* [PATCH v3 00/16] target/ppc: Fix truncation of env->hflags
@ 2021-03-14 17:58 Richard Henderson
2021-03-14 17:58 ` [PATCH v3 01/16] target/ppc: Move helper_regs.h functions out-of-line Richard Henderson
` (15 more replies)
0 siblings, 16 replies; 20+ messages in thread
From: Richard Henderson @ 2021-03-14 17:58 UTC (permalink / raw)
To: qemu-devel; +Cc: ivan, qemu-ppc, david
Clean up everything that touches hflags, fixing quite a few
other bugs in the process.
Changes for v3:
* Fixes for linux-user, signal handling and startup.
-- Oops, the directory in which I did testing for v2
had a reduced set of targets.
Changes for v2:
* Do not put tcg internal state into migration, except to
retain backward compatibility.
* Do not touch anything in env in ppc_tr_init_disas_context.
* Do make sure that hflags contains everything that it should.
* Do verify that hflags is properly updated.
r~
Richard Henderson (16):
target/ppc: Move helper_regs.h functions out-of-line
target/ppc: Move 601 hflags adjustment to hreg_compute_hflags
target/ppc: Properly sync cpu state with new msr in cpu_load_old
target/ppc: Do not call hreg_compute_mem_idx after ppc_store_msr
target/ppc: Retain hflags_nmsr only for migration
target/ppc: Fix comment for MSR_FE{0,1}
target/ppc: Disconnect hflags from MSR
target/ppc: Reduce env->hflags to uint32_t
target/ppc: Put dbcr0 single-step bits into hflags
target/ppc: Create helper_scv
target/ppc: Put LPCR[GTSE] in hflags
target/ppc: Remove MSR_SA and MSR_AP from hflags
target/ppc: Remove env->immu_idx and env->dmmu_idx
hw/ppc: Use hreg_store_msr for msr updates
linux-user/ppc: Fix msr updates for signal handling
target/ppc: Validate hflags with CONFIG_DEBUG_TCG
target/ppc/cpu.h | 50 +++++-
target/ppc/helper.h | 1 +
target/ppc/helper_regs.h | 183 +--------------------
hw/ppc/pnv_core.c | 3 +-
hw/ppc/spapr_hcall.c | 3 +-
hw/ppc/spapr_rtas.c | 3 +-
linux-user/ppc/cpu_loop.c | 5 +-
linux-user/ppc/signal.c | 23 ++-
target/ppc/excp_helper.c | 9 ++
target/ppc/helper_regs.c | 272 ++++++++++++++++++++++++++++++++
target/ppc/int_helper.c | 1 +
target/ppc/machine.c | 27 ++--
target/ppc/mem_helper.c | 2 +-
target/ppc/misc_helper.c | 13 +-
target/ppc/mmu-hash64.c | 3 +
target/ppc/translate.c | 98 ++++--------
target/ppc/translate_init.c.inc | 4 +-
target/ppc/meson.build | 1 +
18 files changed, 411 insertions(+), 290 deletions(-)
create mode 100644 target/ppc/helper_regs.c
--
2.25.1
^ permalink raw reply [flat|nested] 20+ messages in thread
* [PATCH v3 01/16] target/ppc: Move helper_regs.h functions out-of-line
2021-03-14 17:58 [PATCH v3 00/16] target/ppc: Fix truncation of env->hflags Richard Henderson
@ 2021-03-14 17:58 ` Richard Henderson
2021-03-14 17:58 ` [PATCH v3 02/16] target/ppc: Move 601 hflags adjustment to hreg_compute_hflags Richard Henderson
` (14 subsequent siblings)
15 siblings, 0 replies; 20+ messages in thread
From: Richard Henderson @ 2021-03-14 17:58 UTC (permalink / raw)
To: qemu-devel; +Cc: ivan, qemu-ppc, david
Move the functions to a new file, helper_regs.c.
Note int_helper.c was relying on helper_regs.h to
indirectly include qemu/log.h.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/ppc/helper_regs.h | 184 ++----------------------------------
target/ppc/helper_regs.c | 197 +++++++++++++++++++++++++++++++++++++++
target/ppc/int_helper.c | 1 +
target/ppc/meson.build | 1 +
4 files changed, 207 insertions(+), 176 deletions(-)
create mode 100644 target/ppc/helper_regs.c
diff --git a/target/ppc/helper_regs.h b/target/ppc/helper_regs.h
index efcc903427..4148a442b3 100644
--- a/target/ppc/helper_regs.h
+++ b/target/ppc/helper_regs.h
@@ -20,184 +20,16 @@
#ifndef HELPER_REGS_H
#define HELPER_REGS_H
-#include "qemu/main-loop.h"
-#include "exec/exec-all.h"
-#include "sysemu/kvm.h"
+void hreg_swap_gpr_tgpr(CPUPPCState *env);
+void hreg_compute_mem_idx(CPUPPCState *env);
+void hreg_compute_hflags(CPUPPCState *env);
+void cpu_interrupt_exittb(CPUState *cs);
+int hreg_store_msr(CPUPPCState *env, target_ulong value, int alter_hv);
-/* Swap temporary saved registers with GPRs */
-static inline void hreg_swap_gpr_tgpr(CPUPPCState *env)
-{
- target_ulong tmp;
-
- tmp = env->gpr[0];
- env->gpr[0] = env->tgpr[0];
- env->tgpr[0] = tmp;
- tmp = env->gpr[1];
- env->gpr[1] = env->tgpr[1];
- env->tgpr[1] = tmp;
- tmp = env->gpr[2];
- env->gpr[2] = env->tgpr[2];
- env->tgpr[2] = tmp;
- tmp = env->gpr[3];
- env->gpr[3] = env->tgpr[3];
- env->tgpr[3] = tmp;
-}
-
-static inline void hreg_compute_mem_idx(CPUPPCState *env)
-{
- /*
- * This is our encoding for server processors. The architecture
- * specifies that there is no such thing as userspace with
- * translation off, however it appears that MacOS does it and some
- * 32-bit CPUs support it. Weird...
- *
- * 0 = Guest User space virtual mode
- * 1 = Guest Kernel space virtual mode
- * 2 = Guest User space real mode
- * 3 = Guest Kernel space real mode
- * 4 = HV User space virtual mode
- * 5 = HV Kernel space virtual mode
- * 6 = HV User space real mode
- * 7 = HV Kernel space real mode
- *
- * For BookE, we need 8 MMU modes as follow:
- *
- * 0 = AS 0 HV User space
- * 1 = AS 0 HV Kernel space
- * 2 = AS 1 HV User space
- * 3 = AS 1 HV Kernel space
- * 4 = AS 0 Guest User space
- * 5 = AS 0 Guest Kernel space
- * 6 = AS 1 Guest User space
- * 7 = AS 1 Guest Kernel space
- */
- if (env->mmu_model & POWERPC_MMU_BOOKE) {
- env->immu_idx = env->dmmu_idx = msr_pr ? 0 : 1;
- env->immu_idx += msr_is ? 2 : 0;
- env->dmmu_idx += msr_ds ? 2 : 0;
- env->immu_idx += msr_gs ? 4 : 0;
- env->dmmu_idx += msr_gs ? 4 : 0;
- } else {
- env->immu_idx = env->dmmu_idx = msr_pr ? 0 : 1;
- env->immu_idx += msr_ir ? 0 : 2;
- env->dmmu_idx += msr_dr ? 0 : 2;
- env->immu_idx += msr_hv ? 4 : 0;
- env->dmmu_idx += msr_hv ? 4 : 0;
- }
-}
-
-static inline void hreg_compute_hflags(CPUPPCState *env)
-{
- target_ulong hflags_mask;
-
- /* We 'forget' FE0 & FE1: we'll never generate imprecise exceptions */
- hflags_mask = (1 << MSR_VR) | (1 << MSR_AP) | (1 << MSR_SA) |
- (1 << MSR_PR) | (1 << MSR_FP) | (1 << MSR_SE) | (1 << MSR_BE) |
- (1 << MSR_LE) | (1 << MSR_VSX) | (1 << MSR_IR) | (1 << MSR_DR);
- hflags_mask |= (1ULL << MSR_CM) | (1ULL << MSR_SF) | MSR_HVB;
- hreg_compute_mem_idx(env);
- env->hflags = env->msr & hflags_mask;
- /* Merge with hflags coming from other registers */
- env->hflags |= env->hflags_nmsr;
-}
-
-static inline void cpu_interrupt_exittb(CPUState *cs)
-{
- if (!kvm_enabled()) {
- return;
- }
-
- if (!qemu_mutex_iothread_locked()) {
- qemu_mutex_lock_iothread();
- cpu_interrupt(cs, CPU_INTERRUPT_EXITTB);
- qemu_mutex_unlock_iothread();
- } else {
- cpu_interrupt(cs, CPU_INTERRUPT_EXITTB);
- }
-}
-
-static inline int hreg_store_msr(CPUPPCState *env, target_ulong value,
- int alter_hv)
-{
- int excp;
-#if !defined(CONFIG_USER_ONLY)
- CPUState *cs = env_cpu(env);
-#endif
-
- excp = 0;
- value &= env->msr_mask;
-#if !defined(CONFIG_USER_ONLY)
- /* Neither mtmsr nor guest state can alter HV */
- if (!alter_hv || !(env->msr & MSR_HVB)) {
- value &= ~MSR_HVB;
- value |= env->msr & MSR_HVB;
- }
- if (((value >> MSR_IR) & 1) != msr_ir ||
- ((value >> MSR_DR) & 1) != msr_dr) {
- cpu_interrupt_exittb(cs);
- }
- if ((env->mmu_model & POWERPC_MMU_BOOKE) &&
- ((value >> MSR_GS) & 1) != msr_gs) {
- cpu_interrupt_exittb(cs);
- }
- if (unlikely((env->flags & POWERPC_FLAG_TGPR) &&
- ((value ^ env->msr) & (1 << MSR_TGPR)))) {
- /* Swap temporary saved registers with GPRs */
- hreg_swap_gpr_tgpr(env);
- }
- if (unlikely((value >> MSR_EP) & 1) != msr_ep) {
- /* Change the exception prefix on PowerPC 601 */
- env->excp_prefix = ((value >> MSR_EP) & 1) * 0xFFF00000;
- }
- /*
- * If PR=1 then EE, IR and DR must be 1
- *
- * Note: We only enforce this on 64-bit server processors.
- * It appears that:
- * - 32-bit implementations supports PR=1 and EE/DR/IR=0 and MacOS
- * exploits it.
- * - 64-bit embedded implementations do not need any operation to be
- * performed when PR is set.
- */
- if (is_book3s_arch2x(env) && ((value >> MSR_PR) & 1)) {
- value |= (1 << MSR_EE) | (1 << MSR_DR) | (1 << MSR_IR);
- }
-#endif
- env->msr = value;
- hreg_compute_hflags(env);
-#if !defined(CONFIG_USER_ONLY)
- if (unlikely(msr_pow == 1)) {
- if (!env->pending_interrupts && (*env->check_pow)(env)) {
- cs->halted = 1;
- excp = EXCP_HALTED;
- }
- }
-#endif
-
- return excp;
-}
-
-#if !defined(CONFIG_USER_ONLY)
-static inline void check_tlb_flush(CPUPPCState *env, bool global)
-{
- CPUState *cs = env_cpu(env);
-
- /* Handle global flushes first */
- if (global && (env->tlb_need_flush & TLB_NEED_GLOBAL_FLUSH)) {
- env->tlb_need_flush &= ~TLB_NEED_GLOBAL_FLUSH;
- env->tlb_need_flush &= ~TLB_NEED_LOCAL_FLUSH;
- tlb_flush_all_cpus_synced(cs);
- return;
- }
-
- /* Then handle local ones */
- if (env->tlb_need_flush & TLB_NEED_LOCAL_FLUSH) {
- env->tlb_need_flush &= ~TLB_NEED_LOCAL_FLUSH;
- tlb_flush(cs);
- }
-}
-#else
+#ifdef CONFIG_USER_ONLY
static inline void check_tlb_flush(CPUPPCState *env, bool global) { }
+#else
+void check_tlb_flush(CPUPPCState *env, bool global);
#endif
#endif /* HELPER_REGS_H */
diff --git a/target/ppc/helper_regs.c b/target/ppc/helper_regs.c
new file mode 100644
index 0000000000..5e18232b84
--- /dev/null
+++ b/target/ppc/helper_regs.c
@@ -0,0 +1,197 @@
+/*
+ * PowerPC emulation special registers manipulation helpers for qemu.
+ *
+ * Copyright (c) 2003-2007 Jocelyn Mayer
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/main-loop.h"
+#include "exec/exec-all.h"
+#include "sysemu/kvm.h"
+#include "helper_regs.h"
+
+/* Swap temporary saved registers with GPRs */
+void hreg_swap_gpr_tgpr(CPUPPCState *env)
+{
+ target_ulong tmp;
+
+ tmp = env->gpr[0];
+ env->gpr[0] = env->tgpr[0];
+ env->tgpr[0] = tmp;
+ tmp = env->gpr[1];
+ env->gpr[1] = env->tgpr[1];
+ env->tgpr[1] = tmp;
+ tmp = env->gpr[2];
+ env->gpr[2] = env->tgpr[2];
+ env->tgpr[2] = tmp;
+ tmp = env->gpr[3];
+ env->gpr[3] = env->tgpr[3];
+ env->tgpr[3] = tmp;
+}
+
+void hreg_compute_mem_idx(CPUPPCState *env)
+{
+ /*
+ * This is our encoding for server processors. The architecture
+ * specifies that there is no such thing as userspace with
+ * translation off, however it appears that MacOS does it and some
+ * 32-bit CPUs support it. Weird...
