From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:37410) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RpOpi-0000OX-D6 for qemu-devel@nongnu.org; Mon, 23 Jan 2012 13:41:36 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RpOph-0005HJ-6M for qemu-devel@nongnu.org; Mon, 23 Jan 2012 13:41:34 -0500 Message-ID: <4F1DA9DB.3020707@suse.de> Date: Mon, 23 Jan 2012 19:41:31 +0100 From: Alexander Graf MIME-Version: 1.0 References: <1327119330-29304-1-git-send-email-agraf@suse.de> <1327119330-29304-8-git-send-email-agraf@suse.de> <4F1D99A1.7080003@freescale.com> <4F1D99FF.4010905@suse.de> <4F1DA4A5.6060202@freescale.com> In-Reply-To: <4F1DA4A5.6060202@freescale.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH 7/8] PPC: booke206: Check for min/max TLB entry size List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Scott Wood Cc: qemu-ppc@nongnu.org, qemu-devel Developers On 01/23/2012 07:19 PM, Scott Wood wrote: > On 01/23/2012 11:33 AM, Alexander Graf wrote: >> On 01/23/2012 06:32 PM, Scott Wood wrote: >>> On 01/20/2012 10:15 PM, Alexander Graf wrote: >>>> @@ -4273,6 +4274,16 @@ void helper_booke206_tlbwe(void) >>>> tlb->mas1&= ~MAS1_IPROT; >>>> } >>>> >>>> + /* check that we support the targeted size */ >>>> + size_tlb = (tlb->mas1& MAS1_TSIZE_MASK)>> MAS1_TSIZE_SHIFT; >>>> + size_ps = booke206_tlbnps(env, tlbn); >>>> + if ((tlb->mas1& MAS1_VALID)&& (tlbncfg& TLBnCFG_AVAIL)&& >>>> + !(size_ps& (1<< size_tlb))) { >>>> + helper_raise_exception_err(POWERPC_EXCP_PROGRAM, >>>> + POWERPC_EXCP_INVAL | >>>> + POWERPC_EXCP_INVAL_INVAL); >>>> + } >>>> + >>>> if (booke206_tlb_to_page_size(env, tlb) == TARGET_PAGE_SIZE) { >>>> tlb_flush_page(env, tlb->mas2& MAS2_EPN_MASK); >>>> } else { >>> For tlb0 on e500 and derivatives, tsize is explicitly documented as >>> ignored. Software may rely on this. >> Yup, that's why there's the check for TLBnCG_AVAIL, which indicates that >> a TLB has dynamic page size capabilities, which TLB0 does not have. > Silly me, thinking "avail" meant "this TLB is available" instead of > looking up the actual meaning. :-P > > Where do we check whether the TLB exists at all? We don't. Eventually TLB access goes through: static inline ppcmas_tlb_t *booke206_get_tlbm(CPUState *env, const int tlbn, target_ulong ea, int way) { int r; uint32_t ways = booke206_tlb_ways(env, tlbn); int ways_bits = ffs(ways) - 1; int tlb_bits = ffs(booke206_tlb_size(env, tlbn)) - 1; int i; way &= ways - 1; ea >>= MAS2_EPN_SHIFT; ea &= (1 << (tlb_bits - ways_bits)) - 1; r = (ea << ways_bits) | way; /* bump up to tlbn index */ for (i = 0; i < tlbn; i++) { r += booke206_tlb_size(env, i); } return &env->tlb.tlbm[r]; } Since unavailable TLBs have ways set to 0 and tlb_size is 0, we always end up with the last TLB entry that's available. So if you do a tlbwe on tlbn=5 on TLB2, you write to the last entry of TLB1. Which actually is fine according to the spec: If an invalid value is specified for MAS0TLBSEL MAS0ESEL or MAS2EPN, either no TLB entry is written by the tlbwe, or the tlbwe is performed as if some implementation-dependent, valid value were substi- tuted for the invalid value, or an Illegal Instruction exception occurs. We substitute it with a valid value :) Alex