From 9d6ba75df26d699a6e23d4817983bd029898f5c7 Mon Sep 17 00:00:00 2001 From: Benjamin Herrenschmidt Date: Wed, 11 Nov 2015 11:15:46 +1100 Subject: [PATCH 01/40] target-ppc: Use sensible POWER8/POWER8E versions We never released anything older than POWER8 DD2.0 and POWER8E DD2.1, so let's use these versions, without that some firmware or Linux code might fail to use some HW features that were non functional in earlier internal only spins of the chip. Signed-off-by: Benjamin Herrenschmidt Signed-off-by: David Gibson --- target-ppc/cpu-models.c | 12 ++++++------ target-ppc/cpu-models.h | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/target-ppc/cpu-models.c b/target-ppc/cpu-models.c index 884e31da1b71..ed005d79c3bd 100644 --- a/target-ppc/cpu-models.c +++ b/target-ppc/cpu-models.c @@ -1139,10 +1139,10 @@ "POWER7 v2.3") POWERPC_DEF("POWER7+_v2.1", CPU_POWERPC_POWER7P_v21, POWER7, "POWER7+ v2.1") - POWERPC_DEF("POWER8E_v1.0", CPU_POWERPC_POWER8E_v10, POWER8, - "POWER8E v1.0") - POWERPC_DEF("POWER8_v1.0", CPU_POWERPC_POWER8_v10, POWER8, - "POWER8 v1.0") + POWERPC_DEF("POWER8E_v2.1", CPU_POWERPC_POWER8E_v21, POWER8, + "POWER8E v2.1") + POWERPC_DEF("POWER8_v2.0", CPU_POWERPC_POWER8_v20, POWER8, + "POWER8 v2.0") POWERPC_DEF("970_v2.2", CPU_POWERPC_970_v22, 970, "PowerPC 970 v2.2") POWERPC_DEF("970fx_v1.0", CPU_POWERPC_970FX_v10, 970, @@ -1390,8 +1390,8 @@ PowerPCCPUAlias ppc_cpu_aliases[] = { { "POWER5gs", "POWER5+_v2.1" }, { "POWER7", "POWER7_v2.3" }, { "POWER7+", "POWER7+_v2.1" }, - { "POWER8E", "POWER8E_v1.0" }, - { "POWER8", "POWER8_v1.0" }, + { "POWER8E", "POWER8E_v2.1" }, + { "POWER8", "POWER8_v2.0" }, { "970", "970_v2.2" }, { "970fx", "970fx_v3.1" }, { "970mp", "970mp_v1.1" }, diff --git a/target-ppc/cpu-models.h b/target-ppc/cpu-models.h index 9d80e72271bc..2992427e313b 100644 --- a/target-ppc/cpu-models.h +++ b/target-ppc/cpu-models.h @@ -557,9 +557,9 @@ enum { CPU_POWERPC_POWER7P_BASE = 0x004A0000, CPU_POWERPC_POWER7P_v21 = 0x004A0201, CPU_POWERPC_POWER8E_BASE = 0x004B0000, - CPU_POWERPC_POWER8E_v10 = 0x004B0100, + CPU_POWERPC_POWER8E_v21 = 0x004B0201, CPU_POWERPC_POWER8_BASE = 0x004D0000, - CPU_POWERPC_POWER8_v10 = 0x004D0100, + CPU_POWERPC_POWER8_v20 = 0x004D0200, CPU_POWERPC_970_v22 = 0x00390202, CPU_POWERPC_970FX_v10 = 0x00391100, CPU_POWERPC_970FX_v20 = 0x003C0200, From 6a9620e60cc1b16dba9ee9d9d8cb374e4303c072 Mon Sep 17 00:00:00 2001 From: Mark Cave-Ayland Date: Wed, 6 Jan 2016 18:22:11 +0000 Subject: [PATCH 02/40] target-ppc: use cpu_write_xer() helper in cpu_post_load Otherwise some internal xer variables fail to get set post-migration. Signed-off-by: Mark Cave-Ayland Reviewed-by: Alexey Kardashevskiy Signed-off-by: David Gibson --- target-ppc/machine.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target-ppc/machine.c b/target-ppc/machine.c index 8e30b7a8dc0c..8cabc77883d6 100644 --- a/target-ppc/machine.c +++ b/target-ppc/machine.c @@ -169,7 +169,7 @@ static int cpu_post_load(void *opaque, int version_id) env->spr[SPR_PVR] = env->spr_cb[SPR_PVR].default_value; env->lr = env->spr[SPR_LR]; env->ctr = env->spr[SPR_CTR]; - env->xer = env->spr[SPR_XER]; + cpu_write_xer(env, env->spr[SPR_XER]); #if defined(TARGET_PPC64) env->cfar = env->spr[SPR_CFAR]; #endif From 03c1280bf5dbb0b0f6125d17b8eebe9b9e97c8d8 Mon Sep 17 00:00:00 2001 From: Mark Cave-Ayland Date: Sat, 30 Jan 2016 23:36:52 +1100 Subject: [PATCH 03/40] macio: use the existing IDEDMA aiocb to hold the active DMA aiocb Currently the aiocb is held within MACIOIDEState, however the IDE core code assumes that the current actvie DMA aiocb is held in aiocb in a few places, e.g. ide_bus_reset() and ide_reset(). Switch over to using IDEDMA aiocb to store the aiocb for the current active DMA request so that bus resets and restarts are handled correctly. As a consequence we can now use ide_set_inactive() rather than handling its functionality ourselves. Signed-off-by: Mark Cave-Ayland Reviewed-by: John Snow Signed-off-by: David Gibson --- hw/ide/macio.c | 20 ++++++++++++-------- hw/ppc/mac.h | 1 - 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/hw/ide/macio.c b/hw/ide/macio.c index 336784b076de..bfdc37747c4d 100644 --- a/hw/ide/macio.c +++ b/hw/ide/macio.c @@ -120,8 +120,8 @@ static void pmac_dma_read(BlockBackend *blk, MACIO_DPRINTF("--- Block read transfer - sector_num: %" PRIx64 " " "nsector: %x\n", (offset >> 9), (bytes >> 9)); - m->aiocb = blk_aio_readv(blk, (offset >> 9), &io->iov, (bytes >> 9), - cb, io); + s->bus->dma->aiocb = blk_aio_readv(blk, (offset >> 9), &io->iov, + (bytes >> 9), cb, io); } static void pmac_dma_write(BlockBackend *blk, @@ -205,8 +205,8 @@ static void pmac_dma_write(BlockBackend *blk, MACIO_DPRINTF("--- Block write transfer - sector_num: %" PRIx64 " " "nsector: %x\n", (offset >> 9), (bytes >> 9)); - m->aiocb = blk_aio_writev(blk, (offset >> 9), &io->iov, (bytes >> 9), - cb, io); + s->bus->dma->aiocb = blk_aio_writev(blk, (offset >> 9), &io->iov, + (bytes >> 9), cb, io); } static void pmac_dma_trim(BlockBackend *blk, @@ -232,8 +232,8 @@ static void pmac_dma_trim(BlockBackend *blk, s->io_buffer_index += io->len; io->len = 0; - m->aiocb = ide_issue_trim(blk, (offset >> 9), &io->iov, (bytes >> 9), - cb, io); + s->bus->dma->aiocb = ide_issue_trim(blk, (offset >> 9), &io->iov, + (bytes >> 9), cb, io); } static void pmac_ide_atapi_transfer_cb(void *opaque, int ret) @@ -292,6 +292,8 @@ static void pmac_ide_atapi_transfer_cb(void *opaque, int ret) } else { block_acct_done(blk_get_stats(s->blk), &s->acct); } + + ide_set_inactive(s, false); io->dma_end(opaque); } @@ -306,7 +308,6 @@ static void pmac_ide_transfer_cb(void *opaque, int ret) if (ret < 0) { MACIO_DPRINTF("DMA error: %d\n", ret); - m->aiocb = NULL; ide_dma_error(s); goto done; } @@ -357,6 +358,8 @@ static void pmac_ide_transfer_cb(void *opaque, int ret) block_acct_done(blk_get_stats(s->blk), &s->acct); } } + + ide_set_inactive(s, false); io->dma_end(opaque); } @@ -394,8 +397,9 @@ static void pmac_ide_transfer(DBDMA_io *io) static void pmac_ide_flush(DBDMA_io *io) { MACIOIDEState *m = io->opaque; + IDEState *s = idebus_active_if(&m->bus); - if (m->aiocb) { + if (s->bus->dma->aiocb) { blk_drain_all(); } } diff --git a/hw/ppc/mac.h b/hw/ppc/mac.h index e375ed2b2bf1..ecf7792bc989 100644 --- a/hw/ppc/mac.h +++ b/hw/ppc/mac.h @@ -134,7 +134,6 @@ typedef struct MACIOIDEState { MemoryRegion mem; IDEBus bus; - BlockAIOCB *aiocb; IDEDMA dma; void *dbdma; bool dma_active; From bb37a8e8a3a7adef2ff395d3daf7384004441340 Mon Sep 17 00:00:00 2001 From: Mark Cave-Ayland Date: Wed, 6 Jan 2016 20:37:24 +0000 Subject: [PATCH 04/40] macio: add dma_active to VMStateDescription Make sure that we include the value of dma_active in the migration stream. Signed-off-by: Mark Cave-Ayland Acked-by: John Snow Signed-off-by: David Gibson --- hw/ide/macio.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/ide/macio.c b/hw/ide/macio.c index bfdc37747c4d..1725e5b23f74 100644 --- a/hw/ide/macio.c +++ b/hw/ide/macio.c @@ -517,11 +517,12 @@ static const MemoryRegionOps pmac_ide_ops = { static const VMStateDescription vmstate_pmac = { .name = "ide", - .version_id = 3, + .version_id = 4, .minimum_version_id = 0, .fields = (VMStateField[]) { VMSTATE_IDE_BUS(bus, MACIOIDEState), VMSTATE_IDE_DRIVES(bus.ifs, MACIOIDEState), + VMSTATE_BOOL(dma_active, MACIOIDEState), VMSTATE_END_OF_LIST() } }; From 627be2f2836239e5fe437acdd96a8197d824af58 Mon Sep 17 00:00:00 2001 From: Mark Cave-Ayland Date: Wed, 6 Jan 2016 20:37:25 +0000 Subject: [PATCH 05/40] mac_dbdma: add DBDMA controller state to VMStateDescription Make sure that we include the DBDMA controller state in the migration stream. Signed-off-by: Mark Cave-Ayland Signed-off-by: David Gibson --- hw/misc/macio/mac_dbdma.c | 40 +++++++++++++++++++++++++++++++++++---- 1 file changed, 36 insertions(+), 4 deletions(-) diff --git a/hw/misc/macio/mac_dbdma.c b/hw/misc/macio/mac_dbdma.c index c6d5b966b488..d81dea7b0d43 100644 --- a/hw/misc/macio/mac_dbdma.c +++ b/hw/misc/macio/mac_dbdma.c @@ -713,20 +713,52 @@ static const MemoryRegionOps dbdma_ops = { }, }; -static const VMStateDescription vmstate_dbdma_channel = { - .name = "dbdma_channel", +static const VMStateDescription vmstate_dbdma_io = { + .name = "dbdma_io", + .version_id = 0, + .minimum_version_id = 0, + .fields = (VMStateField[]) { + VMSTATE_UINT64(addr, struct DBDMA_io), + VMSTATE_INT32(len, struct DBDMA_io), + VMSTATE_INT32(is_last, struct DBDMA_io), + VMSTATE_INT32(is_dma_out, struct DBDMA_io), + VMSTATE_BOOL(processing, struct DBDMA_io), + VMSTATE_END_OF_LIST() + } +}; + +static const VMStateDescription vmstate_dbdma_cmd = { + .name = "dbdma_cmd", .version_id = 0, .minimum_version_id = 0, + .fields = (VMStateField[]) { + VMSTATE_UINT16(req_count, dbdma_cmd), + VMSTATE_UINT16(command, dbdma_cmd), + VMSTATE_UINT32(phy_addr, dbdma_cmd), + VMSTATE_UINT32(cmd_dep, dbdma_cmd), + VMSTATE_UINT16(res_count, dbdma_cmd), + VMSTATE_UINT16(xfer_status, dbdma_cmd), + VMSTATE_END_OF_LIST() + } +}; + +static const VMStateDescription vmstate_dbdma_channel = { + .name = "dbdma_channel", + .version_id = 1, + .minimum_version_id = 1, .fields = (VMStateField[]) { VMSTATE_UINT32_ARRAY(regs, struct DBDMA_channel, DBDMA_REGS), + VMSTATE_STRUCT(io, struct DBDMA_channel, 0, vmstate_dbdma_io, DBDMA_io), + VMSTATE_STRUCT(current, struct DBDMA_channel, 0, vmstate_dbdma_cmd, + dbdma_cmd), VMSTATE_END_OF_LIST() } }; static const VMStateDescription vmstate_dbdma = { .name = "dbdma", - .version_id = 2, - .minimum_version_id = 2, + .version_id = 3, + .minimum_version_id = 3, .fields = (VMStateField[]) { VMSTATE_STRUCT_ARRAY(channels, DBDMAState, DBDMA_CHANNELS, 1, vmstate_dbdma_channel, DBDMA_channel), From ff57eae5f119ce2c6fbaab1313e3487969533fb9 Mon Sep 17 00:00:00 2001 From: Mark Cave-Ayland Date: Wed, 6 Jan 2016 20:37:26 +0000 Subject: [PATCH 06/40] cuda: add missing fields to VMStateDescription Include some fields missed from the previous VMState conversion to the migration stream, as well as the new SR_INT delay timer. Signed-off-by: Mark Cave-Ayland Signed-off-by: David Gibson --- hw/misc/macio/cuda.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/hw/misc/macio/cuda.c b/hw/misc/macio/cuda.c index 8d450cfce249..0bd90e84565f 100644 --- a/hw/misc/macio/cuda.c +++ b/hw/misc/macio/cuda.c @@ -705,15 +705,17 @@ static const VMStateDescription vmstate_cuda_timer = { static const VMStateDescription vmstate_cuda = { .name = "cuda", - .version_id = 2, - .minimum_version_id = 2, + .version_id = 3, + .minimum_version_id = 3, .fields = (VMStateField[]) { VMSTATE_UINT8(a, CUDAState), VMSTATE_UINT8(b, CUDAState), + VMSTATE_UINT8(last_b, CUDAState), VMSTATE_UINT8(dira, CUDAState), VMSTATE_UINT8(dirb, CUDAState), VMSTATE_UINT8(sr, CUDAState), VMSTATE_UINT8(acr, CUDAState), + VMSTATE_UINT8(last_acr, CUDAState), VMSTATE_UINT8(pcr, CUDAState), VMSTATE_UINT8(ifr, CUDAState), VMSTATE_UINT8(ier, CUDAState), @@ -728,6 +730,7 @@ static const VMStateDescription vmstate_cuda = { VMSTATE_STRUCT_ARRAY(timers, CUDAState, 2, 1, vmstate_cuda_timer, CUDATimer), VMSTATE_TIMER_PTR(adb_poll_timer, CUDAState), + VMSTATE_TIMER_PTR(sr_delay_timer, CUDAState), VMSTATE_END_OF_LIST() } }; From c920f7b42fc7834bae73a5fd146f58db18bb3f58 Mon Sep 17 00:00:00 2001 From: David Gibson Date: Tue, 19 Jan 2016 15:57:42 +1100 Subject: [PATCH 07/40] spapr: Small fixes to rtas_ibm_get_system_parameter, remove rtas_st_buffer rtas_st_buffer() appears in spapr.h as though it were a widely used helper, but in fact it is only used for saving data in a format used by rtas_ibm_get_system_parameter(). This changes it to a local helper more specifically for that function. While we're there fix a couple of small defects in rtas_ibm_get_system_parameter: - For the string value SPLPAR_CHARACTERISTICS, it wasn't including the terminating \0 in the length which it should according to LoPAPR 7.3.16.1 - It now checks that the supplied buffer has at least enough space for the length of the returned data, and returns an error if it does not. Signed-off-by: David Gibson Reviewed-by: Alexey Kardashevskiy --- hw/ppc/spapr_rtas.c | 21 +++++++++++++++++---- include/hw/ppc/spapr.h | 28 +++++++++------------------- 2 files changed, 26 insertions(+), 23 deletions(-) diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c index f3ead8c1ced6..ab11b32f324c 100644 --- a/hw/ppc/spapr_rtas.c +++ b/hw/ppc/spapr_rtas.c @@ -229,6 +229,19 @@ static void rtas_stop_self(PowerPCCPU *cpu, sPAPRMachineState *spapr, env->msr = 0; } +static inline int sysparm_st(target_ulong addr, target_ulong len, + const void *val, uint16_t vallen) +{ + hwaddr phys = ppc64_phys_to_real(addr); + + if (len < 2) { + return RTAS_OUT_SYSPARM_PARAM_ERROR; + } + stw_be_phys(&address_space_memory, phys, vallen); + cpu_physical_memory_write(phys + 2, val, MIN(len - 2, vallen)); + return RTAS_OUT_SUCCESS; +} + static void rtas_ibm_get_system_parameter(PowerPCCPU *cpu, sPAPRMachineState *spapr, uint32_t token, uint32_t nargs, @@ -238,7 +251,7 @@ static void rtas_ibm_get_system_parameter(PowerPCCPU *cpu, target_ulong parameter = rtas_ld(args, 0); target_ulong buffer = rtas_ld(args, 1); target_ulong length = rtas_ld(args, 2); - target_ulong ret = RTAS_OUT_SUCCESS; + target_ulong ret; switch (parameter) { case RTAS_SYSPARM_SPLPAR_CHARACTERISTICS: { @@ -250,18 +263,18 @@ static void rtas_ibm_get_system_parameter(PowerPCCPU *cpu, current_machine->ram_size / M_BYTE, smp_cpus, max_cpus); - rtas_st_buffer(buffer, length, (uint8_t *)param_val, strlen(param_val)); + ret = sysparm_st(buffer, length, param_val, strlen(param_val) + 1); g_free(param_val); break; } case RTAS_SYSPARM_DIAGNOSTICS_RUN_MODE: { uint8_t param_val = DIAGNOSTICS_RUN_MODE_DISABLED; - rtas_st_buffer(buffer, length, ¶m_val, sizeof(param_val)); + ret = sysparm_st(buffer, length, ¶m_val, sizeof(param_val)); break; } case RTAS_SYSPARM_UUID: - rtas_st_buffer(buffer, length, qemu_uuid, (qemu_uuid_set ? 16 : 0)); + ret = sysparm_st(buffer, length, qemu_uuid, (qemu_uuid_set ? 