+ *
+ * 0 = Guest User space virtual mode
+ * 1 = Guest Kernel space virtual mode
+ * 2 = Guest User space real mode
+ * 3 = Guest Kernel space real mode
+ * 4 = HV User space virtual mode
+ * 5 = HV Kernel space virtual mode
+ * 6 = HV User space real mode
+ * 7 = HV Kernel space real mode
+ *
+ * For BookE, we need 8 MMU modes as follow:
+ *
+ * 0 = AS 0 HV User space
+ * 1 = AS 0 HV Kernel space
+ * 2 = AS 1 HV User space
+ * 3 = AS 1 HV Kernel space
+ * 4 = AS 0 Guest User space
+ * 5 = AS 0 Guest Kernel space
+ * 6 = AS 1 Guest User space
+ * 7 = AS 1 Guest Kernel space
+ */
+ if (env->mmu_model & POWERPC_MMU_BOOKE) {
+ env->immu_idx = env->dmmu_idx = msr_pr ? 0 : 1;
+ env->immu_idx += msr_is ? 2 : 0;
+ env->dmmu_idx += msr_ds ? 2 : 0;
+ env->immu_idx += msr_gs ? 4 : 0;
+ env->dmmu_idx += msr_gs ? 4 : 0;
+ } else {
+ env->immu_idx = env->dmmu_idx = msr_pr ? 0 : 1;
+ env->immu_idx += msr_ir ? 0 : 2;
+ env->dmmu_idx += msr_dr ? 0 : 2;
+ env->immu_idx += msr_hv ? 4 : 0;
+ env->dmmu_idx += msr_hv ? 4 : 0;
+ }
+}
+
+void hreg_compute_hflags(CPUPPCState *env)
+{
+ target_ulong hflags_mask;
+
+ /* We 'forget' FE0 & FE1: we'll never generate imprecise exceptions */
+ hflags_mask = (1 << MSR_VR) | (1 << MSR_AP) | (1 << MSR_SA) |
+ (1 << MSR_PR) | (1 << MSR_FP) | (1 << MSR_SE) | (1 << MSR_BE) |
+ (1 << MSR_LE) | (1 << MSR_VSX) | (1 << MSR_IR) | (1 << MSR_DR);
+ hflags_mask |= (1ULL << MSR_CM) | (1ULL << MSR_SF) | MSR_HVB;
+ hreg_compute_mem_idx(env);
+ env->hflags = env->msr & hflags_mask;
+ /* Merge with hflags coming from other registers */
+ env->hflags |= env->hflags_nmsr;
+}
+
+void cpu_interrupt_exittb(CPUState *cs)
+{
+ if (!kvm_enabled()) {
+ return;
+ }
+
+ if (!qemu_mutex_iothread_locked()) {
+ qemu_mutex_lock_iothread();
+ cpu_interrupt(cs, CPU_INTERRUPT_EXITTB);
+ qemu_mutex_unlock_iothread();
+ } else {
+ cpu_interrupt(cs, CPU_INTERRUPT_EXITTB);
+ }
+}
+
+int hreg_store_msr(CPUPPCState *env, target_ulong value, int alter_hv)
+{
+ int excp;
+#if !defined(CONFIG_USER_ONLY)
+ CPUState *cs = env_cpu(env);
+#endif
+
+ excp = 0;
+ value &= env->msr_mask;
+#if !defined(CONFIG_USER_ONLY)
+ /* Neither mtmsr nor guest state can alter HV */
+ if (!alter_hv || !(env->msr & MSR_HVB)) {
+ value &= ~MSR_HVB;
+ value |= env->msr & MSR_HVB;
+ }
+ if (((value >> MSR_IR) & 1) != msr_ir ||
+ ((value >> MSR_DR) & 1) != msr_dr) {
+ cpu_interrupt_exittb(cs);
+ }
+ if ((env->mmu_model & POWERPC_MMU_BOOKE) &&
+ ((value >> MSR_GS) & 1) != msr_gs) {
+ cpu_interrupt_exittb(cs);
+ }
+ if (unlikely((env->flags & POWERPC_FLAG_TGPR) &&
+ ((value ^ env->msr) & (1 << MSR_TGPR)))) {
+ /* Swap temporary saved registers with GPRs */
+ hreg_swap_gpr_tgpr(env);
+ }
+ if (unlikely((value >> MSR_EP) & 1) != msr_ep) {
+ /* Change the exception prefix on PowerPC 601 */
+ env->excp_prefix = ((value >> MSR_EP) & 1) * 0xFFF00000;
+ }
+ /*
+ * If PR=1 then EE, IR and DR must be 1
+ *
+ * Note: We only enforce this on 64-bit server processors.
+ * It appears that:
+ * - 32-bit implementations supports PR=1 and EE/DR/IR=0 and MacOS
+ * exploits it.
+ * - 64-bit embedded implementations do not need any operation to be
+ * performed when PR is set.
+ */
+ if (is_book3s_arch2x(env) && ((value >> MSR_PR) & 1)) {
+ value |= (1 << MSR_EE) | (1 << MSR_DR) | (1 << MSR_IR);
+ }
+#endif
+ env->msr = value;
+ hreg_compute_hflags(env);
+#if !defined(CONFIG_USER_ONLY)
+ if (unlikely(msr_pow == 1)) {
+ if (!env->pending_interrupts && (*env->check_pow)(env)) {
+ cs->halted = 1;
+ excp = EXCP_HALTED;
+ }
+ }
+#endif
+
+ return excp;
+}
+
+#ifndef CONFIG_USER_ONLY
+void check_tlb_flush(CPUPPCState *env, bool global)
+{
+ CPUState *cs = env_cpu(env);
+
+ /* Handle global flushes first */
+ if (global && (env->tlb_need_flush & TLB_NEED_GLOBAL_FLUSH)) {
+ env->tlb_need_flush &= ~TLB_NEED_GLOBAL_FLUSH;
+ env->tlb_need_flush &= ~TLB_NEED_LOCAL_FLUSH;
+ tlb_flush_all_cpus_synced(cs);
+ return;
+ }
+
+ /* Then handle local ones */
+ if (env->tlb_need_flush & TLB_NEED_LOCAL_FLUSH) {
+ env->tlb_need_flush &= ~TLB_NEED_LOCAL_FLUSH;
+ tlb_flush(cs);
+ }
+}
+#endif
diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index 429de28494..a44c2d90ea 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -22,6 +22,7 @@
#include "internal.h"
#include "qemu/host-utils.h"
#include "qemu/main-loop.h"
+#include "qemu/log.h"
#include "exec/helper-proto.h"
#include "crypto/aes.h"
#include "fpu/softfloat.h"
diff --git a/target/ppc/meson.build b/target/ppc/meson.build
index bbfef90e08..4079d01ee3 100644
--- a/target/ppc/meson.build
+++ b/target/ppc/meson.build
@@ -6,6 +6,7 @@ ppc_ss.add(files(
'excp_helper.c',
'fpu_helper.c',
'gdbstub.c',
+ 'helper_regs.c',
'int_helper.c',
'mem_helper.c',
'misc_helper.c',
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v3 02/16] target/ppc: Move 601 hflags adjustment to hreg_compute_hflags
2021-03-14 17:58 [PATCH v3 00/16] target/ppc: Fix truncation of env->hflags Richard Henderson
2021-03-14 17:58 ` [PATCH v3 01/16] target/ppc: Move helper_regs.h functions out-of-line Richard Henderson
@ 2021-03-14 17:58 ` Richard Henderson
2021-03-14 17:58 ` [PATCH v3 03/16] target/ppc: Properly sync cpu state with new msr in cpu_load_old Richard Henderson
` (13 subsequent siblings)
15 siblings, 0 replies; 20+ messages in thread
From: Richard Henderson @ 2021-03-14 17:58 UTC (permalink / raw)
To: qemu-devel; +Cc: ivan, qemu-ppc, david
Keep all hflags computation in one place, as this will be
especially important later.
Introduce a new POWERPC_FLAG_HID0_LE bit to indicate when
LE should be taken from HID0. This appears to be set if
and only if POWERPC_FLAG_RTC_CLK is set, but we're not
short of bits and having both names will avoid confusion.
Note that this was the only user of hflags_nmsr, so we can
perform a straight assignment rather than mask and set.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/ppc/cpu.h | 2 ++
target/ppc/helper_regs.c | 13 +++++++++++--
target/ppc/misc_helper.c | 8 +++-----
target/ppc/translate_init.c.inc | 4 ++--
4 files changed, 18 insertions(+), 9 deletions(-)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index e73416da68..061d2eed1b 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -581,6 +581,8 @@ enum {
POWERPC_FLAG_TM = 0x00100000,
/* Has SCV (ISA 3.00) */
POWERPC_FLAG_SCV = 0x00200000,
+ /* Has HID0 for LE bit (601) */
+ POWERPC_FLAG_HID0_LE = 0x00400000,
};
/*****************************************************************************/
diff --git a/target/ppc/helper_regs.c b/target/ppc/helper_regs.c
index 5e18232b84..95b9aca61f 100644
--- a/target/ppc/helper_regs.c
+++ b/target/ppc/helper_regs.c
@@ -96,8 +96,17 @@ void hreg_compute_hflags(CPUPPCState *env)
hflags_mask |= (1ULL << MSR_CM) | (1ULL << MSR_SF) | MSR_HVB;
hreg_compute_mem_idx(env);
env->hflags = env->msr & hflags_mask;
- /* Merge with hflags coming from other registers */
- env->hflags |= env->hflags_nmsr;
+
+ if (env->flags & POWERPC_FLAG_HID0_LE) {
+ /*
+ * Note that MSR_LE is not set in env->msr_mask for this cpu,
+ * and so will never be set in msr or hflags at this point.
+ */
+ uint32_t le = extract32(env->spr[SPR_HID0], 3, 1);
+ env->hflags |= le << MSR_LE;
+ /* Retain for backward compatibility with migration. */
+ env->hflags_nmsr = le << MSR_LE;
+ }
}
void cpu_interrupt_exittb(CPUState *cs)
diff --git a/target/ppc/misc_helper.c b/target/ppc/misc_helper.c
index 5d6e0de396..63e3147eb4 100644
--- a/target/ppc/misc_helper.c
+++ b/target/ppc/misc_helper.c
@@ -194,16 +194,14 @@ void helper_store_hid0_601(CPUPPCState *env, target_ulong val)
target_ulong hid0;
hid0 = env->spr[SPR_HID0];
+ env->spr[SPR_HID0] = (uint32_t)val;
+
if ((val ^ hid0) & 0x00000008) {
/* Change current endianness */
- env->hflags &= ~(1 << MSR_LE);
- env->hflags_nmsr &= ~(1 << MSR_LE);
- env->hflags_nmsr |= (1 << MSR_LE) & (((val >> 3) & 1) << MSR_LE);
- env->hflags |= env->hflags_nmsr;
+ hreg_compute_hflags(env);
qemu_log("%s: set endianness to %c => " TARGET_FMT_lx "\n", __func__,
val & 0x8 ? 'l' : 'b', env->hflags);
}
- env->spr[SPR_HID0] = (uint32_t)val;
}
void helper_store_403_pbr(CPUPPCState *env, uint32_t num, target_ulong value)
diff --git a/target/ppc/translate_init.c.inc b/target/ppc/translate_init.c.inc
index c03a7c4f52..049d76cfd1 100644
--- a/target/ppc/translate_init.c.inc
+++ b/target/ppc/translate_init.c.inc
@@ -5441,7 +5441,7 @@ POWERPC_FAMILY(601)(ObjectClass *oc, void *data)
pcc->excp_model = POWERPC_EXCP_601;
pcc->bus_model = PPC_FLAGS_INPUT_6xx;
pcc->bfd_mach = bfd_mach_ppc_601;
- pcc->flags = POWERPC_FLAG_SE | POWERPC_FLAG_RTC_CLK;
+ pcc->flags = POWERPC_FLAG_SE | POWERPC_FLAG_RTC_CLK | POWERPC_FLAG_HID0_LE;
}
#define POWERPC_MSRR_601v (0x0000000000001040ULL)
@@ -5485,7 +5485,7 @@ POWERPC_FAMILY(601v)(ObjectClass *oc, void *data)
#endif
pcc->bus_model = PPC_FLAGS_INPUT_6xx;
pcc->bfd_mach = bfd_mach_ppc_601;
- pcc->flags = POWERPC_FLAG_SE | POWERPC_FLAG_RTC_CLK;
+ pcc->flags = POWERPC_FLAG_SE | POWERPC_FLAG_RTC_CLK | POWERPC_FLAG_HID0_LE;
}
static void init_proc_602(CPUPPCState *env)
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v3 03/16] target/ppc: Properly sync cpu state with new msr in cpu_load_old
2021-03-14 17:58 [PATCH v3 00/16] target/ppc: Fix truncation of env->hflags Richard Henderson
2021-03-14 17:58 ` [PATCH v3 01/16] target/ppc: Move helper_regs.h functions out-of-line Richard Henderson
2021-03-14 17:58 ` [PATCH v3 02/16] target/ppc: Move 601 hflags adjustment to hreg_compute_hflags Richard Henderson
@ 2021-03-14 17:58 ` Richard Henderson
2021-03-14 17:58 ` [PATCH v3 04/16] target/ppc: Do not call hreg_compute_mem_idx after ppc_store_msr Richard Henderson
` (12 subsequent siblings)
15 siblings, 0 replies; 20+ messages in thread
From: Richard Henderson @ 2021-03-14 17:58 UTC (permalink / raw)
To: qemu-devel; +Cc: ivan, qemu-ppc, david
Match cpu_post_load in using ppc_store_msr to set all of
the cpu state implied by the value of msr. Do not restore
hflags or hflags_nmsr, as we recompute them in ppc_store_msr.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/ppc/machine.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/target/ppc/machine.c b/target/ppc/machine.c
index 283db1d28a..87d7bffb86 100644
--- a/target/ppc/machine.c
+++ b/target/ppc/machine.c
@@ -21,6 +21,7 @@ static int cpu_load_old(QEMUFile *f, void *opaque, int version_id)
int32_t slb_nr;
#endif
target_ulong xer;
+ target_ulong msr;
for (i = 0; i < 32; i++) {
qemu_get_betls(f, &env->gpr[i]);
@@ -111,11 +112,19 @@ static int cpu_load_old(QEMUFile *f, void *opaque, int version_id)
qemu_get_betls(f, &env->ivpr_mask);
qemu_get_betls(f, &env->hreset_vector);
qemu_get_betls(f, &env->nip);
- qemu_get_betls(f, &env->hflags);
- qemu_get_betls(f, &env->hflags_nmsr);
+ qemu_get_sbetl(f); /* Discard unused hflags */
+ qemu_get_sbetl(f); /* Discard unused hflags_nmsr */
qemu_get_sbe32(f); /* Discard unused mmu_idx */
qemu_get_sbe32(f); /* Discard unused power_mode */
+ /*
+ * Invalidate all supported msr bits except MSR_TGPR/MSR_HVB
+ * before restoring. Note that this recomputes hflags and mem_idx.
