Commit Graph

25562 Commits

Author SHA1 Message Date
Anthony Green
bd86a88eed Add moxie disassembler
Signed-off-by: Anthony Green <green@moxielogic.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-03-23 14:25:41 +00:00
Anthony Green
525bd324c2 Add moxie target code
Signed-off-by: Anthony Green <green@moxielogic.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-03-23 14:25:41 +00:00
Blue Swirl
f7c61bf8fc Merge branch 'for-upstream' of git://github.com/mwalle/qemu
* 'for-upstream' of git://github.com/mwalle/qemu:
  configure: rename OpenGL feature to GLX
  configure: proper OpenGL/GLX probe
  target-lm32: use HELPER() macro
  target-lm32: flush tlb after clearing env
  target-lm32: remove dead code
  target-lm32: fix cmpgui and cmpgeui opcodes
  tests: tcg: lm32: add more test cases
  target-lm32: don't log cpu state in translation
  lm32_uart: fix receive buffering
  milkymist-uart: fix receive buffering
  lm32-dis: fix NULL pointer dereference
  target-lm32: fix debug memory access
2013-03-23 14:23:26 +00:00
Aurelien Jarno
d76bb73549 Merge branch 'ppc-for-upstream' of git://github.com/agraf/qemu
* 'ppc-for-upstream' of git://github.com/agraf/qemu: (58 commits)
  target-ppc: Use NARROW_MODE macro for tlbie
  target-ppc: Use NARROW_MODE macro for addresses
  target-ppc: Use NARROW_MODE macro for comparisons
  target-ppc: Use NARROW_MODE macro for branches
  target-ppc: Fix add and subf carry generation in narrow mode
  target-ppc: Use QOM method dispatch for MMU fault handling
  target-ppc: Move ppc tlb_fill implementation into mmu_helper.c
  target-ppc: Split user only code out of mmu_helper.c
  mmu-hash64: Implement Virtual Page Class Key Protection
  mmu-hash*: Merge translate and fault handling functions
  mmu-hash*: Don't use full ppc_hash{32, 64}_translate() path for get_phys_page_debug()
  mmu-hash*: Correctly mask RPN from hash PTE
  mmu-hash*: Clean up real address calculation
  mmu-hash*: Clean up PTE flags update
  mmu-hash64: Factor SLB N bit into permissions bits
  mmu-hash*: Clean up permission checking
  mmu-hash32: Remove nx from context structure
  mmu-hash*: Don't update PTE flags when permission is denied
  mmu-hash32: Don't look up page tables on BAT permission error
  mmu-hash32: Cleanup BAT lookup
  ...
2013-03-22 21:43:57 +01:00
Yeongkyoon Lee
52ae646d4a tcg: Fix occasional TCG broken problem when ldst optimization enabled
is_tcg_gen_code() checks the upper limit of TCG generated code range wrong, so
that TCG could get broken occasionally only when CONFIG_QEMU_LDST_OPTIMIZATION
enabled. The reason is code_gen_buffer_max_size does not cover the upper range
up to (TCG_MAX_OP_SIZE * OPC_BUF_SIZE), thus code_gen_buffer_max_size should be
modified to code_gen_buffer_size.

