From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [140.186.70.92] (port=34489 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OJ6ZH-0000CK-1r for qemu-devel@nongnu.org; Mon, 31 May 2010 11:06:20 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1OJ6ZF-0005sj-Fj for qemu-devel@nongnu.org; Mon, 31 May 2010 11:06:18 -0400 Received: from cantor.suse.de ([195.135.220.2]:48385 helo=mx1.suse.de) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OJ6ZF-0005sR-5G for qemu-devel@nongnu.org; Mon, 31 May 2010 11:06:17 -0400 Message-ID: <4C03D067.2070909@suse.de> Date: Mon, 31 May 2010 17:06:15 +0200 From: Alexander Graf MIME-Version: 1.0 References: <1275073652-20834-1-git-send-email-thomas_ml@monjalon.net> In-Reply-To: <1275073652-20834-1-git-send-email-thomas_ml@monjalon.net> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: [Qemu-devel] Re: [PATCH] target-ppc: fix RFI by clearing some bits of MSR List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Thomas Monjalon Cc: qemu-devel@nongnu.org Thomas Monjalon wrote: > From: Thomas Monjalon > > Since commit 2ada0ed, "Return From Interrupt" is broken for PPC process= ors > because some interrupt specifics bits of SRR1 are copied to MSR. > > SRR1 is a save of MSR during interrupt. > During RFI, MSR must be restored from SRR1. > But some bits of SRR1 are interrupt-specific and are not used for MSR s= aving. > > This is the specification (ISA 2.06) at chapter 6.4.3 (Interrupt Proces= sing): > "2. Bits 33:36 and 42:47 of SRR1 or HSRR1 are loaded with information s= pecific > to the interrupt type. > 3. Bits 0:32, 37:41, and 48:63 of SRR1 or HSRR1 are loaded with a copy= of the > corresponding bits of the MSR." > > Below is a representation of MSR bits which are not saved: > 0:15 16:31 32 33:36 37:41 42:47 48:63 > =E2=80=94=E2=80=94=E2=80=94 | =E2=80=94=E2=80=94=E2=80=94 | =E2=80=94 X= X X X =E2=80=94 =E2=80=94 =E2=80=94 =E2=80=94 =E2=80=94 X X X X X X | =E2= =80=94=E2=80=94=E2=80=94=E2=80=94 > 0000 0000 | 7 | 8 | 3 | F | 0000 > > History: > In the initial Qemu implementation (e1833e1), the mask 0x783F0000 was u= sed for > saving MSR in SRR1. But all the bits 32:47 were cleared during RFI rest= oring. > This was wrong. The commit 2ada0ed explains that this breaks Altivec. > Indeed, bit 38 (for Altivec support) must be saved and restored. > The change of 2ada0ed was to restore all the bits of SRR1 to MSR. > But it's also wrong. > > Explanation: > As an example, let's see what's happening after a TLB miss. > According to the e300 manual (E300CORERM table 5-6), the TLB miss inter= rupts > set the bits 44-47 for KEY, I/D, WAY and S/L. These bits are specifics = to the > interrupt and must not be copied into MSR at the end of the interrupt. > With the current implementation, a TLB miss overwrite bits POW, TGPR an= d ILE. > > Fix: > It shouldn't be needed to filter-out bits on MSR saving when interrupt = occurs. > Specific bits overwrite MSR ones in SRR1. > But at the end of interrupt (RFI), specifics bits must be cleared befor= e > restoring MSR from SRR1. The mask 0x783F0000 apply here. > > Discussion: > The bits of the mask 0x783F0000 are cleared after an interrupt. > I cannot find a specification which talks about this > but I assume it is the truth since Linux can run this way. > Maybe it's not perfect but it's better (works for e300). > > Signed-off-by: Thomas Monjalon > Cc: Alexander Graf > =20 Acked-by: Alexander Graf