sys_helper.c - cachepc-qemu - Fork of AMDESE/qemu with changes for cachepc side-channel attack

	cachepc-qemu Fork of AMDESE/qemu with changes for cachepc side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-qemu
	Log \| Files \| Refs \| Submodules \| LICENSE \| sfeed.txt
sys_helper.c (9716B)
      1/*
      2 * OpenRISC system instructions helper routines
      3 *
      4 * Copyright (c) 2011-2012 Jia Liu <proljc@gmail.com>
      5 *                         Zhizhou Zhang <etouzh@gmail.com>
      6 *
      7 * This library is free software; you can redistribute it and/or
      8 * modify it under the terms of the GNU Lesser General Public
      9 * License as published by the Free Software Foundation; either
     10 * version 2.1 of the License, or (at your option) any later version.
     11 *
     12 * This library is distributed in the hope that it will be useful,
     13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
     14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     15 * Lesser General Public License for more details.
     16 *
     17 * You should have received a copy of the GNU Lesser General Public
     18 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
     19 */
     20
     21#include "qemu/osdep.h"
     22#include "cpu.h"
     23#include "exec/exec-all.h"
     24#include "exec/helper-proto.h"
     25#include "exception.h"
     26#ifndef CONFIG_USER_ONLY
     27#include "hw/boards.h"
     28#endif
     29
     30#define TO_SPR(group, number) (((group) << 11) + (number))
     31
     32void HELPER(mtspr)(CPUOpenRISCState *env, target_ulong spr, target_ulong rb)
     33{
     34#ifndef CONFIG_USER_ONLY
     35    OpenRISCCPU *cpu = env_archcpu(env);
     36    CPUState *cs = env_cpu(env);
     37    target_ulong mr;
     38    int idx;
     39#endif
     40
     41    switch (spr) {
     42#ifndef CONFIG_USER_ONLY
     43    case TO_SPR(0, 11): /* EVBAR */
     44        env->evbar = rb;
     45        break;
     46
     47    case TO_SPR(0, 16): /* NPC */
     48        cpu_restore_state(cs, GETPC(), true);
     49        /* ??? Mirror or1ksim in not trashing delayed branch state
     50           when "jumping" to the current instruction.  */
     51        if (env->pc != rb) {
     52            env->pc = rb;
     53            env->dflag = 0;
     54            cpu_loop_exit(cs);
     55        }
     56        break;
     57
     58    case TO_SPR(0, 17): /* SR */
     59        cpu_set_sr(env, rb);
     60        break;
     61
     62    case TO_SPR(0, 32): /* EPCR */
     63        env->epcr = rb;
     64        break;
     65
     66    case TO_SPR(0, 48): /* EEAR */
     67        env->eear = rb;
     68        break;
     69
     70    case TO_SPR(0, 64): /* ESR */
     71        env->esr = rb;
     72        break;
     73
     74    case TO_SPR(0, 1024) ... TO_SPR(0, 1024 + (16 * 32)): /* Shadow GPRs */
     75        idx = (spr - 1024);
     76        env->shadow_gpr[idx / 32][idx % 32] = rb;
     77        break;
     78
     79    case TO_SPR(1, 512) ... TO_SPR(1, 512 + TLB_SIZE - 1): /* DTLBW0MR 0-127 */
     80        idx = spr - TO_SPR(1, 512);
     81        mr = env->tlb.dtlb[idx].mr;
     82        if (mr & 1) {
     83            tlb_flush_page(cs, mr & TARGET_PAGE_MASK);
     84        }
     85        if (rb & 1) {
     86            tlb_flush_page(cs, rb & TARGET_PAGE_MASK);
     87        }
     88        env->tlb.dtlb[idx].mr = rb;
     89        break;
     90    case TO_SPR(1, 640) ... TO_SPR(1, 640 + TLB_SIZE - 1): /* DTLBW0TR 0-127 */
     91        idx = spr - TO_SPR(1, 640);
     92        env->tlb.dtlb[idx].tr = rb;
     93        break;
     94    case TO_SPR(1, 768) ... TO_SPR(1, 895):   /* DTLBW1MR 0-127 */
     95    case TO_SPR(1, 896) ... TO_SPR(1, 1023):  /* DTLBW1TR 0-127 */
     96    case TO_SPR(1, 1024) ... TO_SPR(1, 1151): /* DTLBW2MR 0-127 */
     97    case TO_SPR(1, 1152) ... TO_SPR(1, 1279): /* DTLBW2TR 0-127 */
     98    case TO_SPR(1, 1280) ... TO_SPR(1, 1407): /* DTLBW3MR 0-127 */
