LXR qemu/target/mips/tcg/sysemu/tlb

   1/*
   2 * MIPS TLB (Translation lookaside buffer) helpers.
   3 *
   4 *  Copyright (c) 2004-2005 Jocelyn Mayer
   5 *
   6 * This library is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU Lesser General Public
   8 * License as published by the Free Software Foundation; either
   9 * version 2.1 of the License, or (at your option) any later version.
  10 *
  11 * This library is distributed in the hope that it will be useful,
  12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14 * Lesser General Public License for more details.
  15 *
  16 * You should have received a copy of the GNU Lesser General Public
  17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  18 */
  19#include "qemu/osdep.h"
  20#include "qemu/bitops.h"
  21
  22#include "cpu.h"
  23#include "internal.h"
  24#include "exec/exec-all.h"
  25#include "exec/cpu_ldst.h"
  26#include "exec/log.h"
  27#include "hw/mips/cpudevs.h"
  28#include "exec/helper-proto.h"
  29
  30/* TLB management */
  31static void r4k_mips_tlb_flush_extra(CPUMIPSState *env, int first)
  32{
  33    /* Discard entries from env->tlb[first] onwards.  */
  34    while (env->tlb->tlb_in_use > first) {
  35        r4k_invalidate_tlb(env, --env->tlb->tlb_in_use, 0);
  36    }
  37}
  38
  39static inline uint64_t get_tlb_pfn_from_entrylo(uint64_t entrylo)
  40{
  41#if defined(TARGET_MIPS64)
  42    return extract64(entrylo, 6, 54);
  43#else
  44    return extract64(entrylo, 6, 24) | /* PFN */
  45           (extract64(entrylo, 32, 32) << 24); /* PFNX */
  46#endif
  47}
  48
  49static void r4k_fill_tlb(CPUMIPSState *env, int idx)
  50{
  51    r4k_tlb_t *tlb;
  52    uint64_t mask = env->CP0_PageMask >> (TARGET_PAGE_BITS + 1);
  53
  54    /* XXX: detect conflicting TLBs and raise a MCHECK exception when needed */
  55    tlb = &env->tlb->mmu.r4k.tlb[idx];
  56    if (env->CP0_EntryHi & (1 << CP0EnHi_EHINV)) {
  57        tlb->EHINV = 1;
  58        return;
  59    }
  60    tlb->EHINV = 0;
  61    tlb->VPN = env->CP0_EntryHi & (TARGET_PAGE_MASK << 1);
  62#if defined(TARGET_MIPS64)
  63    tlb->VPN &= env->SEGMask;
  64#endif
  65    tlb->ASID = env->CP0_EntryHi & env->CP0_EntryHi_ASID_mask;
  66    tlb->MMID = env->CP0_MemoryMapID;
  67    tlb->PageMask = env->CP0_PageMask;
  68    tlb->G = env->CP0_EntryLo0 & env->CP0_EntryLo1 & 1;
  69    tlb->V0 = (env->CP0_EntryLo0 & 2) != 0;
  70    tlb->D0 = (env->CP0_EntryLo0 & 4) != 0;
  71    tlb->C0 = (env->CP0_EntryLo0 >> 3) & 0x7;
  72    tlb->XI0 = (env->CP0_EntryLo0 >> CP0EnLo_XI) & 1;
  73    tlb->RI0 = (env->CP0_EntryLo0 >> CP0EnLo_RI) & 1;
  74    tlb->PFN[0] = (get_tlb_pfn_from_entrylo(env->CP0_EntryLo0) & ~mask) << 12;
  75    tlb->V1 = (env->CP0_EntryLo1 & 2) != 0;
  76    tlb->D1 = (env->CP0_EntryLo1 & 4) != 0;
  77    tlb->C1 = (env->CP0_EntryLo1 >> 3) & 0x7;
  78    tlb->XI1 = (env->CP0_EntryLo1 >> CP0EnLo_XI) & 1;
  79    tlb->RI1 = (env->CP0_EntryLo1 >> CP0EnLo_RI) & 1;
  80    tlb->PFN[1] = (get_tlb_pfn_from_entrylo(env->CP0_EntryLo1) & ~mask) << 12;
  81}
  82
  83static void r4k_helper_tlbinv(CPUMIPSState *env)
  84{
  85    bool mi = !!((env->CP0_Config5 >> CP0C5_MI) & 1);
  86    uint16_t ASID = env->CP0_EntryHi & env->CP0_EntryHi_ASID_mask;
  87    uint32_t MMID = env->CP0_MemoryMapID;
  88    uint32_t tlb_mmid;
  89    r4k_tlb_t *tlb;
  90    int idx;
  91
  92    MMID = mi ? MMID : (uint32_t) ASID;
  93    for (idx = 0; idx < env->tlb->nb_tlb; idx++) {
  94        tlb = &env->tlb->mmu.r4k.tlb[idx];
  95        tlb_mmid = mi ? tlb->MMID : (uint32_t) tlb->ASID;
  96        if (!tlb->G && tlb_mmid == MMID) {
  97            tlb->EHINV = 1;
  98        }
  99    }
 100    cpu_mips_tlb_flush(env);
 101}
 102
 103static void r4k_helper_tlbinvf(CPUMIPSState *env)
 104{
 105    int idx;
 106
 107    for (idx = 0; idx < env->tlb->nb_tlb; idx++) {
 108        env->tlb->mmu.r4k.tlb[idx].EHINV = 1;
 109    }
 110    cpu_mips_tlb_flush(env);
 111}
 112
 113static void r4k_helper_tlbwi(CPUMIPSState *env)
 114{
 115    bool mi = !!((env->CP0_Config5 >> CP0C5_MI) & 1);
 116    target_ulong VPN;
 117    uint16_t ASID = env->CP0_EntryHi & env->CP0_EntryHi_ASID_mask;
 118    uint32_t MMID = env->CP0_MemoryMapID;
 119    uint32_t tlb_mmid;
 120    bool EHINV, G, V0, D0, V1, D1, XI0, XI1, RI0, RI1;
 121    r4k_tlb_t *tlb;
 122    int idx;
 123
 124    MMID = mi ? MMID : (uint32_t) ASID;
 125
 126    idx = (env->CP0_Index & ~0x80000000) % env->tlb->nb_tlb;
 127    tlb = &env->tlb->mmu.r4k.tlb[idx];
 128    VPN = env->CP0_EntryHi & (TARGET_PAGE_MASK << 1);
 129#if defined(TARGET_MIPS64)
 130    VPN &= env->SEGMask;
 131#endif
 132    EHINV = (env->CP0_EntryHi & (1 << CP0EnHi_EHINV)) != 0;
 133    G = env->CP0_EntryLo0 & env->CP0_EntryLo1 & 1;
 134    V0 = (env->CP0_EntryLo0 & 2) != 0;
 135    D0 = (env->CP0_EntryLo0 & 4) != 0;
 136    XI0 = (env->CP0_EntryLo0 >> CP0EnLo_XI) &1;
 137    RI0 = (env->CP0_EntryLo0 >> CP0EnLo_RI) &1;
 138    V1 = (env->CP0_EntryLo1 & 2) != 0;
 139    D1 = (env->CP0_EntryLo1 & 4) != 0;
 140    XI1 = (env->CP0_EntryLo1 >> CP0EnLo_XI) &1;
 141    RI1 = (env->CP0_EntryLo1 >> CP0EnLo_RI) &1;
 142
 143    tlb_mmid = mi ? tlb->MMID : (uint32_t) tlb->ASID;
 144    /*
 145     * Discard cached TLB entries, unless tlbwi is just upgrading access
 146     * permissions on the current entry.
