aboutsummaryrefslogtreecommitdiff
path: root/target-ppc/mmu-hash64.c
AgeCommit message (Collapse)Author
2016-02-03log: do not unnecessarily include qom/cpu.hPaolo Bonzini
Split the bits that require it to exec/log.h. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Message-id: 1452174932-28657-8-git-send-email-den@openvz.org Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2016-01-30target-ppc: Helper to determine page size information from hpte aloneDavid Gibson
h_enter() in the spapr code needs to know the page size of the HPTE it's about to insert. Unlike other paths that do this, it doesn't have access to the SLB, so at the moment it determines this with some open-coded tests which assume POWER7 or POWER8 page size encodings. To make this more flexible add ppc_hash64_hpte_page_shift_noslb() to determine both the "base" page size per segment, and the individual effective page size from an HPTE alone. This means that the spapr code should now be able to handle any page size listed in the env->sps table. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Reviewed-by: Alexander Graf <agraf@suse.de>
2016-01-30target-ppc: Add new TLB invalidate by HPTE call for hash64 MMUsDavid Gibson
When HPTEs are removed or modified by hypercalls on spapr, we need to invalidate the relevant pages in the qemu TLB. Currently we do that by doing some complicated calculations to work out the right encoding for the tlbie instruction, then passing that to ppc_tlb_invalidate_one()... which totally ignores the argument and flushes the whole tlb. Avoid that by adding a new flush-by-hpte helper in mmu-hash64.c. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Reviewed-by: Alexander Graf <agraf@suse.de>
2016-01-30target-ppc: Use actual page size encodings from HPTEDavid Gibson
At present the 64-bit hash MMU code uses information from the SLB to determine the page size of a translation. We do need that information to correctly look up the hash table. However the MMU also allows a possibly larger page size to be encoded into the HPTE itself, which is used to populate the TLB. At present qemu doesn't check that, and so doesn't support the MPSS "Multiple Page Size per Segment" feature. This makes a start on allowing this, by adding an hpte_page_shift() function which looks up the page size of an HPTE. We use this to validate page sizes encodings on faults, and populate the qemu TLB with larger page sizes when appropriate. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Reviewed-by: Alexander Graf <agraf@suse.de>
2016-01-30target-ppc: Rework SLB page size lookupDavid Gibson
Currently, the ppc_hash64_page_shift() function looks up a page size based on information in an SLB entry. It open codes the bit translation for existing CPUs, however different CPU models can have different SLB encodings. We already store those in the 'sps' table in CPUPPCState, but we don't currently enforce that that actually matches the logic in ppc_hash64_page_shift. This patch reworks lookup of page size from SLB in several ways: * ppc_store_slb() will now fail (triggering an illegal instruction exception) if given a bad SLB page size encoding * On success ppc_store_slb() stores a pointer to the relevant entry in the page size table in the SLB entry. This is looked up directly from the published table of page size encodings, so can't get out ot sync. * ppc_hash64_htab_lookup() and others now use this precached page size information rather than decoding the SLB values * Now that callers have easy access to the page_shift, ppc_hash64_pte_raddr() amounts to just a deposit64(), so remove it and have the callers use deposit64() directly. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Reviewed-by: Alexander Graf <agraf@suse.de>
2016-01-30target-ppc: Rework ppc_store_slbDavid Gibson
ppc_store_slb updates the SLB for PPC cpus with 64-bit hash MMUs. Currently it takes two parameters, which contain values encoded as the register arguments to the slbmte instruction, one register contains the ESID portion of the SLBE and also the slot number, the other contains the VSID portion of the SLBE. We're shortly going to want to do some SLB updates from other code where it is more convenient to supply the slot number and ESID separately, so rework this function and its callers to work this way. As a bonus, this slightly simplifies the emulation of segment registers for when running a 32-bit OS on a 64-bit CPU. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Reviewed-by: Alexander Graf <agraf@suse.de>
2016-01-30target-ppc: Convert mmu-hash{32,64}.[ch] from CPUPPCState to PowerPCCPUDavid Gibson
