[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-ppc] [RFC NO-MERGE 11/12] target/ppc: Implement ISA V3.00 radi
|
From: |
Suraj Jitindar Singh |
|
Subject: |
Re: [Qemu-ppc] [RFC NO-MERGE 11/12] target/ppc: Implement ISA V3.00 radix page fault handler |
|
Date: |
Fri, 24 Feb 2017 18:18:50 +1100 |
On Mon, 2017-02-20 at 14:16 +1100, David Gibson wrote:
> On Fri, Feb 17, 2017 at 04:08:11PM +1100, Suraj Jitindar Singh wrote:
> >
> > ISA V3.00 introduced a new radix mmu model. Implement the page
> > fault
> > handler for this so we can run a tcg guest in radix mode and
> > perform
> > address translation correctly.
> >
> > In real mode (mmu turned off) addresses are masked to remove the
> > top
> > 4 bits and then are subject to partition scoped translation, since
> > we only
> > support pseries at this stage it is only necessary to perform the
> > masking
> > and then we're done.
> >
> > In virtual mode (mmu turned on) address translation if performed as
> > follows:
> >
> > 1. Use the quadrant to determine the fully qualified address.
> >
> > The fully qualified address is defined as the combination of the
> > effective
> > address, the effective logical partition id (LPID) and the
> > effective
> > process id (PID). Based on the quadrant (EA63:62) we set the pid
> > and lpid
> > like so:
> >
> > quadrant 0: lpid = LPIDR, pid = PIDR
> > quadrant 1: HV only (not allowed in pseries)
> > quadrant 2: HV only (not allowed in pseries)
> > quadrant 3: lpid = LPIDR, pid = 0
> >
> > If we can't get the fully qualified address we raise a segment
> > interrupt.
> >
> > 2. Find the guest radix tree
> >
> > We ask the virtual hypervisor for the partition table which was
> > registered
> > with H_REGISTER_PROC_TBL which points us to the process table in
> > guest
> > memory. We then index this table by pid to get the process table
> > entry
> > which points us to the appropriate radix tree to translate the
> > address.
> >
> > If the process table isn't big enough to contain an entry for the
> > current
> > pid then we raise a storage interrupt.
> >
> > 3. Walk the radix tree
> >
> > Next we walk the radix tree where each level is a table of page
> > directory
> > entries indexed by some number of bits from the effective address,
> > where
> > the number of bits is determined by the table size. We continue to
> > walk
> > the tree (while entries are valid and the table is of minimum size)
> > until
> > we reach a table of page table entries, indicated by having the
> > leaf bit
> > set. The appropriate pte is then checked for sufficient access
> > permissions,
> > the reference and change bits are updated and the real address is
> > calculated from the real page number bits of the pte and the low
> > bits of
> > the effective address.
> >
> > If we can't find an entry or can't access the entry bacause of
> > permissions
> > then we raise a storage interrupt.
> >
> > Since we now have radix support, we can add this bit to pa-features
> > to
> > communicate this to the guest.
> >
> > Signed-off-by: Suraj Jitindar Singh <address@hidden>
> Looks pretty good overall, though there are some things to check and
> polish.
