/* NOTE2: the returned address is not exactly the physical address: it
* is actually a ram_addr_t (in system mode; the user mode emulation
* version of this function returns a guest virtual address).
*/
tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
{
uintptr_t mmu_idx = cpu_mmu_index(env, true);
uintptr_t index = tlb_index(env, mmu_idx, addr);
CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
void *p;
if (unlikely(!tlb_hit(entry->addr_code, addr))) {
if (!VICTIM_TLB_HIT(addr_code, addr)) {
tlb_fill(ENV_GET_CPU(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0);
index = tlb_index(env, mmu_idx, addr);
entry = tlb_entry(env, mmu_idx, addr);
}
assert(tlb_hit(entry->addr_code, addr));
}
if (unlikely(entry->addr_code & (TLB_RECHECK | TLB_MMIO))) {
/*
* Return -1 if we can't translate and execute from an entire
* page of RAM here, which will cause us to execute by loading
* and translating one insn at a time, without caching:
* - TLB_RECHECK: means the MMU protection covers a smaller range
* than a target page, so we must redo the MMU check every insn
* - TLB_MMIO: region is not backed by RAM
*/
return -1;
}
p = (void *)((uintptr_t)addr + entry->addend);
return qemu_ram_addr_from_host_nofail(p);
}
static xed_error_enum_t disas_one_inst(target_ulong pc)
{
char buf[15];
if(PEMU_read_mem(pc, 15, buf)!=0)
tlb_fill(cpu_single_env, pc+14, 0, 0, 0);
xed_decoded_inst_zero_set_mode(&xedd_g, &dstate);
xed_error_enum_t xed_error = xed_decode(&xedd_g,
XED_STATIC_CAST(const xed_uint8_t *, buf), 15);
return xed_error;
}
void setup_thread(thread_params_t *params)
{
context_t user_context;
uint32_t phys_page;
int i;
interrupt_status_t intr_status;
thread_table_t *thread= thread_get_current_thread_entry();
/* Copy thread parameters. */
int arg = params->arg;
void (*func)(int) = params->func;
process_id_t pid = thread->process_id = params->pid;
thread->pagetable = params->pagetable;
params->done = 1; /* OK, we don't need params any more. */
intr_status = _interrupt_disable();
spinlock_acquire(&process_table_slock);
/* Set up userspace environment. */
memoryset(&user_context, 0, sizeof(user_context));
user_context.cpu_regs[MIPS_REGISTER_A0] = arg;
user_context.pc = (uint32_t)func;
/* Allocate thread stack */
if (process_table[pid].bot_free_stack != 0) {
/* Reuse old thread stack. */
user_context.cpu_regs[MIPS_REGISTER_SP] =
process_table[pid].bot_free_stack
+ CONFIG_USERLAND_STACK_SIZE*PAGE_SIZE
- 4; /* Space for the thread argument */
process_table[pid].bot_free_stack =
*(uint32_t*)process_table[pid].bot_free_stack;
} else {
/* Allocate physical pages (frames) for the stack. */
for (i = 0; i < CONFIG_USERLAND_STACK_SIZE; i++) {
phys_page = pagepool_get_phys_page();
KERNEL_ASSERT(phys_page != 0);
vm_map(thread->pagetable, phys_page,
process_table[pid].stack_end - (i+1)*PAGE_SIZE, 1);
}
user_context.cpu_regs[MIPS_REGISTER_SP] =
process_table[pid].stack_end-4; /* Space for the thread argument */
process_table[pid].stack_end -= PAGE_SIZE*CONFIG_USERLAND_STACK_SIZE;
}
tlb_fill(thread->pagetable);
spinlock_release(&process_table_slock);
_interrupt_set_state(intr_status);
thread_goto_userland(&user_context);
}
/** Handles an interrupt (exception code 0). All interrupt handlers
* that are registered for any of the occured interrupts (hardware
* 0-5, software 0-1) are called. The scheduler is called if a timer
* interrupt (hardware 5) or a context switch request (software
* interrupt 0) occured, or if the currently running thread for the
* processor is the idle thread.