CC: qemu-stable@nongnu.org
Signed-off-by: Yeongkyoon Lee <yeongkyoon.lee@samsung.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2013-03-22 21:38:21 +01:00
Anthony Liguori
3f08ffb4a4 Merge remote-tracking branch 'kwolf/for-anthony' into staging
# By Kevin Wolf (12) and Peter Lieven (2)
# Via Kevin Wolf
* kwolf/for-anthony:
  nbd: Check against invalid option combinations
  nbd: Use default port if only host is specified
  block: Allow omitting the file name when using driver-specific options
  block: Make find_image_format safe with NULL filename
  block: Rename variable to avoid shadowing
  block: Introduce .bdrv_parse_filename callback
  nbd: Accept -drive options for the network connection
  nbd: Remove unused functions
  nbd: Keep hostname and port separate
  qemu-socket: Make socket_optslist public
  block: Pass bdrv_file_open() options to block drivers
  block: Add options QDict to bdrv_file_open() prototypes
  block: complete all IOs before resizing a device
  Revert "block: complete all IOs before .bdrv_truncate"
2013-03-22 13:08:01 -05:00
Anthony Liguori
cecd77ae6d Merge remote-tracking branch 'stefanha/trivial-patches' into staging
# By liguang (2) and others
# Via Stefan Hajnoczi
* stefanha/trivial-patches:
  qdev: remove redundant abort()
  gitignore: ignore more files
  Use proper term in TCG README
  serial: Fix debug format strings
  Fix typos and misspellings
  Advertise --libdir in configure --help output
  memory: fix a bug of detection of memory region collision
  MinGW: Replace setsockopt by qemu_setsocketopt
2013-03-22 13:05:57 -05:00
Anthony Liguori
f930820704 Merge remote-tracking branch 'cohuck/virtio-ccw-upstr' into staging
# By Cornelia Huck
# Via Cornelia Huck
* cohuck/virtio-ccw-upstr:
  virtio-ccw, s390-virtio: Use generic virtio-blk macro.
  s390-virtio, virtio-ccw: Add config_wce for virtio-blk.
  virtio-ccw: Add missing blk chs properties.
2013-03-22 13:05:50 -05:00
Kevin Wolf
681e7ad024 nbd: Check against invalid option combinations
A file name may only specified if no host or socket path is specified.
The latter two may not appear at the same time either.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22 17:51:32 +01:00
Kevin Wolf
bebbf7fa9c nbd: Use default port if only host is specified
The URL method already takes care to apply the default port when none is
specfied. Directly specifying driver-specific options required the port
number until now. Allow leaving it out and apply the default.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22 17:51:32 +01:00
Kevin Wolf
c2ad1b0c46 block: Allow omitting the file name when using driver-specific options
After this patch, using -drive with an empty file name continues to open
the file if driver-specific options are used. If no driver-specific
options are specified, the semantics stay as it was: It defines a drive
without an inserted medium.

In order to achieve this, bdrv_open() must be made safe to work with a
NULL filename parameter. The assumption that is made is that only block
drivers which implement bdrv_parse_filename() support using driver
specific options and could therefore work without a filename. These
drivers must make sure to cope with NULL in their implementation of
.bdrv_open() (this is only NBD for now). For all other drivers, the
block layer code will make sure to error out before calling into their
code - they can't possibly work without a filename.

Now an NBD connection can be opened like this:

  qemu-system-x86_64 -drive file.driver=nbd,file.port=1234,file.host=::1

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22 17:51:32 +01:00
Kevin Wolf
f5866fa438 block: Make find_image_format safe with NULL filename
In order to achieve this, the .bdrv_probe callbacks of all drivers must
cope with this. The DMG driver is the only one that bases its decision
on the filename and it needs to be changed.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22 17:51:32 +01:00
Kevin Wolf
08b392e151 block: Rename variable to avoid shadowing
bdrv_open() uses two different variables called options. Rename one of
them to avoid confusion and to allow the outer one to be accessed
everywhere.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22 17:51:32 +01:00
Kevin Wolf
6963a30d82 block: Introduce .bdrv_parse_filename callback
If a driver needs structured data and not just a string, it can provide
a .bdrv_parse_filename callback now that parses the command line string
into separate options. Keeping this separate from .bdrv_open_filename
ensures that the preferred way of directly specifying the options always
works as well if parsing the string works.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22 17:51:32 +01:00
Kevin Wolf
f53a1febcd nbd: Accept -drive options for the network connection
The existing parsers for the file name now parse everything into the
bdrv_open() options QDict. Instead of using these parsers, you can now
directly specify the options on the command line, like this:

    qemu-system-x86_64 -drive file=nbd:,file.port=1234,file.host=::1

Clearly the file=... part could use further improvement, but it's a
start.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22 17:51:32 +01:00
Kevin Wolf
197a4859b9 nbd: Remove unused functions
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22 17:51:32 +01:00
Kevin Wolf
f17c90bed1 nbd: Keep hostname and port separate
The NBD block supports an URL syntax, for which a URL parser returns
separate hostname and port fields. It also supports the traditional qemu
syntax encoded in a filename. Until now, after parsing the URL to get
each piece of information, a new string is built to be fed to socket
functions.

Instead of building a string in the URL case that is immediately parsed
again, parse the string in both cases and use the QemuOpts interface to
qemu-sockets.c.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22 17:51:31 +01:00
Kevin Wolf
e62be8888a qemu-socket: Make socket_optslist public
Allow other users to create the QemuOpts needed for inet_connect_opts().