+ */
+ msr = env->msr;
+ env->msr ^= env->msr_mask & ~((1ULL << MSR_TGPR) | MSR_HVB);
+ ppc_store_msr(env, msr);
+
/* Recompute mmu indices */
hreg_compute_mem_idx(env);
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v3 04/16] target/ppc: Do not call hreg_compute_mem_idx after ppc_store_msr
2021-03-14 17:58 [PATCH v3 00/16] target/ppc: Fix truncation of env->hflags Richard Henderson
` (2 preceding siblings ...)
2021-03-14 17:58 ` [PATCH v3 03/16] target/ppc: Properly sync cpu state with new msr in cpu_load_old Richard Henderson
@ 2021-03-14 17:58 ` Richard Henderson
2021-03-14 17:58 ` [PATCH v3 05/16] target/ppc: Retain hflags_nmsr only for migration Richard Henderson
` (11 subsequent siblings)
15 siblings, 0 replies; 20+ messages in thread
From: Richard Henderson @ 2021-03-14 17:58 UTC (permalink / raw)
To: qemu-devel; +Cc: ivan, qemu-ppc, david
In ppc_store_msr we call hreg_compute_hflags, which itself
calls hreg_compute_mem_idx. Rely on ppc_store_msr to update
everything required by the msr update.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/ppc/machine.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/target/ppc/machine.c b/target/ppc/machine.c
index 87d7bffb86..f6eeda9642 100644
--- a/target/ppc/machine.c
+++ b/target/ppc/machine.c
@@ -125,9 +125,6 @@ static int cpu_load_old(QEMUFile *f, void *opaque, int version_id)
env->msr ^= env->msr_mask & ~((1ULL << MSR_TGPR) | MSR_HVB);
ppc_store_msr(env, msr);
- /* Recompute mmu indices */
- hreg_compute_mem_idx(env);
-
return 0;
}
@@ -418,14 +415,12 @@ static int cpu_post_load(void *opaque, int version_id)
/*
* Invalidate all supported msr bits except MSR_TGPR/MSR_HVB
- * before restoring
+ * before restoring. Note that this recomputes hflags and mem_idx.
*/
msr = env->msr;
env->msr ^= env->msr_mask & ~((1ULL << MSR_TGPR) | MSR_HVB);
ppc_store_msr(env, msr);
- hreg_compute_mem_idx(env);
-
return 0;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v3 05/16] target/ppc: Retain hflags_nmsr only for migration
2021-03-14 17:58 [PATCH v3 00/16] target/ppc: Fix truncation of env->hflags Richard Henderson
` (3 preceding siblings ...)
2021-03-14 17:58 ` [PATCH v3 04/16] target/ppc: Do not call hreg_compute_mem_idx after ppc_store_msr Richard Henderson
@ 2021-03-14 17:58 ` Richard Henderson
2021-03-14 17:58 ` [PATCH v3 06/16] target/ppc: Fix comment for MSR_FE{0,1} Richard Henderson
` (10 subsequent siblings)
15 siblings, 0 replies; 20+ messages in thread
From: Richard Henderson @ 2021-03-14 17:58 UTC (permalink / raw)
To: qemu-devel; +Cc: ivan, qemu-ppc, david
We have eliminated all normal uses of hflags_nmsr. We need
not even compute it except when we want to migrate. Rename
the field to emphasize this.
Remove the fixme comment for migrating access_type. This value
is only ever used with the current executing instruction, and
is never live when the cpu is halted for migration.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/ppc/cpu.h | 4 ++--
target/ppc/helper_regs.c | 2 --
target/ppc/machine.c | 9 ++++++---
3 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 061d2eed1b..79c4033a42 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1105,8 +1105,8 @@ struct CPUPPCState {
#endif
/* These resources are used only in QEMU core */
- target_ulong hflags; /* hflags is MSR & HFLAGS_MASK */
- target_ulong hflags_nmsr; /* specific hflags, not coming from MSR */
+ target_ulong hflags;
+ target_ulong hflags_compat_nmsr; /* for migration compatibility */
int immu_idx; /* precomputed MMU index to speed up insn accesses */
int dmmu_idx; /* precomputed MMU index to speed up data accesses */
diff --git a/target/ppc/helper_regs.c b/target/ppc/helper_regs.c
index 95b9aca61f..a87e354ca2 100644
--- a/target/ppc/helper_regs.c
+++ b/target/ppc/helper_regs.c
@@ -104,8 +104,6 @@ void hreg_compute_hflags(CPUPPCState *env)
*/
uint32_t le = extract32(env->spr[SPR_HID0], 3, 1);
env->hflags |= le << MSR_LE;
- /* Retain for backward compatibility with migration. */
- env->hflags_nmsr = le << MSR_LE;
}
}
diff --git a/target/ppc/machine.c b/target/ppc/machine.c
index f6eeda9642..1f7a353c78 100644
--- a/target/ppc/machine.c
+++ b/target/ppc/machine.c
@@ -310,6 +310,10 @@ static int cpu_pre_save(void *opaque)
}
}
+ /* Retain migration compatibility for pre 6.0 for 601 machines. */
+ env->hflags_compat_nmsr = (env->flags & POWERPC_FLAG_HID0_LE
+ ? env->hflags & MSR_LE : 0);
+
return 0;
}
@@ -829,9 +833,8 @@ const VMStateDescription vmstate_ppc_cpu = {
/* Supervisor mode architected state */
VMSTATE_UINTTL(env.msr, PowerPCCPU),
- /* Internal state */
- VMSTATE_UINTTL(env.hflags_nmsr, PowerPCCPU),
- /* FIXME: access_type? */
+ /* Backward compatible internal state */
+ VMSTATE_UINTTL(env.hflags_compat_nmsr, PowerPCCPU),
/* Sanity checking */
VMSTATE_UINTTL_TEST(mig_msr_mask, PowerPCCPU, cpu_pre_2_8_migration),
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v3 06/16] target/ppc: Fix comment for MSR_FE{0,1}
2021-03-14 17:58 [PATCH v3 00/16] target/ppc: Fix truncation of env->hflags Richard Henderson
` (4 preceding siblings ...)
2021-03-14 17:58 ` [PATCH v3 05/16] target/ppc: Retain hflags_nmsr only for migration Richard Henderson
@ 2021-03-14 17:58 ` Richard Henderson
2021-03-14 17:58 ` [PATCH v3 07/16] target/ppc: Disconnect hflags from MSR Richard Henderson
` (9 subsequent siblings)
15 siblings, 0 replies; 20+ messages in thread
From: Richard Henderson @ 2021-03-14 17:58 UTC (permalink / raw)
To: qemu-devel; +Cc: ivan, qemu-ppc, david
As per hreg_compute_hflags:
We 'forget' FE0 & FE1: we'll never generate imprecise exceptions
remove the hflags marker from the respective comments.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/ppc/cpu.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 79c4033a42..fd13489dce 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -322,13 +322,13 @@ typedef struct ppc_v3_pate_t {
#define MSR_PR 14 /* Problem state hflags */
#define MSR_FP 13 /* Floating point available hflags */
#define MSR_ME 12 /* Machine check interrupt enable */
-#define MSR_FE0 11 /* Floating point exception mode 0 hflags */
+#define MSR_FE0 11 /* Floating point exception mode 0 */
#define MSR_SE 10 /* Single-step trace enable x hflags */
#define MSR_DWE 10 /* Debug wait enable on 405 x */
#define MSR_UBLE 10 /* User BTB lock enable on e500 x */
#define MSR_BE 9 /* Branch trace enable x hflags */
#define MSR_DE 9 /* Debug interrupts enable on embedded PowerPC x */
-#define MSR_FE1 8 /* Floating point exception mode 1 hflags */
+#define MSR_FE1 8 /* Floating point exception mode 1 */
#define MSR_AL 7 /* AL bit on POWER */
#define MSR_EP 6 /* Exception prefix on 601 */
#define MSR_IR 5 /* Instruction relocate */
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v3 07/16] target/ppc: Disconnect hflags from MSR
2021-03-14 17:58 [PATCH v3 00/16] target/ppc: Fix truncation of env->hflags Richard Henderson
` (5 preceding siblings ...)
2021-03-14 17:58 ` [PATCH v3 06/16] target/ppc: Fix comment for MSR_FE{0,1} Richard Henderson
@ 2021-03-14 17:58 ` Richard Henderson
2021-03-14 17:58 ` [PATCH v3 08/16] target/ppc: Reduce env->hflags to uint32_t Richard Henderson
` (8 subsequent siblings)
15 siblings, 0 replies; 20+ messages in thread
From: Richard Henderson @ 2021-03-14 17:58 UTC (permalink / raw)
To: qemu-devel; +Cc: ivan, qemu-ppc, david
Copying flags directly from msr has drawbacks: (1) msr bits
mean different things per cpu, (2) msr has 64 bits on 64 cpus
while tb->flags has only 32 bits.
Create a enum to define these bits. Document the origin of each bit.
This fixes the truncation of env->hflags to tb->flags, because we no
longer have hflags bits set above bit 31.
Most of the code in ppc_tr_init_disas_context is moved over to
hreg_compute_hflags. Some of it is simple extractions from msr,
some requires examining other cpu flags. Anything that is moved
becomes a simple extract from hflags in ppc_tr_init_disas_context.
Several existing bugs are left in ppc_tr_init_disas_context, where
additional changes are required -- to be addressed in future patches.
Remove a broken #if 0 block.
Reported-by: Ivan Warren <ivan@vmfacility.fr>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/ppc/cpu.h | 24 ++++++++++++++++++
target/ppc/helper_regs.c | 55 ++++++++++++++++++++++++++++++++--------
target/ppc/translate.c | 55 ++++++++++++----------------------------
3 files changed, 84 insertions(+), 50 deletions(-)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index fd13489dce..39f35b570c 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -585,6 +585,30 @@ enum {
POWERPC_FLAG_HID0_LE = 0x00400000,
};
+/*
+ * Bits for env->hflags.
+ *
+ * Most of these bits overlap with corresponding bits in MSR,
+ * but some come from other sources. Be cautious when modifying.