*
* @param cause The Cause register from CP0
*/
void interrupt_handle(virtaddr_t cause) {
int this_cpu, i;
if(cause & INTERRUPT_CAUSE_SOFTWARE_0) {
_interrupt_clear_sw0();
}
this_cpu = _interrupt_getcpu();
/* Exceptions should be handled elsewhere: */
if((cause & 0x0000007c) != 0) {
kprintf("Caught exception, cause %.8x, CPU %i\n", cause, this_cpu);
KERNEL_PANIC("Exception in interrupt_handle");
}
/* Call appropiate interrupt handlers. Handlers cannot be
* unregistered, so after the first empty * entry all others are
* also empty.
*/
for (i=0; i<CONFIG_MAX_DEVICES; i++) {
if (interrupt_handlers[i].device == NULL)
break;
/* If this handler is registered for any of the interrupts
* that occured, call it.
*/
if ((cause & interrupt_handlers[i].irq) != 0)
interrupt_handlers[i].handler(interrupt_handlers[i].device);
}
/* Timer interrupt (HW5) or requested context switch (SW0)
* Also call scheduler if we're running the idle thread.
*/
if((cause & (INTERRUPT_CAUSE_SOFTWARE_0 |
INTERRUPT_CAUSE_HARDWARE_5)) ||
scheduler_current_thread[this_cpu] == IDLE_THREAD_TID) {
scheduler_schedule();
/* Until we have proper VM we must manually fill
the TLB with pagetable entries before running code using
given pagetable. Note that this method limits pagetable
rows (possible mapping pairs) to 16 and can't be used
with proper pagetables and VM.
Note that if you remove this call (which you probably do when
you implement proper VM), you must manually call _tlb_set_asid
here. See the implementation of tlb_fill on details how to do that.
*/
tlb_fill(thread_get_current_thread_entry()->pagetable);
}
}
/* Probe for whether the specified guest write access is permitted.
* If it is not permitted then an exception will be taken in the same
* way as if this were a real write access (and we will not return).
* Otherwise the function will return, and there will be a valid
* entry in the TLB for this access.
*/
void probe_write(CPUArchState *env, target_ulong addr, int size, int mmu_idx,
uintptr_t retaddr)
{
uintptr_t index = tlb_index(env, mmu_idx, addr);
CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
if (!tlb_hit(tlb_addr_write(entry), addr)) {
/* TLB entry is for a different page */
if (!VICTIM_TLB_HIT(addr_write, addr)) {
tlb_fill(ENV_GET_CPU(env), addr, size, MMU_DATA_STORE,
mmu_idx, retaddr);
}
}
}
/** Handles an interrupt (exception code 0). All interrupt handlers
* that are registered for any of the occured interrupts (hardware
* 0-5, software 0-1) are called. The scheduler is called if a timer
* interrupt (hardware 5) or a context switch request (software
* interrupt 0) occured, or if the currently running thread for the
* processor is the idle thread.
*
* @param cause The Cause register from CP0
*/
void interrupt_handle(uint32_t cause) {
int this_cpu, i;
if(cause & INTERRUPT_CAUSE_SOFTWARE_0) {
_interrupt_clear_sw0();
}
this_cpu = _interrupt_getcpu();
/* Exceptions should be handled elsewhere: */
if((cause & 0x0000007c) != 0) {
kprintf("Caught exception, cause %.8x, CPU %i\n", cause, this_cpu);
KERNEL_PANIC("Exception in interrupt_handle");
}
/* Call appropiate interrupt handlers. Handlers cannot be
* unregistered, so after the first empty * entry all others are
* also empty.
*/
for (i=0; i<CONFIG_MAX_DEVICES; i++) {
if (interrupt_handlers[i].device == NULL)
break;
/* If this handler is registered for any of the interrupts
* that occured, call it.
*/
if ((cause & interrupt_handlers[i].irq) != 0)
interrupt_handlers[i].handler(interrupt_handlers[i].device);
}
/* Timer interrupt (HW5) or requested context switch (SW0)
* Also call scheduler if we're running the idle thread.