 147     */
 148    if (tlb->VPN != VPN || tlb_mmid != MMID || tlb->G != G ||
 149        (!tlb->EHINV && EHINV) ||
 150        (tlb->V0 && !V0) || (tlb->D0 && !D0) ||
 151        (!tlb->XI0 && XI0) || (!tlb->RI0 && RI0) ||
 152        (tlb->V1 && !V1) || (tlb->D1 && !D1) ||
 153        (!tlb->XI1 && XI1) || (!tlb->RI1 && RI1)) {
 154        r4k_mips_tlb_flush_extra(env, env->tlb->nb_tlb);
 155    }
 156
 157    r4k_invalidate_tlb(env, idx, 0);
 158    r4k_fill_tlb(env, idx);
 159}
 160
 161static void r4k_helper_tlbwr(CPUMIPSState *env)
 162{
 163    int r = cpu_mips_get_random(env);
 164
 165    r4k_invalidate_tlb(env, r, 1);
 166    r4k_fill_tlb(env, r);
 167}
 168
 169static void r4k_helper_tlbp(CPUMIPSState *env)
 170{
 171    bool mi = !!((env->CP0_Config5 >> CP0C5_MI) & 1);
 172    r4k_tlb_t *tlb;
 173    target_ulong mask;
 174    target_ulong tag;
 175    target_ulong VPN;
 176    uint16_t ASID = env->CP0_EntryHi & env->CP0_EntryHi_ASID_mask;
 177    uint32_t MMID = env->CP0_MemoryMapID;
 178    uint32_t tlb_mmid;
 179    int i;
 180
 181    MMID = mi ? MMID : (uint32_t) ASID;
 182    for (i = 0; i < env->tlb->nb_tlb; i++) {
 183        tlb = &env->tlb->mmu.r4k.tlb[i];
 184        /* 1k pages are not supported. */
 185        mask = tlb->PageMask | ~(TARGET_PAGE_MASK << 1);
 186        tag = env->CP0_EntryHi & ~mask;
 187        VPN = tlb->VPN & ~mask;
 188#if defined(TARGET_MIPS64)
 189        tag &= env->SEGMask;
 190#endif
 191        tlb_mmid = mi ? tlb->MMID : (uint32_t) tlb->ASID;
 192        /* Check ASID/MMID, virtual page number & size */
 193        if ((tlb->G == 1 || tlb_mmid == MMID) && VPN == tag && !tlb->EHINV) {
 194            /* TLB match */
 195            env->CP0_Index = i;
 196            break;
 197        }
 198    }
 199    if (i == env->tlb->nb_tlb) {
 200        /* No match.  Discard any shadow entries, if any of them match.  */
 201        for (i = env->tlb->nb_tlb; i < env->tlb->tlb_in_use; i++) {
 202            tlb = &env->tlb->mmu.r4k.tlb[i];
 203            /* 1k pages are not supported. */
 204            mask = tlb->PageMask | ~(TARGET_PAGE_MASK << 1);
 205            tag = env->CP0_EntryHi & ~mask;
 206            VPN = tlb->VPN & ~mask;
 207#if defined(TARGET_MIPS64)
 208            tag &= env->SEGMask;
 209#endif
 210            tlb_mmid = mi ? tlb->MMID : (uint32_t) tlb->ASID;
 211            /* Check ASID/MMID, virtual page number & size */
 212            if ((tlb->G == 1 || tlb_mmid == MMID) && VPN == tag) {
 213                r4k_mips_tlb_flush_extra(env, i);
 214                break;
 215            }
 216        }
 217
 218        env->CP0_Index |= 0x80000000;
 219    }
 220}
 221
 222static inline uint64_t get_entrylo_pfn_from_tlb(uint64_t tlb_pfn)
 223{
 224#if defined(TARGET_MIPS64)
 225    return tlb_pfn << 6;
 226#else
 227    return (extract64(tlb_pfn, 0, 24) << 6) | /* PFN */
 228           (extract64(tlb_pfn, 24, 32) << 32); /* PFNX */
 229#endif
 230}
 231
 232static void r4k_helper_tlbr(CPUMIPSState *env)
 233{
 234    bool mi = !!((env->CP0_Config5 >> CP0C5_MI) & 1);
 235    uint16_t ASID = env->CP0_EntryHi & env->CP0_EntryHi_ASID_mask;
 236    uint32_t MMID = env->CP0_MemoryMapID;
 237    uint32_t tlb_mmid;
 238    r4k_tlb_t *tlb;
 239    int idx;
 240
 241    MMID = mi ? MMID : (uint32_t) ASID;
 242    idx = (env->CP0_Index & ~0x80000000) % env->tlb->nb_tlb;
 243    tlb = &env->tlb->mmu.r4k.tlb[idx];
 244
 245    tlb_mmid = mi ? tlb->MMID : (uint32_t) tlb->ASID;
 246    /* If this will change the current ASID/MMID, flush qemu's TLB.  */
 247    if (MMID != tlb_mmid) {
 248        cpu_mips_tlb_flush(env);
 249    }
 250
 251    r4k_mips_tlb_flush_extra(env, env->tlb->nb_tlb);
 252
 253    if (tlb->EHINV) {
 254        env->CP0_EntryHi = 1 << CP0EnHi_EHINV;
 255        env->CP0_PageMask = 0;
 256        env->CP0_EntryLo0 = 0;
 257        env->CP0_EntryLo1 = 0;
 258    } else {
 259        env->CP0_EntryHi = mi ? tlb->VPN : tlb->VPN | tlb->ASID;
 260        env->CP0_MemoryMapID = tlb->MMID;
 261        env->CP0_PageMask = tlb->PageMask;
 262        env->CP0_EntryLo0 = tlb->G | (tlb->V0 << 1) | (tlb->D0 << 2) |
 263                        ((uint64_t)tlb->RI0 << CP0EnLo_RI) |
 264                        ((uint64_t)tlb->XI0 << CP0EnLo_XI) | (tlb->C0 << 3) |
 265                        get_entrylo_pfn_from_tlb(tlb->PFN[0] >> 12);
 266        env->CP0_EntryLo1 = tlb->G | (tlb->V1 << 1) | (tlb->D1 << 2) |
 267                        ((uint64_t)tlb->RI1 << CP0EnLo_RI) |
 268                        ((uint64_t)tlb->XI1 << CP0EnLo_XI) | (tlb->C1 << 3) |
 269                        get_entrylo_pfn_from_tlb(tlb->PFN[1] >> 12);
 270    }
 271}
 272
 273void helper_tlbwi(CPUMIPSState *env)
 274{
 275    env->tlb->helper_tlbwi(env);
 276}
 277
 278void helper_tlbwr(CPUMIPSState *env)
 279{
 280    env->tlb->helper_tlbwr(env);
 281}
 282
 283void helper_tlbp(CPUMIPSState *env)
 284{
 285    env->tlb->helper_tlbp(env);
 286}
 287
 288void helper_tlbr(CPUMIPSState *env)
 289{
 290    env->tlb->helper_tlbr(env);
 291}
 292
 293void helper_tlbinv(CPUMIPSState *env)
 294{
 295    env->tlb->helper_tlbinv(env);
 296}
 297
 298void helper_tlbinvf(CPUMIPSState *env)
 299{
 300    env->tlb->helper_tlbinvf(env);
 301}
 302
 303static void global_invalidate_tlb(CPUMIPSState *env,
 304                           uint32_t invMsgVPN2,
 305                           uint8_t invMsgR,
 306                           uint32_t invMsgMMid,
 307                           bool invAll,
 308                           bool invVAMMid,
 309                           bool invMMid,
 310                           bool invVA)
 311{
 312
 313    int idx;
 314    r4k_tlb_t *tlb;
 315    bool VAMatch;
 316    bool MMidMatch;
 317
 318    for (idx = 0; idx < env->tlb->nb_tlb; idx++) {
 319        tlb = &env->tlb->mmu.r4k.tlb[idx];
 320        VAMatch =
 321            (((tlb->VPN & ~tlb->PageMask) == (invMsgVPN2 & ~tlb->PageMask))
 322#ifdef TARGET_MIPS64
 323            &&
 324            (extract64(env->CP0_EntryHi, 62, 2) == invMsgR)
 325#endif
 326            );
 327        MMidMatch = tlb->MMID == invMsgMMid;
 328        if ((invAll && (idx > env->CP0_Wired)) ||
 329            (VAMatch && invVAMMid && (tlb->G || MMidMatch)) ||
 330            (VAMatch && invVA) ||
 331            (MMidMatch && !(tlb->G) && invMMid)) {
 332            tlb->EHINV = 1;
 333        }
 334    }
 335    cpu_mips_tlb_flush(env);
 336}
 337
 338void helper_ginvt(CPUMIPSState *env, target_ulong arg, uint32_t type)
 339{
 340    bool invAll = type == 0;
 341    bool invVA = type == 1;
 342    bool invMMid = type == 2;