+ */
+enum {
+ HFLAGS_LE = 0, /* MSR_LE -- comes from elsewhere on 601 */
+ HFLAGS_HV = 1, /* computed from MSR_HV and other state */
+ HFLAGS_64 = 2, /* computed from MSR_CE and MSR_SF */
+ HFLAGS_PR = 3, /* MSR_PR */
+ HFLAGS_DR = 4, /* MSR_DR */
+ HFLAGS_IR = 5, /* MSR_IR */
+ HFLAGS_SPE = 6, /* from MSR_SPE if cpu has SPE; avoid overlap w/ MSR_VR */
+ HFLAGS_VSX = 7, /* from MSR_VSX if cpu has VSX; avoid overlap w/ MSR_AP */
+ HFLAGS_TM = 8, /* computed from MSR_TM */
+ HFLAGS_BE = 9, /* MSR_BE -- from elsewhere on embedded ppc */
+ HFLAGS_SE = 10, /* MSR_SE -- from elsewhere on embedded ppc */
+ HFLAGS_FP = 13, /* MSR_FP */
+ HFLAGS_SA = 22, /* MSR_SA */
+ HFLAGS_AP = 23, /* MSR_AP */
+ HFLAGS_VR = 25, /* MSR_VR if cpu has VRE */
+};
+
/*****************************************************************************/
/* Floating point status and control register */
#define FPSCR_DRN2 34 /* Decimal Floating-Point rounding control */
diff --git a/target/ppc/helper_regs.c b/target/ppc/helper_regs.c
index a87e354ca2..0a746bffd7 100644
--- a/target/ppc/helper_regs.c
+++ b/target/ppc/helper_regs.c
@@ -18,6 +18,7 @@
*/
#include "qemu/osdep.h"
+#include "cpu.h"
#include "qemu/main-loop.h"
#include "exec/exec-all.h"
#include "sysemu/kvm.h"
@@ -87,24 +88,56 @@ void hreg_compute_mem_idx(CPUPPCState *env)
void hreg_compute_hflags(CPUPPCState *env)
{
- target_ulong hflags_mask;
+ target_ulong msr = env->msr;
+ uint32_t ppc_flags = env->flags;
+ uint32_t hflags = 0;
+ uint32_t msr_mask;
- /* We 'forget' FE0 & FE1: we'll never generate imprecise exceptions */
- hflags_mask = (1 << MSR_VR) | (1 << MSR_AP) | (1 << MSR_SA) |
- (1 << MSR_PR) | (1 << MSR_FP) | (1 << MSR_SE) | (1 << MSR_BE) |
- (1 << MSR_LE) | (1 << MSR_VSX) | (1 << MSR_IR) | (1 << MSR_DR);
- hflags_mask |= (1ULL << MSR_CM) | (1ULL << MSR_SF) | MSR_HVB;
- hreg_compute_mem_idx(env);
- env->hflags = env->msr & hflags_mask;
+ /* Some bits come straight across from MSR. */
+ msr_mask = ((1 << MSR_LE) | (1 << MSR_PR) |
+ (1 << MSR_DR) | (1 << MSR_IR) |
+ (1 << MSR_FP) | (1 << MSR_SA) | (1 << MSR_AP));
- if (env->flags & POWERPC_FLAG_HID0_LE) {
+ if (ppc_flags & POWERPC_FLAG_HID0_LE) {
/*
* Note that MSR_LE is not set in env->msr_mask for this cpu,
- * and so will never be set in msr or hflags at this point.
+ * and so will never be set in msr.
*/
uint32_t le = extract32(env->spr[SPR_HID0], 3, 1);
- env->hflags |= le << MSR_LE;
+ hflags |= le << MSR_LE;
}
+
+ if (ppc_flags & POWERPC_FLAG_BE) {
+ msr_mask |= 1 << MSR_BE;
+ }
+ if (ppc_flags & POWERPC_FLAG_SE) {
+ msr_mask |= 1 << MSR_SE;
+ }
+
+ if (msr_is_64bit(env, msr)) {
+ hflags |= 1 << HFLAGS_64;
+ }
+ if ((ppc_flags & POWERPC_FLAG_SPE) && (msr & (1 << MSR_SPE))) {
+ hflags |= 1 << HFLAGS_SPE;
+ }
+ if (ppc_flags & POWERPC_FLAG_VRE) {
+ msr_mask |= 1 << MSR_VR;
+ }
+ if ((ppc_flags & POWERPC_FLAG_VSX) && (msr & (1 << MSR_VSX))) {
+ hflags |= 1 << HFLAGS_VSX;
+ }
+ if ((ppc_flags & POWERPC_FLAG_TM) && (msr & (1ull << MSR_TM))) {
+ hflags |= 1 << HFLAGS_TM;
+ }
+
+#ifndef CONFIG_USER_ONLY
+ if (!env->has_hv_mode || (msr & (1ull << MSR_HV))) {
+ hflags |= 1 << HFLAGS_HV;
+ }
+#endif
+
+ env->hflags = hflags | (msr & msr_mask);
+ hreg_compute_mem_idx(env);
}
void cpu_interrupt_exittb(CPUState *cs)
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 0984ce637b..a9325a12e5 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -7879,67 +7879,48 @@ static void ppc_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
{
DisasContext *ctx = container_of(dcbase, DisasContext, base);
CPUPPCState *env = cs->env_ptr;
+ uint32_t hflags = ctx->base.tb->flags;
int bound;
ctx->exception = POWERPC_EXCP_NONE;
ctx->spr_cb = env->spr_cb;
- ctx->pr = msr_pr;
+ ctx->pr = (hflags >> HFLAGS_PR) & 1;
ctx->mem_idx = env->dmmu_idx;
- ctx->dr = msr_dr;
-#if !defined(CONFIG_USER_ONLY)
- ctx->hv = msr_hv || !env->has_hv_mode;
-#endif
+ ctx->dr = (hflags >> HFLAGS_DR) & 1;
+ ctx->hv = (hflags >> HFLAGS_HV) & 1;
ctx->insns_flags = env->insns_flags;
ctx->insns_flags2 = env->insns_flags2;
ctx->access_type = -1;
ctx->need_access_type = !mmu_is_64bit(env->mmu_model);
- ctx->le_mode = !!(env->hflags & (1 << MSR_LE));
+ ctx->le_mode = (hflags >> HFLAGS_LE) & 1;
ctx->default_tcg_memop_mask = ctx->le_mode ? MO_LE : MO_BE;
ctx->flags = env->flags;
#if defined(TARGET_PPC64)
- ctx->sf_mode = msr_is_64bit(env, env->msr);
+ ctx->sf_mode = (hflags >> HFLAGS_64) & 1;
ctx->has_cfar = !!(env->flags & POWERPC_FLAG_CFAR);
#endif
ctx->lazy_tlb_flush = env->mmu_model == POWERPC_MMU_32B
|| env->mmu_model == POWERPC_MMU_601
|| env->mmu_model & POWERPC_MMU_64;
- ctx->fpu_enabled = !!msr_fp;
- if ((env->flags & POWERPC_FLAG_SPE) && msr_spe) {
- ctx->spe_enabled = !!msr_spe;
- } else {
- ctx->spe_enabled = false;
- }
- if ((env->flags & POWERPC_FLAG_VRE) && msr_vr) {
- ctx->altivec_enabled = !!msr_vr;
- } else {
- ctx->altivec_enabled = false;
- }
- if ((env->flags & POWERPC_FLAG_VSX) && msr_vsx) {
- ctx->vsx_enabled = !!msr_vsx;
- } else {
- ctx->vsx_enabled = false;
- }
+ ctx->fpu_enabled = (hflags >> HFLAGS_FP) & 1;
+ ctx->spe_enabled = (hflags >> HFLAGS_SPE) & 1;
+ ctx->altivec_enabled = (hflags >> HFLAGS_VR) & 1;
+ ctx->vsx_enabled = (hflags >> HFLAGS_VSX) & 1;
if ((env->flags & POWERPC_FLAG_SCV)
&& (env->spr[SPR_FSCR] & (1ull << FSCR_SCV))) {
ctx->scv_enabled = true;
} else {
ctx->scv_enabled = false;
}
-#if defined(TARGET_PPC64)
- if ((env->flags & POWERPC_FLAG_TM) && msr_tm) {
- ctx->tm_enabled = !!msr_tm;
- } else {
- ctx->tm_enabled = false;
- }
-#endif
+ ctx->tm_enabled = (hflags >> HFLAGS_TM) & 1;
ctx->gtse = !!(env->spr[SPR_LPCR] & LPCR_GTSE);
- if ((env->flags & POWERPC_FLAG_SE) && msr_se) {
- ctx->singlestep_enabled = CPU_SINGLE_STEP;
- } else {
- ctx->singlestep_enabled = 0;
+
+ ctx->singlestep_enabled = 0;
+ if ((hflags >> HFLAGS_SE) & 1) {
+ ctx->singlestep_enabled |= CPU_SINGLE_STEP;
}
- if ((env->flags & POWERPC_FLAG_BE) && msr_be) {
+ if ((hflags >> HFLAGS_BE) & 1) {
ctx->singlestep_enabled |= CPU_BRANCH_STEP;
}
if ((env->flags & POWERPC_FLAG_DE) && msr_de) {
@@ -7956,10 +7937,6 @@ static void ppc_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
if (unlikely(ctx->base.singlestep_enabled)) {
ctx->singlestep_enabled |= GDBSTUB_SINGLE_STEP;
}
-#if defined(DO_SINGLE_STEP) && 0
- /* Single step trace mode */
- msr_se = 1;
-#endif
bound = -(ctx->base.pc_first | TARGET_PAGE_MASK) / 4;
ctx->base.max_insns = MIN(ctx->base.max_insns, bound);
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v3 08/16] target/ppc: Reduce env->hflags to uint32_t
2021-03-14 17:58 [PATCH v3 00/16] target/ppc: Fix truncation of env->hflags Richard Henderson
` (6 preceding siblings ...)
2021-03-14 17:58 ` [PATCH v3 07/16] target/ppc: Disconnect hflags from MSR Richard Henderson
@ 2021-03-14 17:58 ` Richard Henderson
2021-03-14 17:58 ` [PATCH v3 09/16] target/ppc: Put dbcr0 single-step bits into hflags Richard Henderson
` (7 subsequent siblings)
15 siblings, 0 replies; 20+ messages in thread
From: Richard Henderson @ 2021-03-14 17:58 UTC (permalink / raw)
To: qemu-devel; +Cc: ivan, qemu-ppc, david
It will be stored in tb->flags, which is also uint32_t,
so let's use the correct size.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/ppc/cpu.h | 4 ++--
target/ppc/misc_helper.c | 2 +-
target/ppc/translate.c | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 39f35b570c..2abaf56869 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1128,8 +1128,8 @@ struct CPUPPCState {
bool resume_as_sreset;
#endif
- /* These resources are used only in QEMU core */
- target_ulong hflags;
+ /* These resources are used only in TCG */
+ uint32_t hflags;
target_ulong hflags_compat_nmsr; /* for migration compatibility */
int immu_idx; /* precomputed MMU index to speed up insn accesses */
int dmmu_idx; /* precomputed MMU index to speed up data accesses */
diff --git a/target/ppc/misc_helper.c b/target/ppc/misc_helper.c
index 63e3147eb4..b04b4d7c6e 100644
--- a/target/ppc/misc_helper.c
+++ b/target/ppc/misc_helper.c
@@ -199,7 +199,7 @@ void helper_store_hid0_601(CPUPPCState *env, target_ulong val)
if ((val ^ hid0) & 0x00000008) {
/* Change current endianness */
hreg_compute_hflags(env);
- qemu_log("%s: set endianness to %c => " TARGET_FMT_lx "\n", __func__,
+ qemu_log("%s: set endianness to %c => %08x\n", __func__,
val & 0x8 ? 'l' : 'b', env->hflags);
}
}
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index a9325a12e5..a85b890bb0 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -7657,7 +7657,7 @@ void ppc_cpu_dump_state(CPUState *cs, FILE *f, int flags)
env->nip, env->lr, env->ctr, cpu_read_xer(env),
cs->cpu_index);
qemu_fprintf(f, "MSR " TARGET_FMT_lx " HID0 " TARGET_FMT_lx " HF "
- TARGET_FMT_lx " iidx %d didx %d\n",
+ "%08x iidx %d didx %d\n",
env->msr, env->spr[SPR_HID0],
env->hflags, env->immu_idx, env->dmmu_idx);
#if !defined(NO_TIMER_DUMP)
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v3 09/16] target/ppc: Put dbcr0 single-step bits into hflags
2021-03-14 17:58 [PATCH v3 00/16] target/ppc: Fix truncation of env->hflags Richard Henderson
` (7 preceding siblings ...)
2021-03-14 17:58 ` [PATCH v3 08/16] target/ppc: Reduce env->hflags to uint32_t Richard Henderson
@ 2021-03-14 17:58 ` Richard Henderson
2021-03-14 17:59 ` [PATCH v3 10/16] target/ppc: Create helper_scv Richard Henderson
` (6 subsequent siblings)
15 siblings, 0 replies; 20+ messages in thread
From: Richard Henderson @ 2021-03-14 17:58 UTC (permalink / raw)
To: qemu-devel; +Cc: ivan, qemu-ppc, david
Because these bits were not in hflags, the code generated
for single-stepping on BookE was essentially random.