16 : 0)); break; default: ret = RTAS_OUT_NOT_SUPPORTED; diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h index 53af76a93ca3..1e10fc95a9f4 100644 --- a/include/hw/ppc/spapr.h +++ b/include/hw/ppc/spapr.h @@ -408,14 +408,15 @@ int spapr_allocate_irq_block(int num, bool lsi, bool msi); #define RTAS_SLOT_PERM_ERR_LOG 2 /* RTAS return codes */ -#define RTAS_OUT_SUCCESS 0 -#define RTAS_OUT_NO_ERRORS_FOUND 1 -#define RTAS_OUT_HW_ERROR -1 -#define RTAS_OUT_BUSY -2 -#define RTAS_OUT_PARAM_ERROR -3 -#define RTAS_OUT_NOT_SUPPORTED -3 -#define RTAS_OUT_NO_SUCH_INDICATOR -3 -#define RTAS_OUT_NOT_AUTHORIZED -9002 +#define RTAS_OUT_SUCCESS 0 +#define RTAS_OUT_NO_ERRORS_FOUND 1 +#define RTAS_OUT_HW_ERROR -1 +#define RTAS_OUT_BUSY -2 +#define RTAS_OUT_PARAM_ERROR -3 +#define RTAS_OUT_NOT_SUPPORTED -3 +#define RTAS_OUT_NO_SUCH_INDICATOR -3 +#define RTAS_OUT_NOT_AUTHORIZED -9002 +#define RTAS_OUT_SYSPARM_PARAM_ERROR -9999 /* RTAS tokens */ #define RTAS_TOKEN_BASE 0x2000 @@ -513,17 +514,6 @@ static inline void rtas_st_buffer_direct(target_ulong phys, MIN(buffer_len, phys_len)); } -static inline void rtas_st_buffer(target_ulong phys, target_ulong phys_len, - uint8_t *buffer, uint16_t buffer_len) -{ - if (phys_len < 2) { - return; - } - stw_be_phys(&address_space_memory, - ppc64_phys_to_real(phys), buffer_len); - rtas_st_buffer_direct(phys + 2, phys_len - 2, buffer, buffer_len); -} - typedef void (*spapr_rtas_fn)(PowerPCCPU *cpu, sPAPRMachineState *sm, uint32_t token, uint32_t nargs, target_ulong args, From f201987b843910ae929c5ed66700d910b29e9c15 Mon Sep 17 00:00:00 2001 From: David Gibson Date: Tue, 19 Jan 2016 15:57:54 +1100 Subject: [PATCH 08/40] spapr: Remove rtas_st_buffer_direct() rtas_st_buffer_direct() is a not particularly useful wrapper around cpu_physical_memory_write(). All the callers are in rtas_ibm_configure_connector, where it's better handled by local helper. Signed-off-by: David Gibson Reviewed-by: Alexey Kardashevskiy --- hw/ppc/spapr_rtas.c | 17 ++++++++++------- include/hw/ppc/spapr.h | 8 -------- 2 files changed, 10 insertions(+), 15 deletions(-) diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c index ab11b32f324c..19e903d70051 100644 --- a/hw/ppc/spapr_rtas.c +++ b/hw/ppc/spapr_rtas.c @@ -506,6 +506,13 @@ static void rtas_get_sensor_state(PowerPCCPU *cpu, sPAPRMachineState *spapr, #define CC_VAL_DATA_OFFSET ((CC_IDX_PROP_DATA_OFFSET + 1) * 4) #define CC_WA_LEN 4096 +static void configure_connector_st(target_ulong addr, target_ulong offset, + const void *buf, size_t len) +{ + cpu_physical_memory_write(ppc64_phys_to_real(addr + offset), + buf, MIN(len, CC_WA_LEN - offset)); +} + static void rtas_ibm_configure_connector(PowerPCCPU *cpu, sPAPRMachineState *spapr, uint32_t token, uint32_t nargs, @@ -571,8 +578,7 @@ static void rtas_ibm_configure_connector(PowerPCCPU *cpu, /* provide the name of the next OF node */ wa_offset = CC_VAL_DATA_OFFSET; rtas_st(wa_addr, CC_IDX_NODE_NAME_OFFSET, wa_offset); - rtas_st_buffer_direct(wa_addr + wa_offset, CC_WA_LEN - wa_offset, - (uint8_t *)name, strlen(name) + 1); + configure_connector_st(wa_addr, wa_offset, name, strlen(name) + 1); resp = SPAPR_DR_CC_RESPONSE_NEXT_CHILD; break; case FDT_END_NODE: @@ -597,8 +603,7 @@ static void rtas_ibm_configure_connector(PowerPCCPU *cpu, /* provide the name of the next OF property */ wa_offset = CC_VAL_DATA_OFFSET; rtas_st(wa_addr, CC_IDX_PROP_NAME_OFFSET, wa_offset); - rtas_st_buffer_direct(wa_addr + wa_offset, CC_WA_LEN - wa_offset, - (uint8_t *)name, strlen(name) + 1); + configure_connector_st(wa_addr, wa_offset, name, strlen(name) + 1); /* provide the length and value of the OF property. data gets * placed immediately after NULL terminator of the OF property's @@ -607,9 +612,7 @@ static void rtas_ibm_configure_connector(PowerPCCPU *cpu, wa_offset += strlen(name) + 1, rtas_st(wa_addr, CC_IDX_PROP_LEN, prop_len); rtas_st(wa_addr, CC_IDX_PROP_DATA_OFFSET, wa_offset); - rtas_st_buffer_direct(wa_addr + wa_offset, CC_WA_LEN - wa_offset, - (uint8_t *)((struct fdt_property *)prop)->data, - prop_len); + configure_connector_st(wa_addr, wa_offset, prop->data, prop_len); resp = SPAPR_DR_CC_RESPONSE_NEXT_PROPERTY; break; case FDT_END: diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h index 1e10fc95a9f4..1f9e722545d3 100644 --- a/include/hw/ppc/spapr.h +++ b/include/hw/ppc/spapr.h @@ -506,14 +506,6 @@ static inline void rtas_st(target_ulong phys, int n, uint32_t val) stl_be_phys(&address_space_memory, ppc64_phys_to_real(phys + 4*n), val); } -static inline void rtas_st_buffer_direct(target_ulong phys, - target_ulong phys_len, - uint8_t *buffer, uint16_t buffer_len) -{ - cpu_physical_memory_write(ppc64_phys_to_real(phys), buffer, - MIN(buffer_len, phys_len)); -} - typedef void (*spapr_rtas_fn)(PowerPCCPU *cpu, sPAPRMachineState *sm, uint32_t token, uint32_t nargs, target_ulong args, From 27ac3e06d59a2c37cdc5997f65ff82e104ec798a Mon Sep 17 00:00:00 2001 From: David Gibson Date: Tue, 19 Jan 2016 15:57:59 +1100 Subject: [PATCH 09/40] spapr: Remove abuse of rtas_ld() in h_client_architecture_support h_client_architecture_support() uses rtas_ld() for general purpose memory access, despite the fact that it's not an RTAS routine at all and rtas_ld makes things more awkward. Clean this up by replacing rtas_ld() calls with appropriate ldXX_phys() calls. Signed-off-by: David Gibson Reviewed-by: Alexey Kardashevskiy --- hw/ppc/spapr_hcall.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c index 51083cd75646..fdd7feaf70f7 100644 --- a/hw/ppc/spapr_hcall.c +++ b/hw/ppc/spapr_hcall.c @@ -862,7 +862,8 @@ static target_ulong h_client_architecture_support(PowerPCCPU *cpu_, target_ulong opcode, target_ulong *args) { - target_ulong list = args[0], ov_table; + target_ulong list = ppc64_phys_to_real(args[0]); + target_ulong ov_table, ov5; PowerPCCPUClass *pcc_ = POWERPC_CPU_GET_CLASS(cpu_); CPUState *cs; bool cpu_match = false, cpu_update = true, memory_update = false; @@ -876,9 +877,9 @@ static target_ulong h_client_architecture_support(PowerPCCPU *cpu_, for (counter = 0; counter < 512; ++counter) { uint32_t pvr, pvr_mask; - pvr_mask = rtas_ld(list, 0); + pvr_mask = ldl_be_phys(&address_space_memory, list); list += 4; - pvr = rtas_ld(list, 0); + pvr = ldl_be_phys(&address_space_memory, list); list += 4; trace_spapr_cas_pvr_try(pvr); @@ -949,14 +950,13 @@ static target_ulong h_client_architecture_support(PowerPCCPU *cpu_, /* For the future use: here @ov_table points to the first option vector */ ov_table = list; - list = cas_get_option_vector(5, ov_table); - if (!list) { + ov5 = cas_get_option_vector(5, ov_table); + if (!ov5) { return H_SUCCESS; } /* @list now points to OV 5 */ - list += 2; - ov5_byte2 = rtas_ld(list, 0) >> 24; + ov5_byte2 = ldub_phys(&address_space_memory, ov5 + 2); if (ov5_byte2 & OV5_DRCONF_MEMORY) { memory_update = true; } From 16c25aef5362c6dd99c54fec78936ec3c10dc513 Mon Sep 17 00:00:00 2001 From: Bharata B Rao Date: Tue, 19 Jan 2016 10:09:21 +0530 Subject: [PATCH 10/40] spapr: Don't create ibm,dynamic-reconfiguration-memory w/o DR LMBs If guest doesn't have any dynamically reconfigurable (DR) logical memory blocks (LMB), then we shouldn't create ibm,dynamic-reconfiguration-memory device tree node. Signed-off-by: Bharata B Rao Signed-off-by: David Gibson --- hw/ppc/spapr.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index 08da895cbad1..0ac636890cdf 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -763,6 +763,13 @@ static int spapr_populate_drconf_memory(sPAPRMachineState *spapr, void *fdt) uint32_t *int_buf, *cur_index, buf_len; int nr_nodes = nb_numa_nodes ? nb_numa_nodes : 1; + /* + * Don't create the node if there are no DR LMBs. + */ + if (!nr_lmbs) { + return 0; + } + /* * Allocate enough buffer size to fit in ibm,dynamic-memory * or ibm,associativity-lookup-arrays @@ -869,7 +876,7 @@ int spapr_h_cas_compose_response(sPAPRMachineState *spapr, _FDT((spapr_fixup_cpu_dt(fdt, spapr))); } - /* Generate memory nodes or ibm,dynamic-reconfiguration-memory node */ + /* Generate ibm,dynamic-reconfiguration-memory node if required */ if (memory_update && smc->dr_lmb_enabled) { _FDT((spapr_populate_drconf_memory(spapr, fdt))); } From f9ab1e87edae8a72ae2a65fad658a77ad15d4da0 Mon Sep 17 00:00:00 2001 From: David Gibson Date: Wed, 20 Jan 2016 12:58:07 +1100 Subject: [PATCH 11/40] ppc: Clean up error handling in ppc_set_compat() Current ppc_set_compat() returns -1 for errors, and also (unconditionally) reports an error message. The caller in h_client_architecture_support() may then report it again using an outdated fprintf(). Clean this up by using the modern error reporting mechanisms. Also add strerror(errno) to the error message. Signed-off-by: David Gibson Reviewed-by: Thomas Huth Reviewed-by: Alexey Kardashevskiy Reviewed-by: Markus Armbruster --- hw/ppc/spapr.c | 4 +--- hw/ppc/spapr_hcall.c | 10 +++++----- target-ppc/cpu.h | 2 +- target-ppc/translate_init.c | 13 +++++++------ 4 files changed, 14 insertions(+), 15 deletions(-) diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index 0ac636890cdf..8862d188f100 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -1643,9 +1643,7 @@ static void spapr_cpu_init(sPAPRMachineState *spapr, PowerPCCPU *cpu) } if (cpu->max_compat) { - if (ppc_set_compat(cpu, cpu->max_compat) < 0) { - exit(1); - } + ppc_set_compat(cpu, cpu->max_compat, &error_fatal); } xics_cpu_setup(spapr->icp, cpu); diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c index fdd7feaf70f7..655c4338b2e8 100644 --- a/hw/ppc/spapr_hcall.c +++ b/hw/ppc/spapr_hcall.c @@ -838,7 +838,7 @@ static target_ulong cas_get_option_vector(int vector, target_ulong table) typedef struct { PowerPCCPU *cpu; uint32_t cpu_version; - int ret; + Error *err; } SetCompatState; static void do_set_compat(void *arg) @@ -846,7 +846,7 @@ static void do_set_compat(void *arg) SetCompatState *s = arg; cpu_synchronize_state(CPU(s->cpu)); - s->ret = ppc_set_compat(s->cpu, s->cpu_version); + ppc_set_compat(s->cpu, s->cpu_version, &s->err); } #define get_compat_level(cpuver) ( \ @@ -931,13 +931,13 @@ static target_ulong h_client_architecture_support(PowerPCCPU *cpu_, SetCompatState s = { .cpu = POWERPC_CPU(cs), .cpu_version = cpu_version, - .ret = 0 + .err = NULL, }; run_on_cpu(cs, do_set_compat, &s); - if (s.ret < 0) { - fprintf(stderr, "Unable to set compatibility mode\n"); + if (s.err) { + error_report_err(s.err); return H_HARDWARE; } } diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h index 9706000f8bf1..b3b89e6a5920 100644 --- a/target-ppc/cpu.h +++ b/target-ppc/cpu.h @@ -1210,7 +1210,7 @@ void ppc_store_msr (CPUPPCState *env, target_ulong value); void ppc_cpu_list (FILE *f, fprintf_function cpu_fprintf); int ppc_get_compat_smt_threads(PowerPCCPU *cpu); -int ppc_set_compat(PowerPCCPU *cpu, uint32_t cpu_version); +void ppc_set_compat(PowerPCCPU *cpu, uint32_t cpu_version, Error **errp); /* Time-base and decrementer management */ #ifndef NO_CPU_IO_DEFS diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c index 76d5da1733bb..78c2811988c9 100644 --- a/target-ppc/translate_init.c +++ b/target-ppc/translate_init.c @@ -9185,7 +9185,7 @@ int ppc_get_compat_smt_threads(PowerPCCPU *cpu) return ret; } -int ppc_set_compat(PowerPCCPU *cpu, uint32_t cpu_version) +void ppc_set_compat(PowerPCCPU *cpu, uint32_t cpu_version, Error **errp) { int ret = 0; CPUPPCState *env = &cpu->env; @@ -9207,12 +9207,13 @@ int ppc_set_compat(PowerPCCPU *cpu, uint32_t cpu_version) break; } - if (kvm_enabled() && kvmppc_set_compat(cpu, cpu->cpu_version) < 0) { - error_report("Unable to set compatibility mode in KVM"); - ret = -1; + if (kvm_enabled()) { + ret = kvmppc_set_compat(cpu, cpu->cpu_version); + if (ret < 0) { + error_setg_errno(errp, -ret, + "Unable to set CPU compatibility mode in KVM"); + } } - - return ret; } static gint ppc_cpu_compare_class_pvr(gconstpointer a, gconstpointer b) From 569f49671dde92bb2bf55d4d2f32537e04c3c7c8 Mon Sep 17 00:00:00 2001 From: David Gibson Date: Wed, 20 Jan 2016 12:58:21 +1100 Subject: [PATCH 12/40] pseries: Clean up error handling of spapr_cpu_init() Currently spapr_cpu_init() is hardcoded to handle any errors as fatal. That works for now, since it's only called from initial setup where an error here means we really can't proceed. However, we'll want to handle this more flexibly for cpu hotplug in future so generalize this using the error reporting infrastructure. While we're at it make a small cleanup in a related part of ppc_spapr_init() to use error_report() instead of an old-style explicit fprintf(). Signed-off-by: David Gibson Reviewed-by: Bharata B Rao Reviewed-by: Alexey Kardashevskiy Reviewed-by: Markus Armbruster --- hw/ppc/spapr.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index 8862d188f100..61653aeae4c0 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -1625,7 +1625,8 @@ static void spapr_boot_set(void *opaque, const char *boot_device, machine->boot_order = g_strdup(boot_device); } -static void spapr_cpu_init(sPAPRMachineState *spapr, PowerPCCPU *cpu) +static void spapr_cpu_init(sPAPRMachineState *spapr, PowerPCCPU *cpu, + Error **errp) { CPUPPCState *env = &cpu->env; @@ -1643,7 +1644,13 @@ static void spapr_cpu_init(sPAPRMachineState *spapr, PowerPCCPU *cpu) } if (cpu->max_compat) { - ppc_set_compat(cpu, cpu->max_compat, &error_fatal); + Error *local_err = NULL; + + ppc_set_compat(cpu, cpu->max_compat, &local_err); + if (local_err) { + error_propagate(errp, local_err); + return; + } } xics_cpu_setup(spapr->icp, cpu); @@ -1812,10 +1819,10 @@ static void ppc_spapr_init(MachineState *machine) for (i = 0; i < smp_cpus; i++) { cpu = cpu_ppc_init(machine->cpu_model); if (cpu == NULL) { - fprintf(stderr, "Unable to find PowerPC CPU definition\n"); + error_report("Unable to find PowerPC CPU definition"); exit(1); } - spapr_cpu_init(spapr, cpu); + spapr_cpu_init(spapr, cpu, &error_fatal); } if (kvm_enabled()) { From 7c150d6f04f23dbcb4402bd5e16a8c86757a727a Mon Sep 17 00:00:00 2001 From: David Gibson Date: Mon, 25 Jan 2016 22:46:47 +1100 Subject: [PATCH 13/40] pseries: Clean up error handling in spapr_validate_node_memory() Use error_setg() and return an error, rather than using an explicit exit(). Also improve messages, and be more explicit about which constraint failed. Signed-off-by: David Gibson Reviewed-by: Bharata B Rao Reviewed-by: Thomas Huth Reviewed-by: Alexey Kardashevskiy Reviewed-by: Markus Armbruster --- hw/ppc/spapr.c | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index 61653aeae4c0..4e6ee6d656f3 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -1699,27 +1699,34 @@ static void spapr_create_lmb_dr_connectors(sPAPRMachineState *spapr) * to SPAPR_MEMORY_BLOCK_SIZE(256MB), then refuse to start the guest * since we can't support such unaligned sizes with DRCONF_MEMORY. */ -static void spapr_validate_node_memory(MachineState *machine) +static void spapr_validate_node_memory(MachineState *machine, Error **errp) { int i; - if (machine->maxram_size % SPAPR_MEMORY_BLOCK_SIZE || - machine->ram_size % SPAPR_MEMORY_BLOCK_SIZE) { - error_report("Can't support memory configuration where RAM size " - "0x" RAM_ADDR_FMT " or maxmem size " - "0x" RAM_ADDR_FMT " isn't aligned to %llu MB", - machine->ram_size, machine->maxram_size, - SPAPR_MEMORY_BLOCK_SIZE/M_BYTE); - exit(EXIT_FAILURE); + if (machine->ram_size % SPAPR_MEMORY_BLOCK_SIZE) { + error_setg(errp, "Memory size 0x" RAM_ADDR_FMT + " is not aligned to %llu MiB", + machine->ram_size, + SPAPR_MEMORY_BLOCK_SIZE / M_BYTE); + return; + } + + if (machine->maxram_size % SPAPR_MEMORY_BLOCK_SIZE) { + error_setg(errp, "Maximum memory size 0x" RAM_ADDR_FMT + " is not aligned to %llu MiB", + machine->ram_size, + SPAPR_MEMORY_BLOCK_SIZE / M_BYTE); + return; } for (i = 0; i < nb_numa_nodes; i++) { if (numa_info[i].node_mem % SPAPR_MEMORY_BLOCK_SIZE) { - error_report("Can't support memory configuration where memory size" - " %" PRIx64 " of node %d isn't aligned to %llu MB", - numa_info[i].node_mem, i, - SPAPR_MEMORY_BLOCK_SIZE/M_BYTE); - exit(EXIT_FAILURE); + error_setg(errp, + "Node %d memory size 0x%" PRIx64 + " is not aligned to %llu MiB", + i, numa_info[i].node_mem, + SPAPR_MEMORY_BLOCK_SIZE / M_BYTE); + return; } } } @@ -1809,7 +1816,7 @@ static void ppc_spapr_init(MachineState *machine) XICS_IRQS); if (smc->dr_lmb_enabled) { - spapr_validate_node_memory(machine); + spapr_validate_node_memory(machine, &error_fatal); } /* init CPUs */ From 14c6a8949799573570b62cf50c519a3b34a2499b Mon Sep 17 00:00:00 2001 From: David Gibson Date: Wed, 20 Jan 2016 12:58:39 +1100 Subject: [PATCH 14/40] pseries: Clean up error handling in spapr_vga_init() Use error_setg() to return an error rather than an explicit exit(). Previously it was an exit(0) instead of a non-zero exit code, which was simply a bug. Also improve the error message. While we're at it change the type of spapr_vga_init() to bool since that's how we're using it anyway. Signed-off-by: David Gibson Reviewed-by: Thomas Huth Reviewed-by: Alexey Kardashevskiy Reviewed-by: Markus Armbruster --- hw/ppc/spapr.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index 4e6ee6d656f3..3f90e5098c83 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -1246,7 +1246,7 @@ static void spapr_rtc_create(sPAPRMachineState *spapr) } /* Returns whether we want to use VGA or not */ -static int spapr_vga_init(PCIBus *pci_bus) +static bool spapr_vga_init(PCIBus *pci_bus, Error **errp) { switch (vga_interface_type) { case VGA_NONE: @@ -1257,9 +1257,9 @@ static int spapr_vga_init(PCIBus *pci_bus) case VGA_VIRTIO: return pci_vga_init(pci_bus) != NULL; default: - fprintf(stderr, "This vga model is not supported," - "currently it only supports -vga std\n"); - exit(0); + error_setg(errp, + "Unsupported VGA mode, only -vga std or -vga virtio is supported"); + return false; } } @@ -1934,7 +1934,7 @@ static void ppc_spapr_init(MachineState *machine) } /* Graphics */ - if (spapr_vga_init(phb->bus)) { + if (spapr_vga_init(phb->bus, &error_fatal)) { spapr->has_graphics = true; machine->usb |= defaults_enabled() && !machine->usb_disabled; } From adf9ac50dbb183f83c4f430738e0271a1a2039aa Mon Sep 17 00:00:00 2001 From: David Gibson Date: Wed, 20 Jan 2016 12:58:44 +1100 Subject: [PATCH 15/40] pseries: Clean up error handling in spapr_rtas_register() The errors detected in this function necessarily indicate bugs in the rest of the qemu code, rather than an external or configuration problem. So, a simple assert() is more appropriate than any more complex error reporting. Signed-off-by: David Gibson Reviewed-by: Thomas Huth Reviewed-by: Alexey Kardashevskiy Reviewed-by: Markus Armbruster --- hw/ppc/spapr_rtas.