>
> >
> > ---
> > hw/ppc/spapr.c | 2 +-
> > target/ppc/Makefile.objs | 2 +-
> > target/ppc/mmu-radix64.c | 279
> > +++++++++++++++++++++++++++++++++++++++++++++++
> > target/ppc/mmu-radix64.h | 69 ++++++++++++
> > target/ppc/mmu.h | 5 +
> > target/ppc/mmu_helper.c | 5 +-
> > 6 files changed, 358 insertions(+), 4 deletions(-)
> > create mode 100644 target/ppc/mmu-radix64.c
> > create mode 100644 target/ppc/mmu-radix64.h
> >
> > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > index 3214df6..55e8c81 100644
> > --- a/hw/ppc/spapr.c
> > +++ b/hw/ppc/spapr.c
> > @@ -364,7 +364,7 @@ static void
> > spapr_populate_pa_features(CPUPPCState *env, void *fdt, int offset)
> > 0x80, 0x00, 0x80, 0x00, 0x00, 0x00, /* 18 - 23 */
> > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 24 - 29 */
> > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 30 - 35 */
> > - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 36 - 41 */
> > + 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, /* 36 - 41 */
> > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 42 - 47 */
> > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 48 - 53 */
> > 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 54 - 59 */
> > diff --git a/target/ppc/Makefile.objs b/target/ppc/Makefile.objs
> > index a8c7a30..d883495 100644
> > --- a/target/ppc/Makefile.objs
> > +++ b/target/ppc/Makefile.objs
> > @@ -2,7 +2,7 @@ obj-y += cpu-models.o
> > obj-y += translate.o
> > ifeq ($(CONFIG_SOFTMMU),y)
> > obj-y += machine.o mmu_helper.o mmu-hash32.o monitor.o
> > -obj-$(TARGET_PPC64) += mmu-hash64.o arch_dump.o compat.o
> > +obj-$(TARGET_PPC64) += mmu-hash64.o mmu-radix64.o arch_dump.o
> > compat.o
> > endif
> > obj-$(CONFIG_KVM) += kvm.o
> > obj-$(call lnot,$(CONFIG_KVM)) += kvm-stub.o
> > diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c
> > new file mode 100644
> > index 0000000..4400179
> > --- /dev/null
> > +++ b/target/ppc/mmu-radix64.c
> > @@ -0,0 +1,279 @@
> > +/*
> > + * PowerPC Radix MMU mulation helpers for QEMU.
> > + *
> > + * Copyright (c) 2016 Suraj Jitindar Singh, IBM Corporation
> > + *
> > + * This library is free software; you can redistribute it and/or
> > + * modify it under the terms of the GNU Lesser General Public
> > + * License as published by the Free Software Foundation; either
> > + * version 2 of the License, or (at your option) any later
> > version.
> > + *
> > + * This library is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> > GNU
> > + * Lesser General Public License for more details.
> > + *
> > + * You should have received a copy of the GNU Lesser General
> > Public
> > + * License along with this library; if not, see <http://www.gnu.or
> > g/licenses/>.
> > + */
> > +#include "qemu/osdep.h"
> > +#include "qapi/error.h"
> > +#include "cpu.h"
> > +#include "exec/exec-all.h"
> > +#include "exec/helper-proto.h"
> > +#include "qemu/error-report.h"
> > +#include "sysemu/kvm.h"
> > +#include "kvm_ppc.h"
> > +#include "exec/log.h"
> > +#include "mmu-radix64.h"
> > +#include "mmu.h"
> > +
> > +//#define DEBUG_RADIX
> > +
> > +#ifdef DEBUG_RADIX
> > +# define LOG_RADIX(...) qemu_log_mask(CPU_LOG_MMU, __VA_ARGS__)
> > +#else
> > +# define LOG_RADIX(...) do { } while (0)
> > +#endif
> tracepoints are generally preferred to debug macros these days.
>
> >
> > +
> > +static bool ppc_radix64_get_fully_qualified_addr(CPUPPCState *env,
> > vaddr eaddr,
> > + uint64_t *lpid,
> > uint64_t *pid)
> > +{
> > + if (msr_hv) { /* MSR[HV] -> Host */
> > + /* TODO */
> > + /* PowerNV ONLY */
> Since this is unimplemented - and should never get called - you can
> put an error_report() and abort() in here.
