From: Daniel Henrique Barboza <danielhb413@gmail.com>
To: qemu-devel@nongnu.org
Cc: f4bug@amsat.org, qemu-ppc@nongnu.org, clg@kaod.org,
Alexander Graf <agraf@csgraf.de>,
david@gibson.dropbear.id.au
Subject: Re: [PATCH v2 1/1] ppc/mmu_helper.c: do not truncate 'ea' in booke206_invalidate_ea_tlb()
Date: Wed, 10 Nov 2021 17:27:56 -0300 [thread overview]
Message-ID: <41de6192-1b45-3bea-c9a1-f240c6712b50@gmail.com> (raw)
In-Reply-To: <20211110202516.1993815-2-danielhb413@gmail.com>
I forgot to add Alexander in the CC. Sorry for the extra noise.
Daniel
On 11/10/21 17:25, Daniel Henrique Barboza wrote:
> 'tlbivax' is implemented by gen_tlbivax_booke206() via
> gen_helper_booke206_tlbivax(). In case the TLB needs to be flushed,
> booke206_invalidate_ea_tlb() is called. All these functions, but
> booke206_invalidate_ea_tlb(), uses a 64-bit effective address 'ea'.
>
> booke206_invalidate_ea_tlb() uses an uint32_t 'ea' argument that
> truncates the original 'ea' value for apparently no particular reason.
> This function retrieves the tlb pointer by calling booke206_get_tlbm(),
> which also uses a target_ulong address as parameter - in this case, a
> truncated 'ea' address. All the surrounding logic considers the
> effective TLB address as a 64 bit value, aside from the signature of
> booke206_invalidate_ea_tlb().
>
> Last but not the least, PowerISA 2.07B section 6.11.4.9 [2] makes it
> clear that the effective address "EA" is a 64 bit value.
>
> Commit 01662f3e5133 introduced this code and no changes were made ever
> since. An user detected a problem with tlbivax [1] stating that this
> address truncation was the cause. This same behavior might be the source
> of several subtle bugs that were never caught.
>
> For all these reasons, this patch assumes that this address truncation
> is the result of a mistake/oversight of the original commit, and changes
> booke206_invalidate_ea_tlb() 'ea' argument to 'vaddr'.
>
> [1] https://gitlab.com/qemu-project/qemu/-/issues/52
> [2] https://wiki.raptorcs.com/wiki/File:PowerISA_V2.07B.pdf
>
> Fixes: 01662f3e5133 ("PPC: Implement e500 (FSL) MMU")
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/52
> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
> ---
> target/ppc/mmu_helper.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
> index 2cb98c5169..e0c4950dda 100644
> --- a/target/ppc/mmu_helper.c
> +++ b/target/ppc/mmu_helper.c
> @@ -1216,7 +1216,7 @@ void helper_booke206_tlbsx(CPUPPCState *env, target_ulong address)
> }
>
> static inline void booke206_invalidate_ea_tlb(CPUPPCState *env, int tlbn,
> - uint32_t ea)
> + vaddr ea)
> {
> int i;
> int ways = booke206_tlb_ways(env, tlbn);
>
next prev parent reply other threads:[~2021-11-10 20:28 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-10 20:25 [PATCH v2 0/1] ppc/mmu_helper.c: do not truncate 'ea' in booke206_invalidate_ea_tlb() Daniel Henrique Barboza
2021-11-10 20:25 ` [PATCH v2 1/1] " Daniel Henrique Barboza
2021-11-10 20:27 ` Daniel Henrique Barboza [this message]
2021-11-10 21:00 ` Philippe Mathieu-Daudé
2021-11-11 10:34 ` Cédric Le Goater
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41de6192-1b45-3bea-c9a1-f240c6712b50@gmail.com \
--to=danielhb413@gmail.com \
--cc=agraf@csgraf.de \
--cc=clg@kaod.org \
--cc=david@gibson.dropbear.id.au \
--cc=f4bug@amsat.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).