scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952)
[qemu.git] / target-xtensa / op_helper.c
1 /*
2 * Copyright (c) 2011, Max Filippov, Open Source and Linux Lab.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 * * Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * * Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * * Neither the name of the Open Source and Linux Lab nor the
13 * names of its contributors may be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 #include "qemu/osdep.h"
29 #include "cpu.h"
30 #include "exec/helper-proto.h"
31 #include "qemu/host-utils.h"
32 #include "exec/exec-all.h"
33 #include "exec/cpu_ldst.h"
34 #include "exec/address-spaces.h"
35 #include "qemu/timer.h"
36
37 void xtensa_cpu_do_unaligned_access(CPUState *cs,
38 vaddr addr, int is_write, int is_user, uintptr_t retaddr)
39 {
40 XtensaCPU *cpu = XTENSA_CPU(cs);
41 CPUXtensaState *env = &cpu->env;
42
43 if (xtensa_option_enabled(env->config, XTENSA_OPTION_UNALIGNED_EXCEPTION) &&
44 !xtensa_option_enabled(env->config, XTENSA_OPTION_HW_ALIGNMENT)) {
45 cpu_restore_state(CPU(cpu), retaddr);
46 HELPER(exception_cause_vaddr)(env,
47 env->pc, LOAD_STORE_ALIGNMENT_CAUSE, addr);
48 }
49 }
50
51 void tlb_fill(CPUState *cs,
52 target_ulong vaddr, int is_write, int mmu_idx, uintptr_t retaddr)
53 {
54 XtensaCPU *cpu = XTENSA_CPU(cs);
55 CPUXtensaState *env = &cpu->env;
56 uint32_t paddr;
57 uint32_t page_size;
58 unsigned access;
59 int ret = xtensa_get_physical_addr(env, true, vaddr, is_write, mmu_idx,
60 &paddr, &page_size, &access);
61
62 qemu_log_mask(CPU_LOG_MMU, "%s(%08x, %d, %d) -> %08x, ret = %d\n",
63 __func__, vaddr, is_write, mmu_idx, paddr, ret);
64
65 if (ret == 0) {
66 tlb_set_page(cs,
67 vaddr & TARGET_PAGE_MASK,
68 paddr & TARGET_PAGE_MASK,
69 access, mmu_idx, page_size);
70 } else {
71 cpu_restore_state(cs, retaddr);
72 HELPER(exception_cause_vaddr)(env, env->pc, ret, vaddr);
73 }
74 }
75
76 void xtensa_cpu_do_unassigned_access(CPUState *cs, hwaddr addr,
77 bool is_write, bool is_exec, int opaque,
78 unsigned size)
79 {
80 XtensaCPU *cpu = XTENSA_CPU(cs);
81 CPUXtensaState *env = &cpu->env;
82
83 HELPER(exception_cause_vaddr)(env, env->pc,
84 is_exec ?
85 INSTR_PIF_ADDR_ERROR_CAUSE :
86 LOAD_STORE_PIF_ADDR_ERROR_CAUSE,
87 is_exec ? addr : cs->mem_io_vaddr);
88 }
89
90 static void tb_invalidate_virtual_addr(CPUXtensaState *env, uint32_t vaddr)
91 {
92 uint32_t paddr;
93 uint32_t page_size;
94 unsigned access;
95 int ret = xtensa_get_physical_addr(env, false, vaddr, 2, 0,
96 &paddr, &page_size, &access);
97 if (ret == 0) {
98 tb_invalidate_phys_addr(&address_space_memory, paddr);
99 }
100 }
101
102 void HELPER(exception)(CPUXtensaState *env, uint32_t excp)
103 {
104 CPUState *cs = CPU(xtensa_env_get_cpu(env));
105
106 cs->exception_index = excp;
107 if (excp == EXCP_DEBUG) {
108 env->exception_taken = 0;
109 }
110 cpu_loop_exit(cs);
111 }
112
113 void HELPER(exception_cause)(CPUXtensaState *env, uint32_t pc, uint32_t cause)
114 {
115 uint32_t vector;
116
117 env->pc = pc;
118 if (env->sregs[PS] & PS_EXCM) {
119 if (env->config->ndepc) {
120 env->sregs[DEPC] = pc;
121 } else {
122 env->sregs[EPC1] = pc;
123 }
124 vector = EXC_DOUBLE;
125 } else {
126 env->sregs[EPC1] = pc;
127 vector = (env->sregs[PS] & PS_UM) ? EXC_USER : EXC_KERNEL;
128 }
129
130 env->sregs[EXCCAUSE] = cause;
131 env->sregs[PS] |= PS_EXCM;
132
133 HELPER(exception)(env, vector);
134 }
135
136 void HELPER(exception_cause_vaddr)(CPUXtensaState *env,
137 uint32_t pc, uint32_t cause, uint32_t vaddr)
138 {
139 env->sregs[EXCVADDR] = vaddr;