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c index 19e903d70051..07ad672e5a65 100644 --- a/hw/ppc/spapr_rtas.c +++ b/hw/ppc/spapr_rtas.c @@ -665,17 +665,11 @@ target_ulong spapr_rtas_call(PowerPCCPU *cpu, sPAPRMachineState *spapr, void spapr_rtas_register(int token, const char *name, spapr_rtas_fn fn) { - if (!((token >= RTAS_TOKEN_BASE) && (token < RTAS_TOKEN_MAX))) { - fprintf(stderr, "RTAS invalid token 0x%x\n", token); - exit(1); - } + assert((token >= RTAS_TOKEN_BASE) && (token < RTAS_TOKEN_MAX)); token -= RTAS_TOKEN_BASE; - if (rtas_table[token].name) { - fprintf(stderr, "RTAS call \"%s\" is registered already as 0x%x\n", - rtas_table[token].name, token); - exit(1); - } + + assert(!rtas_table[token].name); rtas_table[token].name = name; rtas_table[token].fn = fn; From 1e49182d05016756be3c7c43a4934f5104717512 Mon Sep 17 00:00:00 2001 From: David Gibson Date: Wed, 20 Jan 2016 12:58:48 +1100 Subject: [PATCH 16/40] pseries: Clean up error handling in xics_system_init() Use the error handling infrastructure to pass an error out from try_create_xics() instead of assuming &error_abort - the caller is in a better position to decide on error handling policy. Also change the error handling from an &error_abort to &error_fatal, since this occurs during the initial machine construction and could be triggered by bad configuration rather than a program error. Signed-off-by: David Gibson Reviewed-by: Thomas Huth Reviewed-by: Alexey Kardashevskiy Reviewed-by: Markus Armbruster --- hw/ppc/spapr.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index 3f90e5098c83..1281e076e630 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -112,7 +112,7 @@ static XICSState *try_create_xics(const char *type, int nr_servers, } static XICSState *xics_system_init(MachineState *machine, - int nr_servers, int nr_irqs) + int nr_servers, int nr_irqs, Error **errp) { XICSState *icp = NULL; @@ -131,7 +131,7 @@ static XICSState *xics_system_init(MachineState *machine, } if (!icp) { - icp = try_create_xics(TYPE_XICS, nr_servers, nr_irqs, &error_abort); + icp = try_create_xics(TYPE_XICS, nr_servers, nr_irqs, errp); } return icp; @@ -1813,7 +1813,7 @@ static void ppc_spapr_init(MachineState *machine) spapr->icp = xics_system_init(machine, DIV_ROUND_UP(max_cpus * kvmppc_smt_threads(), smp_threads), - XICS_IRQS); + XICS_IRQS, &error_fatal); if (smc->dr_lmb_enabled) { spapr_validate_node_memory(machine, &error_fatal); From d54e4d7659ebecd0e1fa7ffc3e954197e09f8a1f Mon Sep 17 00:00:00 2001 From: David Gibson Date: Wed, 20 Jan 2016 12:58:55 +1100 Subject: [PATCH 17/40] pseries: Clean up error reporting in ppc_spapr_init() This function includes a number of explicit fprintf()s for errors. Change these to use error_report() instead. Also replace the single exit(EXIT_FAILURE) with an explicit exit(1), since the latter is the more usual idiom in qemu by a large margin. Signed-off-by: David Gibson Reviewed-by: Alexey Kardashevskiy Reviewed-by: Markus Armbruster --- hw/ppc/spapr.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index 1281e076e630..c05ddfb5d12b 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -1789,8 +1789,8 @@ static void ppc_spapr_init(MachineState *machine) } if (spapr->rma_size > node0_size) { - fprintf(stderr, "Error: Numa node 0 has to span the RMA (%#08"HWADDR_PRIx")\n", - spapr->rma_size); + error_report("Numa node 0 has to span the RMA (%#08"HWADDR_PRIx")", + spapr->rma_size); exit(1); } @@ -1856,10 +1856,10 @@ static void ppc_spapr_init(MachineState *machine) ram_addr_t hotplug_mem_size = machine->maxram_size - machine->ram_size; if (machine->ram_slots > SPAPR_MAX_RAM_SLOTS) { - error_report("Specified number of memory slots %" PRIu64 - " exceeds max supported %d", + error_report("Specified number of memory slots %" + PRIu64" exceeds max supported %d", machine->ram_slots, SPAPR_MAX_RAM_SLOTS); - exit(EXIT_FAILURE); + exit(1); } spapr->hotplug_memory.base = ROUND_UP(machine->ram_size, @@ -1955,8 +1955,9 @@ static void ppc_spapr_init(MachineState *machine) } if (spapr->rma_size < (MIN_RMA_SLOF << 20)) { - fprintf(stderr, "qemu: pSeries SLOF firmware requires >= " - "%ldM guest RMA (Real Mode Area memory)\n", MIN_RMA_SLOF); + error_report( + "pSeries SLOF firmware requires >= %ldM guest RMA (Real Mode Area memory)", + MIN_RMA_SLOF); exit(1); } @@ -1972,8 +1973,8 @@ static void ppc_spapr_init(MachineState *machine) kernel_le = kernel_size > 0; } if (kernel_size < 0) { - fprintf(stderr, "qemu: error loading %s: %s\n", - kernel_filename, load_elf_strerror(kernel_size)); + error_report("error loading %s: %s", + kernel_filename, load_elf_strerror(kernel_size)); exit(1); } @@ -1986,8 +1987,8 @@ static void ppc_spapr_init(MachineState *machine) initrd_size = load_image_targphys(initrd_filename, initrd_base, load_limit - initrd_base); if (initrd_size < 0) { - fprintf(stderr, "qemu: could not load initial ram disk '%s'\n", - initrd_filename); + error_report("could not load initial ram disk '%s'", + initrd_filename); exit(1); } } else { From 98a5d100c2dfcc2b6daefd8c176eb34055e5b38d Mon Sep 17 00:00:00 2001 From: David Gibson Date: Wed, 20 Jan 2016 12:59:05 +1100 Subject: [PATCH 18/40] pseries: Clean up error reporting in htab migration functions The functions for migrating the hash page table on pseries machine type (htab_save_setup() and htab_load()) can report some errors with an explicit fprintf() before returning an appropriate error code. Change some of these to use error_report() instead. htab_save_setup() is omitted for now to avoid conflicts with some other in-progress work. Signed-off-by: David Gibson Reviewed-by: Thomas Huth Reviewed-by: Alexey Kardashevskiy Reviewed-by: Markus Armbruster --- hw/ppc/spapr.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index c05ddfb5d12b..5bd8fd3ef842 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -1534,7 +1534,7 @@ static int htab_load(QEMUFile *f, void *opaque, int version_id) int fd = -1; if (version_id < 1 || version_id > 1) { - fprintf(stderr, "htab_load() bad version\n"); + error_report("htab_load() bad version"); return -EINVAL; } @@ -1555,8 +1555,8 @@ static int htab_load(QEMUFile *f, void *opaque, int version_id) fd = kvmppc_get_htab_fd(true); if (fd < 0) { - fprintf(stderr, "Unable to open fd to restore KVM hash table: %s\n", - strerror(errno)); + error_report("Unable to open fd to restore KVM hash table: %s", + strerror(errno)); } } @@ -1576,9 +1576,9 @@ static int htab_load(QEMUFile *f, void *opaque, int version_id) if ((index + n_valid + n_invalid) > (HTAB_SIZE(spapr) / HASH_PTE_SIZE_64)) { /* Bad index in stream */ - fprintf(stderr, "htab_load() bad index %d (%hd+%hd entries) " - "in htab stream (htab_shift=%d)\n", index, n_valid, n_invalid, - spapr->htab_shift); + error_report( + "htab_load() bad index %d (%hd+%hd entries) in htab stream (htab_shift=%d)", + index, n_valid, n_invalid, spapr->htab_shift); return -EINVAL; } From 3a4b791b4c13e02537a5cc572fa3de70bc5f68da Mon Sep 17 00:00:00 2001 From: Greg Kurz Date: Fri, 15 Jan 2016 16:00:12 +0100 Subject: [PATCH 19/40] target-ppc: kvm: fix floating point registers sync on little-endian hosts On VSX capable CPUs, the 32 FP registers are mapped to the high-bits of the 32 first VSX registers. So if you have: VSR31 = (uint128) 0x0102030405060708090a0b0c0d0e0f00 then FPR31 = (uint64) 0x0102030405060708 The kernel stores the VSX registers in the fp_state struct following the host endian element ordering. On big-endian: fp_state.fpr[31][0] = 0x0102030405060708 fp_state.fpr[31][1] = 0x090a0b0c0d0e0f00 On little-endian: fp_state.fpr[31][0] = 0x090a0b0c0d0e0f00 fp_state.fpr[31][1] = 0x0102030405060708 The KVM_GET_ONE_REG and KVM_SET_ONE_REG ioctls preserve this ordering, but QEMU considers it as big-endian and always copies element [0] to the fpr[] array and element [1] to the vsr[] array. This does not work with little-endian hosts, and you will get: (qemu) p $f31 0x90a0b0c0d0e0f00 instead of: (qemu) p $f31 0x102030405060708 This patch fixes the element ordering for little-endian hosts. Signed-off-by: Greg Kurz Signed-off-by: David Gibson --- target-ppc/kvm.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c index c2e8912745af..60ff11948882 100644 --- a/target-ppc/kvm.c +++ b/target-ppc/kvm.c @@ -650,8 +650,13 @@ static int kvm_put_fp(CPUState *cs) for (i = 0; i < 32; i++) { uint64_t vsr[2]; +#ifdef HOST_WORDS_BIGENDIAN vsr[0] = float64_val(env->fpr[i]); vsr[1] = env->vsr[i]; +#else + vsr[0] = env->vsr[i]; + vsr[1] = float64_val(env->fpr[i]); +#endif reg.addr = (uintptr_t) &vsr; reg.id = vsx ? KVM_REG_PPC_VSR(i) : KVM_REG_PPC_FPR(i); @@ -721,10 +726,17 @@ static int kvm_get_fp(CPUState *cs) vsx ? "VSR" : "FPR", i, strerror(errno)); return ret; } else { +#ifdef HOST_WORDS_BIGENDIAN env->fpr[i] = vsr[0]; if (vsx) { env->vsr[i] = vsr[1]; } +#else + env->fpr[i] = vsr[1]; + if (vsx) { + env->vsr[i] = vsr[0]; + } +#endif } } } From 376dbce0e3abe456fb8c7a3cd40dc369f8b33d30 Mon Sep 17 00:00:00 2001 From: Greg Kurz Date: Fri, 15 Jan 2016 16:00:18 +0100 Subject: [PATCH 20/40] target-ppc: rename and export maybe_bswap_register() This helper will be used to support FP, Altivec and VSX registers when the guest is little-endian. Signed-off-by: Greg Kurz Signed-off-by: David Gibson --- target-ppc/cpu.h | 1 + target-ppc/gdbstub.c | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h index b3b89e6a5920..2bc96b4fa7be 100644 --- a/target-ppc/cpu.h +++ b/target-ppc/cpu.h @@ -2355,4 +2355,5 @@ int ppc_get_vcpu_dt_id(PowerPCCPU *cpu); */ PowerPCCPU *ppc_get_vcpu_by_dt_id(int cpu_dt_id); +void ppc_maybe_bswap_register(CPUPPCState *env, uint8_t *mem_buf, int len); #endif /* !defined (__CPU_PPC_H__) */ diff --git a/target-ppc/gdbstub.c b/target-ppc/gdbstub.c index ef4be2319989..569c380cfad2 100644 --- a/target-ppc/gdbstub.c +++ b/target-ppc/gdbstub.c @@ -88,7 +88,7 @@ static int ppc_gdb_register_len(int n) the proper ordering for the binary, and cannot be changed. For system mode, TARGET_WORDS_BIGENDIAN is always set, and we must check the current mode of the chip to see if we're running in little-endian. */ -static void maybe_bswap_register(CPUPPCState *env, uint8_t *mem_buf, int len) +void ppc_maybe_bswap_register(CPUPPCState *env, uint8_t *mem_buf, int len) { #ifndef CONFIG_USER_ONLY if (!msr_le) { @@ -158,7 +158,7 @@ int ppc_cpu_gdb_read_register(CPUState *cs, uint8_t *mem_buf, int n) break; } } - maybe_bswap_register(env, mem_buf, r); + ppc_maybe_bswap_register(env, mem_buf, r); return r; } @@ -214,7 +214,7 @@ int ppc_cpu_gdb_read_register_apple(CPUState *cs, uint8_t *mem_buf, int n) break; } } - maybe_bswap_register(env, mem_buf, r); + ppc_maybe_bswap_register(env, mem_buf, r); return r; } @@ -227,7 +227,7 @@ int ppc_cpu_gdb_write_register(CPUState *cs, uint8_t *mem_buf, int n) if (!r) { return r; } - maybe_bswap_register(env, mem_buf, r); + ppc_maybe_bswap_register(env, mem_buf, r); if (n < 32) { /* gprs */ env->gpr[n] = ldtul_p(mem_buf); @@ -277,7 +277,7 @@ int ppc_cpu_gdb_write_register_apple(CPUState *cs, uint8_t *mem_buf, int n) if (!r) { return r; } - maybe_bswap_register(env, mem_buf, r); + ppc_maybe_bswap_register(env, mem_buf, r); if (n < 32) { /* gprs */ env->gpr[n] = ldq_p(mem_buf); From 385abeb3e356452eace44f3fe15e18c2532dcaa7 Mon Sep 17 00:00:00 2001 From: Greg Kurz Date: Fri, 15 Jan 2016 16:00:25 +0100 Subject: [PATCH 21/40] target-ppc: gdbstub: fix float registers for little-endian guests Let's reuse the ppc_maybe_bswap_register() helper, like we already do with the general registers. Signed-off-by: Greg Kurz Signed-off-by: David Gibson --- target-ppc/translate_init.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c index 78c2811988c9..031c71e617a7 100644 --- a/target-ppc/translate_init.c +++ b/target-ppc/translate_init.c @@ -8754,10 +8754,12 @@ static int gdb_get_float_reg(CPUPPCState *env, uint8_t *mem_buf, int n) { if (n < 32) { stfq_p(mem_buf, env->fpr[n]); + ppc_maybe_bswap_register(env, mem_buf, 8); return 8; } if (n == 32) { stl_p(mem_buf, env->fpscr); + ppc_maybe_bswap_register(env, mem_buf, 4); return 4; } return 0; @@ -8766,10 +8768,12 @@ static int gdb_get_float_reg(CPUPPCState *env, uint8_t *mem_buf, int n) static int gdb_set_float_reg(CPUPPCState *env, uint8_t *mem_buf, int n) { if (n < 32) { + ppc_maybe_bswap_register(env, mem_buf, 8); env->fpr[n] = ldfq_p(mem_buf); return 8; } if (n == 32) { + ppc_maybe_bswap_register(env, mem_buf, 4); helper_store_fpscr(env, ldl_p(mem_buf), 0xffffffff); return 4; } From 87601e2d5c22d9c1fef0e09978d377f46336c1db Mon Sep 17 00:00:00 2001 From: Greg Kurz Date: Fri, 15 Jan 2016 16:00:31 +0100 Subject: [PATCH 22/40] target-ppc: gdbstub: introduce avr_need_swap() This helper will be used to support Altivec registers in little-endian guests. This patch does not change functionnality. Note: I had to put the helper some lines away from the gdb_*_avr_reg() routines to get a more readable patch. Signed-off-by: Greg Kurz Signed-off-by: David Gibson --- target-ppc/translate_init.c | 37 +++++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 14 deletions(-) diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c index 031c71e617a7..0d6d1154c581 100644 --- a/target-ppc/translate_init.c +++ b/target-ppc/translate_init.c @@ -8750,6 +8750,15 @@ static void dump_ppc_insns (CPUPPCState *env) } #endif +static bool avr_need_swap(CPUPPCState *env) +{ +#ifdef HOST_WORDS_BIGENDIAN + return false; +#else + return true; +#endif +} + static int gdb_get_float_reg(CPUPPCState *env, uint8_t *mem_buf, int n) { if (n < 32) { @@ -8783,13 +8792,13 @@ static int gdb_set_float_reg(CPUPPCState *env, uint8_t *mem_buf, int n) static int gdb_get_avr_reg(CPUPPCState *env, uint8_t *mem_buf, int n) { if (n < 32) { -#ifdef HOST_WORDS_BIGENDIAN - stq_p(mem_buf, env->avr[n].u64[0]); - stq_p(mem_buf+8, env->avr[n].u64[1]); -#else - stq_p(mem_buf, env->avr[n].u64[1]); - stq_p(mem_buf+8, env->avr[n].u64[0]); -#endif + if (!avr_need_swap(env)) { + stq_p(mem_buf, env->avr[n].u64[0]); + stq_p(mem_buf+8, env->avr[n].u64[1]); + } else { + stq_p(mem_buf, env->avr[n].u64[1]); + stq_p(mem_buf+8, env->avr[n].u64[0]); + } return 16; } if (n == 32) { @@ -8806,13 +8815,13 @@ static int gdb_get_avr_reg(CPUPPCState *env, uint8_t *mem_buf, int n) static int gdb_set_avr_reg(CPUPPCState *env, uint8_t *mem_buf, int n) { if (n < 32) { -#ifdef HOST_WORDS_BIGENDIAN - env->avr[n].u64[0] = ldq_p(mem_buf); - env->avr[n].u64[1] = ldq_p(mem_buf+8); -#else - env->avr[n].u64[1] = ldq_p(mem_buf); - env->avr[n].u64[0] = ldq_p(mem_buf+8); -#endif + if (!avr_need_swap(env)) { + env->avr[n].u64[0] = ldq_p(mem_buf); + env->avr[n].u64[1] = ldq_p(mem_buf+8); + } else { + env->avr[n].u64[1] = ldq_p(mem_buf); + env->avr[n].u64[0] = ldq_p(mem_buf+8); + } return 16; } if (n == 32) { From ea499e71506c91aa259a7fdccf1d6b2022f5b530 Mon Sep 17 00:00:00 2001 From: Greg Kurz Date: Fri, 15 Jan 2016 16:00:38 +0100 Subject: [PATCH 23/40] target-ppc: gdbstub: fix altivec registers for little-endian guests Altivec registers are 128-bit wide. They are stored in memory as two 64-bit values that must be byteswapped when the guest is little-endian. Let's reuse the ppc_maybe_bswap_register() helper for this. We also need to fix the ordering of the 64-bit elements according to the target endianness, for both system and user mode. Signed-off-by: Greg Kurz Signed-off-by: David Gibson --- target-ppc/translate_init.