From: Alexander Graf <agraf@suse.de>
To: Thomas Monjalon <thomas_ml@monjalon.net>
Cc: qemu-devel@nongnu.org
Subject: [Qemu-devel] Re: [PATCH] target-ppc: fix RFI by clearing some bits of MSR
Date: Mon, 31 May 2010 17:06:15 +0200 [thread overview]
Message-ID: <4C03D067.2070909@suse.de> (raw)
In-Reply-To: <1275073652-20834-1-git-send-email-thomas_ml@monjalon.net>
Thomas Monjalon wrote:
> From: Thomas Monjalon <thomas@monjalon.net>
>
> Since commit 2ada0ed, "Return From Interrupt" is broken for PPC processors
> because some interrupt specifics bits of SRR1 are copied to MSR.
>
> SRR1 is a save of MSR during interrupt.
> During RFI, MSR must be restored from SRR1.
> But some bits of SRR1 are interrupt-specific and are not used for MSR saving.
>
> This is the specification (ISA 2.06) at chapter 6.4.3 (Interrupt Processing):
> "2. Bits 33:36 and 42:47 of SRR1 or HSRR1 are loaded with information specific
> to the interrupt type.
> 3. Bits 0:32, 37:41, and 48:63 of SRR1 or HSRR1 are loaded with a copy of the
> corresponding bits of the MSR."
>
> Below is a representation of MSR bits which are not saved:
> 0:15 16:31 32 33:36 37:41 42:47 48:63
> ——— | ——— | — X X X X — — — — — X X X X X X | ————
> 0000 0000 | 7 | 8 | 3 | F | 0000
>
> History:
> In the initial Qemu implementation (e1833e1), the mask 0x783F0000 was used for
> saving MSR in SRR1. But all the bits 32:47 were cleared during RFI restoring.
> This was wrong. The commit 2ada0ed explains that this breaks Altivec.
> Indeed, bit 38 (for Altivec support) must be saved and restored.
> The change of 2ada0ed was to restore all the bits of SRR1 to MSR.
> But it's also wrong.
>
> Explanation:
> As an example, let's see what's happening after a TLB miss.
> According to the e300 manual (E300CORERM table 5-6), the TLB miss interrupts
> set the bits 44-47 for KEY, I/D, WAY and S/L. These bits are specifics to the
> interrupt and must not be copied into MSR at the end of the interrupt.
> With the current implementation, a TLB miss overwrite bits POW, TGPR and ILE.
>
> Fix:
> It shouldn't be needed to filter-out bits on MSR saving when interrupt occurs.
> Specific bits overwrite MSR ones in SRR1.
> But at the end of interrupt (RFI), specifics bits must be cleared before
> restoring MSR from SRR1. The mask 0x783F0000 apply here.
>
> Discussion:
> The bits of the mask 0x783F0000 are cleared after an interrupt.
> I cannot find a specification which talks about this
> but I assume it is the truth since Linux can run this way.
> Maybe it's not perfect but it's better (works for e300).
>
> Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
> Cc: Alexander Graf <agraf@suse.de>
>
Acked-by: Alexander Graf <agraf@suse.de>
next prev parent reply other threads:[~2010-05-31 15:06 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-28 19:07 [Qemu-devel] [PATCH] target-ppc: fix RFI by clearing some bits of MSR Thomas Monjalon
2010-05-31 15:06 ` Alexander Graf [this message]
2010-05-31 18:45 ` Aurelien Jarno
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C03D067.2070909@suse.de \
--to=agraf@suse.de \
--cc=qemu-devel@nongnu.org \
--cc=thomas_ml@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).