140 HELPER(exception_cause)(env, pc, cause);
141 }
142
143 void debug_exception_env(CPUXtensaState *env, uint32_t cause)
144 {
145 if (xtensa_get_cintlevel(env) < env->config->debug_level) {
146 HELPER(debug_exception)(env, env->pc, cause);
147 }
148 }
149
150 void HELPER(debug_exception)(CPUXtensaState *env, uint32_t pc, uint32_t cause)
151 {
152 unsigned level = env->config->debug_level;
153
154 env->pc = pc;
155 env->sregs[DEBUGCAUSE] = cause;
156 env->sregs[EPC1 + level - 1] = pc;
157 env->sregs[EPS2 + level - 2] = env->sregs[PS];
158 env->sregs[PS] = (env->sregs[PS] & ~PS_INTLEVEL) | PS_EXCM |
159 (level << PS_INTLEVEL_SHIFT);
160 HELPER(exception)(env, EXC_DEBUG);
161 }
162
163 uint32_t HELPER(nsa)(uint32_t v)
164 {
165 if (v & 0x80000000) {
166 v = ~v;
167 }
168 return v ? clz32(v) - 1 : 31;
169 }
170
171 uint32_t HELPER(nsau)(uint32_t v)
172 {
173 return v ? clz32(v) : 32;
174 }
175
176 static void copy_window_from_phys(CPUXtensaState *env,
177 uint32_t window, uint32_t phys, uint32_t n)
178 {
179 assert(phys < env->config->nareg);
180 if (phys + n <= env->config->nareg) {
181 memcpy(env->regs + window, env->phys_regs + phys,
182 n * sizeof(uint32_t));
183 } else {
184 uint32_t n1 = env->config->nareg - phys;
185 memcpy(env->regs + window, env->phys_regs + phys,
186 n1 * sizeof(uint32_t));
187 memcpy(env->regs + window + n1, env->phys_regs,
188 (n - n1) * sizeof(uint32_t));
189 }
190 }
191
192 static void copy_phys_from_window(CPUXtensaState *env,
193 uint32_t phys, uint32_t window, uint32_t n)
194 {
195 assert(phys < env->config->nareg);
196 if (phys + n <= env->config->nareg) {
197 memcpy(env->phys_regs + phys, env->regs + window,
198 n * sizeof(uint32_t));
199 } else {
200 uint32_t n1 = env->config->nareg - phys;
201 memcpy(env->phys_regs + phys, env->regs + window,
202 n1 * sizeof(uint32_t));
203 memcpy(env->phys_regs, env->regs + window + n1,
204 (n - n1) * sizeof(uint32_t));
205 }
206 }
207
208
209 static inline unsigned windowbase_bound(unsigned a, const CPUXtensaState *env)
210 {
211 return a & (env->config->nareg / 4 - 1);
212 }
213
214 static inline unsigned windowstart_bit(unsigned a, const CPUXtensaState *env)
215 {
216 return 1 << windowbase_bound(a, env);
217 }
218
219 void xtensa_sync_window_from_phys(CPUXtensaState *env)
220 {
221 copy_window_from_phys(env, 0, env->sregs[WINDOW_BASE] * 4, 16);
222 }
223
224 void xtensa_sync_phys_from_window(CPUXtensaState *env)
225 {
226 copy_phys_from_window(env, env->sregs[WINDOW_BASE] * 4, 0, 16);
227 }
228
229 static void rotate_window_abs(CPUXtensaState *env, uint32_t position)
230 {
231 xtensa_sync_phys_from_window(env);
232 env->sregs[WINDOW_BASE] = windowbase_bound(position, env);
233 xtensa_sync_window_from_phys(env);
234 }
235
236 static void rotate_window(CPUXtensaState *env, uint32_t delta)
237 {
238 rotate_window_abs(env, env->sregs[WINDOW_BASE] + delta);
239 }
240
241 void HELPER(wsr_windowbase)(CPUXtensaState *env, uint32_t v)
242 {
243 rotate_window_abs(env, v);
244 }
245
246 void HELPER(entry)(CPUXtensaState *env, uint32_t pc, uint32_t s, uint32_t imm)
247 {
248 int callinc = (env->sregs[PS] & PS_CALLINC) >> PS_CALLINC_SHIFT;
249 if (s > 3 || ((env->sregs[PS] & (PS_WOE | PS_EXCM)) ^ PS_WOE) != 0) {
250 qemu_log_mask(LOG_GUEST_ERROR, "Illegal entry instruction(pc = %08x), PS = %08x\n",
251 pc, env->sregs[PS]);
252 HELPER(exception_cause)(env, pc, ILLEGAL_INSTRUCTION_CAUSE);
253 } else {
254 uint32_t windowstart = xtensa_replicate_windowstart(env) >>
255 (env->sregs[WINDOW_BASE] + 1);
256
257 if (windowstart & ((1 << callinc) - 1)) {
