diff options
Diffstat (limited to 'qemu/target-cris/mmu.c')
-rw-r--r-- | qemu/target-cris/mmu.c | 363 |
1 files changed, 363 insertions, 0 deletions
diff --git a/qemu/target-cris/mmu.c b/qemu/target-cris/mmu.c new file mode 100644 index 000000000..1c95a415f --- /dev/null +++ b/qemu/target-cris/mmu.c @@ -0,0 +1,363 @@ +/* + * CRIS mmu emulation. + * + * Copyright (c) 2007 AXIS Communications AB + * Written by Edgar E. Iglesias. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/>. + */ + +#ifndef CONFIG_USER_ONLY + +#include "cpu.h" +#include "mmu.h" + +#ifdef DEBUG +#define D(x) x +#define D_LOG(...) qemu_log(__VA_ARGS__) +#else +#define D(x) do { } while (0) +#define D_LOG(...) do { } while (0) +#endif + +void cris_mmu_init(CPUCRISState *env) +{ + env->mmu_rand_lfsr = 0xcccc; +} + +#define SR_POLYNOM 0x8805 +static inline unsigned int compute_polynom(unsigned int sr) +{ + unsigned int i; + unsigned int f; + + f = 0; + for (i = 0; i < 16; i++) + f += ((SR_POLYNOM >> i) & 1) & ((sr >> i) & 1); + + return f; +} + +static void cris_mmu_update_rand_lfsr(CPUCRISState *env) +{ + unsigned int f; + + /* Update lfsr at every fault. */ + f = compute_polynom(env->mmu_rand_lfsr); + env->mmu_rand_lfsr >>= 1; + env->mmu_rand_lfsr |= (f << 15); + env->mmu_rand_lfsr &= 0xffff; +} + +static inline int cris_mmu_enabled(uint32_t rw_gc_cfg) +{ + return (rw_gc_cfg & 12) != 0; +} + +static inline int cris_mmu_segmented_addr(int seg, uint32_t rw_mm_cfg) +{ + return (1 << seg) & rw_mm_cfg; +} + +static uint32_t cris_mmu_translate_seg(CPUCRISState *env, int seg) +{ + uint32_t base; + int i; + + if (seg < 8) + base = env->sregs[SFR_RW_MM_KBASE_LO]; + else + base = env->sregs[SFR_RW_MM_KBASE_HI]; + + i = seg & 7; + base >>= i * 4; + base &= 15; + + base <<= 28; + return base; +} +/* Used by the tlb decoder. */ +#define EXTRACT_FIELD(src, start, end) \ + (((src) >> start) & ((1 << (end - start + 1)) - 1)) + +static inline void set_field(uint32_t *dst, unsigned int val, + unsigned int offset, unsigned int width) +{ + uint32_t mask; + + mask = (1 << width) - 1; + mask <<= offset; + val <<= offset; + + val &= mask; + *dst &= ~(mask); + *dst |= val; +} + +#ifdef DEBUG +static void dump_tlb(CPUCRISState *env, int mmu) +{ + int set; + int idx; + uint32_t hi, lo, tlb_vpn, tlb_pfn; + + for (set = 0; set < 4; set++) { + for (idx = 0; idx < 16; idx++) { + lo = env->tlbsets[mmu][set][idx].lo; + hi = env->tlbsets[mmu][set][idx].hi; + tlb_vpn = EXTRACT_FIELD(hi, 13, 31); + tlb_pfn = EXTRACT_FIELD(lo, 13, 31); + + printf ("TLB: [%d][%d] hi=%x lo=%x v=%x p=%x\n", + set, idx, hi, lo, tlb_vpn, tlb_pfn); + } + } +} +#endif + +/* rw 0 = read, 1 = write, 2 = exec. */ +static int cris_mmu_translate_page(struct cris_mmu_result *res, + CPUCRISState *env, uint32_t vaddr, + int rw, int usermode, int debug) +{ + unsigned int vpage; + unsigned int idx; + uint32_t