From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LJAAl-00059R-Mj for qemu-devel@nongnu.org; Sat, 03 Jan 2009 12:20:27 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LJAAj-00058z-77 for qemu-devel@nongnu.org; Sat, 03 Jan 2009 12:20:26 -0500 Received: from [199.232.76.173] (port=45090 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LJAAi-00058w-WE for qemu-devel@nongnu.org; Sat, 03 Jan 2009 12:20:25 -0500 Received: from smtp2-g21.free.fr ([212.27.42.2]:60867) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LJAAi-00052o-8f for qemu-devel@nongnu.org; Sat, 03 Jan 2009 12:20:24 -0500 Received: from smtp2-g21.free.fr (localhost [127.0.0.1]) by smtp2-g21.free.fr (Postfix) with ESMTP id EE5224B014E for ; Sat, 3 Jan 2009 18:20:17 +0100 (CET) Received: from [192.168.0.32] (rob92-10-88-171-126-33.fbx.proxad.net [88.171.126.33]) by smtp2-g21.free.fr (Postfix) with ESMTP id C364C4B005F for ; Sat, 3 Jan 2009 18:20:14 +0100 (CET) Message-ID: <495F9E4D.4060202@reactos.org> Date: Sat, 03 Jan 2009 18:20:13 +0100 From: =?ISO-8859-1?Q?Herv=E9_Poussineau?= MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------060104040003000704000608" Subject: [Qemu-devel] [PATCH] MIPS CP0 Random register fix Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org This is a multi-part message in MIME format. --------------060104040003000704000608 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Hello, MIPS TLBWR instruction asks the CPU to randomly overwrite a TLB entry by=20 the one we want to write. The TLB index needs to be between number of=20 wired TLB entries and TLB count - 1. However, algorithm to choose which one to overwrite is implementation=20 dependant. At the moment, Qemu implementation is a random one, but can return the=20 same value more than once. Due to this, NetBSD 1.6.2 on MIPS Magnum emulation crashes. After checking MIPS CPU documentations, multiple algorithms exist to=20 update this Random register, but they all guarantee that 2 close TLBWR=20 instructions don't overwrite the same TLB. Attached patch prevents returning the same TLB index twice, by choosing=20 the next immediate value if random value is the same as before. Signed-off-by: Herv=E9 Poussineau Herv=E9 --------------060104040003000704000608 Content-Type: plain/text; name="cp0_random_v1.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="cp0_random_v1.diff" Index: mips_timer.c =================================================================== --- mips_timer.c (revision 6146) +++ mips_timer.c (working copy) @@ -8,9 +8,17 @@ uint32_t cpu_mips_get_random (CPUState *env) { static uint32_t seed = 0; + static uint32_t prev_idx = 0; uint32_t idx; seed = seed * 314159 + 1; idx = (seed >> 16) % (env->tlb->nb_tlb - env->CP0_Wired) + env->CP0_Wired; + if (idx == prev_idx) { + /* Don't return same value twice, so get another value */ + idx = prev_idx + 1; + if (idx == env->tlb->nb_tlb) + idx = env->CP0_Wired; + } + prev_idx = idx; return idx; } --------------060104040003000704000608--