     99    case TO_SPR(1, 1408) ... TO_SPR(1, 1535): /* DTLBW3TR 0-127 */
    100        break;
    101
    102    case TO_SPR(2, 512) ... TO_SPR(2, 512 + TLB_SIZE - 1): /* ITLBW0MR 0-127 */
    103        idx = spr - TO_SPR(2, 512);
    104        mr = env->tlb.itlb[idx].mr;
    105        if (mr & 1) {
    106            tlb_flush_page(cs, mr & TARGET_PAGE_MASK);
    107        }
    108        if (rb & 1) {
    109            tlb_flush_page(cs, rb & TARGET_PAGE_MASK);
    110        }
    111        env->tlb.itlb[idx].mr = rb;
    112        break;
    113    case TO_SPR(2, 640) ... TO_SPR(2, 640 + TLB_SIZE - 1): /* ITLBW0TR 0-127 */
    114        idx = spr - TO_SPR(2, 640);
    115        env->tlb.itlb[idx].tr = rb;
    116        break;
    117    case TO_SPR(2, 768) ... TO_SPR(2, 895):   /* ITLBW1MR 0-127 */
    118    case TO_SPR(2, 896) ... TO_SPR(2, 1023):  /* ITLBW1TR 0-127 */
    119    case TO_SPR(2, 1024) ... TO_SPR(2, 1151): /* ITLBW2MR 0-127 */
    120    case TO_SPR(2, 1152) ... TO_SPR(2, 1279): /* ITLBW2TR 0-127 */
    121    case TO_SPR(2, 1280) ... TO_SPR(2, 1407): /* ITLBW3MR 0-127 */
    122    case TO_SPR(2, 1408) ... TO_SPR(2, 1535): /* ITLBW3TR 0-127 */
    123        break;
    124
    125    case TO_SPR(5, 1):  /* MACLO */
    126        env->mac = deposit64(env->mac, 0, 32, rb);
    127        break;
    128    case TO_SPR(5, 2):  /* MACHI */
    129        env->mac = deposit64(env->mac, 32, 32, rb);
    130        break;
    131    case TO_SPR(8, 0):  /* PMR */
    132        env->pmr = rb;
    133        if (env->pmr & PMR_DME || env->pmr & PMR_SME) {
    134            cpu_restore_state(cs, GETPC(), true);
    135            env->pc += 4;
    136            cs->halted = 1;
    137            raise_exception(cpu, EXCP_HALTED);
    138        }
    139        break;
    140    case TO_SPR(9, 0):  /* PICMR */
    141        env->picmr = rb;
    142        break;
    143    case TO_SPR(9, 2):  /* PICSR */
    144        env->picsr &= ~rb;
    145        break;
    146    case TO_SPR(10, 0): /* TTMR */
    147        {
    148            if ((env->ttmr & TTMR_M) ^ (rb & TTMR_M)) {
    149                switch (rb & TTMR_M) {
    150                case TIMER_NONE:
    151                    cpu_openrisc_count_stop(cpu);
    152                    break;
    153                case TIMER_INTR:
    154                case TIMER_SHOT:
    155                case TIMER_CONT:
    156                    cpu_openrisc_count_start(cpu);
    157                    break;
    158                default:
    159                    break;
    160                }
    161            }
    162
    163            int ip = env->ttmr & TTMR_IP;
    164
    165            if (rb & TTMR_IP) {    /* Keep IP bit.  */
    166                env->ttmr = (rb & ~TTMR_IP) | ip;
    167            } else {    /* Clear IP bit.  */
    168                env->ttmr = rb & ~TTMR_IP;
    169                cs->interrupt_request &= ~CPU_INTERRUPT_TIMER;
    170            }
    171
    172            cpu_openrisc_timer_update(cpu);
    173        }
    174        break;
    175
    176    case TO_SPR(10, 1): /* TTCR */
    177        cpu_openrisc_count_set(cpu, rb);
    178        cpu_openrisc_timer_update(cpu);
    179        break;
    180#endif
    181
    182    case TO_SPR(0, 20): /* FPCSR */
    183        cpu_set_fpcsr(env, rb);
    184        break;
    185    }
    186}
    187
    188target_ulong HELPER(mfspr)(CPUOpenRISCState *env, target_ulong rd,
    189                           target_ulong spr)
    190{
    191#ifndef CONFIG_USER_ONLY
    192    MachineState *ms = MACHINE(qdev_get_machine());
    193    OpenRISCCPU *cpu = env_archcpu(env);
    194    CPUState *cs = env_cpu(env);
    195    int idx;
    196#endif
    197
    198    switch (spr) {
    199#ifndef CONFIG_USER_ONLY
    200    case TO_SPR(0, 0): /* VR */
    201        return env->vr;
    202
    203    case TO_SPR(0, 1): /* UPR */
    204        return env->upr;
    205
    206    case TO_SPR(0, 2): /* CPUCFGR */