Recompute hflags when storing to dbcr0.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/ppc/helper_regs.c | 20 +++++++++++++++-----
target/ppc/misc_helper.c | 3 +++
target/ppc/translate.c | 11 -----------
3 files changed, 18 insertions(+), 16 deletions(-)
diff --git a/target/ppc/helper_regs.c b/target/ppc/helper_regs.c
index 0a746bffd7..c735540333 100644
--- a/target/ppc/helper_regs.c
+++ b/target/ppc/helper_regs.c
@@ -107,11 +107,21 @@ void hreg_compute_hflags(CPUPPCState *env)
hflags |= le << MSR_LE;
}
- if (ppc_flags & POWERPC_FLAG_BE) {
- msr_mask |= 1 << MSR_BE;
- }
- if (ppc_flags & POWERPC_FLAG_SE) {
- msr_mask |= 1 << MSR_SE;
+ if (ppc_flags & POWERPC_FLAG_DE) {
+ target_ulong dbcr0 = env->spr[SPR_BOOKE_DBCR0];
+ if (dbcr0 & DBCR0_ICMP) {
+ hflags |= 1 << HFLAGS_SE;
+ }
+ if (dbcr0 & DBCR0_BRT) {
+ hflags |= 1 << HFLAGS_BE;
+ }
+ } else {
+ if (ppc_flags & POWERPC_FLAG_BE) {
+ msr_mask |= 1 << MSR_BE;
+ }
+ if (ppc_flags & POWERPC_FLAG_SE) {
+ msr_mask |= 1 << MSR_SE;
+ }
}
if (msr_is_64bit(env, msr)) {
diff --git a/target/ppc/misc_helper.c b/target/ppc/misc_helper.c
index b04b4d7c6e..a5ee1fd63c 100644
--- a/target/ppc/misc_helper.c
+++ b/target/ppc/misc_helper.c
@@ -215,6 +215,9 @@ void helper_store_403_pbr(CPUPPCState *env, uint32_t num, target_ulong value)
void helper_store_40x_dbcr0(CPUPPCState *env, target_ulong val)
{
+ /* Bits 26 & 27 affect single-stepping */
+ hreg_compute_hflags(env);
+ /* Bits 28 & 29 affect reset or shutdown. */
store_40x_dbcr0(env, val);
}
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index a85b890bb0..7912495f28 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -7923,17 +7923,6 @@ static void ppc_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
if ((hflags >> HFLAGS_BE) & 1) {
ctx->singlestep_enabled |= CPU_BRANCH_STEP;
}
- if ((env->flags & POWERPC_FLAG_DE) && msr_de) {
- ctx->singlestep_enabled = 0;
- target_ulong dbcr0 = env->spr[SPR_BOOKE_DBCR0];
- if (dbcr0 & DBCR0_ICMP) {
- ctx->singlestep_enabled |= CPU_SINGLE_STEP;
- }
- if (dbcr0 & DBCR0_BRT) {
- ctx->singlestep_enabled |= CPU_BRANCH_STEP;
- }
-
- }
if (unlikely(ctx->base.singlestep_enabled)) {
ctx->singlestep_enabled |= GDBSTUB_SINGLE_STEP;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v3 10/16] target/ppc: Create helper_scv
2021-03-14 17:58 [PATCH v3 00/16] target/ppc: Fix truncation of env->hflags Richard Henderson
` (8 preceding siblings ...)
2021-03-14 17:58 ` [PATCH v3 09/16] target/ppc: Put dbcr0 single-step bits into hflags Richard Henderson
@ 2021-03-14 17:59 ` Richard Henderson
2021-03-14 17:59 ` [PATCH v3 11/16] target/ppc: Put LPCR[GTSE] in hflags Richard Henderson
` (5 subsequent siblings)
15 siblings, 0 replies; 20+ messages in thread
From: Richard Henderson @ 2021-03-14 17:59 UTC (permalink / raw)
To: qemu-devel; +Cc: ivan, qemu-ppc, david
Perform the test against FSCR_SCV at runtime, in the helper.
This means we can remove the incorrect set against SCV in
ppc_tr_init_disas_context and do not need to add an HFLAGS bit.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/ppc/helper.h | 1 +
target/ppc/excp_helper.c | 9 +++++++++
target/ppc/translate.c | 20 +++++++-------------
3 files changed, 17 insertions(+), 13 deletions(-)
diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 6a4dccf70c..513066d54d 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -13,6 +13,7 @@ DEF_HELPER_1(rfci, void, env)
DEF_HELPER_1(rfdi, void, env)
DEF_HELPER_1(rfmci, void, env)
#if defined(TARGET_PPC64)
+DEF_HELPER_2(scv, noreturn, env, i32)
DEF_HELPER_2(pminsn, void, env, i32)
DEF_HELPER_1(rfid, void, env)
DEF_HELPER_1(rfscv, void, env)
diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index 85de7e6c90..5c95e0c103 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -1130,6 +1130,15 @@ void helper_store_msr(CPUPPCState *env, target_ulong val)
}
#if defined(TARGET_PPC64)
+void helper_scv(CPUPPCState *env, uint32_t lev)
+{
+ if (env->spr[SPR_FSCR] & (1ull << FSCR_SCV)) {
+ raise_exception_err(env, POWERPC_EXCP_SYSCALL_VECTORED, lev);
+ } else {
+ raise_exception_err(env, POWERPC_EXCP_FU, FSCR_IC_SCV);
+ }
+}
+
void helper_pminsn(CPUPPCState *env, powerpc_pm_insn_t insn)
{
CPUState *cs;
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 7912495f28..d48c554290 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -173,7 +173,6 @@ struct DisasContext {
bool vsx_enabled;
bool spe_enabled;
bool tm_enabled;
- bool scv_enabled;
bool gtse;
ppc_spr_t *spr_cb; /* Needed to check rights for mfspr/mtspr */
int singlestep_enabled;
@@ -4081,15 +4080,16 @@ static void gen_sc(DisasContext *ctx)
#if !defined(CONFIG_USER_ONLY)
static void gen_scv(DisasContext *ctx)
{
- uint32_t lev;
+ uint32_t lev = (ctx->opcode >> 5) & 0x7F;
- if (unlikely(!ctx->scv_enabled)) {
- gen_exception_err(ctx, POWERPC_EXCP_FU, FSCR_IC_SCV);
- return;
+ /* Set the PC back to the faulting instruction. */
+ if (ctx->exception == POWERPC_EXCP_NONE) {
+ gen_update_nip(ctx, ctx->base.pc_next - 4);
}
+ gen_helper_scv(cpu_env, tcg_constant_i32(lev));
- lev = (ctx->opcode >> 5) & 0x7F;
- gen_exception_err(ctx, POWERPC_SYSCALL_VECTORED, lev);
+ /* This need not be exact, just not POWERPC_EXCP_NONE */
+ ctx->exception = POWERPC_SYSCALL_VECTORED;
}
#endif
#endif
@@ -7907,12 +7907,6 @@ static void ppc_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
ctx->spe_enabled = (hflags >> HFLAGS_SPE) & 1;
ctx->altivec_enabled = (hflags >> HFLAGS_VR) & 1;
ctx->vsx_enabled = (hflags >> HFLAGS_VSX) & 1;
- if ((env->flags & POWERPC_FLAG_SCV)
- && (env->spr[SPR_FSCR] & (1ull << FSCR_SCV))) {
- ctx->scv_enabled = true;
- } else {
- ctx->scv_enabled = false;
- }
ctx->tm_enabled = (hflags >> HFLAGS_TM) & 1;
ctx->gtse = !!(env->spr[SPR_LPCR] & LPCR_GTSE);
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v3 11/16] target/ppc: Put LPCR[GTSE] in hflags
2021-03-14 17:58 [PATCH v3 00/16] target/ppc: Fix truncation of env->hflags Richard Henderson
` (9 preceding siblings ...)
2021-03-14 17:59 ` [PATCH v3 10/16] target/ppc: Create helper_scv Richard Henderson
@ 2021-03-14 17:59 ` Richard Henderson
2021-03-14 17:59 ` [PATCH v3 12/16] target/ppc: Remove MSR_SA and MSR_AP from hflags Richard Henderson
` (4 subsequent siblings)
15 siblings, 0 replies; 20+ messages in thread
From: Richard Henderson @ 2021-03-14 17:59 UTC (permalink / raw)
To: qemu-devel; +Cc: ivan, qemu-ppc, david
Because this bit was not in hflags, the privilege check
for tlb instructions was essentially random.
Recompute hflags when storing to LPCR.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/ppc/cpu.h | 1 +
target/ppc/helper_regs.c | 3 +++
target/ppc/mmu-hash64.c | 3 +++
target/ppc/translate.c | 2 +-
4 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 2abaf56869..07a4331eec 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -603,6 +603,7 @@ enum {
HFLAGS_TM = 8, /* computed from MSR_TM */
HFLAGS_BE = 9, /* MSR_BE -- from elsewhere on embedded ppc */
HFLAGS_SE = 10, /* MSR_SE -- from elsewhere on embedded ppc */
+ HFLAGS_GTSE = 11, /* computed from SPR_LPCR[GTSE] */
HFLAGS_FP = 13, /* MSR_FP */
HFLAGS_SA = 22, /* MSR_SA */
HFLAGS_AP = 23, /* MSR_AP */
diff --git a/target/ppc/helper_regs.c b/target/ppc/helper_regs.c
index c735540333..8479789e24 100644
--- a/target/ppc/helper_regs.c
+++ b/target/ppc/helper_regs.c
@@ -139,6 +139,9 @@ void hreg_compute_hflags(CPUPPCState *env)
if ((ppc_flags & POWERPC_FLAG_TM) && (msr & (1ull << MSR_TM))) {
hflags |= 1 << HFLAGS_TM;
}
+ if (env->spr[SPR_LPCR] & LPCR_GTSE) {
+ hflags |= 1 << HFLAGS_GTSE;
+ }
#ifndef CONFIG_USER_ONLY
if (!env->has_hv_mode || (msr & (1ull << MSR_HV))) {
diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index 0fabc10302..d517a99832 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -30,6 +30,7 @@
#include "exec/log.h"
#include "hw/hw.h"
#include "mmu-book3s-v3.h"
+#include "helper_regs.h"
/* #define DEBUG_SLB */
@@ -1125,6 +1126,8 @@ void ppc_store_lpcr(PowerPCCPU *cpu, target_ulong val)
CPUPPCState *env = &cpu->env;
env->spr[SPR_LPCR] = val & pcc->lpcr_mask;
+ /* The gtse bit affects hflags */
+ hreg_compute_hflags(env);
}
void helper_store_lpcr(CPUPPCState *env, target_ulong val)
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index d48c554290..5e629291d3 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -7908,7 +7908,7 @@ static void ppc_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
ctx->altivec_enabled = (hflags >> HFLAGS_VR) & 1;
ctx->vsx_enabled = (hflags >> HFLAGS_VSX) & 1;
ctx->tm_enabled = (hflags >> HFLAGS_TM) & 1;
- ctx->gtse = !!(env->spr[SPR_LPCR] & LPCR_GTSE);
+ ctx->gtse = (hflags >> HFLAGS_GTSE) & 1;
ctx->singlestep_enabled = 0;
if ((hflags >> HFLAGS_SE) & 1) {
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v3 12/16] target/ppc: Remove MSR_SA and MSR_AP from hflags
2021-03-14 17:58 [PATCH v3 00/16] target/ppc: Fix truncation of env->hflags Richard Henderson
` (10 preceding siblings ...)
2021-03-14 17:59 ` [PATCH v3 11/16] target/ppc: Put LPCR[GTSE] in hflags Richard Henderson
@ 2021-03-14 17:59 ` Richard Henderson
2021-03-14 17:59 ` [PATCH v3 13/16] target/ppc: Remove env->immu_idx and env->dmmu_idx Richard Henderson
` (3 subsequent siblings)
15 siblings, 0 replies; 20+ messages in thread
From: Richard Henderson @ 2021-03-14 17:59 UTC (permalink / raw)
To: qemu-devel; +Cc: ivan, qemu-ppc, david
Nothing within the translator -- or anywhere else for that
matter -- checks MSR_SA or MSR_AP on the 602. This may be
a mistake. However, for the moment, we need not record these
bits in hflags.