*/
if((cause & (INTERRUPT_CAUSE_SOFTWARE_0 |
INTERRUPT_CAUSE_HARDWARE_5)) ||
scheduler_current_thread[this_cpu] == IDLE_THREAD_TID) {
scheduler_schedule();
tlb_fill(thread_get_current_thread_entry()->pagetable);
}
/*
thread_table_t *thread = thread_get_current_thread_entry();
process_id_t pid = thread->process_id;
if(pid == -1) {
* Not a process thread. Use thread id with most significant
bit flipped as ASID.
Note: this limits both PROCESS_MAX_PROCESSES and the
number of kernel work threads to 128 since ASID is one
byte and the ASID address space is divided into two.
*
uint8_t asid = thread_get_current_thread() | 0x8;
_tlb_set_asid(asid);
return;
} else {
* Use PID as ASID. This ensures that threads within a
process shares the same ASID
_tlb_set_asid(pid);
/
}
}*/
}
/**
* Starts one userland process. The thread calling this function will
* be used to run the process and will therefore never return from
* this function. This function asserts that no errors occur in
* process startup (the executable file exists and is a valid ecoff
* file, enough memory is available, file operations succeed...).
* Therefore this function is not suitable to allow startup of
* arbitrary processes.
*
* @executable The name of the executable to be run in the userland
* process
*/
void process_start(process_id_t pid) {
thread_table_t *my_entry;
pagetable_t *pagetable;
uint32_t phys_page;
context_t user_context;
uint32_t stack_bottom;
elf_info_t elf;
openfile_t file;
char executable[MAX_NAME_LENGTH];
int i;
interrupt_status_t intr_status;
my_entry = thread_get_current_thread_entry();
// Set process id on thread
my_entry->process_id = pid;
// Ensure that we're the only ones touching the process table.
intr_status = _interrupt_disable();
spinlock_acquire(&process_table_slock);
// Copy over the name of file we're supposed to execute.
stringcopy(executable, process_table[pid].name, MAX_NAME_LENGTH);
// Free our locks.
spinlock_release(&process_table_slock);
_interrupt_set_state(intr_status);
/* If the pagetable of this thread is not NULL, we are trying to
run a userland process for a second time in the same thread.
This is not possible. */
KERNEL_ASSERT(my_entry->pagetable == NULL);
pagetable = vm_create_pagetable(thread_get_current_thread());
KERNEL_ASSERT(pagetable != NULL);
intr_status = _interrupt_disable();
my_entry->pagetable = pagetable;
_interrupt_set_state(intr_status);
file = vfs_open((char *)executable);
/* Make sure the file existed and was a valid ELF file */
KERNEL_ASSERT(file >= 0);
KERNEL_ASSERT(elf_parse_header(&elf, file));
/* Trivial and naive sanity check for entry point: */
KERNEL_ASSERT(elf.entry_point >= PAGE_SIZE);
/* Calculate the number of pages needed by the whole process
(including userland stack). Since we don't have proper tlb
handling code, all these pages must fit into TLB. */
KERNEL_ASSERT(elf.ro_pages + elf.rw_pages + CONFIG_USERLAND_STACK_SIZE
<= _tlb_get_maxindex() + 1);
/* Allocate and map stack */
for(i = 0; i < CONFIG_USERLAND_STACK_SIZE; i++) {
phys_page = pagepool_get_phys_page();
