* [PATCH 00/26] target/ppc: TCG improvements and fixes
@ 2024-01-18 15:06 Nicholas Piggin
2024-01-18 15:06 ` [PATCH 01/26] target/ppc: Fix crash on machine check caused by ifetch Nicholas Piggin
` (26 more replies)
0 siblings, 27 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
This is mostly TCG core emulation improvements and fixes. I
got the chiptod model in there because it's intertwined with
TFMR SPR.
Other non-TCG patches are spapr MSR entry point change which
goes together with the other machine check / MSR[ME] fixes.
And Saif's gdb patches, as well as some SPR renaming.
Will probably a bit more similar patches too, e.g., Dan's SPR
patches, but I'll just get this out for review before
upstreaming it.
Thanks,
Nick
Glenn Miles (4):
target/ppc: Add new hflags to support BHRB
target/ppc: Add recording of taken branches to BHRB
target/ppc: Add clrbhrb and mfbhrbe instructions
target/ppc: Add migration support for BHRB
Nicholas Piggin (21):
target/ppc: Fix crash on machine check caused by ifetch
target/ppc: Prevent supervisor from modifying MSR[ME]
spapr: set MSR[ME] and MSR[FP] on client entry
target/ppc: Rename registers to match ISA
target/ppc: Rename TBL to TB on 64-bit
target/ppc: Improve timebase register defines naming
target/ppc: Fix move-to timebase SPR access permissions
pnv/chiptod: Add POWER9/10 chiptod model
ppc/pnv: Wire ChipTOD model to powernv9 and powernv10 machines
pnv/chiptod: Implement the ChipTOD to Core transfer
target/ppc: Implement core timebase state machine and TFMR
target/ppc: Add SMT support to time facilities
target/ppc: BookE DECAR SPR is 32-bit
target/ppc: Wire up BookE ATB registers for e500 family
target/ppc: Add PPR32 SPR
target/ppc: add helper to write per-LPAR SPRs
target/ppc: Add SMT support to simple SPRs
target/ppc: Add SMT support to PTCR SPR
target/ppc: Implement LDBAR, TTR SPRs
target/ppc: Implement SPRC/SPRD SPRs
target/ppc: add SMT support to msgsnd broadcast
Saif Abrar (1):
target/ppc: Update gdbstub to read SPR's CFAR, DEC, HDEC, TB-L/U
include/hw/ppc/pnv.h | 2 +
include/hw/ppc/pnv_chip.h | 3 +
include/hw/ppc/pnv_chiptod.h | 53 ++
include/hw/ppc/pnv_xscom.h | 9 +
target/ppc/cpu.h | 97 ++-
target/ppc/helper.h | 13 +-
target/ppc/power8-pmu.h | 11 +-
target/ppc/spr_common.h | 8 +
target/ppc/insn32.decode | 8 +
hw/ppc/pnv.c | 45 ++
hw/ppc/pnv_chiptod.c | 586 ++++++++++++++++++
hw/ppc/spapr_cpu_core.c | 2 +
target/ppc/cpu_init.c | 124 +++-
target/ppc/excp_helper.c | 89 ++-
target/ppc/gdbstub.c | 40 +-
target/ppc/helper_regs.c | 83 ++-
target/ppc/machine.c | 23 +-
target/ppc/misc_helper.c | 132 +++-
target/ppc/power8-pmu.c | 48 +-
target/ppc/ppc-qmp-cmds.c | 4 +
target/ppc/timebase_helper.c | 309 ++++++++-
target/ppc/translate.c | 207 ++++++-
target/ppc/power8-pmu-regs.c.inc | 5 +
target/ppc/translate/bhrb-impl.c.inc | 43 ++
target/ppc/translate/branch-impl.c.inc | 2 +-
.../ppc/translate/processor-ctrl-impl.c.inc | 2 +-
hw/ppc/meson.build | 1 +
hw/ppc/trace-events | 4 +
28 files changed, 1855 insertions(+), 98 deletions(-)
create mode 100644 include/hw/ppc/pnv_chiptod.h
create mode 100644 hw/ppc/pnv_chiptod.c
create mode 100644 target/ppc/translate/bhrb-impl.c.inc
--
2.42.0
^ permalink raw reply [flat|nested] 29+ messages in thread
* [PATCH 01/26] target/ppc: Fix crash on machine check caused by ifetch
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 02/26] target/ppc: Prevent supervisor from modifying MSR[ME] Nicholas Piggin
` (25 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
is_prefix_insn_excp() loads the first word of the instruction address
which caused an exception, to determine whether or not it was prefixed
so the prefix bit can be set in [H]SRR1.
This works if the instruction image can be loaded, but if the exception
was caused by an ifetch, this load could fail and cause a recursive
exception and crash. Machine checks caused by ifetch are not excluded
from the prefix check and can crash (see issue 2108 for an example).
Fix this by excluding machine checks caused by ifetch from the prefix
check.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2108
Fixes: 55a7fa34f89 ("target/ppc: Machine check on invalid real address access on POWER9/10")
Fixes: 5a5d3b23cb2 ("target/ppc: Add SRR1 prefix indication to interrupt handlers")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/excp_helper.c | 32 +++++++++++++++++++++-----------
1 file changed, 21 insertions(+), 11 deletions(-)
diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index 2ec6429e36..030260e8a9 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -1322,6 +1322,15 @@ static bool is_prefix_insn_excp(PowerPCCPU *cpu, int excp)
}
switch (excp) {
+ case POWERPC_EXCP_MCHECK:
+ if (!(env->error_code & PPC_BIT(42))) {
+ /*
+ * Fetch attempt caused a machine check, so attempting to fetch
+ * again would cause a recursive machine check.
+ */
+ return false;
+ }
+ break;
case POWERPC_EXCP_HDSI:
/* HDSI PRTABLE_FAULT has the originating access type in error_code */
if ((env->spr[SPR_HDSISR] & DSISR_PRTABLE_FAULT) &&
@@ -1332,10 +1341,10 @@ static bool is_prefix_insn_excp(PowerPCCPU *cpu, int excp)
* instruction at NIP would cause recursive faults with the same
* translation).
*/
- break;
+ return false;
}
- /* fall through */
- case POWERPC_EXCP_MCHECK:
+ break;
+
case POWERPC_EXCP_DSI:
case POWERPC_EXCP_DSEG:
case POWERPC_EXCP_ALIGN:
@@ -1346,17 +1355,14 @@ static bool is_prefix_insn_excp(PowerPCCPU *cpu, int excp)
case POWERPC_EXCP_VPU:
case POWERPC_EXCP_VSXU:
case POWERPC_EXCP_FU:
- case POWERPC_EXCP_HV_FU: {
- uint32_t insn = ppc_ldl_code(env, env->nip);
- if (is_prefix_insn(env, insn)) {
- return true;
- }
+ case POWERPC_EXCP_HV_FU:
break;
- }
default:
- break;
+ return false;
}
- return false;
+
+
+ return is_prefix_insn(env, ppc_ldl_code(env, env->nip));
}
#else
static bool is_prefix_insn_excp(PowerPCCPU *cpu, int excp)
@@ -3245,6 +3251,10 @@ void ppc_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
env->error_code |= PPC_BIT(42);
} else { /* Fetch */
+ /*
+ * is_prefix_insn_excp() tests !PPC_BIT(42) to avoid fetching
+ * the instruction, so that must always be clear for fetches.
+ */
env->error_code = PPC_BIT(36) | PPC_BIT(44) | PPC_BIT(45);
}
break;
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 02/26] target/ppc: Prevent supervisor from modifying MSR[ME]
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
2024-01-18 15:06 ` [PATCH 01/26] target/ppc: Fix crash on machine check caused by ifetch Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 03/26] spapr: set MSR[ME] and MSR[FP] on client entry Nicholas Piggin
` (24 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
Prevent guest state modifying the MSR[ME] bit. Per ISA:
An attempt to modify MSRME in privileged but non-hypervisor state is
ignored (i.e., the bit is not changed).
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/helper_regs.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/target/ppc/helper_regs.c b/target/ppc/helper_regs.c
index e0b2dcd02e..bd17c14136 100644
--- a/target/ppc/helper_regs.c
+++ b/target/ppc/helper_regs.c
@@ -264,6 +264,11 @@ int hreg_store_msr(CPUPPCState *env, target_ulong value, int alter_hv)
value &= ~MSR_HVB;
value |= env->msr & MSR_HVB;
}
+ /* Attempt to modify MSR[ME] in guest state is ignored */
+ if (is_book3s_arch2x(env) && !(env->msr & MSR_HVB)) {
+ value &= ~(1 << MSR_ME);
+ value |= env->msr & (1 << MSR_ME);
+ }
if ((value ^ env->msr) & (R_MSR_IR_MASK | R_MSR_DR_MASK)) {
cpu_interrupt_exittb(cs);
}
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 03/26] spapr: set MSR[ME] and MSR[FP] on client entry
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
2024-01-18 15:06 ` [PATCH 01/26] target/ppc: Fix crash on machine check caused by ifetch Nicholas Piggin
2024-01-18 15:06 ` [PATCH 02/26] target/ppc: Prevent supervisor from modifying MSR[ME] Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 04/26] target/ppc: Rename registers to match ISA Nicholas Piggin
` (23 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
The initial MSR state for PAPR specifies MSR[ME] and MSR[FP] are set.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
hw/ppc/spapr_cpu_core.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
index 5aa1ed474a..452b266e8b 100644
--- a/hw/ppc/spapr_cpu_core.c
+++ b/hw/ppc/spapr_cpu_core.c
@@ -42,6 +42,8 @@ static void spapr_reset_vcpu(PowerPCCPU *cpu)
* as 32bit (MSR_SF=0) in "8.2.1. Initial Register Values".
*/
env->msr &= ~(1ULL << MSR_SF);
+ env->msr |= (1ULL << MSR_ME) | (1ULL << MSR_FP);
+
env->spr[SPR_HIOR] = 0;
lpcr = env->spr[SPR_LPCR];
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 04/26] target/ppc: Rename registers to match ISA
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (2 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 03/26] spapr: set MSR[ME] and MSR[FP] on client entry Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 05/26] target/ppc: Update gdbstub to read SPR's CFAR, DEC, HDEC, TB-L/U Nicholas Piggin
` (22 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
Several registers have names that don't match the ISA (or convention
with other QEMU PPC registers), making them unintuitive to use with
GDB.
Fortunately most of these registers are obscure and/or have not been
correctly implemented in the gdb server (e.g., DEC, TB, CFAR), so risk
of breaking users should be low.
QEMU should follow the ISA for register name convention (where there is
no established GDB name).
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/cpu_init.c | 20 ++++++++++----------
target/ppc/helper_regs.c | 2 +-
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index 6b5f07bde1..5c1d0adca8 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -5062,7 +5062,7 @@ static void register_970_hid_sprs(CPUPPCState *env)
static void register_970_hior_sprs(CPUPPCState *env)
{
- spr_register(env, SPR_HIOR, "SPR_HIOR",
+ spr_register(env, SPR_HIOR, "HIOR",
SPR_NOACCESS, SPR_NOACCESS,
&spr_read_hior, &spr_write_hior,
0x00000000);
@@ -5070,11 +5070,11 @@ static void register_970_hior_sprs(CPUPPCState *env)
static void register_book3s_ctrl_sprs(CPUPPCState *env)
{
- spr_register(env, SPR_CTRL, "SPR_CTRL",
+ spr_register(env, SPR_CTRL, "CTRL",
SPR_NOACCESS, SPR_NOACCESS,
SPR_NOACCESS, &spr_write_CTRL,
0x00000000);
- spr_register(env, SPR_UCTRL, "SPR_UCTRL",
+ spr_register(env, SPR_UCTRL, "UCTRL",
&spr_read_ureg, SPR_NOACCESS,
&spr_read_ureg, SPR_NOACCESS,
0x00000000);
@@ -5465,7 +5465,7 @@ static void register_book3s_purr_sprs(CPUPPCState *env)
static void register_power6_dbg_sprs(CPUPPCState *env)
{
#if !defined(CONFIG_USER_ONLY)
- spr_register(env, SPR_CFAR, "SPR_CFAR",
+ spr_register(env, SPR_CFAR, "CFAR",
SPR_NOACCESS, SPR_NOACCESS,
&spr_read_cfar, &spr_write_cfar,
0x00000000);
@@ -5483,7 +5483,7 @@ static void register_power5p_common_sprs(CPUPPCState *env)
static void register_power6_common_sprs(CPUPPCState *env)
{
#if !defined(CONFIG_USER_ONLY)
- spr_register_kvm(env, SPR_DSCR, "SPR_DSCR",
+ spr_register_kvm(env, SPR_DSCR, "DSCR",
SPR_NOACCESS, SPR_NOACCESS,
&spr_read_generic, &spr_write_generic,
KVM_REG_PPC_DSCR, 0x00000000);
@@ -5695,7 +5695,7 @@ static void register_power8_book4_sprs(CPUPPCState *env)
&spr_read_generic, &spr_write_generic,
KVM_REG_PPC_ACOP, 0);
/* PID is only in BookE in ISA v2.07 */
- spr_register_kvm(env, SPR_BOOKS_PID, "PID",
+ spr_register_kvm(env, SPR_BOOKS_PID, "PIDR",
SPR_NOACCESS, SPR_NOACCESS,
&spr_read_generic, &spr_write_pidr,
KVM_REG_PPC_PID, 0);
@@ -5716,7 +5716,7 @@ static void register_power7_book4_sprs(CPUPPCState *env)
&spr_read_generic, &spr_write_generic,
KVM_REG_PPC_ACOP, 0);
/* PID is only in BookE in ISA v2.06 */
- spr_register_kvm(env, SPR_BOOKS_PID, "PID",
+ spr_register_kvm(env, SPR_BOOKS_PID, "PIDR",
SPR_NOACCESS, SPR_NOACCESS,
&spr_read_generic, &spr_write_generic32,
KVM_REG_PPC_PID, 0);
@@ -5750,7 +5750,7 @@ static void register_power9_mmu_sprs(CPUPPCState *env)
&spr_read_generic, &spr_write_generic,
0x0000000000000000);
/* PID is part of the BookS ISA from v3.0 */
- spr_register_kvm(env, SPR_BOOKS_PID, "PID",
+ spr_register_kvm(env, SPR_BOOKS_PID, "PIDR",
SPR_NOACCESS, SPR_NOACCESS,
&spr_read_generic, &spr_write_pidr,
KVM_REG_PPC_PID, 0);
@@ -5791,7 +5791,7 @@ static void register_power10_dexcr_sprs(CPUPPCState *env)
&spr_read_generic, &spr_write_generic32,
0);
- spr_register(env, SPR_UDEXCR, "DEXCR",
+ spr_register(env, SPR_UDEXCR, "UDEXCR",
&spr_read_dexcr_ureg, SPR_NOACCESS,
&spr_read_dexcr_ureg, SPR_NOACCESS,
0);
@@ -5802,7 +5802,7 @@ static void register_power10_dexcr_sprs(CPUPPCState *env)
&spr_read_generic, &spr_write_generic32,
0);
- spr_register(env, SPR_UHDEXCR, "HDEXCR",
+ spr_register(env, SPR_UHDEXCR, "UHDEXCR",
&spr_read_dexcr_ureg, SPR_NOACCESS,
&spr_read_dexcr_ureg, SPR_NOACCESS,
0);
diff --git a/target/ppc/helper_regs.c b/target/ppc/helper_regs.c
index bd17c14136..3aea8ff8ac 100644
--- a/target/ppc/helper_regs.c
+++ b/target/ppc/helper_regs.c
@@ -495,7 +495,7 @@ void register_non_embedded_sprs(CPUPPCState *env)
&spr_read_generic, &spr_write_generic,
KVM_REG_PPC_DAR, 0x00000000);
/* Timer */
- spr_register(env, SPR_DECR, "DECR",
+ spr_register(env, SPR_DECR, "DEC",
SPR_NOACCESS, SPR_NOACCESS,
&spr_read_decr, &spr_write_decr,
0x00000000);
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 05/26] target/ppc: Update gdbstub to read SPR's CFAR, DEC, HDEC, TB-L/U
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (3 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 04/26] target/ppc: Rename registers to match ISA Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 06/26] target/ppc: Rename TBL to TB on 64-bit Nicholas Piggin
` (21 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel, Saif Abrar
From: Saif Abrar <saif.abrar@linux.vnet.ibm.com>
SPR's CFAR, DEC, HDEC, TB-L/U are not implemented as part of CPUPPCState.
Hence, gdbstub is not able to access them using (CPUPPCState *)env->spr[] array.
Update gdb_get_spr_reg() method to handle these SPR's specifically.
Signed-off-by: Saif Abrar <saif.abrar@linux.vnet.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/gdbstub.c | 40 ++++++++++++++++++++++++++++++++++++++--
1 file changed, 38 insertions(+), 2 deletions(-)
diff --git a/target/ppc/gdbstub.c b/target/ppc/gdbstub.c
index ec5731e5d6..dfe31d0f47 100644
--- a/target/ppc/gdbstub.c
+++ b/target/ppc/gdbstub.c
@@ -394,7 +394,32 @@ static int gdb_get_spr_reg(CPUPPCState *env, GByteArray *buf, int n)
}
len = TARGET_LONG_SIZE;
- gdb_get_regl(buf, env->spr[reg]);
+
+ /* Handle those SPRs that are not part of the env->spr[] array */
+ target_ulong val;
+ switch (reg) {
+#if defined(TARGET_PPC64)
+ case SPR_CFAR:
+ val = env->cfar;
+ break;
+#endif
+ case SPR_HDEC:
+ val = cpu_ppc_load_hdecr(env);
+ break;
+ case SPR_TBL:
+ val = cpu_ppc_load_tbl(env);
+ break;
+ case SPR_TBU:
+ val = cpu_ppc_load_tbu(env);
+ break;
+ case SPR_DECR:
+ val = cpu_ppc_load_decr(env);
+ break;
+ default:
+ val = env->spr[reg];
+ }
+ gdb_get_regl(buf, val);
+
ppc_maybe_bswap_register(env, gdb_get_reg_ptr(buf, len), len);
return len;
}
@@ -411,7 +436,18 @@ static int gdb_set_spr_reg(CPUPPCState *env, uint8_t *mem_buf, int n)
len = TARGET_LONG_SIZE;
ppc_maybe_bswap_register(env, mem_buf, len);
- env->spr[reg] = ldn_p(mem_buf, len);
+
+ /* Handle those SPRs that are not part of the env->spr[] array */
+ target_ulong val = ldn_p(mem_buf, len);
+ switch (reg) {
+#if defined(TARGET_PPC64)
+ case SPR_CFAR:
+ env->cfar = val;
+ break;
+#endif
+ default:
+ env->spr[reg] = val;
+ }
return len;
}
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 06/26] target/ppc: Rename TBL to TB on 64-bit
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (4 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 05/26] target/ppc: Update gdbstub to read SPR's CFAR, DEC, HDEC, TB-L/U Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 07/26] target/ppc: Improve timebase register defines naming Nicholas Piggin
` (20 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel, Cédric Le Goater
From the earliest PowerPC ISA, TBR (later SPR) 268 has been called TB
and accessed with mftb instruction. The problem is that TB is the name
of the 64-bit register, and 32-bit implementations can only read the
lower half with one instruction, so 268 has also been called TBL and
it does only read TBL on 32-bit.
Change SPR 268 to be called TB on 64-bit implementations.
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/helper_regs.c | 4 ++++
target/ppc/ppc-qmp-cmds.c | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/target/ppc/helper_regs.c b/target/ppc/helper_regs.c
index 3aea8ff8ac..7d8e041fb3 100644
--- a/target/ppc/helper_regs.c
+++ b/target/ppc/helper_regs.c
@@ -465,7 +465,11 @@ void register_generic_sprs(PowerPCCPU *cpu)
}
/* Time base */
+#if defined(TARGET_PPC64)
+ spr_register(env, SPR_VTBL, "TB",
+#else
spr_register(env, SPR_VTBL, "TBL",
+#endif
&spr_read_tbl, SPR_NOACCESS,
&spr_read_tbl, SPR_NOACCESS,
0x00000000);
diff --git a/target/ppc/ppc-qmp-cmds.c b/target/ppc/ppc-qmp-cmds.c
index c0c137d9d7..ee0b99fce7 100644
--- a/target/ppc/ppc-qmp-cmds.c
+++ b/target/ppc/ppc-qmp-cmds.c
@@ -103,7 +103,11 @@ const MonitorDef monitor_defs[] = {
{ "xer", 0, &monitor_get_xer },
{ "msr", offsetof(CPUPPCState, msr) },
{ "tbu", 0, &monitor_get_tbu, },
+#if defined(TARGET_PPC64)
+ { "tb", 0, &monitor_get_tbl, },
+#else
{ "tbl", 0, &monitor_get_tbl, },
+#endif
{ NULL },
};
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 07/26] target/ppc: Improve timebase register defines naming
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (5 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 06/26] target/ppc: Rename TBL to TB on 64-bit Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 08/26] target/ppc: Fix move-to timebase SPR access permissions Nicholas Piggin
` (19 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
The timebase in ppc started out with the mftb instruction which is like
mfspr but addressed timebase registers (TBRs) rather than SPRs. These
instructions could be used to read TB and TBU at 268 and 269. Timebase
could be written via the TBL and TBU SPRs at 284 and 285.
