From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1KsjI2-0004AH-9Q
	for qemu-devel@nongnu.org; Wed, 22 Oct 2008 15:22:42 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1KsjHw-00048H-5T
	for qemu-devel@nongnu.org; Wed, 22 Oct 2008 15:22:41 -0400
Received: from [199.232.76.173] (port=53302 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1KsjHv-00048A-Sf
	for qemu-devel@nongnu.org; Wed, 22 Oct 2008 15:22:35 -0400
Received: from savannah.gnu.org ([199.232.41.3]:50136 helo=sv.gnu.org)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <INVALID.NOREPLY@gnu.org>)
	id 1KsjHv-0001uw-8D
	for qemu-devel@nongnu.org; Wed, 22 Oct 2008 15:22:35 -0400
Received: from cvs.savannah.gnu.org ([199.232.41.69])
	by sv.gnu.org with esmtp (Exim 4.63)
	(envelope-from <INVALID.NOREPLY@gnu.org>) id 1KsjHr-0001kr-HZ
	for qemu-devel@nongnu.org; Wed, 22 Oct 2008 19:22:31 +0000
Received: from pbrook by cvs.savannah.gnu.org with local (Exim 4.63)
	(envelope-from <pbrook@savannah.gnu.org>) id 1KsjHr-0001km-8Q
	for qemu-devel@nongnu.org; Wed, 22 Oct 2008 19:22:31 +0000
MIME-Version: 1.0
Errors-To: pbrook
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Paul Brook <paul@nowt.org>
Message-Id: <E1KsjHr-0001km-8Q@cvs.savannah.gnu.org>
Date: Wed, 22 Oct 2008 19:22:31 +0000
Subject: [Qemu-devel] [5514] Fix ARMv6 translation table base address
	calculation.
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Revision: 5514
          http://svn.sv.gnu.org/viewvc/?view=rev&root=qemu&revision=5514
Author:   pbrook
Date:     2008-10-22 19:22:30 +0000 (Wed, 22 Oct 2008)

Log Message:
-----------
Fix ARMv6 translation table base address calculation.

Signed-off-by: Paul Brook <paul@codesourcery.com>

Modified Paths:
--------------
    trunk/target-arm/cpu.h
    trunk/target-arm/helper.c

Modified: trunk/target-arm/cpu.h
===================================================================
--- trunk/target-arm/cpu.h	2008-10-22 18:20:20 UTC (rev 5513)
+++ trunk/target-arm/cpu.h	2008-10-22 19:22:30 UTC (rev 5514)
@@ -107,7 +107,9 @@
         uint32_t c1_xscaleauxcr; /* XScale auxiliary control register.  */
         uint32_t c2_base0; /* MMU translation table base 0.  */
         uint32_t c2_base1; /* MMU translation table base 1.  */
-        uint32_t c2_mask; /* MMU translation table base mask.  */
+        uint32_t c2_control; /* MMU translation table base control.  */
+        uint32_t c2_mask; /* MMU translation table base selection mask.  */
+        uint32_t c2_base_mask; /* MMU translation table base 0 mask. */
         uint32_t c2_data; /* MPU data cachable bits.  */
         uint32_t c2_insn; /* MPU instruction cachable bits.  */
         uint32_t c3; /* MMU domain access control register

Modified: trunk/target-arm/helper.c
===================================================================
--- trunk/target-arm/helper.c	2008-10-22 18:20:20 UTC (rev 5513)
+++ trunk/target-arm/helper.c	2008-10-22 19:22:30 UTC (rev 5514)
@@ -168,6 +168,7 @@
     if (IS_M(env))
         env->uncached_cpsr &= ~CPSR_I;
     env->vfp.xregs[ARM_VFP_FPEXC] = 0;
+    env->cp15.c2_base_mask = 0xffffc000u;
 #endif
     env->regs[15] = 0;
     tlb_flush(env, 1);
@@ -910,6 +911,19 @@
   }
 }
 
+static uint32_t get_level1_table_address(CPUState *env, uint32_t address)
+{
+    uint32_t table;
+
+    if (address & env->cp15.c2_mask)
+        table = env->cp15.c2_base1 & 0xffffc000;
+    else
+        table = env->cp15.c2_base0 & env->cp15.c2_base_mask;
+
+    table |= (address >> 18) & 0x3ffc;
+    return table;
+}
+
 static int get_phys_addr_v5(CPUState *env, uint32_t address, int access_type,
 			    int is_user, uint32_t *phys_ptr, int *prot)
 {
@@ -923,11 +937,7 @@
 
     /* Pagetable walk.  */
     /* Lookup l1 descriptor.  */
-    if (address & env->cp15.c2_mask)
-        table = env->cp15.c2_base1;
-    else
-        table = env->cp15.c2_base0;
-    table = (table & 0xffffc000) | ((address >> 18) & 0x3ffc);
+    table = get_level1_table_address(env, address);
     desc = ldl_phys(table);
     type = (desc & 3);
     domain = (env->cp15.c3 >> ((desc >> 4) & 0x1e)) & 3;
@@ -1015,11 +1025,7 @@
 
     /* Pagetable walk.  */
     /* Lookup l1 descriptor.  */
-    if (address & env->cp15.c2_mask)
-        table = env->cp15.c2_base1;
-    else
-        table = env->cp15.c2_base0;
-    table = (table & 0xffffc000) | ((address >> 18) & 0x3ffc);
+    table = get_level1_table_address(env, address);
     desc = ldl_phys(table);
     type = (desc & 3);
     if (type == 0) {
@@ -1365,7 +1371,10 @@
 		env->cp15.c2_base1 = val;
 		break;
 	    case 2:
+                val &= 7;
+                env->cp15.c2_control = val;
 		env->cp15.c2_mask = ~(((uint32_t)0xffffffffu) >> val);
+                env->cp15.c2_base_mask = ~((uint32_t)0x3fffu >> val);
 		break;
 	    default:
 		goto bad_reg;
@@ -1683,17 +1692,7 @@
 	    case 1:
 		return env->cp15.c2_base1;
 	    case 2:
-		{
-		    int n;
-		    uint32_t mask;
-		    n = 0;
-		    mask = env->cp15.c2_mask;
-		    while (mask) {
-			n++;
-			mask <<= 1;
-		    }
-		    return n;
-		}
+                return env->cp15.c2_control;
 	    default:
 		goto bad_reg;
 	    }