KERNEL_ASSERT(phys_page != 0);
vm_map(my_entry->pagetable, phys_page,
(USERLAND_STACK_TOP & PAGE_SIZE_MASK) - i*PAGE_SIZE, 1);
}
/* Allocate and map pages for the segments. We assume that
segments begin at page boundary. (The linker script in tests
directory creates this kind of segments) */
for(i = 0; i < (int)elf.ro_pages; i++) {
phys_page = pagepool_get_phys_page();
KERNEL_ASSERT(phys_page != 0);
vm_map(my_entry->pagetable, phys_page,
elf.ro_vaddr + i*PAGE_SIZE, 1);
}
for(i = 0; i < (int)elf.rw_pages; i++) {
phys_page = pagepool_get_phys_page();
KERNEL_ASSERT(phys_page != 0);
vm_map(my_entry->pagetable, phys_page,
elf.rw_vaddr + i*PAGE_SIZE, 1);
}
/* Put the mapped pages into TLB. Here we again assume that the
pages fit into the TLB. After writing proper TLB exception
handling this call should be skipped. */
intr_status = _interrupt_disable();
tlb_fill(my_entry->pagetable);
_interrupt_set_state(intr_status);
/* Now we may use the virtual addresses of the segments. */
/* Zero the pages. */
memoryset((void *)elf.ro_vaddr, 0, elf.ro_pages*PAGE_SIZE);
memoryset((void *)elf.rw_vaddr, 0, elf.rw_pages*PAGE_SIZE);
stack_bottom = (USERLAND_STACK_TOP & PAGE_SIZE_MASK) -
(CONFIG_USERLAND_STACK_SIZE-1)*PAGE_SIZE;
memoryset((void *)stack_bottom, 0, CONFIG_USERLAND_STACK_SIZE*PAGE_SIZE);
/* Copy segments */
if (elf.ro_size > 0) {
/* Make sure that the segment is in proper place. */
KERNEL_ASSERT(elf.ro_vaddr >= PAGE_SIZE);
KERNEL_ASSERT(vfs_seek(file, elf.ro_location) == VFS_OK);
KERNEL_ASSERT(vfs_read(file, (void *)elf.ro_vaddr, elf.ro_size)
== (int)elf.ro_size);
}
if (elf.rw_size > 0) {
/* Make sure that the segment is in proper place. */
KERNEL_ASSERT(elf.rw_vaddr >= PAGE_SIZE);
KERNEL_ASSERT(vfs_seek(file, elf.rw_location) == VFS_OK);
KERNEL_ASSERT(vfs_read(file, (void *)elf.rw_vaddr, elf.rw_size)
== (int)elf.rw_size);
}
/* Set the dirty bit to zero (read-only) on read-only pages. */
for(i = 0; i < (int)elf.ro_pages; i++) {
vm_set_dirty(my_entry->pagetable, elf.ro_vaddr + i*PAGE_SIZE, 0);
}
/* Insert page mappings again to TLB to take read-only bits into use */
intr_status = _interrupt_disable();
tlb_fill(my_entry->pagetable);
_interrupt_set_state(intr_status);
/* Initialize the user context. (Status register is handled by
thread_goto_userland) */
memoryset(&user_context, 0, sizeof(user_context));
user_context.cpu_regs[MIPS_REGISTER_SP] = USERLAND_STACK_TOP;
user_context.pc = elf.entry_point;
thread_goto_userland(&user_context);
KERNEL_PANIC("thread_goto_userland failed.");
}
static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
int mmu_idx,
uint64_t val, target_ulong addr,
uintptr_t retaddr, bool recheck, int size)
{
CPUState *cpu = ENV_GET_CPU(env);
hwaddr mr_offset;
MemoryRegionSection *section;
MemoryRegion *mr;
bool locked = false;
MemTxResult r;
if (recheck) {
/*
* This is a TLB_RECHECK access, where the MMU protection
* covers a smaller range than a target page, and we must
* repeat the MMU check here. This tlb_fill() call might
* longjump out if this access should cause a guest exception.