The ISA changed around v2.03 to bring TB and TBU reads into the SPR
space at 268 and 269 (access via mftb TBR-space is still supported
but will be phased out). Later, VTB was added which is an entirely
different register.
The SPR number defines in QEMU are understandably inconsistently named.
Change SPR 268, 269, 284, 285 to TBL, TBU, WR_TBL, WR_TBU, respectively.
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/cpu.h | 8 ++++----
target/ppc/helper_regs.c | 10 +++++-----
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index f8101ffa29..848e583c2d 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1750,8 +1750,8 @@ void ppc_compat_add_property(Object *obj, const char *name,
#define SPR_USPRG5 (0x105)
#define SPR_USPRG6 (0x106)
#define SPR_USPRG7 (0x107)
-#define SPR_VTBL (0x10C)
-#define SPR_VTBU (0x10D)
+#define SPR_TBL (0x10C)
+#define SPR_TBU (0x10D)
#define SPR_SPRG0 (0x110)
#define SPR_SPRG1 (0x111)
#define SPR_SPRG2 (0x112)
@@ -1764,8 +1764,8 @@ void ppc_compat_add_property(Object *obj, const char *name,
#define SPR_SPRG7 (0x117)
#define SPR_ASR (0x118)
#define SPR_EAR (0x11A)
-#define SPR_TBL (0x11C)
-#define SPR_TBU (0x11D)
+#define SPR_WR_TBL (0x11C)
+#define SPR_WR_TBU (0x11D)
#define SPR_TBU40 (0x11E)
#define SPR_SVR (0x11E)
#define SPR_BOOKE_PIR (0x11E)
diff --git a/target/ppc/helper_regs.c b/target/ppc/helper_regs.c
index 7d8e041fb3..ead4acede4 100644
--- a/target/ppc/helper_regs.c
+++ b/target/ppc/helper_regs.c
@@ -466,22 +466,22 @@ void register_generic_sprs(PowerPCCPU *cpu)
/* Time base */
#if defined(TARGET_PPC64)
- spr_register(env, SPR_VTBL, "TB",
+ spr_register(env, SPR_TBL, "TB",
#else
- spr_register(env, SPR_VTBL, "TBL",
+ spr_register(env, SPR_TBL, "TBL",
#endif
&spr_read_tbl, SPR_NOACCESS,
&spr_read_tbl, SPR_NOACCESS,
0x00000000);
- spr_register(env, SPR_TBL, "TBL",
+ spr_register(env, SPR_WR_TBL, "TBL",
&spr_read_tbl, SPR_NOACCESS,
&spr_read_tbl, &spr_write_tbl,
0x00000000);
- spr_register(env, SPR_VTBU, "TBU",
+ spr_register(env, SPR_TBU, "TBU",
&spr_read_tbu, SPR_NOACCESS,
&spr_read_tbu, SPR_NOACCESS,
0x00000000);
- spr_register(env, SPR_TBU, "TBU",
+ spr_register(env, SPR_WR_TBU, "TBU",
&spr_read_tbu, SPR_NOACCESS,
&spr_read_tbu, &spr_write_tbu,
0x00000000);
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 08/26] target/ppc: Fix move-to timebase SPR access permissions
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (6 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 07/26] target/ppc: Improve timebase register defines naming Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 09/26] pnv/chiptod: Add POWER9/10 chiptod model Nicholas Piggin
` (18 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
The move-to timebase registers TBU and TBL can not be read, and they
can not be written in supervisor mode on hypervisor-capable CPUs.
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/helper_regs.c | 31 +++++++++++++++++++++++--------
1 file changed, 23 insertions(+), 8 deletions(-)
diff --git a/target/ppc/helper_regs.c b/target/ppc/helper_regs.c
index ead4acede4..25258986e3 100644
--- a/target/ppc/helper_regs.c
+++ b/target/ppc/helper_regs.c
@@ -473,18 +473,33 @@ void register_generic_sprs(PowerPCCPU *cpu)
&spr_read_tbl, SPR_NOACCESS,
&spr_read_tbl, SPR_NOACCESS,
0x00000000);
- spr_register(env, SPR_WR_TBL, "TBL",
- &spr_read_tbl, SPR_NOACCESS,
- &spr_read_tbl, &spr_write_tbl,
- 0x00000000);
spr_register(env, SPR_TBU, "TBU",
&spr_read_tbu, SPR_NOACCESS,
&spr_read_tbu, SPR_NOACCESS,
0x00000000);
- spr_register(env, SPR_WR_TBU, "TBU",
- &spr_read_tbu, SPR_NOACCESS,
- &spr_read_tbu, &spr_write_tbu,
- 0x00000000);
+#ifndef CONFIG_USER_ONLY
+ if (env->has_hv_mode) {
+ spr_register_hv(env, SPR_WR_TBL, "TBL",
+ SPR_NOACCESS, SPR_NOACCESS,
+ SPR_NOACCESS, SPR_NOACCESS,
+ SPR_NOACCESS, &spr_write_tbl,
+ 0x00000000);
+ spr_register_hv(env, SPR_WR_TBU, "TBU",
+ SPR_NOACCESS, SPR_NOACCESS,
+ SPR_NOACCESS, SPR_NOACCESS,
+ SPR_NOACCESS, &spr_write_tbu,
+ 0x00000000);
+ } else {
+ spr_register(env, SPR_WR_TBL, "TBL",
+ SPR_NOACCESS, SPR_NOACCESS,
+ SPR_NOACCESS, &spr_write_tbl,
+ 0x00000000);
+ spr_register(env, SPR_WR_TBU, "TBU",
+ SPR_NOACCESS, SPR_NOACCESS,
+ SPR_NOACCESS, &spr_write_tbu,
+ 0x00000000);
+ }
+#endif
}
void register_non_embedded_sprs(CPUPPCState *env)
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 09/26] pnv/chiptod: Add POWER9/10 chiptod model
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (7 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 08/26] target/ppc: Fix move-to timebase SPR access permissions Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 10/26] ppc/pnv: Wire ChipTOD model to powernv9 and powernv10 machines Nicholas Piggin
` (17 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
The ChipTOD (for Time-Of-Day) is a chip pervasive facility in IBM POWER
(powernv) processors that keeps a time of day clock.
In particular for this model are facilities that initialise and start
the time of day clock, and that synchronise that clock to cores on the
chip, and to other chips. In this way, all cores on all chips can
synchronise timebase (TB).
This model implements functionality sufficient to run the skiboot
chiptod synchronisation procedure (with the following core timebase
state machine implementation). It does not modify the TB in the cores
where the real hardware would, because the QEMU ppc timebase
implementation is always synchronised acros all cores.
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
include/hw/ppc/pnv_chiptod.h | 49 ++++
include/hw/ppc/pnv_xscom.h | 9 +
hw/ppc/pnv_chiptod.c | 454 +++++++++++++++++++++++++++++++++++
hw/ppc/meson.build | 1 +
hw/ppc/trace-events | 4 +
5 files changed, 517 insertions(+)
create mode 100644 include/hw/ppc/pnv_chiptod.h
create mode 100644 hw/ppc/pnv_chiptod.c
diff --git a/include/hw/ppc/pnv_chiptod.h b/include/hw/ppc/pnv_chiptod.h
new file mode 100644
index 0000000000..ca770525d9
--- /dev/null
+++ b/include/hw/ppc/pnv_chiptod.h
@@ -0,0 +1,49 @@
+/*
+ * QEMU PowerPC PowerNV Emulation of some CHIPTOD behaviour
+ *
+ * Copyright (c) 2022-2023, IBM Corporation.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef PPC_PNV_CHIPTOD_H
+#define PPC_PNV_CHIPTOD_H
+
+#include "qom/object.h"
+
+#define TYPE_PNV_CHIPTOD "pnv-chiptod"
+OBJECT_DECLARE_TYPE(PnvChipTOD, PnvChipTODClass, PNV_CHIPTOD)
+#define TYPE_PNV9_CHIPTOD TYPE_PNV_CHIPTOD "-POWER9"
+DECLARE_INSTANCE_CHECKER(PnvChipTOD, PNV9_CHIPTOD, TYPE_PNV9_CHIPTOD)
+#define TYPE_PNV10_CHIPTOD TYPE_PNV_CHIPTOD "-POWER10"
+DECLARE_INSTANCE_CHECKER(PnvChipTOD, PNV10_CHIPTOD, TYPE_PNV10_CHIPTOD)
+
+enum tod_state {
+ tod_error = 0,
+ tod_not_set = 7,
+ tod_running = 2,
+ tod_stopped = 1,
+};
+
+struct PnvChipTOD {
+ DeviceState xd;
+
+ PnvChip *chip;
+ MemoryRegion xscom_regs;
+
+ bool primary;
+ bool secondary;
+ enum tod_state tod_state;
+ uint64_t tod_error;
+ uint64_t pss_mss_ctrl_reg;
+};
+
+struct PnvChipTODClass {
+ DeviceClass parent_class;
+
+ void (*broadcast_ttype)(PnvChipTOD *sender, uint32_t trigger);
+
+ int xscom_size;
+};
+
+#endif /* PPC_PNV_CHIPTOD_H */
diff --git a/include/hw/ppc/pnv_xscom.h b/include/hw/ppc/pnv_xscom.h
index f5becbab41..6aa3ac745d 100644
--- a/include/hw/ppc/pnv_xscom.h
+++ b/include/hw/ppc/pnv_xscom.h
@@ -64,6 +64,9 @@ struct PnvXScomInterfaceClass {
#define PNV_XSCOM_PSIHB_BASE 0x2010900
#define PNV_XSCOM_PSIHB_SIZE 0x20
+#define PNV_XSCOM_CHIPTOD_BASE 0x0040000
+#define PNV_XSCOM_CHIPTOD_SIZE 0x31
+
#define PNV_XSCOM_OCC_BASE 0x0066000
#define PNV_XSCOM_OCC_SIZE 0x6000
@@ -93,6 +96,9 @@ struct PnvXScomInterfaceClass {
#define PNV9_XSCOM_I2CM_BASE 0xa0000
#define PNV9_XSCOM_I2CM_SIZE 0x1000
+#define PNV9_XSCOM_CHIPTOD_BASE PNV_XSCOM_CHIPTOD_BASE
+#define PNV9_XSCOM_CHIPTOD_SIZE PNV_XSCOM_CHIPTOD_SIZE
+
#define PNV9_XSCOM_OCC_BASE PNV_XSCOM_OCC_BASE
#define PNV9_XSCOM_OCC_SIZE 0x8000
@@ -155,6 +161,9 @@ struct PnvXScomInterfaceClass {
#define PNV10_XSCOM_I2CM_BASE PNV9_XSCOM_I2CM_BASE
#define PNV10_XSCOM_I2CM_SIZE PNV9_XSCOM_I2CM_SIZE
+#define PNV10_XSCOM_CHIPTOD_BASE PNV9_XSCOM_CHIPTOD_BASE
+#define PNV10_XSCOM_CHIPTOD_SIZE PNV9_XSCOM_CHIPTOD_SIZE
+
#define PNV10_XSCOM_OCC_BASE PNV9_XSCOM_OCC_BASE
#define PNV10_XSCOM_OCC_SIZE PNV9_XSCOM_OCC_SIZE
diff --git a/hw/ppc/pnv_chiptod.c b/hw/ppc/pnv_chiptod.c
new file mode 100644
index 0000000000..6ac3eac9d0
--- /dev/null
+++ b/hw/ppc/pnv_chiptod.c
@@ -0,0 +1,454 @@
+/*
+ * QEMU PowerPC PowerNV Emulation of some ChipTOD behaviour
+ *
+ * Copyright (c) 2022-2023, IBM Corporation.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ * ChipTOD (aka TOD) is a facility implemented in the nest / pervasive. The
+ * purpose is to keep time-of-day across chips and cores.
+ *
+ * There is a master chip TOD, which sends signals to slave chip TODs to
+ * keep them synchronized. There are two sets of configuration registers
+ * called primary and secondary, which can be used fail over.
+ *
+ * The chip TOD also distributes synchronisation signals to the timebase
+ * facility in each of the cores on the chip. In particular there is a
+ * feature that can move the TOD value in the ChipTOD to and from the TB.
+ *
+ * Initialisation typically brings all ChipTOD into sync (see tod_state),
+ * and then brings each core TB into sync with the ChipTODs (see timebase
+ * state and TFMR). This model is a very basic simulation of the init sequence
+ * performed by skiboot.
+ */
+
+#include "qemu/osdep.h"
+#include "sysemu/reset.h"
+#include "target/ppc/cpu.h"
+#include "qapi/error.h"
+#include "qemu/log.h"
+#include "qemu/module.h"
+#include "hw/irq.h"
+#include "hw/qdev-properties.h"
+#include "hw/ppc/fdt.h"
+#include "hw/ppc/ppc.h"
+#include "hw/ppc/pnv.h"
+#include "hw/ppc/pnv_chip.h"
+#include "hw/ppc/pnv_core.h"
+#include "hw/ppc/pnv_xscom.h"
+#include "hw/ppc/pnv_chiptod.h"
+#include "trace.h"
+
+#include <libfdt.h>
+
+/* TOD chip XSCOM addresses */
+#define TOD_M_PATH_CTRL_REG 0x00000000 /* Master Path ctrl reg */
+#define TOD_PRI_PORT_0_CTRL_REG 0x00000001 /* Primary port0 ctrl reg */
+#define TOD_PRI_PORT_1_CTRL_REG 0x00000002 /* Primary port1 ctrl reg */
+#define TOD_SEC_PORT_0_CTRL_REG 0x00000003 /* Secondary p0 ctrl reg */
+#define TOD_SEC_PORT_1_CTRL_REG 0x00000004 /* Secondary p1 ctrl reg */
+#define TOD_S_PATH_CTRL_REG 0x00000005 /* Slave Path ctrl reg */
+#define TOD_I_PATH_CTRL_REG 0x00000006 /* Internal Path ctrl reg */
+
+/* -- TOD primary/secondary master/slave control register -- */
+#define TOD_PSS_MSS_CTRL_REG 0x00000007
+
+/* -- TOD primary/secondary master/slave status register -- */
+#define TOD_PSS_MSS_STATUS_REG 0x00000008
+
+/* TOD chip XSCOM addresses */
+#define TOD_CHIP_CTRL_REG 0x00000010 /* Chip control reg */
+
+#define TOD_TX_TTYPE_0_REG 0x00000011
+#define TOD_TX_TTYPE_1_REG 0x00000012 /* PSS switch reg */
+#define TOD_TX_TTYPE_2_REG 0x00000013 /* Enable step checkers */
+#define TOD_TX_TTYPE_3_REG 0x00000014 /* Request TOD reg */
+#define TOD_TX_TTYPE_4_REG 0x00000015 /* Send TOD reg */
+#define TOD_TX_TTYPE_5_REG 0x00000016 /* Invalidate TOD reg */
+
+#define TOD_MOVE_TOD_TO_TB_REG 0x00000017
+#define TOD_LOAD_TOD_MOD_REG 0x00000018
+#define TOD_LOAD_TOD_REG 0x00000021
+#define TOD_START_TOD_REG 0x00000022
+#define TOD_FSM_REG 0x00000024
+
+#define TOD_TX_TTYPE_CTRL_REG 0x00000027 /* TX TTYPE Control reg */
+#define TOD_TX_TTYPE_PIB_SLAVE_ADDR PPC_BITMASK(26, 31)
+
+/* -- TOD Error interrupt register -- */
+#define TOD_ERROR_REG 0x00000030
+
+/* PC unit PIB address which recieves the timebase transfer from TOD */
+#define PC_TOD 0x4A3
+
+/*
+ * The TOD FSM:
+ * - The reset state is 0 error.
+ * - A hardware error detected will transition to state 0 from any state.
+ * - LOAD_TOD_MOD and TTYPE5 will transition to state 7 from any state.
+ *
+ * | state | action | new |
+ * |------------+------------------------------+-----|
+ * | 0 error | LOAD_TOD_MOD | 7 |
+ * | 0 error | Recv TTYPE5 (invalidate TOD) | 7 |
+ * | 7 not_set | LOAD_TOD (bit-63 = 0) | 2 |
+ * | 7 not_set | LOAD_TOD (bit-63 = 1) | 1 |
+ * | 7 not_set | Recv TTYPE4 (send TOD) | 2 |
+ * | 2 running | | |
+ * | 1 stopped | START_TOD | 2 |
+ *
+ * Note the hardware has additional states but they relate to the sending
+ * and receiving and waiting on synchronisation signals between chips and
+ * are not described or modeled here.
+ */
+
+static uint64_t pnv_chiptod_xscom_read(void *opaque, hwaddr addr,
+ unsigned size)
+{
+ PnvChipTOD *chiptod = PNV_CHIPTOD(opaque);
+ uint32_t offset = addr >> 3;
+ uint64_t val = 0;
+
+ switch (offset) {
+ case TOD_PSS_MSS_STATUS_REG:
+ /*
+ * ChipTOD does not support configurations other than primary
+ * master, does not support errors, etc.
