1: /*
    2:  * QEMU SPARC iommu emulation
    3:  *
    4:  * Copyright (c) 2003-2005 Fabrice Bellard
    5:  *
    6:  * Permission is hereby granted, free of charge, to any person obtaining a copy
    7:  * of this software and associated documentation files (the "Software"), to deal
    8:  * in the Software without restriction, including without limitation the rights
    9:  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
   10:  * copies of the Software, and to permit persons to whom the Software is
   11:  * furnished to do so, subject to the following conditions:
   12:  *
   13:  * The above copyright notice and this permission notice shall be included in
   14:  * all copies or substantial portions of the Software.
   15:  *
   16:  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
   17:  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   18:  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
   19:  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
   20:  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
   21:  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
   22:  * THE SOFTWARE.
   23:  */
   24: #include "hw.h"
   25: #include "sun4m.h"
   26: 
   27: /* debug iommu */
   28: //#define DEBUG_IOMMU
   29: 
   30: #ifdef DEBUG_IOMMU
   31: #define DPRINTF(fmt, args...) \
   32: do { printf("IOMMU: " fmt , ##args); } while (0)
   33: #else
   34: #define DPRINTF(fmt, args...)
   35: #endif
   36: 
   37: #define IOMMU_NREGS (3*4096/4)
   38: #define IOMMU_CTRL          (0x0000 >> 2)
   39: #define IOMMU_CTRL_IMPL     0xf0000000 /* Implementation */
   40: #define IOMMU_CTRL_VERS     0x0f000000 /* Version */
   41: #define IOMMU_CTRL_RNGE     0x0000001c /* Mapping RANGE */
   42: #define IOMMU_RNGE_16MB     0x00000000 /* 0xff000000 -> 0xffffffff */
   43: #define IOMMU_RNGE_32MB     0x00000004 /* 0xfe000000 -> 0xffffffff */
   44: #define IOMMU_RNGE_64MB     0x00000008 /* 0xfc000000 -> 0xffffffff */
   45: #define IOMMU_RNGE_128MB    0x0000000c /* 0xf8000000 -> 0xffffffff */
   46: #define IOMMU_RNGE_256MB    0x00000010 /* 0xf0000000 -> 0xffffffff */
   47: #define IOMMU_RNGE_512MB    0x00000014 /* 0xe0000000 -> 0xffffffff */
   48: #define IOMMU_RNGE_1GB      0x00000018 /* 0xc0000000 -> 0xffffffff */
   49: #define IOMMU_RNGE_2GB      0x0000001c /* 0x80000000 -> 0xffffffff */
   50: #define IOMMU_CTRL_ENAB     0x00000001 /* IOMMU Enable */
   51: #define IOMMU_CTRL_MASK     0x0000001d
   52: 
   53: #define IOMMU_BASE          (0x0004 >> 2)
   54: #define IOMMU_BASE_MASK     0x07fffc00
   55: 
   56: #define IOMMU_TLBFLUSH      (0x0014 >> 2)
   57: #define IOMMU_TLBFLUSH_MASK 0xffffffff
   58: 
   59: #define IOMMU_PGFLUSH       (0x0018 >> 2)
   60: #define IOMMU_PGFLUSH_MASK  0xffffffff
   61: 
   62: #define IOMMU_AFSR          (0x1000 >> 2)
   63: #define IOMMU_AFSR_ERR      0x80000000 /* LE, TO, or BE asserted */
   64: #define IOMMU_AFSR_LE       0x40000000 /* SBUS reports error after
   65:                                           transaction */
   66: #define IOMMU_AFSR_TO       0x20000000 /* Write access took more than
   67:                                           12.8 us. */
   68: #define IOMMU_AFSR_BE       0x10000000 /* Write access received error
   69:                                           acknowledge */
   70: #define IOMMU_AFSR_SIZE     0x0e000000 /* Size of transaction causing error */
   71: #define IOMMU_AFSR_S        0x01000000 /* Sparc was in supervisor mode */
   72: #define IOMMU_AFSR_RESV     0x00800000 /* Reserved, forced to 0x8 by