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c index 0d6d1154c581..11741413e53d 100644 --- a/target-ppc/translate_init.c +++ b/target-ppc/translate_init.c @@ -8753,9 +8753,9 @@ static void dump_ppc_insns (CPUPPCState *env) static bool avr_need_swap(CPUPPCState *env) { #ifdef HOST_WORDS_BIGENDIAN - return false; + return msr_le; #else - return true; + return !msr_le; #endif } @@ -8799,14 +8799,18 @@ static int gdb_get_avr_reg(CPUPPCState *env, uint8_t *mem_buf, int n) stq_p(mem_buf, env->avr[n].u64[1]); stq_p(mem_buf+8, env->avr[n].u64[0]); } + ppc_maybe_bswap_register(env, mem_buf, 8); + ppc_maybe_bswap_register(env, mem_buf + 8, 8); return 16; } if (n == 32) { stl_p(mem_buf, env->vscr); + ppc_maybe_bswap_register(env, mem_buf, 4); return 4; } if (n == 33) { stl_p(mem_buf, (uint32_t)env->spr[SPR_VRSAVE]); + ppc_maybe_bswap_register(env, mem_buf, 4); return 4; } return 0; @@ -8815,6 +8819,8 @@ static int gdb_get_avr_reg(CPUPPCState *env, uint8_t *mem_buf, int n) static int gdb_set_avr_reg(CPUPPCState *env, uint8_t *mem_buf, int n) { if (n < 32) { + ppc_maybe_bswap_register(env, mem_buf, 8); + ppc_maybe_bswap_register(env, mem_buf + 8, 8); if (!avr_need_swap(env)) { env->avr[n].u64[0] = ldq_p(mem_buf); env->avr[n].u64[1] = ldq_p(mem_buf+8); @@ -8825,10 +8831,12 @@ static int gdb_set_avr_reg(CPUPPCState *env, uint8_t *mem_buf, int n) return 16; } if (n == 32) { + ppc_maybe_bswap_register(env, mem_buf, 4); env->vscr = ldl_p(mem_buf); return 4; } if (n == 33) { + ppc_maybe_bswap_register(env, mem_buf, 4); env->spr[SPR_VRSAVE] = (target_ulong)ldl_p(mem_buf); return 4; } From 95f5b540abd964ac3bc9c63434d07681a5a175eb Mon Sep 17 00:00:00 2001 From: Greg Kurz Date: Fri, 15 Jan 2016 16:00:44 +0100 Subject: [PATCH 24/40] target-ppc: gdbstub: fix spe registers for little-endian guests Let's reuse the ppc_maybe_bswap_register() helper, like we already do with the general registers. Signed-off-by: Greg Kurz Signed-off-by: David Gibson --- target-ppc/translate_init.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c index 11741413e53d..fce68f389b5e 100644 --- a/target-ppc/translate_init.c +++ b/target-ppc/translate_init.c @@ -8848,6 +8848,7 @@ static int gdb_get_spe_reg(CPUPPCState *env, uint8_t *mem_buf, int n) if (n < 32) { #if defined(TARGET_PPC64) stl_p(mem_buf, env->gpr[n] >> 32); + ppc_maybe_bswap_register(env, mem_buf, 4); #else stl_p(mem_buf, env->gprh[n]); #endif @@ -8855,10 +8856,12 @@ static int gdb_get_spe_reg(CPUPPCState *env, uint8_t *mem_buf, int n) } if (n == 32) { stq_p(mem_buf, env->spe_acc); + ppc_maybe_bswap_register(env, mem_buf, 8); return 8; } if (n == 33) { stl_p(mem_buf, env->spe_fscr); + ppc_maybe_bswap_register(env, mem_buf, 4); return 4; } return 0; @@ -8869,7 +8872,11 @@ static int gdb_set_spe_reg(CPUPPCState *env, uint8_t *mem_buf, int n) if (n < 32) { #if defined(TARGET_PPC64) target_ulong lo = (uint32_t)env->gpr[n]; - target_ulong hi = (target_ulong)ldl_p(mem_buf) << 32; + target_ulong hi; + + ppc_maybe_bswap_register(env, mem_buf, 4); + + hi = (target_ulong)ldl_p(mem_buf) << 32; env->gpr[n] = lo | hi; #else env->gprh[n] = ldl_p(mem_buf); @@ -8877,10 +8884,12 @@ static int gdb_set_spe_reg(CPUPPCState *env, uint8_t *mem_buf, int n) return 4; } if (n == 32) { + ppc_maybe_bswap_register(env, mem_buf, 8); env->spe_acc = ldq_p(mem_buf); return 8; } if (n == 33) { + ppc_maybe_bswap_register(env, mem_buf, 4); env->spe_fscr = ldl_p(mem_buf); return 4; } From 1438eff302cbc6c85d477fd7181b8a9aeea2efd7 Mon Sep 17 00:00:00 2001 From: Anton Blanchard Date: Fri, 15 Jan 2016 16:00:51 +0100 Subject: [PATCH 25/40] target-ppc: gdbstub: Add VSX support Add the XML and functions to get and set VSX registers. Signed-off-by: Anton Blanchard (fixed little-endian guests) Signed-off-by: Greg Kurz Signed-off-by: David Gibson --- configure | 6 ++--- gdb-xml/power-vsx.xml | 44 +++++++++++++++++++++++++++++++++++++ target-ppc/translate_init.c | 24 ++++++++++++++++++++ 3 files changed, 71 insertions(+), 3 deletions(-) create mode 100644 gdb-xml/power-vsx.xml diff --git a/configure b/configure index 3506e4420f80..297bfc79972a 100755 --- a/configure +++ b/configure @@ -5702,20 +5702,20 @@ case "$target_name" in ppc64) TARGET_BASE_ARCH=ppc TARGET_ABI_DIR=ppc - gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml power-spe.xml" + gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml power-spe.xml power-vsx.xml" ;; ppc64le) TARGET_ARCH=ppc64 TARGET_BASE_ARCH=ppc TARGET_ABI_DIR=ppc - gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml power-spe.xml" + gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml power-spe.xml power-vsx.xml" ;; ppc64abi32) TARGET_ARCH=ppc64 TARGET_BASE_ARCH=ppc TARGET_ABI_DIR=ppc echo "TARGET_ABI32=y" >> $config_target_mak - gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml power-spe.xml" + gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml power-spe.xml power-vsx.xml" ;; sh4|sh4eb) TARGET_ARCH=sh4 diff --git a/gdb-xml/power-vsx.xml b/gdb-xml/power-vsx.xml new file mode 100644 index 000000000000..fd290e970b41 --- /dev/null +++ b/gdb-xml/power-vsx.xml @@ -0,0 +1,44 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c index fce68f389b5e..4d71a5d0c6c5 100644 --- a/target-ppc/translate_init.c +++ b/target-ppc/translate_init.c @@ -8896,6 +8896,26 @@ static int gdb_set_spe_reg(CPUPPCState *env, uint8_t *mem_buf, int n) return 0; } +static int gdb_get_vsx_reg(CPUPPCState *env, uint8_t *mem_buf, int n) +{ + if (n < 32) { + stq_p(mem_buf, env->vsr[n]); + ppc_maybe_bswap_register(env, mem_buf, 8); + return 8; + } + return 0; +} + +static int gdb_set_vsx_reg(CPUPPCState *env, uint8_t *mem_buf, int n) +{ + if (n < 32) { + ppc_maybe_bswap_register(env, mem_buf, 8); + env->vsr[n] = ldq_p(mem_buf); + return 8; + } + return 0; +} + static int ppc_fixup_cpu(PowerPCCPU *cpu) { CPUPPCState *env = &cpu->env; @@ -9001,6 +9021,10 @@ static void ppc_cpu_realizefn(DeviceState *dev, Error **errp) gdb_register_coprocessor(cs, gdb_get_spe_reg, gdb_set_spe_reg, 34, "power-spe.xml", 0); } + if (pcc->insns_flags2 & PPC2_VSX) { + gdb_register_coprocessor(cs, gdb_get_vsx_reg, gdb_set_vsx_reg, + 32, "power-vsx.xml", 0); + } qemu_init_vcpu(cs); From ecbc25fa86ce44cf5aea94adaf79ea8428f12f4b Mon Sep 17 00:00:00 2001 From: David Gibson Date: Thu, 21 Jan 2016 14:48:43 +1100 Subject: [PATCH 26/40] pseries: Allow TCG h_enter to work with hotplugged memory The implementation of the H_ENTER hypercall for PAPR guests needs to enforce correct access attributes on the inserted HPTE. This means determining if the HPTE's real address is a regular RAM address (which requires attributes for coherent access) or an IO address (which requires attributes for cache-inhibited access). At the moment this check is implemented with (raddr < machine->ram_size), but that only handles addresses in the base RAM area, not any hotplugged RAM. This patch corrects the problem with a new helper. Signed-off-by: David Gibson Reviewed-by: Alexey Kardashevskiy --- hw/ppc/spapr_hcall.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c index 655c4338b2e8..093d426dc853 100644 --- a/hw/ppc/spapr_hcall.c +++ b/hw/ppc/spapr_hcall.c @@ -85,10 +85,25 @@ static inline bool valid_pte_index(CPUPPCState *env, target_ulong pte_index) return true; } +static bool is_ram_address(sPAPRMachineState *spapr, hwaddr addr) +{ + MachineState *machine = MACHINE(spapr); + MemoryHotplugState *hpms = &spapr->hotplug_memory; + + if (addr < machine->ram_size) { + return true; + } + if ((addr >= hpms->base) + && ((addr - hpms->base) < memory_region_size(&hpms->mr))) { + return true; + } + + return false; +} + static target_ulong h_enter(PowerPCCPU *cpu, sPAPRMachineState *spapr, target_ulong opcode, target_ulong *args) { - MachineState *machine = MACHINE(spapr); CPUPPCState *env = &cpu->env; target_ulong flags = args[0]; target_ulong pte_index = args[1]; @@ -120,7 +135,7 @@ static target_ulong h_enter(PowerPCCPU *cpu, sPAPRMachineState *spapr, raddr = (ptel & HPTE64_R_RPN) & ~((1ULL << page_shift) - 1); - if (raddr < machine->ram_size) { + if (is_ram_address(spapr, raddr)) { /* Regular RAM - should have WIMG=0010 */ if ((ptel & HPTE64_R_WIMG) != HPTE64_R_M) { return H_PARAMETER; From ff472a5badf8e6d964455de39ca67ea3a7758dea Mon Sep 17 00:00:00 2001 From: Alyssa Milburn Date: Fri, 22 Jan 2016 23:07:24 +0000 Subject: [PATCH 27/40] cuda.c: return error for unknown commands This avoids MacsBug hanging at startup in the absence of ADB mouse input, by replying with an error (which is also what MOL does) when it sends an unknown command (0x1c). Signed-off-by: Alyssa Milburn Signed-off-by: David Gibson --- hw/misc/macio/cuda.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hw/misc/macio/cuda.c b/hw/misc/macio/cuda.c index 0bd90e84565f..316c1ac8da58 100644 --- a/hw/misc/macio/cuda.c +++ b/hw/misc/macio/cuda.c @@ -606,6 +606,11 @@ static void cuda_receive_packet(CUDAState *s, } break; default: + obuf[0] = ERROR_PACKET; + obuf[1] = 0x2; + obuf[2] = CUDA_PACKET; + obuf[3] = data[0]; + cuda_send_packet_to_host(s, obuf, 4); break; } } From 98ae3b27d57b59c6dc9a74e6351e339523c16def Mon Sep 17 00:00:00 2001 From: Programmingkid Date: Fri, 22 Jan 2016 11:09:23 -0500 Subject: [PATCH 28/40] uninorth.c: add support for UniNorth kMacRISCPCIAddressSelect (0x48) register Darwin/OS X use the undocumented kMacRISCPCIAddressSelect (0x48) to configure PCI memory space size for mac99 machines. Without this register, warnings similar to below are emitted to the console during boot: AppleMacRiscPCI: bad range 2(80000000:01000000) AppleMacRiscPCI: bad range 2(81000000:00001000) AppleMacRiscPCI: bad range 2(81080000:00080000) Based upon the algorithm in Darwin's AppleMacRiscPCI.cpp driver, set the kMacRISCPCIAddressSelect register so that Darwin considers the PCI memory space to be at 0x80000000 (size 0x10000000) which matches that currently used by QEMU and OpenBIOS. Signed-off-by: John Arbuckle Tested-by: Mark Cave-Ayland [commit message and comment revised as suggested by Mark Cave-Ayland] Signed-off-by: David Gibson --- hw/pci-host/uninorth.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hw/pci-host/uninorth.c b/hw/pci-host/uninorth.c index 778f8e6045d2..40a2e3e6b45c 100644 --- a/hw/pci-host/uninorth.c +++ b/hw/pci-host/uninorth.c @@ -331,6 +331,15 @@ static void unin_agp_pci_host_realize(PCIDevice *d, Error **errp) d->config[0x0C] = 0x08; // cache_line_size d->config[0x0D] = 0x10; // latency_timer // d->config[0x34] = 0x80; // capabilities_pointer + /* + * Set kMacRISCPCIAddressSelect (0x48) register to indicate PCI + * memory space with base 0x80000000, size 0x10000000 for Apple's + * AppleMacRiscPCI driver + */ + d->config[0x48] = 0x0; + d->config[0x49] = 0x0; + d->config[0x4a] = 0x0; + d->config[0x4b] = 0x1; } static void u3_agp_pci_host_realize(PCIDevice *d, Error **errp) From 512fe19330f60ebcb79a3f440411d3a1c7f6e11a Mon Sep 17 00:00:00 2001 From: David Gibson Date: Wed, 13 Jan 2016 12:15:22 +1100 Subject: [PATCH 29/40] target-ppc: Remove unused kvmppc_read_segment_page_sizes() stub This stub function is in the !KVM ifdef in target-ppc/kvm_ppc.h. However no such function exists on the KVM side, or is ever used. I think this originally referenced a function which read host page size information from /proc, for we we now use the KVM GET_SMMU_INFO extension instead. In any case, it has no function now, so remove it. Signed-off-by: David Gibson Reviewed-by: Thomas Huth Reviewed-by: Laurent Vivier Reviewed-by: Alexander Graf --- target-ppc/kvm_ppc.h | 5 ----- 1 file changed, 5 deletions(-) diff --git a/target-ppc/kvm_ppc.h b/target-ppc/kvm_ppc.h index 5e1333d9954b..62406ce4e161 100644 --- a/target-ppc/kvm_ppc.h +++ b/target-ppc/kvm_ppc.h @@ -98,11 +98,6 @@ static inline int kvmppc_get_hypercall(CPUPPCState *env, uint8_t *buf, int buf_l return -1; } -static inline int kvmppc_read_segment_page_sizes(uint32_t *prop, int maxcells) -{ - return -1; -} - static inline int kvmppc_set_interrupt(PowerPCCPU *cpu, int irq, int level) { return -1; From 7ef23068bfa413605de8ae7e3e654d9198369fa8 Mon Sep 17 00:00:00 2001 From: David Gibson Date: Thu, 14 Jan 2016 15:33:27 +1100 Subject: [PATCH 30/40] target-ppc: Convert mmu-hash{32,64}.[ch] from CPUPPCState to PowerPCCPU Like a lot of places these files include a mixture of functions taking both the older CPUPPCState *env and newer PowerPCCPU *cpu. Move a step closer to cleaning this up by standardizing on PowerPCCPU, except for the helper_* functions which are called with the CPUPPCState * from tcg. Callers and some related functions are updated as well, the boundaries of what's changed here are a bit arbitrary. Signed-off-by: David Gibson Reviewed-by: Laurent Vivier Reviewed-by: Alexander Graf --- hw/ppc/spapr_hcall.c | 31 ++++++++-------- target-ppc/kvm.c | 2 +- target-ppc/mmu-hash32.c | 68 ++++++++++++++++++++--------------- target-ppc/mmu-hash32.h | 30 ++++++++-------- target-ppc/mmu-hash64.c | 80 ++++++++++++++++++++++++----------------- target-ppc/mmu-hash64.h | 21 +++++------ target-ppc/mmu_helper.c | 13 +++---- 7 files changed, 136 insertions(+), 109 deletions(-) diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c index 093d426dc853..a53bd2feece2 100644 --- a/hw/ppc/spapr_hcall.c +++ b/hw/ppc/spapr_hcall.c @@ -161,7 +161,7 @@ static target_ulong h_enter(PowerPCCPU *cpu, sPAPRMachineState *spapr, pte_index &= ~7ULL; token = ppc_hash64_start_access(cpu, pte_index); for (; index < 8; index++) { - if ((ppc_hash64_load_hpte0(env, token, index) & HPTE64_V_VALID) == 0) { + if (!(ppc_hash64_load_hpte0(cpu, token, index) & HPTE64_V_VALID)) { break; } } @@ -171,14 +171,14 @@ static target_ulong h_enter(PowerPCCPU *cpu, sPAPRMachineState *spapr, } } else { token = ppc_hash64_start_access(cpu, pte_index); - if (ppc_hash64_load_hpte0(env, token, 0) & HPTE64_V_VALID) { + if (ppc_hash64_load_hpte0(cpu, token, 0) & HPTE64_V_VALID) { ppc_hash64_stop_access(token); return H_PTEG_FULL; } ppc_hash64_stop_access(token); } - ppc_hash64_store_hpte(env, pte_index + index, + ppc_hash64_store_hpte(cpu, pte_index + index, pteh | HPTE64_V_HPTE_DIRTY, ptel); args[0] = pte_index + index; @@ -192,11 +192,12 @@ typedef enum { REMOVE_HW = 3, } RemoveResult; -static RemoveResult remove_hpte(CPUPPCState *env, target_ulong ptex, +static RemoveResult remove_hpte(PowerPCCPU *cpu, target_ulong ptex, target_ulong avpn, target_ulong flags, target_ulong *vp, target_ulong *rp) { + CPUPPCState *env = &cpu->env; uint64_t token; target_ulong v, r, rb; @@ -204,9 +205,9 @@ static RemoveResult remove_hpte(CPUPPCState *env, target_ulong ptex, return REMOVE_PARM; } - token = ppc_hash64_start_access(ppc_env_get_cpu(env), ptex); - v = ppc_hash64_load_hpte0(env, token, 0); - r = ppc_hash64_load_hpte1(env, token, 0); + token = ppc_hash64_start_access(cpu, ptex); + v = ppc_hash64_load_hpte0(cpu, token, 0); + r = ppc_hash64_load_hpte1(cpu, token, 0); ppc_hash64_stop_access(token); if ((v & HPTE64_V_VALID) == 0 || @@ -216,7 +217,7 @@ static RemoveResult remove_hpte(CPUPPCState *env, target_ulong ptex, } *vp = v; *rp = r; - ppc_hash64_store_hpte(env, ptex, HPTE64_V_HPTE_DIRTY, 0); + ppc_hash64_store_hpte(cpu, ptex, HPTE64_V_HPTE_DIRTY, 0); rb = compute_tlbie_rb(v, r, ptex); ppc_tlb_invalidate_one(env, rb); return REMOVE_SUCCESS; @@ -225,13 +226,12 @@ static RemoveResult remove_hpte(CPUPPCState *env, target_ulong ptex, static target_ulong h_remove(PowerPCCPU *cpu, sPAPRMachineState *spapr, target_ulong opcode, target_ulong *args) { - CPUPPCState *env = &cpu->env; target_ulong flags = args[0]; target_ulong pte_index = args[1]; target_ulong avpn = args[2]; RemoveResult ret; - ret = remove_hpte(env, pte_index, avpn, flags, + ret = remove_hpte(cpu, pte_index, avpn, flags, &args[0], &args[1]); switch (ret) { @@ -272,7 +272,6 @@ static target_ulong h_remove(PowerPCCPU *cpu, sPAPRMachineState *spapr, static target_ulong h_bulk_remove(PowerPCCPU *cpu, sPAPRMachineState *spapr, target_ulong opcode, target_ulong *args) { - CPUPPCState *env = &cpu->env; int i; for (i = 0; i < H_BULK_REMOVE_MAX_BATCH; i++) { @@ -294,7 +293,7 @@ static target_ulong h_bulk_remove(PowerPCCPU *cpu, sPAPRMachineState *spapr, return H_PARAMETER; } - ret = remove_hpte(env, *tsh & H_BULK_REMOVE_PTEX, tsl, + ret = remove_hpte(cpu, *tsh & H_BULK_REMOVE_PTEX, tsl, (*tsh & H_BULK_REMOVE_FLAGS) >> 26, &v, &r); @@ -331,8 +330,8 @@ static target_ulong h_protect(PowerPCCPU *cpu, sPAPRMachineState *spapr, } token = ppc_hash64_start_access(cpu, pte_index); - v = ppc_hash64_load_hpte0(env, token, 0); - r = ppc_hash64_load_hpte1(env, token, 0); + v = ppc_hash64_load_hpte0(cpu, token, 0); + r = ppc_hash64_load_hpte1(cpu, token, 0); ppc_hash64_stop_access(token); if ((v & HPTE64_V_VALID) == 0 || @@ -346,11 +345,11 @@ static target_ulong h_protect(PowerPCCPU *cpu, sPAPRMachineState *spapr, r |= (flags << 48) & HPTE64_R_KEY_HI; r |= flags & (HPTE64_R_PP | HPTE64_R_N | HPTE64_R_KEY_LO); rb = compute_tlbie_rb(v, r, pte_index); - ppc_hash64_store_hpte(env, pte_index, + ppc_hash64_store_hpte(cpu, pte_index, (v & ~HPTE64_V_VALID) | HPTE64_V_HPTE_DIRTY, 0); ppc_tlb_invalidate_one(env, rb); /* Don't need a memory barrier, due to qemu's global lock */ - ppc_hash64_store_hpte(env, pte_index, v | HPTE64_V_HPTE_DIRTY, r); + ppc_hash64_store_hpte(cpu, pte_index, v | HPTE64_V_HPTE_DIRTY, r); return H_SUCCESS; } diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c index 60ff11948882..3e61fcddfe8a 100644 --- a/target-ppc/kvm.c +++ b/target-ppc/kvm.c @@ -1205,7 +1205,7 @@ int kvm_arch_get_registers(CPUState *cs) * Only restore valid entries */ if (rb & SLB_ESID_V) { - ppc_store_slb(env, rb, rs); + ppc_store_slb(cpu, rb, rs); } } #endif diff --git a/target-ppc/mmu-hash32.c b/target-ppc/mmu-hash32.c index 022e9470f818..b076d8006fa5 100644 --- a/target-ppc/mmu-hash32.c +++ b/target-ppc/mmu-hash32.c @@ -84,9 +84,10 @@ static int ppc_hash32_pp_prot(int key, int pp, int nx) return prot; } -static int ppc_hash32_pte_prot(CPUPPCState *env, +static int ppc_hash32_pte_prot(PowerPCCPU *cpu, target_ulong sr, ppc_hash_pte32_t pte) { + CPUPPCState *env = &cpu->env; unsigned pp, key; key = !!