From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LMtFI-0008P3-6G
	for qemu-devel@nongnu.org; Tue, 13 Jan 2009 19:04:32 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LMtFD-0008Nz-Fw
	for qemu-devel@nongnu.org; Tue, 13 Jan 2009 19:04:30 -0500
Received: from [199.232.76.173] (port=37838 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LMtFD-0008Nv-DK
	for qemu-devel@nongnu.org; Tue, 13 Jan 2009 19:04:27 -0500
Received: from cdptpa-omtalb.mail.rr.com ([75.180.132.123]:51651)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <acmay@acmay.homeip.net>) id 1LMtFD-0008FS-77
	for qemu-devel@nongnu.org; Tue, 13 Jan 2009 19:04:27 -0500
Received: from localhost.localdomain ([76.88.95.122])
	by cdptpa-omta06.mail.rr.com with ESMTP id
	<20090114000425.HZZP93.cdptpa-omta06.mail.rr.com@localhost.localdomain>
	for <qemu-devel@nongnu.org>; Wed, 14 Jan 2009 00:04:25 +0000
Date: Tue, 13 Jan 2009 16:04:18 -0800
From: Andrew May <acmay@acmay.homeip.net>
Message-ID: <20090113160418.225e5362@acmay.homeip.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] 4xx wrtee instructions
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

When I try to boot a PPC 4xx linux kernel it fails somewhere after
expanding the ramdisk with:
"qemu: fatal: Trying to execute code outside RAM or ROM at 0xc007c70c"

It seems that the "wrteei" instruction is unsetting the address
translate bits in the MSR. This patch seems to fix it, and I think it
is correct, to and with the "not" of the bit instead of the bit itself
to disable interrupts.

The qemu log file doesn't display the correct instructions, but that
doesn't seem to be a problem.
====================
IN: 
0xc000d0cc:  mfmsr      r5
0xc000d0d0:  mfspr      r6,945
0xc000d0d4:  .long 0x7c000146
0xc000d0d8:  mtspr      945,r4
0xc000d0dc:  .long 0x7c601f25
0xc000d0e0:  mtspr      945,r6
0xc000d0e4:  .long 0x7ca00106
=======================

Please CC me since I am not on the list.

Here is the patch.
==========
diff --git a/trunk/target-ppc/translate.c b/trunk/target-ppc/translate.c
--- a/trunk/target-ppc/translate.c
+++ b/trunk/target-ppc/translate.c
@@ -6050,7 +6050,7 @@ GEN_HANDLER(wrteei, 0x1F, 0x03, 0x05, 0x000EFC01, PPC_WRTEE)
         /* Stop translation to have a chance to raise an exception */
         gen_stop_exception(ctx);
     } else {
-        tcg_gen_andi_tl(cpu_msr, cpu_msr, (1 << MSR_EE));
+        tcg_gen_andi_tl(cpu_msr, cpu_msr, ~(1 << MSR_EE));
     }
 #endif
 }