[Qemu-devel] [QEMU-PPC] [PATCH V2 00/10] target/ppc: Implement POWER9 pseries tcg

[Qemu-devel] [QEMU-PPC] [PATCH V2 00/10] target/ppc: Implement POWER9 pseries tcg

[Suraj Jitindar Singh]

This is V2 of the patch series to implement tcg emulation support for a
POWER9 cpu model for the pseries machine type running a legacy kernel.
That is a kernel which doesn't use the new radix mmu mode or the new hash
mmu mode with segment tables.

To use a POWER9 cpu provide the command line option "-cpu POWER9".

This series attempts to avoid precluding KVM-HV support for the POWER9
cpu model but doesn't attempt to support KVM-PR or the powernv machine
for the POWER9 cpu model as these aren't currently supported or
implemented and further code changes will be required in the event these
are implemented.

This series will be followed shortly by one to implement radix support and
currently trying to boot a kernel with support for radix with this series
will fail on the H_REGISTER_PROCESS_TABLE hcall.

The changes from V1 are as follows:

 - Drop patches which have already been merged.
 - Instead of allocating a whole partition table we allocate a single
   entry in the sPAPRMachineState and access it via the virtual hypv.
 - Changes to how we handle SDR1 and renaming of associated functions.
 - Drop patch to use the new pte format, guest kernels expect the old
   format anyway, so this will only be applicable when POWER9 powernv
   support is added, so delay adding support for this until then.
 - Rename the mmu fault handler to ppc64_v3_handle_mmu_fault.
 - Move segment table searching into the fault handler instead of in
   slb_lookup().
 - Move adding the POWER9 pseries cpu model to the end of the series.

Suraj Jitindar Singh (10):
  target/ppc/POWER9: Add ISAv3.00 MMU definition
  target/ppc: Fix LPCR DPFD mask define
  target/ppc/POWER9: Adapt LPCR handling for POWER9
  target/ppc/POWER9: Direct all instr and data storage interrupts to the
    hypv
  target/ppc: Add patb_entry to sPAPRMachineState
  target/ppc: Don't use SDR1 when running under a POWER9 cpu model
  target/ppc/POWER9: Add POWER9 mmu fault handler
  target/ppc/POWER9: Add POWER9 pa-features definition
  target/ppc/POWER9: Add cpu_has_work function for POWER9
  hw/ppc/spapr: Add POWER9 to pseries cpu models

 hw/ppc/spapr.c              | 37 ++++++++++++++++++
 hw/ppc/spapr_cpu_core.c     |  3 ++
 include/hw/ppc/spapr.h      |  1 +
 target/ppc/cpu-qom.h        |  5 ++-
 target/ppc/cpu.h            | 24 +++++++++++-
 target/ppc/kvm.c            |  2 +-
 target/ppc/machine.c        |  4 +-
 target/ppc/misc_helper.c    |  3 +-
 target/ppc/mmu-hash64.c     | 49 +++++++++++++++++++++---
 target/ppc/mmu-hash64.h     |  2 +-
 target/ppc/mmu.h            | 50 +++++++++++++++++++++++++
 target/ppc/mmu_helper.c     | 54 +++++++++++++++++++++++++--
 target/ppc/translate.c      |  7 +++-
 target/ppc/translate_init.c | 91 +++++++++++++++++++++++++++++++++++++++------
 14 files changed, 302 insertions(+), 30 deletions(-)
 create mode 100644 target/ppc/mmu.h

-- 
2.5.5

[Qemu-devel] [QEMU-PPC] [PATCH V2 01/10] target/ppc/POWER9: Add ISAv3.00 MMU definition

[Suraj Jitindar Singh]

POWER9 processors implement the mmu as defined in version 3.00 of the ISA.

Add a definition for this mmu model and set the POWER9 cpu model to use
this mmu model.

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
---
 target/ppc/cpu-qom.h        | 5 ++++-
 target/ppc/mmu_helper.c     | 2 ++
 target/ppc/translate_init.c | 3 +--
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/target/ppc/cpu-qom.h b/target/ppc/cpu-qom.h
index b7977ba..4e3132b 100644
--- a/target/ppc/cpu-qom.h
+++ b/target/ppc/cpu-qom.h
@@ -86,10 +86,13 @@ enum powerpc_mmu_t {
     POWERPC_MMU_2_07       = POWERPC_MMU_64 | POWERPC_MMU_1TSEG
                              | POWERPC_MMU_64K
                              | POWERPC_MMU_AMR | 0x00000004,
-    /* FIXME Add POWERPC_MMU_3_OO defines */
     /* Architecture 2.07 "degraded" (no 1T segments)           */
     POWERPC_MMU_2_07a      = POWERPC_MMU_64 | POWERPC_MMU_AMR
                              | 0x00000004,
+    /* Architecture 3.00 variant                               */
+    POWERPC_MMU_3_00       = POWERPC_MMU_64 | POWERPC_MMU_1TSEG
+                             | POWERPC_MMU_64K
+                             | POWERPC_MMU_AMR | 0x00000005,
 };
 
 /*****************************************************************************/
diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
index f746f53..172a305 100644
--- a/target/ppc/mmu_helper.c
+++ b/target/ppc/mmu_helper.c
@@ -1935,6 +1935,7 @@ void ppc_tlb_invalidate_all(CPUPPCState *env)
     case POWERPC_MMU_2_06a:
     case POWERPC_MMU_2_07:
     case POWERPC_MMU_2_07a:
+    case POWERPC_MMU_3_00:
 #endif /* defined(TARGET_PPC64) */
         env->tlb_need_flush = 0;
         tlb_flush(CPU(cpu));
@@ -1974,6 +1975,7 @@ void ppc_tlb_invalidate_one(CPUPPCState *env, target_ulong addr)
     case POWERPC_MMU_2_06a:
     case POWERPC_MMU_2_07:
     case POWERPC_MMU_2_07a:
+    case POWERPC_MMU_3_00:
         /* tlbie invalidate TLBs for all segments */
         /* XXX: given the fact that there are too many segments to invalidate,
          *      and we still don't have a tlb_flush_mask(env, n, mask) in QEMU,
diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
index 76f79fa..84bf125 100644
--- a/target/ppc/translate_init.c
+++ b/target/ppc/translate_init.c
@@ -8816,8 +8816,7 @@ POWERPC_FAMILY(POWER9)(ObjectClass *oc, void *data)
                     (1ull << MSR_PMM) |
                     (1ull << MSR_RI) |
                     (1ull << MSR_LE);
-    /* Using 2.07 defines until new radix model is added. */
-    pcc->mmu_model = POWERPC_MMU_2_07;
+    pcc->mmu_model = POWERPC_MMU_3_00;
 #if defined(CONFIG_SOFTMMU)
     pcc->handle_mmu_fault = ppc_hash64_handle_mmu_fault;
     /* segment page size remain the same */
-- 
2.5.5

[Qemu-devel] [QEMU-PPC] [PATCH V2 02/10] target/ppc: Fix LPCR DPFD mask define

[Suraj Jitindar Singh]

The DPFD field in the LPCR is 3 bits wide. This has always been defined
as 0x3 << shift which indicates a 2 bit field, which is incorrect.
Correct this.

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
---
 target/ppc/cpu.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index bc2a2ce..bb96dd5 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -381,7 +381,7 @@ struct ppc_slb_t {
 #define LPCR_ISL          (1ull << (63 - 2))
 #define LPCR_KBV          (1ull << (63 - 3))
 #define LPCR_DPFD_SHIFT   (63 - 11)
-#define LPCR_DPFD         (0x3ull << LPCR_DPFD_SHIFT)
+#define LPCR_DPFD         (0x7ull << LPCR_DPFD_SHIFT)
 #define LPCR_VRMASD_SHIFT (63 - 16)
 #define LPCR_VRMASD       (0x1full << LPCR_VRMASD_SHIFT)
 #define LPCR_RMLS_SHIFT   (63 - 37)
-- 
2.5.5

[Qemu-devel] [QEMU-PPC] [PATCH V2 03/10] target/ppc/POWER9: Adapt LPCR handling for POWER9

[Suraj Jitindar Singh]

The logical partitioning control register controls a threads operation
based on the partition it is currently executing. Add new definitions and
update the mask used when writing to the LPCR based on the POWER9 spec.

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
---
 target/ppc/cpu.h            | 18 ++++++++++++++++++
 target/ppc/mmu-hash64.c     |  8 ++++++++
 target/ppc/translate_init.c | 24 ++++++++++++++++++------
 3 files changed, 44 insertions(+), 6 deletions(-)

diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index bb96dd5..425e79d 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -384,12 +384,19 @@ struct ppc_slb_t {
 #define LPCR_DPFD         (0x7ull << LPCR_DPFD_SHIFT)
 #define LPCR_VRMASD_SHIFT (63 - 16)
 #define LPCR_VRMASD       (0x1full << LPCR_VRMASD_SHIFT)
+/* P9: Power-saving mode Exit Cause Enable (Upper Section) Mask */
+#define LPCR_PECE_U_SHIFT (63 - 19)
+#define LPCR_PECE_U_MASK  (0x7ull << LPCR_PECE_U_SHIFT)
+#define LPCR_HVEE         (1ull << (63 - 17)) /* Hypervisor Virt Exit Enable */
 #define LPCR_RMLS_SHIFT   (63 - 37)
 #define LPCR_RMLS         (0xfull << LPCR_RMLS_SHIFT)
 #define LPCR_ILE          (1ull << (63 - 38))
 #define LPCR_AIL_SHIFT    (63 - 40)      /* Alternate interrupt location */
 #define LPCR_AIL          (3ull << LPCR_AIL_SHIFT)
+#define LPCR_UPRT         (1ull << (63 - 41)) /* Use Process Table */
+#define LPCR_EVIRT        (1ull << (63 - 42)) /* Enhanced Virtualisation */
 #define LPCR_ONL          (1ull << (63 - 45))
+#define LPCR_LD           (1ull << (63 - 46)) /* Large Decrementer */
 #define LPCR_P7_PECE0     (1ull << (63 - 49))
 #define LPCR_P7_PECE1     (1ull << (63 - 50))
 #define LPCR_P7_PECE2     (1ull << (63 - 51))
@@ -398,11 +405,22 @@ struct ppc_slb_t {
 #define LPCR_P8_PECE2     (1ull << (63 - 49))
 #define LPCR_P8_PECE3     (1ull << (63 - 50))
 #define LPCR_P8_PECE4     (1ull << (63 - 51))
+/* P9: Power-saving mode Exit Cause Enable (Lower Section) Mask */
+#define LPCR_PECE_L_SHIFT (63 - 51)
+#define LPCR_PECE_L_MASK  (0x1full << LPCR_PECE_L_SHIFT)
+#define LPCR_PDEE         (1ull << (63 - 47)) /* Privileged Doorbell Exit EN */
+#define LPCR_HDEE         (1ull << (63 - 48)) /* Hyperv Doorbell Exit Enable */
+#define LPCR_EEE          (1ull << (63 - 49)) /* External Exit Enable        */
+#define LPCR_DEE          (1ull << (63 - 50)) /* Decrementer Exit Enable     */
+#define LPCR_OEE          (1ull << (63 - 51)) /* Other Exit Enable           */
 #define LPCR_MER          (1ull << (63 - 52))
+#define LPCR_GTSE         (1ull << (63 - 53)) /* Guest Translation Shootdown */
 #define LPCR_TC           (1ull << (63 - 54))
+#define LPCR_HEIC         (1ull << (63 - 59)) /* HV Extern Interrupt Control */
 #define LPCR_LPES0        (1ull << (63 - 60))
 #define LPCR_LPES1        (1ull << (63 - 61))
 #define LPCR_RMI          (1ull << (63 - 62))
+#define LPCR_HVICE        (1ull << (63 - 62)) /* HV Virtualisation Int Enable */
 #define LPCR_HDICE        (1ull << (63 - 63))
 
 #define msr_sf   ((env->msr >> MSR_SF)   & 1)
diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index bb78fb5..24d9901 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -1050,6 +1050,14 @@ void helper_store_lpcr(CPUPPCState *env, target_ulong val)
                       LPCR_P8_PECE2 | LPCR_P8_PECE3 | LPCR_P8_PECE4 |
                       LPCR_MER | LPCR_TC | LPCR_LPES0 | LPCR_HDICE);
         break;
+    case POWERPC_MMU_3_00: /* P9 */
+        lpcr = val & (LPCR_VPM1 | LPCR_ISL | LPCR_KBV | LPCR_DPFD |
+                      (LPCR_PECE_U_MASK & LPCR_HVEE) | LPCR_ILE | LPCR_AIL |
+                      LPCR_UPRT | LPCR_EVIRT | LPCR_ONL |
+                      (LPCR_PECE_L_MASK & (LPCR_PDEE | LPCR_HDEE | LPCR_EEE |
+                      LPCR_DEE | LPCR_OEE)) | LPCR_MER | LPCR_GTSE | LPCR_TC |
+                      LPCR_HEIC | LPCR_LPES0 | LPCR_HVICE | LPCR_HDICE);
+        break;
     default:
         ;
     }
diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
index 84bf125..be35cbd 100644
--- a/target/ppc/translate_init.c
+++ b/target/ppc/translate_init.c
@@ -8870,12 +8870,24 @@ void cpu_ppc_set_papr(PowerPCCPU *cpu)
     lpcr->default_value &= ~LPCR_RMLS;
     lpcr->default_value |= 1ull << LPCR_RMLS_SHIFT;
 
