scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952)
[qemu.git] / target-xtensa / helper.c
1 /*
2 * Copyright (c) 2011, Max Filippov, Open Source and Linux Lab.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 * * Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * * Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * * Neither the name of the Open Source and Linux Lab nor the
13 * names of its contributors may be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 #include "qemu/osdep.h"
29 #include "cpu.h"
30 #include "exec/exec-all.h"
31 #include "exec/gdbstub.h"
32 #include "qemu/host-utils.h"
33 #if !defined(CONFIG_USER_ONLY)
34 #include "hw/loader.h"
35 #endif
36
37 static struct XtensaConfigList *xtensa_cores;
38
39 static void xtensa_core_class_init(ObjectClass *oc, void *data)
40 {
41 CPUClass *cc = CPU_CLASS(oc);
42 XtensaCPUClass *xcc = XTENSA_CPU_CLASS(oc);
43 const XtensaConfig *config = data;
44
45 xcc->config = config;
46
47 /* Use num_core_regs to see only non-privileged registers in an unmodified
48 * gdb. Use num_regs to see all registers. gdb modification is required
49 * for that: reset bit 0 in the 'flags' field of the registers definitions
50 * in the gdb/xtensa-config.c inside gdb source tree or inside gdb overlay.
51 */
52 cc->gdb_num_core_regs = config->gdb_regmap.num_regs;
53 }
54
55 void xtensa_finalize_config(XtensaConfig *config)
56 {
57 unsigned i, n = 0;
58
59 if (config->gdb_regmap.num_regs) {
60 return;
61 }
62
63 for (i = 0; config->gdb_regmap.reg[i].targno >= 0; ++i) {
64 n += (config->gdb_regmap.reg[i].type != 6);
65 }
66 config->gdb_regmap.num_regs = n;
67 }
68
69 void xtensa_register_core(XtensaConfigList *node)
70 {
71 TypeInfo type = {
72 .parent = TYPE_XTENSA_CPU,
73 .class_init = xtensa_core_class_init,
74 .class_data = (void *)node->config,
75 };
76
77 node->next = xtensa_cores;
78 xtensa_cores = node;
79 type.name = g_strdup_printf("%s-" TYPE_XTENSA_CPU, node->config->name);
80 type_register(&type);
81 g_free((gpointer)type.name);
82 }
83
84 static uint32_t check_hw_breakpoints(CPUXtensaState *env)
85 {
86 unsigned i;
87
88 for (i = 0; i < env->config->ndbreak; ++i) {
89 if (env->cpu_watchpoint[i] &&
90 env->cpu_watchpoint[i]->flags & BP_WATCHPOINT_HIT) {
91 return DEBUGCAUSE_DB | (i << DEBUGCAUSE_DBNUM_SHIFT);
92 }
93 }
94 return 0;
95 }
96
97 void xtensa_breakpoint_handler(CPUState *cs)
98 {
99 XtensaCPU *cpu = XTENSA_CPU(cs);
100 CPUXtensaState *env = &cpu->env;
101
102 if (cs->watchpoint_hit) {
103 if (cs->watchpoint_hit->flags & BP_CPU) {
104 uint32_t cause;
105
106 cs->watchpoint_hit = NULL;
107 cause = check_hw_breakpoints(env);
108 if (cause) {
109 debug_exception_env(env, cause);
110 }
111 cpu_resume_from_signal(cs, NULL);
112 }
113 }
114 }
115
116 XtensaCPU *cpu_xtensa_init(const char *cpu_model)
117 {
118 ObjectClass *oc;
119 XtensaCPU *cpu;
120 CPUXtensaState *env;
121
122 oc = cpu_class_by_name(TYPE_XTENSA_CPU, cpu_model);
