ if (tlb->mas7_3 & MAS3_UX) {
+ *prot |= PAGE_EXEC;
+ }
+ } else {
+ if (tlb->mas7_3 & MAS3_SR) {
+ *prot |= PAGE_READ;
+ }
+ if (tlb->mas7_3 & MAS3_SW) {
+ *prot |= PAGE_WRITE;
+ }
+ if (tlb->mas7_3 & MAS3_SX) {
+ *prot |= PAGE_EXEC;
+ }
+ }
+ if (CHECK_PROT_ACCESS(*prot, access_type)) {
+ qemu_log_mask(CPU_LOG_MMU, "%s: good TLB!\n", __func__);
+ return 0;
+ }
+
+ qemu_log_mask(CPU_LOG_MMU, "%s: no prot match: %x\n", __func__, *prot);
+ return access_type == MMU_INST_FETCH ? -3 : -2;
+}
+
+static int mmubooke206_get_physical_address(CPUPPCState *env, hwaddr *raddr,
+ int *prot, target_ulong address,
+ MMUAccessType access_type,
+ int mmu_idx)
+{
+ ppcmas_tlb_t *tlb;
+ int i, j, ret = -1;
+
+ for (i = 0; i < BOOKE206_MAX_TLBN; i++) {
+ int ways = booke206_tlb_ways(env, i);
+ for (j = 0; j < ways; j++) {
+ tlb = booke206_get_tlbm(env, i, address, j);
+ if (!tlb) {
+ continue;
+ }
+ ret = mmubooke206_check_tlb(env, tlb, raddr, prot, address,
+ access_type, mmu_idx);
+ if (ret != -1) {
+ goto found_tlb;
+ }
+ }
+ }
+
+found_tlb:
+
+ qemu_log_mask(CPU_LOG_MMU, "%s: access %s " TARGET_FMT_lx " => "
+ HWADDR_FMT_plx " %d %d\n", __func__,
+ ret < 0 ? "refused" : "granted", address,
+ ret < 0 ? -1 : *raddr, ret == -1 ? 0 : *prot, ret);
+ return ret;
+}
+
+static void booke206_update_mas_tlb_miss(CPUPPCState *env, target_ulong address,
+ MMUAccessType access_type, int mmu_idx)
+{
+ uint32_t epid;
+ bool as, pr;
+ uint32_t missed_tid = 0;
+ bool use_epid = mmubooke206_get_as(env, mmu_idx, &epid, &as, &pr);
+
+ if (access_type == MMU_INST_FETCH) {
+ as = FIELD_EX64(env->msr, MSR, IR);
+ }
+ env->spr[SPR_BOOKE_MAS0] = env->spr[SPR_BOOKE_MAS4] & MAS4_TLBSELD_MASK;
+ env->spr[SPR_BOOKE_MAS1] = env->spr[SPR_BOOKE_MAS4] & MAS4_TSIZED_MASK;
+ env->spr[SPR_BOOKE_MAS2] = env->spr[SPR_BOOKE_MAS4] & MAS4_WIMGED_MASK;
+ env->spr[SPR_BOOKE_MAS3] = 0;
+ env->spr[SPR_BOOKE_MAS6] = 0;
+ env->spr[SPR_BOOKE_MAS7] = 0;
+
+ /* AS */
+ if (as) {
+ env->spr[SPR_BOOKE_MAS1] |= MAS1_TS;
+ env->spr[SPR_BOOKE_MAS6] |= MAS6_SAS;
+ }
+
+ env->spr[SPR_BOOKE_MAS1] |= MAS1_VALID;
+ env->spr[SPR_BOOKE_MAS2] |= address & MAS2_EPN_MASK;
+
+ if (!use_epid) {
+ switch (env->spr[SPR_BOOKE_MAS4] & MAS4_TIDSELD_PIDZ) {
+ case MAS4_TIDSELD_PID0:
+ missed_tid = env->spr[SPR_BOOKE_PID];
+ break;
+ case MAS4_TIDSELD_PID1:
+ missed_tid = env->spr[SPR_BOOKE_PID1];
+ break;
+ case MAS4_TIDSELD_PID2:
+ missed_tid = env->spr[SPR_BOOKE_PID2];
+ break;
+ }
+ env->spr[SPR_BOOKE_MAS6] |= env->spr[SPR_BOOKE_PID] << 16;
+ } else {
+ missed_tid = epid;
+ env->spr[SPR_BOOKE_MAS6] |= missed_tid << 16;
+ }
+ env->spr[SPR_BOOKE_MAS1] |= (missed_tid << MAS1_TID_SHIFT);
+
+
+ /* next victim logic */
+ env->spr[SPR_BOOKE_MAS0] |= env->last_way << MAS0_ESEL_SHIFT;
+ env->last_way++;
+ env->last_way &= booke206_tlb_ways(env, 0) - 1;
+ env->spr[SPR_BOOKE_MAS0] |= env->last_way << MAS0_NV_SHIFT;
+}
+
+bool ppc_booke_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
+ hwaddr *raddrp, int *psizep, int *protp, int mmu_idx,
+ bool guest_visible)
+{
+ CPUState *cs = CPU(cpu);
+ CPUPPCState *env = &cpu->env;
+ hwaddr raddr;
+ int prot, ret;
+
+ if (env->mmu_model == POWERPC_MMU_BOOKE206) {
+ ret = mmubooke206_get_physical_address(env, &raddr, &prot, eaddr,
+ access_type, mmu_idx);
+ } else {
+ ret = mmubooke_get_physical_address(env, &raddr, &prot, eaddr,
+ access_type);
+ }
+ if (ret == 0) {
+ *raddrp = raddr;
+ *protp = prot;
+ *psizep = TARGET_PAGE_BITS;
+ return true;
+ } else if (!guest_visible) {
+ return false;
+ }
+
+ log_cpu_state_mask(CPU_LOG_MMU, cs, 0);
+ env->error_code = 0;
+ switch (ret) {
+ case -1:
+ /* No matches in page tables or TLB */
+ if (env->mmu_model == POWERPC_MMU_BOOKE206) {
+ booke206_update_mas_tlb_miss(env, eaddr, access_type, mmu_idx);
+ }
+ cs->exception_index = (access_type == MMU_INST_FETCH) ?
+ POWERPC_EXCP_ITLB : POWERPC_EXCP_DTLB;
+ env->spr[SPR_BOOKE_DEAR] = eaddr;
+ env->spr[SPR_BOOKE_ESR] = mmubooke206_esr(mmu_idx, access_type);
+ break;
+ case -2:
+ /* Access rights violation */
+ cs->exception_index = (access_type == MMU_INST_FETCH) ?
+ POWERPC_EXCP_ISI : POWERPC_EXCP_DSI;
+ if (access_type != MMU_INST_FETCH) {
+ env->spr[SPR_BOOKE_DEAR] = eaddr;
+ env->spr[SPR_BOOKE_ESR] = mmubooke206_esr(mmu_idx, access_type);
+ }
+ break;
+ case -3:
+ /* No execute protection violation */
+ cs->exception_index = POWERPC_EXCP_ISI;
+ env->spr[SPR_BOOKE_ESR] = 0;
+ break;
+ }
+
+ return false;
+}
diff --git a/target/ppc/mmu-booke.h b/target/ppc/mmu-booke.h
new file mode 100644
index 0000000000..f972843bbb
--- /dev/null
+++ b/target/ppc/mmu-booke.h
@@ -0,0 +1,17 @@
+#ifndef PPC_MMU_BOOKE_H
+#define PPC_MMU_BOOKE_H
+
+#include "cpu.h"
+
+int ppcemb_tlb_search(CPUPPCState *env, target_ulong address, uint32_t pid);
+int mmu40x_get_physical_address(CPUPPCState *env, hwaddr *raddr, int *prot,
+ target_ulong address,
+ MMUAccessType access_type);
+hwaddr booke206_tlb_to_page_size(CPUPPCState *env, ppcmas_tlb_t *tlb);
+int ppcmas_tlb_check(CPUPPCState *env, ppcmas_tlb_t *tlb, hwaddr *raddrp,
+ target_ulong address, uint32_t pid);
+bool ppc_booke_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
+ hwaddr *raddrp, int *psizep, int *protp, int mmu_idx,
+ bool guest_visible);
+
+#endif
diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index bcd20ddc7b..9be48c8db0 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -33,6 +33,7 @@
#include "internal.h"
#include "mmu-book3s-v3.h"
#include "mmu-radix64.h"
+#include "mmu-booke.h"
/* #define DUMP_PAGE_TABLES */
@@ -444,402 +445,6 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
return -2;
}
-/* Generic TLB check function for embedded PowerPC implementations */
-static bool ppcemb_tlb_check(CPUPPCState *env, ppcemb_tlb_t *tlb,
- hwaddr *raddrp,
- target_ulong address, uint32_t pid, int i)
-{
- target_ulong mask;
-
- /* Check valid flag */
- if (!(tlb->prot & PAGE_VALID)) {
- return false;
- }
- mask = ~(tlb->size - 1);
- qemu_log_mask(CPU_LOG_MMU, "%s: TLB %d address " TARGET_FMT_lx
- " PID %u <=> " TARGET_FMT_lx " " TARGET_FMT_lx " %u %x\n",
- __func__, i, address, pid, tlb->EPN,
- mask, (uint32_t)tlb->PID, tlb->prot);
