diff options
111 files changed, 1564 insertions, 1343 deletions
diff --git a/MAINTAINERS b/MAINTAINERS index a73a61a546..9424a490d6 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -1158,10 +1158,11 @@ F: include/hw/timer/sun4v-rtc.h Leon3 M: Fabien Chouteau <chouteau@adacore.com> +M: KONRAD Frederic <frederic.konrad@adacore.com> S: Maintained F: hw/sparc/leon3.c F: hw/*/grlib* -F: include/hw/sparc/grlib.h +F: include/hw/*/grlib* S390 Machines ------------- diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c index a083324768..cdcc377102 100644 --- a/accel/tcg/cputlb.c +++ b/accel/tcg/cputlb.c @@ -855,6 +855,25 @@ static inline ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr) return ram_addr; } +/* + * Note: tlb_fill() can trigger a resize of the TLB. This means that all of the + * caller's prior references to the TLB table (e.g. CPUTLBEntry pointers) must + * be discarded and looked up again (e.g. via tlb_entry()). + */ +static void tlb_fill(CPUState *cpu, target_ulong addr, int size, + MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) +{ + CPUClass *cc = CPU_GET_CLASS(cpu); + bool ok; + + /* + * This is not a probe, so only valid return is success; failure + * should result in exception + longjmp to the cpu loop. + */ + ok = cc->tlb_fill(cpu, addr, size, access_type, mmu_idx, false, retaddr); + assert(ok); +} + static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry, int mmu_idx, target_ulong addr, uintptr_t retaddr, MMUAccessType access_type, int size) @@ -938,6 +957,16 @@ static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry, } } +static inline target_ulong tlb_read_ofs(CPUTLBEntry *entry, size_t ofs) +{ +#if TCG_OVERSIZED_GUEST + return *(target_ulong *)((uintptr_t)entry + ofs); +#else + /* ofs might correspond to .addr_write, so use atomic_read */ + return atomic_read((target_ulong *)((uintptr_t)entry + ofs)); +#endif +} + /* Return true if ADDR is present in the victim tlb, and has been copied back to the main tlb. */ static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index, @@ -948,14 +977,7 @@ static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index, assert_cpu_is_self(ENV_GET_CPU(env)); for (vidx = 0; vidx < CPU_VTLB_SIZE; ++vidx) { CPUTLBEntry *vtlb = &env->tlb_v_table[mmu_idx][vidx]; - target_ulong cmp; - - /* elt_ofs might correspond to .addr_write, so use atomic_read */ -#if TCG_OVERSIZED_GUEST - cmp = *(target_ulong *)((uintptr_t)vtlb + elt_ofs); -#else - cmp = atomic_read((target_ulong *)((uintptr_t)vtlb + elt_ofs)); -#endif + target_ulong cmp = tlb_read_ofs(vtlb, elt_ofs); if (cmp == page) { /* Found entry in victim tlb, swap tlb and iotlb. */ @@ -1039,6 +1061,56 @@ void probe_write(CPUArchState *env, target_ulong addr, int size, int mmu_idx, } } +void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr, + MMUAccessType access_type, int mmu_idx) +{ + CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr); + uintptr_t tlb_addr, page; + size_t elt_ofs; + + switch (access_type) { + case MMU_DATA_LOAD: + elt_ofs = offsetof(CPUTLBEntry, addr_read); + break; + case MMU_DATA_STORE: + elt_ofs = offsetof(CPUTLBEntry, addr_write); + break; + case MMU_INST_FETCH: + elt_ofs = offsetof(CPUTLBEntry, addr_code); + break; + default: + g_assert_not_reached(); + } + + page = addr & TARGET_PAGE_MASK; + tlb_addr = tlb_read_ofs(entry, elt_ofs); + + if (!tlb_hit_page(tlb_addr, page)) { + uintptr_t index = tlb_index(env, mmu_idx, addr); + + if (!victim_tlb_hit(env, mmu_idx, index, elt_ofs, page)) { + CPUState *cs = ENV_GET_CPU(env); + CPUClass *cc = CPU_GET_CLASS(cs); + + if (!cc->tlb_fill(cs, addr, 0, access_type, mmu_idx, true, 0)) { + /* Non-faulting page table read failed. */ + return NULL; + } + + /* TLB resize via tlb_fill may have moved the entry. */ + entry = tlb_entry(env, mmu_idx, addr); + } + tlb_addr = tlb_read_ofs(entry, elt_ofs); + } + + if (tlb_addr & ~TARGET_PAGE_MASK) { + /* IO access */ + return NULL; + } + + return (void *)((uintptr_t)addr + entry->addend); +} + /* Probe for a read-modify-write atomic operation. Do not allow unaligned * operations, or io operations to proceed. Return the host address. */ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr, diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c index 0789984fe6..8cfbeb1b56 100644 --- a/accel/tcg/user-exec.c +++ b/accel/tcg/user-exec.c @@ -63,8 +63,8 @@ static inline int handle_cpu_signal(uintptr_t pc, siginfo_t *info, { CPUState *cpu = current_cpu; CPUClass *cc; - int ret; unsigned long address = (unsigned long)info->si_addr; + MMUAccessType access_type; /* We must handle PC addresses from two different sources: * a call return address and a signal frame address. @@ -147,35 +147,17 @@ static inline int handle_cpu_signal(uintptr_t pc, siginfo_t *info, are still valid segv ones */ address = h2g_nocheck(address); - cc = CPU_GET_CLASS(cpu); - /* see if it is an MMU fault */ - g_assert(cc->handle_mmu_fault); - ret = cc->handle_mmu_fault(cpu, address, 0, is_write, MMU_USER_IDX); - - if (ret == 0) { - /* The MMU fault was handled without causing real CPU fault. - * Retain helper_retaddr for a possible second fault. - */ - return 1; - } - - /* All other paths lead to cpu_exit; clear helper_retaddr - * for next execution. + /* + * There is no way the target can handle this other than raising + * an exception. Undo signal and retaddr state prior to longjmp. */ - helper_retaddr = 0; - - if (ret < 0) { - return 0; /* not an MMU fault */ - } - - /* Now we have a real cpu fault. */ - cpu_restore_state(cpu, pc, true); - sigprocmask(SIG_SETMASK, old_set, NULL); - cpu_loop_exit(cpu); + helper_retaddr = 0; - /* never comes here */ - return 1; + cc = CPU_GET_CLASS(cpu); + access_type = is_write ? MMU_DATA_STORE : MMU_DATA_LOAD; + cc->tlb_fill(cpu, address, 0, access_type, MMU_USER_IDX, false, pc); + g_assert_not_reached(); } #if defined(__i386__) diff --git a/hw/char/escc.c b/hw/char/escc.c index 628f5f81f7..c5b05a63f1 100644 --- a/hw/char/escc.c +++ b/hw/char/escc.c @@ -509,6 +509,13 @@ static void escc_mem_write(void *opaque, hwaddr addr, break; case SERIAL_DATA: trace_escc_mem_writeb_data(CHN_C(s), val); + /* + * Lower the irq when data is written to the Tx buffer and no other + * interrupts are currently pending. The irq will be raised again once + * the Tx buffer becomes empty below. + */ + s->txint = 0; + escc_update_irq(s); s->tx = val; if (s->wregs[W_TXCTRL2] & TXCTRL2_TXEN) { // tx enabled if (qemu_chr_fe_backend_connected(&s->chr)) { diff --git a/hw/char/grlib_apbuart.c b/hw/char/grlib_apbuart.c index e1d258b611..9623016d56 100644 --- a/hw/char/grlib_apbuart.c +++ b/hw/char/grlib_apbuart.c @@ -1,7 +1,7 @@ /* * QEMU GRLIB APB UART Emulator * - * Copyright (c) 2010-2011 AdaCore + * Copyright (c) 2010-2019 AdaCore * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -23,6 +23,7 @@ */ #include "qemu/osdep.h" +#include "hw/sparc/grlib.h" #include "hw/sysbus.h" #include "chardev/char-fe.h" @@ -68,7 +69,6 @@ #define FIFO_LENGTH 1024 -#define TYPE_GRLIB_APB_UART "grlib,apbuart" #define GRLIB_APB_UART(obj) \ OBJECT_CHECK(UART, (obj), TYPE_GRLIB_APB_UART) diff --git a/hw/intc/grlib_irqmp.c b/hw/intc/grlib_irqmp.c index d6f9cb3692..20accb6c4d 100644 --- a/hw/intc/grlib_irqmp.c +++ b/hw/intc/grlib_irqmp.c @@ -3,7 +3,7 @@ * * (Multiprocessor and extended interrupt not supported) * - * Copyright (c) 2010-2011 AdaCore + * Copyright (c) 2010-2019 AdaCore * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -47,7 +47,6 @@ #define FORCE_OFFSET 0x80 #define EXTENDED_OFFSET 0xC0 -#define TYPE_GRLIB_IRQMP "grlib,irqmp" #define GRLIB_IRQMP(obj) OBJECT_CHECK(IRQMP, (obj), TYPE_GRLIB_IRQMP) typedef struct IRQMPState IRQMPState; diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs index c71e07ae35..77b9df9796 100644 --- a/hw/misc/Makefile.objs +++ b/hw/misc/Makefile.objs @@ -77,3 +77,5 @@ obj-$(CONFIG_AUX) += auxbus.o obj-$(CONFIG_ASPEED_SOC) += aspeed_scu.o aspeed_sdmc.o obj-$(CONFIG_MSF2) += msf2-sysreg.o obj-$(CONFIG_NRF51_SOC) += nrf51_rng.o + +obj-$(CONFIG_GRLIB) += grlib_ahb_apb_pnp.o diff --git a/hw/misc/grlib_ahb_apb_pnp.c b/hw/misc/grlib_ahb_apb_pnp.c new file mode 100644 index 0000000000..7338461694 --- /dev/null +++ b/hw/misc/grlib_ahb_apb_pnp.c @@ -0,0 +1,269 @@ +/* + * GRLIB AHB APB PNP + * + * Copyright (C) 2019 AdaCore + * + * Developed by : + * Frederic Konrad <frederic.konrad@adacore.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see <http://www.gnu.org/licenses/>. + * + */ + +#include "qemu/osdep.h" +#include "hw/sysbus.h" +#include "hw/misc/grlib_ahb_apb_pnp.h" + +#define GRLIB_PNP_VENDOR_SHIFT (24) +#define GRLIB_PNP_VENDOR_SIZE (8) +#define GRLIB_PNP_DEV_SHIFT (12) +#define GRLIB_PNP_DEV_SIZE (12) +#define GRLIB_PNP_VER_SHIFT (5) +#define GRLIB_PNP_VER_SIZE (5) +#define GRLIB_PNP_IRQ_SHIFT (0) +#define GRLIB_PNP_IRQ_SIZE (5) +#define GRLIB_PNP_ADDR_SHIFT (20) +#define GRLIB_PNP_ADDR_SIZE (12) +#define GRLIB_PNP_MASK_SHIFT (4) +#define GRLIB_PNP_MASK_SIZE (12) + +#define GRLIB_AHB_DEV_ADDR_SHIFT (20) +#define GRLIB_AHB_DEV_ADDR_SIZE (12) +#define GRLIB_AHB_ENTRY_SIZE (0x20) +#define GRLIB_AHB_MAX_DEV (64) +#define GRLIB_AHB_SLAVE_OFFSET (0x800) + +#define GRLIB_APB_DEV_ADDR_SHIFT (8) +#define GRLIB_APB_DEV_ADDR_SIZE (12) +#define GRLIB_APB_ENTRY_SIZE (0x08) +#define GRLIB_APB_MAX_DEV (512) + +#define GRLIB_PNP_MAX_REGS (0x1000) + +typedef struct AHBPnp { + SysBusDevice parent_obj; + MemoryRegion iomem; + + uint32_t regs[GRLIB_PNP_MAX_REGS >> 2]; + uint8_t master_count; + uint8_t slave_count; +} AHBPnp; + +void grlib_ahb_pnp_add_entry(AHBPnp *dev, uint32_t address, uint32_t mask, + uint8_t vendor, uint16_t device, int slave, + int type) +{ + unsigned int reg_start; + + /* + * AHB entries look like this: + * + * 31 -------- 23 -------- 11 ----- 9 -------- 4 --- 0 + * | VENDOR ID | DEVICE ID | IRQ ? | VERSION | IRQ | + * -------------------------------------------------- + * | USER | + * -------------------------------------------------- + * | USER | + * -------------------------------------------------- + * | USER | + * -------------------------------------------------- + * | USER | + * -------------------------------------------------- + * 31 ----------- 20 --- 15 ----------------- 3 ---- 0 + * | ADDR[31..12] | 00PC | MASK | TYPE | + * -------------------------------------------------- + * 31 ----------- 20 --- 15 ----------------- 3 ---- 0 + * | ADDR[31..12] | 00PC | MASK | TYPE | + * -------------------------------------------------- + * 31 ----------- 20 --- 15 ----------------- 3 ---- 0 + * | ADDR[31..12] | 00PC | MASK | TYPE | + * -------------------------------------------------- + * 31 ----------- 20 --- 15 ----------------- 3 ---- 0 + * | ADDR[31..12] | 00PC | MASK | TYPE | + * -------------------------------------------------- + */ + + if (slave) { + assert(dev->slave_count < GRLIB_AHB_MAX_DEV); + reg_start = (GRLIB_AHB_SLAVE_OFFSET + + (dev->slave_count * GRLIB_AHB_ENTRY_SIZE)) >> 2; + dev->slave_count++; + } else { + assert(dev->master_count < GRLIB_AHB_MAX_DEV); + reg_start = (dev->master_count * GRLIB_AHB_ENTRY_SIZE) >> 2; + dev->master_count++; + } + + dev->regs[reg_start] = deposit32(dev->regs[reg_start], + GRLIB_PNP_VENDOR_SHIFT, + GRLIB_PNP_VENDOR_SIZE, + vendor); + dev->regs[reg_start] = deposit32(dev->regs[reg_start], + GRLIB_PNP_DEV_SHIFT, + GRLIB_PNP_DEV_SIZE, + device); + reg_start += 4; + /* AHB Memory Space */ + dev->regs[reg_start] = type; + dev->regs[reg_start] = deposit32(dev->regs[reg_start], + GRLIB_PNP_ADDR_SHIFT, + GRLIB_PNP_ADDR_SIZE, + extract32(address, + GRLIB_AHB_DEV_ADDR_SHIFT, + GRLIB_AHB_DEV_ADDR_SIZE)); + dev->regs[reg_start] = deposit32(dev->regs[reg_start], + GRLIB_PNP_MASK_SHIFT, + GRLIB_PNP_MASK_SIZE, + mask); +} + +static uint64_t grlib_ahb_pnp_read(void *opaque, hwaddr offset, unsigned size) +{ + AHBPnp *ahb_pnp = GRLIB_AHB_PNP(opaque); + + return ahb_pnp->regs[offset >> 2]; +} + +static const MemoryRegionOps grlib_ahb_pnp_ops = { + .read = grlib_ahb_pnp_read, + .endianness = DEVICE_BIG_ENDIAN, +}; + +static void grlib_ahb_pnp_realize(DeviceState *dev, Error **errp) +{ + AHBPnp *ahb_pnp = GRLIB_AHB_PNP(dev); + SysBusDevice *sbd = SYS_BUS_DEVICE(dev); + + memory_region_init_io(&ahb_pnp->iomem, OBJECT(dev), &grlib_ahb_pnp_ops, + ahb_pnp, TYPE_GRLIB_AHB_PNP, GRLIB_PNP_MAX_REGS); + sysbus_init_mmio(sbd, &ahb_pnp->iomem); +} + +static void grlib_ahb_pnp_class_init(ObjectClass *klass, void *data) +{ + DeviceClass *dc = DEVICE_CLASS(klass); + + dc->realize = grlib_ahb_pnp_realize; +} + +static const TypeInfo grlib_ahb_pnp_info = { + .name = TYPE_GRLIB_AHB_PNP, + .parent = TYPE_SYS_BUS_DEVICE, + .instance_size = sizeof(AHBPnp), + .class_init = grlib_ahb_pnp_class_init, +}; + +/* APBPnp */ + +typedef struct APBPnp { + SysBusDevice parent_obj; + MemoryRegion iomem; + + uint32_t regs[GRLIB_PNP_MAX_REGS >> 2]; + uint32_t entry_count; +} APBPnp; + +void grlib_apb_pnp_add_entry(APBPnp *dev, uint32_t address, uint32_t mask, + uint8_t vendor, uint16_t device, uint8_t version, + uint8_t irq, int type) +{ + unsigned int reg_start; + + /* + * APB entries look like this: + * + * 31 -------- 23 -------- 11 ----- 9 ------- 4 --- 0 + * | VENDOR ID | DEVICE ID | IRQ ? | VERSION | IRQ | + * + * 31 ---------- 20 --- 15 ----------------- 3 ---- 0 + * | ADDR[20..8] | 0000 | MASK | TYPE | + */ + + assert(dev->entry_count < GRLIB_APB_MAX_DEV); + reg_start = (dev->entry_count * GRLIB_APB_ENTRY_SIZE) >> 2; + dev->entry_count++; + + dev->regs[reg_start] = deposit32(dev->regs[reg_start], + GRLIB_PNP_VENDOR_SHIFT, + GRLIB_PNP_VENDOR_SIZE, + vendor); + dev->regs[reg_start] = deposit32(dev->regs[reg_start], + GRLIB_PNP_DEV_SHIFT, + GRLIB_PNP_DEV_SIZE, + device); + dev->regs[reg_start] = deposit32(dev->regs[reg_start], + GRLIB_PNP_VER_SHIFT, + GRLIB_PNP_VER_SIZE, + version); + dev->regs[reg_start] = deposit32(dev->regs[reg_start], + GRLIB_PNP_IRQ_SHIFT, + GRLIB_PNP_IRQ_SIZE, + irq); + reg_start += 1; + dev->regs[reg_start] = type; + dev->regs[reg_start] = deposit32(dev->regs[reg_start], + GRLIB_PNP_ADDR_SHIFT, + GRLIB_PNP_ADDR_SIZE, + extract32(address, + GRLIB_APB_DEV_ADDR_SHIFT, + GRLIB_APB_DEV_ADDR_SIZE)); + dev->regs[reg_start] = deposit32(dev->regs[reg_start], + GRLIB_PNP_MASK_SHIFT, + GRLIB_PNP_MASK_SIZE, + mask); +} + +static uint64_t grlib_apb_pnp_read(void *opaque, hwaddr offset, unsigned size) +{ + APBPnp *apb_pnp = GRLIB_APB_PNP(opaque); + + return apb_pnp->regs[offset >> 2]; +} + +static const MemoryRegionOps grlib_apb_pnp_ops = { + .read = grlib_apb_pnp_read, + .endianness = DEVICE_BIG_ENDIAN, +}; + +static void grlib_apb_pnp_realize(DeviceState *dev, Error **errp) +{ + APBPnp *apb_pnp = GRLIB_APB_PNP(dev); + SysBusDevice *sbd = SYS_BUS_DEVICE(dev); + + memory_region_init_io(&apb_pnp->iomem, OBJECT(dev), &grlib_apb_pnp_ops, + apb_pnp, TYPE_GRLIB_APB_PNP, GRLIB_PNP_MAX_REGS); + sysbus_init_mmio(sbd, &apb_pnp->iomem); +} + +static void grlib_apb_pnp_class_init(ObjectClass *klass, void *data) +{ + DeviceClass *dc = DEVICE_CLASS(klass); + + dc->realize = grlib_apb_pnp_realize; +} + +static const TypeInfo grlib_apb_pnp_info = { + .name = TYPE_GRLIB_APB_PNP, + .parent = TYPE_SYS_BUS_DEVICE, + .instance_size = sizeof(APBPnp), + .class_init = grlib_apb_pnp_class_init, +}; + +static void grlib_ahb_apb_pnp_register_types(void) +{ + type_register_static(&grlib_ahb_pnp_info); + type_register_static(&grlib_apb_pnp_info); +} + +type_init(grlib_ahb_apb_pnp_register_types) diff --git a/hw/net/e1000.c b/hw/net/e1000.c index 9b39bccfb2..121452d508 100644 --- a/hw/net/e1000.c +++ b/hw/net/e1000.c @@ -901,7 +901,6 @@ e1000_receive_iov(NetClientState *nc, const struct iovec *iov, int iovcnt) if (size < sizeof(min_buf)) { iov_to_buf(iov, iovcnt, 0, min_buf, size); memset(&min_buf[size], 0, sizeof(min_buf) - size); - e1000x_inc_reg_if_not_full(s->mac_reg, RUC); min_iov.iov_base = filter_buf = min_buf; min_iov.iov_len = size = sizeof(min_buf); iovcnt = 1; diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c index be3cc88370..a6b719035c 100644 --- a/hw/net/vhost_net.c +++ b/hw/net/vhost_net.c @@ -244,6 +244,11 @@ static int vhost_net_start_one(struct vhost_net *net, qemu_set_fd_handler(net->backend, NULL, NULL, NULL); file.fd = net->backend; for (file.index = 0; file.index < net->dev.nvqs; ++file.index) { + if (!virtio_queue_enabled(dev, net->dev.vq_index + + file.index)) { + /* Queue might not be ready for start */ + continue; + } r = vhost_net_set_backend(&net->dev, &file); if (r < 0) { r = -errno; @@ -256,6 +261,11 @@ fail: file.fd = -1; if (net->nc->info->type == NET_CLIENT_DRIVER_TAP) { while (file.index-- > 0) { + if (!virtio_queue_enabled(dev, net->dev.vq_index + + file.index)) { + /* Queue might not be ready for start */ + continue; + } int r = vhost_net_set_backend(&net->dev, &file); assert(r >= 0); } diff --git a/hw/sparc/leon3.c b/hw/sparc/leon3.c index 0383b17c29..bdead85a93 100644 --- a/hw/sparc/leon3.c +++ b/hw/sparc/leon3.c @@ -1,7 +1,7 @@ /* * QEMU Leon3 System Emulator * - * Copyright (c) 2010-2011 AdaCore + * Copyright (c) 2010-2019 AdaCore * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -39,20 +39,88 @@ #include "exec/address-spaces.h" #include "hw/sparc/grlib.h" +#include "hw/misc/grlib_ahb_apb_pnp.h" /* Default system clock. */ #define CPU_CLK (40 * 1000 * 1000) -#define PROM_FILENAME "u-boot.bin" +#define LEON3_PROM_FILENAME "u-boot.bin" +#define LEON3_PROM_OFFSET (0x00000000) +#define LEON3_RAM_OFFSET (0x40000000) #define MAX_PILS 16 +#define LEON3_UART_OFFSET (0x80000100) +#define LEON3_UART_IRQ (3) + +#define LEON3_IRQMP_OFFSET (0x80000200) + +#define LEON3_TIMER_OFFSET (0x80000300) +#define LEON3_TIMER_IRQ (6) +#define LEON3_TIMER_COUNT (2) + +#define LEON3_APB_PNP_OFFSET (0x800FF000) +#define LEON3_AHB_PNP_OFFSET (0xFFFFF000) + typedef struct ResetData { SPARCCPU *cpu; uint32_t entry; /* save kernel entry in case of reset */ target_ulong sp; /* initial stack pointer */ } ResetData; +static uint32_t *gen_store_u32(uint32_t *code, hwaddr addr, uint32_t val) +{ + stl_p(code++, 0x82100000); /* mov %g0, %g1 */ + stl_p(code++, 0x84100000); /* mov %g0, %g2 */ + stl_p(code++, 0x03000000 + + extract32(addr, 10, 22)); + /* sethi %hi(addr), %g1 */ + stl_p(code++, 0x82106000 + + extract32(addr, 0, 10)); + /* or %g1, addr, %g1 */ + stl_p(code++, 0x05000000 + + extract32(val, 10, 22)); + /* sethi %hi(val), %g2 */ + stl_p(code++, 0x8410a000 + + extract32(val, 0, 10)); + /* or %g2, val, %g2 */ + stl_p(code++, 0xc4204000); /* st %g2, [ %g1 ] */ + + return code; +} + +/* + * When loading a kernel in RAM the machine is expected to be in a different + * state (eg: initialized by the bootloader). This little code reproduces + * this behavior. + */ +static void write_bootloader(CPUSPARCState *env, uint8_t *base, + hwaddr kernel_addr) +{ + uint32_t *p = (uint32_t *) base; + + /* Initialize the UARTs */ + /* *UART_CONTROL = UART_RECEIVE_ENABLE | UART_TRANSMIT_ENABLE; */ + p = gen_store_u32(p, 0x80000108, 3); + + /* Initialize the TIMER 0 */ + /* *GPTIMER_SCALER_RELOAD = 40 - 1; */ + p = gen_store_u32(p, 0x80000304, 39); + /* *GPTIMER0_COUNTER_RELOAD = 0xFFFE; */ + p = gen_store_u32(p, 0x80000314, 0xFFFFFFFE); + /* *GPTIMER0_CONFIG = GPTIMER_ENABLE | GPTIMER_RESTART; */ + p = gen_store_u32(p, 0x80000318, 3); + + /* JUMP to