| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Update the PTEH register to contain the VPN at which an MMU
exception occured as specified by the SH4 reference.
Signed-off-by: Alexandre Courbot <gnurou@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
Exception index of address read error should be 0x0e0.
Signed-off-by: Alexandre Courbot <gnurou@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
In cpu_sh4_invalidate_tlb, the UTLB was invalidated twice and the
ITLB left unchaged, probably because of some unfortunate copy/paste.
Signed-off-by: Alexandre Courbot <gnurou@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
Fix wrong usage of ! and & in MMU related functions. Thanks to Blue
Swirl for reporting the issue.
Reported-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
SH4 is using 16-bit instructions which means most of the constants are
loaded through a constant pool at the end of the subroutine. The same
memory page is therefore accessed in exec and read mode.
With the current implementation, a QEMU TLB entry is set to read or
read/write mode after an UTLB search and to exec mode after an ITLB
search, which causes a lot of TLB exceptions to switch from read or
read/write to exec and vice versa.
This patch optimizes that by already setting the QEMU TLB entry in read
or read/write mode when an UTLB entry is copied into ITLB (during an
ITLB miss). This improve the emulation speed by about 14%.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
Some Linux kernels seems to implement ITLB/UTLB flushing through by
writing all TLB entries through the memory mapped interface instead
of writing one to MMUCR.TI.
Implement memory mapped ITLB write interface so that such kernels can
boot. This fixes https://bugs.launchpad.net/bugs/700774 .
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
When building with -DNDEBUG, assert(0) will not stop execution
so it must not be used for abnormal termination.
Use cpu_abort() when in CPU context, abort() otherwise.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
QEMU uses a fixed page size for the CPU TLB. If the guest uses large
pages then we effectively split these into multiple smaller pages, and
populate the corresponding TLB entries on demand.
When the guest invalidates the TLB by virtual address we must invalidate
all entries covered by the large page. However the address used to
invalidate the entry may not be present in the QEMU TLB, so we do not
know which regions to clear.
Implementing a full vaiable size TLB is hard and slow, so just keep a
simple address/mask pair to record which addresses may have been mapped by
large pages. If the guest invalidates this region then flush the
whole TLB.
Signed-off-by: Paul Brook <paul@codesourcery.com>
|
|
cpu_get_phys_page_debug makes no sense for userspace emulation, so remove it.
Signed-off-by: Paul Brook <paul@codesourcery.com>
|
|
env->exception_index should be cleared with -1, not 0.
See also 821b19fe923ac49a24cdb4af902584fdd019cee6.
Spotted by Igor Kovalenko.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
On SH4, the ITLB and UTLB configurations are memory mapped, so loading
ITLB entries from UTLB has to be simulated correctly. For that the QEMU
TLB has to be handle the execute (ITLB) and read/write permissions
(UTLB) seperately.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
The store queues are located from 0xe0000000 to 0xe3ffffff.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
With the current code, the QEMU TLB is setup to match the read/write
mode of the MMU fault. This means when read access is done, the page
is setup in read-only mode. When the page is later accessed in write
mode, an MMU fault happened, and the page is switch in write-only
mode. This flip-flop causes a lot of calls to the MMU code and slow
down the emulation.
This patch changes the MMU emulation, so that the QEMU TLB is setup
to match the UTLB protection key. This impressively increase the
speed of the emulation.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
There is an ITLB access violation if SR_MD=0 (user mode) while
the high bit of the protection key is 0 (priviledge mode).
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
tlb_set_page() doesn't need addresses with offset, but simply the
page aligned addresses.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
When the MMUCR TI bit is set, all the UTLB and ITLB entries should be
flushed.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
In the very least, a change like this requires discussion on the list.
The naming convention is goofy and it causes a massive merge problem. Something
like this _must_ be presented on the list first so people can provide input
and cope with it.
This reverts commit 99a0949b720a0936da2052cb9a46db04ffc6db29.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Some not so obvious bits, slirp and Xen were left alone for the time
being.
Signed-off-by: malc <av1474@comtv.ru>
|
|
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
Include assert.h from qemu-common.h and remove other direct uses.
cpu-all.h still need to include it because of the dyngen-exec.h hacks
Signed-off-by: Paul Brook <paul@codesourcery.com>
|
|
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6970 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
The entire U0 area is assumed to be cacheable.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6969 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Author: Vladimir Prus <vladimir@codesourcery.com>
Fix movcal.l/ocbi emulation.
* target-sh4/cpu.h (memory_content): New.
(CPUSH4State): New fields movcal_backup and movcal_backup_tail.
* target-sh4/helper.h (helper_movcal)
(helper_discard_movcal_backup, helper_ocbi): New.
* target-sh4/op_helper.c (helper_movcal)
(helper_discard_movcal_backup, helper_ocbi): New.
* target-sh4/translate.c (DisasContext): New field has_movcal.
(sh4_defs): Update CVS for SH7785.
(cpu_sh4_init): Initialize env->movcal_backup_tail.
(_decode_opc): Discard movca.l-backup.
Make use of helper_movcal and helper_ocbi.