Like a lot of places these files include a mixture of functions taking both the older CPUPPCState *env and newer PowerPCCPU *cpu. Move a step closer to cleaning this up by standardizing on PowerPCCPU, except for the helper_* functions which are called with the CPUPPCState * from tcg. Callers and some related functions are updated as well, the boundaries of what's changed here are a bit arbitrary. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Alexander Graf <agraf@suse.de>
2016-01-29ppc: Clean up includesPeter Maydell
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-6-git-send-email-peter.maydell@linaro.org
2015-12-17ppc: cleanup loggingPaolo Bonzini
Avoid "naked" qemu_log, bring documentation for DEBUG #defines up to date. Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-03-09target-ppc: Fix warnings from SparseStefan Weil
Sparse report: target-ppc/mmu-hash64.c:353:9: warning: returning void-valued expression target-ppc/mmu-hash64.c:620:9: warning: returning void-valued expression Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Alexander Graf <agraf@suse.de>
2015-03-09target-ppc: Use right page size with hash table lookupAneesh Kumar K.V
We look at two sizes specified in ISA (4K, 64K). If not found matching, we consider it 16MB. Without this patch we would fail to lookup address above 16MB range. Below 16MB happened to work before because the kernel have a liner mapping and we always looked up hash for 0xc000000000000000. The actual real address was computed by using the 16MB offset with the real address found with the above hash. Without Fix: (gdb) x/16x 0xc000000001000000 0xc000000001000000 <list_entries+453208>: Cannot access memory at address 0xc000000001000000 (gdb) With Fix: (gdb) x/16x 0xc000000001000000 0xc000000001000000 <list_entries+453208>: 0x00000000 0x00000000 0x00000000 0x00000000 0xc000000001000010 <list_entries+453224>: 0x00000000 0x00000000 0x00000000 0x00000000 0xc000000001000020 <list_entries+453240>: 0x00000000 0x00000000 0x00000000 0x00000000 0xc000000001000030 <list_entries+453256>: 0x00000000 0x00000000 0x00000000 0x00000000 Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-12-16qemu-log: add log category for MMU infoAntony Pavlov
Running barebox on qemu-system-mips* with '-d unimp' overloads stderr by very very many mips_cpu_handle_mmu_fault() messages: mips_cpu_handle_mmu_fault address=b80003fd ret 0 physical 00000000180003fd prot 3 mips_cpu_handle_mmu_fault address=a0800884 ret 0 physical 0000000000800884 prot 3 mips_cpu_handle_mmu_fault pc a080cd80 ad b80003fd rw 0 mmu_idx 0 So it's very difficult to find LOG_UNIMP message. The mips_cpu_handle_mmu_fault() messages appear on enabling ANY logging! It's not very handy. Adding separate log category for *_cpu_handle_mmu_fault() logging fixes the problem. Signed-off-by: Antony Pavlov <antonynpavlov@gmail.com> Acked-by: Alexander Graf <agraf@suse.de> Reviewed-by: Richard Henderson <rth@twiddle.net> Message-id: 1418489298-1184-1-git-send-email-antonynpavlov@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-28tcg: Invert the inclusion of helper.hRichard Henderson
Rather than include helper.h with N values of GEN_HELPER, include a secondary file that sets up the macros to include helper.h. This minimizes the files that must be rebuilt when changing the macros for file N. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <rth@twiddle.net>
2014-03-13cputlb: Change tlb_set_page() argument to CPUStateAndreas Färber
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13cputlb: Change tlb_flush() argument to CPUStateAndreas Färber
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13target-ppc: Use PowerPCCPU in PowerPCCPUClass::handle_mmu_fault hookAndreas Färber
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13cpu: Move exception_index field from CPU_COMMON to CPUStateAndreas Färber
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13target-ppc: Clean up ENV_GET_CPU() usageAndreas Färber
Commits fdfba1a298ae26dd44bcfdb0429314139a0bc55a, ab1da85791340e504d10487e1add81b9988afa98, f606604f1c10b60ef294f1b9b229426521a365e3 and 2c17449b3022ca9623c4a7e2a504a4150ac4ad30 added usages of ENV_GET_CPU() macro in target-specific code. Use ppc_env_get_cpu() instead. Cc: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Cc: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-05target-ppc: Update ppc_hash64_store_hpte to support updating in-kernel htabAneesh Kumar K.V
This support updating htab managed by the hypervisor. Currently we don't have any user for this feature. This actually bring the store_hpte interface in-line with the load_hpte one. We may want to use this when we want to emulate henter hcall in qemu for HV kvm. Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> [ folded fix for the "warn_unused_result" build break in kvmppc_hash64_write_pte(), Greg Kurz <gkurz@linux.vnet.ibm.com> ] Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05target-ppc: Change the hpte store APIAneesh Kumar K.V