- /* Check PID */
- if (tlb->PID != 0 && tlb->PID != pid) {
- return false;
- }
- /* Check effective address */
- if ((address & mask) != tlb->EPN) {
- return false;
- }
- *raddrp = (tlb->RPN & mask) | (address & ~mask);
- return true;
-}
-
-/* Generic TLB search function for PowerPC embedded implementations */
-int ppcemb_tlb_search(CPUPPCState *env, target_ulong address, uint32_t pid)
-{
- ppcemb_tlb_t *tlb;
- hwaddr raddr;
- int i;
-
- for (i = 0; i < env->nb_tlb; i++) {
- tlb = &env->tlb.tlbe[i];
- if (ppcemb_tlb_check(env, tlb, &raddr, address, pid, i)) {
- return i;
- }
- }
- return -1;
-}
-
-static int mmu40x_get_physical_address(CPUPPCState *env, hwaddr *raddr,
- int *prot, target_ulong address,
- MMUAccessType access_type)
-{
- ppcemb_tlb_t *tlb;
- int i, ret, zsel, zpr, pr;
-
- ret = -1;
- *prot = 0;
- pr = FIELD_EX64(env->msr, MSR, PR);
- for (i = 0; i < env->nb_tlb; i++) {
- tlb = &env->tlb.tlbe[i];
- if (!ppcemb_tlb_check(env, tlb, raddr, address,
- env->spr[SPR_40x_PID], i)) {
- continue;
- }
- zsel = (tlb->attr >> 4) & 0xF;
- zpr = (env->spr[SPR_40x_ZPR] >> (30 - (2 * zsel))) & 0x3;
- qemu_log_mask(CPU_LOG_MMU,
- "%s: TLB %d zsel %d zpr %d ty %d attr %08x\n",
- __func__, i, zsel, zpr, access_type, tlb->attr);
- /* Check execute enable bit */
- switch (zpr) {
- case 0x2:
- if (pr != 0) {
- goto check_perms;
- }
- /* fall through */
- case 0x3:
- /* All accesses granted */
- *prot = PAGE_RWX;
- ret = 0;
- break;
-
- case 0x0:
- if (pr != 0) {
- /* Raise Zone protection fault. */
- env->spr[SPR_40x_ESR] = 1 << 22;
- *prot = 0;
- ret = -2;
- break;
- }
- /* fall through */
- case 0x1:
-check_perms:
- /* Check from TLB entry */
- *prot = tlb->prot;
- if (CHECK_PROT_ACCESS(*prot, access_type)) {
- ret = 0;
- } else {
- env->spr[SPR_40x_ESR] = 0;
- ret = -2;
- }
- break;
- }
- }
- qemu_log_mask(CPU_LOG_MMU, "%s: access %s " TARGET_FMT_lx " => "
- HWADDR_FMT_plx " %d %d\n", __func__,
- ret < 0 ? "refused" : "granted", address,
- ret < 0 ? 0 : *raddr, *prot, ret);
-
- return ret;
-}
-
-static bool mmubooke_check_pid(CPUPPCState *env, ppcemb_tlb_t *tlb,
- hwaddr *raddr, target_ulong addr, int i)
-{
- if (ppcemb_tlb_check(env, tlb, raddr, addr, env->spr[SPR_BOOKE_PID], i)) {
- if (!env->nb_pids) {
- /* Extend the physical address to 36 bits */
- *raddr |= (uint64_t)(tlb->RPN & 0xF) << 32;
- }
- return true;
- } else if (!env->nb_pids) {
- return false;
- }
- if (env->spr[SPR_BOOKE_PID1] &&
- ppcemb_tlb_check(env, tlb, raddr, addr, env->spr[SPR_BOOKE_PID1], i)) {
- return true;
- }
- if (env->spr[SPR_BOOKE_PID2] &&
- ppcemb_tlb_check(env, tlb, raddr, addr, env->spr[SPR_BOOKE_PID2], i)) {
- return true;
- }
- return false;
-}
-
-static int mmubooke_check_tlb(CPUPPCState *env, ppcemb_tlb_t *tlb,
- hwaddr *raddr, int *prot, target_ulong address,
- MMUAccessType access_type, int i)
-{
- if (!mmubooke_check_pid(env, tlb, raddr, address, i)) {
- qemu_log_mask(CPU_LOG_MMU, "%s: TLB entry not found\n", __func__);
- return -1;
- }
-
- /* Check the address space */
- if ((access_type == MMU_INST_FETCH ?
- FIELD_EX64(env->msr, MSR, IR) :
- FIELD_EX64(env->msr, MSR, DR)) != (tlb->attr & 1)) {
- qemu_log_mask(CPU_LOG_MMU, "%s: AS doesn't match\n", __func__);
- return -1;
- }
-
- if (FIELD_EX64(env->msr, MSR, PR)) {
- *prot = tlb->prot & 0xF;
- } else {
- *prot = (tlb->prot >> 4) & 0xF;
- }
- if (CHECK_PROT_ACCESS(*prot, access_type)) {
- qemu_log_mask(CPU_LOG_MMU, "%s: good TLB!\n", __func__);
- return 0;
- }
-
- qemu_log_mask(CPU_LOG_MMU, "%s: no prot match: %x\n", __func__, *prot);
- return access_type == MMU_INST_FETCH ? -3 : -2;
-}
-
-static int mmubooke_get_physical_address(CPUPPCState *env, hwaddr *raddr,
- int *prot, target_ulong address,
- MMUAccessType access_type)
-{
- ppcemb_tlb_t *tlb;
- int i, ret = -1;
-
- for (i = 0; i < env->nb_tlb; i++) {
- tlb = &env->tlb.tlbe[i];
- ret = mmubooke_check_tlb(env, tlb, raddr, prot, address,
- access_type, i);
- if (ret != -1) {
- break;
- }
- }
- qemu_log_mask(CPU_LOG_MMU,
- "%s: access %s " TARGET_FMT_lx " => " HWADDR_FMT_plx
- " %d %d\n", __func__, ret < 0 ? "refused" : "granted",
- address, ret < 0 ? -1 : *raddr, ret == -1 ? 0 : *prot, ret);
- return ret;
-}
-
-hwaddr booke206_tlb_to_page_size(CPUPPCState *env, ppcmas_tlb_t *tlb)
-{
- int tlbm_size;
-
- tlbm_size = (tlb->mas1 & MAS1_TSIZE_MASK) >> MAS1_TSIZE_SHIFT;
-
- return 1024ULL << tlbm_size;
-}
-
-/* TLB check function for MAS based SoftTLBs */
-int ppcmas_tlb_check(CPUPPCState *env, ppcmas_tlb_t *tlb, hwaddr *raddrp,
- target_ulong address, uint32_t pid)
-{
- hwaddr mask;
- uint32_t tlb_pid;
-
- if (!FIELD_EX64(env->msr, MSR, CM)) {
- /* In 32bit mode we can only address 32bit EAs */
- address = (uint32_t)address;
- }
-
- /* Check valid flag */
- if (!(tlb->mas1 & MAS1_VALID)) {
- return -1;
- }
-
- mask = ~(booke206_tlb_to_page_size(env, tlb) - 1);
- qemu_log_mask(CPU_LOG_MMU, "%s: TLB ADDR=0x" TARGET_FMT_lx
- " PID=0x%x MAS1=0x%x MAS2=0x%" PRIx64 " mask=0x%"
- HWADDR_PRIx " MAS7_3=0x%" PRIx64 " MAS8=0x%" PRIx32 "\n",
- __func__, address, pid, tlb->mas1, tlb->mas2, mask,
- tlb->mas7_3, tlb->mas8);
-
- /* Check PID */
- tlb_pid = (tlb->mas1 & MAS1_TID_MASK) >> MAS1_TID_SHIFT;
- if (tlb_pid != 0 && tlb_pid != pid) {
- return -1;
- }
-
- /* Check effective address */
- if ((address & mask) != (tlb->mas2 & MAS2_EPN_MASK)) {
- return -1;
- }
-
- if (raddrp) {
- *raddrp = (tlb->mas7_3 & mask) | (address & ~mask);
- }
-
- return 0;
-}
-
-static bool is_epid_mmu(int mmu_idx)
-{
- return mmu_idx == PPC_TLB_EPID_STORE || mmu_idx == PPC_TLB_EPID_LOAD;
-}
-
-static uint32_t mmubooke206_esr(int mmu_idx, MMUAccessType access_type)
-{
- uint32_t esr = 0;
- if (access_type == MMU_DATA_STORE) {
- esr |= ESR_ST;
- }
- if (is_epid_mmu(mmu_idx)) {
- esr |= ESR_EPID;
- }
- return esr;
-}
-
-/*
- * Get EPID register given the mmu_idx. If this is regular load,
- * construct the EPID access bits from current processor state
- *
- * Get the effective AS and PR bits and the PID. The PID is returned
- * only if EPID load is requested, otherwise the caller must detect
- * the correct EPID. Return true if valid EPID is returned.