 343    bool invVAMMid = type == 3;
 344    uint32_t invMsgVPN2 = arg & (TARGET_PAGE_MASK << 1);
 345    uint8_t invMsgR = 0;
 346    uint32_t invMsgMMid = env->CP0_MemoryMapID;
 347    CPUState *other_cs = first_cpu;
 348
 349#ifdef TARGET_MIPS64
 350    invMsgR = extract64(arg, 62, 2);
 351#endif
 352
 353    CPU_FOREACH(other_cs) {
 354        MIPSCPU *other_cpu = MIPS_CPU(other_cs);
 355        global_invalidate_tlb(&other_cpu->env, invMsgVPN2, invMsgR, invMsgMMid,
 356                              invAll, invVAMMid, invMMid, invVA);
 357    }
 358}
 359
 360/* no MMU emulation */
 361static int no_mmu_map_address(CPUMIPSState *env, hwaddr *physical, int *prot,
 362                              target_ulong address, MMUAccessType access_type)
 363{
 364    *physical = address;
 365    *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
 366    return TLBRET_MATCH;
 367}
 368
 369/* fixed mapping MMU emulation */
 370static int fixed_mmu_map_address(CPUMIPSState *env, hwaddr *physical,
 371                                 int *prot, target_ulong address,
 372                                 MMUAccessType access_type)
 373{
 374    if (address <= (int32_t)0x7FFFFFFFUL) {
 375        if (!(env->CP0_Status & (1 << CP0St_ERL))) {
 376            *physical = address + 0x40000000UL;
 377        } else {
 378            *physical = address;
 379        }
 380    } else if (address <= (int32_t)0xBFFFFFFFUL) {
 381        *physical = address & 0x1FFFFFFF;
 382    } else {
 383        *physical = address;
 384    }
 385
 386    *prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
 387    return TLBRET_MATCH;
 388}
 389
 390/* MIPS32/MIPS64 R4000-style MMU emulation */
 391static int r4k_map_address(CPUMIPSState *env, hwaddr *physical, int *prot,
 392                           target_ulong address, MMUAccessType access_type)
 393{
 394    uint16_t ASID = env->CP0_EntryHi & env->CP0_EntryHi_ASID_mask;
 395    uint32_t MMID = env->CP0_MemoryMapID;
 396    bool mi = !!((env->CP0_Config5 >> CP0C5_MI) & 1);
 397    uint32_t tlb_mmid;
 398    int i;
 399
 400    MMID = mi ? MMID : (uint32_t) ASID;
 401
 402    for (i = 0; i < env->tlb->tlb_in_use; i++) {
 403        r4k_tlb_t *tlb = &env->tlb->mmu.r4k.tlb[i];
 404        /* 1k pages are not supported. */
 405        target_ulong mask = tlb->PageMask | ~(TARGET_PAGE_MASK << 1);
 406        target_ulong tag = address & ~mask;
 407        target_ulong VPN = tlb->VPN & ~mask;
 408#if defined(TARGET_MIPS64)
 409        tag &= env->SEGMask;
 410#endif
 411
 412        /* Check ASID/MMID, virtual page number & size */
 413        tlb_mmid = mi ? tlb->MMID : (uint32_t) tlb->ASID;
 414        if ((tlb->G == 1 || tlb_mmid == MMID) && VPN == tag && !tlb->EHINV) {
 415            /* TLB match */
 416            int n = !!(address & mask & ~(mask >> 1));
 417            /* Check access rights */
 418            if (!(n ? tlb->V1 : tlb->V0)) {
 419                return TLBRET_INVALID;
 420            }
 421            if (access_type == MMU_INST_FETCH && (n ? tlb->XI1 : tlb->XI0)) {
 422                return TLBRET_XI;
 423            }
 424            if (access_type == MMU_DATA_LOAD && (n ? tlb->RI1 : tlb->RI0)) {
 425                return TLBRET_RI;
 426            }
 427            if (access_type != MMU_DATA_STORE || (n ? tlb->D1 : tlb->D0)) {
 428                *physical = tlb->PFN[n] | (address & (mask >> 1));
 429                *prot = PAGE_READ;
 430                if (n ? tlb->D1 : tlb->D0) {
 431                    *prot |= PAGE_WRITE;
 432                }
 433                if (!(n ? tlb->XI1 : tlb->XI0)) {
 434                    *prot |= PAGE_EXEC;
 435                }
 436                return TLBRET_MATCH;
 437            }
 438            return TLBRET_DIRTY;
 439        }
 440    }
 441    return TLBRET_NOMATCH;
 442}
 443
 444static void no_mmu_init(CPUMIPSState *env, const mips_def_t *def)
 445{
 446    env->tlb->nb_tlb = 1;
 447    env->tlb->map_address = &no_mmu_map_address;
 448}
 449
 450static void fixed_mmu_init(CPUMIPSState *env, const mips_def_t *def)
 451{
 452    env->tlb->nb_tlb = 1;
 453    env->tlb->map_address = &fixed_mmu_map_address;
 454}
 455
 456static void r4k_mmu_init(CPUMIPSState *env, const mips_def_t *def)
 457{
 458    env->tlb->nb_tlb = 1 + ((def->CP0_Config1 >> CP0C1_MMU) & 63);
 459    env->tlb->map_address = &r4k_map_address;
 460    env->tlb->helper_tlbwi = r4k_helper_tlbwi;
 461    env->tlb->helper_tlbwr = r4k_helper_tlbwr;
 462    env->tlb->helper_tlbp = r4k_helper_tlbp;
 463    env->tlb->helper_tlbr = r4k_helper_tlbr;
 464    env->tlb->helper_tlbinv = r4k_helper_tlbinv;
 465    env->tlb->helper_tlbinvf = r4k_helper_tlbinvf;
 466}
 467
 468void mmu_init(CPUMIPSState *env, const mips_def_t *def)
 469{
 470    env->tlb = g_malloc0(sizeof(CPUMIPSTLBContext));
 471
 472    switch (def->mmu_type) {
 473    case MMU_TYPE_NONE:
 474        no_mmu_init(env, def);
 475        break;
 476    case MMU_TYPE_R4000:
 477        r4k_mmu_init(env, def);
 478        break;
 479    case MMU_TYPE_FMT:
 480        fixed_mmu_init(env, def);
 481        break;
 482    case MMU_TYPE_R3000:
 483    case MMU_TYPE_R6000:
 484    case MMU_TYPE_R8000:
 485    default:
 486        cpu_abort(env_cpu(env), "MMU type not supported\n");
 487    }
 488}
 489
 490void cpu_mips_tlb_flush(CPUMIPSState *env)
 491{
 492    /* Flush qemu's TLB and discard all shadowed entries.  */
 493    tlb_flush(env_cpu(env));
 494    env->tlb->tlb_in_use = env->tlb->nb_tlb;
 495}
 496
 497static void raise_mmu_exception(CPUMIPSState *env, target_ulong address,
 498                                MMUAccessType access_type, int tlb_error)
 499{
 500    CPUState *cs = env_cpu(env);
 501    int exception = 0, error_code = 0;
 502
 503    if (access_type == MMU_INST_FETCH) {
 504        error_code |= EXCP_INST_NOTAVAIL;
 505    }
 506
 507    switch (tlb_error) {
 508    default:
 509    case TLBRET_BADADDR:
 510        /* Reference to kernel address from user mode or supervisor mode */
 511        /* Reference to supervisor address from user mode */
 512        if (access_type == MMU_DATA_STORE) {
 513            exception = EXCP_AdES;
 514        } else {
 515            exception = EXCP_AdEL;
 516        }
 517        break;
 518    case TLBRET_NOMATCH:
 519        /* No TLB match for a mapped address */
 520        if (access_type == MMU_DATA_STORE) {
 521            exception = EXCP_TLBS;
 522        } else {
 523            exception = EXCP_TLBL;
 524        }
 525        error_code |= EXCP_TLB_NOMATCH;
 526        break;
 527    case TLBRET_INVALID:
 528        /* TLB match with no valid bit */
 529        if (access_type == MMU_DATA_STORE) {
 530            exception = EXCP_TLBS;
 531        } else {
 532            exception = EXCP_TLBL;
 533        }
 534        break;
 535    case TLBRET_DIRTY:
 536        /* TLB match but 'D' bit is cleared */
 537        exception = EXCP_LTLBL;
 538        break;
 539    case TLBRET_XI:
 540        /* Execute-Inhibit Exception */
 541        if (env->CP0_PageGrain & (1 << CP0PG_IEC)) {
 542            exception = EXCP_TLBXI;
 543        } else {
 544            exception = EXCP_TLBL;
 545        }
 546        break;
 547    case TLBRET_RI:
 548        /* Read-Inhibit Exception */
 549        if (env->CP0_PageGrain & (1 << CP0PG_IEC)) {
 550            exception = EXCP_TLBRI;
 551        } else {
 552            exception = EXCP_TLBL;
 553        }
 554        break;
 555    }
 556    /* Raise exception */
 557    if (!(env->hflags & MIPS_HFLAG_DM)) {
 558        env->CP0_BadVAddr = address;
 559    }
 560    env->CP0_Context = (env->CP0_Context & ~0x007fffff) |
 561                       ((address >> 9) & 0x007ffff0);
 562    env->CP0_EntryHi = (env->CP0_EntryHi & env->CP0_EntryHi_ASID_mask) |
 563                       (env->CP0_EntryHi & (1 << CP0EnHi_EHINV)) |
 564                       (address & (TARGET_PAGE_MASK << 1));
 565#if defined(TARGET_MIPS64)
 566    env->CP0_EntryHi &= env->SEGMask;
 567    env->CP0_XContext =
 568        (env->CP0_XContext & ((~0ULL) << (env->SEGBITS - 7))) | /* PTEBase */
 569        (extract64(address, 62, 2) << (env->SEGBITS - 9)) |     /* R       */
 570        (extract64(address, 13, env->SEGBITS - 13) << 4);       /* BadVPN2 */
 571#endif
 572    cs->exception_index = exception;
 573    env->error_code = error_code;
 574}
 575
 576#if !defined(TARGET_MIPS64)
 577
 578/*
 579 * Perform hardware page table walk
 580 *
 581 * Memory accesses are performed using the KERNEL privilege level.
 582 * Synchronous exceptions detected on memory accesses cause a silent exit
 583 * from page table walking, resulting in a TLB or XTLB Refill exception.
 584 *
 585 * Implementations are not required to support page table walk memory
 586 * accesses from mapped memory regions. When an unsupported access is
 587 * attempted, a silent exit is taken, resulting in a TLB or XTLB Refill
 588 * exception.
 589 *
 590 * Note that if an exception is caused by AddressTranslation or LoadMemory
 591 * functions, the exception is not taken, a silent exit is taken,
 592 * resulting in a TLB or XTLB Refill exception.
 593 */
 594
 595static bool get_pte(CPUMIPSState *env, uint64_t vaddr, int entry_size,
 596        uint64_t *pte)
 597{
 598    if ((vaddr & ((entry_size >> 3) - 1)) != 0) {
 599        return false;
 600    }
 601    if (entry_size == 64) {
 602        *pte = cpu_ldq_code(env, vaddr);
 603    } else {
 604        *pte = cpu_ldl_code(env, vaddr);
 605    }
 606    return true;
 607}
 608
 609static uint64_t get_tlb_entry_layout(CPUMIPSState *env, uint64_t entry,
 610        int entry_size, int ptei)
 611{
 612    uint64_t result = entry;
 613    uint64_t rixi;
 614    if (ptei > entry_size) {
 615        ptei -= 32;
 616    }
 617    result >>= (ptei - 2);
 618    rixi = result & 3;
 619    result >>= 2;
 620    result |= rixi << CP0EnLo_XI;
 621    return result;
 622}
 623
 624static int walk_directory(CPUMIPSState *env, uint64_t *vaddr,
 625        int directory_index, bool *huge_page, bool *hgpg_directory_hit,
 626        uint64_t *pw_entrylo0, uint64_t *pw_entrylo1)
 627{
 628    int dph = (env->CP0_PWCtl >> CP0PC_DPH) & 0x1;
 629    int psn = (env->CP0_PWCtl >> CP0PC_PSN) & 0x3F;
 630    int hugepg = (env->CP0_PWCtl >> CP0PC_HUGEPG) & 0x1;
 631    int pf_ptew = (env->CP0_PWField >> CP0PF_PTEW) & 0x3F;
 632    int ptew = (env->CP0_PWSize >> CP0PS_PTEW) & 0x3F;
 633    int native_shift = (((env->CP0_PWSize >> CP0PS_PS) & 1) == 0) ? 2 : 3;
 634    int directory_shift = (ptew > 1) ? -1 :
 635            (hugepg && (ptew == 1)) ? native_shift + 1 : native_shift;
 636    int leaf_shift = (ptew > 1) ? -1 :
 637            (ptew == 1) ? native_shift + 1 : native_shift;
 638    uint32_t direntry_size = 1 << (directory_shift + 3);
 639    uint32_t leafentry_size = 1 << (leaf_shift + 3);
 640    uint64_t entry;
 641    uint64_t paddr;
 642    int prot;
 643    uint64_t lsb = 0;
 644    uint64_t w = 0;
 645
 646    if (get_physical_address(env, &paddr, &prot, *vaddr, MMU_DATA_LOAD,
 647                             cpu_mmu_index(env, false)) !=
 648                             TLBRET_MATCH) {
 649        /* wrong base address */
 650        return 0;
 651    }
 652    if (!get_pte(env, *vaddr, direntry_size, &entry)) {
 653        return 0;
 654    }
 655
 656    if ((entry & (1 << psn)) && hugepg) {
 657        *huge_page = true;
 658        *hgpg_directory_hit = true;
 659        entry = get_tlb_entry_layout(env, entry, leafentry_size, pf_ptew);
 660        w = directory_index - 1;
 661        if (directory_index & 0x1) {
 662            /* Generate adjacent page from same PTE for odd TLB page */
 663            lsb = BIT_ULL(w) >> 6;
 664            *pw_entrylo0 = entry & ~lsb; /* even page */
 665            *pw_entrylo1 = entry | lsb; /* odd page */
 666        } else if (dph) {
 667            int oddpagebit = 1 << leaf_shift;
 668            uint64_t vaddr2 = *vaddr ^ oddpagebit;
 669            if (*vaddr & oddpagebit) {
 670                *pw_entrylo1 = entry;
 671            } else {
 672                *pw_entrylo0 = entry;
 673            }
 674            if (get_physical_address(env, &paddr, &prot, vaddr2, MMU_DATA_LOAD,
 675                                     cpu_mmu_index(env, false)) !=
 676                                     TLBRET_MATCH) {
 677                return 0;
 678            }
 679            if (!get_pte(env, vaddr2, leafentry_size, &entry)) {
 680                return 0;
 681            }
 682            entry = get_tlb_entry_layout(env, entry, leafentry_size, pf_ptew);
 683            if (*vaddr & oddpagebit) {
 684                *pw_entrylo0 = entry;
 685            } else {
 686                *pw_entrylo1 = entry;
 687            }
 688        } else {
 689            return 0;
 690        }
 691        return 1;
 692    } else {
 693        *vaddr = entry;
 694        return 2;
 695    }
 696}
 697
 698static bool page_table_walk_refill(CPUMIPSState *env, vaddr address,
 699                                   int mmu_idx)
 700{
 701    int gdw = (env->CP0_PWSize >> CP0PS_GDW) & 0x3F;
 702    int udw = (env->CP0_PWSize >> CP0PS_UDW) & 0x3F;
 703    int mdw = (env->CP0_PWSize >> CP0PS_MDW) & 0x3F;