123 if (oc == NULL) {
124 return NULL;
125 }
126
127 cpu = XTENSA_CPU(object_new(object_class_get_name(oc)));
128 env = &cpu->env;
129
130 xtensa_irq_init(env);
131
132 object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
133
134 return cpu;
135 }
136
137
138 void xtensa_cpu_list(FILE *f, fprintf_function cpu_fprintf)
139 {
140 XtensaConfigList *core = xtensa_cores;
141 cpu_fprintf(f, "Available CPUs:\n");
142 for (; core; core = core->next) {
143 cpu_fprintf(f, " %s\n", core->config->name);
144 }
145 }
146
147 hwaddr xtensa_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
148 {
149 XtensaCPU *cpu = XTENSA_CPU(cs);
150 uint32_t paddr;
151 uint32_t page_size;
152 unsigned access;
153
154 if (xtensa_get_physical_addr(&cpu->env, false, addr, 0, 0,
155 &paddr, &page_size, &access) == 0) {
156 return paddr;
157 }
158 if (xtensa_get_physical_addr(&cpu->env, false, addr, 2, 0,
159 &paddr, &page_size, &access) == 0) {
160 return paddr;
161 }
162 return ~0;
163 }
164
165 static uint32_t relocated_vector(CPUXtensaState *env, uint32_t vector)
166 {
167 if (xtensa_option_enabled(env->config,
168 XTENSA_OPTION_RELOCATABLE_VECTOR)) {
169 return vector - env->config->vecbase + env->sregs[VECBASE];
170 } else {
171 return vector;
172 }
173 }
174
175 /*!
176 * Handle penging IRQ.
177 * For the high priority interrupt jump to the corresponding interrupt vector.
178 * For the level-1 interrupt convert it to either user, kernel or double
179 * exception with the 'level-1 interrupt' exception cause.
180 */
181 static void handle_interrupt(CPUXtensaState *env)
182 {
183 int level = env->pending_irq_level;
184
185 if (level > xtensa_get_cintlevel(env) &&
186 level <= env->config->nlevel &&
187 (env->config->level_mask[level] &
188 env->sregs[INTSET] &
189 env->sregs[INTENABLE])) {
190 CPUState *cs = CPU(xtensa_env_get_cpu(env));
191
192 if (level > 1) {
193 env->sregs[EPC1 + level - 1] = env->pc;
194 env->sregs[EPS2 + level - 2] = env->sregs[PS];
195 env->sregs[PS] =
196 (env->sregs[PS] & ~PS_INTLEVEL) | level | PS_EXCM;
197 env->pc = relocated_vector(env,
198 env->config->interrupt_vector[level]);
199 } else {
200 env->sregs[EXCCAUSE] = LEVEL1_INTERRUPT_CAUSE;
201
202 if (env->sregs[PS] & PS_EXCM) {
203 if (env->config->ndepc) {
204 env->sregs[DEPC] = env->pc;
205 } else {
206 env->sregs[EPC1] = env->pc;
207 }
208 cs->exception_index = EXC_DOUBLE;
209 } else {
210 env->sregs[EPC1] = env->pc;
211 cs->exception_index =
212 (env->sregs[PS] & PS_UM) ? EXC_USER : EXC_KERNEL;
213 }
214 env->sregs[PS] |= PS_EXCM;
215 }
216 env->exception_taken = 1;
217 }
218 }
219
220 void xtensa_cpu_do_interrupt(CPUState *cs)
221 {
222 XtensaCPU *cpu = XTENSA_CPU(cs);
223 CPUXtensaState *env = &cpu->env;
224
225 if (cs->exception_index == EXC_IRQ) {
226 qemu_log_mask(CPU_LOG_INT,
227 "%s(EXC_IRQ) level = %d, cintlevel = %d, "
228 "pc = %08x, a0 = %08x, ps = %08x, "
229 "intset = %08x, intenable = %08x, "