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22 17:51:31 +01:00
Kevin Wolf
707ff8282b block: Pass bdrv_file_open() options to block drivers
Specify -drive file.option=... on the command line to pass the option to
the protocol instead of the format driver.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22 17:51:31 +01:00
Kevin Wolf
787e4a8500 block: Add options QDict to bdrv_file_open() prototypes
The new parameter is unused yet.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
2013-03-22 17:51:31 +01:00
Peter Lieven
92b7a08d64 block: complete all IOs before resizing a device
this patch ensures that all pending IOs are completed
before a device is resized. this is especially important
if a device is shrinked as it the bdrv_check_request()
result is invalidated.

Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-03-22 17:51:31 +01:00
Peter Lieven
5c916681ae Revert "block: complete all IOs before .bdrv_truncate"
brdv_truncate() is also called from readv/writev commands on self-
growing file based storage. this will result in requests waiting
for theirselves to complete.

This reverts commit 9a665b2b86.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-03-22 17:51:31 +01:00
liguang
01ed1d527c qdev: remove redundant abort()
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: liguang <lig.fnst@cn.fujitsu.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-03-22 16:09:59 +01:00
liguang
082369e62c gitignore: ignore more files
ignore *.patch, *.gcda, *.gcno

Signed-off-by: liguang <lig.fnst@cn.fujitsu.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-03-22 16:09:46 +01:00
陳韋任 (Wei-Ren Chen)
294e4669a5 Use proper term in TCG README
In TCG, "target" means the host architecture for which TCG generates
the code. Using "guest" rather than "target" to make the document more
consistent.

Signed-off-by: Chen Wei-Ren <chenwj@iis.sinica.edu.tw>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-03-22 15:55:03 +01:00
Richard Henderson
9ca3f7f316 target-ppc: Use NARROW_MODE macro for tlbie
Removing conditional compilation in the process.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:54 +01:00
Richard Henderson
c791fe8436 target-ppc: Use NARROW_MODE macro for addresses
Removing conditional compilation in the process.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:54 +01:00
Richard Henderson
02765534f7 target-ppc: Use NARROW_MODE macro for comparisons
Removing conditional compilation in the process.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:54 +01:00
Richard Henderson
e0c8f9ce85 target-ppc: Use NARROW_MODE macro for branches
Removing conditional compilation in the process.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:54 +01:00
Richard Henderson
79482e5ab3 target-ppc: Fix add and subf carry generation in narrow mode
The set of computations used in b5a73f8d8a
are only valid if the current word size == target_long size.  This failed
to take ppc64 in 32-bit (narrow) mode into account.

Add a NARROW_MODE macro to avoid conditional compilation.

Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:54 +01:00
David Gibson
b632a148b6 target-ppc: Use QOM method dispatch for MMU fault handling
After previous cleanups, the many scattered checks of env->mmu_model in
the ppc MMU implementation have, at least for "classic" hash MMUs been
reduced (almost) to a single switch at the top of
cpu_ppc_handle_mmu_fault().

An explicit switch is still a pretty ugly way of handling this though.  Now
that Andreas Färber's CPU QOM cleanups for ppc have gone in, it's quite
straightforward to instead make the handle_mmu_fault function a QOM method
on the CPU object.

This patch implements such a scheme, initializing the method pointer at
the same time as the mmu_model variable.  We need to keep the latter around
for now, because of the MMU types (BookE, 4xx, et al) which haven't been
converted to the new scheme yet, and also for a few other uses.  It would
be good to clean those up eventually.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:53 +01:00
David Gibson
eb20c1c6da target-ppc: Move ppc tlb_fill implementation into mmu_helper.c
For softmmu builds the interface from the generic code to the target
specific MMU implementation is through the tlb_fill() function.  For ppc
this is currently in mem_helper.c, whereas it would make more sense in
mmu_helper.c.  This patch moves it, which also allows
cpu_ppc_handle_mmu_fault() to become a local function in mmu_helper.c

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:53 +01:00
David Gibson
cc8eae8ac7 target-ppc: Split user only code out of mmu_helper.c
mmu_helper.c is, for obvious reasons, almost entirely concerned with
softmmu builds of qemu.  However, it does contain one stub function which
is used when CONFIG_USER_ONLY=y - the user only versoin of
cpu_ppc_handle_mmu_fault, which always triggers an exception.  The entire
rest of the file is surrounded by #if !defined(CONFIG_USER_ONLY).

We clean this up by moving the user only stub into its own new file,
removing the ifdefs and building mmu_helper.c only when CONFIG_SOFTMMU
is set.  This also lets us remove the #define of cpu_handle_mmu_fault to
cpu_ppc_handle_mmu_fault - that name is only used from generic code for
user only - so we just name our split user version by the generic name.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:53 +01:00
David Gibson
f80872e21c mmu-hash64: Implement Virtual Page Class Key Protection
Version 2.06 of the Power architecture describes an additional page
protection mechanism.  Each virtual page has a "class" (0-31) recorded in
the PTE.  The AMR register contains bits which can prohibit reads and/or
writes on a class by class basis.  Interestingly, the AMR is userspace
readable and writable, however user mode writes are masked by the contents
of the UAMOR which is privileged.