+ */
+ val |= PPC_BITMASK(6, 10); /* STEP checker validity */
+ val |= PPC_BIT(12); /* Primary config master path select */
+ if (chiptod->tod_state == tod_running) {
+ val |= PPC_BIT(20); /* Is running */
+ }
+ val |= PPC_BIT(21); /* Is using primary config */
+ val |= PPC_BIT(26); /* Is using master path select */
+
+ if (chiptod->primary) {
+ val |= PPC_BIT(23); /* Is active master */
+ } else if (chiptod->secondary) {
+ val |= PPC_BIT(24); /* Is backup master */
+ } else {
+ val |= PPC_BIT(25); /* Is slave (should backup master set this?) */
+ }
+ break;
+ case TOD_PSS_MSS_CTRL_REG:
+ val = chiptod->pss_mss_ctrl_reg;
+ break;
+ case TOD_TX_TTYPE_CTRL_REG:
+ val = 0;
+ break;
+ case TOD_ERROR_REG:
+ val = chiptod->tod_error;
+ break;
+ case TOD_FSM_REG:
+ if (chiptod->tod_state == tod_running) {
+ val |= PPC_BIT(4);
+ }
+ break;
+ default:
+ qemu_log_mask(LOG_UNIMP, "pnv_chiptod: unimplemented register: Ox%"
+ HWADDR_PRIx "\n", addr >> 3);
+ }
+
+ trace_pnv_chiptod_xscom_read(addr >> 3, val);
+
+ return val;
+}
+
+static void chiptod_receive_ttype(PnvChipTOD *chiptod, uint32_t trigger)
+{
+ switch (trigger) {
+ case TOD_TX_TTYPE_4_REG:
+ if (chiptod->tod_state != tod_not_set) {
+ qemu_log_mask(LOG_GUEST_ERROR, "pnv_chiptod: received TTYPE4 in "
+ " state %d, should be in 7 (TOD_NOT_SET)\n",
+ chiptod->tod_state);
+ } else {
+ chiptod->tod_state = tod_running;
+ }
+ break;
+ case TOD_TX_TTYPE_5_REG:
+ /* Works from any state */
+ chiptod->tod_state = tod_not_set;
+ break;
+ default:
+ qemu_log_mask(LOG_UNIMP, "pnv_chiptod: received unimplemented "
+ " TTYPE %u\n", trigger);
+ break;
+ }
+}
+
+static void chiptod_power9_broadcast_ttype(PnvChipTOD *sender,
+ uint32_t trigger)
+{
+ PnvMachineState *pnv = PNV_MACHINE(qdev_get_machine());
+ int i;
+
+ for (i = 0; i < pnv->num_chips; i++) {
+ Pnv9Chip *chip9 = PNV9_CHIP(pnv->chips[i]);
+ PnvChipTOD *chiptod = &chip9->chiptod;
+
+ if (chiptod != sender) {
+ chiptod_receive_ttype(chiptod, trigger);
+ }
+ }
+}
+
+static void chiptod_power10_broadcast_ttype(PnvChipTOD *sender,
+ uint32_t trigger)
+{
+ PnvMachineState *pnv = PNV_MACHINE(qdev_get_machine());
+ int i;
+
+ for (i = 0; i < pnv->num_chips; i++) {
+ Pnv10Chip *chip10 = PNV10_CHIP(pnv->chips[i]);
+ PnvChipTOD *chiptod = &chip10->chiptod;
+
+ if (chiptod != sender) {
+ chiptod_receive_ttype(chiptod, trigger);
+ }
+ }
+}
+
+static void pnv_chiptod_xscom_write(void *opaque, hwaddr addr,
+ uint64_t val, unsigned size)
+{
+ PnvChipTOD *chiptod = PNV_CHIPTOD(opaque);
+ PnvChipTODClass *pctc = PNV_CHIPTOD_GET_CLASS(chiptod);
+ uint32_t offset = addr >> 3;
+
+ trace_pnv_chiptod_xscom_write(addr >> 3, val);
+
+ switch (offset) {
+ case TOD_PSS_MSS_CTRL_REG:
+ /* Is this correct? */
+ if (chiptod->primary) {
+ val |= PPC_BIT(1); /* TOD is master */
+ } else {
+ val &= ~PPC_BIT(1);
+ }
+ val |= PPC_BIT(2); /* Drawer is master (don't simulate multi-drawer) */
+ chiptod->pss_mss_ctrl_reg = val & PPC_BITMASK(0, 31);
+ break;
+
+ case TOD_ERROR_REG:
+ chiptod->tod_error &= ~val;
+ break;
+ case TOD_LOAD_TOD_MOD_REG:
+ if (!(val & PPC_BIT(0))) {
+ qemu_log_mask(LOG_GUEST_ERROR, "pnv_chiptod: xscom write reg"
+ " TOD_LOAD_TOD_MOD_REG with bad val 0x%" PRIx64"\n",
+ val);
+ } else {
+ chiptod->tod_state = tod_not_set;
+ }
+ break;
+ case TOD_LOAD_TOD_REG:
+ if (chiptod->tod_state != tod_not_set) {
+ qemu_log_mask(LOG_GUEST_ERROR, "pnv_chiptod: LOAD_TOG_REG in "
+ " state %d, should be in 7 (TOD_NOT_SET)\n",
+ chiptod->tod_state);
+ } else {
+ if (val & PPC_BIT(63)) {
+ chiptod->tod_state = tod_stopped;
+ } else {
+ chiptod->tod_state = tod_running;
+ }
+ }
+ break;
+ case TOD_START_TOD_REG:
+ if (chiptod->tod_state != tod_stopped) {
+ qemu_log_mask(LOG_GUEST_ERROR, "pnv_chiptod: LOAD_TOG_REG in "
+ " state %d, should be in 1 (TOD_STOPPED)\n",
+ chiptod->tod_state);
+ } else {
+ chiptod->tod_state = tod_running;
+ }
+ break;
+ case TOD_TX_TTYPE_4_REG:
+ case TOD_TX_TTYPE_5_REG:
+ pctc->broadcast_ttype(chiptod, offset);
+ break;
+ default:
+ qemu_log_mask(LOG_UNIMP, "pnv_chiptod: unimplemented register: Ox%"
+ HWADDR_PRIx "\n", addr >> 3);
+ }
+}
+
+static const MemoryRegionOps pnv_chiptod_xscom_ops = {
+ .read = pnv_chiptod_xscom_read,
+ .write = pnv_chiptod_xscom_write,
+ .valid.min_access_size = 8,
+ .valid.max_access_size = 8,
+ .impl.min_access_size = 8,
+ .impl.max_access_size = 8,
+ .endianness = DEVICE_BIG_ENDIAN,
+};
+
+static int pnv_chiptod_dt_xscom(PnvXScomInterface *dev, void *fdt,
+ int xscom_offset,
+ const char compat[], size_t compat_size)
+{
+ PnvChipTOD *chiptod = PNV_CHIPTOD(dev);
+ g_autofree char *name = NULL;
+ int offset;
+ uint32_t chiptod_pcba = PNV9_XSCOM_CHIPTOD_BASE;
+ uint32_t reg[] = {
+ cpu_to_be32(chiptod_pcba),
+ cpu_to_be32(PNV9_XSCOM_CHIPTOD_SIZE)
+ };
+
+ name = g_strdup_printf("chiptod@%x", chiptod_pcba);
+ offset = fdt_add_subnode(fdt, xscom_offset, name);
+ _FDT(offset);
+
+ if (chiptod->primary) {
+ _FDT((fdt_setprop(fdt, offset, "primary", NULL, 0)));
+ } else if (chiptod->secondary) {
+ _FDT((fdt_setprop(fdt, offset, "secondary", NULL, 0)));
+ }
+
+ _FDT((fdt_setprop(fdt, offset, "reg", reg, sizeof(reg))));
+ _FDT((fdt_setprop(fdt, offset, "compatible", compat, compat_size)));
+ return 0;
+}
+
+static int pnv_chiptod_power9_dt_xscom(PnvXScomInterface *dev, void *fdt,
+ int xscom_offset)
+{
+ const char compat[] = "ibm,power-chiptod\0ibm,power9-chiptod";
+
+ return pnv_chiptod_dt_xscom(dev, fdt, xscom_offset, compat, sizeof(compat));
+}
+
+static Property pnv_chiptod_properties[] = {
+ DEFINE_PROP_BOOL("primary", PnvChipTOD, primary, false),
+ DEFINE_PROP_BOOL("secondary", PnvChipTOD, secondary, false),
+ DEFINE_PROP_LINK("chip", PnvChipTOD , chip, TYPE_PNV_CHIP, PnvChip *),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void pnv_chiptod_power9_class_init(ObjectClass *klass, void *data)
+{
+ PnvChipTODClass *pctc = PNV_CHIPTOD_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PnvXScomInterfaceClass *xdc = PNV_XSCOM_INTERFACE_CLASS(klass);
+
+ dc->desc = "PowerNV ChipTOD Controller (POWER9)";
+ device_class_set_props(dc, pnv_chiptod_properties);
+
+ xdc->dt_xscom = pnv_chiptod_power9_dt_xscom;
+
+ pctc->broadcast_ttype = chiptod_power9_broadcast_ttype;
+
+ pctc->xscom_size = PNV_XSCOM_CHIPTOD_SIZE;
+}
+
+static const TypeInfo pnv_chiptod_power9_type_info = {
+ .name = TYPE_PNV9_CHIPTOD,
+ .parent = TYPE_PNV_CHIPTOD,
+ .instance_size = sizeof(PnvChipTOD),
+ .class_init = pnv_chiptod_power9_class_init,
+ .interfaces = (InterfaceInfo[]) {
+ { TYPE_PNV_XSCOM_INTERFACE },
+ { }
+ }
+};
+
+static int pnv_chiptod_power10_dt_xscom(PnvXScomInterface *dev, void *fdt,
+ int xscom_offset)
+{
+ const char compat[] = "ibm,power-chiptod\0ibm,power10-chiptod";
+
+ return pnv_chiptod_dt_xscom(dev, fdt, xscom_offset, compat, sizeof(compat));
+}
+
+static void pnv_chiptod_power10_class_init(ObjectClass *klass, void *data)
+{
+ PnvChipTODClass *pctc = PNV_CHIPTOD_CLASS(klass);
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PnvXScomInterfaceClass *xdc = PNV_XSCOM_INTERFACE_CLASS(klass);
+
+ dc->desc = "PowerNV ChipTOD Controller (POWER10)";
+ device_class_set_props(dc, pnv_chiptod_properties);
+
+ xdc->dt_xscom = pnv_chiptod_power10_dt_xscom;
+
+ pctc->broadcast_ttype = chiptod_power10_broadcast_ttype;
+
+ pctc->xscom_size = PNV_XSCOM_CHIPTOD_SIZE;
+}
+
+static const TypeInfo pnv_chiptod_power10_type_info = {
+ .name = TYPE_PNV10_CHIPTOD,
+ .parent = TYPE_PNV_CHIPTOD,
+ .instance_size = sizeof(PnvChipTOD),
+ .class_init = pnv_chiptod_power10_class_init,
+ .interfaces = (InterfaceInfo[]) {
+ { TYPE_PNV_XSCOM_INTERFACE },
+ { }
+ }
+};
+
+static void pnv_chiptod_reset(void *dev)
+{
+ PnvChipTOD *chiptod = PNV_CHIPTOD(dev);
+
+ chiptod->pss_mss_ctrl_reg = 0;
+ if (chiptod->primary) {
+ chiptod->pss_mss_ctrl_reg |= PPC_BIT(1); /* TOD is master */
+ }
+ /* Drawer is master (we do not simulate multi-drawer) */
+ chiptod->pss_mss_ctrl_reg |= PPC_BIT(2);
+
+ chiptod->tod_error = 0;
+ chiptod->tod_state = tod_error;
+}
+
+static void pnv_chiptod_realize(DeviceState *dev, Error **errp)
+{
+ PnvChipTOD *chiptod = PNV_CHIPTOD(dev);
+ PnvChipTODClass *pctc = PNV_CHIPTOD_GET_CLASS(chiptod);
+
+ /* XScom regions for ChipTOD registers */
+ pnv_xscom_region_init(&chiptod->xscom_regs, OBJECT(dev),
+ &pnv_chiptod_xscom_ops, chiptod, "xscom-chiptod",
+ pctc->xscom_size);
+
+ qemu_register_reset(pnv_chiptod_reset, chiptod);
+}
+
+static void pnv_chiptod_unrealize(DeviceState *dev)
+{
+ PnvChipTOD *chiptod = PNV_CHIPTOD(dev);
+
+ qemu_unregister_reset(pnv_chiptod_reset, chiptod);
+}
+
+static void pnv_chiptod_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+ dc->realize = pnv_chiptod_realize;
+ dc->unrealize = pnv_chiptod_unrealize;
+ dc->desc = "PowerNV ChipTOD Controller";
+ dc->user_creatable = false;
+}
+
+static const TypeInfo pnv_chiptod_type_info = {
+ .name = TYPE_PNV_CHIPTOD,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(PnvChipTOD),
+ .class_init = pnv_chiptod_class_init,
+ .class_size = sizeof(PnvChipTODClass),
+ .abstract = true,
+};
+
+static void pnv_chiptod_register_types(void)
+{
+ type_register_static(&pnv_chiptod_type_info);
+ type_register_static(&pnv_chiptod_power9_type_info);
+ type_register_static(&pnv_chiptod_power10_type_info);
+}
+
+type_init(pnv_chiptod_register_types);
diff --git a/hw/ppc/meson.build b/hw/ppc/meson.build
index 30bd2aaccf..03160424a8 100644
--- a/hw/ppc/meson.build
+++ b/hw/ppc/meson.build
@@ -48,6 +48,7 @@ ppc_ss.add(when: 'CONFIG_POWERNV', if_true: files(
'pnv_i2c.c',
'pnv_lpc.c',
'pnv_psi.c',
+ 'pnv_chiptod.c',
'pnv_occ.c',
'pnv_sbe.c',
'pnv_bmc.c',
diff --git a/hw/ppc/trace-events b/hw/ppc/trace-events
index f670e8906c..57c4f265ef 100644
--- a/hw/ppc/trace-events
+++ b/hw/ppc/trace-events
@@ -95,6 +95,10 @@ vof_write(uint32_t ih, unsigned cb, const char *msg) "ih=0x%x [%u] \"%s\""
vof_avail(uint64_t start, uint64_t end, uint64_t size) "0x%"PRIx64"..0x%"PRIx64" size=0x%"PRIx64
vof_claimed(uint64_t start, uint64_t end, uint64_t size) "0x%"PRIx64"..0x%"PRIx64" size=0x%"PRIx64
+# pnv_chiptod.c
+pnv_chiptod_xscom_read(uint64_t addr, uint64_t val) "addr 0x%" PRIx64 " val 0x%" PRIx64
+pnv_chiptod_xscom_write(uint64_t addr, uint64_t val) "addr 0x%" PRIx64 " val 0x%" PRIx64
+
# pnv_sbe.c
pnv_sbe_xscom_ctrl_read(uint64_t addr, uint64_t val) "addr 0x%" PRIx64 " val 0x%" PRIx64
pnv_sbe_xscom_ctrl_write(uint64_t addr, uint64_t val) "addr 0x%" PRIx64 " val 0x%" PRIx64
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 10/26] ppc/pnv: Wire ChipTOD model to powernv9 and powernv10 machines
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (8 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 09/26] pnv/chiptod: Add POWER9/10 chiptod model Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 11/26] pnv/chiptod: Implement the ChipTOD to Core transfer Nicholas Piggin
` (16 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
Wire the ChipTOD model to powernv9 and powernv10 machines.
Suggested-by-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
include/hw/ppc/pnv_chip.h | 3 +++
hw/ppc/pnv.c | 30 ++++++++++++++++++++++++++++++
2 files changed, 33 insertions(+)
diff --git a/include/hw/ppc/pnv_chip.h b/include/hw/ppc/pnv_chip.h
index 0ab5c42308..bfc4772cf3 100644
--- a/include/hw/ppc/pnv_chip.h
+++ b/include/hw/ppc/pnv_chip.h
@@ -2,6 +2,7 @@
#define PPC_PNV_CHIP_H
#include "hw/pci-host/pnv_phb4.h"
+#include "hw/ppc/pnv_chiptod.h"
#include "hw/ppc/pnv_core.h"
#include "hw/ppc/pnv_homer.h"
#include "hw/ppc/pnv_lpc.h"
@@ -78,6 +79,7 @@ struct Pnv9Chip {
PnvXive xive;
Pnv9Psi psi;
PnvLpcController lpc;
+ PnvChipTOD chiptod;
PnvOCC occ;
PnvSBE sbe;
PnvHomer homer;
@@ -110,6 +112,7 @@ struct Pnv10Chip {
PnvXive2 xive;
Pnv9Psi psi;
PnvLpcController lpc;
+ PnvChipTOD chiptod;
PnvOCC occ;
PnvSBE sbe;
PnvHomer homer;
diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index 9db8fcd19e..f0456e2acf 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -1505,6 +1505,8 @@ static void pnv_chip_power9_instance_init(Object *obj)
object_initialize_child(obj, "lpc", &chip9->lpc, TYPE_PNV9_LPC);
+ object_initialize_child(obj, "chiptod", &chip9->chiptod, TYPE_PNV9_CHIPTOD);
+
object_initialize_child(obj, "occ", &chip9->occ, TYPE_PNV9_OCC);
object_initialize_child(obj, "sbe", &chip9->sbe, TYPE_PNV9_SBE);
@@ -1651,6 +1653,19 @@ static void pnv_chip_power9_realize(DeviceState *dev, Error **errp)
chip->dt_isa_nodename = g_strdup_printf("/lpcm-opb@%" PRIx64 "/lpc@0",
(uint64_t) PNV9_LPCM_BASE(chip));
+ /* ChipTOD */
+ object_property_set_bool(OBJECT(&chip9->chiptod), "primary",
+ chip->chip_id == 0, &error_abort);
+ object_property_set_bool(OBJECT(&chip9->chiptod), "secondary",
+ chip->chip_id == 1, &error_abort);
+ object_property_set_link(OBJECT(&chip9->chiptod), "chip", OBJECT(chip),
+ &error_abort);
+ if (!qdev_realize(DEVICE(&chip9->chiptod), NULL, errp)) {
+ return;
+ }
+ pnv_xscom_add_subregion(chip, PNV9_XSCOM_CHIPTOD_BASE,
+ &chip9->chiptod.xscom_regs);
+
/* Create the simplified OCC model */
if (!qdev_realize(DEVICE(&chip9->occ), NULL, errp)) {
return;
@@ -1763,6 +1778,8 @@ static void pnv_chip_power10_instance_init(Object *obj)
"xive-fabric");
object_initialize_child(obj, "psi", &chip10->psi, TYPE_PNV10_PSI);
object_initialize_child(obj, "lpc", &chip10->lpc, TYPE_PNV10_LPC);
+ object_initialize_child(obj, "chiptod", &chip10->chiptod,
+ TYPE_PNV10_CHIPTOD);
object_initialize_child(obj, "occ", &chip10->occ, TYPE_PNV10_OCC);
object_initialize_child(obj, "sbe", &chip10->sbe, TYPE_PNV10_SBE);
object_initialize_child(obj, "homer", &chip10->homer, TYPE_PNV10_HOMER);
@@ -1896,6 +1913,19 @@ static void pnv_chip_power10_realize(DeviceState *dev, Error **errp)
chip->dt_isa_nodename = g_strdup_printf("/lpcm-opb@%" PRIx64 "/lpc@0",
(uint64_t) PNV10_LPCM_BASE(chip));
+ /* ChipTOD */
+ object_property_set_bool(OBJECT(&chip10->chiptod), "primary",
+ chip->chip_id == 0, &error_abort);
+ object_property_set_bool(OBJECT(&chip10->chiptod), "secondary",
+ chip->chip_id == 1, &error_abort);
+ object_property_set_link(OBJECT(&chip10->chiptod), "chip", OBJECT(chip),
+ &error_abort);
+ if (!qdev_realize(DEVICE(&chip10->chiptod), NULL, errp)) {
+ return;
+ }
+ pnv_xscom_add_subregion(chip, PNV10_XSCOM_CHIPTOD_BASE,
+ &chip10->chiptod.xscom_regs);
+
/* Create the simplified OCC model */
if (!qdev_realize(DEVICE(&chip10->occ), NULL, errp)) {
return;
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 11/26] pnv/chiptod: Implement the ChipTOD to Core transfer
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (9 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 10/26] ppc/pnv: Wire ChipTOD model to powernv9 and powernv10 machines Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 12/26] target/ppc: Implement core timebase state machine and TFMR Nicholas Piggin
` (15 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
One of the functions of the ChipTOD is to transfer TOD to the Core
(aka PC - Pervasive Core) timebase facility.
The ChipTOD can be programmed with a target address to send the TOD
value to. The hardware implementation seems to perform this by
sending the TOD value to a SCOM address.
This implementation grabs the core directly and manipulates the
timebase facility state in the core. This is a hack, but it works
enough for now. A better implementation would implement the transfer
to the PnvCore xscom register and drive the timebase state machine
from there.