Ok
>
> >
> > + } else { /* !MSR[HV] -> Guest */
> > + switch(eaddr & R_EADDR_QUADRANT) {
> > + case R_EADDR_QUADRANT0: /* Guest application */
> > + *lpid = env->spr[SPR_LPIDR];
> > + *pid = env->spr[SPR_BOOKS_PID];
> > + break;
> > + case R_EADDR_QUADRANT1: /* Illegal */
> > + case R_EADDR_QUADRANT2:
> > + return 1;
> When your return type is bool, please use the 'true' and 'false'
> symbolic constants;
I was doing that, but then I got them the wrong way around... :(
I'll change back
>
> >
> > + case R_EADDR_QUADRANT3: /* Guest OS */
> > + *lpid = env->spr[SPR_LPIDR];
> > + *pid = 0; /* pid set to 0 -> addresses guest operating
> > system */
> > + break;
> > + }
> > + }
> > + return 0;
> > +}
> > +
> > +static int ppc_radix64_raise_segi(PowerPCCPU *cpu, int rwx, vaddr
> > eaddr)
> > +{
> > + CPUState *cs = CPU(cpu);
> > + CPUPPCState *env = &cpu->env;
> > +
> > + if (rwx == 2) { /* Instruction Segment Interrupt */
> > + cs->exception_index = POWERPC_EXCP_ISEG;
> > + } else { /* Data Segment Interrupt */
> > + cs->exception_index = POWERPC_EXCP_DSEG;
> > + env->spr[SPR_DAR] = eaddr;
> > + }
> > + env->error_code = 0;
> > +
> > + return 1;
> > +}
> > +
> > +static int ppc_radix64_raise_si(PowerPCCPU *cpu, int rwx, vaddr
> > eaddr,
> > + uint32_t cause)
> > +{
> > + CPUState *cs = CPU(cpu);
> > + CPUPPCState *env = &cpu->env;
> > +
> > + if (rwx == 2) { /* Instruction Storage Interrupt */
> > + cs->exception_index = POWERPC_EXCP_ISI;
> > + env->error_code = cause;
> > + } else { /* Data Storage Interrupt */
> > + cs->exception_index = POWERPC_EXCP_DSI;
> > + if (rwx == 1) { /* Write -> Store */
> > + cause |= DSISR_ISSTORE;
> > + }
> > + env->spr[SPR_DSISR] = cause;
> > + env->spr[SPR_DAR] = eaddr;
> > + env->error_code = 0;
> > + }
> > +
> > + return 1;
> So, the error value here only has meaning in terms of the things that
> the fault handler is supposed to return. I think it's best not to
> spread that information to more functions - instead you can make this
> return void, and explicitly return 1 just after the callsite.
Ok
>
> >
> > +}
> > +
> > +
> > +static bool ppc_radix64_check_prot(PowerPCCPU *cpu, int rwx,
> > uint64_t pte,
> > + int *fault_cause, int *prot)
> > +{
> > + CPUPPCState *env = &cpu->env;
> > + const int pte_att[] = { 0x02, 0x0E, 0x07, 0x06 };
> > + const int need_prot[] = { PAGE_READ, PAGE_WRITE, PAGE_EXEC };
> > + int att = pte_att[pte & R_PTE_ATT];
> > +
> > + /* Check Page Attributes (pte58:59) */
> > + if ((att & R_PTE_ATT_G) && (rwx == 2)) { /* Guarded Storage */
> > + *fault_cause |= SRR1_NOEXEC_GUARD;
> > + return 1;
> > + }
> > + /* I think we can ignore the other attributes?! */
> I'd suggest putting 'FIXME' or 'XXX' or 'TODO' on this comment, which
> are the common markers for something to look at further in future.
It's not really that this is a TODO, more that I'm pretty sure the
other attributes don't apply but not 100% sure.