230 "ccount = %08x\n",
231 __func__, env->pending_irq_level, xtensa_get_cintlevel(env),
232 env->pc, env->regs[0], env->sregs[PS],
233 env->sregs[INTSET], env->sregs[INTENABLE],
234 env->sregs[CCOUNT]);
235 handle_interrupt(env);
236 }
237
238 switch (cs->exception_index) {
239 case EXC_WINDOW_OVERFLOW4:
240 case EXC_WINDOW_UNDERFLOW4:
241 case EXC_WINDOW_OVERFLOW8:
242 case EXC_WINDOW_UNDERFLOW8:
243 case EXC_WINDOW_OVERFLOW12:
244 case EXC_WINDOW_UNDERFLOW12:
245 case EXC_KERNEL:
246 case EXC_USER:
247 case EXC_DOUBLE:
248 case EXC_DEBUG:
249 qemu_log_mask(CPU_LOG_INT, "%s(%d) "
250 "pc = %08x, a0 = %08x, ps = %08x, ccount = %08x\n",
251 __func__, cs->exception_index,
252 env->pc, env->regs[0], env->sregs[PS], env->sregs[CCOUNT]);
253 if (env->config->exception_vector[cs->exception_index]) {
254 env->pc = relocated_vector(env,
255 env->config->exception_vector[cs->exception_index]);
256 env->exception_taken = 1;
257 } else {
258 qemu_log_mask(CPU_LOG_INT, "%s(pc = %08x) bad exception_index: %d\n",
259 __func__, env->pc, cs->exception_index);
260 }
261 break;
262
263 case EXC_IRQ:
264 break;
265
266 default:
267 qemu_log("%s(pc = %08x) unknown exception_index: %d\n",
268 __func__, env->pc, cs->exception_index);
269 break;
270 }
271 check_interrupts(env);
272 }
273
274 bool xtensa_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
275 {
276 if (interrupt_request & CPU_INTERRUPT_HARD) {
277 cs->exception_index = EXC_IRQ;
278 xtensa_cpu_do_interrupt(cs);
279 return true;
280 }
281 return false;
282 }
283
284 static void reset_tlb_mmu_all_ways(CPUXtensaState *env,
285 const xtensa_tlb *tlb, xtensa_tlb_entry entry[][MAX_TLB_WAY_SIZE])
286 {
287 unsigned wi, ei;
288
289 for (wi = 0; wi < tlb->nways; ++wi) {
290 for (ei = 0; ei < tlb->way_size[wi]; ++ei) {
291 entry[wi][ei].asid = 0;
292 entry[wi][ei].variable = true;
293 }
294 }
295 }
296
297 static void reset_tlb_mmu_ways56(CPUXtensaState *env,
298 const xtensa_tlb *tlb, xtensa_tlb_entry entry[][MAX_TLB_WAY_SIZE])
299 {
300 if (!tlb->varway56) {
301 static const xtensa_tlb_entry way5[] = {
302 {
303 .vaddr = 0xd0000000,
304 .paddr = 0,
305 .asid = 1,
306 .attr = 7,
307 .variable = false,
308 }, {
309 .vaddr = 0xd8000000,
310 .paddr = 0,
311 .asid = 1,
312 .attr = 3,
313 .variable = false,
314 }
315 };
316 static const xtensa_tlb_entry way6[] = {
317 {
318 .vaddr = 0xe0000000,
319 .paddr = 0xf0000000,
320 .asid = 1,
321 .attr = 7,
322 .variable = false,
323 }, {
324 .vaddr = 0xf0000000,
325 .paddr = 0xf0000000,
326 .asid = 1,
327 .attr = 3,
328 .variable = false,
329 }
330 };
331 memcpy(entry[5], way5, sizeof(way5));
332 memcpy(entry[6], way6, sizeof(way6));
333 } else {
334 uint32_t ei;
335 for (ei = 0; ei < 8; ++ei) {
336 entry[6][ei].vaddr = ei << 29;
337 entry[6][ei].paddr = ei << 29;
338 entry[6][ei].asid = 1;
339 entry[6][ei].attr = 3;
340 }
341 }
342 }
343
344 static void reset_tlb_region_way0(CPUXtensaState *env,