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
include/hw/ppc/pnv.h | 2 +
include/hw/ppc/pnv_chiptod.h | 4 ++
target/ppc/cpu.h | 13 ++++
hw/ppc/pnv.c | 15 ++++
hw/ppc/pnv_chiptod.c | 132 +++++++++++++++++++++++++++++++++++
5 files changed, 166 insertions(+)
diff --git a/include/hw/ppc/pnv.h b/include/hw/ppc/pnv.h
index 7e5fef7c43..005048d207 100644
--- a/include/hw/ppc/pnv.h
+++ b/include/hw/ppc/pnv.h
@@ -28,6 +28,7 @@
#define TYPE_PNV_CHIP "pnv-chip"
+typedef struct PnvCore PnvCore;
typedef struct PnvChip PnvChip;
typedef struct Pnv8Chip Pnv8Chip;
typedef struct Pnv9Chip Pnv9Chip;
@@ -56,6 +57,7 @@ DECLARE_INSTANCE_CHECKER(PnvChip, PNV_CHIP_POWER9,
DECLARE_INSTANCE_CHECKER(PnvChip, PNV_CHIP_POWER10,
TYPE_PNV_CHIP_POWER10)
+PnvCore *pnv_chip_find_core(PnvChip *chip, uint32_t core_id);
PowerPCCPU *pnv_chip_find_cpu(PnvChip *chip, uint32_t pir);
typedef struct PnvPHB PnvPHB;
diff --git a/include/hw/ppc/pnv_chiptod.h b/include/hw/ppc/pnv_chiptod.h
index ca770525d9..fde569bcbf 100644
--- a/include/hw/ppc/pnv_chiptod.h
+++ b/include/hw/ppc/pnv_chiptod.h
@@ -25,6 +25,8 @@ enum tod_state {
tod_stopped = 1,
};
+typedef struct PnvCore PnvCore;
+
struct PnvChipTOD {
DeviceState xd;
@@ -36,12 +38,14 @@ struct PnvChipTOD {
enum tod_state tod_state;
uint64_t tod_error;
uint64_t pss_mss_ctrl_reg;
+ PnvCore *slave_pc_target;
};
struct PnvChipTODClass {
DeviceClass parent_class;
void (*broadcast_ttype)(PnvChipTOD *sender, uint32_t trigger);
+ PnvCore *(*tx_ttype_target)(PnvChipTOD *chiptod, uint64_t val);
int xscom_size;
};
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 848e583c2d..9d115e539e 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1183,6 +1183,13 @@ DEXCR_ASPECT(SRAPD, 4)
DEXCR_ASPECT(NPHIE, 5)
DEXCR_ASPECT(PHIE, 6)
+/*****************************************************************************/
+/* PowerNV ChipTOD and TimeBase State Machine */
+struct pnv_tod_tbst {
+ int tb_ready_for_tod; /* core TB ready to receive TOD from chiptod */
+ int tod_sent_to_tb; /* chiptod sent TOD to the core TB */
+};
+
/*****************************************************************************/
/* The whole PowerPC CPU context */
@@ -1258,6 +1265,12 @@ struct CPUArchState {
uint32_t tlb_need_flush; /* Delayed flush needed */
#define TLB_NEED_LOCAL_FLUSH 0x1
#define TLB_NEED_GLOBAL_FLUSH 0x2
+
+#if defined(TARGET_PPC64)
+ /* PowerNV chiptod / timebase facility state. */
+ /* Would be nice to put these into PnvCore */
+ struct pnv_tod_tbst pnv_tod_tbst;
+#endif
#endif
/* Other registers */
diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
index f0456e2acf..427013fd60 100644
--- a/hw/ppc/pnv.c
+++ b/hw/ppc/pnv.c
@@ -2151,6 +2151,21 @@ static void pnv_chip_class_init(ObjectClass *klass, void *data)
dc->desc = "PowerNV Chip";
}
+PnvCore *pnv_chip_find_core(PnvChip *chip, uint32_t core_id)
+{
+ int i;
+
+ for (i = 0; i < chip->nr_cores; i++) {
+ PnvCore *pc = chip->cores[i];
+ CPUCore *cc = CPU_CORE(pc);
+
+ if (cc->core_id == core_id) {
+ return pc;
+ }
+ }
+ return NULL;
+}
+
PowerPCCPU *pnv_chip_find_cpu(PnvChip *chip, uint32_t pir)
{
int i, j;
diff --git a/hw/ppc/pnv_chiptod.c b/hw/ppc/pnv_chiptod.c
index 6ac3eac9d0..3831a72101 100644
--- a/hw/ppc/pnv_chiptod.c
+++ b/hw/ppc/pnv_chiptod.c
@@ -210,6 +210,79 @@ static void chiptod_power10_broadcast_ttype(PnvChipTOD *sender,
}
}
+static PnvCore *pnv_chip_get_core_by_xscom_base(PnvChip *chip,
+ uint32_t xscom_base)
+{
+ PnvChipClass *pcc = PNV_CHIP_GET_CLASS(chip);
+ int i;
+
+ for (i = 0; i < chip->nr_cores; i++) {
+ PnvCore *pc = chip->cores[i];
+ CPUCore *cc = CPU_CORE(pc);
+ int core_hwid = cc->core_id;
+
+ if (pcc->xscom_core_base(chip, core_hwid) == xscom_base) {
+ return pc;
+ }
+ }
+ return NULL;
+}
+
+static PnvCore *chiptod_power9_tx_ttype_target(PnvChipTOD *chiptod,
+ uint64_t val)
+{
+ /*
+ * skiboot uses Core ID for P9, though SCOM should work too.
+ */
+ if (val & PPC_BIT(35)) { /* SCOM addressing */
+ uint32_t addr = val >> 32;
+ uint32_t reg = addr & 0xfff;
+
+ if (reg != PC_TOD) {
+ qemu_log_mask(LOG_GUEST_ERROR, "pnv_chiptod: SCOM addressing: "
+ "unimplemented slave register 0x%" PRIx32 "\n", reg);
+ return NULL;
+ }
+
+ return pnv_chip_get_core_by_xscom_base(chiptod->chip, addr & ~0xfff);
+
+ } else { /* Core ID addressing */
+ uint32_t core_id = GETFIELD(TOD_TX_TTYPE_PIB_SLAVE_ADDR, val) & 0x1f;
+ return pnv_chip_find_core(chiptod->chip, core_id);
+ }
+}
+
+static PnvCore *chiptod_power10_tx_ttype_target(PnvChipTOD *chiptod,
+ uint64_t val)
+{
+ /*
+ * skiboot uses SCOM for P10 because Core ID was unable to be made to
+ * work correctly. For this reason only SCOM addressing is implemented.
+ */
+ if (val & PPC_BIT(35)) { /* SCOM addressing */
+ uint32_t addr = val >> 32;
+ uint32_t reg = addr & 0xfff;
+
+ if (reg != PC_TOD) {
+ qemu_log_mask(LOG_GUEST_ERROR, "pnv_chiptod: SCOM addressing: "
+ "unimplemented slave register 0x%" PRIx32 "\n", reg);
+ return NULL;
+ }
+
+ /*
+ * This may not deal with P10 big-core addressing at the moment.
+ * The big-core code in skiboot syncs small cores, but it targets
+ * the even PIR (first small-core) when syncing second small-core.
+ */
+ return pnv_chip_get_core_by_xscom_base(chiptod->chip, addr & ~0xfff);
+
+ } else { /* Core ID addressing */
+ qemu_log_mask(LOG_UNIMP, "pnv_chiptod: TX TTYPE Core ID "
+ "addressing is not implemented for POWER10\n");
+ return NULL;
+ }
+}
+
static void pnv_chiptod_xscom_write(void *opaque, hwaddr addr,
uint64_t val, unsigned size)
{
@@ -231,6 +304,22 @@ static void pnv_chiptod_xscom_write(void *opaque, hwaddr addr,
chiptod->pss_mss_ctrl_reg = val & PPC_BITMASK(0, 31);
break;
+ case TOD_TX_TTYPE_CTRL_REG:
+ /*
+ * This register sets the target of the TOD value transfer initiated
+ * by TOD_MOVE_TOD_TO_TB. The TOD is able to send the address to
+ * any target register, though in practice only the PC TOD register
+ * should be used. ChipTOD has a "SCOM addressing" mode which fully
+ * specifies the SCOM address, and a core-ID mode which uses the
+ * core ID to target the PC TOD for a given core.
+ */
+ chiptod->slave_pc_target = pctc->tx_ttype_target(chiptod, val);
+ if (!chiptod->slave_pc_target) {
+ qemu_log_mask(LOG_GUEST_ERROR, "pnv_chiptod: xscom write reg"
+ " TOD_TX_TTYPE_CTRL_REG val 0x%" PRIx64
+ " invalid slave address\n", val);
+ }
+ break;
case TOD_ERROR_REG:
chiptod->tod_error &= ~val;
break;
@@ -256,6 +345,47 @@ static void pnv_chiptod_xscom_write(void *opaque, hwaddr addr,
}
}
break;
+
+ case TOD_MOVE_TOD_TO_TB_REG:
+ /*
+ * XXX: it should be a cleaner model to have this drive a SCOM
+ * transaction to the target address, and implement the state machine
+ * in the PnvCore. For now, this hack makes things work.
+ */
+ if (chiptod->tod_state != tod_running) {
+ qemu_log_mask(LOG_GUEST_ERROR, "pnv_chiptod: xscom write reg"
+ " TOD_MOVE_TOD_TO_TB_REG in bad state %d\n",
+ chiptod->tod_state);
+ } else if (!(val & PPC_BIT(0))) {
+ qemu_log_mask(LOG_GUEST_ERROR, "pnv_chiptod: xscom write reg"
+ " TOD_MOVE_TOD_TO_TB_REG with bad val 0x%" PRIx64"\n",
+ val);
+ } else if (chiptod->slave_pc_target == NULL) {
+ qemu_log_mask(LOG_GUEST_ERROR, "pnv_chiptod: xscom write reg"
+ " TOD_MOVE_TOD_TO_TB_REG with no slave target\n");
+ } else {
+ PowerPCCPU *cpu = chiptod->slave_pc_target->threads[0];
+ CPUPPCState *env = &cpu->env;
+
+ /*
+ * Moving TOD to TB will set the TB of all threads in a
+ * core, so skiboot only does this once per thread0, so
+ * that is where we keep the timebase state machine.
+ *
+ * It is likely possible for TBST to be driven from other
+ * threads in the core, but for now we only implement it for
+ * thread 0.
+ */
+
+ if (env->pnv_tod_tbst.tb_ready_for_tod) {
+ env->pnv_tod_tbst.tod_sent_to_tb = 1;
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR, "pnv_chiptod: xscom write reg"
+ " TOD_MOVE_TOD_TO_TB_REG with TB not ready to"
+ " receive TOD\n");
+ }
+ }
+ break;
case TOD_START_TOD_REG:
if (chiptod->tod_state != tod_stopped) {
qemu_log_mask(LOG_GUEST_ERROR, "pnv_chiptod: LOAD_TOG_REG in "
@@ -340,6 +470,7 @@ static void pnv_chiptod_power9_class_init(ObjectClass *klass, void *data)
xdc->dt_xscom = pnv_chiptod_power9_dt_xscom;
pctc->broadcast_ttype = chiptod_power9_broadcast_ttype;
+ pctc->tx_ttype_target = chiptod_power9_tx_ttype_target;
pctc->xscom_size = PNV_XSCOM_CHIPTOD_SIZE;
}
@@ -375,6 +506,7 @@ static void pnv_chiptod_power10_class_init(ObjectClass *klass, void *data)
xdc->dt_xscom = pnv_chiptod_power10_dt_xscom;
pctc->broadcast_ttype = chiptod_power10_broadcast_ttype;
+ pctc->tx_ttype_target = chiptod_power10_tx_ttype_target;
pctc->xscom_size = PNV_XSCOM_CHIPTOD_SIZE;
}
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 12/26] target/ppc: Implement core timebase state machine and TFMR
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (10 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 11/26] pnv/chiptod: Implement the ChipTOD to Core transfer Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 13/26] target/ppc: Add SMT support to time facilities Nicholas Piggin
` (14 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
This implements the core timebase state machine, which is the core side
of the time-of-day system in POWER processors. This facility is operated
by control fields in the TFMR register, which also contains status
fields.
The core timebase interacts with the chiptod hardware, primarily to
receive TOD updates, to synchronise timebase with other cores. This
model does not actually update TB values with TOD or updates received
from the chiptod, as timebases are always synchronised. It does step
through the states required to perform the update.
There are several asynchronous state transitions. These are modelled
using using mfTFMR to drive state changes, because it is expected that
firmware poll the register to wait for those states. This is good enough
to test basic firmware behaviour without adding real timers. The values
chosen are arbitrary.
Acked-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/cpu.h | 36 ++++++
target/ppc/timebase_helper.c | 210 ++++++++++++++++++++++++++++++++++-
2 files changed, 243 insertions(+), 3 deletions(-)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 9d115e539e..54150d5a08 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1188,6 +1188,14 @@ DEXCR_ASPECT(PHIE, 6)
struct pnv_tod_tbst {
int tb_ready_for_tod; /* core TB ready to receive TOD from chiptod */
int tod_sent_to_tb; /* chiptod sent TOD to the core TB */
+
+ /*
+ * "Timers" for async TBST events are simulated by mfTFAC because TFAC
+ * is polled for such events. These are just used to ensure firmware
+ * performs the polling at least a few times.
+ */
+ int tb_state_timer;
+ int tb_sync_pulse_timer;
};
/*****************************************************************************/
@@ -2661,6 +2669,34 @@ enum {
HMER_XSCOM_STATUS_MASK = PPC_BITMASK(21, 23),
};
+/* TFMR */
+enum {
+ TFMR_CONTROL_MASK = PPC_BITMASK(0, 24),
+ TFMR_MASK_HMI = PPC_BIT(10),
+ TFMR_TB_ECLIPZ = PPC_BIT(14),
+ TFMR_LOAD_TOD_MOD = PPC_BIT(16),
+ TFMR_MOVE_CHIP_TOD_TO_TB = PPC_BIT(18),
+ TFMR_CLEAR_TB_ERRORS = PPC_BIT(24),
+ TFMR_STATUS_MASK = PPC_BITMASK(25, 63),
+ TFMR_TBST_ENCODED = PPC_BITMASK(28, 31), /* TBST = TB State */
+ TFMR_TBST_LAST = PPC_BITMASK(32, 35), /* Previous TBST */
+ TFMR_TB_ENABLED = PPC_BIT(40),
+ TFMR_TB_VALID = PPC_BIT(41),
+ TFMR_TB_SYNC_OCCURED = PPC_BIT(42),
+ TFMR_FIRMWARE_CONTROL_ERROR = PPC_BIT(46),
+};
+
+/* TFMR TBST (Time Base State Machine). */
+enum {
+ TBST_RESET = 0x0,
+ TBST_SEND_TOD_MOD = 0x1,
+ TBST_NOT_SET = 0x2,
+ TBST_SYNC_WAIT = 0x6,
+ TBST_GET_TOD = 0x7,
+ TBST_TB_RUNNING = 0x8,
+ TBST_TB_ERROR = 0x9,
+};
+
/*****************************************************************************/
#define is_isa300(ctx) (!!(ctx->insns_flags2 & PPC2_ISA300))
diff --git a/target/ppc/timebase_helper.c b/target/ppc/timebase_helper.c
index f618ed2922..b8b9afe0b6 100644
--- a/target/ppc/timebase_helper.c
+++ b/target/ppc/timebase_helper.c
@@ -18,6 +18,7 @@
*/
#include "qemu/osdep.h"
#include "cpu.h"
+#include "hw/ppc/ppc.h"
#include "exec/helper-proto.h"
#include "exec/exec-all.h"
#include "qemu/log.h"
@@ -145,15 +146,218 @@ void helper_store_booke_tsr(CPUPPCState *env, target_ulong val)
}
#if defined(TARGET_PPC64)
-/* POWER processor Timebase Facility */
+/*
+ * POWER processor Timebase Facility
+ */
+
+/*
+ * The TBST is the timebase state machine, which is a per-core machine that
+ * is used to synchronize the core TB with the ChipTOD. States 3,4,5 are
+ * not used in POWER8/9/10.
+ *
+ * The state machine gets driven by writes to TFMR SPR from the core, and
+ * by signals from the ChipTOD. The state machine table for common
+ * transitions is as follows (according to hardware specs, not necessarily
+ * this implementation):
+ *
+ * | Cur | Event | New |
+ * +----------------+----------------------------------+-----+
+ * | 0 RESET | TFMR |= LOAD_TOD_MOD | 1 |
+ * | 1 SEND_TOD_MOD | "immediate transition" | 2 |
+ * | 2 NOT_SET | mttbu/mttbu40/mttbl | 2 |
+ * | 2 NOT_SET | TFMR |= MOVE_CHIP_TOD_TO_TB | 6 |
+ * | 6 SYNC_WAIT | "sync pulse from ChipTOD" | 7 |
+ * | 7 GET_TOD | ChipTOD xscom MOVE_TOD_TO_TB_REG | 8 |
+ * | 8 TB_RUNNING | mttbu/mttbu40 | 8 |
+ * | 8 TB_RUNNING | TFMR |= LOAD_TOD_MOD | 1 |
+ * | 8 TB_RUNNING | mttbl | 9 |
+ * | 9 TB_ERROR | TFMR |= CLEAR_TB_ERRORS | 0 |
+ *
+ * - LOAD_TOD_MOD will also move states 2,6 to state 1, omitted from table
+ * because it's not a typical init flow.
+ *
+ * - The ERROR state can be entered from most/all other states on invalid
+ * states (e.g., if some TFMR control bit is set from a state where it's
+ * not listed to cause a transition away from), omitted to avoid clutter.
+ *
+ * Note: mttbl causes a timebase error because this inevitably causes
+ * ticks to be lost and TB to become unsynchronized, whereas TB can be
+ * adjusted using mttbu* without losing ticks. mttbl behaviour is not
+ * modelled.
+ *
+ * Note: the TB state machine does not actually cause any real TB adjustment!
+ * TB starts out synchronized across all vCPUs (hardware threads) in
+ * QMEU, so for now the purpose of the TBST and ChipTOD model is simply
+ * to step through firmware initialisation sequences.
+ */
+static unsigned int tfmr_get_tb_state(uint64_t tfmr)
+{
+ return (tfmr & TFMR_TBST_ENCODED) >> (63 - 31);
+}
+
+static uint64_t tfmr_new_tb_state(uint64_t tfmr, unsigned int tbst)
+{
+ tfmr &= ~TFMR_TBST_LAST;
+ tfmr |= (tfmr & TFMR_TBST_ENCODED) >> 4; /* move state to last state */
+ tfmr &= ~TFMR_TBST_ENCODED;
+ tfmr |= (uint64_t)tbst << (63 - 31); /* move new state to state */
+
+ if (tbst == TBST_TB_RUNNING) {
+ tfmr |= TFMR_TB_VALID;
+ } else {
+ tfmr &= ~TFMR_TB_VALID;
+ }
+
+ return tfmr;
+}
+
+static void tb_state_machine_step(CPUPPCState *env)
+{
+ uint64_t tfmr = env->spr[SPR_TFMR];
+ unsigned int tbst = tfmr_get_tb_state(tfmr);
+
+ if (!(tfmr & TFMR_TB_ECLIPZ) || tbst == TBST_TB_ERROR) {
+ return;
+ }
+
+ if (env->pnv_tod_tbst.tb_sync_pulse_timer) {
+ env->pnv_tod_tbst.tb_sync_pulse_timer--;
+ } else {
+ tfmr |= TFMR_TB_SYNC_OCCURED;
+ env->spr[SPR_TFMR] = tfmr;
+ }
+
+ if (env->pnv_tod_tbst.tb_state_timer) {
+ env->pnv_tod_tbst.tb_state_timer--;
+ return;
+ }
+
+ if (tfmr & TFMR_LOAD_TOD_MOD) {
+ tfmr &= ~TFMR_LOAD_TOD_MOD;
+ if (tbst == TBST_GET_TOD) {
+ tfmr = tfmr_new_tb_state(tfmr, TBST_TB_ERROR);
+ tfmr |= TFMR_FIRMWARE_CONTROL_ERROR;
+ } else {
+ tfmr = tfmr_new_tb_state(tfmr, TBST_SEND_TOD_MOD);
+ /* State seems to transition immediately */
+ tfmr = tfmr_new_tb_state(tfmr, TBST_NOT_SET);
+ }
+ } else if (tfmr & TFMR_MOVE_CHIP_TOD_TO_TB) {
+ if (tbst == TBST_SYNC_WAIT) {
+ tfmr = tfmr_new_tb_state(tfmr, TBST_GET_TOD);
+ env->pnv_tod_tbst.tb_state_timer = 3;
+ } else if (tbst == TBST_GET_TOD) {
+ if (env->pnv_tod_tbst.tod_sent_to_tb) {
+ tfmr = tfmr_new_tb_state(tfmr, TBST_TB_RUNNING);
+ tfmr &= ~TFMR_MOVE_CHIP_TOD_TO_TB;
+ env->pnv_tod_tbst.tb_ready_for_tod = 0;
+ env->pnv_tod_tbst.tod_sent_to_tb = 0;
+ }
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR, "TFMR error: MOVE_CHIP_TOD_TO_TB "
+ "state machine in invalid state 0x%x\n", tbst);
+ tfmr = tfmr_new_tb_state(tfmr, TBST_TB_ERROR);
+ tfmr |= TFMR_FIRMWARE_CONTROL_ERROR;
+ env->pnv_tod_tbst.tb_ready_for_tod = 0;
+ }
+ }
+
+ env->spr[SPR_TFMR] = tfmr;
+}
+
target_ulong helper_load_tfmr(CPUPPCState *env)
{
- return env->spr[SPR_TFMR];
+ tb_state_machine_step(env);
+
+ return env->spr[SPR_TFMR] | TFMR_TB_ECLIPZ;
}
void helper_store_tfmr(CPUPPCState *env, target_ulong val)
{
- env->spr[SPR_TFMR] = val;
+ uint64_t tfmr = env->spr[SPR_TFMR];
+ uint64_t clear_on_write;
+ unsigned int tbst = tfmr_get_tb_state(tfmr);
+
+ if (!(val & TFMR_TB_ECLIPZ)) {
+ qemu_log_mask(LOG_UNIMP, "TFMR non-ECLIPZ mode not implemented\n");
+ tfmr &= ~TFMR_TBST_ENCODED;
+ tfmr &= ~TFMR_TBST_LAST;
+ goto out;
+ }
+
+ /* Update control bits */
+ tfmr = (tfmr & ~TFMR_CONTROL_MASK) | (val & TFMR_CONTROL_MASK);
+
+ /* Several bits are clear-on-write, only one is implemented so far */
+ clear_on_write = val & TFMR_FIRMWARE_CONTROL_ERROR;
+ tfmr &= ~clear_on_write;
+
+ /*
+ * mtspr always clears this. The sync pulse timer makes it come back
+ * after the second mfspr.