   73:                                           hardware */
   74: #define IOMMU_AFSR_ME       0x00080000 /* Multiple errors occurred */
   75: #define IOMMU_AFSR_RD       0x00040000 /* A read operation was in progress */
   76: #define IOMMU_AFSR_FAV      0x00020000 /* IOMMU afar has valid contents */
   77: #define IOMMU_AFSR_MASK     0xff0fffff
   78: 
   79: #define IOMMU_AFAR          (0x1004 >> 2)
   80: 
   81: #define IOMMU_SBCFG0        (0x1010 >> 2) /* SBUS configration per-slot */
   82: #define IOMMU_SBCFG1        (0x1014 >> 2) /* SBUS configration per-slot */
   83: #define IOMMU_SBCFG2        (0x1018 >> 2) /* SBUS configration per-slot */
   84: #define IOMMU_SBCFG3        (0x101c >> 2) /* SBUS configration per-slot */
   85: #define IOMMU_SBCFG_SAB30   0x00010000 /* Phys-address bit 30 when
   86:                                           bypass enabled */
   87: #define IOMMU_SBCFG_BA16    0x00000004 /* Slave supports 16 byte bursts */
   88: #define IOMMU_SBCFG_BA8     0x00000002 /* Slave supports 8 byte bursts */
   89: #define IOMMU_SBCFG_BYPASS  0x00000001 /* Bypass IOMMU, treat all addresses
   90:                                           produced by this device as pure
   91:                                           physical. */
   92: #define IOMMU_SBCFG_MASK    0x00010003
   93: 
   94: #define IOMMU_ARBEN         (0x2000 >> 2) /* SBUS arbitration enable */
   95: #define IOMMU_ARBEN_MASK    0x001f0000
   96: #define IOMMU_MID           0x00000008
   97: 
   98: /* The format of an iopte in the page tables */
   99: #define IOPTE_PAGE          0xffffff00 /* Physical page number (PA[35:12]) */
  100: #define IOPTE_CACHE         0x00000080 /* Cached (in vme IOCACHE or
  101:                                           Viking/MXCC) */
  102: #define IOPTE_WRITE         0x00000004 /* Writeable */
  103: #define IOPTE_VALID         0x00000002 /* IOPTE is valid */
  104: #define IOPTE_WAZ           0x00000001 /* Write as zeros */
  105: 
  106: #define PAGE_SHIFT      12
  107: #define PAGE_SIZE       (1 << PAGE_SHIFT)
  108: #define PAGE_MASK       (PAGE_SIZE - 1)
  109: 
  110: typedef struct IOMMUState {
  111:     target_phys_addr_t addr;
  112:     uint32_t regs[IOMMU_NREGS];
  113:     target_phys_addr_t iostart;
  114:     uint32_t version;
  115:     qemu_irq irq;
  116: } IOMMUState;
  117: 
  118: static uint32_t iommu_mem_readl(void *opaque, target_phys_addr_t addr)
  119: {
  120:     IOMMUState *s = opaque;
  121:     target_phys_addr_t saddr;
  122:     uint32_t ret;
  123: 
  124:     saddr = (addr - s->addr) >> 2;
  125:     switch (saddr) {
  126:     default:
  127:         ret = s->regs[saddr];
  128:         break;
  129:     case IOMMU_AFAR:
  130:     case IOMMU_AFSR:
  131:         ret = s->regs[saddr];
  132:         qemu_irq_lower(s->irq);
  133:         break;
  134:     }
  135:     DPRINTF("read reg[%d] = %x\n", (int)saddr, ret);
  136:     return ret;
  137: }
  138: 
  139: static void iommu_mem_writel(void *opaque, target_phys_addr_t addr,
  140:                              uint32_t val)
  141: {
  142:     IOMMUState *s = opaque;
  143:     target_phys_addr_t saddr;
  144: 
  145:     saddr = (addr - s->addr) >> 2;
  146:     DPRINTF("write reg[%d] = %x\n", (int)saddr, val);
  147:     switch (saddr) {
  148:     case IOMMU_CTRL:
  149:         switch (val & IOMMU_CTRL_RNGE) {
  150:         case IOMMU_RNGE_16MB:
  151:             s->iostart = 0xffffffffff000000ULL;
  152:             break;
  153:         case IOMMU_RNGE_32MB:
  154:             s->iostart = 0xfffffffffe000000ULL;