345 xtensa_tlb_entry entry[][MAX_TLB_WAY_SIZE])
346 {
347 unsigned ei;
348
349 for (ei = 0; ei < 8; ++ei) {
350 entry[0][ei].vaddr = ei << 29;
351 entry[0][ei].paddr = ei << 29;
352 entry[0][ei].asid = 1;
353 entry[0][ei].attr = 2;
354 entry[0][ei].variable = true;
355 }
356 }
357
358 void reset_mmu(CPUXtensaState *env)
359 {
360 if (xtensa_option_enabled(env->config, XTENSA_OPTION_MMU)) {
361 env->sregs[RASID] = 0x04030201;
362 env->sregs[ITLBCFG] = 0;
363 env->sregs[DTLBCFG] = 0;
364 env->autorefill_idx = 0;
365 reset_tlb_mmu_all_ways(env, &env->config->itlb, env->itlb);
366 reset_tlb_mmu_all_ways(env, &env->config->dtlb, env->dtlb);
367 reset_tlb_mmu_ways56(env, &env->config->itlb, env->itlb);
368 reset_tlb_mmu_ways56(env, &env->config->dtlb, env->dtlb);
369 } else {
370 reset_tlb_region_way0(env, env->itlb);
371 reset_tlb_region_way0(env, env->dtlb);
372 }
373 }
374
375 static unsigned get_ring(const CPUXtensaState *env, uint8_t asid)
376 {
377 unsigned i;
378 for (i = 0; i < 4; ++i) {
379 if (((env->sregs[RASID] >> i * 8) & 0xff) == asid) {
380 return i;
381 }
382 }
383 return 0xff;
384 }
385
386 /*!
387 * Lookup xtensa TLB for the given virtual address.
388 * See ISA, 4.6.2.2
389 *
390 * \param pwi: [out] way index
391 * \param pei: [out] entry index
392 * \param pring: [out] access ring
393 * \return 0 if ok, exception cause code otherwise
394 */
395 int xtensa_tlb_lookup(const CPUXtensaState *env, uint32_t addr, bool dtlb,
396 uint32_t *pwi, uint32_t *pei, uint8_t *pring)
397 {
398 const xtensa_tlb *tlb = dtlb ?
399 &env->config->dtlb : &env->config->itlb;
400 const xtensa_tlb_entry (*entry)[MAX_TLB_WAY_SIZE] = dtlb ?
401 env->dtlb : env->itlb;
402
403 int nhits = 0;
404 unsigned wi;
405
406 for (wi = 0; wi < tlb->nways; ++wi) {
407 uint32_t vpn;
408 uint32_t ei;
409 split_tlb_entry_spec_way(env, addr, dtlb, &vpn, wi, &ei);
410 if (entry[wi][ei].vaddr == vpn && entry[wi][ei].asid) {
411 unsigned ring = get_ring(env, entry[wi][ei].asid);
412 if (ring < 4) {
413 if (++nhits > 1) {
414 return dtlb ?
415 LOAD_STORE_TLB_MULTI_HIT_CAUSE :
416 INST_TLB_MULTI_HIT_CAUSE;
417 }
418 *pwi = wi;
419 *pei = ei;
420 *pring = ring;
421 }
422 }
423 }
424 return nhits ? 0 :
425 (dtlb ? LOAD_STORE_TLB_MISS_CAUSE : INST_TLB_MISS_CAUSE);
426 }
427
428 /*!
429 * Convert MMU ATTR to PAGE_{READ,WRITE,EXEC} mask.
430 * See ISA, 4.6.5.10
431 */
432 static unsigned mmu_attr_to_access(uint32_t attr)
433 {
434 unsigned access = 0;
435
436 if (attr < 12) {
437 access |= PAGE_READ;
438 if (attr & 0x1) {
439 access |= PAGE_EXEC;
440 }
441 if (attr & 0x2) {
442 access |= PAGE_WRITE;
443 }
444
445 switch (attr & 0xc) {
446 case 0:
447 access |= PAGE_CACHE_BYPASS;
448 break;
449
450 case 4:
451 access |= PAGE_CACHE_WB;
452 break;
453
454 case 8:
455 access |= PAGE_CACHE_WT;
456 break;
457 }
458 } else if (attr == 13) {
459 access |= PAGE_READ | PAGE_WRITE | PAGE_CACHE_ISOLATE;
460 }
461 return access;
462 }
463
464 /*!
