[PULL v2 00/63] ppc queue

[PULL v2 00/63] ppc queue

[Daniel Henrique Barboza]

v2: add a Radix MMU regression fix patch (63) and fixed 32 bit builds by
using memory_region_size() in patch 62. Thanks,

Daniel

The following changes since commit 344744e148e6e865f5a57e745b02a87e5ea534ad:

  Merge tag 'dump-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging (2022-10-26 10:53:49 -0400)

are available in the Git repository at:

  https://gitlab.com/danielhb/qemu.git tags/pull-ppc-20221029

for you to fetch changes up to fb22d743b93b49b73930aff40d3ba9d252f81a56:

  target/ppc: Fix regression in Radix MMU (2022-10-29 06:34:52 -0300)

----------------------------------------------------------------
ppc patch queue for 2022-10-29:

This queue has the second part of the ppc4xx_sdram cleanups, doorbell
instructions for POWER8,  new pflash handling for the e500 machine and a
Radix MMU regression fix.

It also has a lot of performance optimizations in the PowerPC emulation
done by the researchers of the Eldorado institute. Between using gvec
for VMX/VSX instructions, a full rework of the interrupt model and PMU
optimizations, they managed to drastically speed up the emulation of
powernv8/9/10 machines.  Here's an example with avocado tests:

- with master:

tests/avocado/boot_linux_console.py:BootLinuxConsole.test_ppc_powernv8:
PASS (38.89 s)
tests/avocado/boot_linux_console.py:BootLinuxConsole.test_ppc_powernv9:
PASS (43.89 s)

- with this queue applied:

tests/avocado/boot_linux_console.py:BootLinuxConsole.test_ppc_powernv8:
PASS (21.23 s)
tests/avocado/boot_linux_console.py:BootLinuxConsole.test_ppc_powernv9:
PASS (22.58 s)

Other ppc machines, like pseries, also had a noticeable performance
boost.

----------------------------------------------------------------
BALATON Zoltan (8):
      ppc440_uc.c: Move DDR2 SDRAM controller model to ppc4xx_sdram.c
      ppc4xx_devs.c: Move DDR SDRAM controller model to ppc4xx_sdram.c
      ppc4xx_sdram: Move ppc4xx_sdram_banks() to ppc4xx_sdram.c
      ppc4xx_sdram: Use hwaddr for memory bank size
      ppc4xx_sdram: Rename local state variable for brevity
      ppc4xx_sdram: Generalise bank setup
      ppc4xx_sdram: Convert DDR SDRAM controller to new bank handling
      ppc4xx_sdram: Add errp parameter to ppc4xx_sdram_banks()

Bernhard Beschow (5):
      docs/system/ppc/ppce500: Use qemu-system-ppc64 across the board(s)
      hw/block/pflash_cfi0{1, 2}: Error out if device length isn't a power of two
      hw/sd/sdhci-internal: Unexport ESDHC defines
      hw/sd/sdhci: Rename ESDHC_* defines to USDHC_*
      hw/ppc/e500: Implement pflash handling

Leandro Lupori (3):
      target/ppc: Add new PMC HFLAGS
      target/ppc: Increment PMC5 with inline insns
      target/ppc: Fix regression in Radix MMU

Lucas Mateus Castro (alqotel) (12):
      target/ppc: Moved VMLADDUHM to decodetree and use gvec
      target/ppc: Move VMH[R]ADDSHS instruction to decodetree
      target/ppc: Move V(ADD|SUB)CUW to decodetree and use gvec
      target/ppc: Move VNEG[WD] to decodtree and use gvec
      target/ppc: Move VPRTYB[WDQ] to decodetree and use gvec
      target/ppc: Move VAVG[SU][BHW] to decodetree and use gvec
      target/ppc: Move VABSDU[BHW] to decodetree and use gvec
      target/ppc: Use gvec to decode XV[N]ABS[DS]P/XVNEG[DS]P
      target/ppc: Use gvec to decode XVCPSGN[SD]P
      target/ppc: Moved XVTSTDC[DS]P to decodetree
      target/ppc: Moved XSTSTDC[QDS]P to decodetree
      target/ppc: Use gvec to decode XVTSTDC[DS]P