258 HELPER(window_check)(env, pc, callinc);
259 }
260 env->regs[(callinc << 2) | (s & 3)] = env->regs[s] - (imm << 3);
261 rotate_window(env, callinc);
262 env->sregs[WINDOW_START] |=
263 windowstart_bit(env->sregs[WINDOW_BASE], env);
264 }
265 }
266
267 void HELPER(window_check)(CPUXtensaState *env, uint32_t pc, uint32_t w)
268 {
269 uint32_t windowbase = windowbase_bound(env->sregs[WINDOW_BASE], env);
270 uint32_t windowstart = xtensa_replicate_windowstart(env) >>
271 (env->sregs[WINDOW_BASE] + 1);
272 uint32_t n = ctz32(windowstart) + 1;
273
274 assert(n <= w);
275
276 rotate_window(env, n);
277 env->sregs[PS] = (env->sregs[PS] & ~PS_OWB) |
278 (windowbase << PS_OWB_SHIFT) | PS_EXCM;
279 env->sregs[EPC1] = env->pc = pc;
280
281 switch (ctz32(windowstart >> n)) {
282 case 0:
283 HELPER(exception)(env, EXC_WINDOW_OVERFLOW4);
284 break;
285 case 1:
286 HELPER(exception)(env, EXC_WINDOW_OVERFLOW8);
287 break;
288 default:
289 HELPER(exception)(env, EXC_WINDOW_OVERFLOW12);
290 break;
291 }
292 }
293
294 uint32_t HELPER(retw)(CPUXtensaState *env, uint32_t pc)
295 {
296 int n = (env->regs[0] >> 30) & 0x3;
297 int m = 0;
298 uint32_t windowbase = windowbase_bound(env->sregs[WINDOW_BASE], env);
299 uint32_t windowstart = env->sregs[WINDOW_START];
300 uint32_t ret_pc = 0;
301
302 if (windowstart & windowstart_bit(windowbase - 1, env)) {
303 m = 1;
304 } else if (windowstart & windowstart_bit(windowbase - 2, env)) {
305 m = 2;
306 } else if (windowstart & windowstart_bit(windowbase - 3, env)) {
307 m = 3;
308 }
309
310 if (n == 0 || (m != 0 && m != n) ||
311 ((env->sregs[PS] & (PS_WOE | PS_EXCM)) ^ PS_WOE) != 0) {
312 qemu_log_mask(LOG_GUEST_ERROR, "Illegal retw instruction(pc = %08x), "
313 "PS = %08x, m = %d, n = %d\n",
314 pc, env->sregs[PS], m, n);
315 HELPER(exception_cause)(env, pc, ILLEGAL_INSTRUCTION_CAUSE);
316 } else {
317 int owb = windowbase;
318
319 ret_pc = (pc & 0xc0000000) | (env->regs[0] & 0x3fffffff);
320
321 rotate_window(env, -n);
322 if (windowstart & windowstart_bit(env->sregs[WINDOW_BASE], env)) {
323 env->sregs[WINDOW_START] &= ~windowstart_bit(owb, env);
324 } else {
325 /* window underflow */
326 env->sregs[PS] = (env->sregs[PS] & ~PS_OWB) |
327 (windowbase << PS_OWB_SHIFT) | PS_EXCM;
328 env->sregs[EPC1] = env->pc = pc;
329
330 if (n == 1) {
331 HELPER(exception)(env, EXC_WINDOW_UNDERFLOW4);
332 } else if (n == 2) {
333 HELPER(exception)(env, EXC_WINDOW_UNDERFLOW8);
334 } else if (n == 3) {
335 HELPER(exception)(env, EXC_WINDOW_UNDERFLOW12);
336 }
337 }
338 }
339 return ret_pc;
340 }
341
342 void HELPER(rotw)(CPUXtensaState *env, uint32_t imm4)
343 {
344 rotate_window(env, imm4);
345 }
346
347 void HELPER(restore_owb)(CPUXtensaState *env)
348 {
349 rotate_window_abs(env, (env->sregs[PS] & PS_OWB) >> PS_OWB_SHIFT);
350 }
351
352 void HELPER(movsp)(CPUXtensaState *env, uint32_t pc)
353 {
354 if ((env->sregs[WINDOW_START] &
355 (windowstart_bit(env->sregs[WINDOW_BASE] - 3, env) |
356 windowstart_bit(env->sregs[WINDOW_BASE] - 2, env) |
357 windowstart_bit(env->sregs[WINDOW_BASE] - 1, env))) == 0) {
358 HELPER(exception_cause)(env, pc, ALLOCA_CAUSE);
359 }
360 }
361
362 void HELPER(wsr_lbeg)(CPUXtensaState *env, uint32_t v)
363 {
364 if (env->sregs[LBEG] != v) {
365 tb_invalidate_virtual_addr(env, env->sregs[LEND] - 1);
366 env->sregs[LBEG] = v;
367 }
368 }
369
370 void HELPER(wsr_lend)(CPUXtensaState *env, uint32_t v)
371 {
372 if (env->sregs[LEND] != v) {
373 tb_invalidate_virtual_addr(env, env->sregs[LEND] - 1);
374 env->sregs[LEND] = v;