(gen_intermediate_code_internal): Initialize has_movcal to 1.
Thanks to Shin-ichiro KAWASAKI and Paul Mundt for valuable feedback.
Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6966 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Signed-off-by: Lionel Landwerlin <lionel.landwerlin@openwide.fr>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6675 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Version 2 of the patch.
Signed-off-by: Lionel Landwerlin <lionel.landwerlin@openwide.fr>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6672 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
With my previous patch (the one monitoring tlb), I found that the last
TLB entry was never use. Here a little fix.
Signed-off-by: Lionel Landwerlin <lionel.landwerlin@openwide.fr>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6671 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6668 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
These are references to 'loglevel' that aren't on a simple 'if (loglevel &
X) qemu_log()' statement.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6340 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
This is a large patch that changes all occurrences of logfile/loglevel
global variables to use the new qemu_log*() macros.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6338 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
The attached patch updates the FSF address in the GPL/LGPL boilerplate
in most GPL/LGPLed files, and also in COPYING.LIB.
Signed-off-by: Stuart Brady <stuart.brady@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6162 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
This patch adds SH bit handling to sh4's TLB, which is a part of MMU
functionality that had not been implemented in qemu.
Additionally, increment_urc() call in cpu_load_tlb() is deleted, because
the specification explicitly says that URC is not incremented by an LDTLB
instruction (at Section 3 of SH7751 Hardware manual(REJ09B0370-0400)).
Even though URC is not needed to be strictly same as HW because it is a
random number, this condition is not negligible.
Signed-off-by: Takashi YOSHII <takasi-y@ops.dti.ne.jp>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5971 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Main purpose of this is to delete
*physical = address & 0x1fffffff;
at target-sh4/helper.c:449, using new mmio rule introduced by #5849
This masking is a nice trick to realize P4/A7 duality of SH registers.
But, IMHO, it is logically wrong.
Most of SH4 cpu control registers in P4 area(0xfc000000...0xffffffff) have
one more address called A7 which is usually P4 address with upper 3bits masked.
This is an address only appears in TLB's physical address part.
Current code use trick writing drivers as if they are really in A7
(that's why you see many *_A7 in hw/sh*.c), and using translation P4 to A7.
Signed-off-by: Takashi YOSHII <takasi-y@ops.dti.ne.jp>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5935 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
This patch adds SuperH on-chip PCI controller(PCIC) support.
Signed-off-by: Takashi YOSHII <takasi-y@ops.dti.ne.jp>
Signed-off-by: Andrzej Zaborowski <andrew.zaborowski@intel.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5927 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Based on a patch from Vladimir Prus and comments from Shin-ichiro KAWASAKI.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5770 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Some bugs on SH4 MMU are fixed.
- When a TLB entry is overwritten or invalidated, tlb_flush_page() should be
invoked to invalidate old entry.
- When a ASID is changed, tlb_flush() should be invoke to invalidate entries
which have old ASID.
- The check for shared bit in TLB entry causes multiple TLB hit exception.
As SH3's MMU, shared bit is ignored.
- ASID is used when MMUCR's SV bit or SR's MD bit is zero.
No need to check both bits are zero.
(Shin-ichiro KAWASAKI)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5068 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
SH4 MMU's memory mapped TLB feature is implemented.
SH-Linux seems to write to memory mapped TLB to invalidate a TLB entry,
but does not to read it. So only memory write feature is implemented.
Work on memory read feature is left.
(Shin-ichiro KAWASAKI)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5067 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
Two bugs about delay slot handlings are fixed.
- After an exception occurred in delay slot, the branch instruction
before delay slot should be executed again. To judge such re-execution
is necessery or not, delay slot status is kept in SH4 CPU data structure.
- When a branch instruction is placed at the end of memory segment,
the delay slot is placed at the start of next memory segment.
It means delay slot comes to the start of a translation block.
In such occasion, DELAY_SLOT_CLAREME flag is used to transmit status
between translation blocks. When an exception occurs on this kind of
delay slot, DELAY_SLOT_CLEARME flag cause a status confusion in exception
handling. DELAY_SLOT_CLEARME flag should be cleared on exceptions.
And some items are added to CPU status dump.
(Shin-ichiro KAWASAKI)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5066 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
This patch adds sleep instruction.
(Shin-ichiro KAWASAKI)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5065 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
(Shin-ichiro KAWASAKI)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4396 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3764 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3762 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
allowing support of more than 2 mmu access modes.
Add backward compatibility is_user variable in targets code when needed.
Implement per target cpu_mmu_index function, avoiding duplicated code
and #ifdef TARGET_xxx in softmmu core functions.
Implement per target mmu modes definitions. As an example, add PowerPC
hypervisor mode definition and Alpha executive and kernel modes definitions.
Optimize PowerPC case, precomputing mmu_idx when MSR register changes
and using the same definition in code translation code.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3384 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3173 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
instead of target_ulong to be consistent.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2633 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1988 c046a42c-6fe2-441c-8c8c-71466251a162
|
|
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1861 c046a42c-6fe2-441c-8c8c-71466251a162
|
