summaryrefslogtreecommitdiff
path: root/target-ppc/mmu-hash64.h
AgeCommit message (Collapse)Author
2016-03-16target-ppc: Eliminate kvmppc_kern_htab globalDavid Gibson
fa48b43 "target-ppc: Remove hack for ppc_hash64_load_hpte*() with HV KVM" purports to remove a hack in the handling of hash page tables (HPTs) managed by KVM instead of qemu. However, it actually went in the wrong direction. That patch requires anything looking for an external HPT (that is one not managed by the guest itself) to check both env->external_htab (for a qemu managed HPT) and kvmppc_kern_htab (for a KVM managed HPT). That's a problem because kvmppc_kern_htab is local to mmu-hash64.c, but some places which need to check for an external HPT are outside that, such as kvm_arch_get_registers(). The latter was subtly broken by the earlier patch such that gdbstub can no longer access memory. Basically a KVM managed HPT is much more like a qemu managed HPT than it is like a guest managed HPT, so the original "hack" was actually on the right track. This partially reverts fa48b43, so we again mark a KVM managed external HPT by putting a special but non-NULL value in env->external_htab. It then goes further, using that marker to eliminate the kvmppc_kern_htab global entirely. The ppc_hash64_set_external_hpt() helper function is extended to set that marker if passed a NULL value (if you're setting an external HPT, but don't have an actual HPT to set, the assumption is that it must be a KVM managed HPT). This also has some flow-on changes to the HPT access helpers, required by the above changes. Reported-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Tested-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
2016-03-16target-ppc: Add helpers for updating a CPU's SDR1 and external HPTDavid Gibson
When a Power cpu with 64-bit hash MMU has it's hash page table (HPT) pointer updated by a write to the SDR1 register we need to update some derived variables. Likewise, when the cpu is configured for an external HPT (one not in the guest memory space) some derived variables need to be updated. Currently the logic for this is (partially) duplicated in ppc_store_sdr1() and in spapr_cpu_reset(). In future we're going to need it in some other places, so make some common helpers for this update. In addition the new ppc_hash64_set_external_hpt() helper also updates SDR1 in KVM - it's not updated by the normal runtime KVM <-> qemu CPU synchronization. In a sense this belongs logically in the ppc_hash64_set_sdr1() helper, but that is called from kvm_arch_get_registers() so can't itself call cpu_synchronize_state() without infinite recursion. In practice this doesn't matter because the only other caller is TCG specific. Currently there aren't situations where updating SDR1 at runtime in KVM matters, but there are going to be in future. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
2016-02-17target-ppc: Remove hack for ppc_hash64_load_hpte*() with HV KVMDavid Gibson
With HV KVM, the guest's hash page table (HPT) is managed by the kernel and not directly accessible to QEMU. This means that spapr->htab is NULL and normally env->external_htab would also be NULL for each cpu. However, that would cause ppc_hash64_load_hpte*() to do the wrong thing in the few cases where QEMU does need to load entries from the in-kernel HPT. Specifically, seeing external_htab is NULL, they would look for an HPT within the guest's address space instead. To stop that we have an ugly hack in the pseries machine type code to set external htab to (void *)1 instead. This patch removes that hack by having ppc_hash64_load_hpte*() explicitly check kvmppc_kern_htab instead, which makes more sense. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
2016-01-30target-ppc: Allow more page sizes for POWER7 & POWER8 in TCGDavid Gibson
Now that the TCG and spapr code has been extended to allow (semi-) arbitrary page encodings in the CPU's 'sps' table, we can add the many page sizes supported by real POWER7 and POWER8 hardware that we previously didn't support in TCG. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Reviewed-by: Alexander Graf <agraf@suse.de>
2016-01-30target-ppc: Helper to determine page size information from hpte aloneDavid Gibson
h_enter() in the spapr code needs to know the page size of the HPTE it's about to insert. Unlike other paths that do this, it doesn't have access to the SLB, so at the moment it determines this with some open-coded tests which assume POWER7 or POWER8 page size encodings. To make this more flexible add ppc_hash64_hpte_page_shift_noslb() to determine both the "base" page size per segment, and the individual effective page size from an HPTE alone. This means that the spapr code should now be able to handle any page size listed in the env->sps table. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Reviewed-by: Alexander Graf <agraf@suse.de>
2016-01-30target-ppc: Add new TLB invalidate by HPTE call for hash64 MMUsDavid Gibson
When HPTEs are removed or modified by hypercalls on spapr, we need to invalidate the relevant pages in the qemu TLB. Currently we do that by doing some complicated calculations to work out the right encoding for the tlbie instruction, then passing that to ppc_tlb_invalidate_one()... which totally ignores the argument and flushes the whole tlb. Avoid that by adding a new flush-by-hpte helper in mmu-hash64.c. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Reviewed-by: Alexander Graf <agraf@suse.de>
2016-01-30target-ppc: Rework ppc_store_slbDavid Gibson