This patch implements this protection mechanism, along with the AMR and
UAMOR SPRs.  The architecture also specifies a hypervisor-privileged AMOR
register which masks user and supervisor writes to the AMR and UAMOR.  We
leave this out for now, since we don't at present model hypervisor mode
correctly in any case.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[agraf: fix 32-bit hosts]
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:53 +01:00
David Gibson
caa597bd9f mmu-hash*: Merge translate and fault handling functions
ppc_hash{32,64}_handle_mmu_fault() is now the only caller of
ppc_hash{32,64{_translate(), so this patch combines them together.  This
means that instead of one returning a variety of non-obvious error codes
which then get translated into the various mmu exception conditions, we can
just generate the exceptions as we discover problems in the translation
path.  This also removes the last usage of mmu_ctx_hash{32,64}.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:53 +01:00
David Gibson
5883d8b296 mmu-hash*: Don't use full ppc_hash{32, 64}_translate() path for get_phys_page_debug()
Currently the hash mmu versionsof get_phys_page_debug() use the same
ppc64_hash64_translate() function to do the translation logic as the normal
mm fault handler code.

That sounds like a good idea, but has some complications. The debug path
doesn't need, or even want some parts of the full translation path, like
permissions checking.  Furthermore, the pte flags update included in the
normal path means that the debug call is not quite side effect free.

This patch, therefore, reimplements get_phys_page_debug as the minimal
required subset of the full translation path.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>`z
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:53 +01:00
David Gibson
75d5ec89c0 mmu-hash*: Correctly mask RPN from hash PTE
BEHAVIOUR CHANGE

At present we take the whole of word 1 of the hash PTE as the real page
number used to calculate the translated address.  This is incorrect,
because it leaves the flags from the low bits of PTE word 1 in place in the
rpm.  We mostly get away with that because the value is later masked by
TARGET_PAGE_MASK.

More recent 64-bit CPUs also have a small number of flag bits (PP0 and
KEY) in the top bits of PTE word 1.  Any guest which used those bits would
fail with the current code.

This patch fixes the problem by correctly masking out the RPN field of
PTE word 1.  This is safe, even for older CPUs which didn't have PP0 and
KEY, because although the RPN notionally extended to the very top of PTE
word 1, none of those CPUs actually implemented that many real address
bits.

We add analogous masking to the 32-bit code, even though it also doesn't
have the high flag bits, for consistency and clarity.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:53 +01:00
David Gibson
6d11d998bb mmu-hash*: Clean up real address calculation
More recent 64-bit hash MMUs support multiple page sizes, and PTEs for
large pages only include the offset of the whole large page.  But the qemu
tlb only handles pages of the base size (4k) so we need to break up the
large pages into 4k pieces for the qemu tlb.  To do that we have a somewhat
awkward piece of code that adds the folds address bits 4k and the page size
from the virtual address into the real address from the pte.

This patch simplifies this redefining the raddr output of
ppc_hash64_translate() to be the full real address of the faulting address,
rather than just the (4k) page offset.  Computing that turns out to be
simpler, and is fine for the caller, since it already masks with
TARGET_PAGE_MASK before inserting into the qemu tlb.

The multiple page size complication doesn't exist for 32-bit hash mmus, but
we make an analogous cleanup there for consistency.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:52 +01:00
David Gibson
b344074642 mmu-hash*: Clean up PTE flags update
Currently the ppc_hash{32,64}_pte_update_flags() helper functions update a
PTE's referenced and changed bits as necessary to reflect the access.  It
is somewhat long winded, though.  This patch open codes them in their
(single) callers, in a simpler way.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:52 +01:00
David Gibson
57d0a39d98 mmu-hash64: Factor SLB N bit into permissions bits
BEHAVIOUR CHANGE

Currently, for 64-bit hash mmu, the execute protection bit placed into the
qemu tlb is based only on the N (No execute) bit from the PTE.  However,
No Execute can also be set at the segment level.  We do check this on
execute faults, but this still means we could incorrectly allow execution
of code from a No Execute segment, if a prior read or write fault caused
the page to be loaded into the qemu tlb with PROT_EXEC set.