 704    int ptw = (env->CP0_PWSize >> CP0PS_PTW) & 0x3F;
 705    int ptew = (env->CP0_PWSize >> CP0PS_PTEW) & 0x3F;
 706
 707    /* Initial values */
 708    bool huge_page = false;
 709    bool hgpg_bdhit = false;
 710    bool hgpg_gdhit = false;
 711    bool hgpg_udhit = false;
 712    bool hgpg_mdhit = false;
 713
 714    int32_t pw_pagemask = 0;
 715    target_ulong pw_entryhi = 0;
 716    uint64_t pw_entrylo0 = 0;
 717    uint64_t pw_entrylo1 = 0;
 718
 719    /* Native pointer size */
 720    /*For the 32-bit architectures, this bit is fixed to 0.*/
 721    int native_shift = (((env->CP0_PWSize >> CP0PS_PS) & 1) == 0) ? 2 : 3;
 722
 723    /* Indices from PWField */
 724    int pf_gdw = (env->CP0_PWField >> CP0PF_GDW) & 0x3F;
 725    int pf_udw = (env->CP0_PWField >> CP0PF_UDW) & 0x3F;
 726    int pf_mdw = (env->CP0_PWField >> CP0PF_MDW) & 0x3F;
 727    int pf_ptw = (env->CP0_PWField >> CP0PF_PTW) & 0x3F;
 728    int pf_ptew = (env->CP0_PWField >> CP0PF_PTEW) & 0x3F;
 729
 730    /* Indices computed from faulting address */
 731    int gindex = (address >> pf_gdw) & ((1 << gdw) - 1);
 732    int uindex = (address >> pf_udw) & ((1 << udw) - 1);
 733    int mindex = (address >> pf_mdw) & ((1 << mdw) - 1);
 734    int ptindex = (address >> pf_ptw) & ((1 << ptw) - 1);
 735
 736    /* Other HTW configs */
 737    int hugepg = (env->CP0_PWCtl >> CP0PC_HUGEPG) & 0x1;
 738
 739    /* HTW Shift values (depend on entry size) */
 740    int directory_shift = (ptew > 1) ? -1 :
 741            (hugepg && (ptew == 1)) ? native_shift + 1 : native_shift;
 742    int leaf_shift = (ptew > 1) ? -1 :
 743            (ptew == 1) ? native_shift + 1 : native_shift;
 744
 745    /* Offsets into tables */
 746    int goffset = gindex << directory_shift;
 747    int uoffset = uindex << directory_shift;
 748    int moffset = mindex << directory_shift;
 749    int ptoffset0 = (ptindex >> 1) << (leaf_shift + 1);
 750    int ptoffset1 = ptoffset0 | (1 << (leaf_shift));
 751
 752    uint32_t leafentry_size = 1 << (leaf_shift + 3);
 753
 754    /* Starting address - Page Table Base */
 755    uint64_t vaddr = env->CP0_PWBase;
 756
 757    uint64_t dir_entry;
 758    uint64_t paddr;
 759    int prot;
 760    int m;
 761
 762    if (!(env->CP0_Config3 & (1 << CP0C3_PW))) {
 763        /* walker is unimplemented */
 764        return false;
 765    }
 766    if (!(env->CP0_PWCtl & (1 << CP0PC_PWEN))) {
 767        /* walker is disabled */
 768        return false;
 769    }
 770    if (!(gdw > 0 || udw > 0 || mdw > 0)) {
 771        /* no structure to walk */
 772        return false;
 773    }
 774    if ((directory_shift == -1) || (leaf_shift == -1)) {
 775        return false;
 776    }
 777
 778    /* Global Directory */
 779    if (gdw > 0) {
 780        vaddr |= goffset;
 781        switch (walk_directory(env, &vaddr, pf_gdw, &huge_page, &hgpg_gdhit,
 782                               &pw_entrylo0, &pw_entrylo1))
 783        {
 784        case 0:
 785            return false;
 786        case 1:
 787            goto refill;
 788        case 2:
 789        default:
 790            break;
 791        }
 792    }
 793
 794    /* Upper directory */
 795    if (udw > 0) {
 796        vaddr |= uoffset;
 797        switch (walk_directory(env, &vaddr, pf_udw, &huge_page, &hgpg_udhit,
 798                               &pw_entrylo0, &pw_entrylo1))
 799        {
 800        case 0:
 801            return false;
 802        case 1:
 803            goto refill;
 804        case 2:
 805        default:
 806            break;
 807        }
 808    }
 809
 810    /* Middle directory */
 811    if (mdw > 0) {
 812        vaddr |= moffset;
 813        switch (walk_directory(env, &vaddr, pf_mdw, &huge_page, &hgpg_mdhit,
 814                               &pw_entrylo0, &pw_entrylo1))
 815        {
 816        case 0:
 817            return false;
 818        case 1:
 819            goto refill;
 820        case 2:
 821        default:
 822            break;
 823        }
 824    }
 825
 826    /* Leaf Level Page Table - First half of PTE pair */
 827    vaddr |= ptoffset0;
 828    if (get_physical_address(env, &paddr, &prot, vaddr, MMU_DATA_LOAD,
 829                             cpu_mmu_index(env, false)) !=
 830                             TLBRET_MATCH) {
 831        return false;
 832    }
 833    if (!get_pte(env, vaddr, leafentry_size, &dir_entry)) {
 834        return false;
 835    }
 836    dir_entry = get_tlb_entry_layout(env, dir_entry, leafentry_size, pf_ptew);
 837    pw_entrylo0 = dir_entry;
 838
 839    /* Leaf Level Page Table - Second half of PTE pair */
 840    vaddr |= ptoffset1;
 841    if (get_physical_address(env, &paddr, &prot, vaddr, MMU_DATA_LOAD,
 842                             cpu_mmu_index(env, false)) !=
 843                             TLBRET_MATCH) {
 844        return false;
 845    }
 846    if (!get_pte(env, vaddr, leafentry_size, &dir_entry)) {
 847        return false;
 848    }
 849    dir_entry = get_tlb_entry_layout(env, dir_entry, leafentry_size, pf_ptew);
 850    pw_entrylo1 = dir_entry;
 851
 852refill:
 853
 854    m = (1 << pf_ptw) - 1;
 855
 856    if (huge_page) {
 857        switch (hgpg_bdhit << 3 | hgpg_gdhit << 2 | hgpg_udhit << 1 |
 858                hgpg_mdhit)
 859        {
 860        case 4:
 861            m = (1 << pf_gdw) - 1;
 862            if (pf_gdw & 1) {
 863                m >>= 1;
 864            }
 865            break;
 866        case 2:
 867            m = (1 << pf_udw) - 1;
 868            if (pf_udw & 1) {
 869                m >>= 1;
 870            }
 871            break;
 872        case 1:
 873            m = (1 << pf_mdw) - 1;
 874            if (pf_mdw & 1) {
 875                m >>= 1;
 876            }
 877            break;
 878        }
 879    }
 880    pw_pagemask = m >> TARGET_PAGE_BITS_MIN;
 881    update_pagemask(env, pw_pagemask << CP0PM_MASK, &pw_pagemask);
 882    pw_entryhi = (address & ~0x1fff) | (env->CP0_EntryHi & 0xFF);
 883    {
 884        target_ulong tmp_entryhi = env->CP0_EntryHi;
 885        int32_t tmp_pagemask = env->CP0_PageMask;
 886        uint64_t tmp_entrylo0 = env->CP0_EntryLo0;
 887        uint64_t tmp_entrylo1 = env->CP0_EntryLo1;
 888
 889        env->CP0_EntryHi = pw_entryhi;
 890        env->CP0_PageMask = pw_pagemask;
 891        env->CP0_EntryLo0 = pw_entrylo0;
 892        env->CP0_EntryLo1 = pw_entrylo1;
 893
 894        /*
 895         * The hardware page walker inserts a page into the TLB in a manner
 896         * identical to a TLBWR instruction as executed by the software refill
 897         * handler.