+ */
+ tfmr &= ~TFMR_TB_SYNC_OCCURED;
+ env->pnv_tod_tbst.tb_sync_pulse_timer = 1;
+
+ if (ppc_cpu_tir(env_archcpu(env)) != 0 &&
+ (val & (TFMR_LOAD_TOD_MOD | TFMR_MOVE_CHIP_TOD_TO_TB))) {
+ qemu_log_mask(LOG_UNIMP, "TFMR timebase state machine can only be "
+ "driven by thread 0\n");
+ goto out;
+ }
+
+ if (((tfmr | val) & (TFMR_LOAD_TOD_MOD | TFMR_MOVE_CHIP_TOD_TO_TB)) ==
+ (TFMR_LOAD_TOD_MOD | TFMR_MOVE_CHIP_TOD_TO_TB)) {
+ qemu_log_mask(LOG_GUEST_ERROR, "TFMR error: LOAD_TOD_MOD and "
+ "MOVE_CHIP_TOD_TO_TB both set\n");
+ tfmr = tfmr_new_tb_state(tfmr, TBST_TB_ERROR);
+ tfmr |= TFMR_FIRMWARE_CONTROL_ERROR;
+ env->pnv_tod_tbst.tb_ready_for_tod = 0;
+ goto out;
+ }
+
+ if (tfmr & TFMR_CLEAR_TB_ERRORS) {
+ /*
+ * Workbook says TFMR_CLEAR_TB_ERRORS should be written twice.
+ * This is not simulated/required here.
+ */
+ tfmr = tfmr_new_tb_state(tfmr, TBST_RESET);
+ tfmr &= ~TFMR_CLEAR_TB_ERRORS;
+ tfmr &= ~TFMR_LOAD_TOD_MOD;
+ tfmr &= ~TFMR_MOVE_CHIP_TOD_TO_TB;
+ tfmr &= ~TFMR_FIRMWARE_CONTROL_ERROR; /* XXX: should this be cleared? */
+ env->pnv_tod_tbst.tb_ready_for_tod = 0;
+ env->pnv_tod_tbst.tod_sent_to_tb = 0;
+ goto out;
+ }
+
+ if (tbst == TBST_TB_ERROR) {
+ qemu_log_mask(LOG_GUEST_ERROR, "TFMR error: mtspr TFMR in TB_ERROR"
+ " state\n");
+ tfmr |= TFMR_FIRMWARE_CONTROL_ERROR;
+ return;
+ }
+
+ if (tfmr & TFMR_LOAD_TOD_MOD) {
+ /* Wait for an arbitrary 3 mfspr until the next state transition. */
+ env->pnv_tod_tbst.tb_state_timer = 3;
+ } else if (tfmr & TFMR_MOVE_CHIP_TOD_TO_TB) {
+ if (tbst == TBST_NOT_SET) {
+ tfmr = tfmr_new_tb_state(tfmr, TBST_SYNC_WAIT);
+ env->pnv_tod_tbst.tb_ready_for_tod = 1;
+ env->pnv_tod_tbst.tb_state_timer = 3; /* arbitrary */
+ } else {
+ qemu_log_mask(LOG_GUEST_ERROR, "TFMR error: MOVE_CHIP_TOD_TO_TB "
+ "not in TB not set state 0x%x\n",
+ tbst);
+ tfmr = tfmr_new_tb_state(tfmr, TBST_TB_ERROR);
+ tfmr |= TFMR_FIRMWARE_CONTROL_ERROR;
+ env->pnv_tod_tbst.tb_ready_for_tod = 0;
+ }
+ }
+
+out:
+ env->spr[SPR_TFMR] = tfmr;
}
#endif
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 13/26] target/ppc: Add SMT support to time facilities
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (11 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 12/26] target/ppc: Implement core timebase state machine and TFMR Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 14/26] target/ppc: Add new hflags to support BHRB Nicholas Piggin
` (13 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
The TB, VTB, PURR, HDEC SPRs are per-LPAR registers, and the TFMR is a
per-core register. Add the necessary SMT synchronisation and value
sharing.
The TFMR can only drive the timebase state machine via thread 0 of the
core, which is almost certainly not right, but it is enough for skiboot
and certain other proprietary firmware.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/timebase_helper.c | 105 ++++++++++++++++++++++++++++++++---
target/ppc/translate.c | 42 +++++++++++++-
2 files changed, 136 insertions(+), 11 deletions(-)
diff --git a/target/ppc/timebase_helper.c b/target/ppc/timebase_helper.c
index b8b9afe0b6..39d397416e 100644
--- a/target/ppc/timebase_helper.c
+++ b/target/ppc/timebase_helper.c
@@ -60,19 +60,55 @@ target_ulong helper_load_purr(CPUPPCState *env)
void helper_store_purr(CPUPPCState *env, target_ulong val)
{
- cpu_ppc_store_purr(env, val);
+ CPUState *cs = env_cpu(env);
+ CPUState *ccs;
+ uint32_t nr_threads = cs->nr_threads;
+
+ if (nr_threads == 1 || !(env->flags & POWERPC_FLAG_SMT_1LPAR)) {
+ cpu_ppc_store_purr(env, val);
+ return;
+ }
+
+ THREAD_SIBLING_FOREACH(cs, ccs) {
+ CPUPPCState *cenv = &POWERPC_CPU(ccs)->env;
+ cpu_ppc_store_purr(cenv, val);
+ }
}
#endif
#if !defined(CONFIG_USER_ONLY)
void helper_store_tbl(CPUPPCState *env, target_ulong val)
{
- cpu_ppc_store_tbl(env, val);
+ CPUState *cs = env_cpu(env);
+ CPUState *ccs;
+ uint32_t nr_threads = cs->nr_threads;
+
+ if (nr_threads == 1 || !(env->flags & POWERPC_FLAG_SMT_1LPAR)) {
+ cpu_ppc_store_tbl(env, val);
+ return;
+ }
+
+ THREAD_SIBLING_FOREACH(cs, ccs) {
+ CPUPPCState *cenv = &POWERPC_CPU(ccs)->env;
+ cpu_ppc_store_tbl(cenv, val);
+ }
}
void helper_store_tbu(CPUPPCState *env, target_ulong val)
{
- cpu_ppc_store_tbu(env, val);
+ CPUState *cs = env_cpu(env);
+ CPUState *ccs;
+ uint32_t nr_threads = cs->nr_threads;
+
+ if (nr_threads == 1 || !(env->flags & POWERPC_FLAG_SMT_1LPAR)) {
+ cpu_ppc_store_tbu(env, val);
+ return;
+ }
+
+ THREAD_SIBLING_FOREACH(cs, ccs) {
+ CPUPPCState *cenv = &POWERPC_CPU(ccs)->env;
+ cpu_ppc_store_tbu(cenv, val);
+ }
}
void helper_store_atbl(CPUPPCState *env, target_ulong val)
@@ -102,17 +138,53 @@ target_ulong helper_load_hdecr(CPUPPCState *env)
void helper_store_hdecr(CPUPPCState *env, target_ulong val)
{
- cpu_ppc_store_hdecr(env, val);
+ CPUState *cs = env_cpu(env);
+ CPUState *ccs;
+ uint32_t nr_threads = cs->nr_threads;
+
+ if (nr_threads == 1 || !(env->flags & POWERPC_FLAG_SMT_1LPAR)) {
+ cpu_ppc_store_hdecr(env, val);
+ return;
+ }
+
+ THREAD_SIBLING_FOREACH(cs, ccs) {
+ CPUPPCState *cenv = &POWERPC_CPU(ccs)->env;
+ cpu_ppc_store_hdecr(cenv, val);
+ }
}
void helper_store_vtb(CPUPPCState *env, target_ulong val)
{
- cpu_ppc_store_vtb(env, val);
+ CPUState *cs = env_cpu(env);
+ CPUState *ccs;
+ uint32_t nr_threads = cs->nr_threads;
+
+ if (nr_threads == 1 || !(env->flags & POWERPC_FLAG_SMT_1LPAR)) {
+ cpu_ppc_store_vtb(env, val);
+ return;
+ }
+
+ THREAD_SIBLING_FOREACH(cs, ccs) {
+ CPUPPCState *cenv = &POWERPC_CPU(ccs)->env;
+ cpu_ppc_store_vtb(cenv, val);
+ }
}
void helper_store_tbu40(CPUPPCState *env, target_ulong val)
{
- cpu_ppc_store_tbu40(env, val);
+ CPUState *cs = env_cpu(env);
+ CPUState *ccs;
+ uint32_t nr_threads = cs->nr_threads;
+
+ if (nr_threads == 1 || !(env->flags & POWERPC_FLAG_SMT_1LPAR)) {
+ cpu_ppc_store_tbu40(env, val);
+ return;
+ }
+
+ THREAD_SIBLING_FOREACH(cs, ccs) {
+ CPUPPCState *cenv = &POWERPC_CPU(ccs)->env;
+ cpu_ppc_store_tbu40(cenv, val);
+ }
}
target_ulong helper_load_40x_pit(CPUPPCState *env)
@@ -211,6 +283,21 @@ static uint64_t tfmr_new_tb_state(uint64_t tfmr, unsigned int tbst)
return tfmr;
}
+static void write_tfmr(CPUPPCState *env, target_ulong val)
+{
+ CPUState *cs = env_cpu(env);
+
+ if (cs->nr_threads == 1) {
+ env->spr[SPR_TFMR] = val;
+ } else {
+ CPUState *ccs;
+ THREAD_SIBLING_FOREACH(cs, ccs) {
+ CPUPPCState *cenv = &POWERPC_CPU(ccs)->env;
+ cenv->spr[SPR_TFMR] = val;
+ }
+ }
+}
+
static void tb_state_machine_step(CPUPPCState *env)
{
uint64_t tfmr = env->spr[SPR_TFMR];
@@ -224,7 +311,7 @@ static void tb_state_machine_step(CPUPPCState *env)
env->pnv_tod_tbst.tb_sync_pulse_timer--;
} else {
tfmr |= TFMR_TB_SYNC_OCCURED;
- env->spr[SPR_TFMR] = tfmr;
+ write_tfmr(env, tfmr);
}
if (env->pnv_tod_tbst.tb_state_timer) {
@@ -262,7 +349,7 @@ static void tb_state_machine_step(CPUPPCState *env)
}
}
- env->spr[SPR_TFMR] = tfmr;
+ write_tfmr(env, tfmr);
}
target_ulong helper_load_tfmr(CPUPPCState *env)
@@ -357,7 +444,7 @@ void helper_store_tfmr(CPUPPCState *env, target_ulong val)
}
out:
- env->spr[SPR_TFMR] = tfmr;
+ write_tfmr(env, tfmr);
}
#endif
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 329da4d518..bd103b1026 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -247,13 +247,24 @@ static inline bool gen_serialize(DisasContext *ctx)
return true;
}
-#if defined(TARGET_PPC64) && !defined(CONFIG_USER_ONLY)
+#if !defined(CONFIG_USER_ONLY)
+#if defined(TARGET_PPC64)
+static inline bool gen_serialize_core(DisasContext *ctx)
+{
+ if (ctx->flags & POWERPC_FLAG_SMT) {
+ return gen_serialize(ctx);
+ }
+ return true;
+}
+#endif
+
static inline bool gen_serialize_core_lpar(DisasContext *ctx)
{
+#if defined(TARGET_PPC64)
if (ctx->flags & POWERPC_FLAG_SMT_1LPAR) {
return gen_serialize(ctx);
}
-
+#endif
return true;
}
#endif
@@ -667,12 +678,20 @@ void spr_read_atbu(DisasContext *ctx, int gprn, int sprn)
#if !defined(CONFIG_USER_ONLY)
void spr_write_tbl(DisasContext *ctx, int sprn, int gprn)
{
+ if (!gen_serialize_core_lpar(ctx)) {
+ return;
+ }
+
translator_io_start(&ctx->base);
gen_helper_store_tbl(tcg_env, cpu_gpr[gprn]);
}
void spr_write_tbu(DisasContext *ctx, int sprn, int gprn)
{
+ if (!gen_serialize_core_lpar(ctx)) {
+ return;
+ }
+
translator_io_start(&ctx->base);
gen_helper_store_tbu(tcg_env, cpu_gpr[gprn]);
}
@@ -696,6 +715,9 @@ void spr_read_purr(DisasContext *ctx, int gprn, int sprn)
void spr_write_purr(DisasContext *ctx, int sprn, int gprn)
{
+ if (!gen_serialize_core_lpar(ctx)) {
+ return;
+ }
translator_io_start(&ctx->base);
gen_helper_store_purr(tcg_env, cpu_gpr[gprn]);
}
@@ -709,6 +731,9 @@ void spr_read_hdecr(DisasContext *ctx, int gprn, int sprn)
void spr_write_hdecr(DisasContext *ctx, int sprn, int gprn)
{
+ if (!gen_serialize_core_lpar(ctx)) {
+ return;
+ }
translator_io_start(&ctx->base);
gen_helper_store_hdecr(tcg_env, cpu_gpr[gprn]);
}
@@ -721,12 +746,18 @@ void spr_read_vtb(DisasContext *ctx, int gprn, int sprn)
void spr_write_vtb(DisasContext *ctx, int sprn, int gprn)
{
+ if (!gen_serialize_core_lpar(ctx)) {
+ return;
+ }
translator_io_start(&ctx->base);
gen_helper_store_vtb(tcg_env, cpu_gpr[gprn]);
}
void spr_write_tbu40(DisasContext *ctx, int sprn, int gprn)
{
+ if (!gen_serialize_core_lpar(ctx)) {
+ return;
+ }
translator_io_start(&ctx->base);
gen_helper_store_tbu40(tcg_env, cpu_gpr[gprn]);
}
@@ -1220,11 +1251,18 @@ void spr_write_hmer(DisasContext *ctx, int sprn, int gprn)
void spr_read_tfmr(DisasContext *ctx, int gprn, int sprn)
{
+ /* Reading TFMR can cause it to be updated, so serialize threads here too */
+ if (!gen_serialize_core(ctx)) {
+ return;
+ }
gen_helper_load_tfmr(cpu_gpr[gprn], tcg_env);
}
void spr_write_tfmr(DisasContext *ctx, int sprn, int gprn)
{
+ if (!gen_serialize_core(ctx)) {
+ return;
+ }
gen_helper_store_tfmr(tcg_env, cpu_gpr[gprn]);
}
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 14/26] target/ppc: Add new hflags to support BHRB
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (12 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 13/26] target/ppc: Add SMT support to time facilities Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 15/26] target/ppc: Add recording of taken branches to BHRB Nicholas Piggin
` (12 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel, Glenn Miles
From: Glenn Miles <milesg@linux.vnet.ibm.com>
This commit is preparatory to the addition of Branch History
Rolling Buffer (BHRB) functionality, which is being provided
today starting with the P8 processor.
BHRB uses several SPR register fields to control whether or not
a branch instruction's address (and sometimes target address)
should be recorded. Checking each of these fields with each
branch instruction using jitted code would lead to a significant
decrease in performance.
Therefore, it was decided that BHRB configuration bits that are
not expected to change frequently should have their state summarized
in an hflag so that the amount of checking done by jitted code can
be reduced.
This commit contains the changes for summarizing the state of the
following register fields in the HFLAGS_BHRB_ENABLE hflag:
MMCR0[FCP] - Determines if BHRB recording is frozen in the
problem state
MMCR0[FCPC] - A modifier for MMCR0[FCP]
MMCRA[BHRBRD] - Disables all BHRB recording for a thread
Signed-off-by: Glenn Miles <milesg@linux.vnet.ibm.com>
[npiggin: rebase and minor compile fixes]
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/cpu.h | 5 +++++
target/ppc/helper.h | 1 +
target/ppc/power8-pmu.h | 4 ++--
target/ppc/spr_common.h | 1 +
target/ppc/cpu_init.c | 4 ++--
target/ppc/helper_regs.c | 37 ++++++++++++++++++++++++++++++++
target/ppc/machine.c | 2 +-
target/ppc/power8-pmu.c | 15 +++++++++----
target/ppc/translate.c | 2 ++
target/ppc/power8-pmu-regs.c.inc | 5 +++++
10 files changed, 67 insertions(+), 9 deletions(-)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 54150d5a08..60dd644cb9 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -535,6 +535,8 @@ FIELD(MSR, LE, MSR_LE, 1)
#define MMCR0_FC56 PPC_BIT(59) /* PMC Freeze Counters 5-6 bit */
#define MMCR0_PMC1CE PPC_BIT(48) /* MMCR0 PMC1 Condition Enabled */
#define MMCR0_PMCjCE PPC_BIT(49) /* MMCR0 PMCj Condition Enabled */
+#define MMCR0_FCP PPC_BIT(34) /* Freeze Counters/BHRB if PR=1 */
+#define MMCR0_FCPC PPC_BIT(51) /* Condition for FCP bit */
/* MMCR0 userspace r/w mask */
#define MMCR0_UREG_MASK (MMCR0_FC | MMCR0_PMAO | MMCR0_PMAE)
/* MMCR2 userspace r/w mask */
@@ -547,6 +549,8 @@ FIELD(MSR, LE, MSR_LE, 1)
#define MMCR2_UREG_MASK (MMCR2_FC1P0 | MMCR2_FC2P0 | MMCR2_FC3P0 | \
MMCR2_FC4P0 | MMCR2_FC5P0 | MMCR2_FC6P0)
+#define MMCRA_BHRBRD PPC_BIT(26) /* BHRB Recording Disable */
+
#define MMCR1_EVT_SIZE 8
/* extract64() does a right shift before extracting */
#define MMCR1_PMC1SEL_START 32
@@ -799,6 +803,7 @@ enum {
HFLAGS_PMCJCE = 17, /* MMCR0 PMCjCE bit */
HFLAGS_PMC_OTHER = 18, /* PMC other than PMC5-6 is enabled */
HFLAGS_INSN_CNT = 19, /* PMU instruction count enabled */
+ HFLAGS_BHRB_ENABLE = 20, /* Summary flag for enabling BHRB */
HFLAGS_VSX = 23, /* MSR_VSX if cpu has VSX */
HFLAGS_VR = 25, /* MSR_VR if cpu has VRE */
diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 86f97ee1e7..3df360efe9 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -30,6 +30,7 @@ DEF_HELPER_2(store_dawr0, void, env, tl)
DEF_HELPER_2(store_dawrx0, void, env, tl)
DEF_HELPER_2(store_mmcr0, void, env, tl)
DEF_HELPER_2(store_mmcr1, void, env, tl)
+DEF_HELPER_2(store_mmcrA, void, env, tl)
DEF_HELPER_3(store_pmc, void, env, i32, i64)
DEF_HELPER_2(read_pmc, tl, env, i32)
DEF_HELPER_2(insns_inc, void, env, i32)
diff --git a/target/ppc/power8-pmu.h b/target/ppc/power8-pmu.h
index 775e640053..87fa8c9334 100644
--- a/target/ppc/power8-pmu.h
+++ b/target/ppc/power8-pmu.h
@@ -18,10 +18,10 @@
#define PMC_COUNTER_NEGATIVE_VAL 0x80000000UL
void cpu_ppc_pmu_init(CPUPPCState *env);
-void pmu_mmcr01_updated(CPUPPCState *env);
+void pmu_mmcr01a_updated(CPUPPCState *env);
#else
static inline void cpu_ppc_pmu_init(CPUPPCState *env) { }
-static inline void pmu_mmcr01_updated(CPUPPCState *env) { }
+static inline void pmu_mmcr01a_updated(CPUPPCState *env) { }
#endif
#endif
diff --git a/target/ppc/spr_common.h b/target/ppc/spr_common.h
index 8a9d6cd994..eb2561f593 100644
--- a/target/ppc/spr_common.h
+++ b/target/ppc/spr_common.h
@@ -85,6 +85,7 @@ void spr_write_generic32(DisasContext *ctx, int sprn, int gprn);
void spr_core_write_generic(DisasContext *ctx, int sprn, int gprn);
void spr_write_MMCR0(DisasContext *ctx, int sprn, int gprn);
void spr_write_MMCR1(DisasContext *ctx, int sprn, int gprn);
+void spr_write_MMCRA(DisasContext *ctx, int sprn, int gprn);
void spr_write_PMC(DisasContext *ctx, int sprn, int gprn);
void spr_write_CTRL(DisasContext *ctx, int sprn, int gprn);
void spr_read_xer(DisasContext *ctx, int gprn, int sprn);
diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index 5c1d0adca8..72e0ac7029 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -5152,7 +5152,7 @@ static void register_book3s_pmu_sup_sprs(CPUPPCState *env)
KVM_REG_PPC_MMCR1, 0x00000000);
spr_register_kvm(env, SPR_POWER_MMCRA, "MMCRA",
SPR_NOACCESS, SPR_NOACCESS,
- &spr_read_generic, &spr_write_generic,
+ &spr_read_generic, &spr_write_MMCRA,
KVM_REG_PPC_MMCRA, 0x00000000);
spr_register_kvm(env, SPR_POWER_PMC1, "PMC1",
SPR_NOACCESS, SPR_NOACCESS,
@@ -7163,7 +7163,7 @@ static void ppc_cpu_reset_hold(Object *obj)
if (env->mmu_model != POWERPC_MMU_REAL) {
ppc_tlb_invalidate_all(env);
}
- pmu_mmcr01_updated(env);
+ pmu_mmcr01a_updated(env);
}
/* clean any pending stop state */
diff --git a/target/ppc/helper_regs.c b/target/ppc/helper_regs.c
index 25258986e3..07a07ae720 100644
--- a/target/ppc/helper_regs.c
+++ b/target/ppc/helper_regs.c
@@ -47,6 +47,39 @@ void hreg_swap_gpr_tgpr(CPUPPCState *env)
env->tgpr[3] = tmp;
}
+#if defined(TARGET_PPC64)
+static bool hreg_check_bhrb_enable(CPUPPCState *env)
+{
+ bool pr = !!(env->msr & (1 << MSR_PR));
+ target_long mmcr0;
+ bool fcp;
+ bool hv;
+
+ /* ISA 3.1 adds the PMCRA[BRHBRD] and problem state checks */
+ if ((env->insns_flags2 & PPC2_ISA310) &&
+ ((env->spr[SPR_POWER_MMCRA] & MMCRA_BHRBRD) || !pr)) {
+ return false;
+ }
+
+ /* Check for BHRB "frozen" conditions */
+ mmcr0 = env->spr[SPR_POWER_MMCR0];
+ fcp = !!(mmcr0 & MMCR0_FCP);
+ if (mmcr0 & MMCR0_FCPC) {
+ hv = !!(env->msr & (1ull << MSR_HV));
+ if (fcp) {
+ if (hv && pr) {
+ return false;
+ }
+ } else if (!hv && pr) {
+ return false;
+ }
+ } else if (fcp && pr) {
+ return false;
+ }
+ return true;
+}
+#endif
+
static uint32_t hreg_compute_pmu_hflags_value(CPUPPCState *env)
{
uint32_t hflags = 0;
@@ -61,6 +94,9 @@ static uint32_t hreg_compute_pmu_hflags_value(CPUPPCState *env)
if (env->spr[SPR_POWER_MMCR0] & MMCR0_PMCjCE) {
hflags |= 1 << HFLAGS_PMCJCE;
}
+ if (hreg_check_bhrb_enable(env)) {
+ hflags |= 1 << HFLAGS_BHRB_ENABLE;
+ }
#ifndef CONFIG_USER_ONLY
if (env->pmc_ins_cnt) {
@@ -85,6 +121,7 @@ static uint32_t hreg_compute_pmu_hflags_mask(CPUPPCState *env)
hflags_mask |= 1 << HFLAGS_PMCJCE;
hflags_mask |= 1 << HFLAGS_INSN_CNT;
hflags_mask |= 1 << HFLAGS_PMC_OTHER;
+ hflags_mask |= 1 << HFLAGS_BHRB_ENABLE;
#endif
return hflags_mask;
}
diff --git a/target/ppc/machine.c b/target/ppc/machine.c
index 203fe28e01..6b6c31d903 100644
--- a/target/ppc/machine.c
+++ b/target/ppc/machine.c
@@ -333,7 +333,7 @@ static int cpu_post_load(void *opaque, int version_id)
* triggered types (including HDEC) would need to carry more state.