>
> >
> > +
> > + /* Determine permissions allowed by Encoded Access Authority
> > */
> > + if ((pte & R_PTE_EAA_PRIV) && msr_pr) { /* Insufficient
> > Privilege */
> > + *prot = 0;
> > + } else if (msr_pr || (pte & R_PTE_EAA_PRIV)) {
> > + *prot = ppc_radix64_get_prot_eaa(pte);
> > + } else { /* !msr_pr && !(pte & R_PTE_EAA_PRIV) */
> > + *prot = ppc_radix64_get_prot_eaa(pte);
> > + *prot &= ppc_radix64_get_prot_amr(cpu); /* Least combined
> > permissions */
> > + }
> > +
> > + /* Check if requested access type is allowed */
> > + if (need_prot[rwx] & ~(*prot)) { /* Page Protected for that
> > Access */
> > + *fault_cause |= DSISR_PROTFAULT;
> > + return 1;
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +static void ppc_radix64_set_rc(PowerPCCPU *cpu, int rwx, uint64_t
> > pte,
> > + hwaddr pte_addr, int *prot)
> > +{
> > + CPUState *cs = CPU(cpu);
> > + uint64_t npte;
> > +
> > + npte = pte | R_PTE_R; /* Always set reference bit */
> > +
> > + if (rwx == 1) { /* Store/Write */
> > + npte |= R_PTE_C; /* Set change bit */
> > + } else {
> > + /*
> > + * Treat the page as read-only for now, so that a later
> > write
> > + * will pass through this function again to set the C bit.
> > + */
> > + *prot &= ~PAGE_WRITE;
> > + }
> > +
> > + if (pte ^ npte) { /* If pte has changed then write it back */
> > + stq_phys(cs->as, pte_addr, npte);
> > + }
> > +}
> > +
> > +static bool ppc_radix64_walk_tree(PowerPCCPU *cpu, int rwx, vaddr
> > eaddr,
> > + uint64_t base_addr, uint64_t
> > nls,
> > + hwaddr *raddr, int *psize, int
> > *fault_cause,
> > + int *prot)
> > +{
> > + CPUState *cs = CPU(cpu);
> > + uint64_t index, pde;
> > +
> > + if (nls < 5) { /* Directory maps less than 2**5 entries */
> > + LOG_RADIX("Inval NLS: %lu\n", nls);
> > + *fault_cause |= DSISR_R_BADCONFIG;
> > + return 1;
> > + }
> > +
> > + /* Read page <directory/table> entry from guest address space
> > */
> > + index = eaddr >> (*psize - nls); /* Shift */
> > + index &= ((1UL << nls) - 1); /* Mask */
> > + pde = ldq_phys(cs->as, base_addr + (index * sizeof(pde)));
> > + if (!(pde & R_PTE_VALID)) { /* Invalid Entry */
> > + LOG_RADIX("PTE Entry !Valid\n");
> > + *fault_cause |= DSISR_NOPTE;
> > + return 1;
> > + }
> > +
> > + *psize -= nls;
> > +
> > + /* Check if Leaf Entry -> Page Table Entry -> Stop the Search
> > */
> > + if (pde & R_PTE_LEAF) {
> > + uint64_t rpn = pde & R_PTE_RPN;
> > + uint64_t mask = (1UL << *psize) - 1;
> > +
> > + if (ppc_radix64_check_prot(cpu, rwx, pde, fault_cause,
> > prot)) {
> > + LOG_RADIX("PTE Access Denied\n");
> > + return 1; /* Protection Denied Access */
> > + }
> > +
> > + /* Update Reference and Change Bits */
> > + ppc_radix64_set_rc(cpu, rwx, pde, base_addr + (index *
> > sizeof(pde)),
> > + prot);
> > +
> > + /* Or high bits of rpn and low bits to ea to form whole
> > real addr */
> > + *raddr = (rpn & ~mask) | (eaddr & mask);
> > + return 0;
> > + } else { /* Next Level of Radix Tree */
> > + return ppc_radix64_walk_tree(cpu, rwx, eaddr, pde &
> > R_PDE_NLB,
> > + pde & R_PDE_NLS, raddr,
> > psize,
> > + fault_cause, prot);
> Hm.. maybe it's just being used to kernel programming, but I think
> I'd
> prefer an approach without recursion here. I guess with tail
> recursion optimization it'll amount to the same thing.
Given it's the same at each level recusion seemed like the right
approach...