 898         */
 899        r4k_helper_tlbwr(env);
 900
 901        env->CP0_EntryHi = tmp_entryhi;
 902        env->CP0_PageMask = tmp_pagemask;
 903        env->CP0_EntryLo0 = tmp_entrylo0;
 904        env->CP0_EntryLo1 = tmp_entrylo1;
 905    }
 906    return true;
 907}
 908#endif
 909
 910bool mips_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
 911                       MMUAccessType access_type, int mmu_idx,
 912                       bool probe, uintptr_t retaddr)
 913{
 914    MIPSCPU *cpu = MIPS_CPU(cs);
 915    CPUMIPSState *env = &cpu->env;
 916    hwaddr physical;
 917    int prot;
 918    int ret = TLBRET_BADADDR;
 919
 920    /* data access */
 921    /* XXX: put correct access by using cpu_restore_state() correctly */
 922    ret = get_physical_address(env, &physical, &prot, address,
 923                               access_type, mmu_idx);
 924    switch (ret) {
 925    case TLBRET_MATCH:
 926        qemu_log_mask(CPU_LOG_MMU,
 927                      "%s address=%" VADDR_PRIx " physical " TARGET_FMT_plx
 928                      " prot %d\n", __func__, address, physical, prot);
 929        break;
 930    default:
 931        qemu_log_mask(CPU_LOG_MMU,
 932                      "%s address=%" VADDR_PRIx " ret %d\n", __func__, address,
 933                      ret);
 934        break;
 935    }
 936    if (ret == TLBRET_MATCH) {
 937        tlb_set_page(cs, address & TARGET_PAGE_MASK,
 938                     physical & TARGET_PAGE_MASK, prot,
 939                     mmu_idx, TARGET_PAGE_SIZE);
 940        return true;
 941    }
 942#if !defined(TARGET_MIPS64)
 943    if ((ret == TLBRET_NOMATCH) && (env->tlb->nb_tlb > 1)) {
 944        /*
 945         * Memory reads during hardware page table walking are performed
 946         * as if they were kernel-mode load instructions.
 947         */
 948        int mode = (env->hflags & MIPS_HFLAG_KSU);
 949        bool ret_walker;
 950        env->hflags &= ~MIPS_HFLAG_KSU;
 951        ret_walker = page_table_walk_refill(env, address, mmu_idx);
 952        env->hflags |= mode;
 953        if (ret_walker) {
 954            ret = get_physical_address(env, &physical, &prot, address,
 955                                       access_type, mmu_idx);
 956            if (ret == TLBRET_MATCH) {
 957                tlb_set_page(cs, address & TARGET_PAGE_MASK,
 958                             physical & TARGET_PAGE_MASK, prot,
 959                             mmu_idx, TARGET_PAGE_SIZE);
 960                return true;
 961            }
 962        }
 963    }
 964#endif
 965    if (probe) {
 966        return false;
 967    }
 968
 969    raise_mmu_exception(env, address, access_type, ret);
 970    do_raise_exception_err(env, cs->exception_index, env->error_code, retaddr);
 971}
 972
 973hwaddr cpu_mips_translate_address(CPUMIPSState *env, target_ulong address,
 974                                  MMUAccessType access_type, uintptr_t retaddr)
 975{
 976    hwaddr physical;
 977    int prot;
 978    int ret = 0;
 979    CPUState *cs = env_cpu(env);
 980
 981    /* data access */
 982    ret = get_physical_address(env, &physical, &prot, address, access_type,
 983                               cpu_mmu_index(env, false));
 984    if (ret == TLBRET_MATCH) {
 985        return physical;
 986    }
 987
 988    raise_mmu_exception(env, address, access_type, ret);
 989    cpu_loop_exit_restore(cs, retaddr);
 990}
 991
 992static void set_hflags_for_handler(CPUMIPSState *env)
 993{
 994    /* Exception handlers are entered in 32-bit mode.  */
 995    env->hflags &= ~(MIPS_HFLAG_M16);
 996    /* ...except that microMIPS lets you choose.  */
 997    if (env->insn_flags & ASE_MICROMIPS) {
 998        env->hflags |= (!!(env->CP0_Config3 &
 999                           (1 << CP0C3_ISA_ON_EXC))
1000                        << MIPS_HFLAG_M16_SHIFT);

1001    }
1002}
1003
1004static inline void set_badinstr_registers(CPUMIPSState *env)
1005{
1006    if (env->insn_flags & ISA_NANOMIPS32) {
1007        if (env->CP0_Config3 & (1 << CP0C3_BI)) {
1008            uint32_t instr = (cpu_lduw_code(env, env->active_tc.PC)) << 16;
1009            if ((instr & 0x10000000) == 0) {
1010                instr |= cpu_lduw_code(env, env->active_tc.PC + 2);
1011            }
1012            env->CP0_BadInstr = instr;
1013
1014            if ((instr & 0xFC000000) == 0x60000000) {
1015                instr = cpu_lduw_code(env, env->active_tc.PC + 4) << 16;
1016                env->CP0_BadInstrX = instr;
1017            }
1018        }
1019        return;
1020    }
1021
1022    if (env->hflags & MIPS_HFLAG_M16) {
1023        /* TODO: add BadInstr support for microMIPS */
1024        return;
1025    }
1026    if (env->CP0_Config3 & (1 << CP0C3_BI)) {
1027        env->CP0_BadInstr = cpu_ldl_code(env, env->active_tc.PC);
1028    }
1029    if ((env->CP0_Config3 & (1 << CP0C3_BP)) &&
1030        (env->hflags & MIPS_HFLAG_BMASK)) {
1031        env->CP0_BadInstrP = cpu_ldl_code(env, env->active_tc.PC - 4);
1032    }
1033}
1034
1035void mips_cpu_do_interrupt(CPUState *cs)
1036{
1037    MIPSCPU *cpu = MIPS_CPU(cs);
1038    CPUMIPSState *env = &cpu->env;
1039    bool update_badinstr = 0;
1040    target_ulong offset;
1041    int cause = -1;
1042
1043    if (qemu_loglevel_mask(CPU_LOG_INT)
1044        && cs->exception_index != EXCP_EXT_INTERRUPT) {
1045        qemu_log("%s enter: PC " TARGET_FMT_lx " EPC " TARGET_FMT_lx
1046                 " %s exception\n",
1047                 __func__, env->active_tc.PC, env->CP0_EPC,
1048                 mips_exception_name(cs->exception_index));
1049    }
1050    if (cs->exception_index == EXCP_EXT_INTERRUPT &&
1051        (env->hflags & MIPS_HFLAG_DM)) {
1052        cs->exception_index = EXCP_DINT;
1053    }
1054    offset = 0x180;
1055    switch (cs->exception_index) {
1056    case EXCP_DSS:
1057        env->CP0_Debug |= 1 << CP0DB_DSS;
1058        /*
1059         * Debug single step cannot be raised inside a delay slot and
1060         * resume will always occur on the next instruction
1061         * (but we assume the pc has always been updated during
1062         * code translation).