Matheus Ferst (35):
      target/ppc: fix msgclr/msgsnd insns flags
      target/ppc: fix msgsync insns flags
      target/ppc: fix REQUIRE_HV macro definition
      target/ppc: move msgclr/msgsnd to decodetree
      target/ppc: move msgclrp/msgsndp to decodetree
      target/ppc: move msgsync to decodetree
      target/ppc: define PPC_INTERRUPT_* values directly
      target/ppc: always use ppc_set_irq to set env->pending_interrupts
      target/ppc: split interrupt masking and delivery from ppc_hw_interrupt
      target/ppc: prepare to split interrupt masking and delivery by excp_model
      target/ppc: create an interrupt masking method for POWER9/POWER10
      target/ppc: remove unused interrupts from p9_next_unmasked_interrupt
      target/ppc: create an interrupt deliver method for POWER9/POWER10
      target/ppc: remove unused interrupts from p9_deliver_interrupt
      target/ppc: remove generic architecture checks from p9_deliver_interrupt
      target/ppc: move power-saving interrupt masking out of cpu_has_work_POWER9
      target/ppc: add power-saving interrupt masking logic to p9_next_unmasked_interrupt
      target/ppc: create an interrupt masking method for POWER8
      target/ppc: remove unused interrupts from p8_next_unmasked_interrupt
      target/ppc: create an interrupt deliver method for POWER8
      target/ppc: remove unused interrupts from p8_deliver_interrupt
      target/ppc: remove generic architecture checks from p8_deliver_interrupt
      target/ppc: move power-saving interrupt masking out of cpu_has_work_POWER8
      target/ppc: add power-saving interrupt masking logic to p8_next_unmasked_interrupt
      target/ppc: create an interrupt masking method for POWER7
      target/ppc: remove unused interrupts from p7_next_unmasked_interrupt
      target/ppc: create an interrupt deliver method for POWER7
      target/ppc: remove unused interrupts from p7_deliver_interrupt
      target/ppc: remove generic architecture checks from p7_deliver_interrupt
      target/ppc: move power-saving interrupt masking out of cpu_has_work_POWER7
      target/ppc: add power-saving interrupt masking logic to p7_next_unmasked_interrupt
      target/ppc: remove ppc_store_lpcr from CONFIG_USER_ONLY builds
      target/ppc: introduce ppc_maybe_interrupt
      target/ppc: unify cpu->has_work based on cs->interrupt_request
      target/ppc: move the p*_interrupt_powersave methods to excp_helper.c

 docs/system/ppc/ppce500.rst                    |  25 +-
 hw/block/pflash_cfi01.c                        |   8 +-
 hw/block/pflash_cfi02.c                        |   5 +
 hw/ppc/Kconfig                                 |   1 +
 hw/ppc/e500.c                                  |  79 +++
 hw/ppc/meson.build                             |   3 +-
 hw/ppc/pnv_core.c                              |   1 +
 hw/ppc/ppc.c                                   |  17 +-
 hw/ppc/ppc440_uc.c                             | 332 ----------
 hw/ppc/ppc4xx_devs.c                           | 414 ------------
 hw/ppc/ppc4xx_sdram.c                          | 757 ++++++++++++++++++++++
 hw/ppc/spapr_hcall.c                           |   6 +
 hw/ppc/spapr_rtas.c                            |   2 +-
 hw/ppc/trace-events                            |   3 +-
 hw/sd/sdhci-internal.h                         |  20 -
 hw/sd/sdhci.c                                  |  63 +-
 include/hw/ppc/ppc4xx.h                        |  20 +-
 target/ppc/cpu.c                               |   4 +
 target/ppc/cpu.h                               |  47 +-
 target/ppc/cpu_init.c                          | 212 +-----
 target/ppc/excp_helper.c                       | 863 ++++++++++++++++++++++---
 target/ppc/fpu_helper.c                        | 137 ++--
 target/ppc/helper.h                            |  44 +-
 target/ppc/helper_regs.c                       |   8 +
 target/ppc/insn32.decode                       |  58 ++
 target/ppc/int_helper.c                        | 107 +--
 target/ppc/misc_helper.c                       |  11 +-
 target/ppc/mmu-radix64.c                       |  29 +-
 target/ppc/power8-pmu.c                        |  74 +--
 target/ppc/power8-pmu.h                        |   3 +
 target/ppc/translate.c                         | 130 ++--
 target/ppc/translate/processor-ctrl-impl.c.inc | 105 +++
 target/ppc/translate/vmx-impl.c.inc            | 352 ++++++++--
 target/ppc/translate/vmx-ops.c.inc             |  15 +-
 target/ppc/translate/vsx-impl.c.inc            | 375 +++++++++--
 target/ppc/translate/vsx-ops.c.inc             |  21 -
 36 files changed, 2736 insertions(+), 1615 deletions(-)
 create mode 100644 hw/ppc/ppc4xx_sdram.c
 create mode 100644 target/ppc/translate/processor-ctrl-impl.c.inc

