From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:48488)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <andreas.faerber@web.de>) id 1QWb9X-0007sf-VD
	for qemu-devel@nongnu.org; Tue, 14 Jun 2011 17:28:05 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <andreas.faerber@web.de>) id 1QWb9W-0001QS-Aa
	for qemu-devel@nongnu.org; Tue, 14 Jun 2011 17:28:03 -0400
Received: from fmmailgate01.web.de ([217.72.192.221]:46770)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <andreas.faerber@web.de>) id 1QWb9V-0001QK-Or
	for qemu-devel@nongnu.org; Tue, 14 Jun 2011 17:28:02 -0400
From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <andreas.faerber@web.de>
Date: Tue, 14 Jun 2011 23:27:56 +0200
Message-Id: <1308086876-64159-1-git-send-email-andreas.faerber@web.de>
In-Reply-To: <CD45E5A0-91CA-495D-BA52-5185B1E77DED@suse.de>
References: <CD45E5A0-91CA-495D-BA52-5185B1E77DED@suse.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: andreas.faerber@web.de
Content-Transfer-Encoding: quoted-printable
Subject: [Qemu-devel] [PATCH v2] target-ppc: Handle memory-forced I/O
	controller access
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: =?UTF-8?q?Andreas=20F=C3=A4rber?= <andreas.faerber@web.de>, =?UTF-8?q?Herv=C3=A9=20Poussineau?= <hpoussin@reactos.org>, Alexander Graf <agraf@suse.de>

From: Herv=C3=A9 Poussineau <hpoussin@reactos.org>

On at least the PowerPC 601, a direct-store (T=3D1) with bus unit ID 0x07=
F
is special-cased as memory-forced I/O controller access. It is supposed
to be checked immediately if T=3D1, bypassing all protection mechanisms
and acting cache-inhibited and global.

Signed-off-by: Herv=C3=A9 Poussineau <hpoussin@reactos.org>

Simplified by avoiding reindentation. Added explanatory comments.

Cc: Alexander Graf <agraf@suse.de>
Signed-off-by: Andreas F=C3=A4rber <andreas.faerber@web.de>
---
 target-ppc/helper.c |   16 ++++++++++++++++
 1 files changed, 16 insertions(+), 0 deletions(-)

diff --git a/target-ppc/helper.c b/target-ppc/helper.c
index cf2a368..2944b06 100644
--- a/target-ppc/helper.c
+++ b/target-ppc/helper.c
@@ -949,8 +949,24 @@ static inline int get_segment(CPUState *env, mmu_ctx=
_t *ctx,
             ret =3D -3;
         }
     } else {
+        target_ulong sr;
         LOG_MMU("direct store...\n");
         /* Direct-store segment : absolutely *BUGGY* for now */
+
+        /* Direct-store implies a 32-bit MMU.
+         * Check the Segment Register's bus unit ID (BUID).
+         */
+        sr =3D env->sr[eaddr >> 28];
+        if ((sr & 0x1FF00000) >> 20 =3D=3D 0x07f) {
+            /* Memory-forced I/O controller interface access */
+            /* If T=3D1 and BUID=3Dx'07F', the 601 performs a memory acc=
ess
+             * to SR[28-31] LA[4-31], bypassing all protection mechanism=
s.
+             */
+            ctx->raddr =3D ((sr & 0xF) << 28) | (eaddr & 0x0FFFFFFF);
+            ctx->prot =3D PAGE_READ | PAGE_WRITE | PAGE_EXEC;
+            return 0;
+        }
+
         switch (type) {
         case ACCESS_INT:
             /* Integer load/store : only access allowed */
--=20
1.7.5.3