1063         */
1064        env->CP0_DEPC = env->active_tc.PC | !!(env->hflags & MIPS_HFLAG_M16);
1065        goto enter_debug_mode;
1066    case EXCP_DINT:
1067        env->CP0_Debug |= 1 << CP0DB_DINT;
1068        goto set_DEPC;
1069    case EXCP_DIB:
1070        env->CP0_Debug |= 1 << CP0DB_DIB;
1071        goto set_DEPC;
1072    case EXCP_DBp:
1073        env->CP0_Debug |= 1 << CP0DB_DBp;
1074        /* Setup DExcCode - SDBBP instruction */
1075        env->CP0_Debug = (env->CP0_Debug & ~(0x1fULL << CP0DB_DEC)) |
1076                         (9 << CP0DB_DEC);
1077        goto set_DEPC;
1078    case EXCP_DDBS:
1079        env->CP0_Debug |= 1 << CP0DB_DDBS;
1080        goto set_DEPC;
1081    case EXCP_DDBL:
1082        env->CP0_Debug |= 1 << CP0DB_DDBL;
1083    set_DEPC:
1084        env->CP0_DEPC = exception_resume_pc(env);
1085        env->hflags &= ~MIPS_HFLAG_BMASK;
1086 enter_debug_mode:
1087        if (env->insn_flags & ISA_MIPS3) {
1088            env->hflags |= MIPS_HFLAG_64;
1089            if (!(env->insn_flags & ISA_MIPS_R6) ||
1090                env->CP0_Status & (1 << CP0St_KX)) {
1091                env->hflags &= ~MIPS_HFLAG_AWRAP;
1092            }
1093        }
1094        env->hflags |= MIPS_HFLAG_DM | MIPS_HFLAG_CP0;
1095        env->hflags &= ~(MIPS_HFLAG_KSU);
1096        /* EJTAG probe trap enable is not implemented... */
1097        if (!(env->CP0_Status & (1 << CP0St_EXL))) {
1098            env->CP0_Cause &= ~(1U << CP0Ca_BD);
1099        }
1100        env->active_tc.PC = env->exception_base + 0x480;
1101        set_hflags_for_handler(env);
1102        break;
1103    case EXCP_RESET:
1104        cpu_reset(CPU(cpu));
1105        break;
1106    case EXCP_SRESET:
1107        env->CP0_Status |= (1 << CP0St_SR);
1108        memset(env->CP0_WatchLo, 0, sizeof(env->CP0_WatchLo));
1109        goto set_error_EPC;
1110    case EXCP_NMI:
1111        env->CP0_Status |= (1 << CP0St_NMI);
1112 set_error_EPC:
1113        env->CP0_ErrorEPC = exception_resume_pc(env);
1114        env->hflags &= ~MIPS_HFLAG_BMASK;
1115        env->CP0_Status |= (1 << CP0St_ERL) | (1 << CP0St_BEV);
1116        if (env->insn_flags & ISA_MIPS3) {
1117            env->hflags |= MIPS_HFLAG_64;
1118            if (!(env->insn_flags & ISA_MIPS_R6) ||
1119                env->CP0_Status & (1 << CP0St_KX)) {
1120                env->hflags &= ~MIPS_HFLAG_AWRAP;
1121            }
1122        }
1123        env->hflags |= MIPS_HFLAG_CP0;
1124        env->hflags &= ~(MIPS_HFLAG_KSU);
1125        if (!(env->CP0_Status & (1 << CP0St_EXL))) {
1126            env->CP0_Cause &= ~(1U << CP0Ca_BD);
1127        }
1128        env->active_tc.PC = env->exception_base;
1129        set_hflags_for_handler(env);
1130        break;
1131    case EXCP_EXT_INTERRUPT:
1132        cause = 0;
1133        if (env->CP0_Cause & (1 << CP0Ca_IV)) {
1134            uint32_t spacing = (env->CP0_IntCtl >> CP0IntCtl_VS) & 0x1f;
1135
1136            if ((env->CP0_Status & (1 << CP0St_BEV)) || spacing == 0) {
1137                offset = 0x200;
1138            } else {
1139                uint32_t vector = 0;
1140                uint32_t pending = (env->CP0_Cause & CP0Ca_IP_mask) >> CP0Ca_IP;
1141
1142                if (env->CP0_Config3 & (1 << CP0C3_VEIC)) {
1143                    /*
1144                     * For VEIC mode, the external interrupt controller feeds
1145                     * the vector through the CP0Cause IP lines.
1146                     */
1147                    vector = pending;
1148                } else {
1149                    /*
1150                     * Vectored Interrupts
1151                     * Mask with Status.IM7-IM0 to get enabled interrupts.
1152                     */
1153                    pending &= (env->CP0_Status >> CP0St_IM) & 0xff;
1154                    /* Find the highest-priority interrupt. */
1155                    while (pending >>= 1) {
1156                        vector++;
1157                    }
1158                }
1159                offset = 0x200 + (vector * (spacing << 5));
1160            }
1161        }
1162        goto set_EPC;
1163    case EXCP_LTLBL:
1164        cause = 1;
1165        update_badinstr = !(env->error_code & EXCP_INST_NOTAVAIL);
1166        goto set_EPC;
1167    case EXCP_TLBL:
1168        cause = 2;
1169        update_badinstr = !(env->error_code & EXCP_INST_NOTAVAIL);
1170        if ((env->error_code & EXCP_TLB_NOMATCH) &&
1171            !(env->CP0_Status & (1 << CP0St_EXL))) {
1172#if defined(TARGET_MIPS64)
1173            int R = env->CP0_BadVAddr >> 62;
1174            int UX = (env->CP0_Status & (1 << CP0St_UX)) != 0;
1175            int KX = (env->CP0_Status & (1 << CP0St_KX)) != 0;
1176
1177            if ((R != 0 || UX) && (R != 3 || KX) &&
1178                (!(env->insn_flags & (INSN_LOONGSON2E | INSN_LOONGSON2F)))) {
1179                offset = 0x080;
1180            } else {
1181#endif
1182                offset = 0x000;
1183#if defined(TARGET_MIPS64)
1184            }
1185#endif
1186        }
1187        goto set_EPC;
1188    case EXCP_TLBS:
1189        cause = 3;
1190        update_badinstr = 1;
1191        if ((env->error_code & EXCP_TLB_NOMATCH) &&
1192            !(env->CP0_Status & (1 << CP0St_EXL))) {
1193#if defined(TARGET_MIPS64)
1194            int R = env->CP0_BadVAddr >> 62;
1195            int UX = (env->CP0_Status & (1 << CP0St_UX)) != 0;
1196            int KX = (env->CP0_Status & (1 << CP0St_KX)) != 0;
1197
1198            if ((R != 0 || UX) && (R != 3 || KX) &&
1199                (!(env->insn_flags & (INSN_LOONGSON2E | INSN_LOONGSON2F)))) {
1200                offset = 0x080;
1201            } else {
1202#endif
1203                offset = 0x000;
1204#if defined(TARGET_MIPS64)
1205            }
1206#endif
1207        }
1208        goto set_EPC;
1209    case EXCP_AdEL:
1210        cause = 4;
1211        update_badinstr = !(env->error_code & EXCP_INST_NOTAVAIL);
1212        goto set_EPC;
1213    case EXCP_AdES:
1214        cause = 5;
1215        update_badinstr = 1;
1216        goto set_EPC;
1217    case EXCP_IBE:
1218        cause = 6;
1219        goto set_EPC;
1220    case EXCP_DBE:
1221        cause = 7;
1222        goto set_EPC;
1223    case EXCP_SYSCALL:
1224        cause = 8;
1225        update_badinstr = 1;
1226        goto set_EPC;
1227    case EXCP_BREAK:
1228        cause = 9;
1229        update_badinstr = 1;
1230        goto set_EPC;
1231    case EXCP_RI:
1232        cause = 10;
1233        update_badinstr = 1;
1234        goto set_EPC;
