Re: [Qemu-devel] [PATCH v2 4/5] target-ppc: fix RFI by clearing upper bytes of MSR

[Alexander Graf <agraf@suse.de>]

Thomas Monjalon wrote:
> Alexander Graf wrote:
>   
>> On 27.04.2010, at 17:31, Thomas Monjalon wrote:
>>     
>>> Since commit 2ada0ed, "Return From Interrupt" is broken for PPC
>>> processors because the upper bits (POW, TGPR, ILE) of MSR were not
>>> cleared.
>>>       
>> May I ask for your test case or how you stumbled over this? I haven't seen
>> any OS rely on this yet.
>>     
>
> I'm running Linux for SBC834x in Qemu. The interrupt controller and board 
> definition are not yet published.
>   

Wow, I didn't know there were still new products based on e300.

> The boot process hang with the actual implementation of RFI.
>   

Hrm.

>   
>>> Below is a representation of MSR bits:
>>> 0 .. 12  13  14  15  16         ..         23  24        ..      31
>>> —————  POW TGPR ILE EE PR FP ME FE0 SE BE FE1 CE IP IR DR —— RI LE
>>>
>>> Only the 2 lower bytes (16-31) of MSR are saved to SRR1 before an
>>> interrupt. So only these bytes should be restored and the upper ones
>>> (0-15) cleared. But, referring to commit 2ada0ed, clearing all the upper
>>> bytes breaks Altivec. The compromise is to clear the well known bits
>>> (13-15).
>>>       
>> IIRC this is vastly implementation dependent. Book3 lists the bits saved
>> when setting SRR1 explicitly and I haven't found a good rule of thumb yet.
>> RFI on the other hand is described as MSR <- SRR1. So I'm fairly sure RFI
>> is implemented correctly.
>>     
>
> From the programming manual (MPCFPE32B):
> "The save/restore register 1 (SRR1) is used to save machine status (selected 
> bits from the MSR and other implementation-specific status bits as well) on 
> interrupts and to restore those values when rfi is executed.
> [..]
> When an interrupt occurs, SRR1 bits 1–4 and 10–15 are loaded with 
> interrupt-specific information and MSR bits 16–23, 25–27, and 30–31 are 
> placed into the corresponding bit positions of SRR1. Depending on the 
> implementation, additional MSR bits may be copied to SRR1."
>   

According to the 2.06 ISA, for example the DSI sets SRR1 to:

33:36        Set to 0
42:47        Set to 0
Others      Loaded from the MSR



> From the e300 reference manual (e300CORERM):
> "The TGPR bit is cleared by an rfi instruction."
>
> My first try was to clear only TGPR. But it doesn't work properly if POW and 
> ILE are not cleared.
>   

According to the 2.06 ISA again, rfi does the following:

The contents of SRR1 are placed into the MSR. If the new MSR value does
not enable any pending exceptions, then the next instruction is fetched,
under control of the new MSR value, from the address SRR0 0:64 || 0b00.
(Note: VLE behavior may be different; see Book VLE).

Book VLE is the Variable Length Encoded Instructions Architecture, so
that doesn't come into play here.

If rfi would clear ILE, how would it be enabled then?


Alex