>
> >
> > + }
> > +}
> > +
> > +int ppc_radix64_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int
> > rwx,
> > + int mmu_idx)
> > +{
> > + CPUState *cs = CPU(cpu);
> > + CPUPPCState *env = &cpu->env;
> > + PPCVirtualHypervisorClass *vhc =
> > + PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp);
> > + hwaddr raddr;
> > + uint64_t lpid = 0, pid = 0, offset, size, patbe, prtbe0;
> > + int page_size, prot, fault_cause = 0;
> > +
> > + assert((rwx == 0) || (rwx == 1) || (rwx == 2));
> > +
> > + /* Real Mode Access */
> > + if (((rwx == 2) && (msr_ir == 0)) || ((rwx != 2) && (msr_dr ==
> > 0))) {
> > + /* In real mode top 4 effective addr bits (mostly) ignored
> > */
> > + raddr = eaddr & 0x0FFFFFFFFFFFFFFFULL;
> > +
> > + if (msr_hv) {
> > + /* if EA0 == 0, raddr = eaddr4:63 | HRMOR */
> > + if (!(eaddr >> 63)) {
> > + raddr |= env->spr[SPR_HRMOR];
> > + }
> > + } else {
> > + /* TODO */
> > + /* PowerNV ONLY */
> Uh.. isn't this the wrong way around? msr_hv is set in hypervisor
> mode, isn't it?
Um, so on powernv we will have to do partition-scoped translation which
we don't have to worry about yet but this is where it would go.
Technically the HRMOR stuff is powernv as well and will never be
reached. It just seemed so easy to add now...
>
> In fact, there are multiple places further down this function which
> won't work for powernv anyway (e.g. getting the patbe, not
> translating
> guest-guest to guest-host addresses for reading the process table).
> So you might as well just assert (cpu->vhyp) up the top and be done
True - I'll do that
> with it.
>
> >
> > + }
> > +
> > + LOG_RADIX("RMA: 0x%.16lx -> 0x%.16lx\n", eaddr, raddr);
> > + tlb_set_page(cs, eaddr & TARGET_PAGE_MASK, raddr &
> > TARGET_PAGE_MASK,
> > + PAGE_READ | PAGE_WRITE | PAGE_EXEC, mmu_idx,
> > + TARGET_PAGE_SIZE);
> > + return 0;
> > + }
> > +
> > + /* Virtual Mode Access - get the fully qualified address */
> > + if (ppc_radix64_get_fully_qualified_addr(env, eaddr, &lpid,
> > &pid)) {
> > + LOG_RADIX("Inval Quadrt: %lu [%sHV]\n", eaddr >> 62,
> > msr_hv ? "" : "!");
> > + return ppc_radix64_raise_segi(cpu, rwx, eaddr);
> > + }
> > + LOG_RADIX("Quadrant: %lu | LPID: %lu | PID: %lu\n", eaddr >>
> > 62, lpid, pid);
> > +
> > + /* Get Process Table */
> > + patbe = vhc->get_patbe(cpu->vhyp);
> > + assert(patbe);
> Can this assert() be triggered by the guest doing something
> wrong? Or
> only by qemu doing something wrong? If it's the former, then it
> shouldn't be an assert().
It's actually impossible to reach given patbe[63] == 1 to get here in
the first place. I'll remove this.