ppc_store_slb updates the SLB for PPC cpus with 64-bit hash MMUs. Currently it takes two parameters, which contain values encoded as the register arguments to the slbmte instruction, one register contains the ESID portion of the SLBE and also the slot number, the other contains the VSID portion of the SLBE. We're shortly going to want to do some SLB updates from other code where it is more convenient to supply the slot number and ESID separately, so rework this function and its callers to work this way. As a bonus, this slightly simplifies the emulation of segment registers for when running a 32-bit OS on a 64-bit CPU. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Reviewed-by: Alexander Graf <agraf@suse.de>
2016-01-30target-ppc: Convert mmu-hash{32,64}.[ch] from CPUPPCState to PowerPCCPUDavid Gibson
Like a lot of places these files include a mixture of functions taking both the older CPUPPCState *env and newer PowerPCCPU *cpu. Move a step closer to cleaning this up by standardizing on PowerPCCPU, except for the helper_* functions which are called with the CPUPPCState * from tcg. Callers and some related functions are updated as well, the boundaries of what's changed here are a bit arbitrary. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Alexander Graf <agraf@suse.de>
2015-03-09target-ppc: Use right page size with hash table lookupAneesh Kumar K.V
We look at two sizes specified in ISA (4K, 64K). If not found matching, we consider it 16MB. Without this patch we would fail to lookup address above 16MB range. Below 16MB happened to work before because the kernel have a liner mapping and we always looked up hash for 0xc000000000000000. The actual real address was computed by using the 16MB offset with the real address found with the above hash. Without Fix: (gdb) x/16x 0xc000000001000000 0xc000000001000000 <list_entries+453208>: Cannot access memory at address 0xc000000001000000 (gdb) With Fix: (gdb) x/16x 0xc000000001000000 0xc000000001000000 <list_entries+453208>: 0x00000000 0x00000000 0x00000000 0x00000000 0xc000000001000010 <list_entries+453224>: 0x00000000 0x00000000 0x00000000 0x00000000 0xc000000001000020 <list_entries+453240>: 0x00000000 0x00000000 0x00000000 0x00000000 0xc000000001000030 <list_entries+453256>: 0x00000000 0x00000000 0x00000000 0x00000000 Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-13target-ppc: Use PowerPCCPU in PowerPCCPUClass::handle_mmu_fault hookAndreas Färber
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-13target-ppc: Clean up ENV_GET_CPU() usageAndreas Färber
Commits fdfba1a298ae26dd44bcfdb0429314139a0bc55a, ab1da85791340e504d10487e1add81b9988afa98, f606604f1c10b60ef294f1b9b229426521a365e3 and 2c17449b3022ca9623c4a7e2a504a4150ac4ad30 added usages of ENV_GET_CPU() macro in target-specific code. Use ppc_env_get_cpu() instead. Cc: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Cc: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-05target-ppc: Update ppc_hash64_store_hpte to support updating in-kernel htabAneesh Kumar K.V
This support updating htab managed by the hypervisor. Currently we don't have any user for this feature. This actually bring the store_hpte interface in-line with the load_hpte one. We may want to use this when we want to emulate henter hcall in qemu for HV kvm. Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> [ folded fix for the "warn_unused_result" build break in kvmppc_hash64_write_pte(), Greg Kurz <gkurz@linux.vnet.ibm.com> ] Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05target-ppc: Change the hpte store APIAneesh Kumar K.V
For updating in kernel htab we need to provide both pte0 and pte1, hence update the interface to take pte0 and pte1 together Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> [ ldq_phys() API change, Greg Kurz <gkurz@linux.vnet.ibm.com> ] Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-03-05target-ppc: Fix page table lookup with kvm enabledAneesh Kumar K.V
With kvm enabled, we store the hash page table information in the hypervisor. Use ioctl to read the htab contents. Without this we get the below error when trying to read the guest address (gdb) x/10 do_fork 0xc000000000098660 <do_fork>: Cannot access memory at address 0xc000000000098660 (gdb) Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> [ fixes for 32 bit build (casts!), ldq_phys() API change, Greg Kurz <gkurz@linux.vnet.ibm.com ] Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2014-02-11exec: Make stq_*_phys input an AddressSpaceEdgar E. Iglesias
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2014-02-11exec: Make ldq/ldub_*_phys input an AddressSpaceEdgar E. Iglesias
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
2013-03-22mmu-hash64: Implement Virtual Page Class Key ProtectionDavid Gibson
Version 2.06 of the Power architecture describes an additional page protection mechanism. Each virtual page has a "class" (0-31) recorded in the PTE. The AMR register contains bits which can prohibit reads and/or writes on a class by class basis. Interestingly, the AMR is userspace readable and writable, however user mode writes are masked by the contents of the UAMOR which is privileged. This patch implements this protection mechanism, along with the AMR and UAMOR SPRs. The architecture also specifies a hypervisor-privileged AMOR register which masks user and supervisor writes to the AMR and UAMOR. We leave this out for now, since we don't at present model hypervisor mode correctly in any case. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> [agraf: fix 32-bit hosts] Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Separate PTEG searching from permissions checkingDavid Gibson
find_pte{32,64{() do several things. First they search through a PTEG ooking for a PTE matching our virtual address. Then they do permissions checking and other processing on that PTE. This patch separates the search by VA out from the rest. The search is combined with the pte{32,64}_match() functions into new ppc_has{32,64}_pteg_search() functions. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Add hash pte load/store helpersDavid Gibson