-    /* P7 and P8 has slightly different PECE bits, mostly because P8 adds
-     * bit 47 and 48 which are reserved on P7. Here we set them all, which
-     * will work as expected for both implementations
-     */
-    lpcr->default_value |= LPCR_P8_PECE0 | LPCR_P8_PECE1 | LPCR_P8_PECE2 |
-                           LPCR_P8_PECE3 | LPCR_P8_PECE4;
+    switch (env->mmu_model) {
+    case POWERPC_MMU_3_00:
+        /* By default we choose legacy mode and switch to new hash or radix
+         * when a register process table hcall is made. So disable process
+         * tables and guest translation shootdown by default
+         */
+        lpcr->default_value &= ~(LPCR_UPRT | LPCR_GTSE);
+        lpcr->default_value |= LPCR_PDEE | LPCR_HDEE | LPCR_EEE | LPCR_DEE |
+                               LPCR_OEE;
+        break;
+    default:
+        /* P7 and P8 has slightly different PECE bits, mostly because P8 adds
+         * bit 47 and 48 which are reserved on P7. Here we set them all, which
+         * will work as expected for both implementations
+         */
+        lpcr->default_value |= LPCR_P8_PECE0 | LPCR_P8_PECE1 | LPCR_P8_PECE2 |
+                               LPCR_P8_PECE3 | LPCR_P8_PECE4;
+    }
 
     /* We should be followed by a CPU reset but update the active value
      * just in case...
-- 
2.5.5

[Qemu-devel] [QEMU-PPC] [PATCH V2 04/10] target/ppc/POWER9: Direct all instr and data storage interrupts to the hypv

[Suraj Jitindar Singh]

The vpm0 bit was removed from the LPCR in POWER9, this bit controlled
whether ISI and DSI interrupts were directed to the hypervisor or the
partition. These interrupts now go to the hypervisor irrespective, thus
it is no longer necessary to check the vmp0 bit in the LPCR.

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
---
 target/ppc/mmu-hash64.c | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index 24d9901..7c5d589 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -640,7 +640,15 @@ static void ppc_hash64_set_isi(CPUState *cs, CPUPPCState *env,
     if (msr_ir) {
         vpm = !!(env->spr[SPR_LPCR] & LPCR_VPM1);
     } else {
-        vpm = !!(env->spr[SPR_LPCR] & LPCR_VPM0);
+        switch (env->mmu_model) {
+        case POWERPC_MMU_3_00:
+            /* Field deprecated in ISAv3.00 - interrupts always go to hyperv */
+            vpm = true;
+            break;
+        default:
+            vpm = !!(env->spr[SPR_LPCR] & LPCR_VPM0);
+            break;
+        }
     }
     if (vpm && !msr_hv) {
         cs->exception_index = POWERPC_EXCP_HISI;
@@ -658,7 +666,15 @@ static void ppc_hash64_set_dsi(CPUState *cs, CPUPPCState *env, uint64_t dar,
     if (msr_dr) {
         vpm = !!(env->spr[SPR_LPCR] & LPCR_VPM1);
     } else {
-        vpm = !!(env->spr[SPR_LPCR] & LPCR_VPM0);
+        switch (env->mmu_model) {
+        case POWERPC_MMU_3_00:
+            /* Field deprecated in ISAv3.00 - interrupts always go to hyperv */
+            vpm = true;
+            break;
+        default:
+            vpm = !!(env->spr[SPR_LPCR] & LPCR_VPM0);
+            break;
+        }
     }
     if (vpm && !msr_hv) {
         cs->exception_index = POWERPC_EXCP_HDSI;
-- 
2.5.5

[Qemu-devel] [QEMU-PPC] [PATCH V2 05/10] target/ppc: Add patb_entry to sPAPRMachineState

[Suraj Jitindar Singh]

ISA v3.00 adds the idea of a partition table which is used to store the
address translation details for all partitions on the system. The partition
table consists of double word entries indexed by partition id where the second
double word contains the location of the process table in guest memory. The
process table is registered by the guest via a h-call.

We need somewhere to store the address of the process table so we add an entry
to the sPAPRMachineState struct called patb_entry to represent the second
doubleword of a single partition table entry corresponding to the current
guest. We need to store this value so we know if the guest is using radix or
hash translation and the location of the corresponding process table in guest
memory. Since we only have a single guest per qemu instance, we only need one
entry.

Since the partition table is technically a hypervisor resource we require that
access to it is abstracted by the virtual hypervisor through the calls
[set/get]_patbe(). Currently the value of the entry is never set (and thus
defaults to 0 indicating hash), but it will be required to both implement
POWER9 kvm support and tcg radix support.

We also add this field to be migrated as part of the sPAPRMachineState as we
will need it on the receiving side as the guest will never tell us this
information again and we need it to perform translation.

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
---
 hw/ppc/spapr.c         | 19 +++++++++++++++++++
 include/hw/ppc/spapr.h |  1 +
 target/ppc/cpu.h       |  2 ++
 3 files changed, 22 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index e465d7a..057adae 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1018,6 +1018,20 @@ static void emulate_spapr_hypercall(PPCVirtualHypervisor *vhyp,
     }
 }
 
+static void spapr_set_patbe(PPCVirtualHypervisor *vhyp, uint64_t val)
+{
+    sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
+
+    spapr->patb_entry = val;
+}
+
+static uint64_t spapr_get_patbe(PPCVirtualHypervisor *vhyp)
+{
+    sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
+
+    return spapr->patb_entry;
+}
+
 #define HPTE(_table, _i)   (void *)(((uint64_t *)(_table)) + ((_i) * 2))
 #define HPTE_VALID(_hpte)  (tswap64(*((uint64_t *)(_hpte))) & HPTE64_V_VALID)
 #define HPTE_DIRTY(_hpte)  (tswap64(*((uint64_t *)(_hpte))) & HPTE64_V_HPTE_DIRTY)
@@ -1141,6 +1155,8 @@ static void ppc_spapr_reset(void)
     /* Check for unknown sysbus devices */
     foreach_dynamic_sysbus_device(find_unknown_sysbus_device, NULL);
 
+    spapr->patb_entry = 0;
+
     /* Allocate and/or reset the hash page table */
     spapr_reallocate_hpt(spapr,
                          spapr_hpt_shift_for_ramsize(machine->maxram_size),
@@ -1340,6 +1356,7 @@ static const VMStateDescription vmstate_spapr = {
         VMSTATE_UINT64_TEST(rtc_offset, sPAPRMachineState, version_before_3),
 
         VMSTATE_PPC_TIMEBASE_V(tb, sPAPRMachineState, 2),
+        VMSTATE_UINT64(patb_entry, sPAPRMachineState),
         VMSTATE_END_OF_LIST()
     },
     .subsections = (const VMStateDescription*[]) {
@@ -2733,6 +2750,8 @@ static void spapr_machine_class_init(ObjectClass *oc, void *data)
     nc->nmi_monitor_handler = spapr_nmi;
     smc->phb_placement = spapr_phb_placement;
     vhc->hypercall = emulate_spapr_hypercall;
+    vhc->set_patbe = spapr_set_patbe;
+    vhc->get_patbe = spapr_get_patbe;
 }
 
 static const TypeInfo spapr_machine_info = {
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index a2d8964..c6a929a 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -63,6 +63,7 @@ struct sPAPRMachineState {
 
     void *htab;
     uint32_t htab_shift;
+    uint64_t patb_entry; /* Process tbl registed in H_REGISTER_PROCESS_TABLE */
     hwaddr rma_size;
     int vrma_adjust;
     ssize_t rtas_size;
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 425e79d..a148729 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1218,6 +1218,8 @@ struct PPCVirtualHypervisor {
 struct PPCVirtualHypervisorClass {
     InterfaceClass parent;
     void (*hypercall)(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu);
+    void (*set_patbe)(PPCVirtualHypervisor *vhyp, uint64_t val);
+    uint64_t (*get_patbe)(PPCVirtualHypervisor *vhyp);
 };
 
 #define TYPE_PPC_VIRTUAL_HYPERVISOR "ppc-virtual-hypervisor"
-- 
2.5.5

[Qemu-devel] [QEMU-PPC] [PATCH V2 06/10] target/ppc: Don't use SDR1 when running under a POWER9 cpu model

[Suraj Jitindar Singh]

The SDR1 register was used on pre-POWER9 processors to store the location
of the hash page table, however now this information will be stored in the
partition table so we don't have SDR1 anymore. Additionally this register
was only applicable for powernv as it is a hypervisor resource and thus
shouldn't be accessed on a pseries machine.

We no longer generate the SDR1 register if we are on a POWER9 or later cpu.
We also rename the functions ppc_hash64_set_sdr1->ppc_hash64_set_htab and
ppc_store_sdr1->ppc_store_htab to indicate that they are primarily
concerned with setting htab_[base/mask].

We still set SDR1 in ppc_hash64_set_external_hpt for non-POWER9 cpus as
this is used for kvm-pr to tell the hypervisor where the hash table is,
note this means kvm-pr isn't yet supported on a POWER9 cpu model.

We set SDR1 in ppc_store_htab for non-POWER9 cpus as this is the called
by the powernv machine code to restore the sdr1 (and htab_[mask/base])
on incoming migration, note this means that the powernv machine isn't
yet supported on a POWER9 cpu model.

We also adapt the debug code to only print the SDR1 value if the register
has been created.

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
---
 target/ppc/cpu.h            |  2 +-
 target/ppc/kvm.c            |  2 +-
 target/ppc/machine.c        |  4 ++--
 target/ppc/misc_helper.c    |  3 ++-
 target/ppc/mmu-hash64.c     | 12 +++++++++---
 target/ppc/mmu-hash64.h     |  2 +-
 target/ppc/mmu_helper.c     | 12 +++++++++---
 target/ppc/translate.c      |  7 +++++--
 target/ppc/translate_init.c | 17 ++++++++++++++---
 9 files changed, 44 insertions(+), 17 deletions(-)

diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index a148729..1ae0719 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1265,7 +1265,7 @@ int ppc_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int rw,
 #endif
 
 #if !defined(CONFIG_USER_ONLY)
-void ppc_store_sdr1 (CPUPPCState *env, target_ulong value);
+void ppc_store_htab(CPUPPCState *env, target_ulong value);
 #endif /* !defined(CONFIG_USER_ONLY) */
 void ppc_store_msr (CPUPPCState *env, target_ulong value);
 
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 663d2e7..5e2323c 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -1228,7 +1228,7 @@ static int kvmppc_get_books_sregs(PowerPCCPU *cpu)
     }
 
     if (!env->external_htab) {
-        ppc_store_sdr1(env, sregs.u.s.sdr1);
+        ppc_store_htab(env, sregs.u.s.sdr1);
     }
 
     /* Sync SLB */
diff --git a/target/ppc/machine.c b/target/ppc/machine.c
index df9f7a4..f6d5ade 100644
--- a/target/ppc/machine.c
+++ b/target/ppc/machine.c
@@ -77,7 +77,7 @@ static int cpu_load_old(QEMUFile *f, void *opaque, int version_id)
     for (i = 0; i < 1024; i++)
         qemu_get_betls(f, &env->spr[i]);
     if (!env->external_htab) {
-        ppc_store_sdr1(env, sdr1);
+        ppc_store_htab(env, sdr1);
     }
     qemu_get_be32s(f, &env->vscr);
     qemu_get_be64s(f, &env->spe_acc);
@@ -230,7 +230,7 @@ static int cpu_post_load(void *opaque, int version_id)
 
     if (!env->external_htab) {
         /* Restore htab_base and htab_mask variables */
-        ppc_store_sdr1(env, env->spr[SPR_SDR1]);
+        ppc_store_htab(env, env->spr[SPR_SDR1]);
     }
 