*/
cpu_ppc_store_decr(env, env->spr[SPR_DECR]);
- pmu_mmcr01_updated(env);
+ pmu_mmcr01a_updated(env);
}
return 0;
diff --git a/target/ppc/power8-pmu.c b/target/ppc/power8-pmu.c
index cbc5889d91..6f5d4e1256 100644
--- a/target/ppc/power8-pmu.c
+++ b/target/ppc/power8-pmu.c
@@ -82,7 +82,7 @@ static void pmu_update_summaries(CPUPPCState *env)
env->pmc_cyc_cnt = cyc_cnt;
}
-void pmu_mmcr01_updated(CPUPPCState *env)
+void pmu_mmcr01a_updated(CPUPPCState *env)
{
PowerPCCPU *cpu = env_archcpu(env);
@@ -260,7 +260,7 @@ void helper_store_mmcr0(CPUPPCState *env, target_ulong value)
env->spr[SPR_POWER_MMCR0] = value;
- pmu_mmcr01_updated(env);
+ pmu_mmcr01a_updated(env);
/* Update cycle overflow timers with the current MMCR0 state */
pmu_update_overflow_timers(env);
@@ -272,7 +272,14 @@ void helper_store_mmcr1(CPUPPCState *env, uint64_t value)
env->spr[SPR_POWER_MMCR1] = value;
- pmu_mmcr01_updated(env);
+ pmu_mmcr01a_updated(env);
+}
+
+void helper_store_mmcrA(CPUPPCState *env, uint64_t value)
+{
+ env->spr[SPR_POWER_MMCRA] = value;
+
+ pmu_mmcr01a_updated(env);
}
target_ulong helper_read_pmc(CPUPPCState *env, uint32_t sprn)
@@ -301,7 +308,7 @@ static void perfm_alert(PowerPCCPU *cpu)
env->spr[SPR_POWER_MMCR0] |= MMCR0_FC;
/* Changing MMCR0_FC requires summaries and hflags update */
- pmu_mmcr01_updated(env);
+ pmu_mmcr01a_updated(env);
/*
* Delete all pending timers if we need to freeze
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index bd103b1026..033d6f7bad 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -194,6 +194,7 @@ struct DisasContext {
bool mmcr0_pmcjce;
bool pmc_other;
bool pmu_insn_cnt;
+ bool bhrb_enable;
ppc_spr_t *spr_cb; /* Needed to check rights for mfspr/mtspr */
int singlestep_enabled;
uint32_t flags;
@@ -7392,6 +7393,7 @@ static void ppc_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
ctx->mmcr0_pmcjce = (hflags >> HFLAGS_PMCJCE) & 1;
ctx->pmc_other = (hflags >> HFLAGS_PMC_OTHER) & 1;
ctx->pmu_insn_cnt = (hflags >> HFLAGS_INSN_CNT) & 1;
+ ctx->bhrb_enable = (hflags >> HFLAGS_BHRB_ENABLE) & 1;
ctx->singlestep_enabled = 0;
if ((hflags >> HFLAGS_SE) & 1) {
diff --git a/target/ppc/power8-pmu-regs.c.inc b/target/ppc/power8-pmu-regs.c.inc
index 4956a8b350..652cf20704 100644
--- a/target/ppc/power8-pmu-regs.c.inc
+++ b/target/ppc/power8-pmu-regs.c.inc
@@ -175,6 +175,11 @@ void spr_write_MMCR2_ureg(DisasContext *ctx, int sprn, int gprn)
gen_store_spr(SPR_POWER_MMCR2, masked_gprn);
}
+void spr_write_MMCRA(DisasContext *ctx, int sprn, int gprn)
+{
+ gen_helper_store_mmcrA(tcg_env, cpu_gpr[gprn]);
+}
+
void spr_read_PMC(DisasContext *ctx, int gprn, int sprn)
{
TCGv_i32 t_sprn = tcg_constant_i32(sprn);
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 15/26] target/ppc: Add recording of taken branches to BHRB
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (13 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 14/26] target/ppc: Add new hflags to support BHRB Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 16/26] target/ppc: Add clrbhrb and mfbhrbe instructions Nicholas Piggin
` (11 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel, Glenn Miles
From: Glenn Miles <milesg@linux.vnet.ibm.com>
This commit continues adding support for the Branch History
Rolling Buffer (BHRB) as is provided starting with the P8
processor and continuing with its successors. This commit
is limited to the recording and filtering of taken branches.
The following changes were made:
- Enabled functionality on P10 processors only due to
performance impact seen with P8 and P9 where it is not
disabled for non problem state branches.
- Added a BHRB buffer for storing branch instruction and
target addresses for taken branches
- Renamed gen_update_cfar to gen_update_branch_history and
added a 'target' parameter to hold the branch target
address and 'inst_type' parameter to use for filtering
- Added TCG code to gen_update_branch_history that stores
data to the BHRB and updates the BHRB offset.
- Added BHRB resource initialization and reset functions
Signed-off-by: Glenn Miles <milesg@linux.vnet.ibm.com>
[npiggin: rebase and minor compile fixes]
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/cpu.h | 17 +++++
target/ppc/power8-pmu.h | 7 ++
target/ppc/cpu_init.c | 37 +++++++++-
target/ppc/power8-pmu.c | 33 +++++++++
target/ppc/translate.c | 97 ++++++++++++++++++++++++--
target/ppc/translate/branch-impl.c.inc | 2 +-
6 files changed, 185 insertions(+), 8 deletions(-)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 60dd644cb9..9bda69f779 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -550,6 +550,8 @@ FIELD(MSR, LE, MSR_LE, 1)
MMCR2_FC4P0 | MMCR2_FC5P0 | MMCR2_FC6P0)
#define MMCRA_BHRBRD PPC_BIT(26) /* BHRB Recording Disable */
+#define MMCRA_IFM_MASK PPC_BITMASK(32, 33) /* BHRB Instruction Filtering */
+#define MMCRA_IFM_SHIFT PPC_BIT_NR(33)
#define MMCR1_EVT_SIZE 8
/* extract64() does a right shift before extracting */
@@ -776,6 +778,8 @@ enum {
POWERPC_FLAG_SMT = 0x00400000,
/* Using "LPAR per core" mode (as opposed to per-thread) */
POWERPC_FLAG_SMT_1LPAR = 0x00800000,
+ /* Has BHRB */
+ POWERPC_FLAG_BHRB = 0x01000000,
};
/*
@@ -1217,6 +1221,9 @@ struct pnv_tod_tbst {
#define PPC_CPU_OPCODES_LEN 0x40
#define PPC_CPU_INDIRECT_OPCODES_LEN 0x20
+#define BHRB_MAX_NUM_ENTRIES_LOG2 (5)
+#define BHRB_MAX_NUM_ENTRIES (1 << BHRB_MAX_NUM_ENTRIES_LOG2)
+
struct CPUArchState {
/* Most commonly used resources during translated code execution first */
target_ulong gpr[32]; /* general purpose registers */
@@ -1313,6 +1320,16 @@ struct CPUArchState {
int dcache_line_size;
int icache_line_size;
+#ifdef TARGET_PPC64
+ /* Branch History Rolling Buffer (BHRB) resources */
+ target_ulong bhrb_num_entries;
+ target_ulong bhrb_base;
+ target_ulong bhrb_filter;
+ target_ulong bhrb_offset;
+ target_ulong bhrb_offset_mask;
+ uint64_t bhrb[BHRB_MAX_NUM_ENTRIES];
+#endif
+
/* These resources are used during exception processing */
/* CPU model definition */
target_ulong msr_mask;
diff --git a/target/ppc/power8-pmu.h b/target/ppc/power8-pmu.h
index 87fa8c9334..3f79cfc45b 100644
--- a/target/ppc/power8-pmu.h
+++ b/target/ppc/power8-pmu.h
@@ -13,6 +13,13 @@
#ifndef POWER8_PMU_H
#define POWER8_PMU_H
+#define BHRB_TYPE_NORECORD 0x00
+#define BHRB_TYPE_CALL 0x01
+#define BHRB_TYPE_INDIRECT 0x02
+#define BHRB_TYPE_COND 0x04
+#define BHRB_TYPE_OTHER 0x08
+#define BHRB_TYPE_XL_FORM 0x10
+
#if defined(TARGET_PPC64) && !defined(CONFIG_USER_ONLY)
#define PMC_COUNTER_NEGATIVE_VAL 0x80000000UL
diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index 72e0ac7029..421900cd11 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -6110,6 +6110,28 @@ POWERPC_FAMILY(POWER7)(ObjectClass *oc, void *data)
pcc->l1_icache_size = 0x8000;
}
+static void bhrb_init_state(CPUPPCState *env, target_long num_entries_log2)
+{
+ if (env->flags & POWERPC_FLAG_BHRB) {
+ if (num_entries_log2 > BHRB_MAX_NUM_ENTRIES_LOG2) {
+ num_entries_log2 = BHRB_MAX_NUM_ENTRIES_LOG2;
+ }
+ env->bhrb_num_entries = 1 << num_entries_log2;
+ env->bhrb_base = (target_long)&env->bhrb[0];
+ env->bhrb_offset_mask = (env->bhrb_num_entries * sizeof(uint64_t)) - 1;
+ }
+}
+
+static void bhrb_reset_state(CPUPPCState *env)
+{
+ if (env->flags & POWERPC_FLAG_BHRB) {
+ env->bhrb_offset = 0;
+ env->bhrb_filter = 0;
+ memset(env->bhrb, 0, sizeof(env->bhrb));
+ }
+}
+
+#define POWER8_BHRB_ENTRIES_LOG2 5
static void init_proc_POWER8(CPUPPCState *env)
{
/* Common Registers */
@@ -6151,6 +6173,8 @@ static void init_proc_POWER8(CPUPPCState *env)
env->dcache_line_size = 128;
env->icache_line_size = 128;
+ bhrb_init_state(env, POWER8_BHRB_ENTRIES_LOG2);
+
/* Allocate hardware IRQ controller */
init_excp_POWER8(env);
ppcPOWER7_irq_init(env_archcpu(env));
@@ -6275,6 +6299,7 @@ static struct ppc_radix_page_info POWER9_radix_page_info = {
};
#endif /* CONFIG_USER_ONLY */
+#define POWER9_BHRB_ENTRIES_LOG2 5
static void init_proc_POWER9(CPUPPCState *env)
{
/* Common Registers */
@@ -6325,6 +6350,8 @@ static void init_proc_POWER9(CPUPPCState *env)
env->dcache_line_size = 128;
env->icache_line_size = 128;
+ bhrb_init_state(env, POWER9_BHRB_ENTRIES_LOG2);
+
/* Allocate hardware IRQ controller */
init_excp_POWER9(env);
ppcPOWER9_irq_init(env_archcpu(env));
@@ -6444,7 +6471,8 @@ POWERPC_FAMILY(POWER9)(ObjectClass *oc, void *data)
pcc->flags = POWERPC_FLAG_VRE | POWERPC_FLAG_SE |
POWERPC_FLAG_BE | POWERPC_FLAG_PMM |
POWERPC_FLAG_BUS_CLK | POWERPC_FLAG_CFAR |
- POWERPC_FLAG_VSX | POWERPC_FLAG_TM | POWERPC_FLAG_SCV;
+ POWERPC_FLAG_VSX | POWERPC_FLAG_TM | POWERPC_FLAG_SCV |
+ POWERPC_FLAG_BHRB;
pcc->l1_dcache_size = 0x8000;
pcc->l1_icache_size = 0x8000;
}
@@ -6468,6 +6496,7 @@ static struct ppc_radix_page_info POWER10_radix_page_info = {
};
#endif /* !CONFIG_USER_ONLY */
+#define POWER10_BHRB_ENTRIES_LOG2 5
static void init_proc_POWER10(CPUPPCState *env)
{
/* Common Registers */
@@ -6515,6 +6544,8 @@ static void init_proc_POWER10(CPUPPCState *env)
env->dcache_line_size = 128;
env->icache_line_size = 128;
+ bhrb_init_state(env, POWER10_BHRB_ENTRIES_LOG2);
+
/* Allocate hardware IRQ controller */
init_excp_POWER10(env);
ppcPOWER9_irq_init(env_archcpu(env));
@@ -7189,6 +7220,10 @@ static void ppc_cpu_reset_hold(Object *obj)
}
env->spr[i] = spr->default_value;
}
+
+#if defined(TARGET_PPC64)
+ bhrb_reset_state(env);
+#endif
}
#ifndef CONFIG_USER_ONLY
diff --git a/target/ppc/power8-pmu.c b/target/ppc/power8-pmu.c
index 6f5d4e1256..db9ee8e96b 100644
--- a/target/ppc/power8-pmu.c
+++ b/target/ppc/power8-pmu.c
@@ -82,6 +82,37 @@ static void pmu_update_summaries(CPUPPCState *env)
env->pmc_cyc_cnt = cyc_cnt;
}
+static void hreg_bhrb_filter_update(CPUPPCState *env)
+{
+ target_long ifm;
+
+ if (!(env->spr[SPR_POWER_MMCR0] & MMCR0_PMAE)) {
+ /* disable recording to BHRB */
+ env->bhrb_filter = BHRB_TYPE_NORECORD;
+ return;
+ }
+
+ ifm = (env->spr[SPR_POWER_MMCRA] & MMCRA_IFM_MASK) >> MMCRA_IFM_SHIFT;
+ switch (ifm) {
+ case 0:
+ /* record all branches */
+ env->bhrb_filter = -1;
+ break;
+ case 1:
+ /* only record calls (LK = 1) */
+ env->bhrb_filter = BHRB_TYPE_CALL;
+ break;
+ case 2:
+ /* only record indirect branches */
+ env->bhrb_filter = BHRB_TYPE_INDIRECT;
+ break;
+ case 3:
+ /* only record conditional branches */
+ env->bhrb_filter = BHRB_TYPE_COND;
+ break;
+ }
+}
+
void pmu_mmcr01a_updated(CPUPPCState *env)
{
PowerPCCPU *cpu = env_archcpu(env);
@@ -95,6 +126,8 @@ void pmu_mmcr01a_updated(CPUPPCState *env)
ppc_set_irq(cpu, PPC_INTERRUPT_PERFM, 0);
}
+ hreg_bhrb_filter_update(env);
+
/*
* Should this update overflow timers (if mmcr0 is updated) so they
* get set in cpu_post_load?