465 * Convert region protection ATTR to PAGE_{READ,WRITE,EXEC} mask.
466 * See ISA, 4.6.3.3
467 */
468 static unsigned region_attr_to_access(uint32_t attr)
469 {
470 static const unsigned access[16] = {
471 [0] = PAGE_READ | PAGE_WRITE | PAGE_CACHE_WT,
472 [1] = PAGE_READ | PAGE_WRITE | PAGE_EXEC | PAGE_CACHE_WT,
473 [2] = PAGE_READ | PAGE_WRITE | PAGE_EXEC | PAGE_CACHE_BYPASS,
474 [3] = PAGE_EXEC | PAGE_CACHE_WB,
475 [4] = PAGE_READ | PAGE_WRITE | PAGE_EXEC | PAGE_CACHE_WB,
476 [5] = PAGE_READ | PAGE_WRITE | PAGE_EXEC | PAGE_CACHE_WB,
477 [14] = PAGE_READ | PAGE_WRITE | PAGE_CACHE_ISOLATE,
478 };
479
480 return access[attr & 0xf];
481 }
482
483 /*!
484 * Convert cacheattr to PAGE_{READ,WRITE,EXEC} mask.
485 * See ISA, A.2.14 The Cache Attribute Register
486 */
487 static unsigned cacheattr_attr_to_access(uint32_t attr)
488 {
489 static const unsigned access[16] = {
490 [0] = PAGE_READ | PAGE_WRITE | PAGE_CACHE_WT,
491 [1] = PAGE_READ | PAGE_WRITE | PAGE_EXEC | PAGE_CACHE_WT,
492 [2] = PAGE_READ | PAGE_WRITE | PAGE_EXEC | PAGE_CACHE_BYPASS,
493 [3] = PAGE_EXEC | PAGE_CACHE_WB,
494 [4] = PAGE_READ | PAGE_WRITE | PAGE_EXEC | PAGE_CACHE_WB,
495 [14] = PAGE_READ | PAGE_WRITE | PAGE_CACHE_ISOLATE,
496 };
497
498 return access[attr & 0xf];
499 }
500
501 static bool is_access_granted(unsigned access, int is_write)
502 {
503 switch (is_write) {
504 case 0:
505 return access & PAGE_READ;
506
507 case 1:
508 return access & PAGE_WRITE;
509
510 case 2:
511 return access & PAGE_EXEC;
512
513 default:
514 return 0;
515 }
516 }
517
518 static int get_pte(CPUXtensaState *env, uint32_t vaddr, uint32_t *pte);
519
520 static int get_physical_addr_mmu(CPUXtensaState *env, bool update_tlb,
521 uint32_t vaddr, int is_write, int mmu_idx,
522 uint32_t *paddr, uint32_t *page_size, unsigned *access,
523 bool may_lookup_pt)
524 {
525 bool dtlb = is_write != 2;
526 uint32_t wi;
527 uint32_t ei;
528 uint8_t ring;
529 uint32_t vpn;
530 uint32_t pte;
531 const xtensa_tlb_entry *entry = NULL;
532 xtensa_tlb_entry tmp_entry;
533 int ret = xtensa_tlb_lookup(env, vaddr, dtlb, &wi, &ei, &ring);
534
535 if ((ret == INST_TLB_MISS_CAUSE || ret == LOAD_STORE_TLB_MISS_CAUSE) &&
536 may_lookup_pt && get_pte(env, vaddr, &pte) == 0) {
537 ring = (pte >> 4) & 0x3;
538 wi = 0;
539 split_tlb_entry_spec_way(env, vaddr, dtlb, &vpn, wi, &ei);
540
541 if (update_tlb) {
542 wi = ++env->autorefill_idx & 0x3;
543 xtensa_tlb_set_entry(env, dtlb, wi, ei, vpn, pte);
544 env->sregs[EXCVADDR] = vaddr;
545 qemu_log_mask(CPU_LOG_MMU, "%s: autorefill(%08x): %08x -> %08x\n",
546 __func__, vaddr, vpn, pte);
547 } else {
548 xtensa_tlb_set_entry_mmu(env, &tmp_entry, dtlb, wi, ei, vpn, pte);
549 entry = &tmp_entry;
550 }
551 ret = 0;
552 }
553 if (ret != 0) {
554 return ret;
555 }
556
557 if (entry == NULL) {
558 entry = xtensa_tlb_get_entry(env, dtlb, wi, ei);
559 }
560
561 if (ring < mmu_idx) {
562 return dtlb ?