- */
-static bool mmubooke206_get_as(CPUPPCState *env,
- int mmu_idx, uint32_t *epid_out,
- bool *as_out, bool *pr_out)
-{
- if (is_epid_mmu(mmu_idx)) {
- uint32_t epidr;
- if (mmu_idx == PPC_TLB_EPID_STORE) {
- epidr = env->spr[SPR_BOOKE_EPSC];
- } else {
- epidr = env->spr[SPR_BOOKE_EPLC];
- }
- *epid_out = (epidr & EPID_EPID) >> EPID_EPID_SHIFT;
- *as_out = !!(epidr & EPID_EAS);
- *pr_out = !!(epidr & EPID_EPR);
- return true;
- } else {
- *as_out = FIELD_EX64(env->msr, MSR, DS);
- *pr_out = FIELD_EX64(env->msr, MSR, PR);
- return false;
- }
-}
-
-/* Check if the tlb found by hashing really matches */
-static int mmubooke206_check_tlb(CPUPPCState *env, ppcmas_tlb_t *tlb,
- hwaddr *raddr, int *prot,
- target_ulong address,
- MMUAccessType access_type, int mmu_idx)
-{
- uint32_t epid;
- bool as, pr;
- bool use_epid = mmubooke206_get_as(env, mmu_idx, &epid, &as, &pr);
-
- if (!use_epid) {
- if (ppcmas_tlb_check(env, tlb, raddr, address,
- env->spr[SPR_BOOKE_PID]) >= 0) {
- goto found_tlb;
- }
-
- if (env->spr[SPR_BOOKE_PID1] &&
- ppcmas_tlb_check(env, tlb, raddr, address,
- env->spr[SPR_BOOKE_PID1]) >= 0) {
- goto found_tlb;
- }
-
- if (env->spr[SPR_BOOKE_PID2] &&
- ppcmas_tlb_check(env, tlb, raddr, address,
- env->spr[SPR_BOOKE_PID2]) >= 0) {
- goto found_tlb;
- }
- } else {
- if (ppcmas_tlb_check(env, tlb, raddr, address, epid) >= 0) {
- goto found_tlb;
- }
- }
-
- qemu_log_mask(CPU_LOG_MMU, "%s: No TLB entry found for effective address "
- "0x" TARGET_FMT_lx "\n", __func__, address);
- return -1;
-
-found_tlb:
-
- /* Check the address space and permissions */
- if (access_type == MMU_INST_FETCH) {
- /* There is no way to fetch code using epid load */
- assert(!use_epid);
- as = FIELD_EX64(env->msr, MSR, IR);
- }
-
- if (as != ((tlb->mas1 & MAS1_TS) >> MAS1_TS_SHIFT)) {
- qemu_log_mask(CPU_LOG_MMU, "%s: AS doesn't match\n", __func__);
- return -1;
- }
-
- *prot = 0;
- if (pr) {
- if (tlb->mas7_3 & MAS3_UR) {
- *prot |= PAGE_READ;
- }
- if (tlb->mas7_3 & MAS3_UW) {
- *prot |= PAGE_WRITE;
- }
- if (tlb->mas7_3 & MAS3_UX) {
- *prot |= PAGE_EXEC;
- }
- } else {
- if (tlb->mas7_3 & MAS3_SR) {
- *prot |= PAGE_READ;
- }
- if (tlb->mas7_3 & MAS3_SW) {
- *prot |= PAGE_WRITE;
- }
- if (tlb->mas7_3 & MAS3_SX) {
- *prot |= PAGE_EXEC;
- }
- }
- if (CHECK_PROT_ACCESS(*prot, access_type)) {
- qemu_log_mask(CPU_LOG_MMU, "%s: good TLB!\n", __func__);
- return 0;
- }
-
- qemu_log_mask(CPU_LOG_MMU, "%s: no prot match: %x\n", __func__, *prot);
- return access_type == MMU_INST_FETCH ? -3 : -2;
-}
-
-static int mmubooke206_get_physical_address(CPUPPCState *env, hwaddr *raddr,
- int *prot, target_ulong address,
- MMUAccessType access_type,
- int mmu_idx)
-{
- ppcmas_tlb_t *tlb;
- int i, j, ret = -1;
-
- for (i = 0; i < BOOKE206_MAX_TLBN; i++) {
- int ways = booke206_tlb_ways(env, i);
- for (j = 0; j < ways; j++) {
- tlb = booke206_get_tlbm(env, i, address, j);
- if (!tlb) {
- continue;
- }
- ret = mmubooke206_check_tlb(env, tlb, raddr, prot, address,
- access_type, mmu_idx);
- if (ret != -1) {
- goto found_tlb;
- }
- }
- }
-
-found_tlb:
-
- qemu_log_mask(CPU_LOG_MMU, "%s: access %s " TARGET_FMT_lx " => "
- HWADDR_FMT_plx " %d %d\n", __func__,
- ret < 0 ? "refused" : "granted", address,
- ret < 0 ? -1 : *raddr, ret == -1 ? 0 : *prot, ret);
- return ret;
-}
-
static const char *book3e_tsize_to_str[32] = {
"1K", "2K", "4K", "8K", "16K", "32K", "64K", "128K", "256K", "512K",
"1M", "2M", "4M", "8M", "16M", "32M", "64M", "128M", "256M", "512M",
@@ -1107,118 +712,6 @@ static int get_physical_address_wtlb(CPUPPCState *env, mmu_ctx_t *ctx,
}
}
-static void booke206_update_mas_tlb_miss(CPUPPCState *env, target_ulong address,
- MMUAccessType access_type, int mmu_idx)
-{
- uint32_t epid;
- bool as, pr;
- uint32_t missed_tid = 0;
- bool use_epid = mmubooke206_get_as(env, mmu_idx, &epid, &as, &pr);
-
- if (access_type == MMU_INST_FETCH) {
- as = FIELD_EX64(env->msr, MSR, IR);
- }
- env->spr[SPR_BOOKE_MAS0] = env->spr[SPR_BOOKE_MAS4] & MAS4_TLBSELD_MASK;
- env->spr[SPR_BOOKE_MAS1] = env->spr[SPR_BOOKE_MAS4] & MAS4_TSIZED_MASK;
- env->spr[SPR_BOOKE_MAS2] = env->spr[SPR_BOOKE_MAS4] & MAS4_WIMGED_MASK;
- env->spr[SPR_BOOKE_MAS3] = 0;
- env->spr[SPR_BOOKE_MAS6] = 0;
- env->spr[SPR_BOOKE_MAS7] = 0;
-
- /* AS */
- if (as) {
- env->spr[SPR_BOOKE_MAS1] |= MAS1_TS;
- env->spr[SPR_BOOKE_MAS6] |= MAS6_SAS;
- }
-
- env->spr[SPR_BOOKE_MAS1] |= MAS1_VALID;
- env->spr[SPR_BOOKE_MAS2] |= address & MAS2_EPN_MASK;
-
- if (!use_epid) {
- switch (env->spr[SPR_BOOKE_MAS4] & MAS4_TIDSELD_PIDZ) {
- case MAS4_TIDSELD_PID0:
- missed_tid = env->spr[SPR_BOOKE_PID];
- break;
- case MAS4_TIDSELD_PID1:
- missed_tid = env->spr[SPR_BOOKE_PID1];
- break;
- case MAS4_TIDSELD_PID2:
- missed_tid = env->spr[SPR_BOOKE_PID2];
- break;
- }
- env->spr[SPR_BOOKE_MAS6] |= env->spr[SPR_BOOKE_PID] << 16;
- } else {
- missed_tid = epid;
- env->spr[SPR_BOOKE_MAS6] |= missed_tid << 16;
- }
- env->spr[SPR_BOOKE_MAS1] |= (missed_tid << MAS1_TID_SHIFT);
-
-
- /* next victim logic */
- env->spr[SPR_BOOKE_MAS0] |= env->last_way << MAS0_ESEL_SHIFT;
- env->last_way++;
- env->last_way &= booke206_tlb_ways(env, 0) - 1;
- env->spr[SPR_BOOKE_MAS0] |= env->last_way << MAS0_NV_SHIFT;
-}
-
-static bool ppc_booke_xlate(PowerPCCPU *cpu, vaddr eaddr,
- MMUAccessType access_type,
- hwaddr *raddrp, int *psizep, int *protp,
- int mmu_idx, bool guest_visible)
-{
- CPUState *cs = CPU(cpu);
- CPUPPCState *env = &cpu->env;
- hwaddr raddr;
- int prot, ret;
-
- if (env->mmu_model == POWERPC_MMU_BOOKE206) {
- ret = mmubooke206_get_physical_address(env, &raddr, &prot, eaddr,
- access_type, mmu_idx);
- } else {
- ret = mmubooke_get_physical_address(env, &raddr, &prot, eaddr,
- access_type);
- }
- if (ret == 0) {
- *raddrp = raddr;
- *protp = prot;
- *psizep = TARGET_PAGE_BITS;
- return true;
- } else if (!guest_visible) {
- return false;
- }
-
- log_cpu_state_mask(CPU_LOG_MMU, cs, 0);
- env->error_code = 0;
- switch (ret) {
- case -1:
- /* No matches in page tables or TLB */
- if (env->mmu_model == POWERPC_MMU_BOOKE206) {
- booke206_update_mas_tlb_miss(env, eaddr, access_type, mmu_idx);
- }
- cs->exception_index = (access_type == MMU_INST_FETCH) ?
- POWERPC_EXCP_ITLB : POWERPC_EXCP_DTLB;
- env->spr[SPR_BOOKE_DEAR] = eaddr;
- env->spr[SPR_BOOKE_ESR] = mmubooke206_esr(mmu_idx, access_type);
- break;
- case -2:
- /* Access rights violation */
- cs->exception_index = (access_type == MMU_INST_FETCH) ?