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 033d6f7bad..3ff023fafc 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -181,6 +181,7 @@ struct DisasContext {
#if defined(TARGET_PPC64)
bool sf_mode;
bool has_cfar;
+ bool has_bhrb;
#endif
bool fpu_enabled;
bool altivec_enabled;
@@ -4166,14 +4167,85 @@ static void gen_rvwinkle(DisasContext *ctx)
gen_exception_nip(ctx, EXCP_HLT, ctx->base.pc_next);
#endif /* defined(CONFIG_USER_ONLY) */
}
+
+static inline TCGv gen_write_bhrb(TCGv base, TCGv offset, TCGv mask, TCGv value)
+{
+ TCGv tmp = tcg_temp_new();
+
+ /* add base and offset to get address of bhrb entry */
+ tcg_gen_add_tl(tmp, base, offset);
+
+ /* store value into bhrb at bhrb_offset */
+ tcg_gen_st_i64(value, (TCGv_ptr)tmp, 0);
+
+ /* add 8 to current bhrb_offset */
+ tcg_gen_addi_tl(offset, offset, 8);
+
+ /* apply offset mask */
+ tcg_gen_and_tl(offset, offset, mask);
+
+ return offset;
+}
#endif /* #if defined(TARGET_PPC64) */
-static inline void gen_update_cfar(DisasContext *ctx, target_ulong nip)
+static inline void gen_update_branch_history(DisasContext *ctx,
+ target_ulong nip,
+ TCGv target,
+ target_long inst_type)
{
#if defined(TARGET_PPC64)
+ TCGv base;
+ TCGv tmp;
+ TCGv offset;
+ TCGv mask;
+ TCGLabel *no_update;
+
if (ctx->has_cfar) {
tcg_gen_movi_tl(cpu_cfar, nip);
}
+
+ if (!ctx->has_bhrb ||
+ !ctx->bhrb_enable ||
+ inst_type == BHRB_TYPE_NORECORD) {
+ return;
+ }
+
+ tmp = tcg_temp_new();
+ no_update = gen_new_label();
+
+ /* check for bhrb filtering */
+ tcg_gen_ld_tl(tmp, tcg_env, offsetof(CPUPPCState, bhrb_filter));
+ tcg_gen_andi_tl(tmp, tmp, inst_type);
+ tcg_gen_brcondi_tl(TCG_COND_EQ, tmp, 0, no_update);
+
+ base = tcg_temp_new();
+ offset = tcg_temp_new();
+ mask = tcg_temp_new();
+
+ /* load bhrb base address */
+ tcg_gen_ld_tl(base, tcg_env, offsetof(CPUPPCState, bhrb_base));
+
+ /* load current bhrb_offset */
+ tcg_gen_ld_tl(offset, tcg_env, offsetof(CPUPPCState, bhrb_offset));
+
+ /* load a BHRB offset mask */
+ tcg_gen_ld_tl(mask, tcg_env, offsetof(CPUPPCState, bhrb_offset_mask));
+
+ offset = gen_write_bhrb(base, offset, mask, tcg_constant_i64(nip));
+
+ /* Also record the target address for XL-Form branches */
+ if (inst_type & BHRB_TYPE_XL_FORM) {
+
+ /* Set the 'T' bit for target entries */
+ tcg_gen_ori_tl(tmp, target, 0x2);
+
+ offset = gen_write_bhrb(base, offset, mask, tmp);
+ }
+
+ /* save updated bhrb_offset for next time */
+ tcg_gen_st_tl(offset, tcg_env, offsetof(CPUPPCState, bhrb_offset));
+
+ gen_set_label(no_update);
#endif
}
@@ -4303,8 +4375,10 @@ static void gen_b(DisasContext *ctx)
}
if (LK(ctx->opcode)) {
gen_setlr(ctx, ctx->base.pc_next);
+ gen_update_branch_history(ctx, ctx->cia, NULL, BHRB_TYPE_CALL);
+ } else {
+ gen_update_branch_history(ctx, ctx->cia, NULL, BHRB_TYPE_OTHER);
}
- gen_update_cfar(ctx, ctx->cia);
gen_goto_tb(ctx, 0, target);
ctx->base.is_jmp = DISAS_NORETURN;
}
@@ -4319,6 +4393,7 @@ static void gen_bcond(DisasContext *ctx, int type)
uint32_t bo = BO(ctx->opcode);
TCGLabel *l1;
TCGv target;
+ target_long bhrb_type = BHRB_TYPE_OTHER;
if (type == BCOND_LR || type == BCOND_CTR || type == BCOND_TAR) {
target = tcg_temp_new();
@@ -4329,11 +4404,16 @@ static void gen_bcond(DisasContext *ctx, int type)
} else {
tcg_gen_mov_tl(target, cpu_lr);
}
+ if (!LK(ctx->opcode)) {
+ bhrb_type |= BHRB_TYPE_INDIRECT;
+ }
+ bhrb_type |= BHRB_TYPE_XL_FORM;
} else {
target = NULL;
}
if (LK(ctx->opcode)) {
gen_setlr(ctx, ctx->base.pc_next);
+ bhrb_type |= BHRB_TYPE_CALL;
}
l1 = gen_new_label();
if ((bo & 0x4) == 0) {
@@ -4384,6 +4464,7 @@ static void gen_bcond(DisasContext *ctx, int type)
tcg_gen_brcondi_tl(TCG_COND_EQ, temp, 0, l1);
}
}
+ bhrb_type |= BHRB_TYPE_COND;
}
if ((bo & 0x10) == 0) {
/* Test CR */
@@ -4398,8 +4479,11 @@ static void gen_bcond(DisasContext *ctx, int type)
tcg_gen_andi_i32(temp, cpu_crf[bi >> 2], mask);
tcg_gen_brcondi_i32(TCG_COND_NE, temp, 0, l1);
}
+ bhrb_type |= BHRB_TYPE_COND;
}
- gen_update_cfar(ctx, ctx->cia);
+
+ gen_update_branch_history(ctx, ctx->cia, target, bhrb_type);
+
if (type == BCOND_IM) {
target_ulong li = (target_long)((int16_t)(BD(ctx->opcode)));
if (likely(AA(ctx->opcode) == 0)) {
@@ -4515,7 +4599,7 @@ static void gen_rfi(DisasContext *ctx)
/* Restore CPU state */
CHK_SV(ctx);
translator_io_start(&ctx->base);
- gen_update_cfar(ctx, ctx->cia);
+ gen_update_branch_history(ctx, ctx->cia, NULL, BHRB_TYPE_NORECORD);
gen_helper_rfi(tcg_env);
ctx->base.is_jmp = DISAS_EXIT;
#endif
@@ -4530,7 +4614,7 @@ static void gen_rfid(DisasContext *ctx)
/* Restore CPU state */
CHK_SV(ctx);
translator_io_start(&ctx->base);
- gen_update_cfar(ctx, ctx->cia);
+ gen_update_branch_history(ctx, ctx->cia, NULL, BHRB_TYPE_NORECORD);
gen_helper_rfid(tcg_env);
ctx->base.is_jmp = DISAS_EXIT;
#endif
@@ -4545,7 +4629,7 @@ static void gen_rfscv(DisasContext *ctx)
/* Restore CPU state */
CHK_SV(ctx);
translator_io_start(&ctx->base);
- gen_update_cfar(ctx, ctx->cia);
+ gen_update_branch_history(ctx, ctx->cia, NULL, BHRB_TYPE_NORECORD);
gen_helper_rfscv(tcg_env);
ctx->base.is_jmp = DISAS_EXIT;
#endif
@@ -7377,6 +7461,7 @@ static void ppc_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
#if defined(TARGET_PPC64)
ctx->sf_mode = (hflags >> HFLAGS_64) & 1;
ctx->has_cfar = !!(env->flags & POWERPC_FLAG_CFAR);
+ ctx->has_bhrb = !!(env->flags & POWERPC_FLAG_BHRB);
#endif
ctx->lazy_tlb_flush = env->mmu_model == POWERPC_MMU_32B
|| env->mmu_model & POWERPC_MMU_64;
diff --git a/target/ppc/translate/branch-impl.c.inc b/target/ppc/translate/branch-impl.c.inc
index fb0fcf30cc..9ade0c659a 100644
--- a/target/ppc/translate/branch-impl.c.inc
+++ b/target/ppc/translate/branch-impl.c.inc
@@ -17,7 +17,7 @@ static bool trans_RFEBB(DisasContext *ctx, arg_XL_s *arg)
REQUIRE_INSNS_FLAGS2(ctx, ISA207S);
translator_io_start(&ctx->base);
- gen_update_cfar(ctx, ctx->cia);
+ gen_update_branch_history(ctx, ctx->cia, NULL, BHRB_TYPE_NORECORD);
gen_helper_rfebb(tcg_env, cpu_gpr[arg->s]);
ctx->base.is_jmp = DISAS_CHAIN;
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 16/26] target/ppc: Add clrbhrb and mfbhrbe instructions
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (14 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 15/26] target/ppc: Add recording of taken branches to BHRB Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 17/26] target/ppc: Add migration support for BHRB Nicholas Piggin
` (10 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel, Glenn Miles
From: Glenn Miles <milesg@linux.vnet.ibm.com>
Add support for the clrbhrb and mfbhrbe instructions.
Since neither instruction is believed to be critical to
performance, both instructions were implemented using helper
functions.
Access to both instructions is controlled by bits in the
HFSCR (for privileged state) and MMCR0 (for problem state).
A new function, helper_mmcr0_facility_check, was added for
checking MMCR0[BHRBA] and raising a facility_unavailable exception
if required.
NOTE: For P8 and P9, due to a performance issue, branch history will
not be kept, but the instructions will be allowed to execute
as normal with the exception that the mfbhrbe instruction will
always return a zero value.
Signed-off-by: Glenn Miles <milesg@linux.vnet.ibm.com>
[npiggin: rebase and minor compile fixes]
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/cpu.h | 2 ++
target/ppc/helper.h | 7 ++++
target/ppc/insn32.decode | 8 +++++
target/ppc/misc_helper.c | 50 ++++++++++++++++++++++++++++
target/ppc/translate.c | 2 ++
target/ppc/translate/bhrb-impl.c.inc | 43 ++++++++++++++++++++++++
6 files changed, 112 insertions(+)
create mode 100644 target/ppc/translate/bhrb-impl.c.inc
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 9bda69f779..acaf39f365 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -537,6 +537,7 @@ FIELD(MSR, LE, MSR_LE, 1)
#define MMCR0_PMCjCE PPC_BIT(49) /* MMCR0 PMCj Condition Enabled */
#define MMCR0_FCP PPC_BIT(34) /* Freeze Counters/BHRB if PR=1 */
#define MMCR0_FCPC PPC_BIT(51) /* Condition for FCP bit */
+#define MMCR0_BHRBA_NR PPC_BIT_NR(42) /* BHRB Available */
/* MMCR0 userspace r/w mask */
#define MMCR0_UREG_MASK (MMCR0_FC | MMCR0_PMAO | MMCR0_PMAE)
/* MMCR2 userspace r/w mask */
@@ -636,6 +637,7 @@ FIELD(MSR, LE, MSR_LE, 1)
/* HFSCR bits */
#define HFSCR_MSGP PPC_BIT(53) /* Privileged Message Send Facilities */
+#define HFSCR_BHRB PPC_BIT(59) /* BHRB Instructions */
#define HFSCR_IC_MSGP 0xA
#define DBCR0_ICMP (1 << 27)
diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 3df360efe9..8cdb322ed6 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -820,3 +820,10 @@ DEF_HELPER_4(DSCLIQ, void, env, fprp, fprp, i32)
DEF_HELPER_1(tbegin, void, env)
DEF_HELPER_FLAGS_1(fixup_thrm, TCG_CALL_NO_RWG, void, env)
+
+#if !defined(CONFIG_USER_ONLY)
+#if defined(TARGET_PPC64)
+DEF_HELPER_1(clrbhrb, void, env)
+DEF_HELPER_FLAGS_2(mfbhrbe, TCG_CALL_NO_WG, i64, env, i32)
+#endif
+#endif
diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
index 4fcf3af8d0..00d3ddda02 100644
--- a/target/ppc/insn32.decode
+++ b/target/ppc/insn32.decode
@@ -972,3 +972,11 @@ MSGSND 011111 ----- ----- ..... 0011001110 - @X_rb
MSGCLRP 011111 ----- ----- ..... 0010101110 - @X_rb
MSGSNDP 011111 ----- ----- ..... 0010001110 - @X_rb
MSGSYNC 011111 ----- ----- ----- 1101110110 -
+
+# Branch History Rolling Buffer (BHRB) Instructions
+
+&XFX_bhrbe rt bhrbe
+@XFX_bhrbe ...... rt:5 bhrbe:10 .......... - &XFX_bhrbe
+
+MFBHRBE 011111 ..... ..... ..... 0100101110 - @XFX_bhrbe
+CLRBHRB 011111 ----- ----- ----- 0110101110 -
diff --git a/target/ppc/misc_helper.c b/target/ppc/misc_helper.c
index a9d41d2802..e3b20a8935 100644
--- a/target/ppc/misc_helper.c
+++ b/target/ppc/misc_helper.c
@@ -153,6 +153,17 @@ void helper_msr_facility_check(CPUPPCState *env, uint32_t bit,
#if !defined(CONFIG_USER_ONLY)
+#ifdef TARGET_PPC64
+static void helper_mmcr0_facility_check(CPUPPCState *env, uint32_t bit,
+ uint32_t sprn, uint32_t cause)
+{
+ if (FIELD_EX64(env->msr, MSR, PR) &&
+ !(env->spr[SPR_POWER_MMCR0] & (1ULL << bit))) {
+ raise_fu_exception(env, bit, sprn, cause, GETPC());
+ }
+}
+#endif
+
void helper_store_sdr1(CPUPPCState *env, target_ulong val)
{
if (env->spr[SPR_SDR1] != val) {
@@ -366,3 +377,42 @@ void helper_fixup_thrm(CPUPPCState *env)
env->spr[i] = v;
}
}
+
+#if !defined(CONFIG_USER_ONLY)
+#if defined(TARGET_PPC64)
+void helper_clrbhrb(CPUPPCState *env)
+{
+ helper_hfscr_facility_check(env, HFSCR_BHRB, "clrbhrb", FSCR_IC_BHRB);
+
+ helper_mmcr0_facility_check(env, MMCR0_BHRBA_NR, 0, FSCR_IC_BHRB);
+
+ if (env->flags & POWERPC_FLAG_BHRB) {
+ memset(env->bhrb, 0, sizeof(env->bhrb));
+ }
+}
+
+uint64_t helper_mfbhrbe(CPUPPCState *env, uint32_t bhrbe)
+{
+ unsigned int index;
+
+ helper_hfscr_facility_check(env, HFSCR_BHRB, "mfbhrbe", FSCR_IC_BHRB);
+
+ helper_mmcr0_facility_check(env, MMCR0_BHRBA_NR, 0, FSCR_IC_BHRB);
+
+ if (!(env->flags & POWERPC_FLAG_BHRB) ||
+ (bhrbe >= env->bhrb_num_entries) ||
+ (env->spr[SPR_POWER_MMCR0] & MMCR0_PMAE)) {
+ return 0;
+ }
+
+ /*
+ * Note: bhrb_offset is the byte offset for writing the
+ * next entry (over the oldest entry), which is why we
+ * must offset bhrbe by 1 to get to the 0th entry.
+ */
+ index = ((env->bhrb_offset / sizeof(uint64_t)) - (bhrbe + 1)) %
+ env->bhrb_num_entries;
+ return env->bhrb[index];
+}
+#endif
+#endif
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 3ff023fafc..0d36a553d3 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -6543,6 +6543,8 @@ static bool resolve_PLS_D(DisasContext *ctx, arg_D *d, arg_PLS_D *a)
#include "translate/storage-ctrl-impl.c.inc"
+#include "translate/bhrb-impl.c.inc"
+
/* Handles lfdp */
static void gen_dform39(DisasContext *ctx)
{
diff --git a/target/ppc/translate/bhrb-impl.c.inc b/target/ppc/translate/bhrb-impl.c.inc
new file mode 100644
index 0000000000..3a19bc4555
--- /dev/null
+++ b/target/ppc/translate/bhrb-impl.c.inc
@@ -0,0 +1,43 @@
+/*
+ * Power ISA Decode For BHRB Instructions
+ *
+ * Copyright IBM Corp. 2023
+ *
+ * Authors:
+ * Glenn Miles <milesg@linux.vnet.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#if defined(TARGET_PPC64) && !defined(CONFIG_USER_ONLY)
+
+static bool trans_MFBHRBE(DisasContext *ctx, arg_XFX_bhrbe *arg)
+{
+ REQUIRE_INSNS_FLAGS2(ctx, ISA207S);
+ TCGv_i32 bhrbe = tcg_constant_i32(arg->bhrbe);
+ gen_helper_mfbhrbe(cpu_gpr[arg->rt], tcg_env, bhrbe);
+ return true;
+}
+
+static bool trans_CLRBHRB(DisasContext *ctx, arg_CLRBHRB *arg)
+{
+ REQUIRE_INSNS_FLAGS2(ctx, ISA207S);
+ gen_helper_clrbhrb(tcg_env);
+ return true;
+}
+
+#else
+
+static bool trans_MFBHRBE(DisasContext *ctx, arg_XFX_bhrbe *arg)
+{
+ gen_invalid(ctx);
+ return true;
+}
+
+static bool trans_CLRBHRB(DisasContext *ctx, arg_CLRBHRB *arg)
+{
+ gen_invalid(ctx);
+ return true;
+}
+#endif
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 17/26] target/ppc: Add migration support for BHRB
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (15 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 16/26] target/ppc: Add clrbhrb and mfbhrbe instructions Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 18/26] target/ppc: BookE DECAR SPR is 32-bit Nicholas Piggin
` (9 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel, Glenn Miles
From: Glenn Miles <milesg@linux.vnet.ibm.com>
Adds migration support for Branch History Rolling
Buffer (BHRB) internal state.
Signed-off-by: Glenn Miles <milesg@linux.vnet.ibm.com>
---
target/ppc/machine.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/target/ppc/machine.c b/target/ppc/machine.c
index 6b6c31d903..731dd8df35 100644
--- a/target/ppc/machine.c
+++ b/target/ppc/machine.c
@@ -711,6 +711,26 @@ static const VMStateDescription vmstate_reservation = {
}
};
+#ifdef TARGET_PPC64
+static bool bhrb_needed(void *opaque)
+{
+ PowerPCCPU *cpu = opaque;
+ return (cpu->env.flags & POWERPC_FLAG_BHRB) != 0;
+}
+
+static const VMStateDescription vmstate_bhrb = {
+ .name = "cpu/bhrb",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .needed = bhrb_needed,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINTTL(env.bhrb_offset, PowerPCCPU),
+ VMSTATE_UINT64_ARRAY(env.bhrb, PowerPCCPU, BHRB_MAX_NUM_ENTRIES),
+ VMSTATE_END_OF_LIST()
+ }
+};
+#endif
+
const VMStateDescription vmstate_ppc_cpu = {
.name = "cpu",
.version_id = 5,
@@ -756,6 +776,7 @@ const VMStateDescription vmstate_ppc_cpu = {
#ifdef TARGET_PPC64
&vmstate_tm,
&vmstate_slb,
+ &vmstate_bhrb,
#endif /* TARGET_PPC64 */
&vmstate_tlb6xx,
&vmstate_tlbemb,
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 18/26] target/ppc: BookE DECAR SPR is 32-bit
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (16 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 17/26] target/ppc: Add migration support for BHRB Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 19/26] target/ppc: Wire up BookE ATB registers for e500 family Nicholas Piggin
` (8 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
The DECAR SPR is 32-bits width.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/cpu_init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index 421900cd11..8287494c39 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -792,7 +792,7 @@ static void register_BookE_sprs(CPUPPCState *env, uint64_t ivor_mask)
0x00000000);
spr_register(env, SPR_BOOKE_DECAR, "DECAR",
SPR_NOACCESS, SPR_NOACCESS,
- SPR_NOACCESS, &spr_write_generic,
+ SPR_NOACCESS, &spr_write_generic32,
0x00000000);
/* SPRGs */
spr_register(env, SPR_USPRG0, "USPRG0",
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 19/26] target/ppc: Wire up BookE ATB registers for e500 family
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (17 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 18/26] target/ppc: BookE DECAR SPR is 32-bit Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 20/26] target/ppc: Add PPR32 SPR Nicholas Piggin
` (7 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
From the Freescale PowerPC Architecture Primer:
Alternate time base APU. This APU, implemented on the e500v2, defines
a 64-bit time base counter that differs from the PowerPC defined time
base in that it is not writable and counts at a different, and
typically much higher, frequency. The alternate time base always
counts up, wrapping when the 64-bit count overflows.
This implementation of ATB uses the same frequency as the TB. The
existing spr_read_atbu/l functions are unused without this patch
to wire them into the SPR.
RTEMS uses this SPR on the r6500 (not yet tested).