*/
CPUTLBEntry *entry;
target_ulong tlb_addr;
tlb_fill(cpu, addr, size, MMU_DATA_STORE, mmu_idx, retaddr);
entry = tlb_entry(env, mmu_idx, addr);
tlb_addr = tlb_addr_write(entry);
if (!(tlb_addr & ~(TARGET_PAGE_MASK | TLB_RECHECK))) {
/* RAM access */
uintptr_t haddr = addr + entry->addend;
stn_p((void *)haddr, size, val);
return;
}
/* Fall through for handling IO accesses */
}
section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
mr = section->mr;
mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
if (mr != &io_mem_rom && mr != &io_mem_notdirty && !cpu->can_do_io) {
cpu_io_recompile(cpu, retaddr);
}
cpu->mem_io_vaddr = addr;
cpu->mem_io_pc = retaddr;
if (mr->global_locking && !qemu_mutex_iothread_locked()) {
qemu_mutex_lock_iothread();
locked = true;
}
r = memory_region_dispatch_write(mr, mr_offset,
val, size, iotlbentry->attrs);
if (r != MEMTX_OK) {
hwaddr physaddr = mr_offset +
section->offset_within_address_space -
section->offset_within_region;
cpu_transaction_failed(cpu, physaddr, addr, size, MMU_DATA_STORE,
mmu_idx, iotlbentry->attrs, r, retaddr);
}
if (locked) {
qemu_mutex_unlock_iothread();
}
}
/* Probe for a read-modify-write atomic operation. Do not allow unaligned
* operations, or io operations to proceed. Return the host address. */
static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
TCGMemOpIdx oi, uintptr_t retaddr,
NotDirtyInfo *ndi)
{
size_t mmu_idx = get_mmuidx(oi);
uintptr_t index = tlb_index(env, mmu_idx, addr);
CPUTLBEntry *tlbe = tlb_entry(env, mmu_idx, addr);
target_ulong tlb_addr = tlb_addr_write(tlbe);
TCGMemOp mop = get_memop(oi);
int a_bits = get_alignment_bits(mop);
int s_bits = mop & MO_SIZE;
void *hostaddr;
/* Adjust the given return address. */
retaddr -= GETPC_ADJ;
/* Enforce guest required alignment. */
if (unlikely(a_bits > 0 && (addr & ((1 << a_bits) - 1)))) {
/* ??? Maybe indicate atomic op to cpu_unaligned_access */
cpu_unaligned_access(ENV_GET_CPU(env), addr, MMU_DATA_STORE,
mmu_idx, retaddr);
}
/* Enforce qemu required alignment. */
if (unlikely(addr & ((1 << s_bits) - 1))) {
/* We get here if guest alignment was not requested,
or was not enforced by cpu_unaligned_access above.
We might widen the access and emulate, but for now
mark an exception and exit the cpu loop. */
goto stop_the_world;
}
/* Check TLB entry and enforce page permissions. */
if (!tlb_hit(tlb_addr, addr)) {
if (!VICTIM_TLB_HIT(addr_write, addr)) {
tlb_fill(ENV_GET_CPU(env), addr, 1 << s_bits, MMU_DATA_STORE,
mmu_idx, retaddr);
index = tlb_index(env, mmu_idx, addr);
tlbe = tlb_entry(env, mmu_idx, addr);
}
tlb_addr = tlb_addr_write(tlbe) & ~TLB_INVALID_MASK;
}
/* Notice an IO access or a needs-MMU-lookup access */
if (unlikely(tlb_addr & (TLB_MMIO | TLB_RECHECK))) {
/* There's really nothing that can be done to
support this apart from stop-the-world. */
goto stop_the_world;
}
/* Let the guest notice RMW on a write-only page. */
if (unlikely(tlbe->addr_read != (tlb_addr & ~TLB_NOTDIRTY))) {
tlb_fill(ENV_GET_CPU(env), addr, 1 << s_bits, MMU_DATA_LOAD,
mmu_idx, retaddr);
/* Since we don't support reads and writes to different addresses,
and we do have the proper page loaded for write, this shouldn't
ever return. But just in case, handle via stop-the-world. */
goto stop_the_world;
}
hostaddr = (void *)((uintptr_t)addr + tlbe->addend);
ndi->active = false;
if (unlikely(tlb_addr & TLB_NOTDIRTY)) {
ndi->active = true;
memory_notdirty_write_prepare(ndi, ENV_GET_CPU(env), addr,
qemu_ram_addr_from_host_nofail(hostaddr),
1 << s_bits);
}
return hostaddr;
stop_the_world:
cpu_loop_exit_atomic(ENV_GET_CPU(env), retaddr);
}