    207        return env->cpucfgr;
    208
    209    case TO_SPR(0, 3): /* DMMUCFGR */
    210        return env->dmmucfgr;
    211
    212    case TO_SPR(0, 4): /* IMMUCFGR */
    213        return env->immucfgr;
    214
    215    case TO_SPR(0, 9): /* VR2 */
    216        return env->vr2;
    217
    218    case TO_SPR(0, 10): /* AVR */
    219        return env->avr;
    220
    221    case TO_SPR(0, 11): /* EVBAR */
    222        return env->evbar;
    223
    224    case TO_SPR(0, 16): /* NPC (equals PC) */
    225        cpu_restore_state(cs, GETPC(), false);
    226        return env->pc;
    227
    228    case TO_SPR(0, 17): /* SR */
    229        return cpu_get_sr(env);
    230
    231    case TO_SPR(0, 18): /* PPC */
    232        cpu_restore_state(cs, GETPC(), false);
    233        return env->ppc;
    234
    235    case TO_SPR(0, 32): /* EPCR */
    236        return env->epcr;
    237
    238    case TO_SPR(0, 48): /* EEAR */
    239        return env->eear;
    240
    241    case TO_SPR(0, 64): /* ESR */
    242        return env->esr;
    243
    244    case TO_SPR(0, 128): /* COREID */
    245        return cpu->parent_obj.cpu_index;
    246
    247    case TO_SPR(0, 129): /* NUMCORES */
    248        return ms->smp.max_cpus;
    249
    250    case TO_SPR(0, 1024) ... TO_SPR(0, 1024 + (16 * 32)): /* Shadow GPRs */
    251        idx = (spr - 1024);
    252        return env->shadow_gpr[idx / 32][idx % 32];
    253
    254    case TO_SPR(1, 512) ... TO_SPR(1, 512 + TLB_SIZE - 1): /* DTLBW0MR 0-127 */
    255        idx = spr - TO_SPR(1, 512);
    256        return env->tlb.dtlb[idx].mr;
    257
    258    case TO_SPR(1, 640) ... TO_SPR(1, 640 + TLB_SIZE - 1): /* DTLBW0TR 0-127 */
    259        idx = spr - TO_SPR(1, 640);
    260        return env->tlb.dtlb[idx].tr;
    261
    262    case TO_SPR(1, 768) ... TO_SPR(1, 895):   /* DTLBW1MR 0-127 */
    263    case TO_SPR(1, 896) ... TO_SPR(1, 1023):  /* DTLBW1TR 0-127 */
    264    case TO_SPR(1, 1024) ... TO_SPR(1, 1151): /* DTLBW2MR 0-127 */
    265    case TO_SPR(1, 1152) ... TO_SPR(1, 1279): /* DTLBW2TR 0-127 */
    266    case TO_SPR(1, 1280) ... TO_SPR(1, 1407): /* DTLBW3MR 0-127 */
    267    case TO_SPR(1, 1408) ... TO_SPR(1, 1535): /* DTLBW3TR 0-127 */
    268        break;
    269
    270    case TO_SPR(2, 512) ... TO_SPR(2, 512 + TLB_SIZE - 1): /* ITLBW0MR 0-127 */
    271        idx = spr - TO_SPR(2, 512);
    272        return env->tlb.itlb[idx].mr;
    273
    274    case TO_SPR(2, 640) ... TO_SPR(2, 640 + TLB_SIZE - 1): /* ITLBW0TR 0-127 */
    275        idx = spr - TO_SPR(2, 640);
    276        return env->tlb.itlb[idx].tr;
    277
    278    case TO_SPR(2, 768) ... TO_SPR(2, 895):   /* ITLBW1MR 0-127 */
    279    case TO_SPR(2, 896) ... TO_SPR(2, 1023):  /* ITLBW1TR 0-127 */
    280    case TO_SPR(2, 1024) ... TO_SPR(2, 1151): /* ITLBW2MR 0-127 */
    281    case TO_SPR(2, 1152) ... TO_SPR(2, 1279): /* ITLBW2TR 0-127 */
    282    case TO_SPR(2, 1280) ... TO_SPR(2, 1407): /* ITLBW3MR 0-127 */
    283    case TO_SPR(2, 1408) ... TO_SPR(2, 1535): /* ITLBW3TR 0-127 */
    284        break;
    285
    286    case TO_SPR(5, 1):  /* MACLO */
    287        return (uint32_t)env->mac;
    288        break;
    289    case TO_SPR(5, 2):  /* MACHI */
    290        return env->mac >> 32;
    291        break;
    292
    293    case TO_SPR(8, 0):  /* PMR */
    294        return env->pmr;
    295
    296    case TO_SPR(9, 0):  /* PICMR */
    297        return env->picmr;
    298
    299    case TO_SPR(9, 2):  /* PICSR */
    300        return env->picsr;
    301
    302    case TO_SPR(10, 0): /* TTMR */
    303        return env->ttmr;
    304
    305    case TO_SPR(10, 1): /* TTCR */
    306        cpu_openrisc_count_update(cpu);
    307        return cpu_openrisc_count_get(cpu);
    308#endif
    309
    310    case TO_SPR(0, 20): /* FPCSR */
    311        return env->fpcsr;
    312    }
    313
    314    /* for rd is passed in, if rd unchanged, just keep it back.  */
    315    return rd;
    316}