This allows us to simplify HFLAGS_VSX computation by moving
it to overlap with MSR_VSX.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/ppc/cpu.h | 4 +---
target/ppc/helper_regs.c | 7 +++----
2 files changed, 4 insertions(+), 7 deletions(-)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 07a4331eec..23ff16c154 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -599,14 +599,12 @@ enum {
HFLAGS_DR = 4, /* MSR_DR */
HFLAGS_IR = 5, /* MSR_IR */
HFLAGS_SPE = 6, /* from MSR_SPE if cpu has SPE; avoid overlap w/ MSR_VR */
- HFLAGS_VSX = 7, /* from MSR_VSX if cpu has VSX; avoid overlap w/ MSR_AP */
HFLAGS_TM = 8, /* computed from MSR_TM */
HFLAGS_BE = 9, /* MSR_BE -- from elsewhere on embedded ppc */
HFLAGS_SE = 10, /* MSR_SE -- from elsewhere on embedded ppc */
HFLAGS_GTSE = 11, /* computed from SPR_LPCR[GTSE] */
HFLAGS_FP = 13, /* MSR_FP */
- HFLAGS_SA = 22, /* MSR_SA */
- HFLAGS_AP = 23, /* MSR_AP */
+ HFLAGS_VSX = 23, /* MSR_VSX if cpu has VSX */
HFLAGS_VR = 25, /* MSR_VR if cpu has VRE */
};
diff --git a/target/ppc/helper_regs.c b/target/ppc/helper_regs.c
index 8479789e24..d62921c322 100644
--- a/target/ppc/helper_regs.c
+++ b/target/ppc/helper_regs.c
@@ -95,8 +95,7 @@ void hreg_compute_hflags(CPUPPCState *env)
/* Some bits come straight across from MSR. */
msr_mask = ((1 << MSR_LE) | (1 << MSR_PR) |
- (1 << MSR_DR) | (1 << MSR_IR) |
- (1 << MSR_FP) | (1 << MSR_SA) | (1 << MSR_AP));
+ (1 << MSR_DR) | (1 << MSR_IR) | (1 << MSR_FP));
if (ppc_flags & POWERPC_FLAG_HID0_LE) {
/*
@@ -133,8 +132,8 @@ void hreg_compute_hflags(CPUPPCState *env)
if (ppc_flags & POWERPC_FLAG_VRE) {
msr_mask |= 1 << MSR_VR;
}
- if ((ppc_flags & POWERPC_FLAG_VSX) && (msr & (1 << MSR_VSX))) {
- hflags |= 1 << HFLAGS_VSX;
+ if (ppc_flags & POWERPC_FLAG_VSX) {
+ msr_mask |= 1 << MSR_VSX;
}
if ((ppc_flags & POWERPC_FLAG_TM) && (msr & (1ull << MSR_TM))) {
hflags |= 1 << HFLAGS_TM;
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v3 13/16] target/ppc: Remove env->immu_idx and env->dmmu_idx
2021-03-14 17:58 [PATCH v3 00/16] target/ppc: Fix truncation of env->hflags Richard Henderson
` (11 preceding siblings ...)
2021-03-14 17:59 ` [PATCH v3 12/16] target/ppc: Remove MSR_SA and MSR_AP from hflags Richard Henderson
@ 2021-03-14 17:59 ` Richard Henderson
2021-03-14 17:59 ` [PATCH v3 14/16] hw/ppc: Use hreg_store_msr for msr updates Richard Henderson
` (2 subsequent siblings)
15 siblings, 0 replies; 20+ messages in thread
From: Richard Henderson @ 2021-03-14 17:59 UTC (permalink / raw)
To: qemu-devel; +Cc: ivan, qemu-ppc, david
We weren't recording MSR_GS in hflags, which means that BookE
memory accesses were essentially random vs Guest State.
Instead of adding this bit directly, record the completed mmu
indexes instead. This makes it obvious that we are recording
exactly the information that we need.
This also means that we can stop directly recording MSR_IR.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/ppc/cpu.h | 12 ++++--
target/ppc/helper_regs.h | 1 -
target/ppc/helper_regs.c | 88 ++++++++++++++++++++--------------------
target/ppc/mem_helper.c | 2 +-
target/ppc/translate.c | 6 +--
5 files changed, 55 insertions(+), 54 deletions(-)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 23ff16c154..2f8d7fa13c 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -597,7 +597,6 @@ enum {
HFLAGS_64 = 2, /* computed from MSR_CE and MSR_SF */
HFLAGS_PR = 3, /* MSR_PR */
HFLAGS_DR = 4, /* MSR_DR */
- HFLAGS_IR = 5, /* MSR_IR */
HFLAGS_SPE = 6, /* from MSR_SPE if cpu has SPE; avoid overlap w/ MSR_VR */
HFLAGS_TM = 8, /* computed from MSR_TM */
HFLAGS_BE = 9, /* MSR_BE -- from elsewhere on embedded ppc */
@@ -606,6 +605,9 @@ enum {
HFLAGS_FP = 13, /* MSR_FP */
HFLAGS_VSX = 23, /* MSR_VSX if cpu has VSX */
HFLAGS_VR = 25, /* MSR_VR if cpu has VRE */
+
+ HFLAGS_IMMU_IDX = 26, /* 26..28 -- the composite immu_idx */
+ HFLAGS_DMMU_IDX = 29, /* 29..31 -- the composite dmmu_idx */
};
/*****************************************************************************/
@@ -1130,8 +1132,6 @@ struct CPUPPCState {
/* These resources are used only in TCG */
uint32_t hflags;
target_ulong hflags_compat_nmsr; /* for migration compatibility */
- int immu_idx; /* precomputed MMU index to speed up insn accesses */
- int dmmu_idx; /* precomputed MMU index to speed up data accesses */
/* Power management */
int (*check_pow)(CPUPPCState *env);
@@ -1367,7 +1367,11 @@ int ppc_dcr_write(ppc_dcr_t *dcr_env, int dcrn, uint32_t val);
#define MMU_USER_IDX 0
static inline int cpu_mmu_index(CPUPPCState *env, bool ifetch)
{
- return ifetch ? env->immu_idx : env->dmmu_idx;
+#ifdef CONFIG_USER_ONLY
+ return MMU_USER_IDX;
+#else
+ return (env->hflags >> (ifetch ? HFLAGS_IMMU_IDX : HFLAGS_DMMU_IDX)) & 7;
+#endif
}
/* Compatibility modes */
diff --git a/target/ppc/helper_regs.h b/target/ppc/helper_regs.h
index 4148a442b3..42f26870b9 100644
--- a/target/ppc/helper_regs.h
+++ b/target/ppc/helper_regs.h
@@ -21,7 +21,6 @@
#define HELPER_REGS_H
void hreg_swap_gpr_tgpr(CPUPPCState *env);
-void hreg_compute_mem_idx(CPUPPCState *env);
void hreg_compute_hflags(CPUPPCState *env);
void cpu_interrupt_exittb(CPUState *cs);
int hreg_store_msr(CPUPPCState *env, target_ulong value, int alter_hv);
diff --git a/target/ppc/helper_regs.c b/target/ppc/helper_regs.c
index d62921c322..b28037ca24 100644
--- a/target/ppc/helper_regs.c
+++ b/target/ppc/helper_regs.c
@@ -43,49 +43,6 @@ void hreg_swap_gpr_tgpr(CPUPPCState *env)
env->tgpr[3] = tmp;
}
-void hreg_compute_mem_idx(CPUPPCState *env)
-{
- /*
- * This is our encoding for server processors. The architecture
- * specifies that there is no such thing as userspace with
- * translation off, however it appears that MacOS does it and some
- * 32-bit CPUs support it. Weird...
- *
- * 0 = Guest User space virtual mode
- * 1 = Guest Kernel space virtual mode
- * 2 = Guest User space real mode
- * 3 = Guest Kernel space real mode
- * 4 = HV User space virtual mode
- * 5 = HV Kernel space virtual mode
- * 6 = HV User space real mode
- * 7 = HV Kernel space real mode
- *
- * For BookE, we need 8 MMU modes as follow:
- *
- * 0 = AS 0 HV User space
- * 1 = AS 0 HV Kernel space
- * 2 = AS 1 HV User space
- * 3 = AS 1 HV Kernel space
- * 4 = AS 0 Guest User space
- * 5 = AS 0 Guest Kernel space
- * 6 = AS 1 Guest User space
- * 7 = AS 1 Guest Kernel space
- */
- if (env->mmu_model & POWERPC_MMU_BOOKE) {
- env->immu_idx = env->dmmu_idx = msr_pr ? 0 : 1;
- env->immu_idx += msr_is ? 2 : 0;
- env->dmmu_idx += msr_ds ? 2 : 0;
- env->immu_idx += msr_gs ? 4 : 0;
- env->dmmu_idx += msr_gs ? 4 : 0;
- } else {
- env->immu_idx = env->dmmu_idx = msr_pr ? 0 : 1;
- env->immu_idx += msr_ir ? 0 : 2;
- env->dmmu_idx += msr_dr ? 0 : 2;
- env->immu_idx += msr_hv ? 4 : 0;
- env->dmmu_idx += msr_hv ? 4 : 0;
- }
-}
-
void hreg_compute_hflags(CPUPPCState *env)
{
target_ulong msr = env->msr;
@@ -95,7 +52,7 @@ void hreg_compute_hflags(CPUPPCState *env)
/* Some bits come straight across from MSR. */
msr_mask = ((1 << MSR_LE) | (1 << MSR_PR) |
- (1 << MSR_DR) | (1 << MSR_IR) | (1 << MSR_FP));
+ (1 << MSR_DR) | (1 << MSR_FP));
if (ppc_flags & POWERPC_FLAG_HID0_LE) {
/*
@@ -146,10 +103,51 @@ void hreg_compute_hflags(CPUPPCState *env)
if (!env->has_hv_mode || (msr & (1ull << MSR_HV))) {
hflags |= 1 << HFLAGS_HV;
}
+
+ /*
+ * This is our encoding for server processors. The architecture
+ * specifies that there is no such thing as userspace with
+ * translation off, however it appears that MacOS does it and some
+ * 32-bit CPUs support it. Weird...
+ *
+ * 0 = Guest User space virtual mode
+ * 1 = Guest Kernel space virtual mode
+ * 2 = Guest User space real mode
+ * 3 = Guest Kernel space real mode
+ * 4 = HV User space virtual mode
+ * 5 = HV Kernel space virtual mode
+ * 6 = HV User space real mode
+ * 7 = HV Kernel space real mode
+ *
+ * For BookE, we need 8 MMU modes as follow:
+ *
+ * 0 = AS 0 HV User space
+ * 1 = AS 0 HV Kernel space
+ * 2 = AS 1 HV User space
+ * 3 = AS 1 HV Kernel space
+ * 4 = AS 0 Guest User space
+ * 5 = AS 0 Guest Kernel space
+ * 6 = AS 1 Guest User space
+ * 7 = AS 1 Guest Kernel space
+ */
+ unsigned immu_idx, dmmu_idx;
+ dmmu_idx = msr & (1 << MSR_PR) ? 0 : 1;
+ if (env->mmu_model & POWERPC_MMU_BOOKE) {
+ dmmu_idx |= msr & (1 << MSR_GS) ? 4 : 0;
+ immu_idx = dmmu_idx;
+ immu_idx |= msr & (1 << MSR_IS) ? 2 : 0;
+ dmmu_idx |= msr & (1 << MSR_DS) ? 2 : 0;
+ } else {
+ dmmu_idx |= msr & (1ull << MSR_HV) ? 4 : 0;
+ immu_idx = dmmu_idx;
+ immu_idx |= msr & (1 << MSR_IR) ? 0 : 2;
+ dmmu_idx |= msr & (1 << MSR_DR) ? 0 : 2;
+ }
+ hflags |= immu_idx << HFLAGS_IMMU_IDX;
+ hflags |= dmmu_idx << HFLAGS_DMMU_IDX;
#endif
env->hflags = hflags | (msr & msr_mask);
- hreg_compute_mem_idx(env);
}
void cpu_interrupt_exittb(CPUState *cs)
diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
index f4f7e730de..444b2a30ef 100644
--- a/target/ppc/mem_helper.c
+++ b/target/ppc/mem_helper.c
@@ -278,7 +278,7 @@ static void dcbz_common(CPUPPCState *env, target_ulong addr,
target_ulong mask, dcbz_size = env->dcache_line_size;
uint32_t i;
void *haddr;
- int mmu_idx = epid ? PPC_TLB_EPID_STORE : env->dmmu_idx;
+ int mmu_idx = epid ? PPC_TLB_EPID_STORE : cpu_mmu_index(env, false);
#if defined(TARGET_PPC64)
/* Check for dcbz vs dcbzl on 970 */
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 5e629291d3..a53463b9b8 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -7658,8 +7658,8 @@ void ppc_cpu_dump_state(CPUState *cs, FILE *f, int flags)
cs->cpu_index);
qemu_fprintf(f, "MSR " TARGET_FMT_lx " HID0 " TARGET_FMT_lx " HF "
"%08x iidx %d didx %d\n",
- env->msr, env->spr[SPR_HID0],
- env->hflags, env->immu_idx, env->dmmu_idx);
+ env->msr, env->spr[SPR_HID0], env->hflags,
+ cpu_mmu_index(env, true), cpu_mmu_index(env, false));
#if !defined(NO_TIMER_DUMP)
qemu_fprintf(f, "TB %08" PRIu32 " %08" PRIu64
#if !defined(CONFIG_USER_ONLY)
@@ -7885,7 +7885,7 @@ static void ppc_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
ctx->exception = POWERPC_EXCP_NONE;
ctx->spr_cb = env->spr_cb;
ctx->pr = (hflags >> HFLAGS_PR) & 1;
- ctx->mem_idx = env->dmmu_idx;
+ ctx->mem_idx = (hflags >> HFLAGS_DMMU_IDX) & 7;
ctx->dr = (hflags >> HFLAGS_DR) & 1;
ctx->hv = (hflags >> HFLAGS_HV) & 1;
ctx->insns_flags = env->insns_flags;
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v3 14/16] hw/ppc: Use hreg_store_msr for msr updates
2021-03-14 17:58 [PATCH v3 00/16] target/ppc: Fix truncation of env->hflags Richard Henderson
` (12 preceding siblings ...)