1235    case EXCP_CpU:
1236        cause = 11;
1237        update_badinstr = 1;
1238        env->CP0_Cause = (env->CP0_Cause & ~(0x3 << CP0Ca_CE)) |
1239                         (env->error_code << CP0Ca_CE);
1240        goto set_EPC;
1241    case EXCP_OVERFLOW:
1242        cause = 12;
1243        update_badinstr = 1;
1244        goto set_EPC;
1245    case EXCP_TRAP:
1246        cause = 13;
1247        update_badinstr = 1;
1248        goto set_EPC;
1249    case EXCP_MSAFPE:
1250        cause = 14;
1251        update_badinstr = 1;
1252        goto set_EPC;
1253    case EXCP_FPE:
1254        cause = 15;
1255        update_badinstr = 1;
1256        goto set_EPC;
1257    case EXCP_C2E:
1258        cause = 18;
1259        goto set_EPC;
1260    case EXCP_TLBRI:
1261        cause = 19;
1262        update_badinstr = 1;
1263        goto set_EPC;
1264    case EXCP_TLBXI:
1265        cause = 20;
1266        goto set_EPC;
1267    case EXCP_MSADIS:
1268        cause = 21;
1269        update_badinstr = 1;
1270        goto set_EPC;
1271    case EXCP_MDMX:
1272        cause = 22;
1273        goto set_EPC;
1274    case EXCP_DWATCH:
1275        cause = 23;
1276        /* XXX: TODO: manage deferred watch exceptions */
1277        goto set_EPC;
1278    case EXCP_MCHECK:
1279        cause = 24;
1280        goto set_EPC;
1281    case EXCP_THREAD:
1282        cause = 25;
1283        goto set_EPC;
1284    case EXCP_DSPDIS:
1285        cause = 26;
1286        goto set_EPC;
1287    case EXCP_CACHE:
1288        cause = 30;
1289        offset = 0x100;
1290 set_EPC:
1291        if (!(env->CP0_Status & (1 << CP0St_EXL))) {
1292            env->CP0_EPC = exception_resume_pc(env);
1293            if (update_badinstr) {
1294                set_badinstr_registers(env);
1295            }
1296            if (env->hflags & MIPS_HFLAG_BMASK) {
1297                env->CP0_Cause |= (1U << CP0Ca_BD);
1298            } else {
1299                env->CP0_Cause &= ~(1U << CP0Ca_BD);
1300            }
1301            env->CP0_Status |= (1 << CP0St_EXL);
1302            if (env->insn_flags & ISA_MIPS3) {
1303                env->hflags |= MIPS_HFLAG_64;
1304                if (!(env->insn_flags & ISA_MIPS_R6) ||
1305                    env->CP0_Status & (1 << CP0St_KX)) {
1306                    env->hflags &= ~MIPS_HFLAG_AWRAP;
1307                }
1308            }
1309            env->hflags |= MIPS_HFLAG_CP0;
1310            env->hflags &= ~(MIPS_HFLAG_KSU);
1311        }
1312        env->hflags &= ~MIPS_HFLAG_BMASK;
1313        if (env->CP0_Status & (1 << CP0St_BEV)) {
1314            env->active_tc.PC = env->exception_base + 0x200;
1315        } else if (cause == 30 && !(env->CP0_Config3 & (1 << CP0C3_SC) &&
1316                                    env->CP0_Config5 & (1 << CP0C5_CV))) {
1317            /* Force KSeg1 for cache errors */
1318            env->active_tc.PC = KSEG1_BASE | (env->CP0_EBase & 0x1FFFF000);
1319        } else {
1320            env->active_tc.PC = env->CP0_EBase & ~0xfff;
1321        }
1322
1323        env->active_tc.PC += offset;
1324        set_hflags_for_handler(env);
1325        env->CP0_Cause = (env->CP0_Cause & ~(0x1f << CP0Ca_EC)) |
1326                         (cause << CP0Ca_EC);
1327        break;
1328    default:
1329        abort();
1330    }
1331    if (qemu_loglevel_mask(CPU_LOG_INT)
1332        && cs->exception_index != EXCP_EXT_INTERRUPT) {
1333        qemu_log("%s: PC " TARGET_FMT_lx " EPC " TARGET_FMT_lx " cause %d\n"
1334                 "    S %08x C %08x A " TARGET_FMT_lx " D " TARGET_FMT_lx "\n",
1335                 __func__, env->active_tc.PC, env->CP0_EPC, cause,
1336                 env->CP0_Status, env->CP0_Cause, env->CP0_BadVAddr,
1337                 env->CP0_DEPC);
1338    }
1339    cs->exception_index = EXCP_NONE;
1340}
1341
1342bool mips_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
1343{
1344    if (interrupt_request & CPU_INTERRUPT_HARD) {
1345        MIPSCPU *cpu = MIPS_CPU(cs);
1346        CPUMIPSState *env = &cpu->env;
1347
1348        if (cpu_mips_hw_interrupts_enabled(env) &&
1349            cpu_mips_hw_interrupts_pending(env)) {
1350            /* Raise it */
1351            cs->exception_index = EXCP_EXT_INTERRUPT;
1352            env->error_code = 0;
1353            mips_cpu_do_interrupt(cs);
1354            return true;
1355        }
1356    }
1357    return false;
1358}
1359
1360void r4k_invalidate_tlb(CPUMIPSState *env, int idx, int use_extra)
1361{
1362    CPUState *cs = env_cpu(env);
1363    r4k_tlb_t *tlb;
1364    target_ulong addr;
1365    target_ulong end;
1366    uint16_t ASID = env->CP0_EntryHi & env->CP0_EntryHi_ASID_mask;
1367    uint32_t MMID = env->CP0_MemoryMapID;
1368    bool mi = !!((env->CP0_Config5 >> CP0C5_MI) & 1);
1369    uint32_t tlb_mmid;
1370    target_ulong mask;
1371
1372    MMID = mi ? MMID : (uint32_t) ASID;
1373
1374    tlb = &env->tlb->mmu.r4k.tlb[idx];
1375    /*
1376     * The qemu TLB is flushed when the ASID/MMID changes, so no need to
1377     * flush these entries again.
1378     */
1379    tlb_mmid = mi ? tlb->MMID : (uint32_t) tlb->ASID;
1380    if (tlb->G == 0 && tlb_mmid != MMID) {
1381        return;
1382    }
1383
1384    if (use_extra && env->tlb->tlb_in_use < MIPS_TLB_MAX) {
1385        /*
1386         * For tlbwr, we can shadow the discarded entry into
1387         * a new (fake) TLB entry, as long as the guest can not
1388         * tell that it's there.
1389         */
1390        env->tlb->mmu.r4k.tlb[env->tlb->tlb_in_use] = *tlb;
1391        env->tlb->tlb_in_use++;
1392        return;
1393    }
1394
1395    /* 1k pages are not supported. */
1396    mask = tlb->PageMask | ~(TARGET_PAGE_MASK << 1);
1397    if (tlb->V0) {
1398        addr = tlb->VPN & ~mask;
1399#if defined(TARGET_MIPS64)
1400        if (addr >= (0xFFFFFFFF80000000ULL & env->SEGMask)) {
1401            addr |= 0x3FFFFF0000000000ULL;
1402        }
1403#endif
1404        end = addr | (mask >> 1);
1405        while (addr < end) {
1406            tlb_flush_page(cs, addr);
1407            addr += TARGET_PAGE_SIZE;
1408        }
1409    }
1410    if (tlb->V1) {
1411        addr = (tlb->VPN & ~mask) | ((mask >> 1) + 1);
1412#if defined(TARGET_MIPS64)
1413        if (addr >= (0xFFFFFFFF80000000ULL & env->SEGMask)) {
1414            addr |= 0x3FFFFF0000000000ULL;
1415        }
1416#endif
1417        end = addr | mask;
1418        while (addr - 1 < end) {
1419            tlb_flush_page(cs, addr);
1420            addr += TARGET_PAGE_SIZE;
1421        }
1422    }
1423}
1424