Re: What's the correct way to implement rfi and related instruction.

From: "Cédric Le Goater" <clg@kaod.org>
To: <luoyonggang@gmail.com>
Cc: Thomas Monjalon <thomas@monjalon.net>,
	qemu-ppc@nongnu.org, qemu-level <qemu-devel@nongnu.org>,
	Aurelien Jarno <aurelien@aurel32.net>,
	David Gibson <david@gibson.dropbear.id.au>
Subject: Re: What's the correct way to implement rfi and related instruction.
Date: Fri, 8 Jan 2021 11:02:29 +0100	[thread overview]
Message-ID: <ef0eb70c-5b56-9850-2ad3-f12591cd6b4b@kaod.org> (raw)
In-Reply-To: <CAE2XoE-Fc3Tc51uiDN70_6suHPwczdp9EcS_LirLK-txzgS+yw@mail.gmail.com>

On 1/8/21 5:21 AM, 罗勇刚(Yonggang Luo) wrote:
> 
> 
> On Fri, Jan 8, 2021 at 5:54 AM Cédric Le Goater <clg@kaod.org <mailto:clg@kaod.org>> wrote:
>>
>> On 1/7/21 8:14 PM, 罗勇刚(Yonggang Luo) wrote:
>> > This is the first patch,:
>> > It's store MSR bits differntly for different rfi instructions:
>> > [Qemu-devel] [PATCH] target-ppc: fix RFI by clearing some bits of MSR
>> > https://lists.gnu.org/archive/html/qemu-devel/2010-05/msg02999.html <https://lists.gnu.org/archive/html/qemu-devel/2010-05/msg02999.html> <https://lists.gnu.org/archive/html/qemu-devel/2010-05/msg02999.html <https://lists.gnu.org/archive/html/qemu-devel/2010-05/msg02999.html>>
>> > Comes from  target-ppc: fix RFI by clearing some bits of MSR
>> > SHA-1: c3d420ead1aee9fcfd12be11cbdf6b1620134773
>> >  target-ppc/op_helper.c | 6 +++---
>> >  1 file changed, 3 insertions(+), 3 deletions(-)
>> > ```
>> > diff --git a/target-ppc/op_helper.c b/target-ppc/op_helper.c
>> > index 8f2ee986bb..3c3aa60bc3 100644
>> > --- a/target-ppc/op_helper.c
>> > +++ b/target-ppc/op_helper.c
>> > @@ -1646,20 +1646,20 @@ static inline void do_rfi(target_ulong nip, target_ulong msr,
>> >  void helper_rfi (void)
>> >  {
>> >      do_rfi(env->spr[SPR_SRR0], env->spr[SPR_SRR1],
>> > -           ~((target_ulong)0x0), 1);
>> > +           ~((target_ulong)0x783F0000), 1);
>> >  }
>> >  
>> >  #if defined(TARGET_PPC64)
>> >  void helper_rfid (void)
>> >  {
>> >      do_rfi(env->spr[SPR_SRR0], env->spr[SPR_SRR1],
>> > -           ~((target_ulong)0x0), 0);
>> > +           ~((target_ulong)0x783F0000), 0);
>> >  }
>> >  
>> >  void helper_hrfid (void)
>> >  {
>> >      do_rfi(env->spr[SPR_HSRR0], env->spr[SPR_HSRR1],
>> > -           ~((target_ulong)0x0), 0);
>> > +           ~((target_ulong)0x783F0000), 0);
>> >  }
>> >  #endif
>> >  #endif
>> > ```
>> >
>> > This is the second patch,:
>> > it's remove the parameter  `target_ulong msrm, int keep_msrh`
>> > Comes from ppc: Fix rfi/rfid/hrfi/... emulation
>> > SHA-1: a2e71b28e832346409efc795ecd1f0a2bcb705a3
>> > ```
>> >  target-ppc/excp_helper.c | 51 +++++++++++++++++++-----------------------------
>> >  1 file changed, 20 insertions(+), 31 deletions(-)
>> >
>> > diff --git a/target-ppc/excp_helper.c b/target-ppc/excp_helper.c
>> > index 30e960e30b..aa0b63f4b0 100644
>> > --- a/target-ppc/excp_helper.c
>> > +++ b/target-ppc/excp_helper.c
>> > @@ -922,25 +922,20 @@ void helper_store_msr(CPUPPCState *env, target_ulong val)
>> >      }
>> >  }
>> >  
>> > -static inline void do_rfi(CPUPPCState *env, target_ulong nip, target_ulong msr,
>> > -                          target_ulong msrm, int keep_msrh)
>> > +static inline void do_rfi(CPUPPCState *env, target_ulong nip, target_ulong msr)
>> >  {
>> >      CPUState *cs = CPU(ppc_env_get_cpu(env));
>> >  
>> > +    /* MSR:POW cannot be set by any form of rfi */
>> > +    msr &= ~(1ULL << MSR_POW);
>> > +
>> >  #if defined(TARGET_PPC64)
>> > -    if (msr_is_64bit(env, msr)) {
>> > -        nip = (uint64_t)nip;
>> > -        msr &= (uint64_t)msrm;
>> > -    } else {
>> > +    /* Switching to 32-bit ? Crop the nip */
>> > +    if (!msr_is_64bit(env, msr)) {
>> >          nip = (uint32_t)nip;
>> > -        msr = (uint32_t)(msr & msrm);
>> > -        if (keep_msrh) {