375 tb_invalidate_virtual_addr(env, env->sregs[LEND] - 1);
376 }
377 }
378
379 void HELPER(dump_state)(CPUXtensaState *env)
380 {
381 XtensaCPU *cpu = xtensa_env_get_cpu(env);
382
383 cpu_dump_state(CPU(cpu), stderr, fprintf, 0);
384 }
385
386 void HELPER(waiti)(CPUXtensaState *env, uint32_t pc, uint32_t intlevel)
387 {
388 CPUState *cpu;
389
390 env->pc = pc;
391 env->sregs[PS] = (env->sregs[PS] & ~PS_INTLEVEL) |
392 (intlevel << PS_INTLEVEL_SHIFT);
393 check_interrupts(env);
394 if (env->pending_irq_level) {
395 cpu_loop_exit(CPU(xtensa_env_get_cpu(env)));
396 return;
397 }
398
399 cpu = CPU(xtensa_env_get_cpu(env));
400 env->halt_clock = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
401 cpu->halted = 1;
402 if (xtensa_option_enabled(env->config, XTENSA_OPTION_TIMER_INTERRUPT)) {
403 xtensa_rearm_ccompare_timer(env);
404 }
405 HELPER(exception)(env, EXCP_HLT);
406 }
407
408 void HELPER(timer_irq)(CPUXtensaState *env, uint32_t id, uint32_t active)
409 {
410 xtensa_timer_irq(env, id, active);
411 }
412
413 void HELPER(advance_ccount)(CPUXtensaState *env, uint32_t d)
414 {
415 xtensa_advance_ccount(env, d);
416 }
417
418 void HELPER(check_interrupts)(CPUXtensaState *env)
419 {
420 check_interrupts(env);
421 }
422
423 void HELPER(itlb_hit_test)(CPUXtensaState *env, uint32_t vaddr)
424 {
425 get_page_addr_code(env, vaddr);
426 }
427
428 /*!
429 * Check vaddr accessibility/cache attributes and raise an exception if
430 * specified by the ATOMCTL SR.
431 *
432 * Note: local memory exclusion is not implemented
433 */
434 void HELPER(check_atomctl)(CPUXtensaState *env, uint32_t pc, uint32_t vaddr)
435 {
436 uint32_t paddr, page_size, access;
437 uint32_t atomctl = env->sregs[ATOMCTL];
438 int rc = xtensa_get_physical_addr(env, true, vaddr, 1,
439 xtensa_get_cring(env), &paddr, &page_size, &access);
440
441 /*
442 * s32c1i never causes LOAD_PROHIBITED_CAUSE exceptions,
443 * see opcode description in the ISA
444 */
445 if (rc == 0 &&
446 (access & (PAGE_READ | PAGE_WRITE)) != (PAGE_READ | PAGE_WRITE)) {
447 rc = STORE_PROHIBITED_CAUSE;
448 }
449
450 if (rc) {
451 HELPER(exception_cause_vaddr)(env, pc, rc, vaddr);
452 }
453
454 /*
455 * When data cache is not configured use ATOMCTL bypass field.
456 * See ISA, 4.3.12.4 The Atomic Operation Control Register (ATOMCTL)
457 * under the Conditional Store Option.
458 */
459 if (!xtensa_option_enabled(env->config, XTENSA_OPTION_DCACHE)) {
460 access = PAGE_CACHE_BYPASS;
461 }
462
463 switch (access & PAGE_CACHE_MASK) {
464 case PAGE_CACHE_WB:
465 atomctl >>= 2;
466 /* fall through */
467 case PAGE_CACHE_WT:
468 atomctl >>= 2;
469 /* fall through */
470 case PAGE_CACHE_BYPASS:
471 if ((atomctl & 0x3) == 0) {
472 HELPER(exception_cause_vaddr)(env, pc,
473 LOAD_STORE_ERROR_CAUSE, vaddr);
474 }
475 break;
476
477 case PAGE_CACHE_ISOLATE:
478 HELPER(exception_cause_vaddr)(env, pc,
479 LOAD_STORE_ERROR_CAUSE, vaddr);
480 break;
481
482 default:
483 break;
484 }
485 }
486
487 void HELPER(wsr_rasid)(CPUXtensaState *env, uint32_t v)
488 {
489 XtensaCPU *cpu = xtensa_env_get_cpu(env);
490
491 v = (v & 0xffffff00) | 0x1;
492 if (v != env->sregs[RASID]) {
493 env->sregs[RASID] = v;
494 tlb_flush(CPU(cpu), 1);
495 }
496 }
497
498 static uint32_t get_page_size(const CPUXtensaState *env, bool dtlb, uint32_t way)
499 {
500 uint32_t tlbcfg = env->sregs[dtlb ? DTLBCFG : ITLBCFG];
501
502 switch (way) {
503 case 4:
504 return (tlbcfg >> 16) & 0x3;
505
506 case 5:
507 return (tlbcfg >> 20) & 0x1;
508
509 case 6:
510 return (tlbcfg >> 24) & 0x1;
511
512 default:
513 return 0;
514 }
515 }
516
517 /*!