the entry point */ + stl_p(p++, 0x82100000); /* mov %g0, %g1 */ + stl_p(p++, 0x03000000 + extract32(kernel_addr, 10, 22)); + /* sethi %hi(kernel_addr), %g1 */ + stl_p(p++, 0x82106000 + extract32(kernel_addr, 0, 10)); + /* or kernel_addr, %g1 */ + stl_p(p++, 0x81c04000); /* jmp %g1 */ + stl_p(p++, 0x01000000); /* nop */ +} + static void main_cpu_reset(void *opaque) { ResetData *s = (ResetData *)opaque; @@ -121,6 +189,10 @@ static void leon3_generic_hw_init(MachineState *machine) int bios_size; int prom_size; ResetData *reset_info; + DeviceState *dev; + int i; + AHBPnp *ahb_pnp; + APBPnp *apb_pnp; /* Init CPU */ cpu = SPARC_CPU(cpu_create(machine->cpu_type)); @@ -131,13 +203,35 @@ static void leon3_generic_hw_init(MachineState *machine) /* Reset data */ reset_info = g_malloc0(sizeof(ResetData)); reset_info->cpu = cpu; - reset_info->sp = 0x40000000 + ram_size; + reset_info->sp = LEON3_RAM_OFFSET + ram_size; qemu_register_reset(main_cpu_reset, reset_info); - /* Allocate IRQ manager */ - grlib_irqmp_create(0x80000200, env, &cpu_irqs, MAX_PILS, &leon3_set_pil_in); + ahb_pnp = GRLIB_AHB_PNP(object_new(TYPE_GRLIB_AHB_PNP)); + object_property_set_bool(OBJECT(ahb_pnp), true, "realized", &error_fatal); + sysbus_mmio_map(SYS_BUS_DEVICE(ahb_pnp), 0, LEON3_AHB_PNP_OFFSET); + grlib_ahb_pnp_add_entry(ahb_pnp, 0, 0, GRLIB_VENDOR_GAISLER, + GRLIB_LEON3_DEV, GRLIB_AHB_MASTER, + GRLIB_CPU_AREA); + apb_pnp = GRLIB_APB_PNP(object_new(TYPE_GRLIB_APB_PNP)); + object_property_set_bool(OBJECT(apb_pnp), true, "realized", &error_fatal); + sysbus_mmio_map(SYS_BUS_DEVICE(apb_pnp), 0, LEON3_APB_PNP_OFFSET); + grlib_ahb_pnp_add_entry(ahb_pnp, LEON3_APB_PNP_OFFSET, 0xFFF, + GRLIB_VENDOR_GAISLER, GRLIB_APBMST_DEV, + GRLIB_AHB_SLAVE, GRLIB_AHBMEM_AREA); + + /* Allocate IRQ manager */ + dev = qdev_create(NULL, TYPE_GRLIB_IRQMP); + qdev_prop_set_ptr(dev, "set_pil_in", leon3_set_pil_in); + qdev_prop_set_ptr(dev, "set_pil_in_opaque", env); + qdev_init_nofail(dev); + sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, LEON3_IRQMP_OFFSET); + env->irq_manager = dev; env->qemu_irq_ack = leon3_irq_manager; + cpu_irqs = qemu_allocate_irqs(grlib_irqmp_set_irq, dev, MAX_PILS); + grlib_apb_pnp_add_entry(apb_pnp, LEON3_IRQMP_OFFSET, 0xFFF, + GRLIB_VENDOR_GAISLER, GRLIB_IRQMP_DEV, + 2, 0, GRLIB_APBIO_AREA); /* Allocate RAM */ if (ram_size > 1 * GiB) { @@ -148,17 +242,17 @@ static void leon3_generic_hw_init(MachineState *machine) } memory_region_allocate_system_memory(ram, NULL, "leon3.ram", ram_size); - memory_region_add_subregion(address_space_mem, 0x40000000, ram); + memory_region_add_subregion(address_space_mem, LEON3_RAM_OFFSET, ram); /* Allocate BIOS */ prom_size = 8 * MiB; memory_region_init_ram(prom, NULL, "Leon3.bios", prom_size, &error_fatal); memory_region_set_readonly(prom, true); - memory_region_add_subregion(address_space_mem, 0x00000000, prom); + memory_region_add_subregion(address_space_mem, LEON3_PROM_OFFSET, prom); /* Load boot prom */ if (bios_name == NULL) { - bios_name = PROM_FILENAME; + bios_name = LEON3_PROM_FILENAME; } filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name); @@ -174,13 +268,15 @@ static void leon3_generic_hw_init(MachineState *machine) } if (bios_size > 0) { - ret = load_image_targphys(filename, 0x00000000, bios_size); + ret = load_image_targphys(filename, LEON3_PROM_OFFSET, bios_size); if (ret < 0 || ret > prom_size) { error_report("could not load prom '%s'", filename); exit(1); } } else if (kernel_filename == NULL && !qtest_enabled()) { - error_report("Can't read bios image %s", filename); + error_report("Can't read bios image '%s'", filename + ? filename + : LEON3_PROM_FILENAME); exit(1); } g_free(filename); @@ -202,19 +298,48 @@ static void leon3_generic_hw_init(MachineState *machine) exit(1); } if (bios_size <= 0) { - /* If there is no bios/monitor, start the application. */ - env->pc = entry; - env->npc = entry + 4; - reset_info->entry = entry; + /* + * If there is no bios/monitor just start the application but put + * the machine in an initialized state through a little + * bootloader. + */ + uint8_t *bootloader_entry; + + bootloader_entry = memory_region_get_ram_ptr(prom); + write_bootloader(env, bootloader_entry, entry); + env->pc = LEON3_PROM_OFFSET; + env->npc = LEON3_PROM_OFFSET + 4; + reset_info->entry = LEON3_PROM_OFFSET; } } /* Allocate timers */ - grlib_gptimer_create(0x80000300, 2, CPU_CLK, cpu_irqs, 6); + dev = qdev_create(NULL, TYPE_GRLIB_GPTIMER); + qdev_prop_set_uint32(dev, "nr-timers", LEON3_TIMER_COUNT); + qdev_prop_set_uint32(dev, "frequency", CPU_CLK); + qdev_prop_set_uint32(dev, "irq-line", LEON3_TIMER_IRQ); + qdev_init_nofail(dev); + + sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, LEON3_TIMER_OFFSET); + for (i = 0; i < LEON3_TIMER_COUNT; i++) { + sysbus_connect_irq(SYS_BUS_DEVICE(dev), i, + cpu_irqs[LEON3_TIMER_IRQ + i]); + } + + grlib_apb_pnp_add_entry(apb_pnp, LEON3_TIMER_OFFSET, 0xFFF, + GRLIB_VENDOR_GAISLER, GRLIB_GPTIMER_DEV, + 0, LEON3_TIMER_IRQ, GRLIB_APBIO_AREA); /* Allocate uart */ if (serial_hd(0)) { - grlib_apbuart_create(0x80000100, serial_hd(0), cpu_irqs[3]); + dev = qdev_create(NULL, TYPE_GRLIB_APB_UART); + qdev_prop_set_chr(dev, "chrdev", serial_hd(0)); + qdev_init_nofail(dev); + sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, LEON3_UART_OFFSET); + sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, cpu_irqs[LEON3_UART_IRQ]); + grlib_apb_pnp_add_entry(apb_pnp, LEON3_UART_OFFSET, 0xFFF, + GRLIB_VENDOR_GAISLER, GRLIB_APBUART_DEV, 1, + LEON3_UART_IRQ, GRLIB_APBIO_AREA); } } diff --git a/hw/timer/grlib_gptimer.c b/hw/timer/grlib_gptimer.c index 183eddc073..4b7088fc84 100644 --- a/hw/timer/grlib_gptimer.c +++ b/hw/timer/grlib_gptimer.c @@ -1,7 +1,7 @@ /* * QEMU GRLIB GPTimer Emulator * - * Copyright (c) 2010-2011 AdaCore + * Copyright (c) 2010-2019 AdaCore * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -23,6 +23,7 @@ */ #include "qemu/osdep.h" +#include "hw/sparc/grlib.h" #include "hw/sysbus.h" #include "qemu/timer.h" #include "hw/ptimer.h" @@ -52,7 +53,6 @@ #define COUNTER_RELOAD_OFFSET 0x04 #define TIMER_BASE 0x10 -#define TYPE_GRLIB_GPTIMER "grlib,gptimer" #define GRLIB_GPTIMER(obj) \ OBJECT_CHECK(GPTimerUnit, (obj), TYPE_GRLIB_GPTIMER) diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index 2626a895cb..28056a7ef7 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -2318,6 +2318,11 @@ hwaddr virtio_queue_get_desc_addr(VirtIODevice *vdev, int n) return vdev->vq[n].vring.desc; } +bool virtio_queue_enabled(VirtIODevice *vdev, int n) +{ + return virtio_queue_get_desc_addr(vdev, n) != 0; +} + hwaddr virtio_queue_get_avail_addr(VirtIODevice *vdev, int n) { return vdev->vq[n].vring.avail; diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h index d78041d7a0..7b28a839d2 100644 --- a/include/exec/cpu_ldst.h +++ b/include/exec/cpu_ldst.h @@ -433,50 +433,20 @@ static inline CPUTLBEntry *tlb_entry(CPUArchState *env, uintptr_t mmu_idx, * @mmu_idx: MMU index to use for lookup * * Look up the specified guest virtual index in the TCG softmmu TLB. - * If the TLB contains a host virtual address suitable for direct RAM - * access, then return it. Otherwise (TLB miss, TLB entry is for an - * I/O access, etc) return NULL. - * - * This is the equivalent of the initial fast-path code used by - * TCG backends for guest load and store accesses. + * If we can translate a host virtual address suitable for direct RAM + * access, without causing a guest exception, then return it. + * Otherwise (TLB entry is for an I/O access, guest software + * TLB fill required, etc) return NULL. */ +#ifdef CONFIG_USER_ONLY static inline void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr, - int access_type, int mmu_idx) + MMUAccessType access_type, int mmu_idx) { -#if defined(CONFIG_USER_ONLY) return g2h(addr); -#else - CPUTLBEntry *tlbentry = tlb_entry(env, mmu_idx, addr); - abi_ptr tlb_addr; - uintptr_t haddr; - - switch (access_type) { - case 0: - tlb_addr = tlbentry->addr_read; - break; - case 1: - tlb_addr = tlb_addr_write(tlbentry); - break; - case 2: - tlb_addr = tlbentry->addr_code; - break; - default: - g_assert_not_reached(); - } - - if (!tlb_hit(tlb_addr, addr)) { - /* TLB entry is for a different page */ - return NULL; - } - - if (tlb_addr & ~TARGET_PAGE_MASK) { - /* IO access */ - return NULL; - } - - haddr = addr + tlbentry->addend; - return (void *)haddr; -#endif /* defined(CONFIG_USER_ONLY) */ } +#else +void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr, + MMUAccessType access_type, int mmu_idx); +#endif #endif /* CPU_LDST_H */ diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h index 58e988b3b1..31f0ecc461 100644 --- a/include/exec/exec-all.h +++ b/include/exec/exec-all.h @@ -474,15 +474,6 @@ static inline void assert_no_pages_locked(void) */ struct MemoryRegionSection *iotlb_to_section(CPUState *cpu, hwaddr index, MemTxAttrs attrs); - -/* - * Note: tlb_fill() can trigger a resize of the TLB. This means that all of the - * caller's prior references to the TLB table (e.g. CPUTLBEntry pointers) must - * be discarded and looked up again (e.g. via tlb_entry()). - */ -void tlb_fill(CPUState *cpu, target_ulong addr, int size, - MMUAccessType access_type, int mmu_idx, uintptr_t retaddr); - #endif #if defined(CONFIG_USER_ONLY) diff --git a/include/hw/misc/grlib_ahb_apb_pnp.h b/include/hw/misc/grlib_ahb_apb_pnp.h new file mode 100644 index 0000000000..a0f6dcfda7 --- /dev/null +++ b/include/hw/misc/grlib_ahb_apb_pnp.h @@ -0,0 +1,60 @@ +/* + * GRLIB AHB APB PNP + * + * Copyright (C) 2019 AdaCore + * + * Developed by : + * Frederic Konrad <frederic.konrad@adacore.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see <http://www.gnu.org/licenses/>. + * + */ + +#ifndef GRLIB_AHB_APB_PNP_H +#define GRLIB_AHB_APB_PNP_H + +#define TYPE_GRLIB_AHB_PNP "grlib,ahbpnp" +#define GRLIB_AHB_PNP(obj) \ + OBJECT_CHECK(AHBPnp, (obj), TYPE_GRLIB_AHB_PNP) +typedef struct AHBPnp AHBPnp; + +#define TYPE_GRLIB_APB_PNP "grlib,apbpnp" +#define GRLIB_APB_PNP(obj) \ + OBJECT_CHECK(APBPnp, (obj), TYPE_GRLIB_APB_PNP) +typedef struct APBPnp APBPnp; + +void grlib_ahb_pnp_add_entry(AHBPnp *dev, uint32_t address, uint32_t mask, + uint8_t vendor, uint16_t device, int slave, + int type); +void grlib_apb_pnp_add_entry(APBPnp *dev, uint32_t address, uint32_t mask, + uint8_t vendor, uint16_t device, uint8_t version, + uint8_t irq, int type); + +/* VENDORS */ +#define GRLIB_VENDOR_GAISLER (0x01) +/* DEVICES */ +#define GRLIB_LEON3_DEV (0x03) +#define GRLIB_APBMST_DEV (0x06) +#define GRLIB_APBUART_DEV (0x0C) +#define GRLIB_IRQMP_DEV (0x0D) +#define GRLIB_GPTIMER_DEV (0x11) +/* TYPE */ +#define GRLIB_CPU_AREA (0x00) +#define GRLIB_APBIO_AREA (0x01) +#define GRLIB_AHBMEM_AREA (0x02) + +#define GRLIB_AHB_MASTER (0x00) +#define GRLIB_AHB_SLAVE (0x01) + +#endif /* GRLIB_AHB_APB_PNP_H */ diff --git a/include/hw/sparc/grlib.h b/include/hw/sparc/grlib.h index 61a345c269..5606ff0a97 100644 --- a/include/hw/sparc/grlib.h +++ b/include/hw/sparc/grlib.h @@ -1,7 +1,7 @@ /* * QEMU GRLIB Components * - * Copyright (c) 2010-2011 AdaCore + * Copyright (c) 2010-2019 AdaCore * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -33,6 +33,7 @@ */ /* IRQMP */ +#define TYPE_GRLIB_IRQMP "grlib,irqmp" typedef void (*set_pil_in_fn) (void *opaque, uint32_t pil_in); @@ -40,81 +41,10 @@ void grlib_irqmp_set_irq(void *opaque, int irq, int level); void grlib_irqmp_ack(DeviceState *dev, int intno); -static inline -DeviceState *grlib_irqmp_create(hwaddr base, - CPUSPARCState *env, - qemu_irq **cpu_irqs, - uint32_t nr_irqs, - set_pil_in_fn set_pil_in) -{ - DeviceState *dev; - - assert(cpu_irqs != NULL); - - dev = qdev_create(NULL, "grlib,irqmp"); - qdev_prop_set_ptr(dev, "set_pil_in", set_pil_in); - qdev_prop_set_ptr(dev, "set_pil_in_opaque", env); - - qdev_init_nofail(dev); - - env->irq_manager = dev; - - sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); - - *cpu_irqs = qemu_allocate_irqs(grlib_irqmp_set_irq, - dev, - nr_irqs); - - return dev; -} - /* GPTimer */ - -static inline -DeviceState *grlib_gptimer_create(hwaddr base, - uint32_t nr_timers, - uint32_t freq, - qemu_irq *cpu_irqs, - int base_irq) -{ - DeviceState *dev; - int i; - - dev = qdev_create(NULL, "grlib,gptimer"); - qdev_prop_set_uint32(dev, "nr-timers", nr_timers); - qdev_prop_set_uint32(dev, "frequency", freq); - qdev_prop_set_uint32(dev, "irq-line", base_irq); - - qdev_init_nofail(dev); - - sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); - - for (i = 0; i < nr_timers; i++) { - sysbus_connect_irq(SYS_BUS_DEVICE(dev), i, cpu_irqs[base_irq + i]); - } - - return dev; -} +#define TYPE_GRLIB_GPTIMER "grlib,gptimer" /* APB UART */ - -static inline -DeviceState *grlib_apbuart_create(hwaddr base, - Chardev *serial, - qemu_irq irq) -{ - DeviceState *dev; - - dev = qdev_create(NULL, "grlib,apbuart"); - qdev_prop_set_chr(dev, "chrdev", serial); - - qdev_init_nofail(dev); - - sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, base); - - sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, irq); - - return dev; -} +#define TYPE_GRLIB_APB_UART "grlib,apbuart" #endif /* GRLIB_H */ diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h index ce9516236a..7140381e3a 100644 --- a/include/hw/virtio/virtio.h +++ b/include/hw/virtio/virtio.h @@ -282,6 +282,7 @@ typedef struct VirtIORNGConf VirtIORNGConf; VIRTIO_F_IOMMU_PLATFORM, false) hwaddr virtio_queue_get_desc_addr(VirtIODevice *vdev, int n); +bool virtio_queue_enabled(VirtIODevice *vdev, int n); hwaddr virtio_queue_get_avail_addr(VirtIODevice *vdev, int n); hwaddr virtio_queue_get_used_addr(VirtIODevice *vdev, int n); hwaddr virtio_queue_get_desc_size(VirtIODevice *vdev, int n); diff --git a/include/migration/colo.h b/include/migration/colo.h index 99ce17aca7..f6fbe23ec9 100644 --- a/include/migration/colo.h +++ b/include/migration/colo.h @@ -22,8 +22,6 @@ enum colo_event { COLO_EVENT_FAILOVER, }; -void colo_info_init(void); - void migrate_start_colo_process(MigrationState *s); bool migration_in_colo_state(void); @@ -37,7 +35,7 @@ bool migration_incoming_in_colo_state(void); COLOMode get_colo_mode(void); /* failover */ -void colo_do_failover(MigrationState *s); +void colo_do_failover(void); void colo_checkpoint_notify(void *opaque); #endif diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h index a668ec75b8..9224370ed5 100644 --- a/include/migration/vmstate.h +++ b/include/migration/vmstate.h @@ -1035,6 +1035,20 @@ extern const VMStateInfo vmstate_info_qtailq; #define VMSTATE_BUFFER_UNSAFE(_field, _state, _version, _size) \ VMSTATE_BUFFER_UNSAFE_INFO(_field, _state, _version, vmstate_info_buffer, _size) +/* + * These VMSTATE_UNUSED*() macros can be used to fill in the holes + * when some of the vmstate fields are obsolete to be compatible with + * migrations between new/old binaries. + * + * CAUTION: when using any of the VMSTATE_UNUSED*() macros please be + * sure that the size passed in is the size that was actually *sent* + * rather than the size of the *structure*. One example is the + * boolean type - the size of the structure can vary depending on the + * definition of boolean, however the size we actually sent is always + * 1 byte (please refer to implementation of VMSTATE_BOOL_V and + * vmstate_info_bool). So here we should always pass in size==1 + * rather than size==sizeof(bool). + */ #define VMSTATE_UNUSED_V(_v, _size) \ VMSTATE_UNUSED_BUFFER(NULL, _v, _size) diff --git a/include/qom/cpu.h b/include/qom/cpu.h index 08abcbd3fe..32983f27c3 100644 --- a/include/qom/cpu.h +++ b/include/qom/cpu.h @@ -117,7 +117,12 @@ struct TranslationBlock; * This always includes at least the program counter; some targets * will need to do more. If this hook is not implemented then the * default is to call @set_pc(tb->pc). - * @handle_mmu_fault: Callback for handling an MMU fault. + * @tlb_fill: Callback for handling a softmmu tlb miss or user-only + * address fault. For system mode, if the access is valid, call + * tlb_set_page and return true; if the access is invalid, and + * probe is true, return false; otherwise raise an exception and + * do not return. For user-only mode, always raise an exception + * and do not return. * @get_phys_page_debug: Callback for obtaining a physical address. * @get_phys_page_attrs_debug: Callback for obtaining a physical address and the * associated memory transaction attributes to use for the access. @@ -189,8 +194,9 @@ typedef struct CPUClass { Error **errp); void (*set_pc)(CPUState *cpu, vaddr value); void (*synchronize_from_tb)(CPUState *cpu, struct TranslationBlock *tb); - int (*handle_mmu_fault)(CPUState *cpu, vaddr address, int size, int rw, - int mmu_index); + bool (*tlb_fill)(CPUState *cpu, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); hwaddr (*get_phys_page_debug)(CPUState *cpu, vaddr addr); hwaddr (*get_phys_page_attrs_debug)(CPUState *cpu, vaddr addr, MemTxAttrs *attrs); diff --git a/migration/colo-failover.c b/migration/colo-failover.c index 4854a96c92..e9ca0b4774 100644 --- a/migration/colo-failover.c +++ b/migration/colo-failover.c @@ -39,7 +39,7 @@ static void colo_failover_bh(void *opaque) return; } - colo_do_failover(NULL); + colo_do_failover(); } void failover_request_active(Error **errp) diff --git a/migration/colo.c b/migration/colo.c index 238a6d62c7..8c1644091f 100644 --- a/migration/colo.c +++ b/migration/colo.c @@ -193,7 +193,7 @@ COLOMode get_colo_mode(void) } } -void colo_do_failover(MigrationState *s) +void colo_do_failover(void) { /* Make sure VM stopped while failover happened. */ if (!colo_runstate_is_stopped()) { diff --git a/migration/migration.c b/migration/migration.c index 609e0df5d0..d0a0f68f11 100644 --- a/migration/migration.c +++ b/migration/migration.c @@ -1495,10 +1495,8 @@ static void block_cleanup_parameters(MigrationState *s) } } -static void migrate_fd_cleanup(void *opaque) +static void migrate_fd_cleanup(MigrationState *s) { - MigrationState *s = opaque; - qemu_bh_delete(s->cleanup_bh); s->cleanup_bh = NULL; @@ -1543,6 +1541,23 @@ static void migrate_fd_cleanup(void *opaque) block_cleanup_parameters(s); } +static void migrate_fd_cleanup_schedule(MigrationState *s) +{ + /* + * Ref the state for bh, because it may be called when + * there're already no other refs + */ + object_ref(OBJECT(s)); + qemu_bh_schedule(s->cleanup_bh); +} + +static void migrate_fd_cleanup_bh(void *opaque) +{ + MigrationState *s = opaque; + migrate_fd_cleanup(s); + object_unref(OBJECT(s)); +} + void migrate_set_error(MigrationState *s, const Error *error) { qemu_mutex_lock(&s->error_mutex); @@ -1681,7 +1696,6 @@ void migrate_init(MigrationState *s) * locks. */ s->bytes_xfer = 0; - s->xfer_limit = 0; s->cleanup_bh = 0; s->to_dst_file = NULL; s->state = MIGRATION_STATUS_NONE; @@ -3144,7 +3158,7 @@ static void migration_iteration_finish(MigrationState *s) error_report("%s: Unknown ending state %d", __func__, s->state); break; } - qemu_bh_schedule(s->cleanup_bh); + migrate_fd_cleanup_schedule(s); qemu_mutex_unlock_iothread(); } @@ -3279,7 +3293,7 @@ void migrate_fd_connect(MigrationState *s, Error *error_in) bool resume = s->state == MIGRATION_STATUS_POSTCOPY_PAUSED; s->expected_downtime = s->parameters.downtime_limit; - s->cleanup_bh = qemu_bh_new(migrate_fd_cleanup, s); + s->cleanup_bh = qemu_bh_new(migrate_fd_cleanup_bh, s); if (error_in) { migrate_fd_error(s, error_in); migrate_fd_cleanup(s); diff --git a/migration/migration.h b/migration/migration.h index 438f17edad..780a096857 100644 --- a/migration/migration.h +++ b/migration/migration.h @@ -117,7 +117,6 @@ struct MigrationState /*< public >*/ size_t bytes_xfer; - size_t xfer_limit; QemuThread thread; QEMUBH *cleanup_bh; QEMUFile *to_dst_file; diff --git a/migration/ram.c b/migration/ram.c index 1ca9ba77b6..4c60869226 100644 --- a/migration/ram.c +++ b/migration/ram.c @@ -917,7 +917,7 @@ struct { * - to make easier to know what to free at the end of migration * * This way we always know who is the owner of each "pages" struct, - * and we don't need any loocking. It belongs to the migration thread + * and we don't need any locking. It belongs to the migration thread * or to the channel thread. Switching is safe because the migration * thread is using the channel mutex when changing it, and the channel * have to had finish with its own, otherwise pending_job can't be @@ -1630,9 +1630,7 @@ static int save_xbzrle_page(RAMState *rs, uint8_t **current_data, /** * migration_bitmap_find_dirty: find the next dirty page from start * - * Called with rcu_read_lock() to protect migration_bitmap - * - * Returns the byte offset within memory region of the start of a dirty page + * Returns the page offset within memory region of the start of a dirty page * * @rs: current RAM state * @rb: RAMBlock where to search for dirty pages @@ -1681,10 +1679,10 @@ static inline bool migration_bitmap_clear_dirty(RAMState *rs, } static void migration_bitmap_sync_range(RAMState *rs, RAMBlock *rb, - ram_addr_t start, ram_addr_t length) + ram_addr_t length) { rs->migration_dirty_pages += - cpu_physical_memory_sync_dirty_bitmap(rb, start, length, + cpu_physical_memory_sync_dirty_bitmap(rb, 0, length, &rs->num_dirty_pages_period); } @@ -1773,7 +1771,7 @@ static void migration_bitmap_sync(RAMState *rs) qemu_mutex_lock(&rs->bitmap_mutex); rcu_read_lock(); RAMBLOCK_FOREACH_NOT_IGNORED(block) { - migration_bitmap_sync_range(rs, block, 0, block->used_length); + migration_bitmap_sync_range(rs, block, block->used_length); } ram_counters.remaining = ram_bytes_remaining(); rcu_read_unlock(); @@ -2146,7 +2144,7 @@ retry: * find_dirty_block: find the next dirty page and update any state * associated with the search process. * - * Returns if a page is found + * Returns true if a page is found * * @rs: current RAM state * @pss: data about the state of the current dirty page scan @@ -2242,7 +2240,7 @@ static RAMBlock *unqueue_page(RAMState *rs, ram_addr_t *offset) * * Skips pages that are already sent (!dirty) * - * Returns if a queued page is found + * Returns true if a queued page is found * * @rs: current RAM state * @pss: data about the state of the current dirty page scan @@ -2681,7 +2679,7 @@ static void ram_save_cleanup(void *opaque) RAMBlock *block; /* caller have hold iothread lock or is in a bh, so there is - * no writing race against this migration_bitmap + * no writing race against the migration bitmap */ memory_global_dirty_log_stop(); @@ -3449,7 +3447,7 @@ static int ram_save_iterate(QEMUFile *f, void *opaque) /* we want to check in the 1st loop, just in case it was the 1st time and we had to sync the dirty bitmap. - qemu_get_clock_ns() is a bit expensive, so we only check each some + qemu_clock_get_ns() is a bit expensive, so we only check each some iterations */ if ((i & 63) == 0) { @@ -4196,7 +4194,7 @@ static void colo_flush_ram_cache(void) memory_global_dirty_log_sync(); rcu_read_lock(); RAMBLOCK_FOREACH_NOT_IGNORED(block) { - migration_bitmap_sync_range(ram_state, block, 0, block->used_length); + migration_bitmap_sync_range(ram_state, block, block->used_length); } rcu_read_unlock(); diff --git a/migration/savevm.c b/migration/savevm.c index 34bcad3807..c0e557b4c2 100644 --- a/migration/savevm.c +++ b/migration/savevm.c @@ -1157,15 +1157,13 @@ int qemu_savevm_state_iterate(QEMUFile *f, bool postcopy) if (!se->ops || !se->ops->save_live_iterate) { continue; } - if (se->ops && se->ops->is_active) { - if (!se->ops->is_active(se->opaque)) { - continue; - } + if (se->ops->is_active && + !se->ops->is_active(se->opaque)) { + continue; } - if (se->ops && se->ops->is_active_iterate) { - if (!se->ops->is_active_iterate(se->opaque)) { - continue; - } + if (se->ops->is_active_iterate && + !se->ops->is_active_iterate(se->opaque)) { + continue; } /* * In the postcopy phase, any device that doesn't know how to @@ -1420,10 +1418,6 @@ static int qemu_savevm_state(QEMUFile *f, Error **errp) return -EINVAL; } - if (migration_is_blocked(errp)) { - return -EINVAL; - } - if (migrate_use_block()) { error_setg(errp, "Block migration and snapshots are incompatible"); return -EINVAL; @@ -2268,6 +2262,43 @@ qemu_loadvm_section_part_end(QEMUFile *f, MigrationIncomingState *mis) return 0; } +static int qemu_loadvm_state_header(QEMUFile *f) +{ + unsigned int v; + int ret; + + v = qemu_get_be32(f); + if (v != QEMU_VM_FILE_MAGIC) { + error_report("Not a migration stream"); + return -EINVAL; + } + + v = qemu_get_be32(f); + if (v == QEMU_VM_FILE_VERSION_COMPAT) { + error_report("SaveVM v2 format is obsolete and don't work anymore"); + return -ENOTSUP; + } + if (v != QEMU_VM_FILE_VERSION) { + error_report("Unsupported migration stream version"); + return -ENOTSUP; + } + + if (migrate_get_current()->send_configuration) { + if (qemu_get_byte(f) != QEMU_VM_CONFIGURATION) { + error_report("Configuration section missing"); + qemu_loadvm_state_cleanup(); + return -EINVAL; + } + ret = vmstate_load_state(f, &vmstate_configuration, &savevm_state, 0); + + if (ret) { + qemu_loadvm_state_cleanup(); + return ret; + } + } + return 0; +} + static int qemu_loadvm_state_setup(QEMUFile *f) { SaveStateEntry *se; @@ -2416,7 +2447,6 @@ int qemu_loadvm_state(QEMUFile *f) { MigrationIncomingState *mis = migration_incoming_get_current(); Error *local_err = NULL; - unsigned int v; int ret; if (qemu_savevm_state_blocked(&local_err)) { @@ -2424,40 +2454,15 @@ int qemu_loadvm_state(QEMUFile *f) return -EINVAL; } - v = qemu_get_be32(f); - if (v != QEMU_VM_FILE_MAGIC) { - error_report("Not a migration stream"); - return -EINVAL; - } - - v = qemu_get_be32(f); - if (v == QEMU_VM_FILE_VERSION_COMPAT) { - error_report("SaveVM v2 format is obsolete and don't work anymore"); - return -ENOTSUP; - } - if (v != QEMU_VM_FILE_VERSION) { - error_report("Unsupported migration stream version"); - return -ENOTSUP; + ret = qemu_loadvm_state_header(f); + if (ret) { + return ret; } if (qemu_loadvm_state_setup(f) != 0) { return -EINVAL; } - if (migrate_get_current()->send_configuration) { - if (qemu_get_byte(f) != QEMU_VM_CONFIGURATION) { - error_report("Configuration section missing"); - qemu_loadvm_state_cleanup(); - return -EINVAL; - } - ret = vmstate_load_state(f, &vmstate_configuration, &savevm_state, 0); - - if (ret) { - qemu_loadvm_state_cleanup(); - return ret; - } - } - cpu_synchronize_all_pre_loadvm(); ret = qemu_loadvm_state_main(f, mis); @@ -2544,7 +2549,7 @@ int save_snapshot(const char *name, Error **errp) AioContext *aio_context; if (migration_is_blocked(errp)) { - return false; + return ret; } if (!replay_can_snapshot()) { diff --git a/migration/vmstate.c b/migration/vmstate.c index e2bbb7b5f7..1305d1a528 100644 --- a/migration/vmstate.c +++ b/migration/vmstate.c @@ -496,7 +496,7 @@ static int vmstate_subsection_save(QEMUFile *f, const VMStateDescription *vmsd, void *opaque, QJSON *vmdesc) { const VMStateDescription **sub = vmsd->subsections; - bool subsection_found = false; + bool vmdesc_has_subsections = false; int ret = 0; trace_vmstate_subsection_save_top(vmsd->name); @@ -508,9 +508,9 @@ static int vmstate_subsection_save(QEMUFile *f, const VMStateDescription *vmsd, trace_vmstate_subsection_save_loop(vmsd->name, vmsdsub->name); if (vmdesc) { /* Only create subsection array when we have any */ - if (!subsection_found) { + if (!vmdesc_has_subsections) { json_start_array(vmdesc, "subsections"); - subsection_found = true; + vmdesc_has_subsections = true; } json_start_object(vmdesc, NULL); @@ -533,7 +533,7 @@ static int vmstate_subsection_save(QEMUFile *f, const VMStateDescription *vmsd, sub++; } - if (vmdesc && subsection_found) { + if (vmdesc_has_subsections) { json_end_array(vmdesc); } diff --git a/monitor.c b/monitor.c index bb48997913..6428eb3b7e 100644 --- a/monitor.c +++ b/monitor.c @@ -1685,8 +1685,7 @@ static void hmp_gva2gpa(Monitor *mon, const QDict *qdict) return; } - gpa = cpu_get_phys_page_attrs_debug(mon_get_cpu(), - addr & TARGET_PAGE_MASK, &attrs); + gpa = cpu_get_phys_page_attrs_debug(cs, addr & TARGET_PAGE_MASK, &attrs); if (gpa == -1) { monitor_printf(mon, "Unmapped\n"); } else { diff --git a/net/colo-compare.c b/net/colo-compare.c index bf10526f05..fcb491121b 100644 --- a/net/colo-compare.c +++ b/net/colo-compare.c @@ -813,9 +813,8 @@ static void colo_compare_handle_event(void *opaque) break; } - assert(event_unhandled_count > 0); - qemu_mutex_lock(&event_mtx); + assert(event_unhandled_count > 0); event_unhandled_count--; qemu_cond_broadcast(&event_complete_cond); qemu_mutex_unlock(&event_mtx); diff --git a/net/slirp.c b/net/slirp.c index 95934fb36d..b34cb29276 100644 --- a/net/slirp.c +++ b/net/slirp.c @@ -498,7 +498,8 @@ static int net_slirp_init(NetClientState *peer, const char *model, } if (vprefix6_len < 0 || vprefix6_len > 126) { error_setg(errp, - "Invalid prefix provided (prefix len must be in range 0-126"); + "Invalid IPv6 prefix provided " + "(IPv6 prefix length must be between 0 and 126)"); return -1; } diff --git a/qemu-options.hx b/qemu-options.hx index 51802cbb26..3faa935929 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -4425,13 +4425,15 @@ Dump the network traffic on netdev @var{dev} to the file specified by The file format is libpcap, so it can be analyzed with tools such as tcpdump or Wireshark. -@item -object colo-compare,id=@var{id},primary_in=@var{chardevid},secondary_in=@var{chardevid},outdev=@var{chardevid}[,vnet_hdr_support] +@item -object colo-compare,id=@var{id},primary_in=@var{chardevid},secondary_in=@var{chardevid},outdev=@var{chardevid},iothread=@var{id}[,vnet_hdr_support] Colo-compare gets packet from primary_in@var{chardevid} and secondary_in@var{chardevid}, than compare primary packet with secondary packet. If the packets are same, we will output primary packet to outdev@var{chardevid}, else we will notify colo-frame do checkpoint and send primary packet to outdev@var{chardevid}. -if it has the vnet_hdr_support flag, colo compare will send/recv packet with vnet_hdr_len. +In order to improve efficiency, we need to put the task of comparison +in another thread. If it has the vnet_hdr_support flag, colo compare +will send/recv packet with vnet_hdr_len. we must use it with the help of filter-mirror and filter-redirector. @@ -4446,10 +4448,11 @@ primary: -chardev socket,id=compare0-0,host=3.3.3.3,port=9001 -chardev socket,id=compare_out,host=3.3.3.3,port=9005,server,nowait -chardev socket,id=compare_out0,host=3.3.3.3,port=9005 +-object iothread,id=iothread1 -object filter-mirror,id=m0,netdev=hn0,queue=tx,outdev=mirror0 -object filter-redirector,netdev=hn0,id=redire0,queue=rx,indev=compare_out -object filter-redirector,netdev=hn0,id=redire1,queue=rx,outdev=compare0 --object colo-compare,id=comp0,primary_in=compare0-0,secondary_in=compare1,outdev=compare_out0 +-object colo-compare,id=comp0,primary_in=compare0-0,secondary_in=compare1,outdev=compare_out0,iothread=iothread1 secondary: -netdev tap,id=hn0,vhost=off,script=/etc/qemu-ifup,down script=/etc/qemu-ifdown diff --git a/target/alpha/cpu.c b/target/alpha/cpu.c index ad3588a44a..7c81be4111 100644 --- a/target/alpha/cpu.c +++ b/target/alpha/cpu.c @@ -225,9 +225,8 @@ static void alpha_cpu_class_init(ObjectClass *oc, void *data) cc->set_pc = alpha_cpu_set_pc; cc->gdb_read_register = alpha_cpu_gdb_read_register; cc->gdb_write_register = alpha_cpu_gdb_write_register; -#ifdef CONFIG_USER_ONLY - cc->handle_mmu_fault = alpha_cpu_handle_mmu_fault; -#else + cc->tlb_fill = alpha_cpu_tlb_fill; +#ifndef CONFIG_USER_ONLY cc->do_transaction_failed = alpha_cpu_do_transaction_failed; cc->do_unaligned_access = alpha_cpu_do_unaligned_access; cc->get_phys_page_debug = alpha_cpu_get_phys_page_debug; diff --git a/target/alpha/cpu.h b/target/alpha/cpu.h index 63bf3618ff..cf09112b6a 100644 --- a/target/alpha/cpu.h +++ b/target/alpha/cpu.h @@ -475,8 +475,9 @@ void alpha_cpu_list(void); is returned if the signal was handled by the virtual CPU. */ int cpu_alpha_signal_handler(int host_signum, void *pinfo, void *puc); -int alpha_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int size, int rw, - int mmu_idx); +bool alpha_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); void QEMU_NORETURN dynamic_excp(CPUAlphaState *, uintptr_t, int, int); void QEMU_NORETURN arith_excp(CPUAlphaState *, uintptr_t, int, uint64_t); diff --git a/target/alpha/helper.c b/target/alpha/helper.c index 7201576aae..5fe9c87912 100644 --- a/target/alpha/helper.c +++ b/target/alpha/helper.c @@ -104,14 +104,15 @@ void cpu_alpha_store_gr(CPUAlphaState *env, unsigned reg, uint64_t val) } #if defined(CONFIG_USER_ONLY) -int alpha_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, - int rw, int mmu_idx) +bool alpha_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { AlphaCPU *cpu = ALPHA_CPU(cs); cs->exception_index = EXCP_MMFAULT; cpu->env.trap_arg0 = address; - return 1; + cpu_loop_exit_restore(cs, retaddr); } #else /* Returns the OSF/1 entMM failure indication, or -1 on success. */ @@ -248,26 +249,31 @@ hwaddr alpha_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) return (fail >= 0 ? -1 : phys); } -int alpha_cpu_handle_mmu_fault(CPUState *cs, vaddr addr, int size, int rw, - int mmu_idx) +bool alpha_cpu_tlb_fill(CPUState *cs, vaddr addr, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { AlphaCPU *cpu = ALPHA_CPU(cs); CPUAlphaState *env = &cpu->env; target_ulong phys; int prot, fail; - fail = get_physical_address(env, addr, 1 << rw, mmu_idx, &phys, &prot); + fail = get_physical_address(env, addr, 1 << access_type, + mmu_idx, &phys, &prot); if (unlikely(fail >= 0)) { + if (probe) { + return false; + } cs->exception_index = EXCP_MMFAULT; env->trap_arg0 = addr; env->trap_arg1 = fail; - env->trap_arg2 = (rw == 2 ? -1 : rw); - return 1; + env->trap_arg2 = (access_type == MMU_INST_FETCH ? -1 : access_type); + cpu_loop_exit_restore(cs, retaddr); } tlb_set_page(cs, addr & TARGET_PAGE_MASK, phys & TARGET_PAGE_MASK, prot, mmu_idx, TARGET_PAGE_SIZE); - return 0; + return true; } #endif /* USER_ONLY */ diff --git a/target/alpha/mem_helper.c b/target/alpha/mem_helper.c index 011bc73dca..934faa1d6f 100644 --- a/target/alpha/mem_helper.c +++ b/target/alpha/mem_helper.c @@ -62,20 +62,4 @@ void alpha_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr, env->error_code = 0; cpu_loop_exit_restore(cs, retaddr); } - -/* try to fill the TLB and return an exception if error. If retaddr is - NULL, it means that the function was called in C code (i.e. not - from generated code or from helper.c) */ -/* XXX: fix it to restore all registers */ -void tlb_fill(CPUState *cs, target_ulong addr, int size, - MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) -{ - int ret; - - ret = alpha_cpu_handle_mmu_fault(cs, addr, size, access_type, mmu_idx); - if (unlikely(ret != 0)) { - /* Exception index and error code are already set */ - cpu_loop_exit_restore(cs, retaddr); - } -} #endif /* CONFIG_USER_ONLY */ diff --git a/target/arm/cpu.c b/target/arm/cpu.c index a181fa8dc1..8eee1d8c59 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -2133,23 +2133,6 @@ static Property arm_cpu_properties[] = { DEFINE_PROP_END_OF_LIST() }; -#ifdef CONFIG_USER_ONLY -static int arm_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, - int rw, int mmu_idx) -{ - ARMCPU *cpu = ARM_CPU(cs); - CPUARMState *env = &cpu->env; - - env->exception.vaddress = address; - if (rw == 2) { - cs->exception_index = EXCP_PREFETCH_ABORT; - } else { - cs->exception_index = EXCP_DATA_ABORT; - } - return 1; -} -#endif - static gchar *arm_gdb_arch_name(CPUState *cs) { ARMCPU *cpu = ARM_CPU(cs); @@ -2182,9 +2165,7 @@ static void arm_cpu_class_init(ObjectClass *oc, void *data) cc->synchronize_from_tb = arm_cpu_synchronize_from_tb; cc->gdb_read_register = arm_cpu_gdb_read_register; cc->gdb_write_register = arm_cpu_gdb_write_register; -#ifdef CONFIG_USER_ONLY - cc->handle_mmu_fault = arm_cpu_handle_mmu_fault; -#else +#ifndef CONFIG_USER_ONLY cc->do_interrupt = arm_cpu_do_interrupt; cc->do_unaligned_access = arm_cpu_do_unaligned_access; cc->do_transaction_failed = arm_cpu_do_transaction_failed; @@ -2209,6 +2190,7 @@ static void arm_cpu_class_init(ObjectClass *oc, void *data) cc->disas_set_info = arm_disas_set_info; #ifdef CONFIG_TCG cc->tcg_initialize = arm_translate_init; + cc->tlb_fill = arm_cpu_tlb_fill; #endif } diff --git a/target/arm/helper.c b/target/arm/helper.c index 1e6eb0d0f3..e2d5c8e34f 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -12596,43 +12596,6 @@ static bool get_phys_addr(CPUARMState *env, target_ulong address, } } -/* Walk the page table and (if the mapping exists) add the page - * to the TLB. Return false on success, or true on failure. Populate - * fsr with ARM DFSR/IFSR fault register format value on failure. - */ -bool arm_tlb_fill(CPUState *cs, vaddr address, - MMUAccessType access_type, int mmu_idx, - ARMMMUFaultInfo *fi) -{ - ARMCPU *cpu = ARM_CPU(cs); - CPUARMState *env = &cpu->env; - hwaddr phys_addr; - target_ulong page_size; - int prot; - int ret; - MemTxAttrs attrs = {}; - - ret = get_phys_addr(env, address, access_type, - core_to_arm_mmu_idx(env, mmu_idx), &phys_addr, - &attrs, &prot, &page_size, fi, NULL); - if (!ret) { - /* - * Map a single [sub]page. Regions smaller than our declared - * target page size are handled specially, so for those we - * pass in the exact addresses. - */ - if (page_size >= TARGET_PAGE_SIZE) { - phys_addr &= TARGET_PAGE_MASK; - address &= TARGET_PAGE_MASK; - } - tlb_set_page_with_attrs(cs, address, phys_addr, attrs, - prot, mmu_idx, page_size); - return 0; - } - - return ret; -} - hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr, MemTxAttrs *attrs) { @@ -13111,6 +13074,59 @@ uint32_t HELPER(v7m_tt)(CPUARMState *env, uint32_t addr, uint32_t op) #endif +bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) +{ + ARMCPU *cpu = ARM_CPU(cs); + +#ifdef CONFIG_USER_ONLY + cpu->env.exception.vaddress = address; + if (access_type == MMU_INST_FETCH) { + cs->exception_index = EXCP_PREFETCH_ABORT; + } else { + cs->exception_index = EXCP_DATA_ABORT; + } + cpu_loop_exit_restore(cs, retaddr); +#else + hwaddr phys_addr; + target_ulong page_size; + int prot, ret; + MemTxAttrs attrs = {}; + ARMMMUFaultInfo fi = {}; + + /* + * Walk the page table and (if the mapping exists) add the page + * to the TLB. On success, return true. Otherwise, if probing, + * return false. Otherwise populate fsr with ARM DFSR/IFSR fault + * register format, and signal the fault. + */ + ret = get_phys_addr(&cpu->env, address, access_type, + core_to_arm_mmu_idx(&cpu->env, mmu_idx), + &phys_addr, &attrs, &prot, &page_size, &fi, NULL); + if (likely(!ret)) { + /* + * Map a