- POWERPC_EXCP_ISI : POWERPC_EXCP_DSI;
- if (access_type != MMU_INST_FETCH) {
- env->spr[SPR_BOOKE_DEAR] = eaddr;
- env->spr[SPR_BOOKE_ESR] = mmubooke206_esr(mmu_idx, access_type);
- }
- break;
- case -3:
- /* No execute protection violation */
- cs->exception_index = POWERPC_EXCP_ISI;
- env->spr[SPR_BOOKE_ESR] = 0;
- break;
- }
-
- return false;
-}
-
/* Perform address translation */
/* TODO: Split this by mmu_model. */
static bool ppc_jumbo_xlate(PowerPCCPU *cpu, vaddr eaddr,
diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
index 680ca0b618..87bfe26220 100644
--- a/target/ppc/mmu_helper.c
+++ b/target/ppc/mmu_helper.c
@@ -33,6 +33,7 @@
#include "internal.h"
#include "mmu-book3s-v3.h"
#include "mmu-radix64.h"
+#include "mmu-booke.h"
#include "exec/helper-proto.h"
#include "exec/cpu_ldst.h"
--
2.30.9On Thu May 9, 2024 at 9:36 AM AEST, BALATON Zoltan wrote:
> Add a new mmu-booke.c file for BookE and related MMU bits from
> mmu_common.c.
>
Nice work.
Acked-by: Nicholas Piggin <npiggin@gmail.com>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
> target/ppc/cpu.h | 4 -
> target/ppc/meson.build | 1 +
> target/ppc/mmu-booke.c | 532 ++++++++++++++++++++++++++++++++++++++++
> target/ppc/mmu-booke.h | 17 ++
> target/ppc/mmu_common.c | 509 +-------------------------------------
> target/ppc/mmu_helper.c | 1 +
> 6 files changed, 552 insertions(+), 512 deletions(-)
> create mode 100644 target/ppc/mmu-booke.c
> create mode 100644 target/ppc/mmu-booke.h
>
> diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
> index cfb3ba5ac8..92b50a1be2 100644
> --- a/target/ppc/cpu.h
> +++ b/target/ppc/cpu.h
> @@ -1606,10 +1606,6 @@ void ppc_tlb_invalidate_all(CPUPPCState *env);
> void ppc_tlb_invalidate_one(CPUPPCState *env, target_ulong addr);
> void cpu_ppc_set_vhyp(PowerPCCPU *cpu, PPCVirtualHypervisor *vhyp);
> void cpu_ppc_set_1lpar(PowerPCCPU *cpu);
> -int ppcmas_tlb_check(CPUPPCState *env, ppcmas_tlb_t *tlb, hwaddr *raddrp,
> - target_ulong address, uint32_t pid);
> -int ppcemb_tlb_search(CPUPPCState *env, target_ulong address, uint32_t pid);
> -hwaddr booke206_tlb_to_page_size(CPUPPCState *env, ppcmas_tlb_t *tlb);
> #endif
>
> void ppc_store_fpscr(CPUPPCState *env, target_ulong val);
> diff --git a/target/ppc/meson.build b/target/ppc/meson.build
> index 0b89f9b89f..db3b7a0c33 100644
> --- a/target/ppc/meson.build
> +++ b/target/ppc/meson.build
> @@ -37,6 +37,7 @@ ppc_system_ss.add(files(
> 'arch_dump.c',
> 'machine.c',
> 'mmu-hash32.c',
> + 'mmu-booke.c',
> 'mmu_common.c',
> 'ppc-qmp-cmds.c',
> ))
> diff --git a/target/ppc/mmu-booke.c b/target/ppc/mmu-booke.c
> new file mode 100644
> index 0000000000..cc93dc1c8c
> --- /dev/null
> +++ b/target/ppc/mmu-booke.c
> @@ -0,0 +1,532 @@
> +/*
> + * PowerPC BookE MMU, TLB emulation helpers for QEMU.
> + *
> + * Copyright (c) 2003-2007 Jocelyn Mayer
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include "qemu/osdep.h"
> +#include "exec/page-protection.h"
> +#include "exec/log.h"
> +#include "cpu.h"
> +#include "internal.h"
> +#include "mmu-booke.h"
> +
> +/* Generic TLB check function for embedded PowerPC implementations */
> +static bool ppcemb_tlb_check(CPUPPCState *env, ppcemb_tlb_t *tlb,
> + hwaddr *raddrp,
> + target_ulong address, uint32_t pid, int i)
> +{
> + target_ulong mask;
> +
> + /* Check valid flag */
> + if (!(tlb->prot & PAGE_VALID)) {
> + return false;
> + }
> + mask = ~(tlb->size - 1);
> + qemu_log_mask(CPU_LOG_MMU, "%s: TLB %d address " TARGET_FMT_lx
> + " PID %u <=> " TARGET_FMT_lx " " TARGET_FMT_lx " %u %x\n",
> + __func__, i, address, pid, tlb->EPN,
> + mask, (uint32_t)tlb->PID, tlb->prot);
> + /* Check PID */
> + if (tlb->PID != 0 && tlb->PID != pid) {
> + return false;
> + }
> + /* Check effective address */
> + if ((address & mask) != tlb->EPN) {
> + return false;
> + }
> + *raddrp = (tlb->RPN & mask) | (address & ~mask);
> + return true;
> +}
> +
> +/* Generic TLB search function for PowerPC embedded implementations */
> +int ppcemb_tlb_search(CPUPPCState *env, target_ulong address, uint32_t pid)
> +{
> + ppcemb_tlb_t *tlb;
> + hwaddr raddr;
> + int i;
> +
> + for (i = 0; i < env->nb_tlb; i++) {
> + tlb = &env->tlb.tlbe[i];
> + if (ppcemb_tlb_check(env, tlb, &raddr, address, pid, i)) {
> + return i;
> + }
> + }
> + return -1;
> +}
> +
> +int mmu40x_get_physical_address(CPUPPCState *env, hwaddr *raddr, int *prot,
> + target_ulong address,
> + MMUAccessType access_type)
> +{
> + ppcemb_tlb_t *tlb;
> + int i, ret, zsel, zpr, pr;
> +
> + ret = -1;
> + *prot = 0;
> + pr = FIELD_EX64(env->msr, MSR, PR);
> + for (i = 0; i < env->nb_tlb; i++) {
> + tlb = &env->tlb.tlbe[i];
> + if (!ppcemb_tlb_check(env, tlb, raddr, address,
> + env->spr[SPR_40x_PID], i)) {
> + continue;
> + }
> + zsel = (tlb->attr >> 4) & 0xF;
> + zpr = (env->spr[SPR_40x_ZPR] >> (30 - (2 * zsel))) & 0x3;
> + qemu_log_mask(CPU_LOG_MMU,
> + "%s: TLB %d zsel %d zpr %d ty %d attr %08x\n",
> + __func__, i, zsel, zpr, access_type, tlb->attr);
> + /* Check execute enable bit */
> + switch (zpr) {
> + case 0x2:
> + if (pr != 0) {
> + goto check_perms;
> + }
> + /* fall through */
> + case 0x3:
> + /* All accesses granted */
> + *prot = PAGE_RWX;
> + ret = 0;
> + break;
> +
> + case 0x0:
> + if (pr != 0) {
> + /* Raise Zone protection fault. */
> + env->spr[SPR_40x_ESR] = 1 << 22;
> + *prot = 0;
> + ret = -2;
> + break;
> + }
> + /* fall through */
> + case 0x1:
> +check_perms:
> + /* Check from TLB entry */
> + *prot = tlb->prot;
> + if (CHECK_PROT_ACCESS(*prot, access_type)) {
> + ret = 0;
> + } else {
> + env->spr[SPR_40x_ESR] = 0;
> + ret = -2;
> + }
> + break;
> + }
> + }
> + qemu_log_mask(CPU_LOG_MMU, "%s: access %s " TARGET_FMT_lx " => "
> + HWADDR_FMT_plx " %d %d\n", __func__,
> + ret < 0 ? "refused" : "granted", address,
> + ret < 0 ? 0 : *raddr, *prot, ret);
> +
> + return ret;
> +}
> +
> +static bool mmubooke_check_pid(CPUPPCState *env, ppcemb_tlb_t *tlb,
> + hwaddr *raddr, target_ulong addr, int i)
> +{
> + if (ppcemb_tlb_check(env, tlb, raddr, addr, env->spr[SPR_BOOKE_PID], i)) {
> + if (!env->nb_pids) {
> + /* Extend the physical address to 36 bits */
> + *raddr |= (uint64_t)(tlb->RPN & 0xF) << 32;
> + }
> + return true;
> + } else if (!env->nb_pids) {
> + return false;
> + }
> + if (env->spr[SPR_BOOKE_PID1] &&
> + ppcemb_tlb_check(env, tlb, raddr, addr, env->spr[SPR_BOOKE_PID1], i)) {
> + return true;
> + }
> + if (env->spr[SPR_BOOKE_PID2] &&
> + ppcemb_tlb_check(env, tlb, raddr, addr, env->spr[SPR_BOOKE_PID2], i)) {
> + return true;
> + }
> + return false;
> +}
> +
> +static int mmubooke_check_tlb(CPUPPCState *env, ppcemb_tlb_t *tlb,
> + hwaddr *raddr, int *prot, target_ulong address,
> + MMUAccessType access_type, int i)
> +{
> + if (!mmubooke_check_pid(env, tlb, raddr, address, i)) {
> + qemu_log_mask(CPU_LOG_MMU, "%s: TLB entry not found\n", __func__);
> + return -1;
> + }
> +
> + /* Check the address space */
> + if ((access_type == MMU_INST_FETCH ?