[PULL v2 62/63] hw/ppc/e500: Implement pflash handling

[Daniel Henrique Barboza]

From: Bernhard Beschow <shentey@gmail.com>

Allows e500 boards to have their root file system reside on flash using
only builtin devices located in the eLBC memory region.

Note that the flash memory area is only created when a -pflash argument is
given, and that the size is determined by the given file. The idea is to
put users into control.

Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20221018210146.193159-6-shentey@gmail.com>
[danielhb: use memory_region_size() in mmio_size]
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
---
 docs/system/ppc/ppce500.rst | 15 +++++++
 hw/ppc/Kconfig              |  1 +
 hw/ppc/e500.c               | 79 +++++++++++++++++++++++++++++++++++++
 3 files changed, 95 insertions(+)

diff --git a/docs/system/ppc/ppce500.rst b/docs/system/ppc/ppce500.rst
index 7b5eb3c4ee..fa40e57d18 100644
--- a/docs/system/ppc/ppce500.rst
+++ b/docs/system/ppc/ppce500.rst
@@ -165,3 +165,18 @@ if “-device eTSEC” is given to QEMU:
 .. code-block:: bash
 
   -netdev tap,ifname=tap0,script=no,downscript=no,id=net0 -device eTSEC,netdev=net0
+
+Root file system on flash drive
+-------------------------------
+
+Rather than using a root file system on ram disk, it is possible to have it on
+CFI flash. Given an ext2 image whose size must be a power of two, it can be used
+as follows:
+
+.. code-block:: bash
+
+  $ qemu-system-ppc64 -M ppce500 -cpu e500mc -smp 4 -m 2G \
+      -display none -serial stdio \
+      -kernel vmlinux \
+      -drive if=pflash,file=/path/to/rootfs.ext2,format=raw \
+      -append "rootwait root=/dev/mtdblock0"
diff --git a/hw/ppc/Kconfig b/hw/ppc/Kconfig
index 791fe78a50..769a1ead1c 100644
--- a/hw/ppc/Kconfig
+++ b/hw/ppc/Kconfig
@@ -126,6 +126,7 @@ config E500
     select ETSEC
     select GPIO_MPC8XXX
     select OPENPIC
+    select PFLASH_CFI01
     select PLATFORM_BUS
     select PPCE500_PCI
     select SERIAL
diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index 3e950ea3ba..2fe496677c 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -23,8 +23,10 @@
 #include "e500-ccsr.h"
 #include "net/net.h"
 #include "qemu/config-file.h"
+#include "hw/block/flash.h"
 #include "hw/char/serial.h"
 #include "hw/pci/pci.h"
+#include "sysemu/block-backend-io.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/kvm.h"
 #include "sysemu/reset.h"
@@ -267,6 +269,31 @@ static void sysbus_device_create_devtree(SysBusDevice *sbdev, void *opaque)
     }
 }
 