(msr_pr ? (sr & SR32_KP) : (sr & SR32_KS)); @@ -95,9 +96,11 @@ static int ppc_hash32_pte_prot(CPUPPCState *env, return ppc_hash32_pp_prot(key, pp, !!(sr & SR32_NX)); } -static target_ulong hash32_bat_size(CPUPPCState *env, +static target_ulong hash32_bat_size(PowerPCCPU *cpu, target_ulong batu, target_ulong batl) { + CPUPPCState *env = &cpu->env; + if ((msr_pr && !(batu & BATU32_VP)) || (!msr_pr && !(batu & BATU32_VS))) { return 0; @@ -106,7 +109,7 @@ static target_ulong hash32_bat_size(CPUPPCState *env, return BATU32_BEPI & ~((batu & BATU32_BL) << 15); } -static int hash32_bat_prot(CPUPPCState *env, +static int hash32_bat_prot(PowerPCCPU *cpu, target_ulong batu, target_ulong batl) { int pp, prot; @@ -122,7 +125,7 @@ static int hash32_bat_prot(CPUPPCState *env, return prot; } -static target_ulong hash32_bat_601_size(CPUPPCState *env, +static target_ulong hash32_bat_601_size(PowerPCCPU *cpu, target_ulong batu, target_ulong batl) { if (!(batl & BATL32_601_V)) { @@ -132,9 +135,10 @@ static target_ulong hash32_bat_601_size(CPUPPCState *env, return BATU32_BEPI & ~((batl & BATL32_601_BL) << 17); } -static int hash32_bat_601_prot(CPUPPCState *env, +static int hash32_bat_601_prot(PowerPCCPU *cpu, target_ulong batu, target_ulong batl) { + CPUPPCState *env = &cpu->env; int key, pp; pp = batu & BATU32_601_PP; @@ -146,9 +150,10 @@ static int hash32_bat_601_prot(CPUPPCState *env, return ppc_hash32_pp_prot(key, pp, 0); } -static hwaddr ppc_hash32_bat_lookup(CPUPPCState *env, target_ulong ea, int rwx, +static hwaddr ppc_hash32_bat_lookup(PowerPCCPU *cpu, target_ulong ea, int rwx, int *prot) { + CPUPPCState *env = &cpu->env; target_ulong *BATlt, *BATut; int i; @@ -167,9 +172,9 @@ static hwaddr ppc_hash32_bat_lookup(CPUPPCState *env, target_ulong ea, int rwx, target_ulong mask; if (unlikely(env->mmu_model == POWERPC_MMU_601)) { - mask = hash32_bat_601_size(env, batu, batl); + mask = hash32_bat_601_size(cpu, batu, batl); } else { - mask = hash32_bat_size(env, batu, batl); + mask = hash32_bat_size(cpu, batu, batl); } LOG_BATS("%s: %cBAT%d v " TARGET_FMT_lx " BATu " TARGET_FMT_lx " BATl " TARGET_FMT_lx "\n", __func__, @@ -179,9 +184,9 @@ static hwaddr ppc_hash32_bat_lookup(CPUPPCState *env, target_ulong ea, int rwx, hwaddr raddr = (batl & mask) | (ea & ~mask); if (unlikely(env->mmu_model == POWERPC_MMU_601)) { - *prot = hash32_bat_601_prot(env, batu, batl); + *prot = hash32_bat_601_prot(cpu, batu, batl); } else { - *prot = hash32_bat_prot(env, batu, batl); + *prot = hash32_bat_prot(cpu, batu, batl); } return raddr & TARGET_PAGE_MASK; @@ -210,11 +215,12 @@ static hwaddr ppc_hash32_bat_lookup(CPUPPCState *env, target_ulong ea, int rwx, return -1; } -static int ppc_hash32_direct_store(CPUPPCState *env, target_ulong sr, +static int ppc_hash32_direct_store(PowerPCCPU *cpu, target_ulong sr, target_ulong eaddr, int rwx, hwaddr *raddr, int *prot) { - CPUState *cs = CPU(ppc_env_get_cpu(env)); + CPUState *cs = CPU(cpu); + CPUPPCState *env = &cpu->env; int key = !!(msr_pr ? (sr & SR32_KP) : (sr & SR32_KS)); qemu_log_mask(CPU_LOG_MMU, "direct store...\n"); @@ -294,12 +300,14 @@ static int ppc_hash32_direct_store(CPUPPCState *env, target_ulong sr, } } -hwaddr get_pteg_offset32(CPUPPCState *env, hwaddr hash) +hwaddr get_pteg_offset32(PowerPCCPU *cpu, hwaddr hash) { + CPUPPCState *env = &cpu->env; + return (hash * HASH_PTEG_SIZE_32) & env->htab_mask; } -static hwaddr ppc_hash32_pteg_search(CPUPPCState *env, hwaddr pteg_off, +static hwaddr ppc_hash32_pteg_search(PowerPCCPU *cpu, hwaddr pteg_off, bool secondary, target_ulong ptem, ppc_hash_pte32_t *pte) { @@ -308,8 +316,8 @@ static hwaddr ppc_hash32_pteg_search(CPUPPCState *env, hwaddr pteg_off, int i; for (i = 0; i < HPTES_PER_GROUP; i++) { - pte0 = ppc_hash32_load_hpte0(env, pte_offset); - pte1 = ppc_hash32_load_hpte1(env, pte_offset); + pte0 = ppc_hash32_load_hpte0(cpu, pte_offset); + pte1 = ppc_hash32_load_hpte1(cpu, pte_offset); if ((pte0 & HPTE32_V_VALID) && (secondary == !!(pte0 & HPTE32_V_SECONDARY)) @@ -325,10 +333,11 @@ static hwaddr ppc_hash32_pteg_search(CPUPPCState *env, hwaddr pteg_off, return -1; } -static hwaddr ppc_hash32_htab_lookup(CPUPPCState *env, +static hwaddr ppc_hash32_htab_lookup(PowerPCCPU *cpu, target_ulong sr, target_ulong eaddr, ppc_hash_pte32_t *pte) { + CPUPPCState *env = &cpu->env; hwaddr pteg_off, pte_offset; hwaddr hash; uint32_t vsid, pgidx, ptem; @@ -349,16 +358,16 @@ static hwaddr ppc_hash32_htab_lookup(CPUPPCState *env, " vsid=%" PRIx32 " ptem=%" PRIx32 " hash=" TARGET_FMT_plx "\n", env->htab_base, env->htab_mask, vsid, ptem, hash); - pteg_off = get_pteg_offset32(env, hash); - pte_offset = ppc_hash32_pteg_search(env, pteg_off, 0, ptem, pte); + pteg_off = get_pteg_offset32(cpu, hash); + pte_offset = ppc_hash32_pteg_search(cpu, pteg_off, 0, ptem, pte); if (pte_offset == -1) { /* Secondary PTEG lookup */ qemu_log_mask(CPU_LOG_MMU, "1 htab=" TARGET_FMT_plx "/" TARGET_FMT_plx " vsid=%" PRIx32 " api=%" PRIx32 " hash=" TARGET_FMT_plx "\n", env->htab_base, env->htab_mask, vsid, ptem, ~hash); - pteg_off = get_pteg_offset32(env, ~hash); - pte_offset = ppc_hash32_pteg_search(env, pteg_off, 1, ptem, pte); + pteg_off = get_pteg_offset32(cpu, ~hash); + pte_offset = ppc_hash32_pteg_search(cpu, pteg_off, 1, ptem, pte); } return pte_offset; @@ -400,7 +409,7 @@ int ppc_hash32_handle_mmu_fault(PowerPCCPU *cpu, target_ulong eaddr, int rwx, /* 2. Check Block Address Translation entries (BATs) */ if (env->nb_BATs != 0) { - raddr = ppc_hash32_bat_lookup(env, eaddr, rwx, &prot); + raddr = ppc_hash32_bat_lookup(cpu, eaddr, rwx, &prot); if (raddr != -1) { if (need_prot[rwx] & ~prot) { if (rwx == 2) { @@ -431,7 +440,7 @@ int ppc_hash32_handle_mmu_fault(PowerPCCPU *cpu, target_ulong eaddr, int rwx, /* 4. Handle direct store segments */ if (sr & SR32_T) { - if (ppc_hash32_direct_store(env, sr, eaddr, rwx, + if (ppc_hash32_direct_store(cpu, sr, eaddr, rwx, &raddr, &prot) == 0) { tlb_set_page(cs, eaddr & TARGET_PAGE_MASK, raddr & TARGET_PAGE_MASK, prot, mmu_idx, @@ -450,7 +459,7 @@ int ppc_hash32_handle_mmu_fault(PowerPCCPU *cpu, target_ulong eaddr, int rwx, } /* 6. Locate the PTE in the hash table */ - pte_offset = ppc_hash32_htab_lookup(env, sr, eaddr, &pte); + pte_offset = ppc_hash32_htab_lookup(cpu, sr, eaddr, &pte); if (pte_offset == -1) { if (rwx == 2) { cs->exception_index = POWERPC_EXCP_ISI; @@ -473,7 +482,7 @@ int ppc_hash32_handle_mmu_fault(PowerPCCPU *cpu, target_ulong eaddr, int rwx, /* 7. Check access permissions */ - prot = ppc_hash32_pte_prot(env, sr, pte); + prot = ppc_hash32_pte_prot(cpu, sr, pte); if (need_prot[rwx] & ~prot) { /* Access right violation */ @@ -508,7 +517,7 @@ int ppc_hash32_handle_mmu_fault(PowerPCCPU *cpu, target_ulong eaddr, int rwx, } if (new_pte1 != pte.pte1) { - ppc_hash32_store_hpte1(env, pte_offset, new_pte1); + ppc_hash32_store_hpte1(cpu, pte_offset, new_pte1); } /* 9. Determine the real address from the PTE */ @@ -521,8 +530,9 @@ int ppc_hash32_handle_mmu_fault(PowerPCCPU *cpu, target_ulong eaddr, int rwx, return 0; } -hwaddr ppc_hash32_get_phys_page_debug(CPUPPCState *env, target_ulong eaddr) +hwaddr ppc_hash32_get_phys_page_debug(PowerPCCPU *cpu, target_ulong eaddr) { + CPUPPCState *env = &cpu->env; target_ulong sr; hwaddr pte_offset; ppc_hash_pte32_t pte; @@ -534,7 +544,7 @@ hwaddr ppc_hash32_get_phys_page_debug(CPUPPCState *env, target_ulong eaddr) } if (env->nb_BATs != 0) { - hwaddr raddr = ppc_hash32_bat_lookup(env, eaddr, 0, &prot); + hwaddr raddr = ppc_hash32_bat_lookup(cpu, eaddr, 0, &prot); if (raddr != -1) { return raddr; } @@ -547,7 +557,7 @@ hwaddr ppc_hash32_get_phys_page_debug(CPUPPCState *env, target_ulong eaddr) return -1; } - pte_offset = ppc_hash32_htab_lookup(env, sr, eaddr, &pte); + pte_offset = ppc_hash32_htab_lookup(cpu, sr, eaddr, &pte); if (pte_offset == -1) { return -1; } diff --git a/target-ppc/mmu-hash32.h b/target-ppc/mmu-hash32.h index d515d4ff733f..afbb9dd3d117 100644 --- a/target-ppc/mmu-hash32.h +++ b/target-ppc/mmu-hash32.h @@ -3,8 +3,8 @@ #ifndef CONFIG_USER_ONLY -hwaddr get_pteg_offset32(CPUPPCState *env, hwaddr hash); -hwaddr ppc_hash32_get_phys_page_debug(CPUPPCState *env, target_ulong addr); +hwaddr get_pteg_offset32(PowerPCCPU *cpu, hwaddr hash); +hwaddr ppc_hash32_get_phys_page_debug(PowerPCCPU *cpu, target_ulong addr); int ppc_hash32_handle_mmu_fault(PowerPCCPU *cpu, target_ulong address, int rw, int mmu_idx); @@ -65,40 +65,42 @@ int ppc_hash32_handle_mmu_fault(PowerPCCPU *cpu, target_ulong address, int rw, #define HPTE32_R_WIMG 0x00000078 #define HPTE32_R_PP 0x00000003 -static inline target_ulong ppc_hash32_load_hpte0(CPUPPCState *env, +static inline target_ulong ppc_hash32_load_hpte0(PowerPCCPU *cpu, hwaddr pte_offset) { - CPUState *cs = CPU(ppc_env_get_cpu(env)); + CPUPPCState *env = &cpu->env; assert(!env->external_htab); /* Not supported on 32-bit for now */ - return ldl_phys(cs->as, env->htab_base + pte_offset); + return ldl_phys(CPU(cpu)->as, env->htab_base + pte_offset); } -static inline target_ulong ppc_hash32_load_hpte1(CPUPPCState *env, +static inline target_ulong ppc_hash32_load_hpte1(PowerPCCPU *cpu, hwaddr pte_offset) { - CPUState *cs = CPU(ppc_env_get_cpu(env)); + CPUPPCState *env = &cpu->env; assert(!env->external_htab); /* Not supported on 32-bit for now */ - return ldl_phys(cs->as, env->htab_base + pte_offset + HASH_PTE_SIZE_32/2); + return ldl_phys(CPU(cpu)->as, + env->htab_base + pte_offset + HASH_PTE_SIZE_32 / 2); } -static inline void ppc_hash32_store_hpte0(CPUPPCState *env, +static inline void ppc_hash32_store_hpte0(PowerPCCPU *cpu, hwaddr pte_offset, target_ulong pte0) { - CPUState *cs = CPU(ppc_env_get_cpu(env)); + CPUPPCState *env = &cpu->env; assert(!env->external_htab); /* Not supported on 32-bit for now */ - stl_phys(cs->as, env->htab_base + pte_offset, pte0); + stl_phys(CPU(cpu)->as, env->htab_base + pte_offset, pte0); } -static inline void ppc_hash32_store_hpte1(CPUPPCState *env, +static inline void ppc_hash32_store_hpte1(PowerPCCPU *cpu, hwaddr pte_offset, target_ulong pte1) { - CPUState *cs = CPU(ppc_env_get_cpu(env)); + CPUPPCState *env = &cpu->env; assert(!env->external_htab); /* Not supported on 32-bit for now */ - stl_phys(cs->as, env->htab_base + pte_offset + HASH_PTE_SIZE_32/2, pte1); + stl_phys(CPU(cpu)->as, + env->htab_base + pte_offset + HASH_PTE_SIZE_32 / 2, pte1); } typedef struct { diff --git a/target-ppc/mmu-hash64.c b/target-ppc/mmu-hash64.c index 8d28ed442acb..8648408e8dae 100644 --- a/target-ppc/mmu-hash64.c +++ b/target-ppc/mmu-hash64.c @@ -41,8 +41,9 @@ bool kvmppc_kern_htab; * SLB handling */ -static ppc_slb_t *slb_lookup(CPUPPCState *env, target_ulong eaddr) +static ppc_slb_t *slb_lookup(PowerPCCPU *cpu, target_ulong eaddr) { + CPUPPCState *env = &cpu->env; uint64_t esid_256M, esid_1T; int n; @@ -70,12 +71,13 @@ static ppc_slb_t *slb_lookup(CPUPPCState *env, target_ulong eaddr) return NULL; } -void dump_slb(FILE *f, fprintf_function cpu_fprintf, CPUPPCState *env) +void dump_slb(FILE *f, fprintf_function cpu_fprintf, PowerPCCPU *cpu) { + CPUPPCState *env = &cpu->env; int i; uint64_t slbe, slbv; - cpu_synchronize_state(CPU(ppc_env_get_cpu(env))); + cpu_synchronize_state(CPU(cpu)); cpu_fprintf(f, "SLB\tESID\t\t\tVSID\n"); for (i = 0; i < env->slb_nr; i++) { @@ -118,7 +120,7 @@ void helper_slbie(CPUPPCState *env, target_ulong addr) PowerPCCPU *cpu = ppc_env_get_cpu(env); ppc_slb_t *slb; - slb = slb_lookup(env, addr); + slb = slb_lookup(cpu, addr); if (!slb) { return; } @@ -134,8 +136,9 @@ void helper_slbie(CPUPPCState *env, target_ulong addr) } } -int ppc_store_slb(CPUPPCState *env, target_ulong rb, target_ulong rs) +int ppc_store_slb(PowerPCCPU *cpu, target_ulong rb, target_ulong rs) { + CPUPPCState *env = &cpu->env; int slot = rb & 0xfff; ppc_slb_t *slb = &env->slb[slot]; @@ -160,9 +163,10 @@ int ppc_store_slb(CPUPPCState *env, target_ulong rb, target_ulong rs) return 0; } -static int ppc_load_slb_esid(CPUPPCState *env, target_ulong rb, +static int ppc_load_slb_esid(PowerPCCPU *cpu, target_ulong rb, target_ulong *rt) { + CPUPPCState *env = &cpu->env; int slot = rb & 0xfff; ppc_slb_t *slb = &env->slb[slot]; @@ -174,9 +178,10 @@ static int ppc_load_slb_esid(CPUPPCState *env, target_ulong rb, return 0; } -static int ppc_load_slb_vsid(CPUPPCState *env, target_ulong rb, +static int ppc_load_slb_vsid(PowerPCCPU *cpu, target_ulong rb, target_ulong *rt) { + CPUPPCState *env = &cpu->env; int slot = rb & 0xfff; ppc_slb_t *slb = &env->slb[slot]; @@ -190,7 +195,9 @@ static int ppc_load_slb_vsid(CPUPPCState *env, target_ulong rb, void helper_store_slb(CPUPPCState *env, target_ulong rb, target_ulong rs) { - if (ppc_store_slb(env, rb, rs) < 0) { + PowerPCCPU *cpu = ppc_env_get_cpu(env); + + if (ppc_store_slb(cpu, rb, rs) < 0) { helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM, POWERPC_EXCP_INVAL); } @@ -198,9 +205,10 @@ void helper_store_slb(CPUPPCState *env, target_ulong rb, target_ulong rs) target_ulong helper_load_slb_esid(CPUPPCState *env, target_ulong rb) { + PowerPCCPU *cpu = ppc_env_get_cpu(env); target_ulong rt = 0; - if (ppc_load_slb_esid(env, rb, &rt) < 0) { + if (ppc_load_slb_esid(cpu, rb, &rt) < 0) { helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM, POWERPC_EXCP_INVAL); } @@ -209,9 +217,10 @@ target_ulong helper_load_slb_esid(CPUPPCState *env, target_ulong rb) target_ulong helper_load_slb_vsid(CPUPPCState *env, target_ulong rb) { + PowerPCCPU *cpu = ppc_env_get_cpu(env); target_ulong rt = 0; - if (ppc_load_slb_vsid(env, rb, &rt) < 0) { + if (ppc_load_slb_vsid(cpu, rb, &rt) < 0) { helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM, POWERPC_EXCP_INVAL); } @@ -222,9 +231,10 @@ target_ulong helper_load_slb_vsid(CPUPPCState *env, target_ulong rb) * 64-bit hash table MMU handling */ -static int ppc_hash64_pte_prot(CPUPPCState *env, +static int ppc_hash64_pte_prot(PowerPCCPU *cpu, ppc_slb_t *slb, ppc_hash_pte64_t pte) { + CPUPPCState *env = &cpu->env; unsigned pp, key; /* Some pp bit combinations have undefined behaviour, so default * to no access in those cases */ @@ -274,12 +284,12 @@ static int ppc_hash64_pte_prot(CPUPPCState *env, return prot; } -static int ppc_hash64_amr_prot(CPUPPCState *env, ppc_hash_pte64_t pte) +static int ppc_hash64_amr_prot(PowerPCCPU *cpu, ppc_hash_pte64_t pte) { + CPUPPCState *env = &cpu->env; int key, amrbits; int prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; - /* Only recent MMUs implement Virtual Page Class Key Protection */ if (!(env->mmu_model & POWERPC_MMU_AMR)) { return prot; @@ -348,23 +358,24 @@ void ppc_hash64_stop_access(uint64_t token) } } -static hwaddr ppc_hash64_pteg_search(CPUPPCState *env, hwaddr hash, +static hwaddr ppc_hash64_pteg_search(PowerPCCPU *cpu, hwaddr hash, bool secondary, target_ulong ptem, ppc_hash_pte64_t *pte) { + CPUPPCState *env = &cpu->env; int i; uint64_t token; target_ulong pte0, pte1; target_ulong pte_index; pte_index = (hash & env->htab_mask) * HPTES_PER_GROUP; - token = ppc_hash64_start_access(ppc_env_get_cpu(env), pte_index); + token = ppc_hash64_start_access(cpu, pte_index); if (!token) { return -1; } for (i = 0; i < HPTES_PER_GROUP; i++) { - pte0 = ppc_hash64_load_hpte0(env, token, i); - pte1 = ppc_hash64_load_hpte1(env, token, i); + pte0 = ppc_hash64_load_hpte0(cpu, token, i); + pte1 = ppc_hash64_load_hpte1(cpu, token, i); if ((pte0 & HPTE64_V_VALID) && (secondary == !!