518 * Get bit mask for the virtual address bits translated by the TLB way
519 */
520 uint32_t xtensa_tlb_get_addr_mask(const CPUXtensaState *env, bool dtlb, uint32_t way)
521 {
522 if (xtensa_option_enabled(env->config, XTENSA_OPTION_MMU)) {
523 bool varway56 = dtlb ?
524 env->config->dtlb.varway56 :
525 env->config->itlb.varway56;
526
527 switch (way) {
528 case 4:
529 return 0xfff00000 << get_page_size(env, dtlb, way) * 2;
530
531 case 5:
532 if (varway56) {
533 return 0xf8000000 << get_page_size(env, dtlb, way);
534 } else {
535 return 0xf8000000;
536 }
537
538 case 6:
539 if (varway56) {
540 return 0xf0000000 << (1 - get_page_size(env, dtlb, way));
541 } else {
542 return 0xf0000000;
543 }
544
545 default:
546 return 0xfffff000;
547 }
548 } else {
549 return REGION_PAGE_MASK;
550 }
551 }
552
553 /*!
554 * Get bit mask for the 'VPN without index' field.
555 * See ISA, 4.6.5.6, data format for RxTLB0
556 */
557 static uint32_t get_vpn_mask(const CPUXtensaState *env, bool dtlb, uint32_t way)
558 {
559 if (way < 4) {
560 bool is32 = (dtlb ?
561 env->config->dtlb.nrefillentries :
562 env->config->itlb.nrefillentries) == 32;
563 return is32 ? 0xffff8000 : 0xffffc000;
564 } else if (way == 4) {
565 return xtensa_tlb_get_addr_mask(env, dtlb, way) << 2;
566 } else if (way <= 6) {
567 uint32_t mask = xtensa_tlb_get_addr_mask(env, dtlb, way);
568 bool varway56 = dtlb ?
569 env->config->dtlb.varway56 :
570 env->config->itlb.varway56;
571
572 if (varway56) {
573 return mask << (way == 5 ? 2 : 3);
574 } else {
575 return mask << 1;
576 }
577 } else {
578 return 0xfffff000;
579 }
580 }
581
582 /*!
583 * Split virtual address into VPN (with index) and entry index
584 * for the given TLB way
585 */
586 void split_tlb_entry_spec_way(const CPUXtensaState *env, uint32_t v, bool dtlb,
587 uint32_t *vpn, uint32_t wi, uint32_t *ei)
588 {
589 bool varway56 = dtlb ?
590 env->config->dtlb.varway56 :
591 env->config->itlb.varway56;
592
593 if (!dtlb) {
594 wi &= 7;
595 }
596
597 if (wi < 4) {
598 bool is32 = (dtlb ?
599 env->config->dtlb.nrefillentries :
600 env->config->itlb.nrefillentries) == 32;
601 *ei = (v >> 12) & (is32 ? 0x7 : 0x3);
602 } else {
603 switch (wi) {
604 case 4:
605 {
606 uint32_t eibase = 20 + get_page_size(env, dtlb, wi) * 2;
607 *ei = (v >> eibase) & 0x3;
608 }
609 break;
610
611 case 5:
612 if (varway56) {
613 uint32_t eibase = 27 + get_page_size(env, dtlb, wi);
614 *ei = (v >> eibase) & 0x3;
615 } else {
616 *ei = (v >> 27) & 0x1;
617 }
618 break;
619
620 case 6:
621 if (varway56) {
622 uint32_t eibase = 29 - get_page_size(env, dtlb, wi);
623 *ei = (v >> eibase) & 0x7;
624 } else {
625 *ei = (v >> 28) & 0x1;
626 }
627 break;
628
629 default:
630 *ei = 0;
631 break;
632 }
633 }
634 *vpn = v & xtensa_tlb_get_addr_mask(env, dtlb, wi);
635 }
636
637 /*!
638 * Split TLB address into TLB way, entry index and VPN (with index).