+static void create_devtree_flash(SysBusDevice *sbdev,
+                                 PlatformDevtreeData *data)
+{
+    g_autofree char *name = NULL;
+    uint64_t num_blocks = object_property_get_uint(OBJECT(sbdev),
+                                                   "num-blocks",
+                                                   &error_fatal);
+    uint64_t sector_length = object_property_get_uint(OBJECT(sbdev),
+                                                      "sector-length",
+                                                      &error_fatal);
+    uint64_t bank_width = object_property_get_uint(OBJECT(sbdev),
+                                                   "width",
+                                                   &error_fatal);
+    hwaddr flashbase = 0;
+    hwaddr flashsize = num_blocks * sector_length;
+    void *fdt = data->fdt;
+
+    name = g_strdup_printf("%s/nor@%" PRIx64, data->node, flashbase);
+    qemu_fdt_add_subnode(fdt, name);
+    qemu_fdt_setprop_string(fdt, name, "compatible", "cfi-flash");
+    qemu_fdt_setprop_sized_cells(fdt, name, "reg",
+                                 1, flashbase, 1, flashsize);
+    qemu_fdt_setprop_cell(fdt, name, "bank-width", bank_width);
+}
+
 static void platform_bus_create_devtree(PPCE500MachineState *pms,
                                         void *fdt, const char *mpic)
 {
@@ -276,6 +303,8 @@ static void platform_bus_create_devtree(PPCE500MachineState *pms,
     uint64_t addr = pmc->platform_bus_base;
     uint64_t size = pmc->platform_bus_size;
     int irq_start = pmc->platform_bus_first_irq;
+    SysBusDevice *sbdev;
+    bool ambiguous;
 
     /* Create a /platform node that we can put all devices into */
 
@@ -302,6 +331,13 @@ static void platform_bus_create_devtree(PPCE500MachineState *pms,
     /* Loop through all dynamic sysbus devices and create nodes for them */
     foreach_dynamic_sysbus_device(sysbus_device_create_devtree, &data);
 
+    sbdev = SYS_BUS_DEVICE(object_resolve_path_type("", TYPE_PFLASH_CFI01,
+                                                    &ambiguous));
+    if (sbdev) {
+        assert(!ambiguous);
+        create_devtree_flash(sbdev, &data);
+    }
+
     g_free(node);
 }
 
@@ -856,6 +892,7 @@ void ppce500_init(MachineState *machine)
     unsigned int pci_irq_nrs[PCI_NUM_PINS] = {1, 2, 3, 4};
     IrqLines *irqs;
     DeviceState *dev, *mpicdev;
+    DriveInfo *dinfo;
     CPUPPCState *firstenv = NULL;
     MemoryRegion *ccsr_addr_space;
     SysBusDevice *s;
@@ -1024,6 +1061,48 @@ void ppce500_init(MachineState *machine)
                                 pmc->platform_bus_base,
                                 &pms->pbus_dev->mmio);
 
+    dinfo = drive_get(IF_PFLASH, 0, 0);
+    if (dinfo) {
+        BlockBackend *blk = blk_by_legacy_dinfo(dinfo);
+        BlockDriverState *bs = blk_bs(blk);
+        uint64_t mmio_size = memory_region_size(&pms->pbus_dev->mmio);
+        uint64_t size = bdrv_getlength(bs);
+        uint32_t sector_len = 64 * KiB;
+
+        if (!is_power_of_2(size)) {
+            error_report("Size of pflash file must be a power of two.");
+            exit(1);
+        }
+
+        if (size > mmio_size) {
+            error_report("Size of pflash file must not be bigger than %" PRIu64
+                         " bytes.", mmio_size);
+            exit(1);
+        }
+
+        if (!QEMU_IS_ALIGNED(size, sector_len)) {
+            error_report("Size of pflash file must be a multiple of %" PRIu32
+                         ".", sector_len);
+            exit(1);
+        }
+
+        dev = qdev_new(TYPE_PFLASH_CFI01);
+        qdev_prop_set_drive(dev, "drive", blk);
+        qdev_prop_set_uint32(dev, "num-blocks", size / sector_len);
+        qdev_prop_set_uint64(dev, "sector-length", sector_len);
+        qdev_prop_set_uint8(dev, "width", 2);
+        qdev_prop_set_bit(dev, "big-endian", true);
+        qdev_prop_set_uint16(dev, "id0", 0x89);
+        qdev_prop_set_uint16(dev, "id1", 0x18);
+        qdev_prop_set_uint16(dev, "id2", 0x0000);
+        qdev_prop_set_uint16(dev, "id3", 0x0);
+        qdev_prop_set_string(dev, "name", "e500.flash");
+        sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
+
+        memory_region_add_subregion(&pms->pbus_dev->mmio, 0,
+                                    pflash_cfi01_get_memory(PFLASH_CFI01(dev)));
+    }
+
     /*
      * Smart firmware defaults ahead!
      *
-- 
2.37.3

