Re: [Qemu-devel] [RFC PATCH 2/2] target-ppc: fix interrupt vectors address migration

[David Gibson <david@gibson.dropbear.id.au>]

[-- Attachment #1: Type: text/plain, Size: 3098 bytes --]

On Mon, Mar 21, 2016 at 03:02:08PM +0100, Cédric Le Goater wrote:
> commit 2360b6e84f78 ("target-ppc: force update of msr bits in
> cpu_post_load") introduced a change to restore env->excp_prefix of a
> guest which could have altered its MSR_EP. To do this, cpu_post_load()
> invalidates msr and then calls ppc_store_msr() with the expected value
> in argument.
> 
> The problem is that ppc_store_msr() relies on a 'valid' current msr
> before changing its value. The MSR_HVB and MSR_TGPR bits are excluded
> from the msr reset to keep the checks valid but the MSR_IR, MSR_DR,
> MSR_EP bits which are also used through the msr_{ir,dr,ep} macros, are
> reseted.
> 
> This is an issue for CPUs not using MSR_EP, on the spapr platform for
> instance but all book3s are impacted. If excp_prefix is restored to
> some value, it will be reseted by this call, causing an ISEG exception
> on spapr guests.
> 
> This patch proposal is to test the msr_mask before actually testing
> the MSR_EP bit and protect excp_prefix.
> 
> Signed-off-by: Cédric Le Goater <clg@fr.ibm.com>
> ---
> 
>  Should we just move the test in cpu_post_load() and not reset MSR_EP
>  if it is not present in msr_mask ? like this is done for MSR_HVB and
>  MSR_TGPR. I think this is making assumptions on what ppc_store_msr()
>  is up to though.
> 
>  Maybe we could add a POWERPC_FLAGS_ for this purpose ? or test the
>  excp_model ?
>  
>  There is room for improvement in ppc_store_msr(). It might need a new
>  helper like ppc_restore_msr() ?
> 
>  Suggestions welcomed.

So, IIUC, in spapr MSR[EP] can't be set with mtmsr or rfid, but can be
set with H_SET_MODE?

I think what we need to do is to make sure the full MSR value is
migrated then, even if EP is not in the msr_mask.  Once that's done,
we should be able to correctly calculate excp_prefix from the MSR
value after migration.

Or am I missing something?

>  target-ppc/helper_regs.h | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/target-ppc/helper_regs.h b/target-ppc/helper_regs.h
> index 271fddf17f0a..2a72e000ed83 100644
> --- a/target-ppc/helper_regs.h
> +++ b/target-ppc/helper_regs.h
> @@ -92,9 +92,11 @@ static inline int hreg_store_msr(CPUPPCState *env, target_ulong value,
>          /* Swap temporary saved registers with GPRs */
>          hreg_swap_gpr_tgpr(env);
>      }
> -    if (unlikely((value >> MSR_EP) & 1) != msr_ep) {
> -        /* Change the exception prefix on PowerPC 601 */
> -        env->excp_prefix = ((value >> MSR_EP) & 1) * 0xFFF00000;
> +    if ((env->msr_mask >> MSR_EP) & 1) {
> +        if (unlikely((value >> MSR_EP) & 1) != msr_ep) {
> +            /* Change the exception prefix on PowerPC 601 */
> +            env->excp_prefix = ((value >> MSR_EP) & 1) * 0xFFF00000;
> +        }
>      }
>  #endif
>      env->msr = value;

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]