  155:             break;
  156:         case IOMMU_RNGE_64MB:
  157:             s->iostart = 0xfffffffffc000000ULL;
  158:             break;
  159:         case IOMMU_RNGE_128MB:
  160:             s->iostart = 0xfffffffff8000000ULL;
  161:             break;
  162:         case IOMMU_RNGE_256MB:
  163:             s->iostart = 0xfffffffff0000000ULL;
  164:             break;
  165:         case IOMMU_RNGE_512MB:
  166:             s->iostart = 0xffffffffe0000000ULL;
  167:             break;
  168:         case IOMMU_RNGE_1GB:
  169:             s->iostart = 0xffffffffc0000000ULL;
  170:             break;
  171:         default:
  172:         case IOMMU_RNGE_2GB:
  173:             s->iostart = 0xffffffff80000000ULL;
  174:             break;
  175:         }
  176:         DPRINTF("iostart = " TARGET_FMT_plx "\n", s->iostart);
  177:         s->regs[saddr] = ((val & IOMMU_CTRL_MASK) | s->version);
  178:         break;
  179:     case IOMMU_BASE:
  180:         s->regs[saddr] = val & IOMMU_BASE_MASK;
  181:         break;
  182:     case IOMMU_TLBFLUSH:
  183:         DPRINTF("tlb flush %x\n", val);
  184:         s->regs[saddr] = val & IOMMU_TLBFLUSH_MASK;
  185:         break;
  186:     case IOMMU_PGFLUSH:
  187:         DPRINTF("page flush %x\n", val);
  188:         s->regs[saddr] = val & IOMMU_PGFLUSH_MASK;
  189:         break;
  190:     case IOMMU_AFAR:
  191:         s->regs[saddr] = val;
  192:         qemu_irq_lower(s->irq);
  193:         break;
  194:     case IOMMU_AFSR:
  195:         s->regs[saddr] = (val & IOMMU_AFSR_MASK) | IOMMU_AFSR_RESV;
  196:         qemu_irq_lower(s->irq);
  197:         break;
  198:     case IOMMU_SBCFG0:
  199:     case IOMMU_SBCFG1:
  200:     case IOMMU_SBCFG2:
  201:     case IOMMU_SBCFG3:
  202:         s->regs[saddr] = val & IOMMU_SBCFG_MASK;
  203:         break;
  204:     case IOMMU_ARBEN:
  205:         // XXX implement SBus probing: fault when reading unmapped
  206:         // addresses, fault cause and address stored to MMU/IOMMU
  207:         s->regs[saddr] = (val & IOMMU_ARBEN_MASK) | IOMMU_MID;
  208:         break;
  209:     default:
  210:         s->regs[saddr] = val;
  211:         break;
  212:     }
  213: }
  214: 
  215: static CPUReadMemoryFunc *iommu_mem_read[3] = {
  216:     NULL,
  217:     NULL,
  218:     iommu_mem_readl,
  219: };
  220: 
  221: static CPUWriteMemoryFunc *iommu_mem_write[3] = {
  222:     NULL,
  223:     NULL,
  224:     iommu_mem_writel,
  225: };
  226: 
  227: static uint32_t iommu_page_get_flags(IOMMUState *s, target_phys_addr_t addr)
  228: {
  229:     uint32_t ret;
  230:     target_phys_addr_t iopte;
  231: #ifdef DEBUG_IOMMU
  232:     target_phys_addr_t pa = addr;
  233: #endif
  234: 
  235:     iopte = s->regs[IOMMU_BASE] << 4;
  236:     addr &= ~s->iostart;
  237:     iopte += (addr >> (PAGE_SHIFT - 2)) & ~3;
  238:     cpu_physical_memory_read(iopte, (uint8_t *)&ret, 4);
  239:     tswap32s(&ret);
  240:     DPRINTF("get flags addr " TARGET_FMT_plx " => pte " TARGET_FMT_plx
  241:             ", *pte = %x\n", pa, iopte, ret);
  242: 
  243:     return ret;
  244: }
  245: 
  246: static target_phys_addr_t iommu_translate_pa(IOMMUState *s,
  247:                                              target_phys_addr_t addr,
  248:                                              uint32_t pte)
  249: {
  250:     uint32_t tmppte;
  251:     target_phys_addr_t pa;
  252: 
  253:     tmppte = pte;
  254:     pa = ((pte & IOPTE_PAGE) << 4) + (addr & PAGE_MASK);
  255:     DPRINTF("xlate dva " TARGET_FMT_plx " => pa " TARGET_FMT_plx