[PULL v2 63/63] target/ppc: Fix regression in Radix MMU

[Daniel Henrique Barboza]

From: Leandro Lupori <leandro.lupori@eldorado.org.br>

Commit 47e83d9107 ended up unintentionally changing the control flow
of ppc_radix64_process_scoped_xlate(). When guest_visible is false,
it must not raise an exception, even if the radix configuration is
not valid.

This regression prevented Linux boot in a nested environment with
L1 using TCG and emulating KVM (cap-nested-hv=on) and L2 using
KVM. L2 would hang on Linux's futex_init(), when it tested how a
futex_atomic_cmpxchg_inatomic() handled a fault, because L1 would
start a loop of trying to perform partition scoped translations
and raising exceptions.

Fixes: 47e83d9107 ("target/ppc: Improve Radix xlate level validation")
Reported-by: Victor Colombo <victor.colombo@eldorado.org.br>
Signed-off-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Tested-by: Víctor Colombo <victor.colombo@eldorado.org.br>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20221028183617.121786-1-leandro.lupori@eldorado.org.br>
[danielhb: use %"PRIu64" to print 'nls']
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
---
 target/ppc/mmu-radix64.c | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c
index 00f2e9fa2e..031efda0df 100644
--- a/target/ppc/mmu-radix64.c
+++ b/target/ppc/mmu-radix64.c
@@ -238,6 +238,8 @@ static void ppc_radix64_set_rc(PowerPCCPU *cpu, MMUAccessType access_type,
 
 static bool ppc_radix64_is_valid_level(int level, int psize, uint64_t nls)
 {
+    bool ret;
+
     /*
      * Check if this is a valid level, according to POWER9 and POWER10
      * Processor User's Manuals, sections 4.10.4.1 and 5.10.6.1, respectively:
@@ -249,16 +251,25 @@ static bool ppc_radix64_is_valid_level(int level, int psize, uint64_t nls)
      */
     switch (level) {
     case 0:     /* Root Page Dir */
-        return psize == 52 && nls == 13;
+        ret = psize == 52 && nls == 13;
+        break;
     case 1:
     case 2:
-        return nls == 9;
+        ret = nls == 9;
+        break;
     case 3:
-        return nls == 9 || nls == 5;
+        ret = nls == 9 || nls == 5;
+        break;
     default:
-        qemu_log_mask(LOG_GUEST_ERROR, "invalid radix level: %d\n", level);
-        return false;
+        ret = false;
+    }
+
+    if (unlikely(!ret)) {
+        qemu_log_mask(LOG_GUEST_ERROR, "invalid radix configuration: "
+                      "level %d size %d nls %"PRIu64"\n",
+                      level, psize, nls);
     }
+    return ret;
 }
 
 static int ppc_radix64_next_level(AddressSpace *as, vaddr eaddr,
@@ -519,11 +530,13 @@ static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu,
 
             if (!ppc_radix64_is_valid_level(level++, *g_page_size, nls)) {
                 fault_cause |= DSISR_R_BADCONFIG;
-                return 1;
+                ret = 1;
+            } else {
+                ret = ppc_radix64_next_level(cs->as, eaddr & R_EADDR_MASK,
+                                             &h_raddr, &nls, g_page_size,
+                                             &pte, &fault_cause);
             }
 
-            ret = ppc_radix64_next_level(cs->as, eaddr & R_EADDR_MASK, &h_raddr,
-                                         &nls, g_page_size, &pte, &fault_cause);
             if (ret) {
                 /* No valid pte */
                 if (guest_visible) {
-- 
2.37.3

Re: [PULL v2 00/63] ppc queue

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 115 bytes --]

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/7.2 for any user-visible changes.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]