>> > -            msr |= env->msr & ~((uint64_t)0xFFFFFFFF);
>> > -        }
>> >      }
>> >  #else
>> >      nip = (uint32_t)nip;
>> > -    msr &= (uint32_t)msrm;
>> >  #endif
>> >      /* XXX: beware: this is false if VLE is supported */
>> >      env->nip = nip & ~((target_ulong)0x00000003);
>> > @@ -959,26 +954,24 @@ static inline void do_rfi(CPUPPCState *env, target_ulong nip, target_ulong msr,
>> >  
>> >  void helper_rfi(CPUPPCState *env)
>> >  {
>> > -    if (env->excp_model == POWERPC_EXCP_BOOKE) {
>> > -        do_rfi(env, env->spr[SPR_SRR0], env->spr[SPR_SRR1],
>> > -               ~((target_ulong)0), 0);
>> > -    } else {
>> > -        do_rfi(env, env->spr[SPR_SRR0], env->spr[SPR_SRR1],
>> > -               ~((target_ulong)0x783F0000), 1);
>> > -    }
>> > +    do_rfi(env, env->spr[SPR_SRR0], env->spr[SPR_SRR1] & 0xfffffffful);
>> >  }
>> >  
>> > +#define MSR_BOOK3S_MASK
>> >  #if defined(TARGET_PPC64)
>> >  void helper_rfid(CPUPPCState *env)
>> >  {
>> > -    do_rfi(env, env->spr[SPR_SRR0], env->spr[SPR_SRR1],
>> > -           ~((target_ulong)0x783F0000), 0);
>> > +    /* The architeture defines a number of rules for which bits
>> > +     * can change but in practice, we handle this in hreg_store_msr()
>> > +     * which will be called by do_rfi(), so there is no need to filter
>> > +     * here
>> > +     */
>> > +    do_rfi(env, env->spr[SPR_SRR0], env->spr[SPR_SRR1]);
>> >  }
>> >  
>> >  void helper_hrfid(CPUPPCState *env)
>> >  {
>> > -    do_rfi(env, env->spr[SPR_HSRR0], env->spr[SPR_HSRR1],
>> > -           ~((target_ulong)0x783F0000), 0);
>> > +    do_rfi(env, env->spr[SPR_HSRR0], env->spr[SPR_HSRR1]);
>> >  }
>> >  #endif
>> >  
>> > @@ -986,28 +979,24 @@ void helper_hrfid(CPUPPCState *env)
>> >  /* Embedded PowerPC specific helpers */
>> >  void helper_40x_rfci(CPUPPCState *env)
>> >  {
>> > -    do_rfi(env, env->spr[SPR_40x_SRR2], env->spr[SPR_40x_SRR3],
>> > -           ~((target_ulong)0xFFFF0000), 0);
>> > +    do_rfi(env, env->spr[SPR_40x_SRR2], env->spr[SPR_40x_SRR3]);
>> >  }
>> >  
>> >  void helper_rfci(CPUPPCState *env)
>> >  {
>> > -    do_rfi(env, env->spr[SPR_BOOKE_CSRR0], env->spr[SPR_BOOKE_CSRR1],
>> > -           ~((target_ulong)0), 0);
>> > +    do_rfi(env, env->spr[SPR_BOOKE_CSRR0], env->spr[SPR_BOOKE_CSRR1]);
>> >  }
>> >  
>> >  void helper_rfdi(CPUPPCState *env)
>> >  {
>> >      /* FIXME: choose CSRR1 or DSRR1 based on cpu type */
>> > -    do_rfi(env, env->spr[SPR_BOOKE_DSRR0], env->spr[SPR_BOOKE_DSRR1],
>> > -           ~((target_ulong)0), 0);
>> > +    do_rfi(env, env->spr[SPR_BOOKE_DSRR0], env->spr[SPR_BOOKE_DSRR1]);
>> >  }
>> >  
>> >  void helper_rfmci(CPUPPCState *env)
>> >  {
>> >      /* FIXME: choose CSRR1 or MCSRR1 based on cpu type */
>> > -    do_rfi(env, env->spr[SPR_BOOKE_MCSRR0], env->spr[SPR_BOOKE_MCSRR1],
>> > -           ~((target_ulong)0), 0);
>> > +    do_rfi(env, env->spr[SPR_BOOKE_MCSRR0], env->spr[SPR_BOOKE_MCSRR1]);
>> >  }
>> >  #endif
>> >  
>> > @@ -1045,7 +1034,7 @@ void helper_td(CPUPPCState *env, target_ulong arg1, target_ulong arg2,
>> >  
>> >  void helper_rfsvc(CPUPPCState *env)
>> >  {
>> > -    do_rfi(env, env->lr, env->ctr, 0x0000FFFF, 0);
>> > +    do_rfi(env, env->lr, env->ctr & 0x0000FFFF);
>> >  }
>> >  
>> >  /* Embedded.Processor Control */
>> > ```
>> >
>> > And of cause, the second patch fixes some problem, but also cause new problem,
>> > how to implement these instruction properly?
>>
>> What are the new problems  ?
>
>
> Before this patch, VxWorks can working, but after this, VxWorks can not boot anymore.

I suppose you did a bisect to reach this patch. 

Which QEMU machine is impacted ? Which CPU ? What are the symptoms ? 

Did you try to run with -d exec or -d in_asm to identify the exact
instruction ? 

From there, you could try to revert partially the patch above to 
fix the problem. 

Thanks,

C.