(pte0 & HPTE64_V_SECONDARY)) @@ -400,10 +411,11 @@ static uint64_t ppc_hash64_page_shift(ppc_slb_t *slb) return epnshift; } -static hwaddr ppc_hash64_htab_lookup(CPUPPCState *env, +static hwaddr ppc_hash64_htab_lookup(PowerPCCPU *cpu, ppc_slb_t *slb, target_ulong eaddr, ppc_hash_pte64_t *pte) { + CPUPPCState *env = &cpu->env; hwaddr pte_offset; hwaddr hash; uint64_t vsid, epnshift, epnmask, epn, ptem; @@ -436,7 +448,7 @@ static hwaddr ppc_hash64_htab_lookup(CPUPPCState *env, " vsid=" TARGET_FMT_lx " ptem=" TARGET_FMT_lx " hash=" TARGET_FMT_plx "\n", env->htab_base, env->htab_mask, vsid, ptem, hash); - pte_offset = ppc_hash64_pteg_search(env, hash, 0, ptem, pte); + pte_offset = ppc_hash64_pteg_search(cpu, hash, 0, ptem, pte); if (pte_offset == -1) { /* Secondary PTEG lookup */ @@ -446,7 +458,7 @@ static hwaddr ppc_hash64_htab_lookup(CPUPPCState *env, " hash=" TARGET_FMT_plx "\n", env->htab_base, env->htab_mask, vsid, ptem, ~hash); - pte_offset = ppc_hash64_pteg_search(env, ~hash, 1, ptem, pte); + pte_offset = ppc_hash64_pteg_search(cpu, ~hash, 1, ptem, pte); } return pte_offset; @@ -493,7 +505,7 @@ int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, target_ulong eaddr, } /* 2. Translation is on, so look up the SLB */ - slb = slb_lookup(env, eaddr); + slb = slb_lookup(cpu, eaddr); if (!slb) { if (rwx == 2) { @@ -515,7 +527,7 @@ int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, target_ulong eaddr, } /* 4. Locate the PTE in the hash table */ - pte_offset = ppc_hash64_htab_lookup(env, slb, eaddr, &pte); + pte_offset = ppc_hash64_htab_lookup(cpu, slb, eaddr, &pte); if (pte_offset == -1) { if (rwx == 2) { cs->exception_index = POWERPC_EXCP_ISI; @@ -537,8 +549,8 @@ int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, target_ulong eaddr, /* 5. Check access permissions */ - pp_prot = ppc_hash64_pte_prot(env, slb, pte); - amr_prot = ppc_hash64_amr_prot(env, pte); + pp_prot = ppc_hash64_pte_prot(cpu, slb, pte); + amr_prot = ppc_hash64_amr_prot(cpu, pte); prot = pp_prot & amr_prot; if ((need_prot[rwx] & ~prot) != 0) { @@ -581,7 +593,7 @@ int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, target_ulong eaddr, } if (new_pte1 != pte.pte1) { - ppc_hash64_store_hpte(env, pte_offset / HASH_PTE_SIZE_64, + ppc_hash64_store_hpte(cpu, pte_offset / HASH_PTE_SIZE_64, pte.pte0, new_pte1); } @@ -595,8 +607,9 @@ int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, target_ulong eaddr, return 0; } -hwaddr ppc_hash64_get_phys_page_debug(CPUPPCState *env, target_ulong addr) +hwaddr ppc_hash64_get_phys_page_debug(PowerPCCPU *cpu, target_ulong addr) { + CPUPPCState *env = &cpu->env; ppc_slb_t *slb; hwaddr pte_offset; ppc_hash_pte64_t pte; @@ -606,12 +619,12 @@ hwaddr ppc_hash64_get_phys_page_debug(CPUPPCState *env, target_ulong addr) return addr & 0x0FFFFFFFFFFFFFFFULL; } - slb = slb_lookup(env, addr); + slb = slb_lookup(cpu, addr); if (!slb) { return -1; } - pte_offset = ppc_hash64_htab_lookup(env, slb, addr, &pte); + pte_offset = ppc_hash64_htab_lookup(cpu, slb, addr, &pte); if (pte_offset == -1) { return -1; } @@ -619,11 +632,11 @@ hwaddr ppc_hash64_get_phys_page_debug(CPUPPCState *env, target_ulong addr) return ppc_hash64_pte_raddr(slb, pte, addr) & TARGET_PAGE_MASK; } -void ppc_hash64_store_hpte(CPUPPCState *env, +void ppc_hash64_store_hpte(PowerPCCPU *cpu, target_ulong pte_index, target_ulong pte0, target_ulong pte1) { - CPUState *cs = CPU(ppc_env_get_cpu(env)); + CPUPPCState *env = &cpu->env; if (kvmppc_kern_htab) { kvmppc_hash64_write_pte(env, pte_index, pte0, pte1); @@ -633,9 +646,10 @@ void ppc_hash64_store_hpte(CPUPPCState *env, pte_index *= HASH_PTE_SIZE_64; if (env->external_htab) { stq_p(env->external_htab + pte_index, pte0); - stq_p(env->external_htab + pte_index + HASH_PTE_SIZE_64/2, pte1); + stq_p(env->external_htab + pte_index + HASH_PTE_SIZE_64 / 2, pte1); } else { - stq_phys(cs->as, env->htab_base + pte_index, pte0); - stq_phys(cs->as, env->htab_base + pte_index + HASH_PTE_SIZE_64/2, pte1); + stq_phys(CPU(cpu)->as, env->htab_base + pte_index, pte0); + stq_phys(CPU(cpu)->as, + env->htab_base + pte_index + HASH_PTE_SIZE_64 / 2, pte1); } } diff --git a/target-ppc/mmu-hash64.h b/target-ppc/mmu-hash64.h index 291750f3e5a5..6e3de7e16b2f 100644 --- a/target-ppc/mmu-hash64.h +++ b/target-ppc/mmu-hash64.h @@ -4,12 +4,13 @@ #ifndef CONFIG_USER_ONLY #ifdef TARGET_PPC64 -void dump_slb(FILE *f, fprintf_function cpu_fprintf, CPUPPCState *env); -int ppc_store_slb (CPUPPCState *env, target_ulong rb, target_ulong rs); -hwaddr ppc_hash64_get_phys_page_debug(CPUPPCState *env, target_ulong addr); +void ppc_hash64_check_page_sizes(PowerPCCPU *cpu, Error **errp); +void dump_slb(FILE *f, fprintf_function cpu_fprintf, PowerPCCPU *cpu); +int ppc_store_slb(PowerPCCPU *cpu, target_ulong rb, target_ulong rs); +hwaddr ppc_hash64_get_phys_page_debug(PowerPCCPU *cpu, target_ulong addr); int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, target_ulong address, int rw, int mmu_idx); -void ppc_hash64_store_hpte(CPUPPCState *env, target_ulong index, +void ppc_hash64_store_hpte(PowerPCCPU *cpu, target_ulong index, target_ulong pte0, target_ulong pte1); #endif @@ -85,31 +86,31 @@ extern bool kvmppc_kern_htab; uint64_t ppc_hash64_start_access(PowerPCCPU *cpu, target_ulong pte_index); void ppc_hash64_stop_access(uint64_t token); -static inline target_ulong ppc_hash64_load_hpte0(CPUPPCState *env, +static inline target_ulong ppc_hash64_load_hpte0(PowerPCCPU *cpu, uint64_t token, int index) { - CPUState *cs = CPU(ppc_env_get_cpu(env)); + CPUPPCState *env = &cpu->env; uint64_t addr; addr = token + (index * HASH_PTE_SIZE_64); if (env->external_htab) { return ldq_p((const void *)(uintptr_t)addr); } else { - return ldq_phys(cs->as, addr); + return ldq_phys(CPU(cpu)->as, addr); } } -static inline target_ulong ppc_hash64_load_hpte1(CPUPPCState *env, +static inline target_ulong ppc_hash64_load_hpte1(PowerPCCPU *cpu, uint64_t token, int index) { - CPUState *cs = CPU(ppc_env_get_cpu(env)); + CPUPPCState *env = &cpu->env; uint64_t addr; addr = token + (index * HASH_PTE_SIZE_64) + HASH_PTE_SIZE_64/2; if (env->external_htab) { return ldq_p((const void *)(uintptr_t)addr); } else { - return ldq_phys(cs->as, addr); + return ldq_phys(CPU(cpu)->as, addr); } } diff --git a/target-ppc/mmu_helper.c b/target-ppc/mmu_helper.c index d4f7926cf12f..2446bba13c32 100644 --- a/target-ppc/mmu_helper.c +++ b/target-ppc/mmu_helper.c @@ -1298,7 +1298,7 @@ void dump_mmu(FILE *f, fprintf_function cpu_fprintf, CPUPPCState *env) case POWERPC_MMU_2_06a: case POWERPC_MMU_2_07: case POWERPC_MMU_2_07a: - dump_slb(f, cpu_fprintf, env); + dump_slb(f, cpu_fprintf, ppc_env_get_cpu(env)); break; #endif default: @@ -1440,12 +1440,12 @@ hwaddr ppc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr) case POWERPC_MMU_2_06a: case POWERPC_MMU_2_07: case POWERPC_MMU_2_07a: - return ppc_hash64_get_phys_page_debug(env, addr); + return ppc_hash64_get_phys_page_debug(cpu, addr); #endif case POWERPC_MMU_32B: case POWERPC_MMU_601: - return ppc_hash32_get_phys_page_debug(env, addr); + return ppc_hash32_get_phys_page_debug(cpu, addr); default: ; @@ -1511,6 +1511,7 @@ static int cpu_ppc_handle_mmu_fault(CPUPPCState *env, target_ulong address, int rw, int mmu_idx) { CPUState *cs = CPU(ppc_env_get_cpu(env)); + PowerPCCPU *cpu = POWERPC_CPU(cs); mmu_ctx_t ctx; int access_type; int ret = 0; @@ -1612,9 +1613,9 @@ static int cpu_ppc_handle_mmu_fault(CPUPPCState *env, target_ulong address, tlb_miss: env->error_code |= ctx.key << 19; env->spr[SPR_HASH1] = env->htab_base + - get_pteg_offset32(env, ctx.hash[0]); + get_pteg_offset32(cpu, ctx.hash[0]); env->spr[SPR_HASH2] = env->htab_base + - get_pteg_offset32(env, ctx.hash[1]); + get_pteg_offset32(cpu, ctx.hash[1]); break; case POWERPC_MMU_SOFT_74xx: if (rw == 1) { @@ -2102,7 +2103,7 @@ void helper_store_sr(CPUPPCState *env, target_ulong srnum, target_ulong value) /* flags = flags */ rs |= ((value >> 27) & 0xf) << 8; - ppc_store_slb(env, rb, rs); + ppc_store_slb(cpu, rb, rs); } else #endif if (env->sr[srnum] != value) { From bcd81230037f60a2fc9c2e903f8f07db68f86ce8 Mon Sep 17 00:00:00 2001 From: David Gibson Date: Wed, 27 Jan 2016 11:07:29 +1100 Subject: [PATCH 31/40] target-ppc: Rework ppc_store_slb ppc_store_slb updates the SLB for PPC cpus with 64-bit hash MMUs. Currently it takes two parameters, which contain values encoded as the register arguments to the slbmte instruction, one register contains the ESID portion of the SLBE and also the slot number, the other contains the VSID portion of the SLBE. We're shortly going to want to do some SLB updates from other code where it is more convenient to supply the slot number and ESID separately, so rework this function and its callers to work this way. As a bonus, this slightly simplifies the emulation of segment registers for when running a 32-bit OS on a 64-bit CPU. Signed-off-by: David Gibson Reviewed-by: Laurent Vivier Acked-by: Benjamin Herrenschmidt Reviewed-by: Alexander Graf --- target-ppc/kvm.c | 2 +- target-ppc/mmu-hash64.c | 24 +++++++++++++----------- target-ppc/mmu-hash64.h | 3 ++- target-ppc/mmu_helper.c | 14 +++++--------- 4 files changed, 21 insertions(+), 22 deletions(-) diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c index 3e61fcddfe8a..70ca29637f94 100644 --- a/target-ppc/kvm.c +++ b/target-ppc/kvm.c @@ -1205,7 +1205,7 @@ int kvm_arch_get_registers(CPUState *cs) * Only restore valid entries */ if (rb & SLB_ESID_V) { - ppc_store_slb(cpu, rb, rs); + ppc_store_slb(cpu, rb & 0xfff, rb & ~0xfffULL, rs); } } #endif diff --git a/target-ppc/mmu-hash64.c b/target-ppc/mmu-hash64.c index 8648408e8dae..788725c46013 100644 --- a/target-ppc/mmu-hash64.c +++ b/target-ppc/mmu-hash64.c @@ -136,28 +136,30 @@ void helper_slbie(CPUPPCState *env, target_ulong addr) } } -int ppc_store_slb(PowerPCCPU *cpu, target_ulong rb, target_ulong rs) +int ppc_store_slb(PowerPCCPU *cpu, target_ulong slot, + target_ulong esid, target_ulong vsid) { CPUPPCState *env = &cpu->env; - int slot = rb & 0xfff; ppc_slb_t *slb = &env->slb[slot]; - if (rb & (0x1000 - env->slb_nr)) { - return -1; /* Reserved bits set or slot too high */ + if (slot >= env->slb_nr) { + return -1; /* Bad slot number */ + } + if (esid & ~(SLB_ESID_ESID | SLB_ESID_V)) { + return -1; /* Reserved bits set */ } - if (rs & (SLB_VSID_B & ~SLB_VSID_B_1T)) { + if (vsid & (SLB_VSID_B & ~SLB_VSID_B_1T)) { return -1; /* Bad segment size */ } - if ((rs & SLB_VSID_B) && !(env->mmu_model & POWERPC_MMU_1TSEG)) { + if ((vsid & SLB_VSID_B) && !(env->mmu_model & POWERPC_MMU_1TSEG)) { return -1; /* 1T segment on MMU that doesn't support it */ } - /* Mask out the slot number as we store the entry */ - slb->esid = rb & (SLB_ESID_ESID | SLB_ESID_V); - slb->vsid = rs; + slb->esid = esid; + slb->vsid = vsid; LOG_SLB("%s: %d " TARGET_FMT_lx " - " TARGET_FMT_lx " => %016" PRIx64 - " %016" PRIx64 "\n", __func__, slot, rb, rs, + " %016" PRIx64 "\n", __func__, slot, esid, vsid, slb->esid, slb->vsid); return 0; @@ -197,7 +199,7 @@ void helper_store_slb(CPUPPCState *env, target_ulong rb, target_ulong rs) { PowerPCCPU *cpu = ppc_env_get_cpu(env); - if (ppc_store_slb(cpu, rb, rs) < 0) { + if (ppc_store_slb(cpu, rb & 0xfff, rb & ~0xfffULL, rs) < 0) { helper_raise_exception_err(env, POWERPC_EXCP_PROGRAM, POWERPC_EXCP_INVAL); } diff --git a/target-ppc/mmu-hash64.h b/target-ppc/mmu-hash64.h index 6e3de7e16b2f..24fd2c47ef94 100644 --- a/target-ppc/mmu-hash64.h +++ b/target-ppc/mmu-hash64.h @@ -6,7 +6,8 @@ #ifdef TARGET_PPC64 void ppc_hash64_check_page_sizes(PowerPCCPU *cpu, Error **errp); void dump_slb(FILE *f, fprintf_function cpu_fprintf, PowerPCCPU *cpu); -int ppc_store_slb(PowerPCCPU *cpu, target_ulong rb, target_ulong rs); +int ppc_store_slb(PowerPCCPU *cpu, target_ulong slot, + target_ulong esid, target_ulong vsid); hwaddr ppc_hash64_get_phys_page_debug(PowerPCCPU *cpu, target_ulong addr); int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, target_ulong address, int rw, int mmu_idx); diff --git a/target-ppc/mmu_helper.c b/target-ppc/mmu_helper.c index 2446bba13c32..727788950cc3 100644 --- a/target-ppc/mmu_helper.c +++ b/target-ppc/mmu_helper.c @@ -2089,21 +2089,17 @@ void helper_store_sr(CPUPPCState *env, target_ulong srnum, target_ulong value) (int)srnum, value, env->sr[srnum]); #if defined(TARGET_PPC64) if (env->mmu_model & POWERPC_MMU_64) { - uint64_t rb = 0, rs = 0; + uint64_t esid, vsid; /* ESID = srnum */ - rb |= ((uint32_t)srnum & 0xf) << 28; - /* Set the valid bit */ - rb |= SLB_ESID_V; - /* Index = ESID */ - rb |= (uint32_t)srnum; + esid = ((uint64_t)(srnum & 0xf) << 28) | SLB_ESID_V; /* VSID = VSID */ - rs |= (value & 0xfffffff) << 12; + vsid = (value & 0xfffffff) << 12; /* flags = flags */ - rs |= ((value >> 27) & 0xf) << 8; + vsid |= ((value >> 27) & 0xf) << 8; - ppc_store_slb(cpu, rb, rs); + ppc_store_slb(cpu, srnum, esid, vsid); } else #endif if (env->sr[srnum] != value) { From cd6a9bb6e977864b1b7ec21b983fa0678b4b82e9 Mon Sep 17 00:00:00 2001 From: David Gibson Date: Wed, 27 Jan 2016 11:52:57 +1100 Subject: [PATCH 32/40] target-ppc: Rework SLB page size lookup Currently, the ppc_hash64_page_shift() function looks up a page size based on information in an SLB entry. It open codes the bit translation for existing CPUs, however different CPU models can have different SLB encodings. We already store those in the 'sps' table in CPUPPCState, but we don't currently enforce that that actually matches the logic in ppc_hash64_page_shift. This patch reworks lookup of page size from SLB in several ways: * ppc_store_slb() will now fail (triggering an illegal instruction exception) if given a bad SLB page size encoding * On success ppc_store_slb() stores a pointer to the relevant entry in the page size table in the SLB entry. This is looked up directly from the published table of page size encodings, so can't get out ot sync. * ppc_hash64_htab_lookup() and others now use this precached page size information rather than decoding the SLB values * Now that callers have easy access to the page_shift, ppc_hash64_pte_raddr() amounts to just a deposit64(), so remove it and have the callers use deposit64() directly. Signed-off-by: David Gibson Acked-by: Benjamin Herrenschmidt Reviewed-by: Alexander Graf --- target-ppc/cpu.h | 1 + target-ppc/machine.c | 20 +++++++++++ target-ppc/mmu-hash64.c | 74 +++++++++++++++++++---------------------- 3 files changed, 56 insertions(+), 39 deletions(-) diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h index 2bc96b4fa7be..082039006f68 100644 --- a/target-ppc/cpu.h +++ b/target-ppc/cpu.h @@ -419,6 +419,7 @@ typedef struct ppc_slb_t ppc_slb_t; struct ppc_slb_t { uint64_t esid; uint64_t vsid; + const struct ppc_one_seg_page_size *sps; }; #define MAX_SLB_ENTRIES 64 diff --git a/target-ppc/machine.c b/target-ppc/machine.c index 8cabc77883d6..692121e98319 100644 --- a/target-ppc/machine.c +++ b/target-ppc/machine.c @@ -3,6 +3,7 @@ #include "hw/boards.h" #include "sysemu/kvm.h" #include "helper_regs.h" +#include "mmu-hash64.h" static int cpu_load_old(QEMUFile *f, void *opaque, int version_id) { @@ -353,11 +354,30 @@ static bool slb_needed(void *opaque) return (cpu->env.mmu_model & POWERPC_MMU_64); } +static int slb_post_load(void *opaque, int version_id) +{ + PowerPCCPU *cpu = opaque; + CPUPPCState *env = &cpu->env; + int i; + + /* We've pulled in the raw esid and vsid values from the migration + * stream, but we need to recompute the page size pointers */ + for (i = 0; i < env->slb_nr; i++) { + if (ppc_store_slb(cpu, i, env->slb[i].esid, env->slb[i].vsid) < 0) { + /* Migration source had bad values in its SLB */ + return -1; + } + } + + return 0; +} + static const VMStateDescription vmstate_slb = { .name = "cpu/slb", .version_id = 1, .minimum_version_id = 1, .needed = slb_needed, + .post_load = slb_post_load, .fields = (VMStateField[]) { VMSTATE_INT32_EQUAL(env.slb_nr, PowerPCCPU), VMSTATE_SLB_ARRAY(env.slb, PowerPCCPU, MAX_SLB_ENTRIES), diff --git a/target-ppc/mmu-hash64.c b/target-ppc/mmu-hash64.c index 788725c46013..9ad02f3a8fcb 100644 --- a/target-ppc/mmu-hash64.c +++ b/target-ppc/mmu-hash64.c @@ -20,6 +20,7 @@ #include "qemu/osdep.h" #include "cpu.h" #include "exec/helper-proto.h" +#include "qemu/error-report.h" #include "sysemu/kvm.h" #include "kvm_ppc.h" #include "mmu-hash64.h" @@ -141,6 +142,8 @@ int ppc_store_slb(PowerPCCPU *cpu, target_ulong slot, { CPUPPCState *env = &cpu->env; ppc_slb_t *slb = &env->slb[slot]; + const struct ppc_one_seg_page_size *sps = NULL; + int i; if (slot >= env->slb_nr) { return -1; /* Bad slot number */ @@ -155,8 +158,29 @@ int ppc_store_slb(PowerPCCPU *cpu, target_ulong slot, return -1; /* 1T segment on MMU that doesn't support it */ } + for (i = 0; i < PPC_PAGE_SIZES_MAX_SZ; i++) { + const struct ppc_one_seg_page_size *sps1 = &env->sps.sps[i]; + + if (!sps1->page_shift) { + break; + } + + if ((vsid & SLB_VSID_LLP_MASK) == sps1->slb_enc) { + sps = sps1; + break; + } + } + + if (!sps) { + error_report("Bad page size encoding in SLB store: slot "TARGET_FMT_lu + " esid 0x"TARGET_FMT_lx" vsid 0x"TARGET_FMT_lx, + slot, esid, vsid); + return -1; + } + slb->esid = esid; slb->vsid = vsid; + slb->sps = sps; LOG_SLB("%s: %d " TARGET_FMT_lx " - " TARGET_FMT_lx " => %016" PRIx64 " %016" PRIx64 "\n", __func__, slot, esid, vsid, @@ -395,24 +419,6 @@ static hwaddr ppc_hash64_pteg_search(PowerPCCPU *cpu, hwaddr hash, return -1; } -static uint64_t ppc_hash64_page_shift(ppc_slb_t *slb) -{ - uint64_t epnshift; - - /* Page size according to the SLB, which we use to generate the - * EPN for hash table lookup.. When we implement more recent MMU - * extensions this might be different from the actual page size - * encoded in the PTE */ - if ((slb->vsid & SLB_VSID_LLP_MASK) == SLB_VSID_4K) { - epnshift = TARGET_PAGE_BITS; - } else if ((slb->vsid & SLB_VSID_LLP_MASK) == SLB_VSID_64K) { - epnshift = TARGET_PAGE_BITS_64K; - } else { - epnshift = TARGET_PAGE_BITS_16M; - } - return epnshift; -} - static hwaddr ppc_hash64_htab_lookup(PowerPCCPU *cpu, ppc_slb_t *slb, target_ulong eaddr, ppc_hash_pte64_t *pte) @@ -420,21 +426,24 @@ static hwaddr ppc_hash64_htab_lookup(PowerPCCPU *cpu, CPUPPCState *env = &cpu->env; hwaddr pte_offset; hwaddr hash; - uint64_t vsid, epnshift, epnmask, epn, ptem; + uint64_t vsid, epnmask, epn, ptem; + + /* The SLB store path should prevent any bad page size encodings + * getting in there, so: */ + assert(slb->sps); - epnshift = ppc_hash64_page_shift(slb); - epnmask = ~((1ULL << epnshift) - 1); + epnmask = ~((1ULL << slb->sps->page_shift) - 1); if (slb->vsid & SLB_VSID_B) { /* 1TB segment */ vsid = (slb->vsid & SLB_VSID_VSID) >> SLB_VSID_SHIFT_1T; epn = (eaddr & ~SEGMENT_MASK_1T) & epnmask; - hash = vsid ^ (vsid << 25) ^ (epn >> epnshift); + hash = vsid ^ (vsid << 25) ^ (epn >> slb->sps->page_shift); } else { /* 256M segment */ vsid = (slb->vsid & SLB_VSID_VSID) >> SLB_VSID_SHIFT; epn = (eaddr & ~SEGMENT_MASK_256M) & epnmask; - hash = vsid ^ (epn >> epnshift); + hash = vsid ^ (epn >> slb->sps->page_shift); } ptem = (slb->vsid & SLB_VSID_PTEM) | ((epn >> 16) & HPTE64_V_AVPN); @@ -466,20 +475,6 @@ static hwaddr ppc_hash64_htab_lookup(PowerPCCPU *cpu, return pte_offset; } -static hwaddr ppc_hash64_pte_raddr(ppc_slb_t *slb, ppc_hash_pte64_t pte, - target_ulong eaddr) -{ - hwaddr mask; - int target_page_bits; - hwaddr rpn = pte.pte1 & HPTE64_R_RPN; - /* - * We support 4K, 64K and 16M now - */ - target_page_bits = ppc_hash64_page_shift(slb); - mask = (1ULL << target_page_bits) - 1; - return (rpn & ~mask) | (eaddr & mask); -} - int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, target_ulong eaddr, int rwx, int mmu_idx) { @@ -601,7 +596,7 @@ int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, target_ulong eaddr, /* 7. Determine the real address from the PTE */ - raddr = ppc_hash64_pte_raddr(slb, pte, eaddr); + raddr = deposit64(pte.pte1 & HPTE64_R_RPN, 0, slb->sps->page_shift, eaddr); tlb_set_page(cs, eaddr & TARGET_PAGE_MASK, raddr & TARGET_PAGE_MASK, prot, mmu_idx, TARGET_PAGE_SIZE); @@ -631,7 +626,8 @@ hwaddr ppc_hash64_get_phys_page_debug(PowerPCCPU *cpu, target_ulong addr) return -1; } - return ppc_hash64_pte_raddr(slb, pte, addr) & TARGET_PAGE_MASK; + return deposit64(pte.pte1 & HPTE64_R_RPN, 0, slb->sps->page_shift, addr) + & TARGET_PAGE_MASK; } void ppc_hash64_store_hpte(PowerPCCPU *cpu, From be18b2b53ebbf2eb3f00e7890d0b9ff8b58d22bf Mon Sep 17 00:00:00 2001 From: David Gibson Date: Wed, 27 Jan 2016 11:39:15 +1100 Subject: [PATCH 33/40] target-ppc: Use actual page size encodings from HPTE At present the 64-bit hash MMU code uses information from the SLB to determine the page size of a translation. We do need that information to correctly look up the hash table. However the MMU also allows a possibly larger page size to be encoded into the HPTE itself, which is used to populate the TLB. At present qemu doesn't check that, and so doesn't support the MPSS "Multiple Page Size per Segment" feature. This makes a start on allowing this, by adding an hpte_page_shift() function which looks up the page size of an HPTE. We use this to validate page sizes encodings on faults, and populate the qemu TLB with larger page sizes when appropriate. Signed-off-by: David Gibson Acked-by: Benjamin Herrenschmidt Reviewed-by: Alexander Graf --- target-ppc/mmu-hash64.c | 63 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 60 insertions(+), 3 deletions(-) diff --git a/target-ppc/mmu-hash64.c b/target-ppc/mmu-hash64.c index 9ad02f3a8fcb..f4c25b7d14fb 100644 --- a/target-ppc/mmu-hash64.c +++ b/target-ppc/mmu-hash64.c @@ -22,6 +22,7 @@ #include "exec/helper-proto.h" #include "qemu/error-report.h" #include "sysemu/kvm.h" +#include "qemu/error-report.h" #include "kvm_ppc.h" #include "mmu-hash64.h" @@ -475,12 +476,50 @@ static hwaddr ppc_hash64_htab_lookup(PowerPCCPU *cpu, return pte_offset; } +static unsigned hpte_page_shift(const struct ppc_one_seg_page_size *sps, + uint64_t pte0, uint64_t pte1) +{ + int i; + + if (!(pte0 & HPTE64_V_LARGE)) { + if (sps->page_shift != 12) { + /* 4kiB page in a non 4kiB segment */ + return 0; + } + /* Normal 4kiB page */ + return 12; + } + + for (i = 0; i < PPC_PAGE_SIZES_MAX_SZ; i++) { + const struct ppc_one_page_size *ps = &sps->enc[i]; + uint64_t mask; + + if (!ps->page_shift) { + break; + } + + if (ps->page_shift == 12) { + /* L bit is set so this can't be a 4kiB page */ + continue; + } + + mask = ((1ULL << ps->page_shift) - 1) & HPTE64_R_RPN; + + if ((pte1 & mask) == (ps->pte_enc << HPTE64_R_RPN_SHIFT)) { + return ps->page_shift; + } + } + + return 0; /* Bad page size encoding */ +} + int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, target_ulong eaddr, int rwx, int mmu_idx) { CPUState *cs = CPU(cpu); CPUPPCState *env = &cpu->env; ppc_slb_t *slb; + unsigned apshift; hwaddr pte_offset; ppc_hash_pte64_t pte; int pp_prot, amr_prot, prot; @@ -544,6 +583,18 @@ int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, target_ulong eaddr, qemu_log_mask(CPU_LOG_MMU, "found PTE at offset %08" HWADDR_PRIx "\n", pte_offset); + /* Validate page size encoding */ + apshift = hpte_page_shift(slb->sps, pte.pte0, pte.pte1); + if (!apshift) { + error_report("Bad page size encoding in HPTE 0x%"PRIx64" - 0x%"PRIx64 + " @ 0x%"HWADDR_PRIx, pte.pte0, pte.pte1, pte_offset); + /* Not entirely sure what the right action here, but machine + * check seems reasonable */ + cs->exception_index = POWERPC_EXCP_MCHECK; + env->error_code = 0; + return 1; + } + /* 5. Check access permissions */ pp_prot = ppc_hash64_pte_prot(cpu, slb, pte); @@ -596,10 +647,10 @@ int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, target_ulong eaddr, /* 7. Determine the real address from the PTE */ - raddr = deposit64(pte.pte1 & HPTE64_R_RPN, 0, slb->sps->page_shift, eaddr); + raddr = deposit64(pte.pte1 & HPTE64_R_RPN, 0, apshift, eaddr); tlb_set_page(cs, eaddr & TARGET_PAGE_MASK, raddr & TARGET_PAGE_MASK, - prot, mmu_idx, TARGET_PAGE_SIZE); + prot, mmu_idx, 1ULL << apshift); return 0; } @@ -610,6 +661,7 @@ hwaddr ppc_hash64_get_phys_page_debug(PowerPCCPU *cpu, target_ulong addr) ppc_slb_t *slb; hwaddr pte_offset; ppc_hash_pte64_t pte; + unsigned apshift; if (msr_dr == 0) { /* In real mode the top 4 effective address bits are ignored */ @@ -626,7 +678,12 @@ hwaddr ppc_hash64_get_phys_page_debug(PowerPCCPU *cpu, target_ulong addr) return -1; } - return deposit64(pte.pte1 & HPTE64_R_RPN, 0, slb->sps->page_shift, addr) + apshift = hpte_page_shift(slb->sps, pte.pte0, pte.pte1); + if (!apshift) { + return -1; + } + + return deposit64(pte.pte1 & HPTE64_R_RPN, 0, apshift, addr) & TARGET_PAGE_MASK; } From 041d95f42e39ed1d3a029332cab9966889f0aeb3 Mon Sep 17 00:00:00 2001 From: David Gibson Date: Sat, 30 Jan 2016 23:49:22 +1100 Subject: [PATCH 34/40] target-ppc: Remove unused mmu models from ppc_tlb_invalidate_one ppc_tlb_invalidate_one() has a big switch handling many different MMU types. However, most of those branches can never be reached: It is called from 3 places: from remove_hpte() and h_protect() in spapr_hcall.c (which always has a 64-bit hash MMU type), and from helper_tlbie() in mmu_helper.c. Calls to helper_tlbie() are generated from gen_tlbiel, gen_tlbiel and gen_tlbiva. The first two are only used with the PPC_MEM_TLBIE flag, set only with 32-bit or 64-bit hash MMU models, and gen_tlbiva() is used only on 440 and 460 models with the BookE mmu model. These means the exhaustive list of MMU types which may call ppc_tlb_invalidate_one() is: POWERPC_MMU_SOFT_6xx, POWERPC_MMU_601, POWERPC_MMU_32B, POWERPC_MMU_SOFT_74xx, POWERPC_MMU_64B, POWERPC_MMU_2_03, POWERPC_MMU_2_06, POWERPC_MMU_2_07 and POWERPC_MMU_BOOKE. Clean up by removing logic for all other MMU types from ppc_tlb_invalidate_one(). This means that ppc4xx_tlb_invalidate_virt() now has no callers, or rather, makes it obvious that it has no callers. So, we remove that function as well. Signed-off-by: David Gibson --- target-ppc/mmu_helper.c | 46 ++--------------------------------------- 1 file changed, 2 insertions(+), 44 deletions(-) diff --git a/target-ppc/mmu_helper.c b/target-ppc/mmu_helper.c index 727788950cc3..4343cb24de1d 100644 --- a/target-ppc/mmu_helper.c +++ b/target-ppc/mmu_helper.c @@ -658,32 +658,6 @@ static inline void ppc4xx_tlb_invalidate_all(CPUPPCState *env) tlb_flush(CPU(cpu), 1); } -static inline void ppc4xx_tlb_invalidate_virt(CPUPPCState *env, - target_ulong eaddr, uint32_t pid) -{ -#if !defined(FLUSH_ALL_TLBS) - CPUState *cs = CPU(ppc_env_get_cpu(env)); - ppcemb_tlb_t *tlb; - hwaddr raddr; - target_ulong page, end; - int i; - - for (i = 0; i < env->nb_tlb; i++) { - tlb = &env->tlb.tlbe[i]; - if (ppcemb_tlb_check(env, tlb, &raddr, eaddr, pid, 0, i) == 0) { - end = tlb->EPN + tlb->size; - for (page = tlb->EPN; page < end; page += TARGET_PAGE_SIZE) { - tlb_flush_page(cs, page); - } - tlb->prot &= ~PAGE_VALID; - break; - } - } -#else - ppc4xx_tlb_invalidate_all(env); -#endif -} - static int mmu40x_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx, target_ulong address, int rw, int access_type) @@ -1972,25 +1946,10 @@ void ppc_tlb_invalidate_one(CPUPPCState *env, target_ulong addr) ppc6xx_tlb_invalidate_virt(env, addr, 1); } break; - case POWERPC_MMU_SOFT_4xx: - case POWERPC_MMU_SOFT_4xx_Z: - ppc4xx_tlb_invalidate_virt(env, addr, env->spr[SPR_40x_PID]); - break; - case POWERPC_MMU_REAL: - cpu_abort(CPU(cpu), "No TLB for PowerPC 4xx in real mode\n"); - break; - case POWERPC_MMU_MPC8xx: - /* XXX: TODO */ - cpu_abort(CPU(cpu), "MPC8xx MMU model is not implemented\n"); - break; case POWERPC_MMU_BOOKE: /* XXX: TODO */ cpu_abort(CPU(cpu), "BookE MMU model is not implemented\n"); break; - case POWERPC_MMU_BOOKE206: - /* XXX: TODO */ - cpu_abort(CPU(cpu), "BookE 2.06 MMU model is not implemented\n"); - break; case POWERPC_MMU_32B: case POWERPC_MMU_601: /* tlbie invalidate TLBs for all segments */ @@ -2032,9 +1991,8 @@ void ppc_tlb_invalidate_one(CPUPPCState *env, target_ulong addr) break; #endif /* defined(TARGET_PPC64) */ default: - /* XXX: TODO */ - cpu_abort(CPU(cpu), "Unknown MMU model\n"); - break; + /* Should never reach here with other MMU models */ + assert(0); } #else ppc_tlb_invalidate_all(env); From 4693364f31016cc08d79d1673c3f735a4f95fd89 Mon Sep 17 00:00:00 2001 From: David Gibson Date: Thu, 28 Jan 2016 10:31:04 +1100 Subject: [PATCH 35/40] target-ppc: Split 44x tlbiva from ppc_tlb_invalidate_one() Currently both the tlbiva instruction (used on 44x chips) and the tlbie instruction (used on hash MMU chips) are both handled via ppc_tlb_invalidate_one(). This is silly, because they're invoked from different places, and do different things. Clean this up by separating out the tlbiva instruction into its own handling. In fact the implementation is only a stub anyway. Signed-off-by: David Gibson Reviewed-by: Laurent Vivier Acked-by: Benjamin Herrenschmidt Reviewed-by: Alexander Graf --- target-ppc/helper.h | 1 + target-ppc/mmu_helper.c | 14 ++++++++++---- target-ppc/translate.c | 2 +- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/target-ppc/helper.h b/target-ppc/helper.h index 869be1509df0..e5a8f7b9b539 100644 --- a/target-ppc/helper.h +++ b/target-ppc/helper.h @@ -544,6 +544,7 @@ DEF_HELPER_2(74xx_tlbd, void, env, tl) DEF_HELPER_2(74xx_tlbi, void, env, tl) DEF_HELPER_FLAGS_1(tlbia, TCG_CALL_NO_RWG, void, env) DEF_HELPER_FLAGS_2(tlbie, TCG_CALL_NO_RWG, void, env, tl) +DEF_HELPER_FLAGS_2(tlbiva, TCG_CALL_NO_RWG, void, env, tl) #if defined(TARGET_PPC64) DEF_HELPER_FLAGS_3(store_slb, TCG_CALL_NO_RWG, void, env, tl, tl) DEF_HELPER_2(load_slb_esid, tl, env, tl) diff --git a/target-ppc/mmu_helper.c b/target-ppc/mmu_helper.c index 4343cb24de1d..de4e286eee7f 100644 --- a/target-ppc/mmu_helper.c +++ b/target-ppc/mmu_helper.c @@ -1946,10 +1946,6 @@ void ppc_tlb_invalidate_one(CPUPPCState *env, target_ulong addr) ppc6xx_tlb_invalidate_virt(env, addr, 1); } break; - case POWERPC_MMU_BOOKE: - /* XXX: TODO */ - cpu_abort(CPU(cpu), "BookE MMU model is not implemented\n"); - break; case POWERPC_MMU_32B: case POWERPC_MMU_601: /* tlbie invalidate TLBs for all segments */ @@ -2091,6 +2087,16 @@ void helper_tlbie(CPUPPCState *env, target_ulong addr) ppc_tlb_invalidate_one(env, addr); } +void helper_tlbiva(CPUPPCState *env, target_ulong addr) +{ + PowerPCCPU *cpu = ppc_env_get_cpu(env); + + /* tlbiva instruction only exists on BookE */ + assert(env->mmu_model == POWERPC_MMU_BOOKE); + /* XXX: TODO */ + cpu_abort(CPU(cpu), "BookE MMU model is not implemented\n"); +} + /* Software driven TLBs management */ /* PowerPC 602/603 software TLB load instructions helpers */ static void do_6xx_tlb(CPUPPCState *env, target_ulong new_EPN, int is_code) diff --git a/target-ppc/translate.c b/target-ppc/translate.c index 3beeb452a8bb..0219d38acec8 100644 --- a/target-ppc/translate.c +++ b/target-ppc/translate.c @@ -5905,7 +5905,7 @@ static void gen_tlbiva(DisasContext *ctx) } t0 = tcg_temp_new(); gen_addr_reg_index(ctx, t0); - gen_helper_tlbie(cpu_env, cpu_gpr[rB(ctx->opcode)]); + gen_helper_tlbiva(cpu_env, cpu_gpr[rB(ctx->opcode)]); tcg_temp_free(t0); #endif } From 61a36c9b5a12889994e6c45f4a175efcd63936db Mon Sep 17 00:00:00 2001 From: David Gibson Date: Fri, 15 Jan 2016 16:12:09 +1100 Subject: [PATCH 36/40] target-ppc: Add new TLB invalidate by HPTE call for hash64 MMUs When HPTEs are removed or modified by hypercalls on spapr, we need to invalidate the relevant pages in the qemu TLB. Currently we do that by doing some complicated calculations to work out the right encoding for the tlbie instruction, then passing that to ppc_tlb_invalidate_one()... which totally ignores the argument and flushes the whole tlb. Avoid that by adding a new flush-by-hpte helper in mmu-hash64.c. Signed-off-by: David Gibson Acked-by: Benjamin Herrenschmidt Reviewed-by: Alexander Graf --- hw/ppc/spapr_hcall.c | 46 ++++------------------------------------- target-ppc/mmu-hash64.c | 12 +++++++++++ target-ppc/mmu-hash64.h | 3 +++ 3 files changed, 19 insertions(+), 42 deletions(-) diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c index a53bd2feece2..0a8378c31491 100644 --- a/hw/ppc/spapr_hcall.c +++ b/hw/ppc/spapr_hcall.c @@ -38,42 +38,6 @@ static void set_spr(CPUState *cs, int spr, target_ulong value, run_on_cpu(cs, do_spr_sync, &s); } -static target_ulong compute_tlbie_rb(target_ulong v, target_ulong r, - target_ulong pte_index) -{ - target_ulong rb, va_low; - - rb = (v & ~0x7fULL) << 16; /* AVA field */ - va_low = pte_index >> 3; - if (v & HPTE64_V_SECONDARY) { - va_low = ~va_low; - } - /* xor vsid from AVA */ - if (!