     /* Invalidate all msr bits except MSR_TGPR/MSR_HVB before restoring */
diff --git a/target/ppc/misc_helper.c b/target/ppc/misc_helper.c
index ab432ba..49ba767 100644
--- a/target/ppc/misc_helper.c
+++ b/target/ppc/misc_helper.c
@@ -84,7 +84,8 @@ void helper_store_sdr1(CPUPPCState *env, target_ulong val)
 
     if (!env->external_htab) {
         if (env->spr[SPR_SDR1] != val) {
-            ppc_store_sdr1(env, val);
+            env->spr[SPR_SDR1] = val;
+            ppc_store_htab(env, val);
             tlb_flush(CPU(cpu));
         }
     }
diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index 7c5d589..e658873 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -285,13 +285,12 @@ target_ulong helper_load_slb_vsid(CPUPPCState *env, target_ulong rb)
 /*
  * 64-bit hash table MMU handling
  */
-void ppc_hash64_set_sdr1(PowerPCCPU *cpu, target_ulong value,
+void ppc_hash64_set_htab(PowerPCCPU *cpu, target_ulong value,
                          Error **errp)
 {
     CPUPPCState *env = &cpu->env;
     target_ulong htabsize = value & SDR_64_HTABSIZE;
 
-    env->spr[SPR_SDR1] = value;
     if (htabsize > 28) {
         error_setg(errp,
                    "Invalid HTABSIZE 0x" TARGET_FMT_lx" stored in SDR1",
@@ -313,7 +312,14 @@ void ppc_hash64_set_external_hpt(PowerPCCPU *cpu, void *hpt, int shift,
     } else {
         env->external_htab = MMU_HASH64_KVM_MANAGED_HPT;
     }
-    ppc_hash64_set_sdr1(cpu, (target_ulong)(uintptr_t)hpt | (shift - 18),
+    switch (env->mmu_model) {
+    case POWERPC_MMU_3_00:
+        break; /* Power 9 doesn't have an SDR1 */
+    default:
+        env->spr[SPR_SDR1] = (target_ulong) hpt | (shift - 18);
+        break;
+    }
+    ppc_hash64_set_htab(cpu, (target_ulong)(uintptr_t)hpt | (shift - 18),
                         &local_err);
     if (local_err) {
         error_propagate(errp, local_err);
diff --git a/target/ppc/mmu-hash64.h b/target/ppc/mmu-hash64.h
index 7a0b7fc..e930934 100644
--- a/target/ppc/mmu-hash64.h
+++ b/target/ppc/mmu-hash64.h
@@ -91,7 +91,7 @@ void ppc_hash64_update_rmls(CPUPPCState *env);
 #define HPTE64_V_1TB_SEG        0x4000000000000000ULL
 #define HPTE64_V_VRMA_MASK      0x4001ffffff000000ULL
 
-void ppc_hash64_set_sdr1(PowerPCCPU *cpu, target_ulong value,
+void ppc_hash64_set_htab(PowerPCCPU *cpu, target_ulong value,
                          Error **errp);
 void ppc_hash64_set_external_hpt(PowerPCCPU *cpu, void *hpt, int shift,
                                  Error **errp);
diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
index 172a305..e893e72 100644
--- a/target/ppc/mmu_helper.c
+++ b/target/ppc/mmu_helper.c
@@ -1995,17 +1995,23 @@ void ppc_tlb_invalidate_one(CPUPPCState *env, target_ulong addr)
 
 /*****************************************************************************/
 /* Special registers manipulation */
-void ppc_store_sdr1(CPUPPCState *env, target_ulong value)
+void ppc_store_htab(CPUPPCState *env, target_ulong value)
 {
     qemu_log_mask(CPU_LOG_MMU, "%s: " TARGET_FMT_lx "\n", __func__, value);
     assert(!env->external_htab);
-    env->spr[SPR_SDR1] = value;
+    switch (env->mmu_model) {
+    case POWERPC_MMU_3_00: /* POWER 9 doesn't have an SDR1 */
+        break;
+    default: /* Pre-POWER9 does */
+        env->spr[SPR_SDR1] = value;
+        break;
+    }
 #if defined(TARGET_PPC64)
     if (env->mmu_model & POWERPC_MMU_64) {
         PowerPCCPU *cpu = ppc_env_get_cpu(env);
         Error *local_err = NULL;
 
-        ppc_hash64_set_sdr1(cpu, value, &local_err);
+        ppc_hash64_set_htab(cpu, value, &local_err);
         if (local_err) {
             error_report_err(local_err);
             error_free(local_err);
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index b48abae..473a40a 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -6850,9 +6850,12 @@ void ppc_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
     case POWERPC_MMU_2_06a:
     case POWERPC_MMU_2_07:
     case POWERPC_MMU_2_07a:
+    case POWERPC_MMU_3_00:
 #endif
-        cpu_fprintf(f, " SDR1 " TARGET_FMT_lx "   DAR " TARGET_FMT_lx
-                       "  DSISR " TARGET_FMT_lx "\n", env->spr[SPR_SDR1],
+        if (env->spr_cb[SPR_SDR1].name) {
+            cpu_fprintf(f, " SDR1 " TARGET_FMT_lx " ", env->spr[SPR_SDR1]);
+        }
+        cpu_fprintf(f, "  DAR " TARGET_FMT_lx "  DSISR " TARGET_FMT_lx "\n",
                     env->spr[SPR_DAR], env->spr[SPR_DSISR]);
         break;
     case POWERPC_MMU_BOOKE206:
diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
index be35cbd..f401d31 100644
--- a/target/ppc/translate_init.c
+++ b/target/ppc/translate_init.c
@@ -32,6 +32,7 @@
 #include "qapi/visitor.h"
 #include "hw/qdev-properties.h"
 #include "hw/ppc/ppc.h"
+#include "mmu.h"
 
 //#define PPC_DUMP_CPU
 //#define PPC_DEBUG_SPR
@@ -722,8 +723,8 @@ static void gen_spr_generic (CPUPPCState *env)
                  0x00000000);
 }
 
-/* SPR common to all non-embedded PowerPC, including 601 */
-static void gen_spr_ne_601 (CPUPPCState *env)
+/* SPR common to all non-embedded PowerPC, including POWER9 */
+static void gen_spr_ne_power9(CPUPPCState *env)
 {
     /* Exception processing */
     spr_register_kvm(env, SPR_DSISR, "DSISR",
@@ -739,6 +740,12 @@ static void gen_spr_ne_601 (CPUPPCState *env)
                  SPR_NOACCESS, SPR_NOACCESS,
                  &spr_read_decr, &spr_write_decr,
                  0x00000000);
+}
+
+/* SPR common to all non-embedded PowerPC, including 601 */
+static void gen_spr_ne_601(CPUPPCState *env)
+{
+    gen_spr_ne_power9(env);
     /* Memory management */
     spr_register(env, SPR_SDR1, "SDR1",
                  SPR_NOACCESS, SPR_NOACCESS,
@@ -8200,7 +8207,6 @@ static void gen_spr_power8_rpr(CPUPPCState *env)
 
 static void init_proc_book3s_64(CPUPPCState *env, int version)
 {
-    gen_spr_ne_601(env);
     gen_tbl(env);
     gen_spr_book3s_altivec(env);
     gen_spr_book3s_pmu_sup(env);
@@ -8258,6 +8264,11 @@ static void init_proc_book3s_64(CPUPPCState *env, int version)
         gen_spr_power8_book4(env);
         gen_spr_power8_rpr(env);
     }
+    if (version >= BOOK3S_CPU_POWER9) {
+        gen_spr_ne_power9(env);
+    } else {
+        gen_spr_ne_601(env);
+    }
     if (version < BOOK3S_CPU_POWER8) {
         gen_spr_book3s_dbg(env);
     } else {
-- 
2.5.5

[Qemu-devel] [QEMU-PPC] [PATCH V2 07/10] target/ppc/POWER9: Add POWER9 mmu fault handler

[Suraj Jitindar Singh]

Add a new mmu fault handler for the POWER9 cpu and add it as the handler
for the POWER9 cpu definition.

This handler checks if the guest is radix or hash based on the value in the
partition table entry and calls the correct fault handler accordingly.

The hash fault handling code has also been updated to check if the
partition is using segment tables.

Currently only legacy hash (no segment tables) is supported.

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
---
 target/ppc/mmu-hash64.c     |  9 ++++++++
 target/ppc/mmu.h            | 50 +++++++++++++++++++++++++++++++++++++++++++++
 target/ppc/mmu_helper.c     | 40 ++++++++++++++++++++++++++++++++++++
 target/ppc/translate_init.c |  2 +-
 4 files changed, 100 insertions(+), 1 deletion(-)
 create mode 100644 target/ppc/mmu.h

diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index e658873..ada8876 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -27,6 +27,7 @@
 #include "kvm_ppc.h"
 #include "mmu-hash64.h"
 #include "exec/log.h"
+#include "mmu.h"
 
 //#define DEBUG_SLB
 
@@ -766,6 +767,14 @@ int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr,
     /* 2. Translation is on, so look up the SLB */
     slb = slb_lookup(cpu, eaddr);
     if (!slb) {
+        /* No entry found, check if in-memory segment tables are in use */
+        if (ppc64_use_proc_tbl(cpu)) {
+            /* TODO - Unsupported */
+            qemu_log_mask(LOG_UNIMP, "%s: unimplemented - segment table support",
+                          __func__);
+            /* Not much we can do here, generate a segment interrupt */
+        }
+        /* Segment still not found, generate the appropriate interrupt */
         if (rwx == 2) {
             cs->exception_index = POWERPC_EXCP_ISEG;
             env->error_code = 0;
diff --git a/target/ppc/mmu.h b/target/ppc/mmu.h
new file mode 100644
index 0000000..9375921
--- /dev/null
+++ b/target/ppc/mmu.h
@@ -0,0 +1,50 @@
+/*
+ *  PowerPC emulation generic mmu definitions for qemu.
+ *
+ *  Copyright (c) 2017 Suraj Jitindar Singh, IBM Corporation
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef MMU_H
+#define MMU_H
+
+#ifndef CONFIG_USER_ONLY
+
+/* Partition Table Entry Fields */
+#define PATBE1_GR 0x8000000000000000
+
+#ifdef TARGET_PPC64
+
+static inline bool ppc64_use_proc_tbl(PowerPCCPU *cpu)
+{
+    return !!(cpu->env.spr[SPR_LPCR] & LPCR_UPRT);
+}
+
+static inline bool ppc64_radix_guest(PowerPCCPU *cpu)
+{
+    PPCVirtualHypervisorClass *vhc =
+        PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp);
+
+    return !!(vhc->get_patbe(cpu->vhyp) & PATBE1_GR);
+}
+
+int ppc64_v3_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int rwx,
+                              int mmu_idx);
+
+#endif /* TARGET_PPC64 */
+
+#endif /* CONFIG_USER_ONLY */
+
+#endif /* MMU_H */
diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
index e893e72..71ad771 100644
--- a/target/ppc/mmu_helper.c
+++ b/target/ppc/mmu_helper.c
@@ -28,6 +28,8 @@
 #include "exec/cpu_ldst.h"
 #include "exec/log.h"
 #include "helper_regs.h"
+#include "qemu/error-report.h"
+#include "mmu.h"
 
 //#define DEBUG_MMU
 //#define DEBUG_BATS
@@ -1280,6 +1282,17 @@ void dump_mmu(FILE *f, fprintf_function cpu_fprintf, CPUPPCState *env)
     case POWERPC_MMU_2_07a:
         dump_slb(f, cpu_fprintf, ppc_env_get_cpu(env));
         break;
+    case POWERPC_MMU_3_00:
+        if (ppc64_radix_guest(ppc_env_get_cpu(env))) {
+            /* TODO - Unsupported */
+        } else {
+            if (ppc64_use_proc_tbl(ppc_env_get_cpu(env))) {
+                /* TODO - Unsupported */
+            } else {
+                dump_slb(f, cpu_fprintf, ppc_env_get_cpu(env));
+                break;
+            }
+        }
 #endif
     default:
         qemu_log_mask(LOG_UNIMP, "%s: unimplemented\n", __func__);
@@ -1421,6 +1434,17 @@ hwaddr ppc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
     case POWERPC_MMU_2_07:
     case POWERPC_MMU_2_07a:
         return ppc_hash64_get_phys_page_debug(cpu, addr);
+    case POWERPC_MMU_3_00:
+        if (ppc64_radix_guest(ppc_env_get_cpu(env))) {
+            /* TODO - Unsupported */
+        } else {
+            if (ppc64_use_proc_tbl(ppc_env_get_cpu(env))) {
+                /* TODO - Unsupported */
+            } else {
+                return ppc_hash64_get_phys_page_debug(cpu, addr);
+            }
+        }
+        break;
 #endif
 
     case POWERPC_MMU_32B:
@@ -2913,3 +2937,19 @@ void tlb_fill(CPUState *cs, target_ulong addr, MMUAccessType access_type,
                                retaddr);
     }
 }
+
+/******************************************************************************/
+
+/* ISA v3.00 (POWER9) Generic MMU Helpers */
+
+int ppc64_v3_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int rwx,
+                              int mmu_idx)
+{
+    if (ppc64_radix_guest(cpu)) { /* Guest uses radix */
+        /* TODO - Unsupported */
+        error_report("Guest Radix Support Unimplemented");
+        abort();
+    } else { /* Guest uses hash */
+        return ppc_hash64_handle_mmu_fault(cpu, eaddr, rwx, mmu_idx);
+    }
+}
diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
index f401d31..a3a23d8 100644
--- a/target/ppc/translate_init.c
+++ b/target/ppc/translate_init.c
@@ -8829,7 +8829,7 @@ POWERPC_FAMILY(POWER9)(ObjectClass *oc, void *data)
                     (1ull << MSR_LE);
     pcc->mmu_model = POWERPC_MMU_3_00;
 #if defined(CONFIG_SOFTMMU)
-    pcc->handle_mmu_fault = ppc_hash64_handle_mmu_fault;
+    pcc->handle_mmu_fault = ppc64_v3_handle_mmu_fault;
     /* segment page size remain the same */
     pcc->sps = &POWER7_POWER8_sps;
 #endif
-- 
2.5.5

[Qemu-devel] [QEMU-PPC] [PATCH V2 08/10] target/ppc/POWER9: Add POWER9 pa-features definition

[Suraj Jitindar Singh]

Add a pa-features definition which includes all of the new fields which
have been added, note we don't claim support for any of these new features
at this stage.