2021-03-14 17:59 ` [PATCH v3 13/16] target/ppc: Remove env->immu_idx and env->dmmu_idx Richard Henderson
@ 2021-03-14 17:59 ` Richard Henderson
2021-03-15 10:23 ` Cédric Le Goater
2021-03-14 17:59 ` [PATCH v3 15/16] linux-user/ppc: Fix " Richard Henderson
2021-03-14 17:59 ` [PATCH v3 16/16] target/ppc: Validate hflags with CONFIG_DEBUG_TCG Richard Henderson
15 siblings, 1 reply; 20+ messages in thread
From: Richard Henderson @ 2021-03-14 17:59 UTC (permalink / raw)
To: qemu-devel; +Cc: ivan, Greg Kurz, qemu-ppc, Cédric Le Goater, david
Only one of the three places in hw/ppc that modify msr updated
hflags. Even in that case, use the official interface instead
of a direct call to hreg_compute_hflags.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
Cc: Cédric Le Goater <clg@kaod.org>
Cc: Greg Kurz <groug@kaod.org>
---
hw/ppc/pnv_core.c | 3 ++-
hw/ppc/spapr_hcall.c | 3 +--
hw/ppc/spapr_rtas.c | 3 ++-
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/hw/ppc/pnv_core.c b/hw/ppc/pnv_core.c
index bd2bf2e044..31f041b9c7 100644
--- a/hw/ppc/pnv_core.c
+++ b/hw/ppc/pnv_core.c
@@ -29,6 +29,7 @@
#include "hw/ppc/pnv_xscom.h"
#include "hw/ppc/xics.h"
#include "hw/qdev-properties.h"
+#include "helper_regs.h"
static const char *pnv_core_cpu_typename(PnvCore *pc)
{
@@ -54,7 +55,7 @@ static void pnv_core_cpu_reset(PnvCore *pc, PowerPCCPU *cpu)
*/
env->gpr[3] = PNV_FDT_ADDR;
env->nip = 0x10;
- env->msr |= MSR_HVB; /* Hypervisor mode */
+ hreg_store_msr(env, env->msr | MSR_HVB, true); /* Hypervisor mode */
env->spr[SPR_HRMOR] = pc->hrmor;
diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 7b5cd3553c..a4f7a09ba8 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1055,8 +1055,7 @@ static target_ulong h_cede(PowerPCCPU *cpu, SpaprMachineState *spapr,
CPUState *cs = CPU(cpu);
SpaprCpuState *spapr_cpu = spapr_cpu_state(cpu);
- env->msr |= (1ULL << MSR_EE);
- hreg_compute_hflags(env);
+ hreg_store_msr(env, env->msr | (1ULL << MSR_EE), false);
if (spapr_cpu->prod) {
spapr_cpu->prod = false;
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index 8a79f9c628..b9a6b7ef30 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -51,6 +51,7 @@
#include "target/ppc/mmu-hash64.h"
#include "target/ppc/mmu-book3s-v3.h"
#include "migration/blocker.h"
+#include "helper_regs.h"
static void rtas_display_character(PowerPCCPU *cpu, SpaprMachineState *spapr,
uint32_t token, uint32_t nargs,
@@ -162,7 +163,7 @@ static void rtas_start_cpu(PowerPCCPU *callcpu, SpaprMachineState *spapr,
cpu_synchronize_state(CPU(newcpu));
- env->msr = (1ULL << MSR_SF) | (1ULL << MSR_ME);
+ hreg_store_msr(env, (1ULL << MSR_SF) | (1ULL << MSR_ME), true);
/* Enable Power-saving mode Exit Cause exceptions for the new CPU */
lpcr = env->spr[SPR_LPCR];
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v3 15/16] linux-user/ppc: Fix msr updates
2021-03-14 17:58 [PATCH v3 00/16] target/ppc: Fix truncation of env->hflags Richard Henderson
` (13 preceding siblings ...)
2021-03-14 17:59 ` [PATCH v3 14/16] hw/ppc: Use hreg_store_msr for msr updates Richard Henderson
@ 2021-03-14 17:59 ` Richard Henderson
2021-03-14 17:59 ` [PATCH v3 16/16] target/ppc: Validate hflags with CONFIG_DEBUG_TCG Richard Henderson
15 siblings, 0 replies; 20+ messages in thread
From: Richard Henderson @ 2021-03-14 17:59 UTC (permalink / raw)
To: qemu-devel; +Cc: ivan, qemu-ppc, david
In save_user_regs, there are two bugs where we OR in a bit number
instead of the bit, clobbering the low bits of MSR. However:
The MSR_VR and MSR_SPE bits control the availability of the insns.
If the bits were not already set in MSR, then any attempt to access
those registers would result in SIGILL.
For linux-user, we always initialize MSR to the capabilities
of the cpu. We *could* add checks vs MSR where we currently
check insn_flags and insn_flags2, but we know they match.
Also, there's a stray cut-and-paste comment in restore.
Then, do not force little-endian binaries into big-endian mode.
Finally, use ppc_store_msr for the update to affect hflags.
Which is the reason none of these bugs were previously noticed.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
linux-user/ppc/cpu_loop.c | 5 +++--
linux-user/ppc/signal.c | 23 +++++++++++------------
2 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/linux-user/ppc/cpu_loop.c b/linux-user/ppc/cpu_loop.c
index df71e15a25..4a0f6c8dc2 100644
--- a/linux-user/ppc/cpu_loop.c
+++ b/linux-user/ppc/cpu_loop.c
@@ -492,11 +492,12 @@ void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs)
#if defined(TARGET_PPC64)
int flag = (env->insns_flags2 & PPC2_BOOKE206) ? MSR_CM : MSR_SF;
#if defined(TARGET_ABI32)
- env->msr &= ~((target_ulong)1 << flag);
+ ppc_store_msr(env, env->msr & ~((target_ulong)1 << flag));
#else
- env->msr |= (target_ulong)1 << flag;
+ ppc_store_msr(env, env->msr | (target_ulong)1 << flag);
#endif
#endif
+
env->nip = regs->nip;
for(i = 0; i < 32; i++) {
env->gpr[i] = regs->gpr[i];
diff --git a/linux-user/ppc/signal.c b/linux-user/ppc/signal.c
index b78613f7c8..bad38f8ed9 100644
--- a/linux-user/ppc/signal.c
+++ b/linux-user/ppc/signal.c
@@ -261,9 +261,6 @@ static void save_user_regs(CPUPPCState *env, struct target_mcontext *frame)
__put_user(avr->u64[PPC_VEC_HI], &vreg->u64[0]);
__put_user(avr->u64[PPC_VEC_LO], &vreg->u64[1]);
}
- /* Set MSR_VR in the saved MSR value to indicate that
- frame->mc_vregs contains valid data. */
- msr |= MSR_VR;
#if defined(TARGET_PPC64)
vrsave = (uint32_t *)&frame->mc_vregs.altivec[33];
/* 64-bit needs to put a pointer to the vectors in the frame */
@@ -300,9 +297,6 @@ static void save_user_regs(CPUPPCState *env, struct target_mcontext *frame)
for (i = 0; i < ARRAY_SIZE(env->gprh); i++) {
__put_user(env->gprh[i], &frame->mc_vregs.spe[i]);
}
- /* Set MSR_SPE in the saved MSR value to indicate that
- frame->mc_vregs contains valid data. */
- msr |= MSR_SPE;
__put_user(env->spe_fscr, &frame->mc_vregs.spe[32]);
}
#endif
@@ -354,8 +348,10 @@ static void restore_user_regs(CPUPPCState *env,
__get_user(msr, &frame->mc_gregs[TARGET_PT_MSR]);
/* If doing signal return, restore the previous little-endian mode. */
- if (sig)
- env->msr = (env->msr & ~(1ull << MSR_LE)) | (msr & (1ull << MSR_LE));
+ if (sig) {
+ ppc_store_msr(env, ((env->msr & ~(1ull << MSR_LE)) |
+ (msr & (1ull << MSR_LE))));
+ }
/* Restore Altivec registers if necessary. */
if (env->insns_flags & PPC_ALTIVEC) {
@@ -376,8 +372,6 @@ static void restore_user_regs(CPUPPCState *env,
__get_user(avr->u64[PPC_VEC_HI], &vreg->u64[0]);
__get_user(avr->u64[PPC_VEC_LO], &vreg->u64[1]);
}
- /* Set MSR_VEC in the saved MSR value to indicate that
- frame->mc_vregs contains valid data. */
#if defined(TARGET_PPC64)
vrsave = (uint32_t *)&v_regs[33];
#else
@@ -468,7 +462,7 @@ void setup_frame(int sig, struct target_sigaction *ka,
env->nip = (target_ulong) ka->_sa_handler;
/* Signal handlers are entered in big-endian mode. */
- env->msr &= ~(1ull << MSR_LE);
+ ppc_store_msr(env, env->msr & ~(1ull << MSR_LE));
unlock_user_struct(frame, frame_addr, 1);
return;
@@ -563,8 +557,13 @@ void setup_rt_frame(int sig, struct target_sigaction *ka,
env->nip = (target_ulong) ka->_sa_handler;
#endif
+#ifdef TARGET_WORDS_BIGENDIAN
/* Signal handlers are entered in big-endian mode. */
- env->msr &= ~(1ull << MSR_LE);
+ ppc_store_msr(env, env->msr & ~(1ull << MSR_LE));
+#else
+ /* Signal handlers are entered in little-endian mode. */
+ ppc_store_msr(env, env->msr | (1ull << MSR_LE));
+#endif
unlock_user_struct(rt_sf, rt_sf_addr, 1);
return;
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH v3 16/16] target/ppc: Validate hflags with CONFIG_DEBUG_TCG
2021-03-14 17:58 [PATCH v3 00/16] target/ppc: Fix truncation of env->hflags Richard Henderson
` (14 preceding siblings ...)
2021-03-14 17:59 ` [PATCH v3 15/16] linux-user/ppc: Fix " Richard Henderson
@ 2021-03-14 17:59 ` Richard Henderson
15 siblings, 0 replies; 20+ messages in thread
From: Richard Henderson @ 2021-03-14 17:59 UTC (permalink / raw)
To: qemu-devel; +Cc: ivan, qemu-ppc, david
Verify that hflags was updated correctly whenever we change
cpu state that is used by hflags.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
target/ppc/cpu.h | 5 +++++
target/ppc/helper_regs.c | 29 +++++++++++++++++++++++++++--
2 files changed, 32 insertions(+), 2 deletions(-)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 2f8d7fa13c..7ee5c9a66e 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -2424,6 +2424,10 @@ void cpu_write_xer(CPUPPCState *env, target_ulong xer);
*/
#define is_book3s_arch2x(ctx) (!!((ctx)->insns_flags & PPC_SEGMENT_64B))
+#ifdef CONFIG_DEBUG_TCG
+void cpu_get_tb_cpu_state(CPUPPCState *env, target_ulong *pc,
+ target_ulong *cs_base, uint32_t *flags);
+#else
static inline void cpu_get_tb_cpu_state(CPUPPCState *env, target_ulong *pc,
target_ulong *cs_base, uint32_t *flags)
{
@@ -2431,6 +2435,7 @@ static inline void cpu_get_tb_cpu_state(CPUPPCState *env, target_ulong *pc,
*cs_base = 0;
*flags = env->hflags;
}
+#endif
void QEMU_NORETURN raise_exception(CPUPPCState *env, uint32_t exception);
void QEMU_NORETURN raise_exception_ra(CPUPPCState *env, uint32_t exception,
diff --git a/target/ppc/helper_regs.c b/target/ppc/helper_regs.c
index b28037ca24..9df1098fec 100644
--- a/target/ppc/helper_regs.c
+++ b/target/ppc/helper_regs.c
@@ -43,7 +43,7 @@ void hreg_swap_gpr_tgpr(CPUPPCState *env)
env->tgpr[3] = tmp;
}
-void hreg_compute_hflags(CPUPPCState *env)
+static uint32_t hreg_compute_hflags_value(CPUPPCState *env)
{
target_ulong msr = env->msr;
uint32_t ppc_flags = env->flags;
@@ -147,9 +147,34 @@ void hreg_compute_hflags(CPUPPCState *env)
hflags |= dmmu_idx << HFLAGS_DMMU_IDX;
#endif
- env->hflags = hflags | (msr & msr_mask);
+ return hflags | (msr & msr_mask);
}
+void hreg_compute_hflags(CPUPPCState *env)
+{
+ env->hflags = hreg_compute_hflags_value(env);
+}
+
+#ifdef CONFIG_DEBUG_TCG
+void cpu_get_tb_cpu_state(CPUPPCState *env, target_ulong *pc,
+ target_ulong *cs_base, uint32_t *flags)
+{
+ uint32_t hflags_current = env->hflags;
+ uint32_t hflags_rebuilt;
+
+ *pc = env->nip;
+ *cs_base = 0;
+ *flags = hflags_current;
+
+ hflags_rebuilt = hreg_compute_hflags_value(env);
+ if (unlikely(hflags_current != hflags_rebuilt)) {
+ cpu_abort(env_cpu(env),
+ "TCG hflags mismatch (current:0x%08x rebuilt:0x%08x)\n",
+ hflags_current, hflags_rebuilt);
+ }
+}
+#endif
+
void cpu_interrupt_exittb(CPUState *cs)
{
if (!kvm_enabled()) {
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* Re: [PATCH v3 14/16] hw/ppc: Use hreg_store_msr for msr updates
2021-03-14 17:59 ` [PATCH v3 14/16] hw/ppc: Use hreg_store_msr for msr updates Richard Henderson
@ 2021-03-15 10:23 ` Cédric Le Goater
2021-03-15 13:47 ` Richard Henderson
0 siblings, 1 reply; 20+ messages in thread
From: Cédric Le Goater @ 2021-03-15 10:23 UTC (permalink / raw)
To: Richard Henderson, qemu-devel; +Cc: ivan, qemu-ppc, Greg Kurz, david
On 3/14/21 6:59 PM, Richard Henderson wrote:
> Only one of the three places in hw/ppc that modify msr updated
> hflags. Even in that case, use the official interface instead
> of a direct call to hreg_compute_hflags.
ppc_store_msr() is the interface to use.