> + FIELD_EX64(env->msr, MSR, IR) :
> + FIELD_EX64(env->msr, MSR, DR)) != (tlb->attr & 1)) {
> + qemu_log_mask(CPU_LOG_MMU, "%s: AS doesn't match\n", __func__);
> + return -1;
> + }
> +
> + if (FIELD_EX64(env->msr, MSR, PR)) {
> + *prot = tlb->prot & 0xF;
> + } else {
> + *prot = (tlb->prot >> 4) & 0xF;
> + }
> + if (CHECK_PROT_ACCESS(*prot, access_type)) {
> + qemu_log_mask(CPU_LOG_MMU, "%s: good TLB!\n", __func__);
> + return 0;
> + }
> +
> + qemu_log_mask(CPU_LOG_MMU, "%s: no prot match: %x\n", __func__, *prot);
> + return access_type == MMU_INST_FETCH ? -3 : -2;
> +}
> +
> +static int mmubooke_get_physical_address(CPUPPCState *env, hwaddr *raddr,
> + int *prot, target_ulong address,
> + MMUAccessType access_type)
> +{
> + ppcemb_tlb_t *tlb;
> + int i, ret = -1;
> +
> + for (i = 0; i < env->nb_tlb; i++) {
> + tlb = &env->tlb.tlbe[i];
> + ret = mmubooke_check_tlb(env, tlb, raddr, prot, address,
> + access_type, i);
> + if (ret != -1) {
> + break;
> + }
> + }
> + qemu_log_mask(CPU_LOG_MMU,
> + "%s: access %s " TARGET_FMT_lx " => " HWADDR_FMT_plx
> + " %d %d\n", __func__, ret < 0 ? "refused" : "granted",
> + address, ret < 0 ? -1 : *raddr, ret == -1 ? 0 : *prot, ret);
> + return ret;
> +}
> +
> +hwaddr booke206_tlb_to_page_size(CPUPPCState *env, ppcmas_tlb_t *tlb)
> +{
> + int tlbm_size;
> +
> + tlbm_size = (tlb->mas1 & MAS1_TSIZE_MASK) >> MAS1_TSIZE_SHIFT;
> +
> + return 1024ULL << tlbm_size;
> +}
> +
> +/* TLB check function for MAS based SoftTLBs */
> +int ppcmas_tlb_check(CPUPPCState *env, ppcmas_tlb_t *tlb, hwaddr *raddrp,
> + target_ulong address, uint32_t pid)
> +{
> + hwaddr mask;
> + uint32_t tlb_pid;
> +
> + if (!FIELD_EX64(env->msr, MSR, CM)) {
> + /* In 32bit mode we can only address 32bit EAs */
> + address = (uint32_t)address;
> + }
> +
> + /* Check valid flag */
> + if (!(tlb->mas1 & MAS1_VALID)) {
> + return -1;
> + }
> +
> + mask = ~(booke206_tlb_to_page_size(env, tlb) - 1);
> + qemu_log_mask(CPU_LOG_MMU, "%s: TLB ADDR=0x" TARGET_FMT_lx
> + " PID=0x%x MAS1=0x%x MAS2=0x%" PRIx64 " mask=0x%"
> + HWADDR_PRIx " MAS7_3=0x%" PRIx64 " MAS8=0x%" PRIx32 "\n",
> + __func__, address, pid, tlb->mas1, tlb->mas2, mask,
> + tlb->mas7_3, tlb->mas8);
> +
> + /* Check PID */
> + tlb_pid = (tlb->mas1 & MAS1_TID_MASK) >> MAS1_TID_SHIFT;
> + if (tlb_pid != 0 && tlb_pid != pid) {
> + return -1;
> + }
> +
> + /* Check effective address */
> + if ((address & mask) != (tlb->mas2 & MAS2_EPN_MASK)) {
> + return -1;
> + }
> +
> + if (raddrp) {
> + *raddrp = (tlb->mas7_3 & mask) | (address & ~mask);
> + }
> +
> + return 0;
> +}
> +
> +static bool is_epid_mmu(int mmu_idx)
> +{
> + return mmu_idx == PPC_TLB_EPID_STORE || mmu_idx == PPC_TLB_EPID_LOAD;
> +}
> +
> +static uint32_t mmubooke206_esr(int mmu_idx, MMUAccessType access_type)
> +{
> + uint32_t esr = 0;
> + if (access_type == MMU_DATA_STORE) {
> + esr |= ESR_ST;
> + }
> + if (is_epid_mmu(mmu_idx)) {
> + esr |= ESR_EPID;
> + }
> + return esr;
> +}
> +
> +/*
> + * Get EPID register given the mmu_idx. If this is regular load,
> + * construct the EPID access bits from current processor state
> + *
> + * Get the effective AS and PR bits and the PID. The PID is returned
> + * only if EPID load is requested, otherwise the caller must detect
> + * the correct EPID. Return true if valid EPID is returned.
> + */
> +static bool mmubooke206_get_as(CPUPPCState *env,
> + int mmu_idx, uint32_t *epid_out,
> + bool *as_out, bool *pr_out)
> +{
> + if (is_epid_mmu(mmu_idx)) {
> + uint32_t epidr;
> + if (mmu_idx == PPC_TLB_EPID_STORE) {
> + epidr = env->spr[SPR_BOOKE_EPSC];
> + } else {
> + epidr = env->spr[SPR_BOOKE_EPLC];
> + }
> + *epid_out = (epidr & EPID_EPID) >> EPID_EPID_SHIFT;
> + *as_out = !!(epidr & EPID_EAS);
> + *pr_out = !!(epidr & EPID_EPR);
> + return true;
> + } else {
> + *as_out = FIELD_EX64(env->msr, MSR, DS);
> + *pr_out = FIELD_EX64(env->msr, MSR, PR);
> + return false;
> + }
> +}
> +
> +/* Check if the tlb found by hashing really matches */
> +static int mmubooke206_check_tlb(CPUPPCState *env, ppcmas_tlb_t *tlb,
> + hwaddr *raddr, int *prot,
> + target_ulong address,
> + MMUAccessType access_type, int mmu_idx)
> +{
> + uint32_t epid;
> + bool as, pr;
> + bool use_epid = mmubooke206_get_as(env, mmu_idx, &epid, &as, &pr);
> +
> + if (!use_epid) {
> + if (ppcmas_tlb_check(env, tlb, raddr, address,
> + env->spr[SPR_BOOKE_PID]) >= 0) {
> + goto found_tlb;
> + }
> +
> + if (env->spr[SPR_BOOKE_PID1] &&
> + ppcmas_tlb_check(env, tlb, raddr, address,
> + env->spr[SPR_BOOKE_PID1]) >= 0) {
> + goto found_tlb;
> + }
> +
> + if (env->spr[SPR_BOOKE_PID2] &&
> + ppcmas_tlb_check(env, tlb, raddr, address,
> + env->spr[SPR_BOOKE_PID2]) >= 0) {
> + goto found_tlb;
> + }
> + } else {
> + if (ppcmas_tlb_check(env, tlb, raddr, address, epid) >= 0) {
> + goto found_tlb;
> + }
> + }
> +
> + qemu_log_mask(CPU_LOG_MMU, "%s: No TLB entry found for effective address "
> + "0x" TARGET_FMT_lx "\n", __func__, address);
> + return -1;
> +
> +found_tlb:
> +
> + /* Check the address space and permissions */
> + if (access_type == MMU_INST_FETCH) {
> + /* There is no way to fetch code using epid load */
> + assert(!use_epid);
> + as = FIELD_EX64(env->msr, MSR, IR);
> + }
> +
> + if (as != ((tlb->mas1 & MAS1_TS) >> MAS1_TS_SHIFT)) {
> + qemu_log_mask(CPU_LOG_MMU, "%s: AS doesn't match\n", __func__);
> + return -1;
> + }
> +
> + *prot = 0;
> + if (pr) {
> + if (tlb->mas7_3 & MAS3_UR) {
> + *prot |= PAGE_READ;
> + }
> + if (tlb->mas7_3 & MAS3_UW) {
> + *prot |= PAGE_WRITE;
> + }
> + if (tlb->mas7_3 & MAS3_UX) {
> + *prot |= PAGE_EXEC;
> + }
> + } else {
> + if (tlb->mas7_3 & MAS3_SR) {
> + *prot |= PAGE_READ;
> + }
> + if (tlb->mas7_3 & MAS3_SW) {
> + *prot |= PAGE_WRITE;
> + }
> + if (tlb->mas7_3 & MAS3_SX) {
> + *prot |= PAGE_EXEC;
> + }
> + }
> + if (CHECK_PROT_ACCESS(*prot, access_type)) {
> + qemu_log_mask(CPU_LOG_MMU, "%s: good TLB!\n", __func__);
> + return 0;
> + }
> +
> + qemu_log_mask(CPU_LOG_MMU, "%s: no prot match: %x\n", __func__, *prot);
> + return access_type == MMU_INST_FETCH ? -3 : -2;
> +}
> +
> +static int mmubooke206_get_physical_address(CPUPPCState *env, hwaddr *raddr,
> + int *prot, target_ulong address,
> + MMUAccessType access_type,
> + int mmu_idx)
> +{
> + ppcmas_tlb_t *tlb;
> + int i, j, ret = -1;
> +
> + for (i = 0; i < BOOKE206_MAX_TLBN; i++) {
> + int ways = booke206_tlb_ways(env, i);
> + for (j = 0; j < ways; j++) {
> + tlb = booke206_get_tlbm(env, i, address, j);
> + if (!tlb) {
> + continue;
> + }
> + ret = mmubooke206_check_tlb(env, tlb, raddr, prot, address,
> + access_type, mmu_idx);
> + if (ret != -1) {
> + goto found_tlb;
> + }
> + }
> + }
> +
> +found_tlb:
> +
> + qemu_log_mask(CPU_LOG_MMU, "%s: access %s " TARGET_FMT_lx " => "
> + HWADDR_FMT_plx " %d %d\n", __func__,
> + ret < 0 ? "refused" : "granted", address,
> + ret < 0 ? -1 : *raddr, ret == -1 ? 0 : *prot, ret);
> + return ret;
> +}
> +
> +static void booke206_update_mas_tlb_miss(CPUPPCState *env, target_ulong address,
> + MMUAccessType access_type, int mmu_idx)
> +{
> + uint32_t epid;
> + bool as, pr;
> + uint32_t missed_tid = 0;
> + bool use_epid = mmubooke206_get_as(env, mmu_idx, &epid, &as, &pr);
> +
> + if (access_type == MMU_INST_FETCH) {
> + as = FIELD_EX64(env->msr, MSR, IR);
> + }
> + env->spr[SPR_BOOKE_MAS0] = env->spr[SPR_BOOKE_MAS4] & MAS4_TLBSELD_MASK;
> + env->spr[SPR_BOOKE_MAS1] = env->spr[SPR_BOOKE_MAS4] & MAS4_TSIZED_MASK;
> + env->spr[SPR_BOOKE_MAS2] = env->spr[SPR_BOOKE_MAS4] & MAS4_WIMGED_MASK;
> + env->spr[SPR_BOOKE_MAS3] = 0;
> + env->spr[SPR_BOOKE_MAS6] = 0;
> + env->spr[SPR_BOOKE_MAS7] = 0;
> +
> + /* AS */
> + if (as) {
> + env->spr[SPR_BOOKE_MAS1] |= MAS1_TS;
> + env->spr[SPR_BOOKE_MAS6] |= MAS6_SAS;
> + }