639 * See ISA, 4.6.5.5 - 4.6.5.8 for the TLB addressing format
640 */
641 static void split_tlb_entry_spec(CPUXtensaState *env, uint32_t v, bool dtlb,
642 uint32_t *vpn, uint32_t *wi, uint32_t *ei)
643 {
644 if (xtensa_option_enabled(env->config, XTENSA_OPTION_MMU)) {
645 *wi = v & (dtlb ? 0xf : 0x7);
646 split_tlb_entry_spec_way(env, v, dtlb, vpn, *wi, ei);
647 } else {
648 *vpn = v & REGION_PAGE_MASK;
649 *wi = 0;
650 *ei = (v >> 29) & 0x7;
651 }
652 }
653
654 static xtensa_tlb_entry *get_tlb_entry(CPUXtensaState *env,
655 uint32_t v, bool dtlb, uint32_t *pwi)
656 {
657 uint32_t vpn;
658 uint32_t wi;
659 uint32_t ei;
660
661 split_tlb_entry_spec(env, v, dtlb, &vpn, &wi, &ei);
662 if (pwi) {
663 *pwi = wi;
664 }
665 return xtensa_tlb_get_entry(env, dtlb, wi, ei);
666 }
667
668 uint32_t HELPER(rtlb0)(CPUXtensaState *env, uint32_t v, uint32_t dtlb)
669 {
670 if (xtensa_option_enabled(env->config, XTENSA_OPTION_MMU)) {
671 uint32_t wi;
672 const xtensa_tlb_entry *entry = get_tlb_entry(env, v, dtlb, &wi);
673 return (entry->vaddr & get_vpn_mask(env, dtlb, wi)) | entry->asid;
674 } else {
675 return v & REGION_PAGE_MASK;
676 }
677 }
678
679 uint32_t HELPER(rtlb1)(CPUXtensaState *env, uint32_t v, uint32_t dtlb)
680 {
681 const xtensa_tlb_entry *entry = get_tlb_entry(env, v, dtlb, NULL);
682 return entry->paddr | entry->attr;
683 }
684
685 void HELPER(itlb)(CPUXtensaState *env, uint32_t v, uint32_t dtlb)
686 {
687 if (xtensa_option_enabled(env->config, XTENSA_OPTION_MMU)) {
688 uint32_t wi;
689 xtensa_tlb_entry *entry = get_tlb_entry(env, v, dtlb, &wi);
690 if (entry->variable && entry->asid) {
691 tlb_flush_page(CPU(xtensa_env_get_cpu(env)), entry->vaddr);
692 entry->asid = 0;
693 }
694 }
695 }
696
697 uint32_t HELPER(ptlb)(CPUXtensaState *env, uint32_t v, uint32_t dtlb)
698 {
699 if (xtensa_option_enabled(env->config, XTENSA_OPTION_MMU)) {
700 uint32_t wi;
701 uint32_t ei;
702 uint8_t ring;
703 int res = xtensa_tlb_lookup(env, v, dtlb, &wi, &ei, &ring);
704
705 switch (res) {
706 case 0:
707 if (ring >= xtensa_get_ring(env)) {
708 return (v & 0xfffff000) | wi | (dtlb ? 0x10 : 0x8);
709 }
710 break;
711
712 case INST_TLB_MULTI_HIT_CAUSE:
713 case LOAD_STORE_TLB_MULTI_HIT_CAUSE:
714 HELPER(exception_cause_vaddr)(env, env->pc, res, v);
715 break;
716 }
717 return 0;
718 } else {
719 return (v & REGION_PAGE_MASK) | 0x1;
720 }
721 }
722
723 void xtensa_tlb_set_entry_mmu(const CPUXtensaState *env,
724 xtensa_tlb_entry *entry, bool dtlb,
725 unsigned wi, unsigned ei, uint32_t vpn, uint32_t pte)
726 {
727 entry->vaddr = vpn;
728 entry->paddr = pte & xtensa_tlb_get_addr_mask(env, dtlb, wi);
729 entry->asid = (env->sregs[RASID] >> ((pte >> 1) & 0x18)) & 0xff;
730 entry->attr = pte & 0xf;
731 }
732
733 void xtensa_tlb_set_entry(CPUXtensaState *env, bool dtlb,
734 unsigned wi, unsigned ei, uint32_t vpn, uint32_t pte)
735 {
736 XtensaCPU *cpu = xtensa_env_get_cpu(env);
737 CPUState *cs = CPU(cpu);
738 xtensa_tlb_entry *entry = xtensa_tlb_get_entry(env, dtlb, wi, ei);
739
740 if (xtensa_option_enabled(env->config, XTENSA_OPTION_MMU)) {
741 if (entry->variable) {
742 if (entry->asid) {
743 tlb_flush_page(cs, entry->vaddr);
744 }
745 xtensa_tlb_set_entry_mmu(env, entry, dtlb, wi, ei, vpn, pte);
746 tlb_flush_page(cs, entry->vaddr);
747 } else {
748 qemu_log_mask(LOG_GUEST_ERROR, "%s %d, %d, %d trying to set immutable entry\n",
749 __func__, dtlb, wi, ei);