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
---
 hw/ppc/spapr.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 057adae..44eb014 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -356,6 +356,20 @@ static void spapr_populate_pa_features(CPUPPCState *env, void *fdt, int offset)
         0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
         0x00, 0x00, 0x00, 0x00, 0x80, 0x00,
         0x80, 0x00, 0x80, 0x00, 0x00, 0x00 };
+    /* Currently we don't advertise any of the "new" ISAv3.00 functionality */
+    uint8_t pa_features_300[] = { 64, 0,
+        0xf6, 0x1f, 0xc7, 0xc0, 0x80, 0xf0, /*  0 -  5 */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, /*  6 - 11 */
+        0x00, 0x00, 0x00, 0x00, 0x80, 0x00, /* 12 - 17 */
+        0x80, 0x00, 0x80, 0x00, 0x00, 0x00, /* 18 - 23 */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 24 - 29 */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 30 - 35 */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 36 - 41 */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 42 - 47 */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 48 - 53 */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 54 - 59 */
+        0x00, 0x00, 0x00, 0x00           }; /* 60 - 63 */
+
     uint8_t *pa_features;
     size_t pa_size;
 
@@ -370,6 +384,10 @@ static void spapr_populate_pa_features(CPUPPCState *env, void *fdt, int offset)
         pa_features = pa_features_207;
         pa_size = sizeof(pa_features_207);
         break;
+    case POWERPC_MMU_3_00:
+        pa_features = pa_features_300;
+        pa_size = sizeof(pa_features_300);
+        break;
     default:
         return;
     }
-- 
2.5.5

[Qemu-devel] [QEMU-PPC] [PATCH V2 09/10] target/ppc/POWER9: Add cpu_has_work function for POWER9

[Suraj Jitindar Singh]

The cpu has work function is used to mask interrupts used to determine
if there is work for the cpu based on the LPCR. Add a function to do this
for POWER9 and add it to the POWER9 cpu definition. This is similar to that
for POWER8 except using the LPCR bits as defined for POWER9.

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
---
 target/ppc/translate_init.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
index a3a23d8..cc8ab1f 100644
--- a/target/ppc/translate_init.c
+++ b/target/ppc/translate_init.c
@@ -8776,10 +8776,54 @@ static bool ppc_pvr_match_power9(PowerPCCPUClass *pcc, uint32_t pvr)
     return false;
 }
 
+static bool cpu_has_work_POWER9(CPUState *cs)
+{
+    PowerPCCPU *cpu = POWERPC_CPU(cs);
+    CPUPPCState *env = &cpu->env;
+
+    if (cs->halted) {
+        if (!(cs->interrupt_request & CPU_INTERRUPT_HARD)) {
+            return false;
+        }
+        /* External Exception */
+        if ((env->pending_interrupts & (1u << PPC_INTERRUPT_EXT)) &&
+            (env->spr[SPR_LPCR] & LPCR_EEE)) {
+            return true;
+        }
+        /* Decrementer Exception */
+        if ((env->pending_interrupts & (1u << PPC_INTERRUPT_DECR)) &&
+            (env->spr[SPR_LPCR] & LPCR_DEE)) {
+            return true;
+        }
+        /* Machine Check or Hypervisor Maintenance Exception */
+        if ((env->pending_interrupts & (1u << PPC_INTERRUPT_MCK |
+            1u << PPC_INTERRUPT_HMI)) && (env->spr[SPR_LPCR] & LPCR_OEE)) {
+            return true;
+        }
+        /* Privileged Doorbell Exception */
+        if ((env->pending_interrupts & (1u << PPC_INTERRUPT_DOORBELL)) &&
+            (env->spr[SPR_LPCR] & LPCR_PDEE)) {
+            return true;
+        }
+        /* Hypervisor Doorbell Exception */
+        if ((env->pending_interrupts & (1u << PPC_INTERRUPT_HDOORBELL)) &&
+            (env->spr[SPR_LPCR] & LPCR_HDEE)) {
+            return true;
+        }
+        if (env->pending_interrupts & (1u << PPC_INTERRUPT_RESET)) {
+            return true;
+        }
+        return false;
+    } else {
+        return msr_ee && (cs->interrupt_request & CPU_INTERRUPT_HARD);
+    }
+}
+
 POWERPC_FAMILY(POWER9)(ObjectClass *oc, void *data)
 {
     DeviceClass *dc = DEVICE_CLASS(oc);
     PowerPCCPUClass *pcc = POWERPC_CPU_CLASS(oc);
+    CPUClass *cc = CPU_CLASS(oc);
 
     dc->fw_name = "PowerPC,POWER9";
     dc->desc = "POWER9";
@@ -8790,6 +8834,7 @@ POWERPC_FAMILY(POWER9)(ObjectClass *oc, void *data)
                          PCR_COMPAT_2_05;
     pcc->init_proc = init_proc_POWER9;
     pcc->check_pow = check_pow_nocheck;
+    cc->has_work = cpu_has_work_POWER9;
     pcc->insns_flags = PPC_INSNS_BASE | PPC_ISEL | PPC_STRING | PPC_MFTB |
                        PPC_FLOAT | PPC_FLOAT_FSEL | PPC_FLOAT_FRES |
                        PPC_FLOAT_FSQRT | PPC_FLOAT_FRSQRTE |
-- 
2.5.5

[Qemu-devel] [QEMU-PPC] [PATCH V2 10/10] hw/ppc/spapr: Add POWER9 to pseries cpu models

[Suraj Jitindar Singh]

Add POWER9 cpu to list of spapr core models which allows it to be specified
as the cpu model for a pseries guest (e.g. -machine pseries -cpu POWER9).

This now allows a POWER9 cpu to boot to userspace in tcg emulation for a
pseries machine with a legacy kernel.

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
---
 hw/ppc/spapr_cpu_core.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
index 9dddaeb..71253f9 100644
--- a/hw/ppc/spapr_cpu_core.c
+++ b/hw/ppc/spapr_cpu_core.c
@@ -360,6 +360,9 @@ static const char *spapr_core_models[] = {
 
     /* POWER8NVL */
     "POWER8NVL_v1.0",
+
+    /* POWER9 */
+    "POWER9_v1.0",
 };
 
 void spapr_cpu_core_class_init(ObjectClass *oc, void *data)
-- 
2.5.5

Re: [Qemu-devel] [QEMU-PPC] [PATCH V2 00/10] target/ppc: Implement POWER9 pseries tcg

[Suraj Jitindar Singh]

On Fri, 2017-02-10 at 16:25 +1100, Suraj Jitindar Singh wrote:
> This is V2 of the patch series to implement tcg emulation support for
> a
> POWER9 cpu model for the pseries machine type running a legacy
> kernel.
> That is a kernel which doesn't use the new radix mmu mode or the new
> hash
> mmu mode with segment tables.
FWIW tree available here:
https://gitlab.ozlabs.ibm.com/surajjs/qemu/tree/POWER9-LEGACY
> 
> To use a POWER9 cpu provide the command line option "-cpu POWER9".
> 
> This series attempts to avoid precluding KVM-HV support for the
> POWER9
> cpu model but doesn't attempt to support KVM-PR or the powernv
> machine
> for the POWER9 cpu model as these aren't currently supported or
> implemented and further code changes will be required in the event
> these
> are implemented.
> 
> This series will be followed shortly by one to implement radix
> support and
> currently trying to boot a kernel with support for radix with this
> series
> will fail on the H_REGISTER_PROCESS_TABLE hcall.
> 
> The changes from V1 are as follows:
> 
>  - Drop patches which have already been merged.
>  - Instead of allocating a whole partition table we allocate a single
>    entry in the sPAPRMachineState and access it via the virtual hypv.
>  - Changes to how we handle SDR1 and renaming of associated
> functions.
>  - Drop patch to use the new pte format, guest kernels expect the old
>    format anyway, so this will only be applicable when POWER9 powernv
>    support is added, so delay adding support for this until then.
>  - Rename the mmu fault handler to ppc64_v3_handle_mmu_fault.
>  - Move segment table searching into the fault handler instead of in
>    slb_lookup().
>  - Move adding the POWER9 pseries cpu model to the end of the series.
> 
> Suraj Jitindar Singh (10):
>   target/ppc/POWER9: Add ISAv3.00 MMU definition
>   target/ppc: Fix LPCR DPFD mask define
>   target/ppc/POWER9: Adapt LPCR handling for POWER9
>   target/ppc/POWER9: Direct all instr and data storage interrupts to
> the
>     hypv
>   target/ppc: Add patb_entry to sPAPRMachineState
>   target/ppc: Don't use SDR1 when running under a POWER9 cpu model
>   target/ppc/POWER9: Add POWER9 mmu fault handler
>   target/ppc/POWER9: Add POWER9 pa-features definition
>   target/ppc/POWER9: Add cpu_has_work function for POWER9
>   hw/ppc/spapr: Add POWER9 to pseries cpu models
> 
>  hw/ppc/spapr.c              | 37 ++++++++++++++++++
>  hw/ppc/spapr_cpu_core.c     |  3 ++
>  include/hw/ppc/spapr.h      |  1 +
>  target/ppc/cpu-qom.h        |  5 ++-
>  target/ppc/cpu.h            | 24 +++++++++++-
>  target/ppc/kvm.c            |  2 +-
>  target/ppc/machine.c        |  4 +-
>  target/ppc/misc_helper.c    |  3 +-
>  target/ppc/mmu-hash64.c     | 49 +++++++++++++++++++++---
>  target/ppc/mmu-hash64.h     |  2 +-
>  target/ppc/mmu.h            | 50 +++++++++++++++++++++++++
>  target/ppc/mmu_helper.c     | 54 +++++++++++++++++++++++++--
>  target/ppc/translate.c      |  7 +++-
>  target/ppc/translate_init.c | 91
> +++++++++++++++++++++++++++++++++++++++------
>  14 files changed, 302 insertions(+), 30 deletions(-)
>  create mode 100644 target/ppc/mmu.h
> 

Re: [Qemu-devel] [QEMU-PPC] [PATCH V2 00/10] target/ppc: Implement POWER9 pseries tcg

[no-reply]

Hi,

Your series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Subject: [Qemu-devel] [QEMU-PPC] [PATCH V2 00/10] target/ppc: Implement POWER9 pseries tcg
Message-id: 1486704360-27361-1-git-send-email-sjitindarsingh@gmail.com
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=16
make docker-test-quick@centos6
make docker-test-mingw@fedora
make docker-test-build@min-glib
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
d20592c hw/ppc/spapr: Add POWER9 to pseries cpu models
09ac3a9 target/ppc/POWER9: Add cpu_has_work function for POWER9
2ae4ad5 target/ppc/POWER9: Add POWER9 pa-features definition
a0e8faf target/ppc/POWER9: Add POWER9 mmu fault handler
2754f17 target/ppc: Don't use SDR1 when running under a POWER9 cpu model
1321794 target/ppc: Add patb_entry to sPAPRMachineState
b165815 target/ppc/POWER9: Direct all instr and data storage interrupts to the hypv
d5142fa target/ppc/POWER9: Adapt LPCR handling for POWER9
91ae6e4 target/ppc: Fix LPCR DPFD mask define
ff2da10 target/ppc/POWER9: Add ISAv3.00 MMU definition

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
fatal: read error: Connection reset by peer
Cloning into 'dtc'...
Clone of 'git://git.qemu-project.org/dtc.git' into submodule path 'dtc' failed
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@freelists.org

Re: [Qemu-devel] [QEMU-PPC] [PATCH V2 00/10] target/ppc: Implement POWER9 pseries tcg

[Suraj Jitindar Singh]