  256:             " (iopte = %x)\n", addr, pa, tmppte);
  257: 
  258:     return pa;
  259: }
  260: 
  261: static void iommu_bad_addr(IOMMUState *s, target_phys_addr_t addr,
  262:                            int is_write)
  263: {
  264:     DPRINTF("bad addr " TARGET_FMT_plx "\n", addr);
  265:     s->regs[IOMMU_AFSR] = IOMMU_AFSR_ERR | IOMMU_AFSR_LE | IOMMU_AFSR_RESV |
  266:         IOMMU_AFSR_FAV;
  267:     if (!is_write)
  268:         s->regs[IOMMU_AFSR] |= IOMMU_AFSR_RD;
  269:     s->regs[IOMMU_AFAR] = addr;
  270:     qemu_irq_raise(s->irq);
  271: }
  272: 
  273: void sparc_iommu_memory_rw(void *opaque, target_phys_addr_t addr,
  274:                            uint8_t *buf, int len, int is_write)
  275: {
  276:     int l;
  277:     uint32_t flags;
  278:     target_phys_addr_t page, phys_addr;
  279: 
  280:     while (len > 0) {
  281:         page = addr & TARGET_PAGE_MASK;
  282:         l = (page + TARGET_PAGE_SIZE) - addr;
  283:         if (l > len)
  284:             l = len;
  285:         flags = iommu_page_get_flags(opaque, page);
  286:         if (!(flags & IOPTE_VALID)) {
  287:             iommu_bad_addr(opaque, page, is_write);
  288:             return;
  289:         }
  290:         phys_addr = iommu_translate_pa(opaque, addr, flags);
  291:         if (is_write) {
  292:             if (!(flags & IOPTE_WRITE)) {
  293:                 iommu_bad_addr(opaque, page, is_write);
  294:                 return;
  295:             }
  296:             cpu_physical_memory_write(phys_addr, buf, len);
  297:         } else {
  298:             cpu_physical_memory_read(phys_addr, buf, len);
  299:         }
  300:         len -= l;
  301:         buf += l;
  302:         addr += l;
  303:     }
  304: }
  305: 
  306: static void iommu_save(QEMUFile *f, void *opaque)
  307: {
  308:     IOMMUState *s = opaque;
  309:     int i;
  310: 
  311:     for (i = 0; i < IOMMU_NREGS; i++)
  312:         qemu_put_be32s(f, &s->regs[i]);
  313:     qemu_put_be64s(f, &s->iostart);
  314: }
  315: 
  316: static int iommu_load(QEMUFile *f, void *opaque, int version_id)
  317: {
  318:     IOMMUState *s = opaque;
  319:     int i;
  320: 
  321:     if (version_id != 2)
  322:         return -EINVAL;
  323: 
  324:     for (i = 0; i < IOMMU_NREGS; i++)
  325:         qemu_get_be32s(f, &s->regs[i]);
  326:     qemu_get_be64s(f, &s->iostart);
  327: 
  328:     return 0;
  329: }
  330: 
  331: static void iommu_reset(void *opaque)
  332: {
  333:     IOMMUState *s = opaque;
  334: 
  335:     memset(s->regs, 0, IOMMU_NREGS * 4);
  336:     s->iostart = 0;
  337:     s->regs[IOMMU_CTRL] = s->version;
  338:     s->regs[IOMMU_ARBEN] = IOMMU_MID;
  339:     s->regs[IOMMU_AFSR] = IOMMU_AFSR_RESV;
  340:     qemu_irq_lower(s->irq);
  341: }
  342: 
  343: void *iommu_init(target_phys_addr_t addr, uint32_t version, qemu_irq irq)
  344: {
  345:     IOMMUState *s;
  346:     int iommu_io_memory;
  347: 
  348:     s = qemu_mallocz(sizeof(IOMMUState));
  349:     if (!s)
  350:         return NULL;
  351: 
  352:     s->addr = addr;
  353:     s->version = version;
  354:     s->irq = irq;
  355: 
  356:     iommu_io_memory = cpu_register_io_memory(0, iommu_mem_read,
  357:                                              iommu_mem_write, s);
  358:     cpu_register_physical_memory(addr, IOMMU_NREGS * 4, iommu_io_memory);
  359: 
  360:     register_savevm("iommu", addr, 2, iommu_save, iommu_load, s);
  361:     qemu_register_reset(iommu_reset, s);
  362:     iommu_reset(s);
  363:     return s;
  364: }