pid, lo, hi; + uint32_t tlb_vpn, tlb_pfn = 0; + int tlb_pid, tlb_g, tlb_v, tlb_k, tlb_w, tlb_x; + int cfg_v, cfg_k, cfg_w, cfg_x; + int set, match = 0; + uint32_t r_cause; + uint32_t r_cfg; + int rwcause; + int mmu = 1; /* Data mmu is default. */ + int vect_base; + + r_cause = env->sregs[SFR_R_MM_CAUSE]; + r_cfg = env->sregs[SFR_RW_MM_CFG]; + pid = env->pregs[PR_PID] & 0xff; + + switch (rw) { + case 2: rwcause = CRIS_MMU_ERR_EXEC; mmu = 0; break; + case 1: rwcause = CRIS_MMU_ERR_WRITE; break; + default: + case 0: rwcause = CRIS_MMU_ERR_READ; break; + } + + /* I exception vectors 4 - 7, D 8 - 11. */ + vect_base = (mmu + 1) * 4; + + vpage = vaddr >> 13; + + /* We know the index which to check on each set. + Scan both I and D. */ +#if 0 + for (set = 0; set < 4; set++) { + for (idx = 0; idx < 16; idx++) { + lo = env->tlbsets[mmu][set][idx].lo; + hi = env->tlbsets[mmu][set][idx].hi; + tlb_vpn = EXTRACT_FIELD(hi, 13, 31); + tlb_pfn = EXTRACT_FIELD(lo, 13, 31); + + printf ("TLB: [%d][%d] hi=%x lo=%x v=%x p=%x\n", + set, idx, hi, lo, tlb_vpn, tlb_pfn); + } + } +#endif + + idx = vpage & 15; + for (set = 0; set < 4; set++) + { + lo = env->tlbsets[mmu][set][idx].lo; + hi = env->tlbsets[mmu][set][idx].hi; + + tlb_vpn = hi >> 13; + tlb_pid = EXTRACT_FIELD(hi, 0, 7); + tlb_g = EXTRACT_FIELD(lo, 4, 4); + + D_LOG("TLB[%d][%d][%d] v=%x vpage=%x lo=%x hi=%x\n", + mmu, set, idx, tlb_vpn, vpage, lo, hi); + if ((tlb_g || (tlb_pid == pid)) + && tlb_vpn == vpage) { + match = 1; + break; + } + } + + res->bf_vec = vect_base; + if (match) { + cfg_w = EXTRACT_FIELD(r_cfg, 19, 19); + cfg_k = EXTRACT_FIELD(r_cfg, 18, 18); + cfg_x = EXTRACT_FIELD(r_cfg, 17, 17); + cfg_v = EXTRACT_FIELD(r_cfg, 16, 16); + + tlb_pfn = EXTRACT_FIELD(lo, 13, 31); + tlb_v = EXTRACT_FIELD(lo, 3, 3); + tlb_k = EXTRACT_FIELD(lo, 2, 2); + tlb_w = EXTRACT_FIELD(lo, 1, 1); + tlb_x = EXTRACT_FIELD(lo, 0, 0); + + /* + set_exception_vector(0x04, i_mmu_refill); + set_exception_vector(0x05, i_mmu_invalid); + set_exception_vector(0x06, i_mmu_access); + set_exception_vector(0x07, i_mmu_execute); + set_exception_vector(0x08, d_mmu_refill); + set_exception_vector(0x09, d_mmu_invalid); + set_exception_vector(0x0a, d_mmu_access); + set_exception_vector(0x0b, d_mmu_write); + */ + if (cfg_k && tlb_k && usermode) { + D(printf ("tlb: kernel protected %x lo=%x pc=%x\n", + vaddr, lo, env->pc)); + match = 0; + res->bf_vec = vect_base + 2; + } else if (rw == 1 && cfg_w && !tlb_w) { + D(printf ("tlb: write protected %x lo=%x pc=%x\n", + vaddr, lo, env->pc)); + match = 0; + /* write accesses never go through the I mmu. */ + res->bf_vec = vect_base + 3; + } else if (rw == 2 && cfg_x && !tlb_x) { + D(printf ("tlb: exec protected %x lo=%x pc=%x\n", + vaddr, lo, env->pc)); + match = 0; + res->bf_vec = vect_base + 3; + } else if (cfg_v && !tlb_v) { + D(printf ("tlb: invalid %x\n", vaddr)); + match = 