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
> Cc: Cédric Le Goater <clg@kaod.org>
> Cc: Greg Kurz <groug@kaod.org>
> ---
> hw/ppc/pnv_core.c | 3 ++-
> hw/ppc/spapr_hcall.c | 3 +--
> hw/ppc/spapr_rtas.c | 3 ++-
> 3 files changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/hw/ppc/pnv_core.c b/hw/ppc/pnv_core.c
> index bd2bf2e044..31f041b9c7 100644
> --- a/hw/ppc/pnv_core.c
> +++ b/hw/ppc/pnv_core.c
> @@ -29,6 +29,7 @@
> #include "hw/ppc/pnv_xscom.h"
> #include "hw/ppc/xics.h"
> #include "hw/qdev-properties.h"
> +#include "helper_regs.h"
>
> static const char *pnv_core_cpu_typename(PnvCore *pc)
> {
> @@ -54,7 +55,7 @@ static void pnv_core_cpu_reset(PnvCore *pc, PowerPCCPU *cpu)
> */
> env->gpr[3] = PNV_FDT_ADDR;
> env->nip = 0x10;
> - env->msr |= MSR_HVB; /* Hypervisor mode */
> + hreg_store_msr(env, env->msr | MSR_HVB, true); /* Hypervisor mode */
This is going to have the opposite effect of not setting the HV bit in the
PowerNV machine. See the comment in powerpc_set_excp_state().
May be commit 1c953ba57ada ("ppc: Fix hreg_store_msr() so that non-HV
mode cannot alter MSR:HV") needs a fix first.
C.
>
> env->spr[SPR_HRMOR] = pc->hrmor;
>
> diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
> index 7b5cd3553c..a4f7a09ba8 100644
> --- a/hw/ppc/spapr_hcall.c
> +++ b/hw/ppc/spapr_hcall.c
> @@ -1055,8 +1055,7 @@ static target_ulong h_cede(PowerPCCPU *cpu, SpaprMachineState *spapr,
> CPUState *cs = CPU(cpu);
> SpaprCpuState *spapr_cpu = spapr_cpu_state(cpu);
>
> - env->msr |= (1ULL << MSR_EE);
> - hreg_compute_hflags(env);
> + hreg_store_msr(env, env->msr | (1ULL << MSR_EE), false);
>
> if (spapr_cpu->prod) {
> spapr_cpu->prod = false;
> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
> index 8a79f9c628..b9a6b7ef30 100644
> --- a/hw/ppc/spapr_rtas.c
> +++ b/hw/ppc/spapr_rtas.c
> @@ -51,6 +51,7 @@
> #include "target/ppc/mmu-hash64.h"
> #include "target/ppc/mmu-book3s-v3.h"
> #include "migration/blocker.h"
> +#include "helper_regs.h"
>
> static void rtas_display_character(PowerPCCPU *cpu, SpaprMachineState *spapr,
> uint32_t token, uint32_t nargs,
> @@ -162,7 +163,7 @@ static void rtas_start_cpu(PowerPCCPU *callcpu, SpaprMachineState *spapr,
>
> cpu_synchronize_state(CPU(newcpu));
>
> - env->msr = (1ULL << MSR_SF) | (1ULL << MSR_ME);
> + hreg_store_msr(env, (1ULL << MSR_SF) | (1ULL << MSR_ME), true);
>
> /* Enable Power-saving mode Exit Cause exceptions for the new CPU */
> lpcr = env->spr[SPR_LPCR];
>
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v3 14/16] hw/ppc: Use hreg_store_msr for msr updates
2021-03-15 10:23 ` Cédric Le Goater
@ 2021-03-15 13:47 ` Richard Henderson
2021-03-15 13:55 ` Cédric Le Goater
0 siblings, 1 reply; 20+ messages in thread
From: Richard Henderson @ 2021-03-15 13:47 UTC (permalink / raw)
To: Cédric Le Goater, qemu-devel; +Cc: ivan, qemu-ppc, Greg Kurz, david
On 3/15/21 4:23 AM, Cédric Le Goater wrote:
> On 3/14/21 6:59 PM, Richard Henderson wrote:
>> Only one of the three places in hw/ppc that modify msr updated
>> hflags. Even in that case, use the official interface instead
>> of a direct call to hreg_compute_hflags.
>
> ppc_store_msr() is the interface to use.
>
>> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
>> ---
>> Cc: Cédric Le Goater <clg@kaod.org>
>> Cc: Greg Kurz <groug@kaod.org>
>> ---
>> hw/ppc/pnv_core.c | 3 ++-
>> hw/ppc/spapr_hcall.c | 3 +--
>> hw/ppc/spapr_rtas.c | 3 ++-
>> 3 files changed, 5 insertions(+), 4 deletions(-)
>>
>> diff --git a/hw/ppc/pnv_core.c b/hw/ppc/pnv_core.c
>> index bd2bf2e044..31f041b9c7 100644
>> --- a/hw/ppc/pnv_core.c
>> +++ b/hw/ppc/pnv_core.c
>> @@ -29,6 +29,7 @@
>> #include "hw/ppc/pnv_xscom.h"
>> #include "hw/ppc/xics.h"
>> #include "hw/qdev-properties.h"
>> +#include "helper_regs.h"
>>
>> static const char *pnv_core_cpu_typename(PnvCore *pc)
>> {
>> @@ -54,7 +55,7 @@ static void pnv_core_cpu_reset(PnvCore *pc, PowerPCCPU *cpu)
>> */
>> env->gpr[3] = PNV_FDT_ADDR;
>> env->nip = 0x10;
>> - env->msr |= MSR_HVB; /* Hypervisor mode */
>> + hreg_store_msr(env, env->msr | MSR_HVB, true); /* Hypervisor mode */
>
>
> This is going to have the opposite effect of not setting the HV bit in the
> PowerNV machine. See the comment in powerpc_set_excp_state().
>
> May be commit 1c953ba57ada ("ppc: Fix hreg_store_msr() so that non-HV
> mode cannot alter MSR:HV") needs a fix first.
Hmm. I mis-read the code and assumed "allow_hv" allowed hv to be changed.
There must be some kind of quirkyness here that I don't understand.
I'll just have these reset functions use hreg_recompute_hflags directly.
r~
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v3 14/16] hw/ppc: Use hreg_store_msr for msr updates
2021-03-15 13:47 ` Richard Henderson
@ 2021-03-15 13:55 ` Cédric Le Goater
0 siblings, 0 replies; 20+ messages in thread
From: Cédric Le Goater @ 2021-03-15 13:55 UTC (permalink / raw)
To: Richard Henderson, qemu-devel; +Cc: ivan, qemu-ppc, Greg Kurz, david
On 3/15/21 2:47 PM, Richard Henderson wrote:
> On 3/15/21 4:23 AM, Cédric Le Goater wrote:
>> On 3/14/21 6:59 PM, Richard Henderson wrote:
>>> Only one of the three places in hw/ppc that modify msr updated
>>> hflags. Even in that case, use the official interface instead
>>> of a direct call to hreg_compute_hflags.
>>
>> ppc_store_msr() is the interface to use.
>>
>>> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
>>> ---
>>> Cc: Cédric Le Goater <clg@kaod.org>
>>> Cc: Greg Kurz <groug@kaod.org>
>>> ---
>>> hw/ppc/pnv_core.c | 3 ++-
>>> hw/ppc/spapr_hcall.c | 3 +--
>>> hw/ppc/spapr_rtas.c | 3 ++-
>>> 3 files changed, 5 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/hw/ppc/pnv_core.c b/hw/ppc/pnv_core.c
>>> index bd2bf2e044..31f041b9c7 100644
>>> --- a/hw/ppc/pnv_core.c
>>> +++ b/hw/ppc/pnv_core.c
>>> @@ -29,6 +29,7 @@
>>> #include "hw/ppc/pnv_xscom.h"
>>> #include "hw/ppc/xics.h"
>>> #include "hw/qdev-properties.h"
>>> +#include "helper_regs.h"
>>> static const char *pnv_core_cpu_typename(PnvCore *pc)
>>> {
>>> @@ -54,7 +55,7 @@ static void pnv_core_cpu_reset(PnvCore *pc, PowerPCCPU *cpu)
>>> */
>>> env->gpr[3] = PNV_FDT_ADDR;
>>> env->nip = 0x10;
>>> - env->msr |= MSR_HVB; /* Hypervisor mode */
>>> + hreg_store_msr(env, env->msr | MSR_HVB, true); /* Hypervisor mode */
>>
>>
>> This is going to have the opposite effect of not setting the HV bit in the
>> PowerNV machine. See the comment in powerpc_set_excp_state().
>>
>> May be commit 1c953ba57ada ("ppc: Fix hreg_store_msr() so that non-HV
>> mode cannot alter MSR:HV") needs a fix first.
>
> Hmm. I mis-read the code and assumed "allow_hv" allowed hv to be changed.
> There must be some kind of quirkyness here that I don't understand.
This part was added ~14 years ago by commit a4f30719a8cd ("PowerPC hypervisor
mode is not fundamentally available only for PowerPC 64. Remove TARGET_PPC64
dependency and add code provision to be able to define a fake 32 bits CPU
with hypervisor feature support.")
I am afraid we kept adding stuff on top of it.
> I'll just have these reset functions use hreg_recompute_hflags directly.
Yes. That should be ok.
Thanks,
C.
^ permalink raw reply [flat|nested] 20+ messages in thread
end of thread, other threads:[~2021-03-15 13:57 UTC | newest]
Thread overview: 20+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-14 17:58 [PATCH v3 00/16] target/ppc: Fix truncation of env->hflags Richard Henderson
2021-03-14 17:58 ` [PATCH v3 01/16] target/ppc: Move helper_regs.h functions out-of-line Richard Henderson
2021-03-14 17:58 ` [PATCH v3 02/16] target/ppc: Move 601 hflags adjustment to hreg_compute_hflags Richard Henderson
2021-03-14 17:58 ` [PATCH v3 03/16] target/ppc: Properly sync cpu state with new msr in cpu_load_old Richard Henderson
2021-03-14 17:58 ` [PATCH v3 04/16] target/ppc: Do not call hreg_compute_mem_idx after ppc_store_msr Richard Henderson
2021-03-14 17:58 ` [PATCH v3 05/16] target/ppc: Retain hflags_nmsr only for migration Richard Henderson
2021-03-14 17:58 ` [PATCH v3 06/16] target/ppc: Fix comment for MSR_FE{0,1} Richard Henderson
2021-03-14 17:58 ` [PATCH v3 07/16] target/ppc: Disconnect hflags from MSR Richard Henderson
2021-03-14 17:58 ` [PATCH v3 08/16] target/ppc: Reduce env->hflags to uint32_t Richard Henderson
2021-03-14 17:58 ` [PATCH v3 09/16] target/ppc: Put dbcr0 single-step bits into hflags Richard Henderson
2021-03-14 17:59 ` [PATCH v3 10/16] target/ppc: Create helper_scv Richard Henderson
2021-03-14 17:59 ` [PATCH v3 11/16] target/ppc: Put LPCR[GTSE] in hflags Richard Henderson
2021-03-14 17:59 ` [PATCH v3 12/16] target/ppc: Remove MSR_SA and MSR_AP from hflags Richard Henderson
2021-03-14 17:59 ` [PATCH v3 13/16] target/ppc: Remove env->immu_idx and env->dmmu_idx Richard Henderson
2021-03-14 17:59 ` [PATCH v3 14/16] hw/ppc: Use hreg_store_msr for msr updates Richard Henderson
2021-03-15 10:23 ` Cédric Le Goater
2021-03-15 13:47 ` Richard Henderson
2021-03-15 13:55 ` Cédric Le Goater
2021-03-14 17:59 ` [PATCH v3 15/16] linux-user/ppc: Fix " Richard Henderson
2021-03-14 17:59 ` [PATCH v3 16/16] target/ppc: Validate hflags with CONFIG_DEBUG_TCG Richard Henderson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).