[PULL 3/3] ppc/mmu_helper.c: do not truncate 'ea' in booke206_invalidate_ea_tlb()

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Cédric Le Goater" <clg@kaod.org>
To: <qemu-ppc@nongnu.org>, <qemu-devel@nongnu.org>,
	Greg Kurz <groug@kaod.org>
Cc: "Cédric Le Goater" <clg@kaod.org>,
	"Daniel Henrique Barboza" <danielhb413@gmail.com>,
	"Philippe Mathieu-Daudé" <f4bug@amsat.org>,
	"David Gibson" <david@gibson.dropbear.id.au>
Subject: [PULL 3/3] ppc/mmu_helper.c: do not truncate 'ea' in booke206_invalidate_ea_tlb()
Date: Fri, 12 Nov 2021 12:15:43 +0100	[thread overview]
Message-ID: <20211112111543.2556837-4-clg@kaod.org> (raw)
In-Reply-To: <20211112111543.2556837-1-clg@kaod.org>

From: Daniel Henrique Barboza <danielhb413@gmail.com>

'tlbivax' is implemented by gen_tlbivax_booke206() via
gen_helper_booke206_tlbivax(). In case the TLB needs to be flushed,
booke206_invalidate_ea_tlb() is called. All these functions, but
booke206_invalidate_ea_tlb(), uses a 64-bit effective address 'ea'.

booke206_invalidate_ea_tlb() uses an uint32_t 'ea' argument that
truncates the original 'ea' value for apparently no particular reason.
This function retrieves the tlb pointer by calling booke206_get_tlbm(),
which also uses a target_ulong address as parameter - in this case, a
truncated 'ea' address. All the surrounding logic considers the
effective TLB address as a 64 bit value, aside from the signature of
booke206_invalidate_ea_tlb().

Last but not the least, PowerISA 2.07B section 6.11.4.9 [2] makes it
clear that the effective address "EA" is a 64 bit value.

Commit 01662f3e5133 introduced this code and no changes were made ever
since. An user detected a problem with tlbivax [1] stating that this
address truncation was the cause. This same behavior might be the source
of several subtle bugs that were never caught.

For all these reasons, this patch assumes that this address truncation
is the result of a mistake/oversight of the original commit, and changes
booke206_invalidate_ea_tlb() 'ea' argument to 'vaddr'.

[1] https://gitlab.com/qemu-project/qemu/-/issues/52
[2] https://wiki.raptorcs.com/wiki/File:PowerISA_V2.07B.pdf

Fixes: 01662f3e5133 ("PPC: Implement e500 (FSL) MMU")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/52
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
---
 target/ppc/mmu_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
index 2cb98c516987..e0c4950dda53 100644
--- a/target/ppc/mmu_helper.c
+++ b/target/ppc/mmu_helper.c
@@ -1216,7 +1216,7 @@ void helper_booke206_tlbsx(CPUPPCState *env, target_ulong address)
 }

 static inline void booke206_invalidate_ea_tlb(CPUPPCState *env, int tlbn,
-                                              uint32_t ea)
+                                              vaddr ea)
 {
     int i;
     int ways = booke206_tlb_ways(env, tlbn);
-- 
2.31.1

next prev parent reply	other threads:[~2021-11-12 11:17 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-12 11:15 [PULL 0/3] ppc 6.2 queue Cédric Le Goater
2021-11-12 11:15 ` [PULL 1/3] target/ppc: Fix register update on lf[sd]u[x]/stf[sd]u[x] Cédric Le Goater
2021-11-12 11:15 ` [PULL 2/3] spapr_numa.c: fix FORM1 distance-less nodes Cédric Le Goater
2021-11-12 11:15 ` Cédric Le Goater [this message]
2021-11-12 13:30 ` [PULL 0/3] ppc 6.2 queue Richard Henderson

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:2cb98c51698 dfblob:e0c4950dda5 )
 OR (
bs:"[PULL 3/3] ppc/mmu_helper.c: do not truncate 'ea' in booke206_invalidate_ea_tlb()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211112111543.2556837-4-clg@kaod.org \
    --to=clg@kaod.org \
    --cc=danielhb413@gmail.com \
    --cc=david@gibson.dropbear.id.au \
    --cc=f4bug@amsat.org \
    --cc=groug@kaod.org \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-ppc@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).