single [sub]page. Regions smaller than our declared + * target page size are handled specially, so for those we + * pass in the exact addresses. + */ + if (page_size >= TARGET_PAGE_SIZE) { + phys_addr &= TARGET_PAGE_MASK; + address &= TARGET_PAGE_MASK; + } + tlb_set_page_with_attrs(cs, address, phys_addr, attrs, + prot, mmu_idx, page_size); + return true; + } else if (probe) { + return false; + } else { + /* now we have a real cpu fault */ + cpu_restore_state(cs, retaddr, true); + arm_deliver_fault(cpu, address, access_type, mmu_idx, &fi); + } +#endif +} + void HELPER(dc_zva)(CPUARMState *env, uint64_t vaddr_in) { /* Implement DC ZVA, which zeroes a fixed-length block of memory. diff --git a/target/arm/internals.h b/target/arm/internals.h index 587a1ddf58..5a02f458f3 100644 --- a/target/arm/internals.h +++ b/target/arm/internals.h @@ -761,10 +761,12 @@ static inline bool arm_extabort_type(MemTxResult result) return result != MEMTX_DECODE_ERROR; } -/* Do a page table walk and add page to TLB if possible */ -bool arm_tlb_fill(CPUState *cpu, vaddr address, - MMUAccessType access_type, int mmu_idx, - ARMMMUFaultInfo *fi); +bool arm_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); + +void arm_deliver_fault(ARMCPU *cpu, vaddr addr, MMUAccessType access_type, + int mmu_idx, ARMMMUFaultInfo *fi) QEMU_NORETURN; /* Return true if the stage 1 translation regime is using LPAE format page * tables */ diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c index 8698b4dc83..8ee15a4bd4 100644 --- a/target/arm/op_helper.c +++ b/target/arm/op_helper.c @@ -126,8 +126,8 @@ static inline uint32_t merge_syn_data_abort(uint32_t template_syn, return syn; } -static void deliver_fault(ARMCPU *cpu, vaddr addr, MMUAccessType access_type, - int mmu_idx, ARMMMUFaultInfo *fi) +void arm_deliver_fault(ARMCPU *cpu, vaddr addr, MMUAccessType access_type, + int mmu_idx, ARMMMUFaultInfo *fi) { CPUARMState *env = &cpu->env; int target_el; @@ -179,27 +179,6 @@ static void deliver_fault(ARMCPU *cpu, vaddr addr, MMUAccessType access_type, raise_exception(env, exc, syn, target_el); } -/* try to fill the TLB and return an exception if error. If retaddr is - * NULL, it means that the function was called in C code (i.e. not - * from generated code or from helper.c) - */ -void tlb_fill(CPUState *cs, target_ulong addr, int size, - MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) -{ - bool ret; - ARMMMUFaultInfo fi = {}; - - ret = arm_tlb_fill(cs, addr, access_type, mmu_idx, &fi); - if (unlikely(ret)) { - ARMCPU *cpu = ARM_CPU(cs); - - /* now we have a real cpu fault */ - cpu_restore_state(cs, retaddr, true); - - deliver_fault(cpu, addr, access_type, mmu_idx, &fi); - } -} - /* Raise a data fault alignment exception for the specified virtual address */ void arm_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr, MMUAccessType access_type, @@ -212,7 +191,7 @@ void arm_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr, cpu_restore_state(cs, retaddr, true); fi.type = ARMFault_Alignment; - deliver_fault(cpu, vaddr, access_type, mmu_idx, &fi); + arm_deliver_fault(cpu, vaddr, access_type, mmu_idx, &fi); } /* arm_cpu_do_transaction_failed: handle a memory system error response @@ -233,7 +212,7 @@ void arm_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr, fi.ea = arm_extabort_type(response); fi.type = ARMFault_SyncExternal; - deliver_fault(cpu, addr, access_type, mmu_idx, &fi); + arm_deliver_fault(cpu, addr, access_type, mmu_idx, &fi); } #endif /* !defined(CONFIG_USER_ONLY) */ diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c index bc847250dd..fd434c66ea 100644 --- a/target/arm/sve_helper.c +++ b/target/arm/sve_helper.c @@ -4598,11 +4598,7 @@ static void sve_ldnf1_r(CPUARMState *env, void *vg, const target_ulong addr, * in the real world, obviously.) * * Then there are the annoying special cases with watchpoints... - * - * TODO: Add a form of tlb_fill that does not raise an exception, - * with a form of tlb_vaddr_to_host and a set of loads to match. - * The non_fault_vaddr_to_host would handle everything, usually, - * and the loads would handle the iomem path for watchpoints. + * TODO: Add a form of non-faulting loads using cc->tlb_fill(probe=true). */ host = tlb_vaddr_to_host(env, addr + mem_off, MMU_DATA_LOAD, mmu_idx); split = max_for_page(addr, mem_off, mem_max); diff --git a/target/cris/cpu.c b/target/cris/cpu.c index 75729bfdd5..4e5288ae80 100644 --- a/target/cris/cpu.c +++ b/target/cris/cpu.c @@ -269,9 +269,8 @@ static void cris_cpu_class_init(ObjectClass *oc, void *data) cc->set_pc = cris_cpu_set_pc; cc->gdb_read_register = cris_cpu_gdb_read_register; cc->gdb_write_register = cris_cpu_gdb_write_register; -#ifdef CONFIG_USER_ONLY - cc->handle_mmu_fault = cris_cpu_handle_mmu_fault; -#else + cc->tlb_fill = cris_cpu_tlb_fill; +#ifndef CONFIG_USER_ONLY cc->get_phys_page_debug = cris_cpu_get_phys_page_debug; dc->vmsd = &vmstate_cris_cpu; #endif diff --git a/target/cris/cpu.h b/target/cris/cpu.h index 0fbe771639..857de79e24 100644 --- a/target/cris/cpu.h +++ b/target/cris/cpu.h @@ -281,8 +281,9 @@ static inline int cpu_mmu_index (CPUCRISState *env, bool ifetch) return !!(env->pregs[PR_CCS] & U_FLAG); } -int cris_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int size, int rw, - int mmu_idx); +bool cris_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); /* Support function regs. */ #define SFR_RW_GC_CFG 0][0 diff --git a/target/cris/helper.c b/target/cris/helper.c index 3939603c73..b5159b8357 100644 --- a/target/cris/helper.c +++ b/target/cris/helper.c @@ -24,6 +24,7 @@ #include "qemu/host-utils.h" #include "exec/exec-all.h" #include "exec/cpu_ldst.h" +#include "exec/helper-proto.h" //#define CRIS_HELPER_DEBUG @@ -53,15 +54,15 @@ void crisv10_cpu_do_interrupt(CPUState *cs) cris_cpu_do_interrupt(cs); } -int cris_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, - int mmu_idx) +bool cris_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { CRISCPU *cpu = CRIS_CPU(cs); cs->exception_index = 0xaa; cpu->env.pregs[PR_EDA] = address; - cpu_dump_state(cs, stderr, 0); - return 1; + cpu_loop_exit_restore(cs, retaddr); } #else /* !CONFIG_USER_ONLY */ @@ -76,33 +77,19 @@ static void cris_shift_ccs(CPUCRISState *env) env->pregs[PR_CCS] = ccs; } -int cris_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, - int mmu_idx) +bool cris_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { CRISCPU *cpu = CRIS_CPU(cs); CPUCRISState *env = &cpu->env; struct cris_mmu_result res; int prot, miss; - int r = -1; target_ulong phy; - qemu_log_mask(CPU_LOG_MMU, "%s addr=%" VADDR_PRIx " pc=%x rw=%x\n", - __func__, address, env->pc, rw); miss = cris_mmu_translate(&res, env, address & TARGET_PAGE_MASK, - rw, mmu_idx, 0); - if (miss) { - if (cs->exception_index == EXCP_BUSFAULT) { - cpu_abort(cs, - "CRIS: Illegal recursive bus fault." - "addr=%" VADDR_PRIx " rw=%d\n", - address, rw); - } - - env->pregs[PR_EDA] = address; - cs->exception_index = EXCP_BUSFAULT; - env->fault_vector = res.bf_vec; - r = 1; - } else { + access_type, mmu_idx, 0); + if (likely(!miss)) { /* * Mask off the cache selection bit. The ETRAX busses do not * see the top bit. @@ -111,15 +98,29 @@ int cris_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, prot = res.prot; tlb_set_page(cs, address & TARGET_PAGE_MASK, phy, prot, mmu_idx, TARGET_PAGE_SIZE); - r = 0; + return true; + } + + if (probe) { + return false; } - if (r > 0) { - qemu_log_mask(CPU_LOG_MMU, - "%s returns %d irqreq=%x addr=%" VADDR_PRIx " phy=%x vec=%x" - " pc=%x\n", __func__, r, cs->interrupt_request, address, - res.phy, res.bf_vec, env->pc); + + if (cs->exception_index == EXCP_BUSFAULT) { + cpu_abort(cs, "CRIS: Illegal recursive bus fault." + "addr=%" VADDR_PRIx " access_type=%d\n", + address, access_type); + } + + env->pregs[PR_EDA] = address; + cs->exception_index = EXCP_BUSFAULT; + env->fault_vector = res.bf_vec; + if (retaddr) { + if (cpu_restore_state(cs, retaddr, true)) { + /* Evaluate flags after retranslation. */ + helper_top_evaluate_flags(env); + } } - return r; + cpu_loop_exit(cs); } void crisv10_cpu_do_interrupt(CPUState *cs) diff --git a/target/cris/op_helper.c b/target/cris/op_helper.c index 0ee3a3117b..26a395b413 100644 --- a/target/cris/op_helper.c +++ b/target/cris/op_helper.c @@ -37,34 +37,6 @@ #define D_LOG(...) do { } while (0) #endif -#if !defined(CONFIG_USER_ONLY) -/* Try to fill the TLB and return an exception if error. If retaddr is - NULL, it means that the function was called in C code (i.e. not - from generated code or from helper.c) */ -void tlb_fill(CPUState *cs, target_ulong addr, int size, - MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) -{ - CRISCPU *cpu = CRIS_CPU(cs); - CPUCRISState *env = &cpu->env; - int ret; - - D_LOG("%s pc=%x tpc=%x ra=%p\n", __func__, - env->pc, env->pregs[PR_EDA], (void *)retaddr); - ret = cris_cpu_handle_mmu_fault(cs, addr, size, access_type, mmu_idx); - if (unlikely(ret)) { - if (retaddr) { - /* now we have a real cpu fault */ - if (cpu_restore_state(cs, retaddr, true)) { - /* Evaluate flags after retranslation. */ - helper_top_evaluate_flags(env); - } - } - cpu_loop_exit(cs); - } -} - -#endif - void helper_raise_exception(CPUCRISState *env, uint32_t index) { CPUState *cs = CPU(cris_env_get_cpu(env)); diff --git a/target/hppa/cpu.c b/target/hppa/cpu.c index e64f48581e..9717ea1798 100644 --- a/target/hppa/cpu.c +++ b/target/hppa/cpu.c @@ -163,9 +163,8 @@ static void hppa_cpu_class_init(ObjectClass *oc, void *data) cc->synchronize_from_tb = hppa_cpu_synchronize_from_tb; cc->gdb_read_register = hppa_cpu_gdb_read_register; cc->gdb_write_register = hppa_cpu_gdb_write_register; -#ifdef CONFIG_USER_ONLY - cc->handle_mmu_fault = hppa_cpu_handle_mmu_fault; -#else + cc->tlb_fill = hppa_cpu_tlb_fill; +#ifndef CONFIG_USER_ONLY cc->get_phys_page_debug = hppa_cpu_get_phys_page_debug; dc->vmsd = &vmstate_hppa_cpu; #endif diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h index 923346adb6..c1e0215e66 100644 --- a/target/hppa/cpu.h +++ b/target/hppa/cpu.h @@ -360,10 +360,10 @@ int hppa_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg); void hppa_cpu_do_interrupt(CPUState *cpu); bool hppa_cpu_exec_interrupt(CPUState *cpu, int int_req); void hppa_cpu_dump_state(CPUState *cs, FILE *f, int); -#ifdef CONFIG_USER_ONLY -int hppa_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int size, - int rw, int midx); -#else +bool hppa_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); +#ifndef CONFIG_USER_ONLY int hppa_get_physical_address(CPUHPPAState *env, vaddr addr, int mmu_idx, int type, hwaddr *pphys, int *pprot); extern const MemoryRegionOps hppa_io_eir_ops; diff --git a/target/hppa/mem_helper.c b/target/hppa/mem_helper.c index 77fb544838..0fd3ac6645 100644 --- a/target/hppa/mem_helper.c +++ b/target/hppa/mem_helper.c @@ -25,8 +25,9 @@ #include "trace.h" #ifdef CONFIG_USER_ONLY -int hppa_cpu_handle_mmu_fault(CPUState *cs, vaddr address, - int size, int rw, int mmu_idx) +bool hppa_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { HPPACPU *cpu = HPPA_CPU(cs); @@ -34,7 +35,7 @@ int hppa_cpu_handle_mmu_fault(CPUState *cs, vaddr address, which would affect si_code. */ cs->exception_index = EXCP_DMP; cpu->env.cr[CR_IOR] = address; - return 1; + cpu_loop_exit_restore(cs, retaddr); } #else static hppa_tlb_entry *hppa_find_tlb(CPUHPPAState *env, vaddr addr) @@ -213,8 +214,9 @@ hwaddr hppa_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) return excp == EXCP_DTLB_MISS ? -1 : phys; } -void tlb_fill(CPUState *cs, target_ulong addr, int size, - MMUAccessType type, int mmu_idx, uintptr_t retaddr) +bool hppa_cpu_tlb_fill(CPUState *cs, vaddr addr, int size, + MMUAccessType type, int mmu_idx, + bool probe, uintptr_t retaddr) { HPPACPU *cpu = HPPA_CPU(cs); CPUHPPAState *env = &cpu->env; @@ -236,6 +238,9 @@ void tlb_fill(CPUState *cs, target_ulong addr, int size, excp = hppa_get_physical_address(env, addr, mmu_idx, a_prot, &phys, &prot); if (unlikely(excp >= 0)) { + if (probe) { + return false; + } trace_hppa_tlb_fill_excp(env, addr, size, type, mmu_idx); /* Failure. Raise the indicated exception. */ cs->exception_index = excp; @@ -252,6 +257,7 @@ void tlb_fill(CPUState *cs, target_ulong addr, int size, /* Success! Store the translation into the QEMU TLB. */ tlb_set_page(cs, addr & TARGET_PAGE_MASK, phys & TARGET_PAGE_MASK, prot, mmu_idx, TARGET_PAGE_SIZE); + return true; } /* Insert (Insn/Data) TLB Address. Note this is PA 1.1 only. */ diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 722c5514d4..2df56fa977 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -5915,9 +5915,7 @@ static void x86_cpu_common_class_init(ObjectClass *oc, void *data) cc->gdb_write_register = x86_cpu_gdb_write_register; cc->get_arch_id = x86_cpu_get_arch_id; cc->get_paging_enabled = x86_cpu_get_paging_enabled; -#ifdef CONFIG_USER_ONLY - cc->handle_mmu_fault = x86_cpu_handle_mmu_fault; -#else +#ifndef CONFIG_USER_ONLY cc->asidx_from_attrs = x86_asidx_from_attrs; cc->get_memory_mapping = x86_cpu_get_memory_mapping; cc->get_phys_page_debug = x86_cpu_get_phys_page_debug; @@ -5942,6 +5940,7 @@ static void x86_cpu_common_class_init(ObjectClass *oc, void *data) cc->cpu_exec_exit = x86_cpu_exec_exit; #ifdef CONFIG_TCG cc->tcg_initialize = tcg_x86_init; + cc->tlb_fill = x86_cpu_tlb_fill; #endif cc->disas_set_info = x86_disas_set_info; diff --git a/target/i386/cpu.h b/target/i386/cpu.h index 0128910661..fce6660bac 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -1656,8 +1656,9 @@ void host_cpuid(uint32_t function, uint32_t count, void host_vendor_fms(char *vendor, int *family, int *model, int *stepping); /* helper.c */ -int x86_cpu_handle_mmu_fault(CPUState *cpu, vaddr addr, int size, - int is_write, int mmu_idx); +bool x86_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); void x86_cpu_set_a20(X86CPU *cpu, int a20_state); #ifndef CONFIG_USER_ONLY diff --git a/target/i386/excp_helper.c b/target/i386/excp_helper.c index 49231f6b69..fa1ead6404 100644 --- a/target/i386/excp_helper.c +++ b/target/i386/excp_helper.c @@ -137,26 +137,7 @@ void raise_exception_ra(CPUX86State *env, int exception_index, uintptr_t retaddr raise_interrupt2(env, exception_index, 0, 0, 0, retaddr); } -#if defined(CONFIG_USER_ONLY) -int x86_cpu_handle_mmu_fault(CPUState *cs, vaddr addr, int size, - int is_write, int mmu_idx) -{ - X86CPU *cpu = X86_CPU(cs); - CPUX86State *env = &cpu->env; - - /* user mode only emulation */ - is_write &= 1; - env->cr[2] = addr; - env->error_code = (is_write << PG_ERROR_W_BIT); - env->error_code |= PG_ERROR_U_MASK; - cs->exception_index = EXCP0E_PAGE; - env->exception_is_int = 0; - env->exception_next_eip = -1; - return 1; -} - -#else - +#if !defined(CONFIG_USER_ONLY) static hwaddr get_hphys(CPUState *cs, hwaddr gphys, MMUAccessType access_type, int *prot) { @@ -365,8 +346,8 @@ static hwaddr get_hphys(CPUState *cs, hwaddr gphys, MMUAccessType access_type, * 0 = nothing more to do * 1 = generate PF fault */ -int x86_cpu_handle_mmu_fault(CPUState *cs, vaddr addr, int size, - int is_write1, int mmu_idx) +static int handle_mmu_fault(CPUState *cs, vaddr addr, int size, + int is_write1, int mmu_idx) { X86CPU *cpu = X86_CPU(cs); CPUX86State *env = &cpu->env; @@ -691,3 +672,31 @@ do_check_protect_pse36: return 1; } #endif + +bool x86_cpu_tlb_fill(CPUState *cs, vaddr addr, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) +{ + X86CPU *cpu = X86_CPU(cs); + CPUX86State *env = &cpu->env; + +#ifdef CONFIG_USER_ONLY + /* user mode only emulation */ + env->cr[2] = addr; + env->error_code = (access_type == MMU_DATA_STORE) << PG_ERROR_W_BIT; + env->error_code |= PG_ERROR_U_MASK; + cs->exception_index = EXCP0E_PAGE; + env->exception_is_int = 0; + env->exception_next_eip = -1; + cpu_loop_exit_restore(cs, retaddr); +#else + env->retaddr = retaddr; + if (handle_mmu_fault(cs, addr, size, access_type, mmu_idx)) { + /* FIXME: On error in get_hphys we have already jumped out. */ + g_assert(!probe); + raise_exception_err_ra(env, cs->exception_index, + env->error_code, retaddr); + } + return true; +#endif +} diff --git a/target/i386/mem_helper.c b/target/i386/mem_helper.c index 6cc53bcb40..1885df29d2 100644 --- a/target/i386/mem_helper.c +++ b/target/i386/mem_helper.c @@ -191,24 +191,3 @@ void helper_boundl(CPUX86State *env, target_ulong a0, int v) raise_exception_ra(env, EXCP05_BOUND, GETPC()); } } - -#if !defined(CONFIG_USER_ONLY) -/* try to fill the TLB and return an exception if error. If retaddr is - * NULL, it means that the function was called in C code (i.e. not - * from generated code or from helper.c) - */ -/* XXX: fix it to restore all registers */ -void tlb_fill(CPUState *cs, target_ulong addr, int size, - MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) -{ - X86CPU *cpu = X86_CPU(cs); - CPUX86State *env = &cpu->env; - int ret; - - env->retaddr = retaddr; - ret = x86_cpu_handle_mmu_fault(cs, addr, size, access_type, mmu_idx); - if (ret) { - raise_exception_err_ra(env, cs->exception_index, env->error_code, retaddr); - } -} -#endif diff --git a/target/lm32/cpu.c b/target/lm32/cpu.c index 282da19994..57c50c1578 100644 --- a/target/lm32/cpu.c +++ b/target/lm32/cpu.c @@ -231,9 +231,8 @@ static void lm32_cpu_class_init(ObjectClass *oc, void *data) cc->set_pc = lm32_cpu_set_pc; cc->gdb_read_register = lm32_cpu_gdb_read_register; cc->gdb_write_register = lm32_cpu_gdb_write_register; -#ifdef CONFIG_USER_ONLY - cc->handle_mmu_fault = lm32_cpu_handle_mmu_fault; -#else + cc->tlb_fill = lm32_cpu_tlb_fill; +#ifndef CONFIG_USER_ONLY cc->get_phys_page_debug = lm32_cpu_get_phys_page_debug; cc->vmsd = &vmstate_lm32_cpu; #endif diff --git a/target/lm32/cpu.h b/target/lm32/cpu.h index 9b1e6c2d58..d224d4426e 100644 --- a/target/lm32/cpu.h +++ b/target/lm32/cpu.h @@ -261,8 +261,9 @@ bool lm32_cpu_do_semihosting(CPUState *cs); #define cpu_list lm32_cpu_list #define cpu_signal_handler cpu_lm32_signal_handler -int lm32_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int size, int rw, - int mmu_idx); +bool lm32_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); #include "exec/cpu-all.h" diff --git a/target/lm32/helper.c b/target/lm32/helper.c index a039a993ff..20ea17ba23 100644 --- a/target/lm32/helper.c +++ b/target/lm32/helper.c @@ -25,8 +25,9 @@ #include "exec/semihost.h" #include "exec/log.h" -int lm32_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, - int mmu_idx) +bool lm32_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { LM32CPU *cpu = LM32_CPU(cs); CPULM32State *env = &cpu->env; @@ -40,8 +41,7 @@ int lm32_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, } else { tlb_set_page(cs, address, address, prot, mmu_idx, TARGET_PAGE_SIZE); } - - return 0; + return true; } hwaddr lm32_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) diff --git a/target/lm32/op_helper.c b/target/lm32/op_helper.c index 234d55e056..be12b11b02 100644 --- a/target/lm32/op_helper.c +++ b/target/lm32/op_helper.c @@ -143,21 +143,5 @@ uint32_t HELPER(rcsr_jrx)(CPULM32State *env) { return lm32_juart_get_jrx(env->juart_state); } - -/* Try to fill the TLB and return an exception if error. If retaddr is - * NULL, it means that the function was called in C code (i.e. not - * from generated code or from helper.c) - */ -void tlb_fill(CPUState *cs, target_ulong addr, int size, - MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) -{ - int ret; - - ret = lm32_cpu_handle_mmu_fault(cs, addr, size, access_type, mmu_idx); - if (unlikely(ret)) { - /* now we have a real cpu fault */ - cpu_loop_exit_restore(cs, retaddr); - } -} #endif diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c index 582e3a73b3..b16957934a 100644 --- a/target/m68k/cpu.c +++ b/target/m68k/cpu.c @@ -269,9 +269,9 @@ static void m68k_cpu_class_init(ObjectClass *c, void *data) cc->set_pc = m68k_cpu_set_pc; cc->gdb_read_register = m68k_cpu_gdb_read_register; cc->gdb_write_register = m68k_cpu_gdb_write_register; - cc->handle_mmu_fault = m68k_cpu_handle_mmu_fault; + cc->tlb_fill = m68k_cpu_tlb_fill; #if defined(CONFIG_SOFTMMU) - cc->do_unassigned_access = m68k_cpu_unassigned_access; + cc->do_transaction_failed = m68k_cpu_transaction_failed; cc->get_phys_page_debug = m68k_cpu_get_phys_page_debug; #endif cc->disas_set_info = m68k_cpu_disas_set_info; diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h index ad41608341..9deff9e234 100644 --- a/target/m68k/cpu.h +++ b/target/m68k/cpu.h @@ -542,11 +542,13 @@ static inline int cpu_mmu_index (CPUM68KState *env, bool ifetch) return (env->sr & SR_S) == 0 ? 