750 }
751 } else {
752 tlb_flush_page(cs, entry->vaddr);
753 if (xtensa_option_enabled(env->config,
754 XTENSA_OPTION_REGION_TRANSLATION)) {
755 entry->paddr = pte & REGION_PAGE_MASK;
756 }
757 entry->attr = pte & 0xf;
758 }
759 }
760
761 void HELPER(wtlb)(CPUXtensaState *env, uint32_t p, uint32_t v, uint32_t dtlb)
762 {
763 uint32_t vpn;
764 uint32_t wi;
765 uint32_t ei;
766 split_tlb_entry_spec(env, v, dtlb, &vpn, &wi, &ei);
767 xtensa_tlb_set_entry(env, dtlb, wi, ei, vpn, p);
768 }
769
770
771 void HELPER(wsr_ibreakenable)(CPUXtensaState *env, uint32_t v)
772 {
773 uint32_t change = v ^ env->sregs[IBREAKENABLE];
774 unsigned i;
775
776 for (i = 0; i < env->config->nibreak; ++i) {
777 if (change & (1 << i)) {
778 tb_invalidate_virtual_addr(env, env->sregs[IBREAKA + i]);
779 }
780 }
781 env->sregs[IBREAKENABLE] = v & ((1 << env->config->nibreak) - 1);
782 }
783
784 void HELPER(wsr_ibreaka)(CPUXtensaState *env, uint32_t i, uint32_t v)
785 {
786 if (env->sregs[IBREAKENABLE] & (1 << i) && env->sregs[IBREAKA + i] != v) {
787 tb_invalidate_virtual_addr(env, env->sregs[IBREAKA + i]);
788 tb_invalidate_virtual_addr(env, v);
789 }
790 env->sregs[IBREAKA + i] = v;
791 }
792
793 static void set_dbreak(CPUXtensaState *env, unsigned i, uint32_t dbreaka,
794 uint32_t dbreakc)
795 {
796 CPUState *cs = CPU(xtensa_env_get_cpu(env));
797 int flags = BP_CPU | BP_STOP_BEFORE_ACCESS;
798 uint32_t mask = dbreakc | ~DBREAKC_MASK;
799
800 if (env->cpu_watchpoint[i]) {
801 cpu_watchpoint_remove_by_ref(cs, env->cpu_watchpoint[i]);
802 }
803 if (dbreakc & DBREAKC_SB) {
804 flags |= BP_MEM_WRITE;
805 }
806 if (dbreakc & DBREAKC_LB) {
807 flags |= BP_MEM_READ;
808 }
809 /* contiguous mask after inversion is one less than some power of 2 */
810 if ((~mask + 1) & ~mask) {
811 qemu_log_mask(LOG_GUEST_ERROR, "DBREAKC mask is not contiguous: 0x%08x\n", dbreakc);
812 /* cut mask after the first zero bit */
813 mask = 0xffffffff << (32 - clo32(mask));
814 }
815 if (cpu_watchpoint_insert(cs, dbreaka & mask, ~mask + 1,
816 flags, &env->cpu_watchpoint[i])) {
817 env->cpu_watchpoint[i] = NULL;
818 qemu_log_mask(LOG_GUEST_ERROR, "Failed to set data breakpoint at 0x%08x/%d\n",
819 dbreaka & mask, ~mask + 1);
820 }
821 }
822
823 void HELPER(wsr_dbreaka)(CPUXtensaState *env, uint32_t i, uint32_t v)
824 {
825 uint32_t dbreakc = env->sregs[DBREAKC + i];
826
827 if ((dbreakc & DBREAKC_SB_LB) &&
828 env->sregs[DBREAKA + i] != v) {
829 set_dbreak(env, i, v, dbreakc);
830 }
831 env->sregs[DBREAKA + i] = v;
832 }
833
834 void HELPER(wsr_dbreakc)(CPUXtensaState *env, uint32_t i, uint32_t v)
835 {
836 if ((env->sregs[DBREAKC + i] ^ v) & (DBREAKC_SB_LB | DBREAKC_MASK)) {
837 if (v & DBREAKC_SB_LB) {
838 set_dbreak(env, i, env->sregs[DBREAKA + i], v);
839 } else {
840 if (env->cpu_watchpoint[i]) {
841 CPUState *cs = CPU(xtensa_env_get_cpu(env));
842
843 cpu_watchpoint_remove_by_ref(cs, env->cpu_watchpoint[i]);
844 env->cpu_watchpoint[i] = NULL;
845 }
846 }
847 }
848 env->sregs[DBREAKC + i] = v;
849 }
850
851 void HELPER(wur_fcr)(CPUXtensaState *env, uint32_t v)
852 {
853 static const int rounding_mode[] = {
854 float_round_nearest_even,
855 float_round_to_zero,
856 float_round_up,
857 float_round_down,
858 };
859
860 env->uregs[FCR] = v & 0xfffff07f;
861 set_float_rounding_mode(rounding_mode[v & 3], &env->fp_status);
862 }
863
864 float32 HELPER(abs_s)(float32 v)
865 {
866 return float32_abs(v);
