[Qemu-devel] [PATCH 2/9] ppc: Fix tlb invalidations on 6xx/7xx/7xxx 32-bit processors

[Benjamin Herrenschmidt <benh@kernel.crashing.org>]

The processor only uses some bits of the address and invalidates an
entire congruence class. Some OSes such as Darwin and HelenOS take
advantage of this and occasionally invalidate the entire TLB by just
doing a series of 64 consecutive tlbie for example.

Our code tries to be too smart here only invalidating a segment
congruence class (ie, allowing more address bits to be relevant
in the invalidation), this fails miserably on those OSes.

Instead don't bother, do like ppc64 and blow the whole tlb when tlbie
is executed.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
---
 target-ppc/mmu_helper.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/target-ppc/mmu_helper.c b/target-ppc/mmu_helper.c
index f5c4e69..a5e3878 100644
--- a/target-ppc/mmu_helper.c
+++ b/target-ppc/mmu_helper.c
@@ -1969,6 +1969,11 @@ void ppc_tlb_invalidate_one(CPUPPCState *env, target_ulong addr)
         /* XXX: this case should be optimized,
          * giving a mask to tlb_flush_page
          */
+        /* This is broken, some CPUs invalidate a whole congruence
+         * class on an even smaller subset of bits and some OSes take
+         * advantage of this. Just blow the whole thing away.
+         */
+#if 0
         tlb_flush_page(cs, addr | (0x0 << 28));
         tlb_flush_page(cs, addr | (0x1 << 28));
         tlb_flush_page(cs, addr | (0x2 << 28));
@@ -1985,6 +1990,9 @@ void ppc_tlb_invalidate_one(CPUPPCState *env, target_ulong addr)
         tlb_flush_page(cs, addr | (0xD << 28));
         tlb_flush_page(cs, addr | (0xE << 28));
         tlb_flush_page(cs, addr | (0xF << 28));
+#else
+        tlb_flush(cs, 1);
+#endif
         break;
 #if defined(TARGET_PPC64)
     case POWERPC_MMU_64B:
-- 
2.5.5