1 : 0; } -int m68k_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int size, int rw, - int mmu_idx); -void m68k_cpu_unassigned_access(CPUState *cs, hwaddr addr, - bool is_write, bool is_exec, int is_asi, - unsigned size); +bool m68k_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); +void m68k_cpu_transaction_failed(CPUState *cs, hwaddr physaddr, vaddr addr, + unsigned size, MMUAccessType access_type, + int mmu_idx, MemTxAttrs attrs, + MemTxResult response, uintptr_t retaddr); #include "exec/cpu-all.h" diff --git a/target/m68k/helper.c b/target/m68k/helper.c index d958a34959..6db93bdd81 100644 --- a/target/m68k/helper.c +++ b/target/m68k/helper.c @@ -353,20 +353,7 @@ void m68k_switch_sp(CPUM68KState *env) env->current_sp = new_sp; } -#if defined(CONFIG_USER_ONLY) - -int m68k_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, - int mmu_idx) -{ - M68kCPU *cpu = M68K_CPU(cs); - - cs->exception_index = EXCP_ACCESS; - cpu->env.mmu.ar = address; - return 1; -} - -#else - +#if !defined(CONFIG_USER_ONLY) /* MMU: 68040 only */ static void print_address_zone(uint32_t logical, uint32_t physical, @@ -403,6 +390,7 @@ static void dump_address_map(CPUM68KState *env, uint32_t root_pointer) int last_attr = -1, attr = -1; M68kCPU *cpu = m68k_env_get_cpu(env); CPUState *cs = CPU(cpu); + MemTxResult txres; if (env->mmu.tcr & M68K_TCR_PAGE_8K) { /* 8k page */ @@ -416,22 +404,29 @@ static void dump_address_map(CPUM68KState *env, uint32_t root_pointer) tib_mask = M68K_4K_PAGE_MASK; } for (i = 0; i < M68K_ROOT_POINTER_ENTRIES; i++) { - tia = ldl_phys(cs->as, M68K_POINTER_BASE(root_pointer) + i * 4); - if (!M68K_UDT_VALID(tia)) { + tia = address_space_ldl(cs->as, M68K_POINTER_BASE(root_pointer) + i * 4, + MEMTXATTRS_UNSPECIFIED, &txres); + if (txres != MEMTX_OK || !M68K_UDT_VALID(tia)) { continue; } for (j = 0; j < M68K_ROOT_POINTER_ENTRIES; j++) { - tib = ldl_phys(cs->as, M68K_POINTER_BASE(tia) + j * 4); - if (!M68K_UDT_VALID(tib)) { + tib = address_space_ldl(cs->as, M68K_POINTER_BASE(tia) + j * 4, + MEMTXATTRS_UNSPECIFIED, &txres); + if (txres != MEMTX_OK || !M68K_UDT_VALID(tib)) { continue; } for (k = 0; k < tic_size; k++) { - tic = ldl_phys(cs->as, (tib & tib_mask) + k * 4); - if (!M68K_PDT_VALID(tic)) { + tic = address_space_ldl(cs->as, (tib & tib_mask) + k * 4, + MEMTXATTRS_UNSPECIFIED, &txres); + if (txres != MEMTX_OK || !M68K_PDT_VALID(tic)) { continue; } if (M68K_PDT_INDIRECT(tic)) { - tic = ldl_phys(cs->as, M68K_INDIRECT_POINTER(tic)); + tic = address_space_ldl(cs->as, M68K_INDIRECT_POINTER(tic), + MEMTXATTRS_UNSPECIFIED, &txres); + if (txres != MEMTX_OK) { + continue; + } } last_logical = logical; @@ -643,6 +638,7 @@ static int get_physical_address(CPUM68KState *env, hwaddr *physical, bool debug = access_type & ACCESS_DEBUG; int page_bits; int i; + MemTxResult txres; /* Transparent Translation (physical = logical) */ for (i = 0; i < M68K_MAX_TTR; i++) { @@ -672,12 +668,19 @@ static int get_physical_address(CPUM68KState *env, hwaddr *physical, /* Root Index */ entry = M68K_POINTER_BASE(next) | M68K_ROOT_INDEX(address); - next = ldl_phys(cs->as, entry); + next = address_space_ldl(cs->as, entry, MEMTXATTRS_UNSPECIFIED, &txres); + if (txres != MEMTX_OK) { + goto txfail; + } if (!M68K_UDT_VALID(next)) { return -1; } if (!(next & M68K_DESC_USED) && !debug) { - stl_phys(cs->as, entry, next | M68K_DESC_USED); + address_space_stl(cs->as, entry, next | M68K_DESC_USED, + MEMTXATTRS_UNSPECIFIED, &txres); + if (txres != MEMTX_OK) { + goto txfail; + } } if (next & M68K_DESC_WRITEPROT) { if (access_type & ACCESS_PTEST) { @@ -692,12 +695,19 @@ static int get_physical_address(CPUM68KState *env, hwaddr *physical, /* Pointer Index */ entry = M68K_POINTER_BASE(next) | M68K_POINTER_INDEX(address); - next = ldl_phys(cs->as, entry); + next = address_space_ldl(cs->as, entry, MEMTXATTRS_UNSPECIFIED, &txres); + if (txres != MEMTX_OK) { + goto txfail; + } if (!M68K_UDT_VALID(next)) { return -1; } if (!(next & M68K_DESC_USED) && !debug) { - stl_phys(cs->as, entry, next | M68K_DESC_USED); + address_space_stl(cs->as, entry, next | M68K_DESC_USED, + MEMTXATTRS_UNSPECIFIED, &txres); + if (txres != MEMTX_OK) { + goto txfail; + } } if (next & M68K_DESC_WRITEPROT) { if (access_type & ACCESS_PTEST) { @@ -716,27 +726,46 @@ static int get_physical_address(CPUM68KState *env, hwaddr *physical, entry = M68K_4K_PAGE_BASE(next) | M68K_4K_PAGE_INDEX(address); } - next = ldl_phys(cs->as, entry); + next = address_space_ldl(cs->as, entry, MEMTXATTRS_UNSPECIFIED, &txres); + if (txres != MEMTX_OK) { + goto txfail; + } if (!M68K_PDT_VALID(next)) { return -1; } if (M68K_PDT_INDIRECT(next)) { - next = ldl_phys(cs->as, M68K_INDIRECT_POINTER(next)); + next = address_space_ldl(cs->as, M68K_INDIRECT_POINTER(next), + MEMTXATTRS_UNSPECIFIED, &txres); + if (txres != MEMTX_OK) { + goto txfail; + } } if (access_type & ACCESS_STORE) { if (next & M68K_DESC_WRITEPROT) { if (!(next & M68K_DESC_USED) && !debug) { - stl_phys(cs->as, entry, next | M68K_DESC_USED); + address_space_stl(cs->as, entry, next | M68K_DESC_USED, + MEMTXATTRS_UNSPECIFIED, &txres); + if (txres != MEMTX_OK) { + goto txfail; + } } } else if ((next & (M68K_DESC_MODIFIED | M68K_DESC_USED)) != (M68K_DESC_MODIFIED | M68K_DESC_USED) && !debug) { - stl_phys(cs->as, entry, - next | (M68K_DESC_MODIFIED | M68K_DESC_USED)); + address_space_stl(cs->as, entry, + next | (M68K_DESC_MODIFIED | M68K_DESC_USED), + MEMTXATTRS_UNSPECIFIED, &txres); + if (txres != MEMTX_OK) { + goto txfail; + } } } else { if (!(next & M68K_DESC_USED) && !debug) { - stl_phys(cs->as, entry, next | M68K_DESC_USED); + address_space_stl(cs->as, entry, next | M68K_DESC_USED, + MEMTXATTRS_UNSPECIFIED, &txres); + if (txres != MEMTX_OK) { + goto txfail; + } } } @@ -768,6 +797,14 @@ static int get_physical_address(CPUM68KState *env, hwaddr *physical, } return 0; + +txfail: + /* + * A page table load/store failed. TODO: we should really raise a + * suitable guest fault here if this is not a debug access. + * For now just return that the translation failed. + */ + return -1; } hwaddr m68k_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) @@ -795,11 +832,36 @@ hwaddr m68k_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) return phys_addr; } -int m68k_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, - int mmu_idx) +/* + * Notify CPU of a pending interrupt. Prioritization and vectoring should + * be handled by the interrupt controller. Real hardware only requests + * the vector when the interrupt is acknowledged by the CPU. For + * simplicity we calculate it when the interrupt is signalled. + */ +void m68k_set_irq_level(M68kCPU *cpu, int level, uint8_t vector) +{ + CPUState *cs = CPU(cpu); + CPUM68KState *env = &cpu->env; + + env->pending_level = level; + env->pending_vector = vector; + if (level) { + cpu_interrupt(cs, CPU_INTERRUPT_HARD); + } else { + cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD); + } +} + +#endif + +bool m68k_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType qemu_access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { M68kCPU *cpu = M68K_CPU(cs); CPUM68KState *env = &cpu->env; + +#ifndef CONFIG_USER_ONLY hwaddr physical; int prot; int access_type; @@ -812,32 +874,35 @@ int m68k_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, address & TARGET_PAGE_MASK, PAGE_READ | PAGE_WRITE | PAGE_EXEC, mmu_idx, TARGET_PAGE_SIZE); - return 0; + return true; } - if (rw == 2) { + if (qemu_access_type == MMU_INST_FETCH) { access_type = ACCESS_CODE; - rw = 0; } else { access_type = ACCESS_DATA; - if (rw) { + if (qemu_access_type == MMU_DATA_STORE) { access_type |= ACCESS_STORE; } } - if (mmu_idx != MMU_USER_IDX) { access_type |= ACCESS_SUPER; } ret = get_physical_address(&cpu->env, &physical, &prot, address, access_type, &page_size); - if (ret == 0) { + if (likely(ret == 0)) { address &= TARGET_PAGE_MASK; physical += address & (page_size - 1); tlb_set_page(cs, address, physical, prot, mmu_idx, TARGET_PAGE_SIZE); - return 0; + return true; } + + if (probe) { + return false; + } + /* page fault */ env->mmu.ssw = M68K_ATC_040; switch (size) { @@ -862,31 +927,13 @@ int m68k_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, if (!(access_type & ACCESS_STORE)) { env->mmu.ssw |= M68K_RW_040; } - env->mmu.ar = address; - cs->exception_index = EXCP_ACCESS; - return 1; -} - -/* Notify CPU of a pending interrupt. Prioritization and vectoring should - be handled by the interrupt controller. Real hardware only requests - the vector when the interrupt is acknowledged by the CPU. For - simplicitly we calculate it when the interrupt is signalled. */ -void m68k_set_irq_level(M68kCPU *cpu, int level, uint8_t vector) -{ - CPUState *cs = CPU(cpu); - CPUM68KState *env = &cpu->env; +#endif - env->pending_level = level; - env->pending_vector = vector; - if (level) { - cpu_interrupt(cs, CPU_INTERRUPT_HARD); - } else { - cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD); - } + cs->exception_index = EXCP_ACCESS; + env->mmu.ar = address; + cpu_loop_exit_restore(cs, retaddr); } -#endif - uint32_t HELPER(bitrev)(uint32_t x) { x = ((x >> 1) & 0x55555555u) | ((x << 1) & 0xaaaaaaaau); diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c index 76f439985a..1ecc772b5c 100644 --- a/target/m68k/op_helper.c +++ b/target/m68k/op_helper.c @@ -36,21 +36,6 @@ static inline void do_interrupt_m68k_hardirq(CPUM68KState *env) #else -/* Try to fill the TLB and return an exception if error. If retaddr is - NULL, it means that the function was called in C code (i.e. not - from generated code or from helper.c) */ -void tlb_fill(CPUState *cs, target_ulong addr, int size, - MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) -{ - int ret; - - ret = m68k_cpu_handle_mmu_fault(cs, addr, size, access_type, mmu_idx); - if (unlikely(ret)) { - /* now we have a real cpu fault */ - cpu_loop_exit_restore(cs, retaddr); - } -} - static void cf_rte(CPUM68KState *env) { uint32_t sp; @@ -454,19 +439,15 @@ static inline void do_interrupt_m68k_hardirq(CPUM68KState *env) do_interrupt_all(env, 1); } -void m68k_cpu_unassigned_access(CPUState *cs, hwaddr addr, bool is_write, - bool is_exec, int is_asi, unsigned size) +void m68k_cpu_transaction_failed(CPUState *cs, hwaddr physaddr, vaddr addr, + unsigned size, MMUAccessType access_type, + int mmu_idx, MemTxAttrs attrs, + MemTxResult response, uintptr_t retaddr) { M68kCPU *cpu = M68K_CPU(cs); CPUM68KState *env = &cpu->env; -#ifdef DEBUG_UNASSIGNED - qemu_log_mask(CPU_LOG_INT, "Unassigned " TARGET_FMT_plx " wr=%d exe=%d\n", - addr, is_write, is_exec); -#endif - if (env == NULL) { - /* when called from gdb, env is NULL */ - return; - } + + cpu_restore_state(cs, retaddr, true); if (m68k_feature(env, M68K_FEATURE_M68040)) { env->mmu.mmusr = 0; @@ -476,7 +457,7 @@ void m68k_cpu_unassigned_access(CPUState *cs, hwaddr addr, bool is_write, if (env->sr & SR_S) { /* SUPERVISOR */ env->mmu.ssw |= M68K_TM_040_SUPER; } - if (is_exec) { /* instruction or data */ + if (access_type == MMU_INST_FETCH) { /* instruction or data */ env->mmu.ssw |= M68K_TM_040_CODE; } else { env->mmu.ssw |= M68K_TM_040_DATA; @@ -494,7 +475,7 @@ void m68k_cpu_unassigned_access(CPUState *cs, hwaddr addr, bool is_write, break; } - if (!is_write) { + if (access_type != MMU_DATA_STORE) { env->mmu.ssw |= M68K_RW_040; } diff --git a/target/m68k/translate.c b/target/m68k/translate.c index 58596278c2..f0534a4ba0 100644 --- a/target/m68k/translate.c +++ b/target/m68k/translate.c @@ -2227,6 +2227,7 @@ static TCGv gen_get_sr(DisasContext *s) sr = tcg_temp_new(); tcg_gen_andi_i32(sr, QREG_SR, 0xffe0); tcg_gen_or_i32(sr, sr, ccr); + tcg_temp_free(ccr); return sr; } @@ -3020,7 +3021,6 @@ DISAS_INSN(branch) int32_t offset; uint32_t base; int op; - TCGLabel *l1; base = s->pc; op = (insn >> 8) & 0xf; @@ -3036,7 +3036,7 @@ DISAS_INSN(branch) } if (op > 1) { /* Bcc */ - l1 = gen_new_label(); + TCGLabel *l1 = gen_new_label(); gen_jmpcc(s, ((insn >> 8) & 0xf) ^ 1, l1); gen_jmp_tb(s, 1, base + offset); gen_set_label(l1); @@ -3693,6 +3693,7 @@ static TCGv rotate_x(TCGv reg, TCGv shift, int left, int size) tcg_gen_sub_i32(shl, shl, shift); /* shl = size + 1 - shift */ tcg_gen_sub_i32(shx, sz, shift); /* shx = size - shift */ } + tcg_temp_free_i32(sz); /* reg = (reg << shl) | (reg >> shr) | (x << shx); */ @@ -3708,9 +3709,7 @@ static TCGv rotate_x(TCGv reg, TCGv shift, int left, int size) /* X = (reg >> size) & 1 */ X = tcg_temp_new(); - tcg_gen_shr_i32(X, reg, sz); - tcg_gen_andi_i32(X, X, 1); - tcg_temp_free(sz); + tcg_gen_extract_i32(X, reg, size, 1); return X; } diff --git a/target/microblaze/cpu.c b/target/microblaze/cpu.c index 5596cd5485..0ea549910b 100644 --- a/target/microblaze/cpu.c +++ b/target/microblaze/cpu.c @@ -304,9 +304,8 @@ static void mb_cpu_class_init(ObjectClass *oc, void *data) cc->set_pc = mb_cpu_set_pc; cc->gdb_read_register = mb_cpu_gdb_read_register; cc->gdb_write_register = mb_cpu_gdb_write_register; -#ifdef CONFIG_USER_ONLY - cc->handle_mmu_fault = mb_cpu_handle_mmu_fault; -#else + cc->tlb_fill = mb_cpu_tlb_fill; +#ifndef CONFIG_USER_ONLY cc->do_transaction_failed = mb_cpu_transaction_failed; cc->get_phys_page_debug = mb_cpu_get_phys_page_debug; #endif diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h index f20e796865..7a9fb8f4aa 100644 --- a/target/microblaze/cpu.h +++ b/target/microblaze/cpu.h @@ -374,8 +374,9 @@ static inline int cpu_mmu_index (CPUMBState *env, bool ifetch) return MMU_KERNEL_IDX; } -int mb_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int size, int rw, - int mmu_idx); +bool mb_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); #include "exec/cpu-all.h" diff --git a/target/microblaze/helper.c b/target/microblaze/helper.c index 9848e31d7f..ab2ceeb055 100644 --- a/target/microblaze/helper.c +++ b/target/microblaze/helper.c @@ -38,73 +38,74 @@ void mb_cpu_do_interrupt(CPUState *cs) env->regs[14] = env->sregs[SR_PC]; } -int mb_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, - int mmu_idx) +bool mb_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { cs->exception_index = 0xaa; - cpu_dump_state(cs, stderr, 0); - return 1; + cpu_loop_exit_restore(cs, retaddr); } #else /* !CONFIG_USER_ONLY */ -int mb_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, - int mmu_idx) +bool mb_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { MicroBlazeCPU *cpu = MICROBLAZE_CPU(cs); CPUMBState *env = &cpu->env; + struct microblaze_mmu_lookup lu; unsigned int hit; - int r = 1; int prot; - /* Translate if the MMU is available and enabled. */ - if (mmu_idx != MMU_NOMMU_IDX) { - uint32_t vaddr, paddr; - struct microblaze_mmu_lookup lu; - - hit = mmu_translate(&env->mmu, &lu, address, rw, mmu_idx); - if (hit) { - vaddr = address & TARGET_PAGE_MASK; - paddr = lu.paddr + vaddr - lu.vaddr; - - qemu_log_mask(CPU_LOG_MMU, "MMU map mmu=%d v=%x p=%x prot=%x\n", - mmu_idx, vaddr, paddr, lu.prot); - tlb_set_page(cs, vaddr, paddr, lu.prot, mmu_idx, TARGET_PAGE_SIZE); - r = 0; - } else { - env->sregs[SR_EAR] = address; - qemu_log_mask(CPU_LOG_MMU, "mmu=%d miss v=%" VADDR_PRIx "\n", - mmu_idx, address); - - switch (lu.err) { - case ERR_PROT: - env->sregs[SR_ESR] = rw == 2 ? 17 : 16; - env->sregs[SR_ESR] |= (rw == 1) << 10; - break; - case ERR_MISS: - env->sregs[SR_ESR] = rw == 2 ? 19 : 18; - env->sregs[SR_ESR] |= (rw == 1) << 10; - break; - default: - abort(); - break; - } - - if (cs->exception_index == EXCP_MMU) { - cpu_abort(cs, "recursive faults\n"); - } - - /* TLB miss. */ - cs->exception_index = EXCP_MMU; - } - } else { + if (mmu_idx == MMU_NOMMU_IDX) { /* MMU disabled or not available. */ address &= TARGET_PAGE_MASK; prot = PAGE_BITS; tlb_set_page(cs, address, address, prot, mmu_idx, TARGET_PAGE_SIZE); - r = 0; + return true; } - return r; + + hit = mmu_translate(&env->mmu, &lu, address, access_type, mmu_idx); + if (likely(hit)) { + uint32_t vaddr = address & TARGET_PAGE_MASK; + uint32_t paddr = lu.paddr + vaddr - lu.vaddr; + + qemu_log_mask(CPU_LOG_MMU, "MMU map mmu=%d v=%x p=%x prot=%x\n", + mmu_idx, vaddr, paddr, lu.prot); + tlb_set_page(cs, vaddr, paddr, lu.prot, mmu_idx, TARGET_PAGE_SIZE); + return true; + } + + /* TLB miss. */ + if (probe) { + return false; + } + + qemu_log_mask(CPU_LOG_MMU, "mmu=%d miss v=%" VADDR_PRIx "\n", + mmu_idx, address); + + env->sregs[SR_EAR] = address; + switch (lu.err) { + case ERR_PROT: + env->sregs[SR_ESR] = access_type == MMU_INST_FETCH ? 17 : 16; + env->sregs[SR_ESR] |= (access_type == MMU_DATA_STORE) << 10; + break; + case ERR_MISS: + env->sregs[SR_ESR] = access_type == MMU_INST_FETCH ? 