On real hardware the ppc hash page table is stored in memory; accordingly our mmu emulation code can read a hash page table in guest memory. But, when paravirtualized under PAPR, the real hash page table is in host memory, accessible to the guest only via hypercalls. We model this by also allowing the MMU emulation code to access a specially allocated hash page table outside the guest's memory image. At present these two options are implemented with some ugly conditionals at each access point in the mmu emulation code. In the implementation of the PAPR hypercalls, we assume the external hash table. This patch cleans things up by adding helpers to load and store from the hash table for both 32-bit and 64-bit hash mmus. The 64-bit versions handle both the in-guest-memory and outside guest memory cases. The 32-bit versions only handle the in-guest-memory case since no 32-bit systems can have an external hash table at present. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22mmu-hash*: Add header file for definitionsDavid Gibson
Currently cpu.h contains a number of definitions relating to the 64-bit hash MMU. Some are used in the MMU emulation code, but some are only used in the spapr MMU management hcall implementations. This patch moves these definitions (except for a few that are needed more widely) into mmu-hash64.h header, shared between the MMU emulation code and the spapr hcall code. The MMU emulation code is also updated to actually use a number of those definitions in place of hard coded constants. Similarly, we add new analogous definitions to mmu-hash32.h and use those in place of many hard-coded constants in mmu-hash32.c Signed-off-by: David Gibson <david@gibson.dropbear.id.au> [agraf: fix 32-bit hosts] Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22target-ppc: Disentangle hash mmu versions of cpu_get_phys_page_debug()David Gibson
cpu_get_phys_page_debug() is a trivial wrapper around get_physical_address(). But even the signature of get_physical_address() has some things we'd like to clean up on a per-mmu basis, so this patch moves the test on mmu model out to cpu_get_phys_page_debug(), moving the version for 64-bit hash MMUs out to mmu-hash64.c and the version for 32-bit hash MMUs to mmu-hash32.c Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22target-ppc: Disentangle hash mmu paths for cpu_ppc_handle_mmu_faultDavid Gibson
cpu_ppc_handle_mmu_fault() calls get_physical_address() (whose behaviour depends on MMU type) then, if that fails, issues an appropriate exception - which again has a number of dependencies on MMU type. This patch starts converting cpu_ppc_handle_mmu_fault() to have a single switch on MMU type, calling MMU specific fault handler functions which deal with both translation and exception delivery appropriately for the MMU type. We convert 32-bit and 64-bit hash MMUs to this new model, but the existing code is left in place for other MMU types for now. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22target-ppc: Disentangle get_physical_address() pathsDavid Gibson
Depending on the MSR state, for 64-bit hash MMUs, get_physical_address can either call check_physical (which has further tests for mmu type) or get_segment64. Similarly for 32-bit hash MMUs we can either call check_physucal or get_bat() and get_segment32(). This patch splits off the whole get_physical_addresss() path for hash MMUs into 32-bit and 64-bit versions, handling real mode correctly for such MMUs without going to check_physical and rechecking the mmu type. Correspondingly, the hash MMU specific paths in check_physical() are removed. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22target-ppc: Disentangle get_segment()David Gibson
The poorly named get_segment() function handles most of the address translation logic for hash-based MMUs. It has many ugly conditionals on whether the MMU is 32-bit or 64-bit. This patch splits the function into 32 and 64-bit versions, using the switch on mmu_type that's already in the caller (get_physical_address()) to select the right one. Most of the original function remains in mmu_helper.c to support the 6xx software loaded TLB implementations (cleaning those up is a project for another day). Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22target-ppc: Disentangle find_pte()David Gibson
32-bit and 64-bit hash MMU implementations currently share a find_pte function. This results in a whole bunch of ugly conditionals in the shared function, and not all that much actually shared code. This patch separates out the 32-bit and 64-bit versions, putting then in mmu-hash64.c and mmu-has32.c, and removes the conditionals from both versions. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22target-ppc: Disentangle pte_check()David Gibson
Currently support for both 32-bit and 64-bit hash MMUs share an implementation of pte_check. But there are enough differences that this means the shared function has several very ugly conditionals on "is_64b". This patch cleans things up by separating out the 64-bit version (putting it into mmu-hash64.c) and the 32-bit hash version (putting it in mmu-hash32.c). Another copy remains in mmu_helper.c, which is used for the 6xx software loaded TLB paths. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22target-ppc: Move SLB handling into a mmu-hash64.cDavid Gibson
As a first step to disentangling the handling for 64-bit hash MMUs from the rest, we move the code handling the Segment Lookaside Buffer (SLB) (which only exists on 64-bit hash MMUs) into a new mmu-hash64.c file. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>