> +
> + env->spr[SPR_BOOKE_MAS1] |= MAS1_VALID;
> + env->spr[SPR_BOOKE_MAS2] |= address & MAS2_EPN_MASK;
> +
> + if (!use_epid) {
> + switch (env->spr[SPR_BOOKE_MAS4] & MAS4_TIDSELD_PIDZ) {
> + case MAS4_TIDSELD_PID0:
> + missed_tid = env->spr[SPR_BOOKE_PID];
> + break;
> + case MAS4_TIDSELD_PID1:
> + missed_tid = env->spr[SPR_BOOKE_PID1];
> + break;
> + case MAS4_TIDSELD_PID2:
> + missed_tid = env->spr[SPR_BOOKE_PID2];
> + break;
> + }
> + env->spr[SPR_BOOKE_MAS6] |= env->spr[SPR_BOOKE_PID] << 16;
> + } else {
> + missed_tid = epid;
> + env->spr[SPR_BOOKE_MAS6] |= missed_tid << 16;
> + }
> + env->spr[SPR_BOOKE_MAS1] |= (missed_tid << MAS1_TID_SHIFT);
> +
> +
> + /* next victim logic */
> + env->spr[SPR_BOOKE_MAS0] |= env->last_way << MAS0_ESEL_SHIFT;
> + env->last_way++;
> + env->last_way &= booke206_tlb_ways(env, 0) - 1;
> + env->spr[SPR_BOOKE_MAS0] |= env->last_way << MAS0_NV_SHIFT;
> +}
> +
> +bool ppc_booke_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
> + hwaddr *raddrp, int *psizep, int *protp, int mmu_idx,
> + bool guest_visible)
> +{
> + CPUState *cs = CPU(cpu);
> + CPUPPCState *env = &cpu->env;
> + hwaddr raddr;
> + int prot, ret;
> +
> + if (env->mmu_model == POWERPC_MMU_BOOKE206) {
> + ret = mmubooke206_get_physical_address(env, &raddr, &prot, eaddr,
> + access_type, mmu_idx);
> + } else {
> + ret = mmubooke_get_physical_address(env, &raddr, &prot, eaddr,
> + access_type);
> + }
> + if (ret == 0) {
> + *raddrp = raddr;
> + *protp = prot;
> + *psizep = TARGET_PAGE_BITS;
> + return true;
> + } else if (!guest_visible) {
> + return false;
> + }
> +
> + log_cpu_state_mask(CPU_LOG_MMU, cs, 0);
> + env->error_code = 0;
> + switch (ret) {
> + case -1:
> + /* No matches in page tables or TLB */
> + if (env->mmu_model == POWERPC_MMU_BOOKE206) {
> + booke206_update_mas_tlb_miss(env, eaddr, access_type, mmu_idx);
> + }
> + cs->exception_index = (access_type == MMU_INST_FETCH) ?
> + POWERPC_EXCP_ITLB : POWERPC_EXCP_DTLB;
> + env->spr[SPR_BOOKE_DEAR] = eaddr;
> + env->spr[SPR_BOOKE_ESR] = mmubooke206_esr(mmu_idx, access_type);
> + break;
> + case -2:
> + /* Access rights violation */
> + cs->exception_index = (access_type == MMU_INST_FETCH) ?
> + POWERPC_EXCP_ISI : POWERPC_EXCP_DSI;
> + if (access_type != MMU_INST_FETCH) {
> + env->spr[SPR_BOOKE_DEAR] = eaddr;
> + env->spr[SPR_BOOKE_ESR] = mmubooke206_esr(mmu_idx, access_type);
> + }
> + break;
> + case -3:
> + /* No execute protection violation */
> + cs->exception_index = POWERPC_EXCP_ISI;
> + env->spr[SPR_BOOKE_ESR] = 0;
> + break;
> + }
> +
> + return false;
> +}
> diff --git a/target/ppc/mmu-booke.h b/target/ppc/mmu-booke.h
> new file mode 100644
> index 0000000000..f972843bbb
> --- /dev/null
> +++ b/target/ppc/mmu-booke.h
> @@ -0,0 +1,17 @@
> +#ifndef PPC_MMU_BOOKE_H
> +#define PPC_MMU_BOOKE_H
> +
> +#include "cpu.h"
> +
> +int ppcemb_tlb_search(CPUPPCState *env, target_ulong address, uint32_t pid);
> +int mmu40x_get_physical_address(CPUPPCState *env, hwaddr *raddr, int *prot,
> + target_ulong address,
> + MMUAccessType access_type);
> +hwaddr booke206_tlb_to_page_size(CPUPPCState *env, ppcmas_tlb_t *tlb);
> +int ppcmas_tlb_check(CPUPPCState *env, ppcmas_tlb_t *tlb, hwaddr *raddrp,
> + target_ulong address, uint32_t pid);
> +bool ppc_booke_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
> + hwaddr *raddrp, int *psizep, int *protp, int mmu_idx,
> + bool guest_visible);
> +
> +#endif
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index bcd20ddc7b..9be48c8db0 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -33,6 +33,7 @@
> #include "internal.h"
> #include "mmu-book3s-v3.h"
> #include "mmu-radix64.h"
> +#include "mmu-booke.h"
>
> /* #define DUMP_PAGE_TABLES */
>
> @@ -444,402 +445,6 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
> return -2;
> }
>
> -/* Generic TLB check function for embedded PowerPC implementations */
> -static bool ppcemb_tlb_check(CPUPPCState *env, ppcemb_tlb_t *tlb,
> - hwaddr *raddrp,
> - target_ulong address, uint32_t pid, int i)
> -{
> - target_ulong mask;
> -
> - /* Check valid flag */
> - if (!(tlb->prot & PAGE_VALID)) {
> - return false;
> - }
> - mask = ~(tlb->size - 1);
> - qemu_log_mask(CPU_LOG_MMU, "%s: TLB %d address " TARGET_FMT_lx
> - " PID %u <=> " TARGET_FMT_lx " " TARGET_FMT_lx " %u %x\n",
> - __func__, i, address, pid, tlb->EPN,
> - mask, (uint32_t)tlb->PID, tlb->prot);
> - /* Check PID */
> - if (tlb->PID != 0 && tlb->PID != pid) {
> - return false;
> - }
> - /* Check effective address */
> - if ((address & mask) != tlb->EPN) {
> - return false;
> - }
> - *raddrp = (tlb->RPN & mask) | (address & ~mask);
> - return true;
> -}
> -
> -/* Generic TLB search function for PowerPC embedded implementations */
> -int ppcemb_tlb_search(CPUPPCState *env, target_ulong address, uint32_t pid)
> -{
> - ppcemb_tlb_t *tlb;
> - hwaddr raddr;
> - int i;
> -
> - for (i = 0; i < env->nb_tlb; i++) {
> - tlb = &env->tlb.tlbe[i];
> - if (ppcemb_tlb_check(env, tlb, &raddr, address, pid, i)) {
> - return i;
> - }
> - }
> - return -1;
> -}
> -
> -static int mmu40x_get_physical_address(CPUPPCState *env, hwaddr *raddr,
> - int *prot, target_ulong address,
> - MMUAccessType access_type)
> -{
> - ppcemb_tlb_t *tlb;
> - int i, ret, zsel, zpr, pr;
> -
> - ret = -1;
> - *prot = 0;
> - pr = FIELD_EX64(env->msr, MSR, PR);
> - for (i = 0; i < env->nb_tlb; i++) {
> - tlb = &env->tlb.tlbe[i];
> - if (!ppcemb_tlb_check(env, tlb, raddr, address,
> - env->spr[SPR_40x_PID], i)) {
> - continue;
> - }
> - zsel = (tlb->attr >> 4) & 0xF;
> - zpr = (env->spr[SPR_40x_ZPR] >> (30 - (2 * zsel))) & 0x3;
> - qemu_log_mask(CPU_LOG_MMU,
> - "%s: TLB %d zsel %d zpr %d ty %d attr %08x\n",
> - __func__, i, zsel, zpr, access_type, tlb->attr);
> - /* Check execute enable bit */
> - switch (zpr) {
> - case 0x2:
> - if (pr != 0) {
> - goto check_perms;
> - }
> - /* fall through */
> - case 0x3:
> - /* All accesses granted */
> - *prot = PAGE_RWX;
> - ret = 0;
> - break;
> -
> - case 0x0:
> - if (pr != 0) {
> - /* Raise Zone protection fault. */
> - env->spr[SPR_40x_ESR] = 1 << 22;
> - *prot = 0;
> - ret = -2;
> - break;
> - }
> - /* fall through */
> - case 0x1:
> -check_perms:
> - /* Check from TLB entry */
> - *prot = tlb->prot;
> - if (CHECK_PROT_ACCESS(*prot, access_type)) {
> - ret = 0;
> - } else {
> - env->spr[SPR_40x_ESR] = 0;
> - ret = -2;
> - }
> - break;
> - }
> - }
> - qemu_log_mask(CPU_LOG_MMU, "%s: access %s " TARGET_FMT_lx " => "
> - HWADDR_FMT_plx " %d %d\n", __func__,
> - ret < 0 ? "refused" : "granted", address,
> - ret < 0 ? 0 : *raddr, *prot, ret);
> -
> - return ret;
> -}
> -
> -static bool mmubooke_check_pid(CPUPPCState *env, ppcemb_tlb_t *tlb,
> - hwaddr *raddr, target_ulong addr, int i)
> -{
> - if (ppcemb_tlb_check(env, tlb, raddr, addr, env->spr[SPR_BOOKE_PID], i)) {
> - if (!env->nb_pids) {
> - /* Extend the physical address to 36 bits */
> - *raddr |= (uint64_t)(tlb->RPN & 0xF) << 32;
> - }
> - return true;
> - } else if (!env->nb_pids) {
> - return false;
> - }
> - if (env->spr[SPR_BOOKE_PID1] &&
> - ppcemb_tlb_check(env, tlb, raddr, addr, env->spr[SPR_BOOKE_PID1], i)) {
> - return true;
> - }
> - if (env->spr[SPR_BOOKE_PID2] &&
> - ppcemb_tlb_check(env, tlb, raddr, addr, env->spr[SPR_BOOKE_PID2], i)) {
> - return true;
> - }
> - return false;
> -}
> -
> -static int mmubooke_check_tlb(CPUPPCState *env, ppcemb_tlb_t *tlb,
> - hwaddr *raddr, int *prot, target_ulong address,
> - MMUAccessType access_type, int i)
> -{
> - if (!mmubooke_check_pid(env, tlb, raddr, address, i)) {
> - qemu_log_mask(CPU_LOG_MMU, "%s: TLB entry not found\n", __func__);
> - return -1;
> - }
> -
> - /* Check the address space */
> - if ((access_type == MMU_INST_FETCH ?