0; + res->bf_vec = vect_base + 1; + } + + res->prot = 0; + if (match) { + res->prot |= PAGE_READ; + if (tlb_w) + res->prot |= PAGE_WRITE; + if (mmu == 0 && (cfg_x || tlb_x)) + res->prot |= PAGE_EXEC; + } + else + D(dump_tlb(env, mmu)); + } else { + /* If refill, provide a randomized set. */ + set = env->mmu_rand_lfsr & 3; + } + + if (!match && !debug) { + cris_mmu_update_rand_lfsr(env); + + /* Compute index. */ + idx = vpage & 15; + + /* Update RW_MM_TLB_SEL. */ + env->sregs[SFR_RW_MM_TLB_SEL] = 0; + set_field(&env->sregs[SFR_RW_MM_TLB_SEL], idx, 0, 4); + set_field(&env->sregs[SFR_RW_MM_TLB_SEL], set, 4, 2); + + /* Update RW_MM_CAUSE. */ + set_field(&r_cause, rwcause, 8, 2); + set_field(&r_cause, vpage, 13, 19); + set_field(&r_cause, pid, 0, 8); + env->sregs[SFR_R_MM_CAUSE] = r_cause; + D(printf("refill vaddr=%x pc=%x\n", vaddr, env->pc)); + } + + D(printf ("%s rw=%d mtch=%d pc=%x va=%x vpn=%x tlbvpn=%x pfn=%x pid=%x" + " %x cause=%x sel=%x sp=%x %x %x\n", + __func__, rw, match, env->pc, + vaddr, vpage, + tlb_vpn, tlb_pfn, tlb_pid, + pid, + r_cause, + env->sregs[SFR_RW_MM_TLB_SEL], + env->regs[R_SP], env->pregs[PR_USP], env->ksp)); + + res->phy = tlb_pfn << TARGET_PAGE_BITS; + return !match; +} + +void cris_mmu_flush_pid(CPUCRISState *env, uint32_t pid) +{ + CRISCPU *cpu = cris_env_get_cpu(env); + target_ulong vaddr; + unsigned int idx; + uint32_t lo, hi; + uint32_t tlb_vpn; + int tlb_pid, tlb_g, tlb_v; + unsigned int set; + unsigned int mmu; + + pid &= 0xff; + for (mmu = 0; mmu < 2; mmu++) { + for (set = 0; set < 4; set++) + { + for (idx = 0; idx < 16; idx++) { + lo = env->tlbsets[mmu][set][idx].lo; + hi = env->tlbsets[mmu][set][idx].hi; + + tlb_vpn = EXTRACT_FIELD(hi, 13, 31); + tlb_pid = EXTRACT_FIELD(hi, 0, 7); + tlb_g = EXTRACT_FIELD(lo, 4, 4); + tlb_v = EXTRACT_FIELD(lo, 3, 3); + + if (tlb_v && !tlb_g && (tlb_pid == pid)) { + vaddr = tlb_vpn << TARGET_PAGE_BITS; + D_LOG("flush pid=%x vaddr=%x\n", + pid, vaddr); + tlb_flush_page(CPU(cpu), vaddr); + } + } + } + } +} + +int cris_mmu_translate(struct cris_mmu_result *res, + CPUCRISState *env, uint32_t vaddr, + int rw, int mmu_idx, int debug) +{ + int seg; + int miss = 0; + int is_user = mmu_idx == MMU_USER_IDX; + uint32_t old_srs; + + old_srs= env->pregs[PR_SRS]; + + /* rw == 2 means exec, map the access to the insn mmu. */ + env->pregs[PR_SRS] = rw == 2 ? 1 : 2; + + if (!cris_mmu_enabled(env->sregs[SFR_RW_GC_CFG])) { + res->phy = vaddr; + res->prot = PAGE_BITS; + goto done; + } + + seg = vaddr >> 28; + if (!is_user && cris_mmu_segmented_addr(seg, env->sregs[SFR_RW_MM_CFG])) + { + uint32_t base; + + miss = 0; + base = cris_mmu_translate_seg(env, seg); + res->phy = base | (0x0fffffff & vaddr); + res->prot = PAGE_BITS; + } else { + miss = cris_mmu_translate_page(res, env, vaddr, rw, + is_user, debug); + } + done: + env->pregs[PR_SRS] = old_srs; + return miss; +} +#endif |