On Fri, 2017-02-10 at 16:28 +1100, Suraj Jitindar Singh wrote:
> On Fri, 2017-02-10 at 16:25 +1100, Suraj Jitindar Singh wrote:
> > 
> > This is V2 of the patch series to implement tcg emulation support
> > for
> > a
> > POWER9 cpu model for the pseries machine type running a legacy
> > kernel.
> > That is a kernel which doesn't use the new radix mmu mode or the
> > new
> > hash
> > mmu mode with segment tables.
> FWIW tree available here:
> https://gitlab.ozlabs.ibm.com/surajjs/qemu/tree/POWER9-LEGACY
Scratch that, this:
https://github.ibm.com/surajjs/qemu/tree/POWER9-LEGACY
> > 
> > 
> > To use a POWER9 cpu provide the command line option "-cpu POWER9".
> > 
> > This series attempts to avoid precluding KVM-HV support for the
> > POWER9
> > cpu model but doesn't attempt to support KVM-PR or the powernv
> > machine
> > for the POWER9 cpu model as these aren't currently supported or
> > implemented and further code changes will be required in the event
> > these
> > are implemented.
> > 
> > This series will be followed shortly by one to implement radix
> > support and
> > currently trying to boot a kernel with support for radix with this
> > series
> > will fail on the H_REGISTER_PROCESS_TABLE hcall.
> > 
> > The changes from V1 are as follows:
> > 
> >  - Drop patches which have already been merged.
> >  - Instead of allocating a whole partition table we allocate a
> > single
> >    entry in the sPAPRMachineState and access it via the virtual
> > hypv.
> >  - Changes to how we handle SDR1 and renaming of associated
> > functions.
> >  - Drop patch to use the new pte format, guest kernels expect the
> > old
> >    format anyway, so this will only be applicable when POWER9
> > powernv
> >    support is added, so delay adding support for this until then.
> >  - Rename the mmu fault handler to ppc64_v3_handle_mmu_fault.
> >  - Move segment table searching into the fault handler instead of
> > in
> >    slb_lookup().
> >  - Move adding the POWER9 pseries cpu model to the end of the
> > series.
> > 
> > Suraj Jitindar Singh (10):
> >   target/ppc/POWER9: Add ISAv3.00 MMU definition
> >   target/ppc: Fix LPCR DPFD mask define
> >   target/ppc/POWER9: Adapt LPCR handling for POWER9
> >   target/ppc/POWER9: Direct all instr and data storage interrupts
> > to
> > the
> >     hypv
> >   target/ppc: Add patb_entry to sPAPRMachineState
> >   target/ppc: Don't use SDR1 when running under a POWER9 cpu model
> >   target/ppc/POWER9: Add POWER9 mmu fault handler
> >   target/ppc/POWER9: Add POWER9 pa-features definition
> >   target/ppc/POWER9: Add cpu_has_work function for POWER9
> >   hw/ppc/spapr: Add POWER9 to pseries cpu models
> > 
> >  hw/ppc/spapr.c              | 37 ++++++++++++++++++
> >  hw/ppc/spapr_cpu_core.c     |  3 ++
> >  include/hw/ppc/spapr.h      |  1 +
> >  target/ppc/cpu-qom.h        |  5 ++-
> >  target/ppc/cpu.h            | 24 +++++++++++-
> >  target/ppc/kvm.c            |  2 +-
> >  target/ppc/machine.c        |  4 +-
> >  target/ppc/misc_helper.c    |  3 +-
> >  target/ppc/mmu-hash64.c     | 49 +++++++++++++++++++++---
> >  target/ppc/mmu-hash64.h     |  2 +-
> >  target/ppc/mmu.h            | 50 +++++++++++++++++++++++++
> >  target/ppc/mmu_helper.c     | 54 +++++++++++++++++++++++++--
> >  target/ppc/translate.c      |  7 +++-
> >  target/ppc/translate_init.c | 91
> > +++++++++++++++++++++++++++++++++++++++------
> >  14 files changed, 302 insertions(+), 30 deletions(-)
> >  create mode 100644 target/ppc/mmu.h

Re: [Qemu-devel] [QEMU-PPC] [PATCH V2 02/10] target/ppc: Fix LPCR DPFD mask define

[David Gibson]

[-- Attachment #1: Type: text/plain, Size: 1244 bytes --]

On Fri, Feb 10, 2017 at 04:25:52PM +1100, Suraj Jitindar Singh wrote:
> The DPFD field in the LPCR is 3 bits wide. This has always been defined
> as 0x3 << shift which indicates a 2 bit field, which is incorrect.
> Correct this.
> 
> Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>

Since this is a correct fix all on its own, I've applied it to
ppc-for-2.9.

> ---
>  target/ppc/cpu.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
> index bc2a2ce..bb96dd5 100644
> --- a/target/ppc/cpu.h
> +++ b/target/ppc/cpu.h
> @@ -381,7 +381,7 @@ struct ppc_slb_t {
>  #define LPCR_ISL          (1ull << (63 - 2))
>  #define LPCR_KBV          (1ull << (63 - 3))
>  #define LPCR_DPFD_SHIFT   (63 - 11)
> -#define LPCR_DPFD         (0x3ull << LPCR_DPFD_SHIFT)
> +#define LPCR_DPFD         (0x7ull << LPCR_DPFD_SHIFT)
>  #define LPCR_VRMASD_SHIFT (63 - 16)
>  #define LPCR_VRMASD       (0x1full << LPCR_VRMASD_SHIFT)
>  #define LPCR_RMLS_SHIFT   (63 - 37)

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: [Qemu-devel] [QEMU-PPC] [PATCH V2 05/10] target/ppc: Add patb_entry to sPAPRMachineState

[David Gibson]

[-- Attachment #1: Type: text/plain, Size: 5943 bytes --]

On Fri, Feb 10, 2017 at 04:25:55PM +1100, Suraj Jitindar Singh wrote:
> ISA v3.00 adds the idea of a partition table which is used to store the
> address translation details for all partitions on the system. The partition
> table consists of double word entries indexed by partition id where the second
> double word contains the location of the process table in guest memory. The
> process table is registered by the guest via a h-call.
> 
> We need somewhere to store the address of the process table so we add an entry
> to the sPAPRMachineState struct called patb_entry to represent the second
> doubleword of a single partition table entry corresponding to the current
> guest. We need to store this value so we know if the guest is using radix or
> hash translation and the location of the corresponding process table in guest
> memory. Since we only have a single guest per qemu instance, we only need one
> entry.
> 
> Since the partition table is technically a hypervisor resource we require that
> access to it is abstracted by the virtual hypervisor through the calls
> [set/get]_patbe(). Currently the value of the entry is never set (and thus
> defaults to 0 indicating hash), but it will be required to both implement
> POWER9 kvm support and tcg radix support.
> 
> We also add this field to be migrated as part of the sPAPRMachineState as we
> will need it on the receiving side as the guest will never tell us this
> information again and we need it to perform translation.
> 
> Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
> ---
>  hw/ppc/spapr.c         | 19 +++++++++++++++++++
>  include/hw/ppc/spapr.h |  1 +
>  target/ppc/cpu.h       |  2 ++
>  3 files changed, 22 insertions(+)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index e465d7a..057adae 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -1018,6 +1018,20 @@ static void emulate_spapr_hypercall(PPCVirtualHypervisor *vhyp,
>      }
>  }
>  
> +static void spapr_set_patbe(PPCVirtualHypervisor *vhyp, uint64_t val)
> +{
> +    sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
> +
> +    spapr->patb_entry = val;
> +}
> +
> +static uint64_t spapr_get_patbe(PPCVirtualHypervisor *vhyp)
> +{
> +    sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());

So, it'll amount to the same thing of course, but using
SPAPR_MACHINE(vhyp) here is a little more logically correct.

> +
> +    return spapr->patb_entry;
> +}
> +
>  #define HPTE(_table, _i)   (void *)(((uint64_t *)(_table)) + ((_i) * 2))
>  #define HPTE_VALID(_hpte)  (tswap64(*((uint64_t *)(_hpte))) & HPTE64_V_VALID)
>  #define HPTE_DIRTY(_hpte)  (tswap64(*((uint64_t *)(_hpte))) & HPTE64_V_HPTE_DIRTY)
> @@ -1141,6 +1155,8 @@ static void ppc_spapr_reset(void)
>      /* Check for unknown sysbus devices */
>      foreach_dynamic_sysbus_device(find_unknown_sysbus_device, NULL);
>  
> +    spapr->patb_entry = 0;

I'm assuming that the patb_entry has some control bits making this
distinguishable from a process table at GPA 0?

>      /* Allocate and/or reset the hash page table */
>      spapr_reallocate_hpt(spapr,
>                           spapr_hpt_shift_for_ramsize(machine->maxram_size),
> @@ -1340,6 +1356,7 @@ static const VMStateDescription vmstate_spapr = {
>          VMSTATE_UINT64_TEST(rtc_offset, sPAPRMachineState, version_before_3),
>  
>          VMSTATE_PPC_TIMEBASE_V(tb, sPAPRMachineState, 2),
> +        VMSTATE_UINT64(patb_entry, sPAPRMachineState),

Ah.. yeah, you can't just add things to the VMStateDescription,
because that'll break parsing of existing migration streams.  You
could bump the version, but that breaks backwards migration.

So, the usual approach here is to add a new optional subsection - see
vmstate_spapr_ov5_cas for an example.  In this case you could have the
.needed function return true only if pathb_entry != 0 - so it won't be
transmitted for either POWER7/8 or for POWER9 in legacy mode, which
seems to make sense.

>          VMSTATE_END_OF_LIST()
>      },
>      .subsections = (const VMStateDescription*[]) {
> @@ -2733,6 +2750,8 @@ static void spapr_machine_class_init(ObjectClass *oc, void *data)
>      nc->nmi_monitor_handler = spapr_nmi;
>      smc->phb_placement = spapr_phb_placement;
>      vhc->hypercall = emulate_spapr_hypercall;
> +    vhc->set_patbe = spapr_set_patbe;
> +    vhc->get_patbe = spapr_get_patbe;
>  }
>  
>  static const TypeInfo spapr_machine_info = {
> diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
> index a2d8964..c6a929a 100644
> --- a/include/hw/ppc/spapr.h
> +++ b/include/hw/ppc/spapr.h
> @@ -63,6 +63,7 @@ struct sPAPRMachineState {
>  
>      void *htab;
>      uint32_t htab_shift;
> +    uint64_t patb_entry; /* Process tbl registed in H_REGISTER_PROCESS_TABLE */
>      hwaddr rma_size;
>      int vrma_adjust;
>      ssize_t rtas_size;
> diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
> index 425e79d..a148729 100644
> --- a/target/ppc/cpu.h
> +++ b/target/ppc/cpu.h
> @@ -1218,6 +1218,8 @@ struct PPCVirtualHypervisor {
>  struct PPCVirtualHypervisorClass {
>      InterfaceClass parent;
>      void (*hypercall)(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu);
> +    void (*set_patbe)(PPCVirtualHypervisor *vhyp, uint64_t val);

So.. I don't actually see any situation that would require set_patbe.
We need get_patbe for the CPU code to get the process table addr from
the machine.  But the hypercall to set it is already in the machine,
so we don't need to go the other way.