867 }
868
869 float32 HELPER(neg_s)(float32 v)
870 {
871 return float32_chs(v);
872 }
873
874 float32 HELPER(add_s)(CPUXtensaState *env, float32 a, float32 b)
875 {
876 return float32_add(a, b, &env->fp_status);
877 }
878
879 float32 HELPER(sub_s)(CPUXtensaState *env, float32 a, float32 b)
880 {
881 return float32_sub(a, b, &env->fp_status);
882 }
883
884 float32 HELPER(mul_s)(CPUXtensaState *env, float32 a, float32 b)
885 {
886 return float32_mul(a, b, &env->fp_status);
887 }
888
889 float32 HELPER(madd_s)(CPUXtensaState *env, float32 a, float32 b, float32 c)
890 {
891 return float32_muladd(b, c, a, 0,
892 &env->fp_status);
893 }
894
895 float32 HELPER(msub_s)(CPUXtensaState *env, float32 a, float32 b, float32 c)
896 {
897 return float32_muladd(b, c, a, float_muladd_negate_product,
898 &env->fp_status);
899 }
900
901 uint32_t HELPER(ftoi)(float32 v, uint32_t rounding_mode, uint32_t scale)
902 {
903 float_status fp_status = {0};
904
905 set_float_rounding_mode(rounding_mode, &fp_status);
906 return float32_to_int32(
907 float32_scalbn(v, scale, &fp_status), &fp_status);
908 }
909
910 uint32_t HELPER(ftoui)(float32 v, uint32_t rounding_mode, uint32_t scale)
911 {
912 float_status fp_status = {0};
913 float32 res;
914
915 set_float_rounding_mode(rounding_mode, &fp_status);
916
917 res = float32_scalbn(v, scale, &fp_status);
918
919 if (float32_is_neg(v) && !float32_is_any_nan(v)) {
920 return float32_to_int32(res, &fp_status);
921 } else {
922 return float32_to_uint32(res, &fp_status);
923 }
924 }
925
926 float32 HELPER(itof)(CPUXtensaState *env, uint32_t v, uint32_t scale)
927 {
928 return float32_scalbn(int32_to_float32(v, &env->fp_status),
929 (int32_t)scale, &env->fp_status);
930 }
931
932 float32 HELPER(uitof)(CPUXtensaState *env, uint32_t v, uint32_t scale)
933 {
934 return float32_scalbn(uint32_to_float32(v, &env->fp_status),
935 (int32_t)scale, &env->fp_status);
936 }
937
938 static inline void set_br(CPUXtensaState *env, bool v, uint32_t br)
939 {
940 if (v) {
941 env->sregs[BR] |= br;
942 } else {
943 env->sregs[BR] &= ~br;
944 }
945 }
946
947 void HELPER(un_s)(CPUXtensaState *env, uint32_t br, float32 a, float32 b)
948 {
949 set_br(env, float32_unordered_quiet(a, b, &env->fp_status), br);
950 }
951
952 void HELPER(oeq_s)(CPUXtensaState *env, uint32_t br, float32 a, float32 b)
953 {
954 set_br(env, float32_eq_quiet(a, b, &env->fp_status), br);
955 }
956
957 void HELPER(ueq_s)(CPUXtensaState *env, uint32_t br, float32 a, float32 b)
958 {
959 int v = float32_compare_quiet(a, b, &env->fp_status);
960 set_br(env, v == float_relation_equal || v == float_relation_unordered, br);
961 }
962
963 void HELPER(olt_s)(CPUXtensaState *env, uint32_t br, float32 a, float32 b)
964 {
965 set_br(env, float32_lt_quiet(a, b, &env->fp_status), br);
966 }
967
968 void HELPER(ult_s)(CPUXtensaState *env, uint32_t br, float32 a, float32 b)
969 {
970 int v = float32_compare_quiet(a, b, &env->fp_status);
971 set_br(env, v == float_relation_less || v == float_relation_unordered, br);
972 }
973
974 void HELPER(ole_s)(CPUXtensaState *env, uint32_t br, float32 a, float32 b)
975 {
976 set_br(env, float32_le_quiet(a, b, &env->fp_status), br);
977 }
978
979 void HELPER(ule_s)(CPUXtensaState *env, uint32_t br, float32 a, float32 b)
980 {
981 int v = float32_compare_quiet(a, b, &env->fp_status);
982 set_br(env, v != float_relation_greater, br);
983 }