> - FIELD_EX64(env->msr, MSR, IR) :
> - FIELD_EX64(env->msr, MSR, DR)) != (tlb->attr & 1)) {
> - qemu_log_mask(CPU_LOG_MMU, "%s: AS doesn't match\n", __func__);
> - return -1;
> - }
> -
> - if (FIELD_EX64(env->msr, MSR, PR)) {
> - *prot = tlb->prot & 0xF;
> - } else {
> - *prot = (tlb->prot >> 4) & 0xF;
> - }
> - if (CHECK_PROT_ACCESS(*prot, access_type)) {
> - qemu_log_mask(CPU_LOG_MMU, "%s: good TLB!\n", __func__);
> - return 0;
> - }
> -
> - qemu_log_mask(CPU_LOG_MMU, "%s: no prot match: %x\n", __func__, *prot);
> - return access_type == MMU_INST_FETCH ? -3 : -2;
> -}
> -
> -static int mmubooke_get_physical_address(CPUPPCState *env, hwaddr *raddr,
> - int *prot, target_ulong address,
> - MMUAccessType access_type)
> -{
> - ppcemb_tlb_t *tlb;
> - int i, ret = -1;
> -
> - for (i = 0; i < env->nb_tlb; i++) {
> - tlb = &env->tlb.tlbe[i];
> - ret = mmubooke_check_tlb(env, tlb, raddr, prot, address,
> - access_type, i);
> - if (ret != -1) {
> - break;
> - }
> - }
> - qemu_log_mask(CPU_LOG_MMU,
> - "%s: access %s " TARGET_FMT_lx " => " HWADDR_FMT_plx
> - " %d %d\n", __func__, ret < 0 ? "refused" : "granted",
> - address, ret < 0 ? -1 : *raddr, ret == -1 ? 0 : *prot, ret);
> - return ret;
> -}
> -
> -hwaddr booke206_tlb_to_page_size(CPUPPCState *env, ppcmas_tlb_t *tlb)
> -{
> - int tlbm_size;
> -
> - tlbm_size = (tlb->mas1 & MAS1_TSIZE_MASK) >> MAS1_TSIZE_SHIFT;
> -
> - return 1024ULL << tlbm_size;
> -}
> -
> -/* TLB check function for MAS based SoftTLBs */
> -int ppcmas_tlb_check(CPUPPCState *env, ppcmas_tlb_t *tlb, hwaddr *raddrp,
> - target_ulong address, uint32_t pid)
> -{
> - hwaddr mask;
> - uint32_t tlb_pid;
> -
> - if (!FIELD_EX64(env->msr, MSR, CM)) {
> - /* In 32bit mode we can only address 32bit EAs */
> - address = (uint32_t)address;
> - }
> -
> - /* Check valid flag */
> - if (!(tlb->mas1 & MAS1_VALID)) {
> - return -1;
> - }
> -
> - mask = ~(booke206_tlb_to_page_size(env, tlb) - 1);
> - qemu_log_mask(CPU_LOG_MMU, "%s: TLB ADDR=0x" TARGET_FMT_lx
> - " PID=0x%x MAS1=0x%x MAS2=0x%" PRIx64 " mask=0x%"
> - HWADDR_PRIx " MAS7_3=0x%" PRIx64 " MAS8=0x%" PRIx32 "\n",
> - __func__, address, pid, tlb->mas1, tlb->mas2, mask,
> - tlb->mas7_3, tlb->mas8);
> -
> - /* Check PID */
> - tlb_pid = (tlb->mas1 & MAS1_TID_MASK) >> MAS1_TID_SHIFT;
> - if (tlb_pid != 0 && tlb_pid != pid) {
> - return -1;
> - }
> -
> - /* Check effective address */
> - if ((address & mask) != (tlb->mas2 & MAS2_EPN_MASK)) {
> - return -1;
> - }
> -
> - if (raddrp) {
> - *raddrp = (tlb->mas7_3 & mask) | (address & ~mask);
> - }
> -
> - return 0;
> -}
> -
> -static bool is_epid_mmu(int mmu_idx)
> -{
> - return mmu_idx == PPC_TLB_EPID_STORE || mmu_idx == PPC_TLB_EPID_LOAD;
> -}
> -
> -static uint32_t mmubooke206_esr(int mmu_idx, MMUAccessType access_type)
> -{
> - uint32_t esr = 0;
> - if (access_type == MMU_DATA_STORE) {
> - esr |= ESR_ST;
> - }
> - if (is_epid_mmu(mmu_idx)) {
> - esr |= ESR_EPID;
> - }
> - return esr;
> -}
> -
> -/*
> - * Get EPID register given the mmu_idx. If this is regular load,
> - * construct the EPID access bits from current processor state
> - *
> - * Get the effective AS and PR bits and the PID. The PID is returned
> - * only if EPID load is requested, otherwise the caller must detect
> - * the correct EPID. Return true if valid EPID is returned.