> +    uint64_t (*get_patbe)(PPCVirtualHypervisor *vhyp);
>  };
>  
>  #define TYPE_PPC_VIRTUAL_HYPERVISOR "ppc-virtual-hypervisor"

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: [Qemu-devel] [QEMU-PPC] [PATCH V2 05/10] target/ppc: Add patb_entry to sPAPRMachineState

[Suraj Jitindar Singh]

On Mon, 2017-02-13 at 13:17 +1100, David Gibson wrote:
> On Fri, Feb 10, 2017 at 04:25:55PM +1100, Suraj Jitindar Singh wrote:
> > 
> > ISA v3.00 adds the idea of a partition table which is used to store
> > the
> > address translation details for all partitions on the system. The
> > partition
> > table consists of double word entries indexed by partition id where
> > the second
> > double word contains the location of the process table in guest
> > memory. The
> > process table is registered by the guest via a h-call.
> > 
> > We need somewhere to store the address of the process table so we
> > add an entry
> > to the sPAPRMachineState struct called patb_entry to represent the
> > second
> > doubleword of a single partition table entry corresponding to the
> > current
> > guest. We need to store this value so we know if the guest is using
> > radix or
> > hash translation and the location of the corresponding process
> > table in guest
> > memory. Since we only have a single guest per qemu instance, we
> > only need one
> > entry.
> > 
> > Since the partition table is technically a hypervisor resource we
> > require that
> > access to it is abstracted by the virtual hypervisor through the
> > calls
> > [set/get]_patbe(). Currently the value of the entry is never set
> > (and thus
> > defaults to 0 indicating hash), but it will be required to both
> > implement
> > POWER9 kvm support and tcg radix support.
> > 
> > We also add this field to be migrated as part of the
> > sPAPRMachineState as we
> > will need it on the receiving side as the guest will never tell us
> > this
> > information again and we need it to perform translation.
> > 
> > Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
> > ---
> >  hw/ppc/spapr.c         | 19 +++++++++++++++++++
> >  include/hw/ppc/spapr.h |  1 +
> >  target/ppc/cpu.h       |  2 ++
> >  3 files changed, 22 insertions(+)
> > 
> > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > index e465d7a..057adae 100644
> > --- a/hw/ppc/spapr.c
> > +++ b/hw/ppc/spapr.c
> > @@ -1018,6 +1018,20 @@ static void
> > emulate_spapr_hypercall(PPCVirtualHypervisor *vhyp,
> >      }
> >  }
> >  
> > +static void spapr_set_patbe(PPCVirtualHypervisor *vhyp, uint64_t
> > val)
> > +{
> > +    sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
> > +
> > +    spapr->patb_entry = val;
> > +}
> > +
> > +static uint64_t spapr_get_patbe(PPCVirtualHypervisor *vhyp)
> > +{
> > +    sPAPRMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
> So, it'll amount to the same thing of course, but using
> SPAPR_MACHINE(vhyp) here is a little more logically correct.
Ok, will fix that up
> 
> > 
> > +
> > +    return spapr->patb_entry;
> > +}
> > +
> >  #define HPTE(_table, _i)   (void *)(((uint64_t *)(_table)) + ((_i)
> > * 2))
> >  #define HPTE_VALID(_hpte)  (tswap64(*((uint64_t *)(_hpte))) &
> > HPTE64_V_VALID)
> >  #define HPTE_DIRTY(_hpte)  (tswap64(*((uint64_t *)(_hpte))) &
> > HPTE64_V_HPTE_DIRTY)
> > @@ -1141,6 +1155,8 @@ static void ppc_spapr_reset(void)
> >      /* Check for unknown sysbus devices */
> >      foreach_dynamic_sysbus_device(find_unknown_sysbus_device,
> > NULL);
> >  
> > +    spapr->patb_entry = 0;
> I'm assuming that the patb_entry has some control bits making this
> distinguishable from a process table at GPA 0?
Yeah, so process table size is also contained here which must be >= 24,
so this is technically an invalid entry, which is what we want for a
default value.
> 
> > 
> >      /* Allocate and/or reset the hash page table */
> >      spapr_reallocate_hpt(spapr,
> >                           spapr_hpt_shift_for_ramsize(machine-
> > >maxram_size),
> > @@ -1340,6 +1356,7 @@ static const VMStateDescription vmstate_spapr
> > = {
> >          VMSTATE_UINT64_TEST(rtc_offset, sPAPRMachineState,
> > version_before_3),
> >  
> >          VMSTATE_PPC_TIMEBASE_V(tb, sPAPRMachineState, 2),
> > +        VMSTATE_UINT64(patb_entry, sPAPRMachineState),
> Ah.. yeah, you can't just add things to the VMStateDescription,
> because that'll break parsing of existing migration streams.  You
> could bump the version, but that breaks backwards migration.
> 
> So, the usual approach here is to add a new optional subsection - see
> vmstate_spapr_ov5_cas for an example.  In this case you could have
> the
> .needed function return true only if pathb_entry != 0 - so it won't
> be
> transmitted for either POWER7/8 or for POWER9 in legacy mode, which
> seems to make sense.
Sounds like a good way of doing it which will behave how we want. I'll
do it like you suggest.
> 
> > 
> >          VMSTATE_END_OF_LIST()
> >      },
> >      .subsections = (const VMStateDescription*[]) {
> > @@ -2733,6 +2750,8 @@ static void
> > spapr_machine_class_init(ObjectClass *oc, void *data)
> >      nc->nmi_monitor_handler = spapr_nmi;
> >      smc->phb_placement = spapr_phb_placement;
> >      vhc->hypercall = emulate_spapr_hypercall;
> > +    vhc->set_patbe = spapr_set_patbe;
> > +    vhc->get_patbe = spapr_get_patbe;
> >  }
> >  
> >  static const TypeInfo spapr_machine_info = {
> > diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
> > index a2d8964..c6a929a 100644
> > --- a/include/hw/ppc/spapr.h
> > +++ b/include/hw/ppc/spapr.h
> > @@ -63,6 +63,7 @@ struct sPAPRMachineState {
> >  
> >      void *htab;
> >      uint32_t htab_shift;
> > +    uint64_t patb_entry; /* Process tbl registed in
> > H_REGISTER_PROCESS_TABLE */
> >      hwaddr rma_size;
> >      int vrma_adjust;
> >      ssize_t rtas_size;
> > diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
> > index 425e79d..a148729 100644
> > --- a/target/ppc/cpu.h
> > +++ b/target/ppc/cpu.h
> > @@ -1218,6 +1218,8 @@ struct PPCVirtualHypervisor {
> >  struct PPCVirtualHypervisorClass {
> >      InterfaceClass parent;
> >      void (*hypercall)(PPCVirtualHypervisor *vhyp, PowerPCCPU
> > *cpu);
> > +    void (*set_patbe)(PPCVirtualHypervisor *vhyp, uint64_t val);
> So.. I don't actually see any situation that would require set_patbe.
> We need get_patbe for the CPU code to get the process table addr from
> the machine.  But the hypercall to set it is already in the machine,
> so we don't need to go the other way.
Good point, I wasn't thinking. I'll remove this.
> 
> > 
> > +    uint64_t (*get_patbe)(PPCVirtualHypervisor *vhyp);
> >  };
> >  
> >  #define TYPE_PPC_VIRTUAL_HYPERVISOR "ppc-virtual-hypervisor"

Re: [Qemu-devel] [QEMU-PPC] [PATCH V2 06/10] target/ppc: Don't use SDR1 when running under a POWER9 cpu model

[David Gibson]

[-- Attachment #1: Type: text/plain, Size: 12576 bytes --]

On Fri, Feb 10, 2017 at 04:25:56PM +1100, Suraj Jitindar Singh wrote:
> The SDR1 register was used on pre-POWER9 processors to store the location
> of the hash page table, however now this information will be stored in the
> partition table so we don't have SDR1 anymore. Additionally this register
> was only applicable for powernv as it is a hypervisor resource and thus
> shouldn't be accessed on a pseries machine.
> 
> We no longer generate the SDR1 register if we are on a POWER9 or later cpu.
> We also rename the functions ppc_hash64_set_sdr1->ppc_hash64_set_htab and
> ppc_store_sdr1->ppc_store_htab to indicate that they are primarily
> concerned with setting htab_[base/mask].
> 
> We still set SDR1 in ppc_hash64_set_external_hpt for non-POWER9 cpus as
> this is used for kvm-pr to tell the hypervisor where the hash table is,
> note this means kvm-pr isn't yet supported on a POWER9 cpu model.
> 
> We set SDR1 in ppc_store_htab for non-POWER9 cpus as this is the called
> by the powernv machine code to restore the sdr1 (and htab_[mask/base])
> on incoming migration, note this means that the powernv machine isn't
> yet supported on a POWER9 cpu model.
> 
> We also adapt the debug code to only print the SDR1 value if the register
> has been created.
> 
> Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>

I think this is a bit over-enthusiastic in some places.

> ---
>  target/ppc/cpu.h            |  2 +-
>  target/ppc/kvm.c            |  2 +-
>  target/ppc/machine.c        |  4 ++--
>  target/ppc/misc_helper.c    |  3 ++-
>  target/ppc/mmu-hash64.c     | 12 +++++++++---
>  target/ppc/mmu-hash64.h     |  2 +-
>  target/ppc/mmu_helper.c     | 12 +++++++++---
>  target/ppc/translate.c      |  7 +++++--
>  target/ppc/translate_init.c | 17 ++++++++++++++---
>  9 files changed, 44 insertions(+), 17 deletions(-)
> 
> diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
> index a148729..1ae0719 100644
> --- a/target/ppc/cpu.h
> +++ b/target/ppc/cpu.h
> @@ -1265,7 +1265,7 @@ int ppc_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int rw,
>  #endif
>  
>  #if !defined(CONFIG_USER_ONLY)
> -void ppc_store_sdr1 (CPUPPCState *env, target_ulong value);
> +void ppc_store_htab(CPUPPCState *env, target_ulong value);
>  #endif /* !defined(CONFIG_USER_ONLY) */
>  void ppc_store_msr (CPUPPCState *env, target_ulong value);
>  
> diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
> index 663d2e7..5e2323c 100644
> --- a/target/ppc/kvm.c
> +++ b/target/ppc/kvm.c
> @@ -1228,7 +1228,7 @@ static int kvmppc_get_books_sregs(PowerPCCPU *cpu)
>      }
>  
>      if (!env->external_htab) {
> -        ppc_store_sdr1(env, sregs.u.s.sdr1);
> +        ppc_store_htab(env, sregs.u.s.sdr1);

If the CPU has no SDR1, the sdr1 field in sregs can't really mean
anything, so the name change is not relevant here.

>      }
>  
>      /* Sync SLB */
> diff --git a/target/ppc/machine.c b/target/ppc/machine.c
> index df9f7a4..f6d5ade 100644
> --- a/target/ppc/machine.c
> +++ b/target/ppc/machine.c
> @@ -77,7 +77,7 @@ static int cpu_load_old(QEMUFile *f, void *opaque, int version_id)
>      for (i = 0; i < 1024; i++)
>          qemu_get_betls(f, &env->spr[i]);
>      if (!env->external_htab) {
> -        ppc_store_sdr1(env, sdr1);
> +        ppc_store_htab(env, sdr1);

Likewise here - this function is only called reading an old migration
stream that expects an SDR1 to be present anyway.

>      }
>      qemu_get_be32s(f, &env->vscr);
>      qemu_get_be64s(f, &env->spe_acc);
> @@ -230,7 +230,7 @@ static int cpu_post_load(void *opaque, int version_id)
>  
>      if (!env->external_htab) {
>          /* Restore htab_base and htab_mask variables */
> -        ppc_store_sdr1(env, env->spr[SPR_SDR1]);
> +        ppc_store_htab(env, env->spr[SPR_SDR1]);

For POWER9 this will be a no-op:
   - for powernv the hpt will be set by the loading of the partition
     table, making this irrelevant
   - for pseries, it won't be called since external_htab will be true

So this case doesn't require the name change either.

>      }
>  
>      /* Invalidate all msr bits except MSR_TGPR/MSR_HVB before restoring */
> diff --git a/target/ppc/misc_helper.c b/target/ppc/misc_helper.c
> index ab432ba..49ba767 100644
> --- a/target/ppc/misc_helper.c
> +++ b/target/ppc/misc_helper.c
> @@ -84,7 +84,8 @@ void helper_store_sdr1(CPUPPCState *env, target_ulong val)
>  
>      if (!env->external_htab) {
>          if (env->spr[SPR_SDR1] != val) {
> -            ppc_store_sdr1(env, val);
> +            env->spr[SPR_SDR1] = val;
> +            ppc_store_htab(env, val);

This is only called for CPUs which actually have an SDR1, so no name
change required by this caller.

>              tlb_flush(CPU(cpu));
>          }
>      }
> diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
> index 7c5d589..e658873 100644
> --- a/target/ppc/mmu-hash64.c
> +++ b/target/ppc/mmu-hash64.c
> @@ -285,13 +285,12 @@ target_ulong helper_load_slb_vsid(CPUPPCState *env, target_ulong rb)
>  /*
>   * 64-bit hash table MMU handling
>   */
> -void ppc_hash64_set_sdr1(PowerPCCPU *cpu, target_ulong value,
> +void ppc_hash64_set_htab(PowerPCCPU *cpu, target_ulong value,
>                           Error **errp)

So, this function is useful for both POWER9 and other systems.
However the new name is also misleading, because with the change below
it sets things *about* the HPT without actually setting the HPT
itself.

I think it would make more sense to put the POWER9 vs. otherwise
conditional into here, so this will still set env[SPR_SDR1] on CPUs
which have the SPR.

>  {
>      CPUPPCState *env = &cpu->env;
>      target_ulong htabsize = value & SDR_64_HTABSIZE;
>  
> -    env->spr[SPR_SDR1] = value;
>      if (htabsize > 28) {
>          error_setg(errp,
>                     "Invalid HTABSIZE 0x" TARGET_FMT_lx" stored in SDR1",
> @@ -313,7 +312,14 @@ void ppc_hash64_set_external_hpt(PowerPCCPU *cpu, void *hpt, int shift,
>      } else {
>          env->external_htab = MMU_HASH64_KVM_MANAGED_HPT;
>      }
> -    ppc_hash64_set_sdr1(cpu, (target_ulong)(uintptr_t)hpt | (shift - 18),
> +    switch (env->mmu_model) {
> +    case POWERPC_MMU_3_00:
> +        break; /* Power 9 doesn't have an SDR1 */
> +    default:
> +        env->spr[SPR_SDR1] = (target_ulong) hpt | (shift - 18);
> +        break;
> +    }

This caller then becomes simpler.