>
> >
> > + LOG_RADIX("Process Table Found: 0x%.16lx\n", patbe);
> > +
> > + /* Index Process Table by PID to Find Corresponding Process
> > Table Entry */
> > + offset = pid * sizeof(struct prtb_entry);
> > + size = 1UL << ((patbe & PATBE1_R_PRTS) + 12);
> > + if (offset >= size) {
> > + /* offset exceeds size of the process table */
> > + LOG_RADIX("Inval PID: %lu, MAX: %lu\n", pid, (size / 128)
> > - 1);
> > + return ppc_radix64_raise_si(cpu, rwx, eaddr, DSISR_NOPTE);
> > + }
> > + prtbe0 = ldq_phys(cs->as, (patbe & PATBE1_R_PRTB) + offset);
> > + LOG_RADIX("Radix Tree Found: 0x%.16lx\n", prtbe0);
> > +
> > + /* Walk Radix Tree from Process Table Entry to Convert EA to
> > RA */
> > + page_size = PRTBE_R_GET_RTS(prtbe0);
> > + if (ppc_radix64_walk_tree(cpu, rwx, eaddr & R_EADDR_MASK,
> > + prtbe0 & PRTBE_R_RPDB, prtbe0 &
> > PRTBE_R_RPDS,
> > + &raddr, &page_size, &fault_cause,
> > &prot)) {
> > + return ppc_radix64_raise_si(cpu, rwx, eaddr, fault_cause);
> > + }
> > +
> > + LOG_RADIX("VMA: 0x%.16lx -> 0x%.16lx\n", eaddr, raddr);
> > + tlb_set_page(cs, eaddr & TARGET_PAGE_MASK, raddr &
> > TARGET_PAGE_MASK,
> > + prot, mmu_idx, 1UL << page_size);
> > + return 1;
> > +}
> > diff --git a/target/ppc/mmu-radix64.h b/target/ppc/mmu-radix64.h
> > new file mode 100644
> > index 0000000..23a5bc2
> > --- /dev/null
> > +++ b/target/ppc/mmu-radix64.h
> > @@ -0,0 +1,69 @@
> > +#ifndef MMU_RADIX64_H
> > +#define MMU_RADIX64_H
> > +
> > +#ifndef CONFIG_USER_ONLY
> > +
> > +/* Radix Quadrants */
> > +#define R_EADDR_MASK 0x3FFFFFFFFFFFFFFF
> > +#define R_EADDR_QUADRANT 0xC000000000000000
> > +#define R_EADDR_QUADRANT0 0x0000000000000000
> > +#define R_EADDR_QUADRANT1 0x4000000000000000
> > +#define R_EADDR_QUADRANT2 0x8000000000000000
> > +#define R_EADDR_QUADRANT3 0xC000000000000000
> > +
> > +/* Radix Partition Table Entry Fields */
> > +#define PATBE1_R_PRTB 0x0FFFFFFFFFFFF000
> > +#define PATBE1_R_PRTS 0x000000000000001F
> > +
> > +/* Radix Process Table Entry Fields */
> > +#define PRTBE_R_GET_RTS(rts) (((rts >> 58) & 0x18) | ((rts >>
> > 5) & 0x7)) + 31
> > +#define PRTBE_R_RPDB 0x0FFFFFFFFFFFFF00
> > +#define PRTBE_R_RPDS 0x000000000000001F
> > +
> > +/* Radix Page Directory/Table Entry Fields */
> > +#define R_PTE_VALID 0x8000000000000000
> > +#define R_PTE_LEAF 0x4000000000000000
> > +#define R_PTE_SW0 0x2000000000000000
> > +#define R_PTE_RPN 0x01FFFFFFFFFFF000
> > +#define R_PTE_SW1 0x0000000000000E00
> > +#define R_GET_SW(sw) (((sw >> 58) & 0x8) | ((sw >> 9) &
> > 0x7))
> > +#define R_PTE_R 0x0000000000000100
> > +#define R_PTE_C 0x0000000000000080
> > +#define R_PTE_ATT 0x0000000000000030
> > +#define R_PTE_ATT_G 0x1
> > +#define R_PTE_EAA_PRIV 0x0000000000000008
> > +#define R_PTE_EAA_R 0x0000000000000004