For updating in kernel htab we need to provide both pte0 and pte1, hence update the interface to take pte0 and pte1 together Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> [ ldq_phys() API change, Greg Kurz <gkurz@linux.vnet.ibm.com> ] Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05target-ppc: Fix page table lookup with kvm enabledAneesh Kumar K.V
With kvm enabled, we store the hash page table information in the hypervisor. Use ioctl to read the htab contents. Without this we get the below error when trying to read the guest address (gdb) x/10 do_fork 0xc000000000098660 <do_fork>: Cannot access memory at address 0xc000000000098660 (gdb) Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> [ fixes for 32 bit build (casts!), ldq_phys() API change, Greg Kurz <gkurz@linux.vnet.ibm.com ] Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05target-ppc: Fix htab_mask calculationAneesh Kumar K.V
Correctly update the htab_mask using the return value of KVM_PPC_ALLOCATE_HTAB ioctl. Also we don't update sdr1 on GET_SREGS for HV. We check for external htab and if found true, we don't need to update sdr1 Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> [ fixed pte group offset computation in ppc_hash64_htab_lookup() that caused TCG to fail, Greg Kurz <gkurz@linux.vnet.ibm.com> ] Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05mmu-hash64: fix Virtual Page Class Key ProtectionCédric Le Goater
commit f80872e21c07edd06eb343eeeefc8af404b518a6 (mmu-hash64: Implement Virtual Page Class Key Protection) added a new page protection mechanism based on page keys and the AMR register to control access. The AMR register allows or prohibits reads and/or writes on a page depending on the control bits associated to the key. A store or a load is only permitted if the associate bit is 0 (Power ISA), and not 1 as the code is currently doing. This patch modifies ppc_hash64_amr_prot() to correct the protection check. This issue was unvailed by commit ccfb53ed6360cac0d5f6f7915ca9ae7eed866412 (target-ppc: fix Authority Mask Register init value) which changed the initialisation value of the AMR register to 0. Signed-off-by: Cédric Le Goater <clg@fr.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-07-09target-ppc: Change LOG_MMU_STATE() argument to CPUStateAndreas Färber
Choose CPUState rather than PowerPCCPU since doing a CPU() cast on the macro argument would hide type mismatches. Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-07-09log: Change log_cpu_state[_mask]() argument to CPUStateAndreas Färber
Since commit 878096eeb278a8ac1ccd6667af73e026f29b4cf5 (cpu: Turn cpu_dump_{state,statistics}() into CPUState hooks) CPUArchState is no longer needed. Add documentation and make the functions available through qemu/log.h outside NEED_CPU_H to allow use in qom/cpu.c. Moving them to qom/cpu.h was not yet possible due to convoluted include paths, so that some devices grow an implicit and unneeded dependency on qom/cpu.h for now. Acked-by: Michael Walle <michael@walle.cc> (for lm32) Reviewed-by: Richard Henderson <rth@twiddle.net> [AF: Simplified mb_cpu_do_interrupt() and do_interrupt_all() changes] Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-06-28kvm: Change cpu_synchronize_state() argument to CPUStateAndreas Färber
Change Monitor::mon_cpu to CPUState as well. Reviewed-by: liguang <lig.fnst@cn.fujitsu.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-03-22mmu-hash64: Implement Virtual Page Class Key ProtectionDavid Gibson
Version 2.06 of the Power architecture describes an additional page protection mechanism. Each virtual page has a "class" (0-31) recorded in the PTE. The AMR register contains bits which can prohibit reads and/or writes on a class by class basis. Interestingly, the AMR is userspace readable and writable, however user mode writes are masked by the contents of the UAMOR which is privileged. This patch implements this protection mechanism, along with the AMR and UAMOR SPRs. The architecture also specifies a hypervisor-privileged AMOR register which masks user and supervisor writes to the AMR and UAMOR. We leave this out for now, since we don't at present model hypervisor mode correctly in any case. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> [agraf: fix 32-bit hosts] Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Merge translate and fault handling functionsDavid Gibson
ppc_hash{32,64}_handle_mmu_fault() is now the only caller of ppc_hash{32,64{_translate(), so this patch combines them together. This means that instead of one returning a variety of non-obvious error codes which then get translated into the various mmu exception conditions, we can just generate the exceptions as we discover problems in the translation path. This also removes the last usage of mmu_ctx_hash{32,64}. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Don't use full ppc_hash{32, 64}_translate() path for ↵David Gibson