> +    ppc_hash64_set_htab(cpu, (target_ulong)(uintptr_t)hpt | (shift - 18),
>                          &local_err);
>      if (local_err) {
>          error_propagate(errp, local_err);
> diff --git a/target/ppc/mmu-hash64.h b/target/ppc/mmu-hash64.h
> index 7a0b7fc..e930934 100644
> --- a/target/ppc/mmu-hash64.h
> +++ b/target/ppc/mmu-hash64.h
> @@ -91,7 +91,7 @@ void ppc_hash64_update_rmls(CPUPPCState *env);
>  #define HPTE64_V_1TB_SEG        0x4000000000000000ULL
>  #define HPTE64_V_VRMA_MASK      0x4001ffffff000000ULL
>  
> -void ppc_hash64_set_sdr1(PowerPCCPU *cpu, target_ulong value,
> +void ppc_hash64_set_htab(PowerPCCPU *cpu, target_ulong value,
>                           Error **errp);
>  void ppc_hash64_set_external_hpt(PowerPCCPU *cpu, void *hpt, int shift,
>                                   Error **errp);
> diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
> index 172a305..e893e72 100644
> --- a/target/ppc/mmu_helper.c
> +++ b/target/ppc/mmu_helper.c
> @@ -1995,17 +1995,23 @@ void ppc_tlb_invalidate_one(CPUPPCState *env, target_ulong addr)
>  
>  /*****************************************************************************/
>  /* Special registers manipulation */
> -void ppc_store_sdr1(CPUPPCState *env, target_ulong value)
> +void ppc_store_htab(CPUPPCState *env, target_ulong value)
>  {
>      qemu_log_mask(CPU_LOG_MMU, "%s: " TARGET_FMT_lx "\n", __func__, value);
>      assert(!env->external_htab);
> -    env->spr[SPR_SDR1] = value;
> +    switch (env->mmu_model) {
> +    case POWERPC_MMU_3_00: /* POWER 9 doesn't have an SDR1 */
> +        break;
> +    default: /* Pre-POWER9 does */
> +        env->spr[SPR_SDR1] = value;
> +        break;
> +    }

From looking at the rest of the patch, ppc_store_sdr1() (as opposed to
the lower level functions) is never called in a context where it would
make sense to have a non-SDR1 system, so the name should change.

>  #if defined(TARGET_PPC64)
>      if (env->mmu_model & POWERPC_MMU_64) {
>          PowerPCCPU *cpu = ppc_env_get_cpu(env);
>          Error *local_err = NULL;
>  
> -        ppc_hash64_set_sdr1(cpu, value, &local_err);
> +        ppc_hash64_set_htab(cpu, value, &local_err);
>          if (local_err) {
>              error_report_err(local_err);
>              error_free(local_err);
> diff --git a/target/ppc/translate.c b/target/ppc/translate.c
> index b48abae..473a40a 100644
> --- a/target/ppc/translate.c
> +++ b/target/ppc/translate.c
> @@ -6850,9 +6850,12 @@ void ppc_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
>      case POWERPC_MMU_2_06a:
>      case POWERPC_MMU_2_07:
>      case POWERPC_MMU_2_07a:
> +    case POWERPC_MMU_3_00:
>  #endif
> -        cpu_fprintf(f, " SDR1 " TARGET_FMT_lx "   DAR " TARGET_FMT_lx
> -                       "  DSISR " TARGET_FMT_lx "\n", env->spr[SPR_SDR1],
> +        if (env->spr_cb[SPR_SDR1].name) {
> +            cpu_fprintf(f, " SDR1 " TARGET_FMT_lx " ", env->spr[SPR_SDR1]);
> +        }

This change is fine.

> +        cpu_fprintf(f, "  DAR " TARGET_FMT_lx "  DSISR " TARGET_FMT_lx "\n",
>                      env->spr[SPR_DAR], env->spr[SPR_DSISR]);
>          break;
>      case POWERPC_MMU_BOOKE206:
> diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
> index be35cbd..f401d31 100644
> --- a/target/ppc/translate_init.c
> +++ b/target/ppc/translate_init.c
> @@ -32,6 +32,7 @@
>  #include "qapi/visitor.h"
>  #include "hw/qdev-properties.h"
>  #include "hw/ppc/ppc.h"
> +#include "mmu.h"
>  
>  //#define PPC_DUMP_CPU
>  //#define PPC_DEBUG_SPR
> @@ -722,8 +723,8 @@ static void gen_spr_generic (CPUPPCState *env)
>                   0x00000000);
>  }
>

Hm, longer term, I think it would make more sense for POWER9 not to
try to use init_proc_book3s_64().  That function was created on the
assumption that all 64-bit book3s CPUs had a "classic" hash MMU.  With
POWER9 that's no longer the case.

Basically we want to remove the MMU related SPRs from
init_proc_book3s_64() (which might want a name change).  Both POWER9
and POWER8(etc) can call that function.  But then POWER8 and earlier
can call a new helper function to set up the hash MMU related SPRs,
and POWER9 will call a new function to create the MMUv3 SPRs.

> -/* SPR common to all non-embedded PowerPC, including 601 */
> -static void gen_spr_ne_601 (CPUPPCState *env)
> +/* SPR common to all non-embedded PowerPC, including POWER9 */
> +static void gen_spr_ne_power9(CPUPPCState *env)
>  {
>      /* Exception processing */
>      spr_register_kvm(env, SPR_DSISR, "DSISR",
> @@ -739,6 +740,12 @@ static void gen_spr_ne_601 (CPUPPCState *env)
>                   SPR_NOACCESS, SPR_NOACCESS,
>                   &spr_read_decr, &spr_write_decr,
>                   0x00000000);
> +}
> +
> +/* SPR common to all non-embedded PowerPC, including 601 */
> +static void gen_spr_ne_601(CPUPPCState *env)
> +{
> +    gen_spr_ne_power9(env);
>      /* Memory management */
>      spr_register(env, SPR_SDR1, "SDR1",
>                   SPR_NOACCESS, SPR_NOACCESS,
> @@ -8200,7 +8207,6 @@ static void gen_spr_power8_rpr(CPUPPCState *env)
>  
>  static void init_proc_book3s_64(CPUPPCState *env, int version)
>  {
> -    gen_spr_ne_601(env);
>      gen_tbl(env);
>      gen_spr_book3s_altivec(env);
>      gen_spr_book3s_pmu_sup(env);
> @@ -8258,6 +8264,11 @@ static void init_proc_book3s_64(CPUPPCState *env, int version)
>          gen_spr_power8_book4(env);
>          gen_spr_power8_rpr(env);
>      }
> +    if (version >= BOOK3S_CPU_POWER9) {
> +        gen_spr_ne_power9(env);
> +    } else {
> +        gen_spr_ne_601(env);
> +    }
>      if (version < BOOK3S_CPU_POWER8) {
>          gen_spr_book3s_dbg(env);
>      } else {

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: [Qemu-devel] [QEMU-PPC] [PATCH V2 07/10] target/ppc/POWER9: Add POWER9 mmu fault handler

[David Gibson]

[-- Attachment #1: Type: text/plain, Size: 7566 bytes --]

On Fri, Feb 10, 2017 at 04:25:57PM +1100, Suraj Jitindar Singh wrote:
> Add a new mmu fault handler for the POWER9 cpu and add it as the handler
> for the POWER9 cpu definition.
> 
> This handler checks if the guest is radix or hash based on the value in the
> partition table entry and calls the correct fault handler accordingly.
> 
> The hash fault handling code has also been updated to check if the
> partition is using segment tables.
> 
> Currently only legacy hash (no segment tables) is supported.
> 
> Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
> ---
>  target/ppc/mmu-hash64.c     |  9 ++++++++
>  target/ppc/mmu.h            | 50 +++++++++++++++++++++++++++++++++++++++++++++
>  target/ppc/mmu_helper.c     | 40 ++++++++++++++++++++++++++++++++++++
>  target/ppc/translate_init.c |  2 +-
>  4 files changed, 100 insertions(+), 1 deletion(-)
>  create mode 100644 target/ppc/mmu.h
> 
> diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
> index e658873..ada8876 100644
> --- a/target/ppc/mmu-hash64.c
> +++ b/target/ppc/mmu-hash64.c
> @@ -27,6 +27,7 @@
>  #include "kvm_ppc.h"
>  #include "mmu-hash64.h"
>  #include "exec/log.h"
> +#include "mmu.h"
>  
>  //#define DEBUG_SLB
>  
> @@ -766,6 +767,14 @@ int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr,
>      /* 2. Translation is on, so look up the SLB */
>      slb = slb_lookup(cpu, eaddr);
>      if (!slb) {
> +        /* No entry found, check if in-memory segment tables are in use */
> +        if (ppc64_use_proc_tbl(cpu)) {
> +            /* TODO - Unsupported */
> +            qemu_log_mask(LOG_UNIMP, "%s: unimplemented - segment table support",
> +                          __func__);
> +            /* Not much we can do here, generate a segment interrupt */

I'd suggest a hw_error() here, or an error_report() and abort(1), both
of which will noisily crash.  qemu_log() is not much used these days,
and as I recall actually setting up the log file to get this
information is a bit of a pain.

> +        }
> +        /* Segment still not found, generate the appropriate interrupt */
>          if (rwx == 2) {
>              cs->exception_index = POWERPC_EXCP_ISEG;
>              env->error_code = 0;
> diff --git a/target/ppc/mmu.h b/target/ppc/mmu.h
> new file mode 100644
> index 0000000..9375921
> --- /dev/null
> +++ b/target/ppc/mmu.h

AFAICT the stuff in here is pretty much specific to the v3 MMU, so I
think this should be renamed accordingly (just as we have mmu-hash64.h
for hash specific things).

> @@ -0,0 +1,50 @@
> +/*
> + *  PowerPC emulation generic mmu definitions for qemu.
> + *
> + *  Copyright (c) 2017 Suraj Jitindar Singh, IBM Corporation
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#ifndef MMU_H
> +#define MMU_H
> +
> +#ifndef CONFIG_USER_ONLY
> +
> +/* Partition Table Entry Fields */
> +#define PATBE1_GR 0x8000000000000000
> +
> +#ifdef TARGET_PPC64
> +
> +static inline bool ppc64_use_proc_tbl(PowerPCCPU *cpu)
> +{
> +    return !!(cpu->env.spr[SPR_LPCR] & LPCR_UPRT);
> +}
> +
> +static inline bool ppc64_radix_guest(PowerPCCPU *cpu)
> +{
> +    PPCVirtualHypervisorClass *vhc =
> +        PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->vhyp);
> +    return !!(vhc->get_patbe(cpu->vhyp) & PATBE1_GR);
> +}
> +
> +int ppc64_v3_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int rwx,
> +                              int mmu_idx);
> +
> +#endif /* TARGET_PPC64 */
> +
> +#endif /* CONFIG_USER_ONLY */
> +
> +#endif /* MMU_H */
> diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
> index e893e72..71ad771 100644
> --- a/target/ppc/mmu_helper.c
> +++ b/target/ppc/mmu_helper.c
> @@ -28,6 +28,8 @@
>  #include "exec/cpu_ldst.h"
>  #include "exec/log.h"
>  #include "helper_regs.h"
> +#include "qemu/error-report.h"
> +#include "mmu.h"
>  
>  //#define DEBUG_MMU
>  //#define DEBUG_BATS
> @@ -1280,6 +1282,17 @@ void dump_mmu(FILE *f, fprintf_function cpu_fprintf, CPUPPCState *env)
>      case POWERPC_MMU_2_07a:
>          dump_slb(f, cpu_fprintf, ppc_env_get_cpu(env));
>          break;
> +    case POWERPC_MMU_3_00:
> +        if (ppc64_radix_guest(ppc_env_get_cpu(env))) {
> +            /* TODO - Unsupported */
> +        } else {
> +            if (ppc64_use_proc_tbl(ppc_env_get_cpu(env))) {
> +                /* TODO - Unsupported */
> +            } else {
> +                dump_slb(f, cpu_fprintf, ppc_env_get_cpu(env));
> +                break;
> +            }
> +        }
>  #endif
>      default:
>          qemu_log_mask(LOG_UNIMP, "%s: unimplemented\n", __func__);
> @@ -1421,6 +1434,17 @@ hwaddr ppc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
>      case POWERPC_MMU_2_07:
>      case POWERPC_MMU_2_07a:
>          return ppc_hash64_get_phys_page_debug(cpu, addr);
> +    case POWERPC_MMU_3_00:
> +        if (ppc64_radix_guest(ppc_env_get_cpu(env))) {
> +            /* TODO - Unsupported */
> +        } else {
> +            if (ppc64_use_proc_tbl(ppc_env_get_cpu(env))) {
> +                /* TODO - Unsupported */
> +            } else {
> +                return ppc_hash64_get_phys_page_debug(cpu, addr);
> +            }
> +        }
> +        break;
>  #endif
>  
>      case POWERPC_MMU_32B:
> @@ -2913,3 +2937,19 @@ void tlb_fill(CPUState *cs, target_ulong addr, MMUAccessType access_type,
>                                 retaddr);
>      }
>  }
> +
> +/******************************************************************************/
> +
> +/* ISA v3.00 (POWER9) Generic MMU Helpers */
> +
> +int ppc64_v3_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr, int rwx,
> +                              int mmu_idx)
> +{
> +    if (ppc64_radix_guest(cpu)) { /* Guest uses radix */
> +        /* TODO - Unsupported */
> +        error_report("Guest Radix Support Unimplemented");
> +        abort();
> +    } else { /* Guest uses hash */
> +        return ppc_hash64_handle_mmu_fault(cpu, eaddr, rwx, mmu_idx);
> +    }
> +}
> diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
> index f401d31..a3a23d8 100644
> --- a/target/ppc/translate_init.c
> +++ b/target/ppc/translate_init.c
> @@ -8829,7 +8829,7 @@ POWERPC_FAMILY(POWER9)(ObjectClass *oc, void *data)
>                      (1ull << MSR_LE);
>      pcc->mmu_model = POWERPC_MMU_3_00;
>  #if defined(CONFIG_SOFTMMU)
> -    pcc->handle_mmu_fault = ppc_hash64_handle_mmu_fault;
> +    pcc->handle_mmu_fault = ppc64_v3_handle_mmu_fault;
>      /* segment page size remain the same */
>      pcc->sps = &POWER7_POWER8_sps;
>  #endif