> > +#define R_PTE_EAA_RW 0x0000000000000002
> > +#define R_PTE_EAA_X 0x0000000000000001
> > +#define R_PDE_NLB PRTBE_R_RPDB
> > +#define R_PDE_NLS PRTBE_R_RPDS
> > +
> > +/* DSISR/SRR1 Fields */
> > +#define DSISR_R_BADCONFIG (1 << (63 - 44))
> > +
> > +#ifdef TARGET_PPC64
> > +int ppc_radix64_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int
> > rwx,
> > + int mmu_idx);
> > +
> > +static inline int ppc_radix64_get_prot_eaa(uint64_t pte)
> > +{
> > + return (pte & R_PTE_EAA_R ? PAGE_READ : 0) |
> > + (pte & R_PTE_EAA_RW ? PAGE_READ | PAGE_WRITE : 0) |
> > + (pte & R_PTE_EAA_X ? PAGE_EXEC : 0);
> > +}
> > +
> > +static inline int ppc_radix64_get_prot_amr(PowerPCCPU *cpu)
> > +{
> > + CPUPPCState *env = &cpu->env;
> > + int amr = env->spr[SPR_AMR] >> 62; /* We only care about key0
> > AMR63:62 */
> > + int iamr = env->spr[SPR_IAMR] >> 62; /* We only care about
> > key0 IAMR63:62 */
> > +
> > + return (amr & 0x2 ? 0 : PAGE_WRITE) | /* Access denied if bit
> > is set */
> > + (amr & 0x1 ? 0 : PAGE_READ) |
> > + (iamr & 0x1 ? 0 : PAGE_EXEC);
> > +}
> > +#endif /* TARGET_PPC64 */
> > +
> > +#endif /* CONFIG_USER_ONLY */
> > +
> > +#endif /* MMU_HASH64_H */
> > diff --git a/target/ppc/mmu.h b/target/ppc/mmu.h
> > index f717604..2a9a361 100644
> > --- a/target/ppc/mmu.h
> > +++ b/target/ppc/mmu.h
> > @@ -42,6 +42,11 @@
> > #define SRR1_PROTFAULT DSISR_PROTFAULT
> > #define SRR1_IAMR DSISR_AMR
> >
> > +/* Process Table Entry */
> > +struct prtb_entry {
> > + uint64_t prtbe0, prtbe1;
> > +};
> > +
> > #ifdef TARGET_PPC64
> >
> > static inline bool ppc64_use_proc_tbl(PowerPCCPU *cpu)
> > diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
> > index 71ad771..54b9c10 100644
> > --- a/target/ppc/mmu_helper.c
> > +++ b/target/ppc/mmu_helper.c
> > @@ -30,6 +30,7 @@
> > #include "helper_regs.h"
> > #include "qemu/error-report.h"
> > #include "mmu.h"
> > +#include "mmu-radix64.h"
> >
> > //#define DEBUG_MMU
> > //#define DEBUG_BATS
> > @@ -2947,8 +2948,8 @@ int ppc64_v3_handle_mmu_fault(PowerPCCPU
> > *cpu, vaddr eaddr, int rwx,
> > {
> > if (ppc64_radix_guest(cpu)) { /* Guest uses radix */
> > /* TODO - Unsupported */
> > - error_report("Guest Radix Support Unimplemented");
> > - abort();
> > + assert(cpu->env.spr[SPR_LPCR] & LPCR_UPRT);
> > + return ppc_radix64_handle_mmu_fault(cpu, eaddr, rwx,
> > mmu_idx);
> > } else { /* Guest uses hash */
> > return ppc_hash64_handle_mmu_fault(cpu, eaddr, rwx,
> > mmu_idx);
> > }
- Re: [Qemu-ppc] [RFC NO-MERGE 08/12] target/ppc: Add POWER9/ISAv3.00 to compat_table, (continued)
[Qemu-ppc] [RFC NO-MERGE 11/12] target/ppc: Implement ISA V3.00 radix page fault handler, Suraj Jitindar Singh, 2017/02/17
[Qemu-ppc] [RFC NO-MERGE 12/12] target/ppc: Set ISA 3.00 radix and hash bits in OV5, Suraj Jitindar Singh, 2017/02/17