get_phys_page_debug() Currently the hash mmu versionsof get_phys_page_debug() use the same ppc64_hash64_translate() function to do the translation logic as the normal mm fault handler code. That sounds like a good idea, but has some complications. The debug path doesn't need, or even want some parts of the full translation path, like permissions checking. Furthermore, the pte flags update included in the normal path means that the debug call is not quite side effect free. This patch, therefore, reimplements get_phys_page_debug as the minimal required subset of the full translation path. Signed-off-by: David Gibson <david@gibson.dropbear.id.au>`z Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Correctly mask RPN from hash PTEDavid Gibson
BEHAVIOUR CHANGE At present we take the whole of word 1 of the hash PTE as the real page number used to calculate the translated address. This is incorrect, because it leaves the flags from the low bits of PTE word 1 in place in the rpm. We mostly get away with that because the value is later masked by TARGET_PAGE_MASK. More recent 64-bit CPUs also have a small number of flag bits (PP0 and KEY) in the top bits of PTE word 1. Any guest which used those bits would fail with the current code. This patch fixes the problem by correctly masking out the RPN field of PTE word 1. This is safe, even for older CPUs which didn't have PP0 and KEY, because although the RPN notionally extended to the very top of PTE word 1, none of those CPUs actually implemented that many real address bits. We add analogous masking to the 32-bit code, even though it also doesn't have the high flag bits, for consistency and clarity. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Clean up real address calculationDavid Gibson
More recent 64-bit hash MMUs support multiple page sizes, and PTEs for large pages only include the offset of the whole large page. But the qemu tlb only handles pages of the base size (4k) so we need to break up the large pages into 4k pieces for the qemu tlb. To do that we have a somewhat awkward piece of code that adds the folds address bits 4k and the page size from the virtual address into the real address from the pte. This patch simplifies this redefining the raddr output of ppc_hash64_translate() to be the full real address of the faulting address, rather than just the (4k) page offset. Computing that turns out to be simpler, and is fine for the caller, since it already masks with TARGET_PAGE_MASK before inserting into the qemu tlb. The multiple page size complication doesn't exist for 32-bit hash mmus, but we make an analogous cleanup there for consistency. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Clean up PTE flags updateDavid Gibson
Currently the ppc_hash{32,64}_pte_update_flags() helper functions update a PTE's referenced and changed bits as necessary to reflect the access. It is somewhat long winded, though. This patch open codes them in their (single) callers, in a simpler way. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash64: Factor SLB N bit into permissions bitsDavid Gibson
BEHAVIOUR CHANGE Currently, for 64-bit hash mmu, the execute protection bit placed into the qemu tlb is based only on the N (No execute) bit from the PTE. However, No Execute can also be set at the segment level. We do check this on execute faults, but this still means we could incorrectly allow execution of code from a No Execute segment, if a prior read or write fault caused the page to be loaded into the qemu tlb with PROT_EXEC set. To correct this, we (re-)check the segment level no execute permission when generating the protection bits for the qemu tlb. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Clean up permission checkingDavid Gibson
Currently checking of PTE permission bits is split messily amongst ppc_hash{32,64}_pp_check(), ppc_hash{32,64}_check_prot() and their callers. This patch cleans this up to have the new function ppc_hash{32,64}_pte_prot() compute the page permissions from the SLBE (for 64-bit) or segment register (32-bit) and the pte. A greatly simplified version of the actual permissions check is then open coded in the callers. The 32-bit version of ppc_hash32_pte_prot() is implemented in terms of ppc_hash32_pp_prot(), a renamed and slightly cleaned up version of the old ppc_hash32_pp_check(), which is also used for checking BAT permissions on the 601. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Don't update PTE flags when permission is deniedDavid Gibson