(v & HPTE64_V_1TB_SEG)) { - va_low ^= v >> 12; - } else { - va_low ^= v >> 24; - } - va_low &= 0x7ff; - if (v & HPTE64_V_LARGE) { - rb |= 1; /* L field */ -#if 0 /* Disable that P7 specific bit for now */ - if (r & 0xff000) { - /* non-16MB large page, must be 64k */ - /* (masks depend on page size) */ - rb |= 0x1000; /* page encoding in LP field */ - rb |= (va_low & 0x7f) << 16; /* 7b of VA in AVA/LP field */ - rb |= (va_low & 0xfe); /* AVAL field */ - } -#endif - } else { - /* 4kB page */ - rb |= (va_low & 0x7ff) << 12; /* remaining 11b of AVA */ - } - rb |= (v >> 54) & 0x300; /* B field */ - return rb; -} - static inline bool valid_pte_index(CPUPPCState *env, target_ulong pte_index) { /* @@ -199,7 +163,7 @@ static RemoveResult remove_hpte(PowerPCCPU *cpu, target_ulong ptex, { CPUPPCState *env = &cpu->env; uint64_t token; - target_ulong v, r, rb; + target_ulong v, r; if (!valid_pte_index(env, ptex)) { return REMOVE_PARM; @@ -218,8 +182,7 @@ static RemoveResult remove_hpte(PowerPCCPU *cpu, target_ulong ptex, *vp = v; *rp = r; ppc_hash64_store_hpte(cpu, ptex, HPTE64_V_HPTE_DIRTY, 0); - rb = compute_tlbie_rb(v, r, ptex); - ppc_tlb_invalidate_one(env, rb); + ppc_hash64_tlb_flush_hpte(cpu, ptex, v, r); return REMOVE_SUCCESS; } @@ -323,7 +286,7 @@ static target_ulong h_protect(PowerPCCPU *cpu, sPAPRMachineState *spapr, target_ulong pte_index = args[1]; target_ulong avpn = args[2]; uint64_t token; - target_ulong v, r, rb; + target_ulong v, r; if (!valid_pte_index(env, pte_index)) { return H_PARAMETER; @@ -344,10 +307,9 @@ static target_ulong h_protect(PowerPCCPU *cpu, sPAPRMachineState *spapr, r |= (flags << 55) & HPTE64_R_PP0; r |= (flags << 48) & HPTE64_R_KEY_HI; r |= flags & (HPTE64_R_PP | HPTE64_R_N | HPTE64_R_KEY_LO); - rb = compute_tlbie_rb(v, r, pte_index); ppc_hash64_store_hpte(cpu, pte_index, (v & ~HPTE64_V_VALID) | HPTE64_V_HPTE_DIRTY, 0); - ppc_tlb_invalidate_one(env, rb); + ppc_hash64_tlb_flush_hpte(cpu, pte_index, v, r); /* Don't need a memory barrier, due to qemu's global lock */ ppc_hash64_store_hpte(cpu, pte_index, v | HPTE64_V_HPTE_DIRTY, r); return H_SUCCESS; diff --git a/target-ppc/mmu-hash64.c b/target-ppc/mmu-hash64.c index f4c25b7d14fb..565a0f484add 100644 --- a/target-ppc/mmu-hash64.c +++ b/target-ppc/mmu-hash64.c @@ -708,3 +708,15 @@ void ppc_hash64_store_hpte(PowerPCCPU *cpu, env->htab_base + pte_index + HASH_PTE_SIZE_64 / 2, pte1); } } + +void ppc_hash64_tlb_flush_hpte(PowerPCCPU *cpu, + target_ulong pte_index, + target_ulong pte0, target_ulong pte1) +{ + /* + * XXX: given the fact that there are too many segments to + * invalidate, and we still don't have a tlb_flush_mask(env, n, + * mask) in QEMU, we just invalidate all TLBs + */ + tlb_flush(CPU(cpu), 1); +} diff --git a/target-ppc/mmu-hash64.h b/target-ppc/mmu-hash64.h index 24fd2c47ef94..293a9514dbc7 100644 --- a/target-ppc/mmu-hash64.h +++ b/target-ppc/mmu-hash64.h @@ -13,6 +13,9 @@ int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, target_ulong address, int rw, int mmu_idx); void ppc_hash64_store_hpte(PowerPCCPU *cpu, target_ulong index, target_ulong pte0, target_ulong pte1); +void ppc_hash64_tlb_flush_hpte(PowerPCCPU *cpu, + target_ulong pte_index, + target_ulong pte0, target_ulong pte1); #endif /* From 1114e712c998d6c6d888e8a22aab94e143ae3fd8 Mon Sep 17 00:00:00 2001 From: David Gibson Date: Wed, 27 Jan 2016 12:01:20 +1100 Subject: [PATCH 37/40] target-ppc: Helper to determine page size information from hpte alone h_enter() in the spapr code needs to know the page size of the HPTE it's about to insert. Unlike other paths that do this, it doesn't have access to the SLB, so at the moment it determines this with some open-coded tests which assume POWER7 or POWER8 page size encodings. To make this more flexible add ppc_hash64_hpte_page_shift_noslb() to determine both the "base" page size per segment, and the individual effective page size from an HPTE alone. This means that the spapr code should now be able to handle any page size listed in the env->sps table. Signed-off-by: David Gibson Acked-by: Benjamin Herrenschmidt Reviewed-by: Alexander Graf --- hw/ppc/spapr_hcall.c | 25 ++++++------------------- target-ppc/mmu-hash64.c | 35 +++++++++++++++++++++++++++++++++++ target-ppc/mmu-hash64.h | 3 +++ 3 files changed, 44 insertions(+), 19 deletions(-) diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c index 0a8378c31491..12f8c33db78f 100644 --- a/hw/ppc/spapr_hcall.c +++ b/hw/ppc/spapr_hcall.c @@ -73,31 +73,18 @@ static target_ulong h_enter(PowerPCCPU *cpu, sPAPRMachineState *spapr, target_ulong pte_index = args[1]; target_ulong pteh = args[2]; target_ulong ptel = args[3]; - target_ulong page_shift = 12; + unsigned apshift, spshift; target_ulong raddr; target_ulong index; uint64_t token; - /* only handle 4k and 16M pages for now */ - if (pteh & HPTE64_V_LARGE) { -#if 0 /* We don't support 64k pages yet */ - if ((ptel & 0xf000) == 0x1000) { - /* 64k page */ - } else -#endif - if ((ptel & 0xff000) == 0) { - /* 16M page */ - page_shift = 24; - /* lowest AVA bit must be 0 for 16M pages */ - if (pteh & 0x80) { - return H_PARAMETER; - } - } else { - return H_PARAMETER; - } + apshift = ppc_hash64_hpte_page_shift_noslb(cpu, pteh, ptel, &spshift); + if (!apshift) { + /* Bad page size encoding */ + return H_PARAMETER; } - raddr = (ptel & HPTE64_R_RPN) & ~((1ULL << page_shift) - 1); + raddr = (ptel & HPTE64_R_RPN) & ~((1ULL << apshift) - 1); if (is_ram_address(spapr, raddr)) { /* Regular RAM - should have WIMG=0010 */ diff --git a/target-ppc/mmu-hash64.c b/target-ppc/mmu-hash64.c index 565a0f484add..6d110ee3428c 100644 --- a/target-ppc/mmu-hash64.c +++ b/target-ppc/mmu-hash64.c @@ -513,6 +513,41 @@ static unsigned hpte_page_shift(const struct ppc_one_seg_page_size *sps, return 0; /* Bad page size encoding */ } +unsigned ppc_hash64_hpte_page_shift_noslb(PowerPCCPU *cpu, + uint64_t pte0, uint64_t pte1, + unsigned *seg_page_shift) +{ + CPUPPCState *env = &cpu->env; + int i; + + if (!(pte0 & HPTE64_V_LARGE)) { + *seg_page_shift = 12; + return 12; + } + + /* + * The encodings in env->sps need to be carefully chosen so that + * this gives an unambiguous result. + */ + for (i = 0; i < PPC_PAGE_SIZES_MAX_SZ; i++) { + const struct ppc_one_seg_page_size *sps = &env->sps.sps[i]; + unsigned shift; + + if (!sps->page_shift) { + break; + } + + shift = hpte_page_shift(sps, pte0, pte1); + if (shift) { + *seg_page_shift = sps->page_shift; + return shift; + } + } + + *seg_page_shift = 0; + return 0; +} + int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, target_ulong eaddr, int rwx, int mmu_idx) { diff --git a/target-ppc/mmu-hash64.h b/target-ppc/mmu-hash64.h index 293a9514dbc7..34cf9754844b 100644 --- a/target-ppc/mmu-hash64.h +++ b/target-ppc/mmu-hash64.h @@ -16,6 +16,9 @@ void ppc_hash64_store_hpte(PowerPCCPU *cpu, target_ulong index, void ppc_hash64_tlb_flush_hpte(PowerPCCPU *cpu, target_ulong pte_index, target_ulong pte0, target_ulong pte1); +unsigned ppc_hash64_hpte_page_shift_noslb(PowerPCCPU *cpu, + uint64_t pte0, uint64_t pte1, + unsigned *seg_page_shift); #endif /* From a8891fbf216b643586937f01bb7478e4e5a319f8 Mon Sep 17 00:00:00 2001 From: David Gibson Date: Fri, 15 Jan 2016 17:54:42 +1100 Subject: [PATCH 38/40] target-ppc: Allow more page sizes for POWER7 & POWER8 in TCG Now that the TCG and spapr code has been extended to allow (semi-) arbitrary page encodings in the CPU's 'sps' table, we can add the many page sizes supported by real POWER7 and POWER8 hardware that we previously didn't support in TCG. Signed-off-by: David Gibson Acked-by: Benjamin Herrenschmidt Reviewed-by: Alexander Graf --- target-ppc/mmu-hash64.h | 2 ++ target-ppc/translate_init.c | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/target-ppc/mmu-hash64.h b/target-ppc/mmu-hash64.h index 34cf9754844b..ab0f86b22243 100644 --- a/target-ppc/mmu-hash64.h +++ b/target-ppc/mmu-hash64.h @@ -48,6 +48,8 @@ unsigned ppc_hash64_hpte_page_shift_noslb(PowerPCCPU *cpu, #define SLB_VSID_LLP_MASK (SLB_VSID_L | SLB_VSID_LP) #define SLB_VSID_4K 0x0000000000000000ULL #define SLB_VSID_64K 0x0000000000000110ULL +#define SLB_VSID_16M 0x0000000000000100ULL +#define SLB_VSID_16G 0x0000000000000120ULL /* * Hash page table definitions diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c index 4d71a5d0c6c5..cdd18ac630ce 100644 --- a/target-ppc/translate_init.c +++ b/target-ppc/translate_init.c @@ -8105,6 +8105,36 @@ static Property powerpc_servercpu_properties[] = { DEFINE_PROP_END_OF_LIST(), }; +#ifdef CONFIG_SOFTMMU +static const struct ppc_segment_page_sizes POWER7_POWER8_sps = { + .sps = { + { + .page_shift = 12, /* 4K */ + .slb_enc = 0, + .enc = { { .page_shift = 12, .pte_enc = 0 }, + { .page_shift = 16, .pte_enc = 0x7 }, + { .page_shift = 24, .pte_enc = 0x38 }, }, + }, + { + .page_shift = 16, /* 64K */ + .slb_enc = SLB_VSID_64K, + .enc = { { .page_shift = 16, .pte_enc = 0x1 }, + { .page_shift = 24, .pte_enc = 0x8 }, }, + }, + { + .page_shift = 24, /* 16M */ + .slb_enc = SLB_VSID_16M, + .enc = { { .page_shift = 24, .pte_enc = 0 }, }, + }, + { + .page_shift = 34, /* 16G */ + .slb_enc = SLB_VSID_16G, + .enc = { { .page_shift = 34, .pte_enc = 0x3 }, }, + }, + } +}; +#endif /* CONFIG_SOFTMMU */ + static void init_proc_POWER7 (CPUPPCState *env) { init_proc_book3s_64(env, BOOK3S_CPU_POWER7); @@ -8168,6 +8198,7 @@ POWERPC_FAMILY(POWER7)(ObjectClass *oc, void *data) pcc->mmu_model = POWERPC_MMU_2_06; #if defined(CONFIG_SOFTMMU) pcc->handle_mmu_fault = ppc_hash64_handle_mmu_fault; + pcc->sps = &POWER7_POWER8_sps; #endif pcc->excp_model = POWERPC_EXCP_POWER7; pcc->bus_model = PPC_FLAGS_INPUT_POWER7; @@ -8248,6 +8279,7 @@ POWERPC_FAMILY(POWER8)(ObjectClass *oc, void *data) pcc->mmu_model = POWERPC_MMU_2_07; #if defined(CONFIG_SOFTMMU) pcc->handle_mmu_fault = ppc_hash64_handle_mmu_fault; + pcc->sps = &POWER7_POWER8_sps; #endif pcc->excp_model = POWERPC_EXCP_POWER7; pcc->bus_model = PPC_FLAGS_INPUT_POWER7; From fc03cfef8b1f2d855c96fd6942914f5104b57e71 Mon Sep 17 00:00:00 2001 From: James Clarke Date: Sun, 24 Jan 2016 15:41:25 +0000 Subject: [PATCH 39/40] target-ppc: Make every FPSCR_ macro have a corresponding FP_ macro Signed-off-by: James Clarke Signed-off-by: David Gibson --- target-ppc/cpu.h | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h index 082039006f68..f300c8613c0a 100644 --- a/target-ppc/cpu.h +++ b/target-ppc/cpu.h @@ -687,24 +687,37 @@ enum { #define FP_FX (1ull << FPSCR_FX) #define FP_FEX (1ull << FPSCR_FEX) +#define FP_VX (1ull << FPSCR_VX) #define FP_OX (1ull << FPSCR_OX) -#define FP_OE (1ull << FPSCR_OE) #define FP_UX (1ull << FPSCR_UX) -#define FP_UE (1ull << FPSCR_UE) -#define FP_XX (1ull << FPSCR_XX) -#define FP_XE (1ull << FPSCR_XE) #define FP_ZX (1ull << FPSCR_ZX) -#define FP_ZE (1ull << FPSCR_ZE) -#define FP_VX (1ull << FPSCR_VX) +#define FP_XX (1ull << FPSCR_XX) #define FP_VXSNAN (1ull << FPSCR_VXSNAN) #define FP_VXISI (1ull << FPSCR_VXISI) -#define FP_VXIMZ (1ull << FPSCR_VXIMZ) -#define FP_VXZDZ (1ull << FPSCR_VXZDZ) #define FP_VXIDI (1ull << FPSCR_VXIDI) +#define FP_VXZDZ (1ull << FPSCR_VXZDZ) +#define FP_VXIMZ (1ull << FPSCR_VXIMZ) #define FP_VXVC (1ull << FPSCR_VXVC) +#define FP_FR (1ull << FSPCR_FR) +#define FP_FI (1ull << FPSCR_FI) +#define FP_C (1ull << FPSCR_C) +#define FP_FL (1ull << FPSCR_FL) +#define FP_FG (1ull << FPSCR_FG) +#define FP_FE (1ull << FPSCR_FE) +#define FP_FU (1ull << FPSCR_FU) +#define FP_FPCC (FP_FL | FP_FG | FP_FE | FP_FU) +#define FP_FPRF (FP_C | FP_FL | FP_FG | FP_FE | FP_FU) +#define FP_VXSOFT (1ull << FPSCR_VXSOFT) +#define FP_VXSQRT (1ull << FPSCR_VXSQRT) #define FP_VXCVI (1ull << FPSCR_VXCVI) #define FP_VE (1ull << FPSCR_VE) -#define FP_FI (1ull << FPSCR_FI) +#define FP_OE (1ull << FPSCR_OE) +#define FP_UE (1ull << FPSCR_UE) +#define FP_ZE (1ull << FPSCR_ZE) +#define FP_XE (1ull << FPSCR_XE) +#define FP_NI (1ull << FPSCR_NI) +#define FP_RN1 (1ull << FPSCR_RN1) +#define FP_RN (1ull << FPSCR_RN) /*****************************************************************************/ /* Vector status and control register */ From d1277156b5d3df6d75d138a7eec6ff80934cdcec Mon Sep 17 00:00:00 2001 From: James Clarke Date: Fri, 29 Jan 2016 18:40:21 +0000 Subject: [PATCH 40/40] target-ppc: mcrfs should always update FEX/VX and only clear exception bits Here is the description of the mcrfs instruction from the PowerPC Architecture Book, Version 2.02, Book I: PowerPC User Instruction Set Architecture (http://www.ibm.com/developerworks/systems/library/es-archguide-v2.html), found on page 120: The contents of FPSCR field BFA are copied to Condition Register field BF. All exception bits copied are set to 0 in the FPSCR. If the FX bit is copied, it is set to 0 in the FPSCR. Special Registers Altered: CR field BF FX OX (if BFA=0) UX ZX XX VXSNAN (if BFA=1) VXISI VXIDI VXZDZ VXIMZ (if BFA=2) VXVC (if BFA=3) VXSOFT VXSQRT VXCVI (if BFA=5) However, currently every bit in FPSCR field BFA is set to 0, including ones not on that list. This can be seen in the following simple C program: #include #include int main(int argc, char **argv) { int ret; ret = fegetround(); printf("Current rounding: %d\n", ret); ret = fesetround(FE_UPWARD); printf("Setting to FE_UPWARD (%d): %d\n", FE_UPWARD, ret); ret = fegetround(); printf("Current rounding: %d\n", ret); ret = fegetround(); printf("Current rounding: %d\n", ret); return 0; } which gave the output (before this commit): Current rounding: 0 Setting to FE_UPWARD (2): 0 Current rounding: 2 Current rounding: 0 instead of (after this commit): Current rounding: 0 Setting to FE_UPWARD (2): 0 Current rounding: 2 Current rounding: 2 The relevant disassembly is in fegetround(), which, on my system, is: __GI___fegetround: <+0>: mcrfs cr7, cr7 <+4>: mfcr r3 <+8>: clrldi r3, r3, 62 <+12>: blr What happens is that, the first time fegetround() is called, FPSCR field 7 is retrieved. However, because of the bug in mcrfs, the entirety of field 7 is set to 0, which includes the rounding mode. There are other issues this will fix, such as condition flags not persisting when they should if read, and if you were to read a specific field with some exception bits set, but no others were set in the entire register, then the bits would be cleared correctly, but FEX/VX would not be updated to 0 as they should be. Signed-off-by: James Clarke Signed-off-by: David Gibson --- target-ppc/cpu.h | 6 ++++++ target-ppc/translate.c | 21 +++++++++++++++++---- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h index f300c8613c0a..892f4dc94941 100644 --- a/target-ppc/cpu.h +++ b/target-ppc/cpu.h @@ -719,6 +719,12 @@ enum { #define FP_RN1 (1ull << FPSCR_RN1) #define FP_RN (1ull << FPSCR_RN) +/* the exception bits which can be cleared by mcrfs - includes FX */ +#define FP_EX_CLEAR_BITS (FP_FX | FP_OX | FP_UX | FP_ZX | \ + FP_XX | FP_VXSNAN | FP_VXISI | FP_VXIDI | \ + FP_VXZDZ | FP_VXIMZ | FP_VXVC | FP_VXSOFT | \ + FP_VXSQRT | FP_VXCVI) + /*****************************************************************************/ /* Vector status and control register */ #define VSCR_NJ 16 /* Vector non-java */ diff --git a/target-ppc/translate.c b/target-ppc/translate.c index 0219d38acec8..7db3145cff7e 100644 --- a/target-ppc/translate.c +++ b/target-ppc/translate.c @@ -2501,18 +2501,31 @@ static void gen_fmrgow(DisasContext *ctx) static void gen_mcrfs(DisasContext *ctx) { TCGv tmp = tcg_temp_new(); + TCGv_i32 tmask; + TCGv_i64 tnew_fpscr = tcg_temp_new_i64(); int bfa; + int nibble; + int shift; if (unlikely(!ctx->fpu_enabled)) { gen_exception(ctx, POWERPC_EXCP_FPU); return; } - bfa = 4 * (7 - crfS(ctx->opcode)); - tcg_gen_shri_tl(tmp, cpu_fpscr, bfa); + bfa = crfS(ctx->opcode); + nibble = 7 - bfa; + shift = 4 * nibble; + tcg_gen_shri_tl(tmp, cpu_fpscr, shift); tcg_gen_trunc_tl_i32(cpu_crf[crfD(ctx->opcode)], tmp); - tcg_temp_free(tmp); tcg_gen_andi_i32(cpu_crf[crfD(ctx->opcode)], cpu_crf[crfD(ctx->opcode)], 0xf); - tcg_gen_andi_tl(cpu_fpscr, cpu_fpscr, ~(0xF << bfa)); + tcg_temp_free(tmp); + tcg_gen_extu_tl_i64(tnew_fpscr, cpu_fpscr); + /* Only the exception bits (including FX) should be cleared if read */ + tcg_gen_andi_i64(tnew_fpscr, tnew_fpscr, ~((0xF << shift) & FP_EX_CLEAR_BITS)); + /* FEX and VX need to be updated, so don't set fpscr directly */ + tmask = tcg_const_i32(1 << nibble); + gen_helper_store_fpscr(cpu_env, tnew_fpscr, tmask); + tcg_temp_free_i32(tmask); + tcg_temp_free_i64(tnew_fpscr); } /* mffs */