To correct this, we (re-)check the segment level no execute permission when
generating the protection bits for the qemu tlb.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:52 +01:00
David Gibson
e01b444523 mmu-hash*: Clean up permission checking
Currently checking of PTE permission bits is split messily amongst
ppc_hash{32,64}_pp_check(), ppc_hash{32,64}_check_prot() and their callers.
This patch cleans this up to have the new function
ppc_hash{32,64}_pte_prot() compute the page permissions from the SLBE (for
64-bit) or segment register (32-bit) and the pte.  A greatly simplified
version of the actual permissions check is then open coded in the callers.

The 32-bit version of ppc_hash32_pte_prot() is implemented in terms of
ppc_hash32_pp_prot(), a renamed and slightly cleaned up version of the old
ppc_hash32_pp_check(), which is also used for checking BAT permissions on
the 601.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:52 +01:00
David Gibson
e1a53ba2e0 mmu-hash32: Remove nx from context structure
Previous cleanups have meant the nx field of the mmu_ctx_hash32 structure
is now only used within ppc_hash32_translate(), and so it can be replaced
by a local variable.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:52 +01:00
David Gibson
87dc3fd13e mmu-hash*: Don't update PTE flags when permission is denied
BEHAVIOUR CHANGE

Currently if ppc_hash{32,64}_translate() finds a PTE matching the given
virtual address, it will always update the PTE's R & C (Referenced and
Changed) bits.  This happens even if the PTE's permissions mean we are
about to deny the translation.

This is clearly a bug, although we get away with it because:
  a) It will only incorrectly set, never reset the bits, which should not
cause guest correctness problems.
  b) Linux guests never use the R & C bits anyway.

This patch fixes the behaviour, only updating R & C when access is granted
by the PTE.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:52 +01:00
David Gibson
59acbe2855 mmu-hash32: Don't look up page tables on BAT permission error
BEHAVIOUR CHANGE

Currently, on any failure translating an address with BATs, we proceed to
normal segment and page table translation.  That's incorrect if the
BAT error was due to permissions, rather than not finding a matching BAT.
We've gotten away with it because a guest would not usually put
translations for the same address in both BATs and page table.  Nonetheless
this patch corrects the logic, only doing page table lookup if no BAT
is found.  A matching BAT with bad permissions will now correctly trigger
an exception.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:51 +01:00
David Gibson
145e52f318 mmu-hash32: Cleanup BAT lookup
This patch makes a general cleanup of the ppc_hash32_get_bat() function,
renaming it to ppc_hash32_bat_lookup().  In particular, the new function
only looks for a matching BAT, with the permissions check from the old
function moved to the caller.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:51 +01:00
David Gibson
6fc76aa9ad mmu-hash32: Clean up BAT matching logic
The code to search for a matching BAT for a virtual address is somewhat
longwinded and awkward.  In particular, it relies on seperate size and
validity information being returned from the hash32_bat_size() function
(and 601 specific variant).

We simplify this by having hash32_bat_size() return instead a mask of the
virtual address bits to match, and 0 for invalid (since a BAT can never
match the entire address space).

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:51 +01:00
David Gibson
e1d4951593 mmu-hash32: Split BAT size logic from permissions logic
hash32_bat_size_prot() and its 601 variant, as the name suggests, returns
both a BAT's size - needed to search for a matching BAT - and its
permissions, only relevant once a matching BAT has been located.

There's no particular advantage to combining these, so we split these roles
into seperate functions for clarity.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:51 +01:00
David Gibson
9986ed1ed0 mmu-hash32: Remove odd pointer usage from BAT code
In the code for handling BATs, the hash32_bat_size_prot() and
hash32_bat_601_size_prot() functions are passed the BAT contents by
reference (pointer) for no clear reason, since they only need the values
within.

This patch removes this odd usage, and uses the resulting change to clean
up the caller slightly.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:51 +01:00
David Gibson
6a9801106e mmu-hash*: Fold pte_check*() logic into caller
With previous cleanups made, the 32-bit and 64-bit pte_check*() functions
are pretty trivial and only have one call site.  This patch therefore
clarifies the overall code flow by folding those functions into their
call site.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:51 +01:00
David Gibson
1814889876 mmu-hash64: Clean up ppc_hash64_htab_lookup()
This patch makes a general cleanup of the address mangling logic in
ppc_hash64_htab_lookup().  In particular it now avoids repeatedly switching
on the segment size.  The lack of SLB and multiple segment sizes on 32-bit
means an analogous cleanup is not needed there.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
2013-03-22 15:28:50 +01:00