BEHAVIOUR CHANGE Currently if ppc_hash{32,64}_translate() finds a PTE matching the given virtual address, it will always update the PTE's R & C (Referenced and Changed) bits. This happens even if the PTE's permissions mean we are about to deny the translation. This is clearly a bug, although we get away with it because: a) It will only incorrectly set, never reset the bits, which should not cause guest correctness problems. b) Linux guests never use the R & C bits anyway. This patch fixes the behaviour, only updating R & C when access is granted by the PTE. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Fold pte_check*() logic into callerDavid Gibson
With previous cleanups made, the 32-bit and 64-bit pte_check*() functions are pretty trivial and only have one call site. This patch therefore clarifies the overall code flow by folding those functions into their call site. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash64: Clean up ppc_hash64_htab_lookup()David Gibson
This patch makes a general cleanup of the address mangling logic in ppc_hash64_htab_lookup(). In particular it now avoids repeatedly switching on the segment size. The lack of SLB and multiple segment sizes on 32-bit means an analogous cleanup is not needed there. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Remove permission checking from find_pte{32, 64}()David Gibson
find_pte{32,64}() are poorly named, since they both find a PTE and do permissions checking of it. This patch makes them only locate a matching PTE, moving the permission checking and other logic to the caller. We rename the resulting search functions ppc_hash{32,64}_htab_lookup(). Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Make find_pte{32, 64} do more of the job of finding ptesDavid Gibson
find_pte{32,64}() are not particularly well named. They only "find" a PTE within a given PTE group, and they also do permissions checking and other things. This patch makes it somewhat close to matching the name, by folding the search of both primary and secondary hash bucket into it, along with the various address bit shuffling to determine the right hash buckets. In the 32-bit case we also remove the code for splitting large pages into 4k pieces for the qemu tlb, since no 32-bit hash MMUs support multiple page sizes. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Separate PTEG searching from permissions checkingDavid Gibson
find_pte{32,64{() do several things. First they search through a PTEG ooking for a PTE matching our virtual address. Then they do permissions checking and other processing on that PTE. This patch separates the search by VA out from the rest. The search is combined with the pte{32,64}_match() functions into new ppc_has{32,64}_pteg_search() functions. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Don't keep looking for PTEs after we find a matchDavid Gibson
BEHAVIOUR CHANGE The ppc hash mmu hashes each virtual address to a primary and secondary possible hash bucket (aka PTE group or PTEG) each with 8 PTEs. Then we need a linear search through the PTEs to find the correct one for the virtual address we're translating. It is a programming error for the guest to insert multiple PTEs mapping the same virtual address into a PTEG - in this case the ppc architecture says the MMU can either act as if just one was present, or give a machine check. Currently our code takes the first matching PTE in a PTEG if it finds a successful translation. But if a matching PTE is found, but permission bits don't allow the access, we keep looking through the PTEG, checking that any other matching PTEs contain an identical translation. That behaviour is perhaps not exactly wrong, but it's certainly not useful. This patch changes it to always just find the first matching PTE in a PTEG. In addition, if we get a permissions problem on the primary PTEG, we then search the secondary PTEG. This is incorrect - a permission denying PTE in the primary PTEG should not be overwritten by an access granting PTE in the secondary (although again, it would be a programming error for the guest to set up such a situation anyway). So additionally we update the code to only search the secondary PTEG if no matching PTE is found in the primary at all. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Cleanup segment-level NX checkDavid Gibson
On the ppc hash mmus, no-execute can be set at the segment level (on more recent 64-bit hash mmus it can also be set at the page level). This patch separates out this check to make it clearer what is going on, and avoiding excessive indentation of the remaining translation code. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Combine ppc_hash{32, 64}_get_physical_address and get_segment{32, ↵David Gibson