563 LOAD_STORE_PRIVILEGE_CAUSE :
564 INST_FETCH_PRIVILEGE_CAUSE;
565 }
566
567 *access = mmu_attr_to_access(entry->attr) &
568 ~(dtlb ? PAGE_EXEC : PAGE_READ | PAGE_WRITE);
569 if (!is_access_granted(*access, is_write)) {
570 return dtlb ?
571 (is_write ?
572 STORE_PROHIBITED_CAUSE :
573 LOAD_PROHIBITED_CAUSE) :
574 INST_FETCH_PROHIBITED_CAUSE;
575 }
576
577 *paddr = entry->paddr | (vaddr & ~xtensa_tlb_get_addr_mask(env, dtlb, wi));
578 *page_size = ~xtensa_tlb_get_addr_mask(env, dtlb, wi) + 1;
579
580 return 0;
581 }
582
583 static int get_pte(CPUXtensaState *env, uint32_t vaddr, uint32_t *pte)
584 {
585 CPUState *cs = CPU(xtensa_env_get_cpu(env));
586 uint32_t paddr;
587 uint32_t page_size;
588 unsigned access;
589 uint32_t pt_vaddr =
590 (env->sregs[PTEVADDR] | (vaddr >> 10)) & 0xfffffffc;
591 int ret = get_physical_addr_mmu(env, false, pt_vaddr, 0, 0,
592 &paddr, &page_size, &access, false);
593
594 qemu_log_mask(CPU_LOG_MMU, "%s: trying autorefill(%08x) -> %08x\n",
595 __func__, vaddr, ret ? ~0 : paddr);
596
597 if (ret == 0) {
598 *pte = ldl_phys(cs->as, paddr);
599 }
600 return ret;
601 }
602
603 static int get_physical_addr_region(CPUXtensaState *env,
604 uint32_t vaddr, int is_write, int mmu_idx,
605 uint32_t *paddr, uint32_t *page_size, unsigned *access)
606 {
607 bool dtlb = is_write != 2;
608 uint32_t wi = 0;
609 uint32_t ei = (vaddr >> 29) & 0x7;
610 const xtensa_tlb_entry *entry =
611 xtensa_tlb_get_entry(env, dtlb, wi, ei);
612
613 *access = region_attr_to_access(entry->attr);
614 if (!is_access_granted(*access, is_write)) {
615 return dtlb ?
616 (is_write ?
617 STORE_PROHIBITED_CAUSE :
618 LOAD_PROHIBITED_CAUSE) :
619 INST_FETCH_PROHIBITED_CAUSE;
620 }
621
622 *paddr = entry->paddr | (vaddr & ~REGION_PAGE_MASK);
623 *page_size = ~REGION_PAGE_MASK + 1;
624
625 return 0;
626 }
627
628 /*!
629 * Convert virtual address to physical addr.
630 * MMU may issue pagewalk and change xtensa autorefill TLB way entry.