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: [Qemu-devel] [QEMU-PPC] [PATCH V2 08/10] target/ppc/POWER9: Add POWER9 pa-features definition

[David Gibson]

[-- Attachment #1: Type: text/plain, Size: 2313 bytes --]

On Fri, Feb 10, 2017 at 04:25:58PM +1100, Suraj Jitindar Singh wrote:
> Add a pa-features definition which includes all of the new fields which
> have been added, note we don't claim support for any of these new features
> at this stage.
> 
> Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

> ---
>  hw/ppc/spapr.c | 18 ++++++++++++++++++
>  1 file changed, 18 insertions(+)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 057adae..44eb014 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -356,6 +356,20 @@ static void spapr_populate_pa_features(CPUPPCState *env, void *fdt, int offset)
>          0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
>          0x00, 0x00, 0x00, 0x00, 0x80, 0x00,
>          0x80, 0x00, 0x80, 0x00, 0x00, 0x00 };
> +    /* Currently we don't advertise any of the "new" ISAv3.00 functionality */
> +    uint8_t pa_features_300[] = { 64, 0,
> +        0xf6, 0x1f, 0xc7, 0xc0, 0x80, 0xf0, /*  0 -  5 */
> +        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, /*  6 - 11 */
> +        0x00, 0x00, 0x00, 0x00, 0x80, 0x00, /* 12 - 17 */
> +        0x80, 0x00, 0x80, 0x00, 0x00, 0x00, /* 18 - 23 */
> +        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 24 - 29 */
> +        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 30 - 35 */
> +        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 36 - 41 */
> +        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 42 - 47 */
> +        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 48 - 53 */
> +        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 54 - 59 */
> +        0x00, 0x00, 0x00, 0x00           }; /* 60 - 63 */
> +
>      uint8_t *pa_features;
>      size_t pa_size;
>  
> @@ -370,6 +384,10 @@ static void spapr_populate_pa_features(CPUPPCState *env, void *fdt, int offset)
>          pa_features = pa_features_207;
>          pa_size = sizeof(pa_features_207);
>          break;
> +    case POWERPC_MMU_3_00:
> +        pa_features = pa_features_300;
> +        pa_size = sizeof(pa_features_300);
> +        break;
>      default:
>          return;
>      }

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: [Qemu-devel] [QEMU-PPC] [PATCH V2 09/10] target/ppc/POWER9: Add cpu_has_work function for POWER9

[David Gibson]

[-- Attachment #1: Type: text/plain, Size: 3524 bytes --]

On Fri, Feb 10, 2017 at 04:25:59PM +1100, Suraj Jitindar Singh wrote:
> The cpu has work function is used to mask interrupts used to determine
> if there is work for the cpu based on the LPCR. Add a function to do this
> for POWER9 and add it to the POWER9 cpu definition. This is similar to that
> for POWER8 except using the LPCR bits as defined for POWER9.
> 
> Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

> ---
>  target/ppc/translate_init.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 45 insertions(+)
> 
> diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
> index a3a23d8..cc8ab1f 100644
> --- a/target/ppc/translate_init.c
> +++ b/target/ppc/translate_init.c
> @@ -8776,10 +8776,54 @@ static bool ppc_pvr_match_power9(PowerPCCPUClass *pcc, uint32_t pvr)
>      return false;
>  }
>  
> +static bool cpu_has_work_POWER9(CPUState *cs)
> +{
> +    PowerPCCPU *cpu = POWERPC_CPU(cs);
> +    CPUPPCState *env = &cpu->env;
> +
> +    if (cs->halted) {
> +        if (!(cs->interrupt_request & CPU_INTERRUPT_HARD)) {
> +            return false;
> +        }
> +        /* External Exception */
> +        if ((env->pending_interrupts & (1u << PPC_INTERRUPT_EXT)) &&
> +            (env->spr[SPR_LPCR] & LPCR_EEE)) {
> +            return true;
> +        }
> +        /* Decrementer Exception */
> +        if ((env->pending_interrupts & (1u << PPC_INTERRUPT_DECR)) &&
> +            (env->spr[SPR_LPCR] & LPCR_DEE)) {
> +            return true;
> +        }
> +        /* Machine Check or Hypervisor Maintenance Exception */
> +        if ((env->pending_interrupts & (1u << PPC_INTERRUPT_MCK |
> +            1u << PPC_INTERRUPT_HMI)) && (env->spr[SPR_LPCR] & LPCR_OEE)) {
> +            return true;
> +        }
> +        /* Privileged Doorbell Exception */
> +        if ((env->pending_interrupts & (1u << PPC_INTERRUPT_DOORBELL)) &&
> +            (env->spr[SPR_LPCR] & LPCR_PDEE)) {
> +            return true;
> +        }
> +        /* Hypervisor Doorbell Exception */
> +        if ((env->pending_interrupts & (1u << PPC_INTERRUPT_HDOORBELL)) &&
> +            (env->spr[SPR_LPCR] & LPCR_HDEE)) {
> +            return true;
> +        }
> +        if (env->pending_interrupts & (1u << PPC_INTERRUPT_RESET)) {
> +            return true;
> +        }
> +        return false;
> +    } else {
> +        return msr_ee && (cs->interrupt_request & CPU_INTERRUPT_HARD);
> +    }
> +}
> +
>  POWERPC_FAMILY(POWER9)(ObjectClass *oc, void *data)
>  {
>      DeviceClass *dc = DEVICE_CLASS(oc);
>      PowerPCCPUClass *pcc = POWERPC_CPU_CLASS(oc);
> +    CPUClass *cc = CPU_CLASS(oc);
>  
>      dc->fw_name = "PowerPC,POWER9";
>      dc->desc = "POWER9";
> @@ -8790,6 +8834,7 @@ POWERPC_FAMILY(POWER9)(ObjectClass *oc, void *data)
>                           PCR_COMPAT_2_05;
>      pcc->init_proc = init_proc_POWER9;
>      pcc->check_pow = check_pow_nocheck;
> +    cc->has_work = cpu_has_work_POWER9;
>      pcc->insns_flags = PPC_INSNS_BASE | PPC_ISEL | PPC_STRING | PPC_MFTB |
>                         PPC_FLOAT | PPC_FLOAT_FSEL | PPC_FLOAT_FRES |
>                         PPC_FLOAT_FSQRT | PPC_FLOAT_FRSQRTE |

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: [Qemu-devel] [QEMU-PPC] [PATCH V2 10/10] hw/ppc/spapr: Add POWER9 to pseries cpu models

[David Gibson]

[-- Attachment #1: Type: text/plain, Size: 1169 bytes --]

On Fri, Feb 10, 2017 at 04:26:00PM +1100, Suraj Jitindar Singh wrote:
> Add POWER9 cpu to list of spapr core models which allows it to be specified
> as the cpu model for a pseries guest (e.g. -machine pseries -cpu POWER9).
> 
> This now allows a POWER9 cpu to boot to userspace in tcg emulation for a
> pseries machine with a legacy kernel.
> 
> Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

> ---
>  hw/ppc/spapr_cpu_core.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
> index 9dddaeb..71253f9 100644
> --- a/hw/ppc/spapr_cpu_core.c
> +++ b/hw/ppc/spapr_cpu_core.c
> @@ -360,6 +360,9 @@ static const char *spapr_core_models[] = {
>  
>      /* POWER8NVL */
>      "POWER8NVL_v1.0",
> +
> +    /* POWER9 */
> +    "POWER9_v1.0",
>  };
>  
>  void spapr_cpu_core_class_init(ObjectClass *oc, void *data)

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: [Qemu-devel] [QEMU-PPC] [PATCH V2 00/10] target/ppc: Implement POWER9 pseries tcg

[David Gibson]

[-- Attachment #1: Type: text/plain, Size: 3461 bytes --]

On Fri, Feb 10, 2017 at 04:25:50PM +1100, Suraj Jitindar Singh wrote:
> This is V2 of the patch series to implement tcg emulation support for a
> POWER9 cpu model for the pseries machine type running a legacy kernel.
> That is a kernel which doesn't use the new radix mmu mode or the new hash
> mmu mode with segment tables.
> 
> To use a POWER9 cpu provide the command line option "-cpu POWER9".
> 
> This series attempts to avoid precluding KVM-HV support for the POWER9
> cpu model but doesn't attempt to support KVM-PR or the powernv machine
> for the POWER9 cpu model as these aren't currently supported or
> implemented and further code changes will be required in the event these
> are implemented.
> 
> This series will be followed shortly by one to implement radix support and
> currently trying to boot a kernel with support for radix with this series
> will fail on the H_REGISTER_PROCESS_TABLE hcall.

I've applied 1-4 to ppc-for-2.9.  That leaves something rather
incomplete, but then that's pretty much already true for our POWER9
support.

> 
> The changes from V1 are as follows:
> 
>  - Drop patches which have already been merged.
>  - Instead of allocating a whole partition table we allocate a single
>    entry in the sPAPRMachineState and access it via the virtual hypv.
>  - Changes to how we handle SDR1 and renaming of associated functions.
>  - Drop patch to use the new pte format, guest kernels expect the old
>    format anyway, so this will only be applicable when POWER9 powernv
>    support is added, so delay adding support for this until then.
>  - Rename the mmu fault handler to ppc64_v3_handle_mmu_fault.
>  - Move segment table searching into the fault handler instead of in
>    slb_lookup().
>  - Move adding the POWER9 pseries cpu model to the end of the series.
> 
> Suraj Jitindar Singh (10):
>   target/ppc/POWER9: Add ISAv3.00 MMU definition
>   target/ppc: Fix LPCR DPFD mask define
>   target/ppc/POWER9: Adapt LPCR handling for POWER9
>   target/ppc/POWER9: Direct all instr and data storage interrupts to the
>     hypv
>   target/ppc: Add patb_entry to sPAPRMachineState
>   target/ppc: Don't use SDR1 when running under a POWER9 cpu model
>   target/ppc/POWER9: Add POWER9 mmu fault handler
>   target/ppc/POWER9: Add POWER9 pa-features definition
>   target/ppc/POWER9: Add cpu_has_work function for POWER9
>   hw/ppc/spapr: Add POWER9 to pseries cpu models
> 
>  hw/ppc/spapr.c              | 37 ++++++++++++++++++
>  hw/ppc/spapr_cpu_core.c     |  3 ++
>  include/hw/ppc/spapr.h      |  1 +
>  target/ppc/cpu-qom.h        |  5 ++-
>  target/ppc/cpu.h            | 24 +++++++++++-
>  target/ppc/kvm.c            |  2 +-
>  target/ppc/machine.c        |  4 +-
>  target/ppc/misc_helper.c    |  3 +-
>  target/ppc/mmu-hash64.c     | 49 +++++++++++++++++++++---
>  target/ppc/mmu-hash64.h     |  2 +-
>  target/ppc/mmu.h            | 50 +++++++++++++++++++++++++
>  target/ppc/mmu_helper.c     | 54 +++++++++++++++++++++++++--
>  target/ppc/translate.c      |  7 +++-
>  target/ppc/translate_init.c | 91 +++++++++++++++++++++++++++++++++++++++------
>  14 files changed, 302 insertions(+), 30 deletions(-)
>  create mode 100644 target/ppc/mmu.h
> 

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]