From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1L9bJU-0006hb-Gf for qemu-devel@nongnu.org; Mon, 08 Dec 2008 03:17:56 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1L9bJS-0006dW-0R for qemu-devel@nongnu.org; Mon, 08 Dec 2008 03:17:55 -0500 Received: from [199.232.76.173] (port=42749 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1L9bJR-0006dC-Pt for qemu-devel@nongnu.org; Mon, 08 Dec 2008 03:17:53 -0500 Received: from mx20.gnu.org ([199.232.41.8]:61801) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1L9bJR-0007dn-CC for qemu-devel@nongnu.org; Mon, 08 Dec 2008 03:17:53 -0500 Received: from cdptpa-omtalb.mail.rr.com ([75.180.132.123]) by mx20.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1L9bJQ-0002XL-N4 for qemu-devel@nongnu.org; Mon, 08 Dec 2008 03:17:52 -0500 Received: from localhost.localdomain ([76.88.95.122]) by cdptpa-omta03.mail.rr.com with ESMTP id <20081208081743.BDQY5190.cdptpa-omta03.mail.rr.com@localhost.localdomain> for ; Mon, 8 Dec 2008 08:17:43 +0000 Date: Mon, 8 Dec 2008 00:17:35 -0800 From: Andrew May Message-ID: <20081208001735.0244e189@acmay.homeip.net> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="MP_/Q5A5E5Ay=/FzB3QM1KglJd7" Subject: [Qemu-devel] 4xx TLB fixes Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org --MP_/Q5A5E5Ay=/FzB3QM1KglJd7 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline I don't all the details of the 4xx MMU stuff, but I think these 2 fixes for the tlb handling are correct. One is to ignore the Little endian bit if the page isn't valid. The linux code reuses the registers when it invalidates a mapping. So any invalidate of mappings 32-63, would trigger the abort. The 2nd fix is to handle a change of a mapping from read-only to read-write. I think the invalid is needed after this, but I am not sure. With these my kernel boots, and starts to run userspace. But there it doesn't finish running init. But my userspace FS may not be correct. --MP_/Q5A5E5Ay=/FzB3QM1KglJd7 Content-Type: text/x-patch; name=4xx_tlb.patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=4xx_tlb.patch diff --git a/trunk/target-ppc/op_helper.c b/trunk/target-ppc/op_helper.c --- a/trunk/target-ppc/op_helper.c +++ b/trunk/target-ppc/op_helper.c @@ -2806,7 +2806,7 @@ void do_4xx_tlbwe_hi (void) tlb->prot |= PAGE_VALID; else tlb->prot &= ~PAGE_VALID; - if (T1 & 0x20) { + if (T1 & 0x40 && T1 & 0x20) { /* XXX: TO BE FIXED */ cpu_abort(env, "Little-endian TLB entries are not supported by now\n"); } @@ -2849,11 +2849,20 @@ void do_4xx_tlbwe_lo (void) T0 &= 0x3F; tlb = &env->tlb[T0].tlbe; tlb->RPN = T1 & 0xFFFFFC00; - tlb->prot = PAGE_READ; + tlb->prot &= ~(PAGE_EXEC | PAGE_WRITE); + tlb->prot |= PAGE_READ; if (T1 & 0x200) tlb->prot |= PAGE_EXEC; if (T1 & 0x100) tlb->prot |= PAGE_WRITE; + + /* If the page is valid flush it for the prot change */ + if (tlb->prot & PAGE_VALID) { + target_ulong page, end; + end = tlb->EPN + tlb->size; + for (page = tlb->EPN; page < end; page += TARGET_PAGE_SIZE) + tlb_flush_page(env, page); + } #if defined (DEBUG_SOFTWARE_TLB) if (loglevel != 0) { fprintf(logfile, "%s: set up TLB %d RPN " PADDRX " EPN " ADDRX --MP_/Q5A5E5Ay=/FzB3QM1KglJd7--