631 *
632 * \return 0 if ok, exception cause code otherwise
633 */
634 int xtensa_get_physical_addr(CPUXtensaState *env, bool update_tlb,
635 uint32_t vaddr, int is_write, int mmu_idx,
636 uint32_t *paddr, uint32_t *page_size, unsigned *access)
637 {
638 if (xtensa_option_enabled(env->config, XTENSA_OPTION_MMU)) {
639 return get_physical_addr_mmu(env, update_tlb,
640 vaddr, is_write, mmu_idx, paddr, page_size, access, true);
641 } else if (xtensa_option_bits_enabled(env->config,
642 XTENSA_OPTION_BIT(XTENSA_OPTION_REGION_PROTECTION) |
643 XTENSA_OPTION_BIT(XTENSA_OPTION_REGION_TRANSLATION))) {
644 return get_physical_addr_region(env, vaddr, is_write, mmu_idx,
645 paddr, page_size, access);
646 } else {
647 *paddr = vaddr;
648 *page_size = TARGET_PAGE_SIZE;
649 *access = cacheattr_attr_to_access(
650 env->sregs[CACHEATTR] >> ((vaddr & 0xe0000000) >> 27));
651 return 0;
652 }
653 }
654
655 static void dump_tlb(FILE *f, fprintf_function cpu_fprintf,
656 CPUXtensaState *env, bool dtlb)
657 {
658 unsigned wi, ei;
659 const xtensa_tlb *conf =
660 dtlb ? &env->config->dtlb : &env->config->itlb;
661 unsigned (*attr_to_access)(uint32_t) =
662 xtensa_option_enabled(env->config, XTENSA_OPTION_MMU) ?
663 mmu_attr_to_access : region_attr_to_access;
664
665 for (wi = 0; wi < conf->nways; ++wi) {
666 uint32_t sz = ~xtensa_tlb_get_addr_mask(env, dtlb, wi) + 1;
667 const char *sz_text;
668 bool print_header = true;
669
670 if (sz >= 0x100000) {
671 sz >>= 20;
672 sz_text = "MB";
673 } else {
674 sz >>= 10;
675 sz_text = "KB";
676 }
677
678 for (ei = 0; ei < conf->way_size[wi]; ++ei) {
679 const xtensa_tlb_entry *entry =
680 xtensa_tlb_get_entry(env, dtlb, wi, ei);
681
682 if (entry->asid) {
683 static const char * const cache_text[8] = {
684 [PAGE_CACHE_BYPASS >> PAGE_CACHE_SHIFT] = "Bypass",
685 [PAGE_CACHE_WT >> PAGE_CACHE_SHIFT] = "WT",
686 [PAGE_CACHE_WB >> PAGE_CACHE_SHIFT] = "WB",
687 [PAGE_CACHE_ISOLATE >> PAGE_CACHE_SHIFT] = "Isolate",
688 };
689 unsigned access = attr_to_access(entry->attr);
690 unsigned cache_idx = (access & PAGE_CACHE_MASK) >>
691 PAGE_CACHE_SHIFT;
692
693 if (print_header) {
694 print_header = false;
695 cpu_fprintf(f, "Way %u (%d %s)\n", wi, sz, sz_text);
696 cpu_fprintf(f,
697 "\tVaddr Paddr ASID Attr RWX Cache\n"
698 "\t---------- ---------- ---- ---- --- -------\n");
699 }
700 cpu_fprintf(f,
701 "\t0x%08x 0x%08x 0x%02x 0x%02x %c%c%c %-7s\n",
702 entry->vaddr,
703 entry->paddr,
704 entry->asid,
705 entry->attr,
706 (access & PAGE_READ) ? 'R' : '-',
707 (access & PAGE_WRITE) ? 'W' : '-',
708 (access & PAGE_EXEC) ? 'X' : '-',
709 cache_text[cache_idx] ? cache_text[cache_idx] :
710 "Invalid");
711 }
712 }
713 }
714 }
715
716 void dump_mmu(FILE *f, fprintf_function cpu_fprintf, CPUXtensaState *env)
717 {
718 if (xtensa_option_bits_enabled(env->config,
719 XTENSA_OPTION_BIT(XTENSA_OPTION_REGION_PROTECTION) |
720 XTENSA_OPTION_BIT(XTENSA_OPTION_REGION_TRANSLATION) |
721 XTENSA_OPTION_BIT(XTENSA_OPTION_MMU))) {
722
723 cpu_fprintf(f, "ITLB:\n");
724 dump_tlb(f, cpu_fprintf, env, false);
725 cpu_fprintf(f, "\nDTLB:\n");
726 dump_tlb(f, cpu_fprintf, env, true);
727 } else {
728 cpu_fprintf(f, "No TLB for this CPU core\n");
729 }
730 }