19 : 18; + env->sregs[SR_ESR] |= (access_type == MMU_DATA_STORE) << 10; + break; + default: + abort(); + } + + if (cs->exception_index == EXCP_MMU) { + cpu_abort(cs, "recursive faults\n"); + } + + /* TLB miss. */ + cs->exception_index = EXCP_MMU; + cpu_loop_exit_restore(cs, retaddr); } void mb_cpu_do_interrupt(CPUState *cs) diff --git a/target/microblaze/op_helper.c b/target/microblaze/op_helper.c index e23dcfdc20..b5dbb90d05 100644 --- a/target/microblaze/op_helper.c +++ b/target/microblaze/op_helper.c @@ -28,25 +28,6 @@ #define D(x) -#if !defined(CONFIG_USER_ONLY) - -/* Try to fill the TLB and return an exception if error. If retaddr is - * NULL, it means that the function was called in C code (i.e. not - * from generated code or from helper.c) - */ -void tlb_fill(CPUState *cs, target_ulong addr, int size, - MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) -{ - int ret; - - ret = mb_cpu_handle_mmu_fault(cs, addr, size, access_type, mmu_idx); - if (unlikely(ret)) { - /* now we have a real cpu fault */ - cpu_loop_exit_restore(cs, retaddr); - } -} -#endif - void helper_put(uint32_t id, uint32_t ctrl, uint32_t data) { int test = ctrl & STREAM_TEST; diff --git a/target/mips/cpu.c b/target/mips/cpu.c index e217fb3e36..a33058609a 100644 --- a/target/mips/cpu.c +++ b/target/mips/cpu.c @@ -197,9 +197,7 @@ static void mips_cpu_class_init(ObjectClass *c, void *data) cc->synchronize_from_tb = mips_cpu_synchronize_from_tb; cc->gdb_read_register = mips_cpu_gdb_read_register; cc->gdb_write_register = mips_cpu_gdb_write_register; -#ifdef CONFIG_USER_ONLY - cc->handle_mmu_fault = mips_cpu_handle_mmu_fault; -#else +#ifndef CONFIG_USER_ONLY cc->do_unassigned_access = mips_cpu_unassigned_access; cc->do_unaligned_access = mips_cpu_do_unaligned_access; cc->get_phys_page_debug = mips_cpu_get_phys_page_debug; @@ -208,6 +206,7 @@ static void mips_cpu_class_init(ObjectClass *c, void *data) cc->disas_set_info = mips_cpu_disas_set_info; #ifdef CONFIG_TCG cc->tcg_initialize = mips_tcg_init; + cc->tlb_fill = mips_cpu_tlb_fill; #endif cc->gdb_num_core_regs = 73; diff --git a/target/mips/helper.c b/target/mips/helper.c index c44cdca3b5..9799f2ede1 100644 --- a/target/mips/helper.c +++ b/target/mips/helper.c @@ -874,31 +874,25 @@ refill: #endif #endif -int mips_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, - int mmu_idx) +bool mips_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { MIPSCPU *cpu = MIPS_CPU(cs); CPUMIPSState *env = &cpu->env; #if !defined(CONFIG_USER_ONLY) hwaddr physical; int prot; - int access_type; + int mips_access_type; #endif - int ret = 0; - -#if 0 - log_cpu_state(cs, 0); -#endif - qemu_log_mask(CPU_LOG_MMU, - "%s pc " TARGET_FMT_lx " ad %" VADDR_PRIx " rw %d mmu_idx %d\n", - __func__, env->active_tc.PC, address, rw, mmu_idx); + int ret = TLBRET_BADADDR; /* data access */ #if !defined(CONFIG_USER_ONLY) /* XXX: put correct access by using cpu_restore_state() correctly */ - access_type = ACCESS_INT; - ret = get_physical_address(env, &physical, &prot, - address, rw, access_type, mmu_idx); + mips_access_type = ACCESS_INT; + ret = get_physical_address(env, &physical, &prot, address, + access_type, mips_access_type, mmu_idx); switch (ret) { case TLBRET_MATCH: qemu_log_mask(CPU_LOG_MMU, @@ -915,44 +909,41 @@ int mips_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, tlb_set_page(cs, address & TARGET_PAGE_MASK, physical & TARGET_PAGE_MASK, prot | PAGE_EXEC, mmu_idx, TARGET_PAGE_SIZE); - ret = 0; - } else if (ret < 0) -#endif - { -#if !defined(CONFIG_USER_ONLY) + return true; + } #if !defined(TARGET_MIPS64) - if ((ret == TLBRET_NOMATCH) && (env->tlb->nb_tlb > 1)) { - /* - * Memory reads during hardware page table walking are performed - * as if they were kernel-mode load instructions. - */ - int mode = (env->hflags & MIPS_HFLAG_KSU); - bool ret_walker; - env->hflags &= ~MIPS_HFLAG_KSU; - ret_walker = page_table_walk_refill(env, address, rw, mmu_idx); - env->hflags |= mode; - if (ret_walker) { - ret = get_physical_address(env, &physical, &prot, - address, rw, access_type, mmu_idx); - if (ret == TLBRET_MATCH) { - tlb_set_page(cs, address & TARGET_PAGE_MASK, - physical & TARGET_PAGE_MASK, prot | PAGE_EXEC, - mmu_idx, TARGET_PAGE_SIZE); - ret = 0; - return ret; - } + if ((ret == TLBRET_NOMATCH) && (env->tlb->nb_tlb > 1)) { + /* + * Memory reads during hardware page table walking are performed + * as if they were kernel-mode load instructions. + */ + int mode = (env->hflags & MIPS_HFLAG_KSU); + bool ret_walker; + env->hflags &= ~MIPS_HFLAG_KSU; + ret_walker = page_table_walk_refill(env, address, access_type, mmu_idx); + env->hflags |= mode; + if (ret_walker) { + ret = get_physical_address(env, &physical, &prot, address, + access_type, mips_access_type, mmu_idx); + if (ret == TLBRET_MATCH) { + tlb_set_page(cs, address & TARGET_PAGE_MASK, + physical & TARGET_PAGE_MASK, prot | PAGE_EXEC, + mmu_idx, TARGET_PAGE_SIZE); + return true; } } + } #endif -#endif - raise_mmu_exception(env, address, rw, ret); - ret = 1; + if (probe) { + return false; } +#endif - return ret; + raise_mmu_exception(env, address, access_type, ret); + do_raise_exception_err(env, cs->exception_index, env->error_code, retaddr); } -#if !defined(CONFIG_USER_ONLY) +#ifndef CONFIG_USER_ONLY hwaddr cpu_mips_translate_address(CPUMIPSState *env, target_ulong address, int rw) { hwaddr physical; diff --git a/target/mips/internal.h b/target/mips/internal.h index 286e3888ab..b2b41a51ab 100644 --- a/target/mips/internal.h +++ b/target/mips/internal.h @@ -202,8 +202,9 @@ void cpu_mips_start_count(CPUMIPSState *env); void cpu_mips_stop_count(CPUMIPSState *env); /* helper.c */ -int mips_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int size, int rw, - int mmu_idx); +bool mips_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); /* op_helper.c */ uint32_t float_class_s(uint32_t arg, float_status *fst); diff --git a/target/mips/op_helper.c b/target/mips/op_helper.c index 0f272a5b93..6d86912958 100644 --- a/target/mips/op_helper.c +++ b/target/mips/op_helper.c @@ -2669,21 +2669,6 @@ void mips_cpu_do_unaligned_access(CPUState *cs, vaddr addr, do_raise_exception_err(env, excp, error_code, retaddr); } -void tlb_fill(CPUState *cs, target_ulong addr, int size, - MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) -{ - int ret; - - ret = mips_cpu_handle_mmu_fault(cs, addr, size, access_type, mmu_idx); - if (ret) { - MIPSCPU *cpu = MIPS_CPU(cs); - CPUMIPSState *env = &cpu->env; - - do_raise_exception_err(env, cs->exception_index, - env->error_code, retaddr); - } -} - void mips_cpu_unassigned_access(CPUState *cs, hwaddr addr, bool is_write, bool is_exec, int unused, unsigned size) diff --git a/target/moxie/cpu.c b/target/moxie/cpu.c index 46434e65ba..02b2b47574 100644 --- a/target/moxie/cpu.c +++ b/target/moxie/cpu.c @@ -112,9 +112,8 @@ static void moxie_cpu_class_init(ObjectClass *oc, void *data) cc->do_interrupt = moxie_cpu_do_interrupt; cc->dump_state = moxie_cpu_dump_state; cc->set_pc = moxie_cpu_set_pc; -#ifdef CONFIG_USER_ONLY - cc->handle_mmu_fault = moxie_cpu_handle_mmu_fault; -#else + cc->tlb_fill = moxie_cpu_tlb_fill; +#ifndef CONFIG_USER_ONLY cc->get_phys_page_debug = moxie_cpu_get_phys_page_debug; cc->vmsd = &vmstate_moxie_cpu; #endif diff --git a/target/moxie/cpu.h b/target/moxie/cpu.h index f3b6d83ae7..a63a96bc05 100644 --- a/target/moxie/cpu.h +++ b/target/moxie/cpu.h @@ -139,7 +139,8 @@ static inline void cpu_get_tb_cpu_state(CPUMoxieState *env, target_ulong *pc, *flags = 0; } -int moxie_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int size, - int rw, int mmu_idx); +bool moxie_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); #endif /* MOXIE_CPU_H */ diff --git a/target/moxie/helper.c b/target/moxie/helper.c index 287a45232c..f5c1d4181c 100644 --- a/target/moxie/helper.c +++ b/target/moxie/helper.c @@ -26,20 +26,6 @@ #include "qemu/host-utils.h" #include "exec/helper-proto.h" -/* Try to fill the TLB and return an exception if error. If retaddr is - NULL, it means that the function was called in C code (i.e. not - from generated code or from helper.c) */ -void tlb_fill(CPUState *cs, target_ulong addr, int size, - MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) -{ - int ret; - - ret = moxie_cpu_handle_mmu_fault(cs, addr, size, access_type, mmu_idx); - if (unlikely(ret)) { - cpu_loop_exit_restore(cs, retaddr); - } -} - void helper_raise_exception(CPUMoxieState *env, int ex) { CPUState *cs = CPU(moxie_env_get_cpu(env)); @@ -85,53 +71,29 @@ void helper_debug(CPUMoxieState *env) cpu_loop_exit(cs); } -#if defined(CONFIG_USER_ONLY) - -void moxie_cpu_do_interrupt(CPUState *cs) -{ - CPUState *cs = CPU(moxie_env_get_cpu(env)); - - cs->exception_index = -1; -} - -int moxie_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, - int rw, int mmu_idx) -{ - MoxieCPU *cpu = MOXIE_CPU(cs); - - cs->exception_index = 0xaa; - cpu->env.debug1 = address; - cpu_dump_state(cs, stderr, 0); - return 1; -} - -#else /* !CONFIG_USER_ONLY */ - -int moxie_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, - int rw, int mmu_idx) +bool moxie_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { MoxieCPU *cpu = MOXIE_CPU(cs); CPUMoxieState *env = &cpu->env; MoxieMMUResult res; int prot, miss; - target_ulong phy; - int r = 1; address &= TARGET_PAGE_MASK; prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; - miss = moxie_mmu_translate(&res, env, address, rw, mmu_idx); - if (miss) { - /* handle the miss. */ - phy = 0; - cs->exception_index = MOXIE_EX_MMU_MISS; - } else { - phy = res.phy; - r = 0; + miss = moxie_mmu_translate(&res, env, address, access_type, mmu_idx); + if (likely(!miss)) { + tlb_set_page(cs, address, res.phy, prot, mmu_idx, TARGET_PAGE_SIZE); + return true; + } + if (probe) { + return false; } - tlb_set_page(cs, address, phy, prot, mmu_idx, TARGET_PAGE_SIZE); - return r; -} + cs->exception_index = MOXIE_EX_MMU_MISS; + cpu_loop_exit_restore(cs, retaddr); +} void moxie_cpu_do_interrupt(CPUState *cs) { @@ -156,4 +118,3 @@ hwaddr moxie_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) } return phy; } -#endif diff --git a/target/nios2/cpu.c b/target/nios2/cpu.c index fbfaa2ce26..186af4913d 100644 --- a/target/nios2/cpu.c +++ b/target/nios2/cpu.c @@ -200,9 +200,8 @@ static void nios2_cpu_class_init(ObjectClass *oc, void *data) cc->dump_state = nios2_cpu_dump_state; cc->set_pc = nios2_cpu_set_pc; cc->disas_set_info = nios2_cpu_disas_set_info; -#ifdef CONFIG_USER_ONLY - cc->handle_mmu_fault = nios2_cpu_handle_mmu_fault; -#else + cc->tlb_fill = nios2_cpu_tlb_fill; +#ifndef CONFIG_USER_ONLY cc->do_unaligned_access = nios2_cpu_do_unaligned_access; cc->get_phys_page_debug = nios2_cpu_get_phys_page_debug; #endif diff --git a/target/nios2/cpu.h b/target/nios2/cpu.h index adc90722c6..35d3886dc2 100644 --- a/target/nios2/cpu.h +++ b/target/nios2/cpu.h @@ -253,8 +253,9 @@ static inline int cpu_mmu_index(CPUNios2State *env, bool ifetch) MMU_SUPERVISOR_IDX; } -int nios2_cpu_handle_mmu_fault(CPUState *env, vaddr address, int size, - int rw, int mmu_idx); +bool nios2_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); static inline int cpu_interrupts_enabled(CPUNios2State *env) { diff --git a/target/nios2/helper.c b/target/nios2/helper.c index e01fc1ff3e..ffb83fc104 100644 --- a/target/nios2/helper.c +++ b/target/nios2/helper.c @@ -38,15 +38,12 @@ void nios2_cpu_do_interrupt(CPUState *cs) env->regs[R_EA] = env->regs[R_PC] + 4; } -int nios2_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, - int rw, int mmu_idx) +bool nios2_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { cs->exception_index = 0xaa; - /* Page 0x1000 is kuser helper */ - if (address < 0x1000 || address >= 0x2000) { - cpu_dump_state(cs, stderr, 0); - } - return 1; + cpu_loop_exit_restore(cs, retaddr); } #else /* !CONFIG_USER_ONLY */ @@ -203,89 +200,6 @@ void nios2_cpu_do_interrupt(CPUState *cs) } } -static int cpu_nios2_handle_virtual_page( - CPUState *cs, target_ulong address, int rw, int mmu_idx) -{ - Nios2CPU *cpu = NIOS2_CPU(cs); - CPUNios2State *env = &cpu->env; - target_ulong vaddr, paddr; - Nios2MMULookup lu; - unsigned int hit; - hit = mmu_translate(env, &lu, address, rw, mmu_idx); - if (hit) { - vaddr = address & TARGET_PAGE_MASK; - paddr = lu.paddr + vaddr - lu.vaddr; - - if (((rw == 0) && (lu.prot & PAGE_READ)) || - ((rw == 1) && (lu.prot & PAGE_WRITE)) || - ((rw == 2) && (lu.prot & PAGE_EXEC))) { - - tlb_set_page(cs, vaddr, paddr, lu.prot, - mmu_idx, TARGET_PAGE_SIZE); - return 0; - } else { - /* Permission violation */ - cs->exception_index = (rw == 0) ? EXCP_TLBR : - ((rw == 1) ? EXCP_TLBW : - EXCP_TLBX); - } - } else { - cs->exception_index = EXCP_TLBD; - } - - if (rw == 2) { - env->regs[CR_TLBMISC] &= ~CR_TLBMISC_D; - } else { - env->regs[CR_TLBMISC] |= CR_TLBMISC_D; - } - env->regs[CR_PTEADDR] &= CR_PTEADDR_PTBASE_MASK; - env->regs[CR_PTEADDR] |= (address >> 10) & CR_PTEADDR_VPN_MASK; - env->mmu.pteaddr_wr = env->regs[CR_PTEADDR]; - env->regs[CR_BADADDR] = address; - return 1; -} - -int nios2_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, - int rw, int mmu_idx) -{ - Nios2CPU *cpu = NIOS2_CPU(cs); - CPUNios2State *env = &cpu->env; - - if (cpu->mmu_present) { - if (MMU_SUPERVISOR_IDX == mmu_idx) { - if (address >= 0xC0000000) { - /* Kernel physical page - TLB bypassed */ - address &= TARGET_PAGE_MASK; - tlb_set_page(cs, address, address, PAGE_BITS, - mmu_idx, TARGET_PAGE_SIZE); - } else if (address >= 0x80000000) { - /* Kernel virtual page */ - return cpu_nios2_handle_virtual_page(cs, address, rw, mmu_idx); - } else { - /* User virtual page */ - return cpu_nios2_handle_virtual_page(cs, address, rw, mmu_idx); - } - } else { - if (address >= 0x80000000) { - /* Illegal access from user mode */ - cs->exception_index = EXCP_SUPERA; - env->regs[CR_BADADDR] = address; - return 1; - } else { - /* User virtual page */ - return cpu_nios2_handle_virtual_page(cs, address, rw, mmu_idx); - } - } - } else { - /* No MMU */ - address &= TARGET_PAGE_MASK; - tlb_set_page(cs, address, address, PAGE_BITS, - mmu_idx, TARGET_PAGE_SIZE); - } - - return 0; -} - hwaddr nios2_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) { Nios2CPU *cpu = NIOS2_CPU(cs); @@ -321,4 +235,80 @@ void nios2_cpu_do_unaligned_access(CPUState *cs, vaddr addr, env->regs[CR_EXCEPTION] = EXCP_UNALIGN << 2; helper_raise_exception(env, EXCP_UNALIGN); } + +bool nios2_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) +{ + Nios2CPU *cpu = NIOS2_CPU(cs); + CPUNios2State *env = &cpu->env; + unsigned int excp = EXCP_TLBD; + target_ulong vaddr, paddr; + Nios2MMULookup lu; + unsigned int hit; + + if (!cpu->mmu_present) { + /* No MMU */ + address &= TARGET_PAGE_MASK; + tlb_set_page(cs, address, address, PAGE_BITS, + mmu_idx, TARGET_PAGE_SIZE); + return true; + } + + if (MMU_SUPERVISOR_IDX == mmu_idx) { + if (address >= 0xC0000000) { + /* Kernel physical page - TLB bypassed */ + address &= TARGET_PAGE_MASK; + tlb_set_page(cs, address, address, PAGE_BITS, + mmu_idx, TARGET_PAGE_SIZE); + return true; + } + } else { + if (address >= 0x80000000) { + /* Illegal access from user mode */ + if (probe) { + return false; + } + cs->exception_index = EXCP_SUPERA; + env->regs[CR_BADADDR] = address; + cpu_loop_exit_restore(cs, retaddr); + } + } + + /* Virtual page. */ + hit = mmu_translate(env, &lu, address, access_type, mmu_idx); + if (hit) { + vaddr = address & TARGET_PAGE_MASK; + paddr = lu.paddr + vaddr - lu.vaddr; + + if (((access_type == MMU_DATA_LOAD) && (lu.prot & PAGE_READ)) || + ((access_type == MMU_DATA_STORE) && (lu.prot & PAGE_WRITE)) || + ((access_type == MMU_INST_FETCH) && (lu.prot & PAGE_EXEC))) { + tlb_set_page(cs, vaddr, paddr, lu.prot, + mmu_idx, TARGET_PAGE_SIZE); + return true; + } + + /* Permission violation */ + excp = (access_type == MMU_DATA_LOAD ? EXCP_TLBR : + access_type == MMU_DATA_STORE ? EXCP_TLBW : EXCP_TLBX); + } + + if (probe) { + return false; + } + + if (access_type == MMU_INST_FETCH) { + env->regs[CR_TLBMISC] &= ~CR_TLBMISC_D; + } else { + env->regs[CR_TLBMISC] |= CR_TLBMISC_D; + } + env->regs[CR_PTEADDR] &= CR_PTEADDR_PTBASE_MASK; + env->regs[CR_PTEADDR] |= (address >> 10) & CR_PTEADDR_VPN_MASK; + env->mmu.pteaddr_wr = env->regs[CR_PTEADDR]; + + cs->exception_index = excp; + env->regs[CR_BADADDR] = address; + cpu_loop_exit_restore(cs, retaddr); +} #endif /* !CONFIG_USER_ONLY */ diff --git a/target/nios2/mmu.c b/target/nios2/mmu.c index 5acf442d8b..47fa474efb 100644 --- a/target/nios2/mmu.c +++ b/target/nios2/mmu.c @@ -36,18 +36,6 @@ #define MMU_LOG(x) #endif -void tlb_fill(CPUState *cs, target_ulong addr, int size, - MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) -{ - int ret; - - ret = nios2_cpu_handle_mmu_fault(cs, addr, size, access_type, mmu_idx); - if (unlikely(ret)) { - /* now we have a real cpu fault */ - cpu_loop_exit_restore(cs, retaddr); - } -} - void mmu_read_debug(CPUNios2State *env, uint32_t rn) { switch (rn) { diff --git a/target/openrisc/cpu.c b/target/openrisc/cpu.c index d125236977..3816baee70 100644 --- a/target/openrisc/cpu.c +++ b/target/openrisc/cpu.c @@ -149,9 +149,8 @@ static void openrisc_cpu_class_init(ObjectClass *oc, void *data) cc->set_pc = openrisc_cpu_set_pc; cc->gdb_read_register = openrisc_cpu_gdb_read_register; cc->gdb_write_register = openrisc_cpu_gdb_write_register; -#ifdef CONFIG_USER_ONLY - cc->handle_mmu_fault = openrisc_cpu_handle_mmu_fault; -#else + cc->tlb_fill = openrisc_cpu_tlb_fill; +#ifndef CONFIG_USER_ONLY cc->get_phys_page_debug = openrisc_cpu_get_phys_page_debug; dc->vmsd = &vmstate_openrisc_cpu; #endif diff --git a/target/openrisc/cpu.h b/target/openrisc/cpu.h index 88a8c70092..9473d94d0c 100644 --- a/target/openrisc/cpu.h +++ b/target/openrisc/cpu.h @@ -344,8 +344,9 @@ hwaddr openrisc_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr); int openrisc_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg); int openrisc_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg); void openrisc_translate_init(void); -int openrisc_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int size, - int rw, int mmu_idx); +bool openrisc_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); int cpu_openrisc_signal_handler(int host_signum, void *pinfo, void *puc); int print_insn_or1k(bfd_vma addr, disassemble_info *info); diff --git a/target/openrisc/mmu.c b/target/openrisc/mmu.c index 5dec68dcff..a73b12af03 100644 --- a/target/openrisc/mmu.c +++ b/target/openrisc/mmu.c @@ -107,16 +107,42 @@ static void raise_mmu_exception(OpenRISCCPU *cpu, target_ulong address, cpu->env.lock_addr = -1; } -int openrisc_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, - int rw, int mmu_idx) +bool openrisc_cpu_tlb_fill(CPUState *cs, vaddr addr, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { -#ifdef CONFIG_USER_ONLY OpenRISCCPU *cpu = OPENRISC_CPU(cs); - raise_mmu_exception(cpu, address, EXCP_DPF); - return 1; -#else - g_assert_not_reached(); + int excp = EXCP_DPF; + +#ifndef CONFIG_USER_ONLY + int prot; + hwaddr phys_addr; + + if (mmu_idx == MMU_NOMMU_IDX) { + /* The mmu is disabled; lookups never fail. */ + get_phys_nommu(&phys_addr, &prot, addr); + excp = 0; + } else { + bool super = mmu_idx == MMU_SUPERVISOR_IDX; + int need = (access_type == MMU_INST_FETCH ? PAGE_EXEC + : access_type == MMU_DATA_STORE ? PAGE_WRITE + : PAGE_READ); + excp = get_phys_mmu(cpu, &phys_addr, &prot, addr, need, super); + } + + if (likely(excp == 0)) { + tlb_set_page(cs, addr & TARGET_PAGE_MASK, + phys_addr & TARGET_PAGE_MASK, prot, + mmu_idx, TARGET_PAGE_SIZE); + return true; + } + if (probe) { + return false; + } #endif + + raise_mmu_exception(cpu, addr, excp); + cpu_loop_exit_restore(cs, retaddr); } #ifndef CONFIG_USER_ONLY @@ -152,33 +178,4 @@ hwaddr openrisc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) return phys_addr; } } - -void tlb_fill(CPUState *cs, target_ulong addr, int size, - MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) -{ - OpenRISCCPU *cpu = OPENRISC_CPU(cs); - int prot, excp; - hwaddr phys_addr; - - if (mmu_idx == MMU_NOMMU_IDX) { - /* The mmu is disabled; lookups never fail. */ - get_phys_nommu(&phys_addr, &prot, addr); - excp = 0; - } else { - bool super = mmu_idx == MMU_SUPERVISOR_IDX; - int need = (access_type == MMU_INST_FETCH ? PAGE_EXEC - : access_type == MMU_DATA_STORE ? PAGE_WRITE - : PAGE_READ); - excp = get_phys_mmu(cpu, &phys_addr, &prot, addr, need, super); - } - - if (unlikely(excp)) { - raise_mmu_exception(cpu, addr, excp); - cpu_loop_exit_restore(cs, retaddr); - } - - tlb_set_page(cs, addr & TARGET_PAGE_MASK, - phys_addr & TARGET_PAGE_MASK, prot, - mmu_idx, TARGET_PAGE_SIZE); -} #endif diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h index 5e7cf54b2f..d7f23ad5e0 100644 --- a/target/ppc/cpu.h +++ b/target/ppc/cpu.h @@ -1311,10 +1311,9 @@ void ppc_translate_init(void); * is returned if the signal was handled by the virtual CPU. */ int cpu_ppc_signal_handler(int host_signum, void *pinfo, void *puc); -#if defined(CONFIG_USER_ONLY) -int ppc_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int size, int rw, - int mmu_idx); -#endif +bool ppc_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); #if !defined(CONFIG_USER_ONLY) void ppc_store_sdr1(CPUPPCState *env, target_ulong value); diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c index 1dbc9acb75..e605efa883 100644 --- a/target/ppc/mmu_helper.c +++ b/target/ppc/mmu_helper.c @@ -3057,15 +3057,9 @@ void helper_check_tlb_flush_global(CPUPPCState *env) /*****************************************************************************/ -/* - * try to fill the TLB and return an exception if error. If retaddr is - * NULL, it means that the function was called in C code (i.e. not - * from generated code or from helper.c) - * - * XXX: fix it to restore all registers - */ -void tlb_fill(CPUState *cs, target_ulong addr, int size, - MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) +bool ppc_cpu_tlb_fill(CPUState *cs, vaddr addr, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { PowerPCCPU *cpu = POWERPC_CPU(cs); PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cs); @@ -3078,7 +3072,11 @@ void tlb_fill(CPUState *cs, target_ulong addr, int size, ret = cpu_ppc_handle_mmu_fault(env, addr, access_type, mmu_idx); } if (unlikely(ret != 0)) { + if (probe) { + return false; + } raise_exception_err_ra(env, cs->exception_index, env->error_code, retaddr); } + return true; } diff --git a/target/ppc/translate_init.inc.c b/target/ppc/translate_init.inc.c index 0394a9ddad..ad5e14b16f 100644 --- a/target/ppc/translate_init.inc.c +++ b/target/ppc/translate_init.inc.c @@ -10592,9 +10592,7 @@ static void ppc_cpu_class_init(ObjectClass *oc, void *data) cc->gdb_read_register = ppc_cpu_gdb_read_register; cc->gdb_write_register = ppc_cpu_gdb_write_register; cc->do_unaligned_access = ppc_cpu_do_unaligned_access; -#ifdef CONFIG_USER_ONLY - cc->handle_mmu_fault = ppc_cpu_handle_mmu_fault; -#else +#ifndef CONFIG_USER_ONLY cc->get_phys_page_debug = ppc_cpu_get_phys_page_debug; cc->vmsd = &vmstate_ppc_cpu; #endif @@ -10624,6 +10622,7 @@ static void ppc_cpu_class_init(ObjectClass *oc, void *data) #endif #ifdef CONFIG_TCG cc->tcg_initialize = ppc_translate_init; + cc->tlb_fill = ppc_cpu_tlb_fill; #endif cc->disas_set_info = ppc_disas_set_info; diff --git a/target/ppc/user_only_helper.c b/target/ppc/user_only_helper.c index 2f1477f102..683c03390d 100644 --- a/target/ppc/user_only_helper.c +++ b/target/ppc/user_only_helper.c @@ -20,21 +20,24 @@ #include "qemu/osdep.h" #include "cpu.h" +#include "exec/exec-all.h" -int ppc_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, - int mmu_idx) + +bool ppc_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { PowerPCCPU *cpu = POWERPC_CPU(cs); CPUPPCState *env = &cpu->env; int exception, error_code; - if (rw == 2) { + if (access_type == MMU_INST_FETCH) { exception = POWERPC_EXCP_ISI; error_code = 0x40000000; } else { exception = POWERPC_EXCP_DSI; error_code = 0x40000000; - if (rw) { + if (access_type == MMU_DATA_STORE) { error_code |= 0x02000000; } env->spr[SPR_DAR] = address; @@ -42,6 +45,5 @@ int ppc_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, } cs->exception_index = exception; env->error_code = error_code; - - return 1; + cpu_loop_exit_restore(cs, retaddr); } diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index 1bcf4eaeb8..b7675707e0 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -355,14 +355,13 @@ static void riscv_cpu_class_init(ObjectClass *c, void *data) #endif cc->gdb_stop_before_watchpoint = true; cc->disas_set_info = riscv_cpu_disas_set_info; -#ifdef CONFIG_USER_ONLY - cc->handle_mmu_fault = riscv_cpu_handle_mmu_fault; -#else +#ifndef CONFIG_USER_ONLY cc->do_unaligned_access = riscv_cpu_do_unaligned_access; cc->get_phys_page_debug = riscv_cpu_get_phys_page_debug; #endif #ifdef CONFIG_TCG cc->tcg_initialize = riscv_translate_init; + cc->tlb_fill = riscv_cpu_tlb_fill; #endif /* For now, mark unmigratable: */ cc->vmsd = &vmstate_riscv_cpu; diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 7d9f48973f..c17184f4e4 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -261,8 +261,9 @@ hwaddr riscv_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr); void riscv_cpu_do_unaligned_access(CPUState *cs, vaddr addr, MMUAccessType access_type, int mmu_idx, uintptr_t retaddr); -int riscv_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int size, - int rw, int mmu_idx); +bool riscv_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); char *riscv_isa_string(RISCVCPU *cpu); void riscv_cpu_list(void); diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index b17f169681..41d6db41c3 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -378,54 +378,44 @@ void riscv_cpu_do_unaligned_access(CPUState *cs, vaddr addr, env->badaddr = addr; riscv_raise_exception(env, cs->exception_index, retaddr); } - -/* called by qemu's softmmu to fill the qemu tlb */ -void tlb_fill(CPUState *cs, target_ulong addr, int size, - MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) -{ - int ret; - ret = riscv_cpu_handle_mmu_fault(cs, addr, size, access_type, mmu_idx); - if (ret == TRANSLATE_FAIL) { - RISCVCPU *cpu = RISCV_CPU(cs); - CPURISCVState *env = &cpu->env; - riscv_raise_exception(env, cs->exception_index, retaddr); - } -} - #endif -int riscv_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, - int rw, int mmu_idx) +bool riscv_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { +#ifndef CONFIG_USER_ONLY RISCVCPU *cpu = RISCV_CPU(cs); CPURISCVState *env = &cpu->env; -#if !defined(CONFIG_USER_ONLY) hwaddr pa = 0; int prot; -#endif int ret = TRANSLATE_FAIL; - qemu_log_mask(CPU_LOG_MMU, - "%s pc " TARGET_FMT_lx " ad %" VADDR_PRIx " rw %d mmu_idx \ - %d\n", __func__, env->pc, address, rw, mmu_idx); + qemu_log_mask(CPU_LOG_MMU, "%s ad %" VADDR_PRIx " rw %d mmu_idx %d\n", + __func__, address, access_type, mmu_idx); + + ret = get_physical_address(env, &pa, &prot, address, access_type, mmu_idx); -#if !defined(CONFIG_USER_ONLY) - ret = get_physical_address(env, &pa, &prot, address, rw, mmu_idx); qemu_log_mask(CPU_LOG_MMU, - "%s address=%" VADDR_PRIx " ret %d physical " TARGET_FMT_plx - " prot %d\n", __func__, address, ret, pa, prot); + "%s address=%" VADDR_PRIx " ret %d physical " TARGET_FMT_plx + " prot %d\n", __func__, address, ret, pa, prot); + if (riscv_feature(env, RISCV_FEATURE_PMP) && - !pmp_hart_has_privs(env, pa, TARGET_PAGE_SIZE, 1 << rw)) { + !pmp_hart_has_privs(env, pa, TARGET_PAGE_SIZE, 1 << access_type)) { ret = TRANSLATE_FAIL; } if (ret == TRANSLATE_SUCCESS) { tlb_set_page(cs, address & TARGET_PAGE_MASK, pa & TARGET_PAGE_MASK, prot, mmu_idx, TARGET_PAGE_SIZE); - } else if (ret == TRANSLATE_FAIL) { - raise_mmu_exception(env, address, rw); + return true; + } else if (probe) { + return false; + } else { + raise_mmu_exception(env, address, access_type); + riscv_raise_exception(env, cs->exception_index, retaddr); } #else - switch (rw) { + switch (access_type) { case MMU_INST_FETCH: cs->exception_index = RISCV_EXCP_INST_PAGE_FAULT; break; @@ -436,8 +426,8 @@ int riscv_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, cs->exception_index = RISCV_EXCP_STORE_PAGE_FAULT; break; } + cpu_loop_exit_restore(cs, retaddr); #endif - return ret; } /* diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c index b58ef0a8ef..b1df63d82c 100644 --- a/target/s390x/cpu.c +++ b/target/s390x/cpu.c @@ -478,9 +478,7 @@ static void s390_cpu_class_init(ObjectClass *oc, void *data) cc->set_pc = s390_cpu_set_pc; cc->gdb_read_register = s390_cpu_gdb_read_register; cc->gdb_write_register = s390_cpu_gdb_write_register; -#ifdef CONFIG_USER_ONLY - cc->handle_mmu_fault = s390_cpu_handle_mmu_fault; -#else +#ifndef CONFIG_USER_ONLY cc->get_phys_page_debug = s390_cpu_get_phys_page_debug; cc->vmsd = &vmstate_s390_cpu; cc->write_elf64_note = s390_cpu_write_elf64_note; @@ -493,6 +491,7 @@ static void s390_cpu_class_init(ObjectClass *oc, void *data) cc->disas_set_info = s390_cpu_disas_set_info; #ifdef CONFIG_TCG cc->tcg_initialize = s390x_translate_init; + cc->tlb_fill = s390_cpu_tlb_fill; #endif cc->gdb_num_core_regs = S390_NUM_CORE_REGS; diff --git a/target/s390x/excp_helper.c b/target/s390x/excp_helper.c index f84bfb1284..3a467b72c5 100644 --- a/target/s390x/excp_helper.c +++ b/target/s390x/excp_helper.c @@ -74,8 +74,9 @@ void s390_cpu_do_interrupt(CPUState *cs) cs->exception_index = -1; } -int s390_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, - int rw, int mmu_idx) +bool s390_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { S390CPU *cpu = S390_CPU(cs); @@ -83,7 +84,7 @@ int s390_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, /* On real machines this value is dropped into LowMem. Since this is userland, simply put this someplace that cpu_loop can find it. */ cpu->env.__excp_addr = address; - return 1; + cpu_loop_exit_restore(cs, retaddr); } #else /* !CONFIG_USER_ONLY */ @@ -102,19 +103,20 @@ static inline uint64_t cpu_mmu_idx_to_asc(int mmu_idx) } } -int s390_cpu_handle_mmu_fault(CPUState *cs, vaddr orig_vaddr, int size, - int rw, int mmu_idx) +bool s390_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { S390CPU *cpu = S390_CPU(cs); CPUS390XState *env = &cpu->env; target_ulong vaddr, raddr; uint64_t asc; - int prot; + int prot, fail; qemu_log_mask(CPU_LOG_MMU, "%s: addr 0x%" VADDR_PRIx " rw %d mmu_idx %d\n", - __func__, orig_vaddr, rw, mmu_idx); + __func__, address, access_type, mmu_idx); - vaddr = orig_vaddr; + vaddr = address; if (mmu_idx < MMU_REAL_IDX) { asc = cpu_mmu_idx_to_asc(mmu_idx); @@ -122,39 +124,58 @@ int s390_cpu_handle_mmu_fault(CPUState *cs, vaddr orig_vaddr, int size, if (!(env->psw.mask & PSW_MASK_64)) { vaddr &= 0x7fffffff; } - if (mmu_translate(env, vaddr, rw, asc, &raddr, &prot, true)) { - return 1; - } + fail = mmu_translate(env, vaddr, access_type, asc, &raddr, &prot, true); } else if (mmu_idx == MMU_REAL_IDX) { /* 31-Bit mode */ if (!(env->psw.mask & PSW_MASK_64)) { vaddr &= 0x7fffffff; } - if (mmu_translate_real(env, vaddr, rw, &raddr, &prot)) { - return 1; - } + fail = mmu_translate_real(env, vaddr, access_type, &raddr, &prot); } else { - abort(); + g_assert_not_reached(); } /* check out of RAM access */ - if (!address_space_access_valid(&address_space_memory, raddr, - TARGET_PAGE_SIZE, rw, + if (!fail && + !address_space_access_valid(&address_space_memory, raddr, + TARGET_PAGE_SIZE, access_type, MEMTXATTRS_UNSPECIFIED)) { qemu_log_mask(CPU_LOG_MMU, "%s: raddr %" PRIx64 " > ram_size %" PRIx64 "\n", __func__, (uint64_t)raddr, (uint64_t)ram_size); trigger_pgm_exception(env, PGM_ADDRESSING, ILEN_AUTO); - return 1; + fail = 1; } - qemu_log_mask(CPU_LOG_MMU, "%s: set tlb %" PRIx64 " -> %" PRIx64 " (%x)\n", - __func__, (uint64_t)vaddr, (uint64_t)raddr, prot); + if (!fail) { + qemu_log_mask(CPU_LOG_MMU, + "%s: set tlb %" PRIx64 " -> %" PRIx64 " (%x)\n", + __func__, (uint64_t)vaddr, (uint64_t)raddr, prot); + tlb_set_page(cs, address & TARGET_PAGE_MASK, raddr, prot, + mmu_idx, TARGET_PAGE_SIZE); + return true; + } + if (probe) { + return false; + } - tlb_set_page(cs, orig_vaddr & TARGET_PAGE_MASK, raddr, prot, - mmu_idx, TARGET_PAGE_SIZE); + cpu_restore_state(cs, retaddr, true); + + /* + * The ILC value for code accesses is undefined. The important + * thing here is to *not* leave env->int_pgm_ilen set to ILEN_AUTO, + * which would cause do_program_interrupt to attempt to read from + * env->psw.addr again. C.f. the condition in trigger_page_fault, + * but is not universally applied. + * + * ??? If we remove ILEN_AUTO, by moving the computation of ILEN + * into cpu_restore_state, then we may remove this entirely. + */ + if (access_type == MMU_INST_FETCH) { + env->int_pgm_ilen = 2; + } - return 0; + cpu_loop_exit(cs); } static void do_program_interrupt(CPUS390XState *env) diff --git a/target/s390x/internal.h b/target/s390x/internal.h index 26575f2130..56534b38e0 100644 --- a/target/s390x/internal.h +++ b/target/s390x/internal.h @@ -263,8 +263,9 @@ ObjectClass *s390_cpu_class_by_name(const char *name); void s390x_cpu_debug_excp_handler(CPUState *cs); void s390_cpu_do_interrupt(CPUState *cpu); bool s390_cpu_exec_interrupt(CPUState *cpu, int int_req); -int s390_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int size, int rw, - int mmu_idx); +bool s390_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); void s390x_cpu_do_unaligned_access(CPUState *cs, vaddr addr, MMUAccessType access_type, int mmu_idx, uintptr_t retaddr); diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c index 3f76a8abfd..ffd5f02fbe 100644 --- a/target/s390x/mem_helper.c +++ b/target/s390x/mem_helper.c @@ -33,22 +33,6 @@ /*****************************************************************************/ /* Softmmu support */ -#if !defined(CONFIG_USER_ONLY) - -/* try to fill the TLB and return an exception if error. If retaddr is - NULL, it means that the function was called in C code (i.e. not - from generated code or from helper.c) */ -/* XXX: fix it to restore all registers */ -void tlb_fill(CPUState *cs, target_ulong addr, int size, - MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) -{ - int ret = s390_cpu_handle_mmu_fault(cs, addr, size, access_type, mmu_idx); - if (unlikely(ret != 0)) { - cpu_loop_exit_restore(cs, retaddr); - } -} - -#endif /* #define DEBUG_HELPER */ #ifdef DEBUG_HELPER diff --git a/target/sh4/cpu.c b/target/sh4/cpu.c index da2799082e..c4736a0a73 100644 --- a/target/sh4/cpu.c +++ b/target/sh4/cpu.c @@ -229,9 +229,8 @@ static void superh_cpu_class_init(ObjectClass *oc, void *data) cc->synchronize_from_tb = superh_cpu_synchronize_from_tb; cc->gdb_read_register = superh_cpu_gdb_read_register; cc->gdb_write_register = superh_cpu_gdb_write_register; -#ifdef CONFIG_USER_ONLY - cc->handle_mmu_fault = superh_cpu_handle_mmu_fault; -#else + cc->tlb_fill = superh_cpu_tlb_fill; +#ifndef CONFIG_USER_ONLY cc->do_unaligned_access = superh_cpu_do_unaligned_access; cc->get_phys_page_debug = superh_cpu_get_phys_page_debug; #endif diff --git a/target/sh4/cpu.h b/target/sh4/cpu.h index 1be36fe875..547194aac7 100644 --- a/target/sh4/cpu.h +++ b/target/sh4/cpu.h @@ -243,8 +243,9 @@ void superh_cpu_do_unaligned_access(CPUState *cpu, vaddr addr, void sh4_translate_init(void); int cpu_sh4_signal_handler(int host_signum, void *pinfo, void *puc); -int superh_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int size, int rw, - int mmu_idx); +bool superh_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); void sh4_cpu_list(void); #if !defined(CONFIG_USER_ONLY) diff --git a/target/sh4/helper.c b/target/sh4/helper.c index fa51269fb1..fda195e7cb 100644 --- a/target/sh4/helper.c +++ b/target/sh4/helper.c @@ -27,43 +27,6 @@ #include "hw/sh4/sh_intc.h" #endif -#if defined(CONFIG_USER_ONLY) - -void superh_cpu_do_interrupt(CPUState *cs) -{ - cs->exception_index = -1; -} - -int superh_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, - int mmu_idx) -{ - SuperHCPU *cpu = SUPERH_CPU(cs); - CPUSH4State *env = &cpu->env; - - env->tea = address; - cs->exception_index = -1; - switch (rw) { - case 0: - cs->exception_index = 0x0a0; - break; - case 1: - cs->exception_index = 0x0c0; - break; - case 2: - cs->exception_index = 0x0a0; - break; - } - return 1; -} - -int cpu_sh4_is_cached(CPUSH4State * env, target_ulong addr) -{ - /* For user mode, only U0 area is cacheable. */ - return !(addr & 0x80000000); -} - -#else /* !CONFIG_USER_ONLY */ - #define MMU_OK 0 #define MMU_ITLB_MISS (-1) #define MMU_ITLB_MULTIPLE (-2) @@ -79,6 +42,21 @@ int cpu_sh4_is_cached(CPUSH4State * env, target_ulong addr) #define MMU_DADDR_ERROR_READ (-12) #define MMU_DADDR_ERROR_WRITE (-13) +#if defined(CONFIG_USER_ONLY) + +void superh_cpu_do_interrupt(CPUState *cs) +{ + cs->exception_index = -1; +} + +int cpu_sh4_is_cached(CPUSH4State *env, target_ulong addr) +{ + /* For user mode, only U0 area is cacheable. */ + return !(addr & 0x80000000); +} + +#else /* !CONFIG_USER_ONLY */ + void superh_cpu_do_interrupt(CPUState *cs) { SuperHCPU *cpu = SUPERH_CPU(cs); @@ -458,69 +436,6 @@ static int get_physical_address(CPUSH4State * env, target_ulong * physical, return get_mmu_address(env, physical, prot, address, rw, access_type); } -int superh_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, - int mmu_idx) -{ - SuperHCPU *cpu = SUPERH_CPU(cs); - CPUSH4State *env = &cpu->env; - target_ulong physical; - int prot, ret, access_type; - - access_type = ACCESS_INT; - ret = - get_physical_address(env, &physical, &prot, address, rw, - access_type); - - if (ret != MMU_OK) { - env->tea = address; - if (ret != MMU_DTLB_MULTIPLE && ret != MMU_ITLB_MULTIPLE) { - env->pteh = (env->pteh & PTEH_ASID_MASK) | - (address & PTEH_VPN_MASK); - } - switch (ret) { - case MMU_ITLB_MISS: - case MMU_DTLB_MISS_READ: - cs->exception_index = 0x040; - break; - case MMU_DTLB_MULTIPLE: - case MMU_ITLB_MULTIPLE: - cs->exception_index = 0x140; - break; - case MMU_ITLB_VIOLATION: - cs->exception_index = 0x0a0; - break; - case MMU_DTLB_MISS_WRITE: - cs->exception_index = 0x060; - break; - case MMU_DTLB_INITIAL_WRITE: - cs->exception_index = 0x080; - break; - case MMU_DTLB_VIOLATION_READ: - cs->exception_index = 0x0a0; - break; - case MMU_DTLB_VIOLATION_WRITE: - cs->exception_index = 0x0c0; - break; - case MMU_IADDR_ERROR: - case MMU_DADDR_ERROR_READ: - cs->exception_index = 0x0e0; - break; - case MMU_DADDR_ERROR_WRITE: - cs->exception_index = 0x100; - break; - default: - cpu_abort(cs, "Unhandled MMU fault"); - } - return 1; - } - - address &= TARGET_PAGE_MASK; - physical &= TARGET_PAGE_MASK; - - tlb_set_page(cs, address, physical, prot, mmu_idx, TARGET_PAGE_SIZE); - return 0; -} - hwaddr superh_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) { SuperHCPU *cpu = SUPERH_CPU(cs); @@ -745,7 +660,6 @@ void cpu_sh4_write_mmaped_utlb_addr(CPUSH4State *s, hwaddr addr, if (needs_tlb_flush) { tlb_flush_page(CPU(sh_env_get_cpu(s)), vpn << 10); } - } else { int index = (addr & 0x00003f00) >> 8; tlb_t * entry = &s->utlb[index]; @@ -885,3 +799,76 @@ bool superh_cpu_exec_interrupt(CPUState *cs, int interrupt_request) } return false; } + +bool superh_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) +{ + SuperHCPU *cpu = SUPERH_CPU(cs); + CPUSH4State *env = &cpu->env; + int ret; + +#ifdef CONFIG_USER_ONLY + ret = (access_type == MMU_DATA_STORE ? MMU_DTLB_VIOLATION_WRITE : + access_type == MMU_INST_FETCH ? MMU_ITLB_VIOLATION : + MMU_DTLB_VIOLATION_READ); +#else + target_ulong physical; + int prot, sh_access_type; + + sh_access_type = ACCESS_INT; + ret = get_physical_address(env, &physical, &prot, address, + access_type, sh_access_type); + + if (ret == MMU_OK) { + address &= TARGET_PAGE_MASK; + physical &= TARGET_PAGE_MASK; + tlb_set_page(cs, address, physical, prot, mmu_idx, TARGET_PAGE_SIZE); + return true; + } + if (probe) { + return false; + } + + if (ret != MMU_DTLB_MULTIPLE && ret != MMU_ITLB_MULTIPLE) { + env->pteh = (env->pteh & PTEH_ASID_MASK) | (address & PTEH_VPN_MASK); + } +#endif + + env->tea = address; + switch (ret) { + case MMU_ITLB_MISS: + case MMU_DTLB_MISS_READ: + cs->exception_index = 0x040; + break; + case MMU_DTLB_MULTIPLE: + case MMU_ITLB_MULTIPLE: + cs->exception_index = 0x140; + break; + case MMU_ITLB_VIOLATION: + cs->exception_index = 0x0a0; + break; + case MMU_DTLB_MISS_WRITE: + cs->exception_index = 0x060; + break; + case MMU_DTLB_INITIAL_WRITE: + cs->exception_index = 0x080; + break; + case MMU_DTLB_VIOLATION_READ: + cs->exception_index = 0x0a0; + break; + case MMU_DTLB_VIOLATION_WRITE: + cs->exception_index = 0x0c0; + break; + case MMU_IADDR_ERROR: + case MMU_DADDR_ERROR_READ: + cs->exception_index = 0x0e0; + break; + case MMU_DADDR_ERROR_WRITE: + cs->exception_index = 0x100; + break; + default: + cpu_abort(cs, "Unhandled MMU fault"); + } + cpu_loop_exit_restore(cs, retaddr); +} diff --git a/target/sh4/op_helper.c b/target/sh4/op_helper.c index 28027f9e0b..bd5d782b50 100644 --- a/target/sh4/op_helper.c +++ b/target/sh4/op_helper.c @@ -41,18 +41,6 @@ void superh_cpu_do_unaligned_access(CPUState *cs, vaddr addr, cpu_loop_exit_restore(cs, retaddr); } -void tlb_fill(CPUState *cs, target_ulong addr, int size, - MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) -{ - int ret; - - ret = superh_cpu_handle_mmu_fault(cs, addr, size, access_type, mmu_idx); - if (ret) { - /* now we have a real cpu fault */ - cpu_loop_exit_restore(cs, retaddr); - } -} - #endif void helper_ldtlb(CPUSH4State *env) diff --git a/target/sparc/cpu.c b/target/sparc/cpu.c index 4654c2a6a0..f93ce72eb9 100644 --- a/target/sparc/cpu.c +++ b/target/sparc/cpu.c @@ -875,9 +875,8 @@ static void sparc_cpu_class_init(ObjectClass *oc, void *data) cc->synchronize_from_tb = sparc_cpu_synchronize_from_tb; cc->gdb_read_register = sparc_cpu_gdb_read_register; cc->gdb_write_register = sparc_cpu_gdb_write_register; -#ifdef CONFIG_USER_ONLY - cc->handle_mmu_fault = sparc_cpu_handle_mmu_fault; -#else + cc->tlb_fill = sparc_cpu_tlb_fill; +#ifndef CONFIG_USER_ONLY cc->do_unassigned_access = sparc_cpu_unassigned_access; cc->do_unaligned_access = sparc_cpu_do_unaligned_access; cc->get_phys_page_debug = sparc_cpu_get_phys_page_debug; diff --git a/target/sparc/cpu.h b/target/sparc/cpu.h index 85b9665ccc..f31e8535df 100644 --- a/target/sparc/cpu.h +++ b/target/sparc/cpu.h @@ -579,8 +579,9 @@ void cpu_raise_exception_ra(CPUSPARCState *, int, uintptr_t) QEMU_NORETURN; void cpu_sparc_set_id(CPUSPARCState *env, unsigned int cpu); void sparc_cpu_list(void); /* mmu_helper.c */ -int sparc_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int size, int rw, - int mmu_idx); +bool sparc_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); target_ulong mmu_probe(CPUSPARCState *env, target_ulong address, int mmulev); void dump_mmu(CPUSPARCState *env); diff --git a/target/sparc/ldst_helper.c b/target/sparc/ldst_helper.c index a7fcb84ac0..b4bf6faf41 100644 --- a/target/sparc/ldst_helper.c +++ b/target/sparc/ldst_helper.c @@ -1924,19 +1924,4 @@ void QEMU_NORETURN sparc_cpu_do_unaligned_access(CPUState *cs, vaddr addr, #endif cpu_raise_exception_ra(env, TT_UNALIGNED, retaddr); } - -/* try to fill the TLB and return an exception if error. If retaddr is - NULL, it means that the function was called in C code (i.e. not - from generated code or from helper.c) */ -/* XXX: fix it to restore all registers */ -void tlb_fill(CPUState *cs, target_ulong addr, int size, - MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) -{ - int ret; - - ret = sparc_cpu_handle_mmu_fault(cs, addr, size, access_type, mmu_idx); - if (ret) { - cpu_loop_exit_restore(cs, retaddr); - } -} #endif diff --git a/target/sparc/mmu_helper.c b/target/sparc/mmu_helper.c index afcc5b617d..facc0c60e9 100644 --- a/target/sparc/mmu_helper.c +++ b/target/sparc/mmu_helper.c @@ -27,13 +27,14 @@ #if defined(CONFIG_USER_ONLY) -int sparc_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, - int mmu_idx) +bool sparc_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { SPARCCPU *cpu = SPARC_CPU(cs); CPUSPARCState *env = &cpu->env; - if (rw & 2) { + if (access_type == MMU_INST_FETCH) { cs->exception_index = TT_TFAULT; } else { cs->exception_index = TT_DFAULT; @@ -43,7 +44,7 @@ int sparc_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, env->mmuregs[4] = address; #endif } - return 1; + cpu_loop_exit_restore(cs, retaddr); } #else @@ -208,8 +209,9 @@ static int get_physical_address(CPUSPARCState *env, hwaddr *physical, } /* Perform address translation */ -int sparc_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, - int mmu_idx) +bool sparc_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { SPARCCPU *cpu = SPARC_CPU(cs); CPUSPARCState *env = &cpu->env; @@ -218,16 +220,26 @@ int sparc_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, target_ulong page_size; int error_code = 0, prot, access_index; + /* + * TODO: If we ever need tlb_vaddr_to_host for this target, + * then we must figure out how to manipulate FSR and FAR + * when both MMU_NF and probe are set. In the meantime, + * do not support this use case. + */ + assert(!probe); + address &= TARGET_PAGE_MASK; error_code = get_physical_address(env, &paddr, &prot, &access_index, - address, rw, mmu_idx, &page_size); + address, access_type, + mmu_idx, &page_size); vaddr = address; - if (error_code == 0) { + if (likely(error_code == 0)) { qemu_log_mask(CPU_LOG_MMU, - "Translate at %" VADDR_PRIx " -> " TARGET_FMT_plx ", vaddr " - TARGET_FMT_lx "\n", address, paddr, vaddr); + "Translate at %" VADDR_PRIx " -> " + TARGET_FMT_plx ", vaddr " TARGET_FMT_lx "\n", + address, paddr, vaddr); tlb_set_page(cs, vaddr, paddr, prot, mmu_idx, page_size); - return 0; + return true; } if (env->mmuregs[3]) { /* Fault status register */ @@ -243,14 +255,14 @@ int sparc_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, switching to normal mode. */ prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; tlb_set_page(cs, vaddr, paddr, prot, mmu_idx, TARGET_PAGE_SIZE); - return 0; + return true; } else { - if (rw & 2) { + if (access_type == MMU_INST_FETCH) { cs->exception_index = TT_TFAULT; } else { cs->exception_index = TT_DFAULT; } - return 1; + cpu_loop_exit_restore(cs, retaddr); } } @@ -713,8 +725,9 @@ static int get_physical_address(CPUSPARCState *env, hwaddr *physical, } /* Perform address translation */ -int sparc_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, - int mmu_idx) +bool sparc_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { SPARCCPU *cpu = SPARC_CPU(cs); CPUSPARCState *env = &cpu->env; @@ -725,8 +738,9 @@ int sparc_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, address &= TARGET_PAGE_MASK; error_code = get_physical_address(env, &paddr, &prot, &access_index, - address, rw, mmu_idx, &page_size); - if (error_code == 0) { + address, access_type, + mmu_idx, &page_size); + if (likely(error_code == 0)) { vaddr = address; trace_mmu_helper_mmu_fault(address, paddr, mmu_idx, env->tl, @@ -734,10 +748,12 @@ int sparc_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, env->dmmu.mmu_secondary_context); tlb_set_page(cs, vaddr, paddr, prot, mmu_idx, page_size); - return 0; + return true; } - /* XXX */ - return 1; + if (probe) { + return false; + } + cpu_loop_exit_restore(cs, retaddr); } void dump_mmu(CPUSPARCState *env) diff --git a/target/tilegx/cpu.c b/target/tilegx/cpu.c index b9d37105fa..b209c55387 100644 --- a/target/tilegx/cpu.c +++ b/target/tilegx/cpu.c @@ -25,6 +25,7 @@ #include "hw/qdev-properties.h" #include "linux-user/syscall_defs.h" #include "qemu/qemu-print.h" +#include "exec/exec-all.h" static void tilegx_cpu_dump_state(CPUState *cs, FILE *f, int flags) { @@ -111,8 +112,9 @@ static void tilegx_cpu_do_interrupt(CPUState *cs) cs->exception_index = -1; } -static int tilegx_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, - int rw, int mmu_idx) +static bool tilegx_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { TileGXCPU *cpu = TILEGX_CPU(cs); @@ -122,7 +124,7 @@ static int tilegx_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, cpu->env.signo = TARGET_SIGSEGV; cpu->env.sigcode = 0; - return 1; + cpu_loop_exit_restore(cs, retaddr); } static bool tilegx_cpu_exec_interrupt(CPUState *cs, int interrupt_request) @@ -152,7 +154,7 @@ static void tilegx_cpu_class_init(ObjectClass *oc, void *data) cc->cpu_exec_interrupt = tilegx_cpu_exec_interrupt; cc->dump_state = tilegx_cpu_dump_state; cc->set_pc = tilegx_cpu_set_pc; - cc->handle_mmu_fault = tilegx_cpu_handle_mmu_fault; + cc->tlb_fill = tilegx_cpu_tlb_fill; cc->gdb_num_core_regs = 0; cc->tcg_initialize = tilegx_tcg_init; } diff --git a/target/tricore/cpu.c b/target/tricore/cpu.c index e8d37e4040..ea1199d27e 100644 --- a/target/tricore/cpu.c +++ b/target/tricore/cpu.c @@ -166,6 +166,7 @@ static void tricore_cpu_class_init(ObjectClass *c, void *data) cc->synchronize_from_tb = tricore_cpu_synchronize_from_tb; cc->get_phys_page_attrs_debug = tricore_cpu_get_phys_page_attrs_debug; cc->tcg_initialize = tricore_tcg_init; + cc->tlb_fill = tricore_cpu_tlb_fill; } #define DEFINE_TRICORE_CPU_TYPE(cpu_model, initfn) \ diff --git a/target/tricore/cpu.h b/target/tricore/cpu.h index 64d1a9c75e..287f4328a3 100644 --- a/target/tricore/cpu.h +++ b/target/tricore/cpu.h @@ -417,8 +417,8 @@ static inline void cpu_get_tb_cpu_state(CPUTriCoreState *env, target_ulong *pc, #define CPU_RESOLVING_TYPE TYPE_TRICORE_CPU /* helpers.c */ -int cpu_tricore_handle_mmu_fault(CPUState *cpu, target_ulong address, - int rw, int mmu_idx); -#define cpu_handle_mmu_fault cpu_tricore_handle_mmu_fault +bool tricore_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); #endif /* TRICORE_CPU_H */ diff --git a/target/tricore/helper.c b/target/tricore/helper.c index 78ee87c9ea..a680336850 100644 --- a/target/tricore/helper.c +++ b/target/tricore/helper.c @@ -50,8 +50,9 @@ static void raise_mmu_exception(CPUTriCoreState *env, target_ulong address, { } -int cpu_tricore_handle_mmu_fault(CPUState *cs, target_ulong address, - int rw, int mmu_idx) +bool tricore_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType rw, int mmu_idx, + bool probe, uintptr_t retaddr) { TriCoreCPU *cpu = TRICORE_CPU(cs); CPUTriCoreState *env = &cpu->env; @@ -64,20 +65,24 @@ int cpu_tricore_handle_mmu_fault(CPUState *cs, target_ulong address, access_type = ACCESS_INT; ret = get_physical_address(env, &physical, &prot, address, rw, access_type); - qemu_log_mask(CPU_LOG_MMU, "%s address=" TARGET_FMT_lx " ret %d physical " TARGET_FMT_plx - " prot %d\n", __func__, address, ret, physical, prot); + + qemu_log_mask(CPU_LOG_MMU, "%s address=" TARGET_FMT_lx " ret %d physical " + TARGET_FMT_plx " prot %d\n", + __func__, (target_ulong)address, ret, physical, prot); if (ret == TLBRET_MATCH) { tlb_set_page(cs, address & TARGET_PAGE_MASK, physical & TARGET_PAGE_MASK, prot | PAGE_EXEC, mmu_idx, TARGET_PAGE_SIZE); - ret = 0; - } else if (ret < 0) { + return true; + } else { + assert(ret < 0); + if (probe) { + return false; + } raise_mmu_exception(env, address, rw, ret); - ret = 1; + cpu_loop_exit_restore(cs, retaddr); } - - return ret; } static void tricore_cpu_list_entry(gpointer data, gpointer user_data) diff --git a/target/tricore/op_helper.c b/target/tricore/op_helper.c index ed9dc0c83e..601e92f92a 100644 --- a/target/tricore/op_helper.c +++ b/target/tricore/op_helper.c @@ -2793,29 +2793,3 @@ uint32_t helper_psw_read(CPUTriCoreState *env) { return psw_read(env); } - - -static inline void QEMU_NORETURN do_raise_exception_err(CPUTriCoreState *env, - uint32_t exception, - int error_code, - uintptr_t pc) -{ - CPUState *cs = CPU(tricore_env_get_cpu(env)); - cs->exception_index = exception; - env->error_code = error_code; - /* now we have a real cpu fault */ - cpu_loop_exit_restore(cs, pc); -} - -void tlb_fill(CPUState *cs, target_ulong addr, int size, - MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) -{ - int ret; - ret = cpu_tricore_handle_mmu_fault(cs, addr, access_type, mmu_idx); - if (ret) { - TriCoreCPU *cpu = TRICORE_CPU(cs); - CPUTriCoreState *env = &cpu->env; - do_raise_exception_err(env, cs->exception_index, - env->error_code, retaddr); - } -} diff --git a/target/unicore32/cpu.c b/target/unicore32/cpu.c index 2b49d1ca40..3f57c508a0 100644 --- a/target/unicore32/cpu.c +++ b/target/unicore32/cpu.c @@ -138,11 +138,8 @@ static void uc32_cpu_class_init(ObjectClass *oc, void *data) cc->cpu_exec_interrupt = uc32_cpu_exec_interrupt; cc->dump_state = uc32_cpu_dump_state; cc->set_pc = uc32_cpu_set_pc; -#ifdef CONFIG_USER_ONLY - cc->handle_mmu_fault = uc32_cpu_handle_mmu_fault; -#else + cc->tlb_fill = uc32_cpu_tlb_fill; cc->get_phys_page_debug = uc32_cpu_get_phys_page_debug; -#endif cc->tcg_initialize = uc32_translate_init; dc->vmsd = &vmstate_uc32_cpu; } diff --git a/target/unicore32/cpu.h b/target/unicore32/cpu.h index 24abe5e5c0..f052ee08bf 100644 --- a/target/unicore32/cpu.h +++ b/target/unicore32/cpu.h @@ -178,8 +178,9 @@ static inline void cpu_get_tb_cpu_state(CPUUniCore32State *env, target_ulong *pc } } -int uc32_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int size, int rw, - int mmu_idx); +bool uc32_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); void uc32_translate_init(void); void switch_mode(CPUUniCore32State *, int); diff --git a/target/unicore32/helper.c b/target/unicore32/helper.c index a5ff2ddb74..0d4914b48d 100644 --- a/target/unicore32/helper.c +++ b/target/unicore32/helper.c @@ -215,29 +215,6 @@ void helper_cp1_putc(target_ulong x) } #endif -#ifdef CONFIG_USER_ONLY -void switch_mode(CPUUniCore32State *env, int mode) -{ - UniCore32CPU *cpu = uc32_env_get_cpu(env); - - if (mode != ASR_MODE_USER) { - cpu_abort(CPU(cpu), "Tried to switch out of user mode\n"); - } -} - -void uc32_cpu_do_interrupt(CPUState *cs) -{ - cpu_abort(cs, "NO interrupt in user mode\n"); -} - -int uc32_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, - int access_type, int mmu_idx) -{ - cpu_abort(cs, "NO mmu fault in user mode\n"); - return 1; -} -#endif - bool uc32_cpu_exec_interrupt(CPUState *cs, int interrupt_request) { if (interrupt_request & CPU_INTERRUPT_HARD) { diff --git a/target/unicore32/op_helper.c b/target/unicore32/op_helper.c index e0a15882d3..797ba60dc9 100644 --- a/target/unicore32/op_helper.c +++ b/target/unicore32/op_helper.c @@ -242,17 +242,3 @@ uint32_t HELPER(ror_cc)(CPUUniCore32State *env, uint32_t x, uint32_t i) return ((uint32_t)x >> shift) | (x << (32 - shift)); } } - -#ifndef CONFIG_USER_ONLY -void tlb_fill(CPUState *cs, target_ulong addr, int size, - MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) -{ - int ret; - - ret = uc32_cpu_handle_mmu_fault(cs, addr, size, access_type, mmu_idx); - if (unlikely(ret)) { - /* now we have a real cpu fault */ - cpu_loop_exit_restore(cs, retaddr); - } -} -#endif diff --git a/target/unicore32/softmmu.c b/target/unicore32/softmmu.c index 00c7e0d028..27f218abf0 100644 --- a/target/unicore32/softmmu.c +++ b/target/unicore32/softmmu.c @@ -215,8 +215,9 @@ do_fault: return code; } -int uc32_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, - int access_type, int mmu_idx) +bool uc32_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { UniCore32CPU *cpu = UNICORE32_CPU(cs); CPUUniCore32State *env = &cpu->env; @@ -257,7 +258,11 @@ int uc32_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, phys_addr &= TARGET_PAGE_MASK; address &= TARGET_PAGE_MASK; tlb_set_page(cs, address, phys_addr, prot, mmu_idx, page_size); - return 0; + return true; + } + + if (probe) { + return false; } env->cp0.c3_faultstatus = ret; @@ -267,7 +272,7 @@ int uc32_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, } else { cs->exception_index = UC32_EXCP_DTRAP; } - return ret; + cpu_loop_exit_restore(cs, retaddr); } hwaddr uc32_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) diff --git a/target/xtensa/cpu.c b/target/xtensa/cpu.c index a54dbe4260..da1236377e 100644 --- a/target/xtensa/cpu.c +++ b/target/xtensa/cpu.c @@ -181,9 +181,8 @@ static void xtensa_cpu_class_init(ObjectClass *oc, void *data) cc->gdb_read_register = xtensa_cpu_gdb_read_register; cc->gdb_write_register = xtensa_cpu_gdb_write_register; cc->gdb_stop_before_watchpoint = true; -#ifdef CONFIG_USER_ONLY - cc->handle_mmu_fault = xtensa_cpu_handle_mmu_fault; -#else + cc->tlb_fill = xtensa_cpu_tlb_fill; +#ifndef CONFIG_USER_ONLY cc->do_unaligned_access = xtensa_cpu_do_unaligned_access; cc->get_phys_page_debug = xtensa_cpu_get_phys_page_debug; cc->do_transaction_failed = xtensa_cpu_do_transaction_failed; diff --git a/target/xtensa/cpu.h b/target/xtensa/cpu.h index 5d23e1345b..68d89f8faf 100644 --- a/target/xtensa/cpu.h +++ b/target/xtensa/cpu.h @@ -552,8 +552,9 @@ static inline XtensaCPU *xtensa_env_get_cpu(const CPUXtensaState *env) #define ENV_OFFSET offsetof(XtensaCPU, env) -int xtensa_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int rw, int size, - int mmu_idx); +bool xtensa_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr); void xtensa_cpu_do_interrupt(CPUState *cpu); bool xtensa_cpu_exec_interrupt(CPUState *cpu, int interrupt_request); void xtensa_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr, vaddr addr, diff --git a/target/xtensa/helper.c b/target/xtensa/helper.c index 5f37f378a3..efb966b3bf 100644 --- a/target/xtensa/helper.c +++ b/target/xtensa/helper.c @@ -240,19 +240,21 @@ void xtensa_cpu_list(void) #ifdef CONFIG_USER_ONLY -int xtensa_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw, - int mmu_idx) +bool xtensa_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { XtensaCPU *cpu = XTENSA_CPU(cs); CPUXtensaState *env = &cpu->env; qemu_log_mask(CPU_LOG_INT, "%s: rw = %d, address = 0x%08" VADDR_PRIx ", size = %d\n", - __func__, rw, address, size); + __func__, access_type, address, size); env->sregs[EXCVADDR] = address; - env->sregs[EXCCAUSE] = rw ? STORE_PROHIBITED_CAUSE : LOAD_PROHIBITED_CAUSE; + env->sregs[EXCCAUSE] = (access_type == MMU_DATA_STORE ? + STORE_PROHIBITED_CAUSE : LOAD_PROHIBITED_CAUSE); cs->exception_index = EXC_USER; - return 1; + cpu_loop_exit_restore(cs, retaddr); } #else @@ -273,28 +275,33 @@ void xtensa_cpu_do_unaligned_access(CPUState *cs, } } -void tlb_fill(CPUState *cs, target_ulong vaddr, int size, - MMUAccessType access_type, int mmu_idx, uintptr_t retaddr) +bool xtensa_cpu_tlb_fill(CPUState *cs, vaddr address, int size, + MMUAccessType access_type, int mmu_idx, + bool probe, uintptr_t retaddr) { XtensaCPU *cpu = XTENSA_CPU(cs); CPUXtensaState *env = &cpu->env; uint32_t paddr; uint32_t page_size; unsigned access; - int ret = xtensa_get_physical_addr(env, true, vaddr, access_type, mmu_idx, - &paddr, &page_size, &access); + int ret = xtensa_get_physical_addr(env, true, address, access_type, + mmu_idx, &paddr, &page_size, &access); - qemu_log_mask(CPU_LOG_MMU, "%s(%08x, %d, %d) -> %08x, ret = %d\n", - __func__, vaddr, access_type, mmu_idx, paddr, ret); + qemu_log_mask(CPU_LOG_MMU, "%s(%08" VADDR_PRIx + ", %d, %d) -> %08x, ret = %d\n", + __func__, address, access_type, mmu_idx, paddr, ret); if (ret == 0) { tlb_set_page(cs, - vaddr & TARGET_PAGE_MASK, + address & TARGET_PAGE_MASK, paddr & TARGET_PAGE_MASK, access, mmu_idx, page_size); + return true; + } else if (probe) { + return false; } else { cpu_restore_state(cs, retaddr, true); - HELPER(exception_cause_vaddr)(env, env->pc, ret, vaddr); + HELPER(exception_cause_vaddr)(env, env->pc, ret, address); } } |