> - */
> -static bool mmubooke206_get_as(CPUPPCState *env,
> - int mmu_idx, uint32_t *epid_out,
> - bool *as_out, bool *pr_out)
> -{
> - if (is_epid_mmu(mmu_idx)) {
> - uint32_t epidr;
> - if (mmu_idx == PPC_TLB_EPID_STORE) {
> - epidr = env->spr[SPR_BOOKE_EPSC];
> - } else {
> - epidr = env->spr[SPR_BOOKE_EPLC];
> - }
> - *epid_out = (epidr & EPID_EPID) >> EPID_EPID_SHIFT;
> - *as_out = !!(epidr & EPID_EAS);
> - *pr_out = !!(epidr & EPID_EPR);
> - return true;
> - } else {
> - *as_out = FIELD_EX64(env->msr, MSR, DS);
> - *pr_out = FIELD_EX64(env->msr, MSR, PR);
> - return false;
> - }
> -}
> -
> -/* Check if the tlb found by hashing really matches */
> -static int mmubooke206_check_tlb(CPUPPCState *env, ppcmas_tlb_t *tlb,
> - hwaddr *raddr, int *prot,
> - target_ulong address,
> - MMUAccessType access_type, int mmu_idx)
> -{
> - uint32_t epid;
> - bool as, pr;
> - bool use_epid = mmubooke206_get_as(env, mmu_idx, &epid, &as, &pr);
> -
> - if (!use_epid) {
> - if (ppcmas_tlb_check(env, tlb, raddr, address,
> - env->spr[SPR_BOOKE_PID]) >= 0) {
> - goto found_tlb;
> - }
> -
> - if (env->spr[SPR_BOOKE_PID1] &&
> - ppcmas_tlb_check(env, tlb, raddr, address,
> - env->spr[SPR_BOOKE_PID1]) >= 0) {
> - goto found_tlb;
> - }
> -
> - if (env->spr[SPR_BOOKE_PID2] &&
> - ppcmas_tlb_check(env, tlb, raddr, address,
> - env->spr[SPR_BOOKE_PID2]) >= 0) {
> - goto found_tlb;
> - }
> - } else {
> - if (ppcmas_tlb_check(env, tlb, raddr, address, epid) >= 0) {
> - goto found_tlb;
> - }
> - }
> -
> - qemu_log_mask(CPU_LOG_MMU, "%s: No TLB entry found for effective address "
> - "0x" TARGET_FMT_lx "\n", __func__, address);
> - return -1;
> -
> -found_tlb:
> -
> - /* Check the address space and permissions */
> - if (access_type == MMU_INST_FETCH) {
> - /* There is no way to fetch code using epid load */
> - assert(!use_epid);
> - as = FIELD_EX64(env->msr, MSR, IR);
> - }
> -
> - if (as != ((tlb->mas1 & MAS1_TS) >> MAS1_TS_SHIFT)) {
> - qemu_log_mask(CPU_LOG_MMU, "%s: AS doesn't match\n", __func__);
> - return -1;
> - }
> -
> - *prot = 0;
> - if (pr) {
> - if (tlb->mas7_3 & MAS3_UR) {
> - *prot |= PAGE_READ;
> - }
> - if (tlb->mas7_3 & MAS3_UW) {
> - *prot |= PAGE_WRITE;
> - }
> - if (tlb->mas7_3 & MAS3_UX) {
> - *prot |= PAGE_EXEC;
> - }
> - } else {
> - if (tlb->mas7_3 & MAS3_SR) {
> - *prot |= PAGE_READ;
> - }
> - if (tlb->mas7_3 & MAS3_SW) {
> - *prot |= PAGE_WRITE;
> - }
> - if (tlb->mas7_3 & MAS3_SX) {
> - *prot |= PAGE_EXEC;
> - }
> - }
> - if (CHECK_PROT_ACCESS(*prot, access_type)) {
> - qemu_log_mask(CPU_LOG_MMU, "%s: good TLB!\n", __func__);
> - return 0;
> - }
> -
> - qemu_log_mask(CPU_LOG_MMU, "%s: no prot match: %x\n", __func__, *prot);
> - return access_type == MMU_INST_FETCH ? -3 : -2;
> -}
> -
> -static int mmubooke206_get_physical_address(CPUPPCState *env, hwaddr *raddr,
> - int *prot, target_ulong address,
> - MMUAccessType access_type,
> - int mmu_idx)
> -{
> - ppcmas_tlb_t *tlb;
> - int i, j, ret = -1;
> -
> - for (i = 0; i < BOOKE206_MAX_TLBN; i++) {
> - int ways = booke206_tlb_ways(env, i);
> - for (j = 0; j < ways; j++) {
> - tlb = booke206_get_tlbm(env, i, address, j);
> - if (!tlb) {
> - continue;
> - }
> - ret = mmubooke206_check_tlb(env, tlb, raddr, prot, address,
> - access_type, mmu_idx);
> - if (ret != -1) {
> - goto found_tlb;
> - }
> - }
> - }
> -
> -found_tlb:
> -
> - qemu_log_mask(CPU_LOG_MMU, "%s: access %s " TARGET_FMT_lx " => "
> - HWADDR_FMT_plx " %d %d\n", __func__,
> - ret < 0 ? "refused" : "granted", address,
> - ret < 0 ? -1 : *raddr, ret == -1 ? 0 : *prot, ret);
> - return ret;
> -}
> -
> static const char *book3e_tsize_to_str[32] = {
> "1K", "2K", "4K", "8K", "16K", "32K", "64K", "128K", "256K", "512K",
> "1M", "2M", "4M", "8M", "16M", "32M", "64M", "128M", "256M", "512M",
> @@ -1107,118 +712,6 @@ static int get_physical_address_wtlb(CPUPPCState *env, mmu_ctx_t *ctx,
> }
> }
>
> -static void booke206_update_mas_tlb_miss(CPUPPCState *env, target_ulong address,
> - MMUAccessType access_type, int mmu_idx)
> -{
> - uint32_t epid;
> - bool as, pr;
> - uint32_t missed_tid = 0;
> - bool use_epid = mmubooke206_get_as(env, mmu_idx, &epid, &as, &pr);
> -
> - if (access_type == MMU_INST_FETCH) {
> - as = FIELD_EX64(env->msr, MSR, IR);
> - }
> - env->spr[SPR_BOOKE_MAS0] = env->spr[SPR_BOOKE_MAS4] & MAS4_TLBSELD_MASK;
> - env->spr[SPR_BOOKE_MAS1] = env->spr[SPR_BOOKE_MAS4] & MAS4_TSIZED_MASK;
> - env->spr[SPR_BOOKE_MAS2] = env->spr[SPR_BOOKE_MAS4] & MAS4_WIMGED_MASK;
> - env->spr[SPR_BOOKE_MAS3] = 0;
> - env->spr[SPR_BOOKE_MAS6] = 0;
> - env->spr[SPR_BOOKE_MAS7] = 0;
> -
> - /* AS */
> - if (as) {
> - env->spr[SPR_BOOKE_MAS1] |= MAS1_TS;
> - env->spr[SPR_BOOKE_MAS6] |= MAS6_SAS;
> - }
> -
> - env->spr[SPR_BOOKE_MAS1] |= MAS1_VALID;
> - env->spr[SPR_BOOKE_MAS2] |= address & MAS2_EPN_MASK;
> -
> - if (!use_epid) {
> - switch (env->spr[SPR_BOOKE_MAS4] & MAS4_TIDSELD_PIDZ) {
> - case MAS4_TIDSELD_PID0:
> - missed_tid = env->spr[SPR_BOOKE_PID];
> - break;
> - case MAS4_TIDSELD_PID1:
> - missed_tid = env->spr[SPR_BOOKE_PID1];
> - break;
> - case MAS4_TIDSELD_PID2:
> - missed_tid = env->spr[SPR_BOOKE_PID2];
> - break;
> - }
> - env->spr[SPR_BOOKE_MAS6] |= env->spr[SPR_BOOKE_PID] << 16;
> - } else {
> - missed_tid = epid;
> - env->spr[SPR_BOOKE_MAS6] |= missed_tid << 16;
> - }
> - env->spr[SPR_BOOKE_MAS1] |= (missed_tid << MAS1_TID_SHIFT);
> -
> -
> - /* next victim logic */
> - env->spr[SPR_BOOKE_MAS0] |= env->last_way << MAS0_ESEL_SHIFT;
> - env->last_way++;
> - env->last_way &= booke206_tlb_ways(env, 0) - 1;
> - env->spr[SPR_BOOKE_MAS0] |= env->last_way << MAS0_NV_SHIFT;
> -}
> -
> -static bool ppc_booke_xlate(PowerPCCPU *cpu, vaddr eaddr,
> - MMUAccessType access_type,
> - hwaddr *raddrp, int *psizep, int *protp,
> - int mmu_idx, bool guest_visible)
> -{
> - CPUState *cs = CPU(cpu);
> - CPUPPCState *env = &cpu->env;
> - hwaddr raddr;
> - int prot, ret;
> -
> - if (env->mmu_model == POWERPC_MMU_BOOKE206) {
> - ret = mmubooke206_get_physical_address(env, &raddr, &prot, eaddr,
> - access_type, mmu_idx);
> - } else {
> - ret = mmubooke_get_physical_address(env, &raddr, &prot, eaddr,
> - access_type);
> - }
> - if (ret == 0) {
> - *raddrp = raddr;
> - *protp = prot;
> - *psizep = TARGET_PAGE_BITS;
> - return true;
> - } else if (!guest_visible) {
> - return false;
> - }
> -
> - log_cpu_state_mask(CPU_LOG_MMU, cs, 0);
> - env->error_code = 0;
> - switch (ret) {
> - case -1:
> - /* No matches in page tables or TLB */
> - if (env->mmu_model == POWERPC_MMU_BOOKE206) {
> - booke206_update_mas_tlb_miss(env, eaddr, access_type, mmu_idx);
> - }
> - cs->exception_index = (access_type == MMU_INST_FETCH) ?
> - POWERPC_EXCP_ITLB : POWERPC_EXCP_DTLB;
> - env->spr[SPR_BOOKE_DEAR] = eaddr;
> - env->spr[SPR_BOOKE_ESR] = mmubooke206_esr(mmu_idx, access_type);
> - break;
> - case -2:
> - /* Access rights violation */
> - cs->exception_index = (access_type == MMU_INST_FETCH) ?
> - POWERPC_EXCP_ISI : POWERPC_EXCP_DSI;
> - if (access_type != MMU_INST_FETCH) {
> - env->spr[SPR_BOOKE_DEAR] = eaddr;
> - env->spr[SPR_BOOKE_ESR] = mmubooke206_esr(mmu_idx, access_type);
> - }
> - break;
> - case -3:
> - /* No execute protection violation */
> - cs->exception_index = POWERPC_EXCP_ISI;
> - env->spr[SPR_BOOKE_ESR] = 0;
> - break;
> - }
> -
> - return false;
> -}
> -
> /* Perform address translation */
> /* TODO: Split this by mmu_model. */
> static bool ppc_jumbo_xlate(PowerPCCPU *cpu, vaddr eaddr,
> diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
> index 680ca0b618..87bfe26220 100644
> --- a/target/ppc/mmu_helper.c
> +++ b/target/ppc/mmu_helper.c
> @@ -33,6 +33,7 @@
> #include "internal.h"
> #include "mmu-book3s-v3.h"
> #include "mmu-radix64.h"
> +#include "mmu-booke.h"
> #include "exec/helper-proto.h"
> #include "exec/cpu_ldst.h"
>
© 2016 - 2026 Red Hat, Inc.