64}() After previous work, ppc_hash{32,64}_get_physical_address() are almost trivial wrappers around get_segment{32,64}() which does nearly all the work of translating an address according to the hash mmu model. Therefore combine the two functions into one, under the better name of ppc_hash{32,64}_translate(). Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Remove eaddr field from mmu_ctx_hash{32, 64}David Gibson
The eaddr field of mmu_ctx_hash{32,64} is effectively just used to pass the effective address from get_segment{32,64}() to find_pte{32,64}(). Just pass it as a normal parameter instead. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash64: Remove nx from mmu_ctx_hash64David Gibson
The nx field in mmu_ctx_hash64 is used in two different functions. But its used for slightly different things in each place, and the value is never propagated between them. In other words, it might as well be two local variables. This patch makes it so. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Reduce use of access_typeDavid Gibson
In ppc env->access_type is updated by e.g. integer load/stores with ACCESS_INT floating point load/stores with ACCESS_FLOAT and so forth. In hash mmu fault paths it can also b set to ACCESS_CODE for instruction fetch accesses. But the only place which uses anything more of the access_type than whether it is instruction fetch or data access is the direct store segment handling. Instruction versus data access can be more simply determined from the rw value passed down from the top. This changes the code to use rw in preference to checking access_type. For the 32-bit case there is a small amount of code (for direct store segments) that still needs the full access type. Instead of passing it all the way down the stack, we retrieve it from the env structure, which is where it came anyway, before this patch. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Add hash pte load/store helpersDavid Gibson
On real hardware the ppc hash page table is stored in memory; accordingly our mmu emulation code can read a hash page table in guest memory. But, when paravirtualized under PAPR, the real hash page table is in host memory, accessible to the guest only via hypercalls. We model this by also allowing the MMU emulation code to access a specially allocated hash page table outside the guest's memory image. At present these two options are implemented with some ugly conditionals at each access point in the mmu emulation code. In the implementation of the PAPR hypercalls, we assume the external hash table. This patch cleans things up by adding helpers to load and store from the hash table for both 32-bit and 64-bit hash mmus. The 64-bit versions handle both the in-guest-memory and outside guest memory cases. The 32-bit versions only handle the in-guest-memory case since no 32-bit systems can have an external hash table at present. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Add header file for definitionsDavid Gibson
Currently cpu.h contains a number of definitions relating to the 64-bit hash MMU. Some are used in the MMU emulation code, but some are only used in the spapr MMU management hcall implementations. This patch moves these definitions (except for a few that are needed more widely) into mmu-hash64.h header, shared between the MMU emulation code and the spapr hcall code. The MMU emulation code is also updated to actually use a number of those definitions in place of hard coded constants. Similarly, we add new analogous definitions to mmu-hash32.h and use those in place of many hard-coded constants in mmu-hash32.c Signed-off-by: David Gibson <david@gibson.dropbear.id.au> [agraf: fix 32-bit hosts] Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22target-ppc: mmu_ctx_t should not be a global typeDavid Gibson
mmu_ctx_t is currently defined in cpu.h. However it is used for temporary information relating to mmu translation, and is only used in mmu_helper.c and (now) mmu-hash{32,64}.c. Furthermore it contains information which should be specific to particular MMU types. Therefore, move its definition to mmu_helper.c. mmu-hash{32,64}.c are converted to use new data types private to the relevant MMUs (identical to mmu_ctx_t for now, but that will change in future patches). Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22target-ppc: Don't share get_pteg_offset() between 32 and 64-bitDavid Gibson
The get_pteg_offset() helper function is currently shared between 32-bit and 64-bit hash mmus, taking a parameter for the hash pte size. In the 64-bit paths, it's only called in one place, and it's a trivial calculation. This patch, therefore, open codes it for 64-bit. The remaining version, which is used in two places is made 32-bit only and moved to mmu-hash32.c. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>