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/cpu_init.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index 8287494c39..b732a1b06e 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -920,6 +920,18 @@ static void register_BookE206_sprs(CPUPPCState *env, uint32_t mas_mask,
#endif
}
+static void register_atb_sprs(CPUPPCState *env)
+{
+ spr_register(env, SPR_ATBL, "ATBL",
+ &spr_read_atbl, SPR_NOACCESS,
+ &spr_read_atbl, SPR_NOACCESS,
+ 0x00000000);
+ spr_register(env, SPR_ATBU, "ATBU",
+ &spr_read_atbu, SPR_NOACCESS,
+ &spr_read_atbu, SPR_NOACCESS,
+ 0x00000000);
+}
+
/* SPR specific to PowerPC 440 implementation */
static void register_440_sprs(CPUPPCState *env)
{
@@ -2896,6 +2908,11 @@ static void init_proc_e500(CPUPPCState *env, int version)
register_BookE206_sprs(env, 0x000000DF, tlbncfg, mmucfg);
register_usprgh_sprs(env);
+ if (version != fsl_e500v1) {
+ /* e500v1 has no support for alternate timebase */
+ register_atb_sprs(env);
+ }
+
spr_register(env, SPR_HID0, "HID0",
SPR_NOACCESS, SPR_NOACCESS,
&spr_read_generic, &spr_write_generic,
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 20/26] target/ppc: Add PPR32 SPR
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (18 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 19/26] target/ppc: Wire up BookE ATB registers for e500 family Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 21/26] target/ppc: add helper to write per-LPAR SPRs Nicholas Piggin
` (6 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
PPR32 provides access to the upper half of PPR.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/cpu.h | 1 +
target/ppc/spr_common.h | 2 ++
target/ppc/cpu_init.c | 12 ++++++++++++
target/ppc/translate.c | 16 ++++++++++++++++
4 files changed, 31 insertions(+)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index acaf39f365..8397ddaf18 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -2110,6 +2110,7 @@ void ppc_compat_add_property(Object *obj, const char *name,
#define SPR_POWER_MMCRS (0x37E)
#define SPR_WORT (0x37F)
#define SPR_PPR (0x380)
+#define SPR_PPR32 (0x382)
#define SPR_750_GQR0 (0x390)
#define SPR_440_DNV0 (0x390)
#define SPR_750_GQR1 (0x391)
diff --git a/target/ppc/spr_common.h b/target/ppc/spr_common.h
index eb2561f593..9e40b3b608 100644
--- a/target/ppc/spr_common.h
+++ b/target/ppc/spr_common.h
@@ -203,6 +203,8 @@ void spr_read_tfmr(DisasContext *ctx, int gprn, int sprn);
void spr_write_tfmr(DisasContext *ctx, int sprn, int gprn);
void spr_write_lpcr(DisasContext *ctx, int sprn, int gprn);
void spr_read_dexcr_ureg(DisasContext *ctx, int gprn, int sprn);
+void spr_read_ppr32(DisasContext *ctx, int sprn, int gprn);
+void spr_write_ppr32(DisasContext *ctx, int sprn, int gprn);
#endif
void register_low_BATs(CPUPPCState *env);
diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index b732a1b06e..a479c122d3 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -5534,6 +5534,14 @@ static void register_HEIR64_spr(CPUPPCState *env)
0x00000000);
}
+static void register_power7_common_sprs(CPUPPCState *env)
+{
+ spr_register(env, SPR_PPR32, "PPR32",
+ &spr_read_ppr32, &spr_write_ppr32,
+ &spr_read_ppr32, &spr_write_ppr32,
+ 0x00000000);
+}
+
static void register_power8_tce_address_control_sprs(CPUPPCState *env)
{
spr_register_kvm(env, SPR_TAR, "TAR",
@@ -6027,6 +6035,7 @@ static void init_proc_POWER7(CPUPPCState *env)
register_power6_common_sprs(env);
register_HEIR32_spr(env);
register_power6_dbg_sprs(env);
+ register_power7_common_sprs(env);
register_power7_book4_sprs(env);
/* env variables */
@@ -6172,6 +6181,7 @@ static void init_proc_POWER8(CPUPPCState *env)
register_power6_common_sprs(env);
register_HEIR32_spr(env);
register_power6_dbg_sprs(env);
+ register_power7_common_sprs(env);
register_power8_tce_address_control_sprs(env);
register_power8_ids_sprs(env);
register_power8_ebb_sprs(env);
@@ -6338,6 +6348,7 @@ static void init_proc_POWER9(CPUPPCState *env)
register_power6_common_sprs(env);
register_HEIR32_spr(env);
register_power6_dbg_sprs(env);
+ register_power7_common_sprs(env);
register_power8_tce_address_control_sprs(env);
register_power8_ids_sprs(env);
register_power8_ebb_sprs(env);
@@ -6535,6 +6546,7 @@ static void init_proc_POWER10(CPUPPCState *env)
register_power6_common_sprs(env);
register_HEIR64_spr(env);
register_power6_dbg_sprs(env);
+ register_power7_common_sprs(env);
register_power8_tce_address_control_sprs(env);
register_power8_ids_sprs(env);
register_power8_ebb_sprs(env);
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 0d36a553d3..c5089f90f6 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -1351,6 +1351,22 @@ void spr_read_dexcr_ureg(DisasContext *ctx, int gprn, int sprn)
gen_load_spr(t0, sprn + 16);
tcg_gen_ext32u_tl(cpu_gpr[gprn], t0);
}
+
+/* The PPR32 SPR accesses the upper 32-bits of PPR */
+void spr_read_ppr32(DisasContext *ctx, int sprn, int gprn)
+{
+ gen_load_spr(cpu_gpr[gprn], SPR_PPR);
+ tcg_gen_shri_tl(cpu_gpr[gprn], cpu_gpr[gprn], 32);
+}
+
+void spr_write_ppr32(DisasContext *ctx, int sprn, int gprn)
+{
+ TCGv t0 = tcg_temp_new();
+
+ tcg_gen_shli_tl(t0, cpu_gpr[gprn], 32);
+ gen_store_spr(SPR_PPR, t0);
+ spr_store_dump_spr(SPR_PPR);
+}
#endif
#define GEN_HANDLER(name, opc1, opc2, opc3, inval, type) \
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 21/26] target/ppc: add helper to write per-LPAR SPRs
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (19 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 20/26] target/ppc: Add PPR32 SPR Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 22/26] target/ppc: Add SMT support to simple SPRs Nicholas Piggin
` (5 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
An SPR can be either per-thread, per-core, or per-LPAR. Per-LPAR means
per-thread or per-core, depending on 1LPAR mode.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/spr_common.h | 2 ++
target/ppc/translate.c | 26 ++++++++++++++++++++++++++
2 files changed, 28 insertions(+)
diff --git a/target/ppc/spr_common.h b/target/ppc/spr_common.h
index 9e40b3b608..85f73b860b 100644
--- a/target/ppc/spr_common.h
+++ b/target/ppc/spr_common.h
@@ -83,6 +83,8 @@ void spr_read_generic(DisasContext *ctx, int gprn, int sprn);
void spr_write_generic(DisasContext *ctx, int sprn, int gprn);
void spr_write_generic32(DisasContext *ctx, int sprn, int gprn);
void spr_core_write_generic(DisasContext *ctx, int sprn, int gprn);
+void spr_core_write_generic32(DisasContext *ctx, int sprn, int gprn);
+void spr_core_lpar_write_generic(DisasContext *ctx, int sprn, int gprn);
void spr_write_MMCR0(DisasContext *ctx, int sprn, int gprn);
void spr_write_MMCR1(DisasContext *ctx, int sprn, int gprn);
void spr_write_MMCRA(DisasContext *ctx, int sprn, int gprn);
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index c5089f90f6..e7749d9b32 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -472,6 +472,32 @@ void spr_core_write_generic(DisasContext *ctx, int sprn, int gprn)
spr_store_dump_spr(sprn);
}
+void spr_core_write_generic32(DisasContext *ctx, int sprn, int gprn)
+{
+ TCGv t0 = tcg_temp_new();
+ if (!(ctx->flags & POWERPC_FLAG_SMT)) {
+ spr_write_generic32(ctx, sprn, gprn);
+ return;
+ }
+
+ if (!gen_serialize(ctx)) {
+ return;
+ }
+
+ tcg_gen_ext32u_tl(t0, cpu_gpr[gprn]);
+ gen_helper_spr_core_write_generic(tcg_env, tcg_constant_i32(sprn), t0);
+ spr_store_dump_spr(sprn);
+}
+
+void spr_core_lpar_write_generic(DisasContext *ctx, int sprn, int gprn)
+{
+ if (ctx->flags & POWERPC_FLAG_SMT_1LPAR) {
+ spr_core_write_generic(ctx, sprn, gprn);
+ } else {
+ spr_write_generic(ctx, sprn, gprn);
+ }
+}
+
static void spr_write_CTRL_ST(DisasContext *ctx, int sprn, int gprn)
{
/* This does not implement >1 thread */
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 22/26] target/ppc: Add SMT support to simple SPRs
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (20 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 21/26] target/ppc: add helper to write per-LPAR SPRs Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 23/26] target/ppc: Add SMT support to PTCR SPR Nicholas Piggin
` (4 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
AMOR, MMCRC, HRMOR, TSCR, HMEER, RPR SPRs are per-core or per-LPAR
registers with simple (generic) implementations.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/cpu_init.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index a479c122d3..0a42e14338 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -246,7 +246,7 @@ static void register_amr_sprs(CPUPPCState *env)
spr_register_hv(env, SPR_AMOR, "AMOR",
SPR_NOACCESS, SPR_NOACCESS,
SPR_NOACCESS, SPR_NOACCESS,
- &spr_read_generic, &spr_write_generic,
+ &spr_read_generic, &spr_core_lpar_write_generic,
0);
#endif /* !CONFIG_USER_ONLY */
}
@@ -5400,7 +5400,7 @@ static void register_book3s_ids_sprs(CPUPPCState *env)
spr_register_hv(env, SPR_MMCRC, "MMCRC",
SPR_NOACCESS, SPR_NOACCESS,
SPR_NOACCESS, SPR_NOACCESS,
- &spr_read_generic, &spr_write_generic32,
+ &spr_read_generic, &spr_core_write_generic32,
0x00000000);
spr_register_hv(env, SPR_MMCRH, "MMCRH",
SPR_NOACCESS, SPR_NOACCESS,
@@ -5440,7 +5440,7 @@ static void register_book3s_ids_sprs(CPUPPCState *env)
spr_register_hv(env, SPR_HRMOR, "HRMOR",
SPR_NOACCESS, SPR_NOACCESS,
SPR_NOACCESS, SPR_NOACCESS,
- &spr_read_generic, &spr_write_generic,
+ &spr_read_generic, &spr_core_write_generic,
0x00000000);
}
@@ -5668,7 +5668,7 @@ static void register_power_common_book4_sprs(CPUPPCState *env)
spr_register_hv(env, SPR_TSCR, "TSCR",
SPR_NOACCESS, SPR_NOACCESS,
SPR_NOACCESS, SPR_NOACCESS,
- &spr_read_generic, &spr_write_generic32,
+ &spr_read_generic, &spr_core_write_generic32,
0x00000000);
spr_register_hv(env, SPR_HMER, "HMER",
SPR_NOACCESS, SPR_NOACCESS,
@@ -5678,7 +5678,7 @@ static void register_power_common_book4_sprs(CPUPPCState *env)
spr_register_hv(env, SPR_HMEER, "HMEER",
SPR_NOACCESS, SPR_NOACCESS,
SPR_NOACCESS, SPR_NOACCESS,
- &spr_read_generic, &spr_write_generic,
+ &spr_read_generic, &spr_core_write_generic,
0x00000000);
spr_register_hv(env, SPR_TFMR, "TFMR",
SPR_NOACCESS, SPR_NOACCESS,
@@ -5754,7 +5754,7 @@ static void register_power8_rpr_sprs(CPUPPCState *env)
spr_register_hv(env, SPR_RPR, "RPR",
SPR_NOACCESS, SPR_NOACCESS,
SPR_NOACCESS, SPR_NOACCESS,
- &spr_read_generic, &spr_write_generic,
+ &spr_read_generic, &spr_core_write_generic,
0x00000103070F1F3F);
#endif
}
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 23/26] target/ppc: Add SMT support to PTCR SPR
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (21 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 22/26] target/ppc: Add SMT support to simple SPRs Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 24/26] target/ppc: Implement LDBAR, TTR SPRs Nicholas Piggin
` (3 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
PTCR is a per-core register.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/misc_helper.c | 16 ++++++++++++++--
target/ppc/translate.c | 4 ++++
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/target/ppc/misc_helper.c b/target/ppc/misc_helper.c
index e3b20a8935..5317713fc3 100644
--- a/target/ppc/misc_helper.c
+++ b/target/ppc/misc_helper.c
@@ -176,6 +176,7 @@ void helper_store_sdr1(CPUPPCState *env, target_ulong val)
void helper_store_ptcr(CPUPPCState *env, target_ulong val)
{
if (env->spr[SPR_PTCR] != val) {
+ CPUState *cs = env_cpu(env);
PowerPCCPU *cpu = env_archcpu(env);
target_ulong ptcr_mask = PTCR_PATB | PTCR_PATS;
target_ulong patbsize = val & PTCR_PATS;
@@ -197,8 +198,19 @@ void helper_store_ptcr(CPUPPCState *env, target_ulong val)
return;
}
- env->spr[SPR_PTCR] = val;
- tlb_flush(env_cpu(env));
+ if (cs->nr_threads == 1 || !(env->flags & POWERPC_FLAG_SMT_1LPAR)) {
+ env->spr[SPR_PTCR] = val;
+ tlb_flush(cs);
+ } else {
+ CPUState *ccs;
+
+ THREAD_SIBLING_FOREACH(cs, ccs) {
+ PowerPCCPU *ccpu = POWERPC_CPU(ccs);
+ CPUPPCState *cenv = &ccpu->env;
+ cenv->spr[SPR_PTCR] = val;
+ tlb_flush(ccs);
+ }
+ }
}
}
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index e7749d9b32..41aeb2d06e 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -906,6 +906,10 @@ void spr_write_hior(DisasContext *ctx, int sprn, int gprn)
}
void spr_write_ptcr(DisasContext *ctx, int sprn, int gprn)
{
+ if (!gen_serialize_core(ctx)) {
+ return;
+ }
+
gen_helper_store_ptcr(tcg_env, cpu_gpr[gprn]);
}
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 24/26] target/ppc: Implement LDBAR, TTR SPRs
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (22 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 23/26] target/ppc: Add SMT support to PTCR SPR Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 25/26] target/ppc: Implement SPRC/SPRD SPRs Nicholas Piggin
` (2 subsequent siblings)
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
LDBAR, TTR are a Power-specific SPRs. These simple implementations
are enough for IBM proprietary firmware for now.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/cpu.h | 2 ++
target/ppc/cpu_init.c | 10 ++++++++++
2 files changed, 12 insertions(+)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 8397ddaf18..b6a955b9b7 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -2088,6 +2088,7 @@ void ppc_compat_add_property(Object *obj, const char *name,
#define SPR_DEXCR (0x33C)
#define SPR_IC (0x350)
#define SPR_VTB (0x351)
+#define SPR_LDBAR (0x352)
#define SPR_MMCRC (0x353)
#define SPR_PSSCR (0x357)
#define SPR_440_INV0 (0x370)
@@ -2134,6 +2135,7 @@ void ppc_compat_add_property(Object *obj, const char *name,
#define SPR_440_IVLIM (0x399)
#define SPR_TSCR (0x399)
#define SPR_750_DMAU (0x39A)
+#define SPR_POWER_TTR (0x39A)
#define SPR_750_DMAL (0x39B)
#define SPR_440_RSTCFG (0x39B)
#define SPR_BOOKE_DCDBTRL (0x39C)
diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index 0a42e14338..31d535d501 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -5695,6 +5695,16 @@ static void register_power_common_book4_sprs(CPUPPCState *env)
&spr_access_nop, &spr_write_generic,
&spr_access_nop, &spr_write_generic,
0x00000000);
+ spr_register_hv(env, SPR_LDBAR, "LDBAR",
+ SPR_NOACCESS, SPR_NOACCESS,
+ SPR_NOACCESS, SPR_NOACCESS,
+ &spr_read_generic, &spr_core_lpar_write_generic,
+ 0x00000000);
+ spr_register_hv(env, SPR_POWER_TTR, "TTR",
+ SPR_NOACCESS, SPR_NOACCESS,
+ SPR_NOACCESS, SPR_NOACCESS,
+ &spr_read_generic, &spr_core_write_generic,
+ 0x00000000);
#endif
}
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 25/26] target/ppc: Implement SPRC/SPRD SPRs
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (23 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 24/26] target/ppc: Implement LDBAR, TTR SPRs Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-18 15:06 ` [PATCH 26/26] target/ppc: add SMT support to msgsnd broadcast Nicholas Piggin
2024-01-19 8:58 ` [PATCH 00/26] target/ppc: TCG improvements and fixes Cédric Le Goater
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
This implements SPRC/SPRD SPRs, and SCRATCH0-7 registers.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/cpu.h | 7 +++--
target/ppc/helper.h | 3 ++
target/ppc/spr_common.h | 3 ++
target/ppc/cpu_init.c | 10 ++++++
target/ppc/misc_helper.c | 66 ++++++++++++++++++++++++++++++++++++++++
target/ppc/translate.c | 18 +++++++++++
6 files changed, 105 insertions(+), 2 deletions(-)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index b6a955b9b7..a50440ea51 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1266,6 +1266,9 @@ struct CPUArchState {
ppc_slb_t slb[MAX_SLB_ENTRIES]; /* PowerPC 64 SLB area */
struct CPUBreakpoint *ciabr_breakpoint;
struct CPUWatchpoint *dawr0_watchpoint;
+
+ /* POWER CPU regs/state */
+ target_ulong scratch[8]; /* SCRATCH registers (shared across core) */
#endif
target_ulong sr[32]; /* segment registers */
uint32_t nb_BATs; /* number of BATs */
@@ -1802,9 +1805,9 @@ void ppc_compat_add_property(Object *obj, const char *name,
#define SPR_SPRG2 (0x112)
#define SPR_SPRG3 (0x113)
#define SPR_SPRG4 (0x114)
-#define SPR_SCOMC (0x114)
+#define SPR_POWER_SPRC (0x114)
#define SPR_SPRG5 (0x115)
-#define SPR_SCOMD (0x115)
+#define SPR_POWER_SPRD (0x115)
#define SPR_SPRG6 (0x116)
#define SPR_SPRG7 (0x117)
#define SPR_ASR (0x118)
diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 8cdb322ed6..43333b4d5e 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -730,6 +730,9 @@ DEF_HELPER_2(book3s_msgsndp, void, env, tl)
DEF_HELPER_2(book3s_msgclrp, void, env, tl)
DEF_HELPER_1(load_tfmr, tl, env)
DEF_HELPER_2(store_tfmr, void, env, tl)
+DEF_HELPER_FLAGS_2(store_sprc, TCG_CALL_NO_RWG, void, env, tl)
+DEF_HELPER_FLAGS_1(load_sprd, TCG_CALL_NO_RWG_SE, tl, env)
+DEF_HELPER_FLAGS_2(store_sprd, TCG_CALL_NO_RWG, void, env, tl)
#endif
DEF_HELPER_2(store_sdr1, void, env, tl)
DEF_HELPER_2(store_pidr, void, env, tl)
diff --git a/target/ppc/spr_common.h b/target/ppc/spr_common.h
index 85f73b860b..01aff449bc 100644
--- a/target/ppc/spr_common.h
+++ b/target/ppc/spr_common.h
@@ -207,6 +207,9 @@ void spr_write_lpcr(DisasContext *ctx, int sprn, int gprn);
void spr_read_dexcr_ureg(DisasContext *ctx, int gprn, int sprn);
void spr_read_ppr32(DisasContext *ctx, int sprn, int gprn);
void spr_write_ppr32(DisasContext *ctx, int sprn, int gprn);
+void spr_write_sprc(DisasContext *ctx, int sprn, int gprn);
+void spr_read_sprd(DisasContext *ctx, int sprn, int gprn);
+void spr_write_sprd(DisasContext *ctx, int sprn, int gprn);
#endif
void register_low_BATs(CPUPPCState *env);
diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index 31d535d501..d42996bbb0 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -5705,6 +5705,16 @@ static void register_power_common_book4_sprs(CPUPPCState *env)
SPR_NOACCESS, SPR_NOACCESS,
&spr_read_generic, &spr_core_write_generic,
0x00000000);
+ spr_register_hv(env, SPR_POWER_SPRC, "SPRC",
+ SPR_NOACCESS, SPR_NOACCESS,
+ SPR_NOACCESS, SPR_NOACCESS,
+ &spr_read_generic, &spr_write_sprc,
+ 0x00000000);
+ spr_register_hv(env, SPR_POWER_SPRD, "SPRD",
+ SPR_NOACCESS, SPR_NOACCESS,
+ SPR_NOACCESS, SPR_NOACCESS,
+ &spr_read_sprd, &spr_write_sprd,
+ 0x00000000);
#endif
}
diff --git a/target/ppc/misc_helper.c b/target/ppc/misc_helper.c
index 5317713fc3..68620f19cd 100644
--- a/target/ppc/misc_helper.c
+++ b/target/ppc/misc_helper.c
@@ -310,6 +310,72 @@ void helper_store_dpdes(CPUPPCState *env, target_ulong val)
}
bql_unlock();
}
+
+/* Indirect SCOM (SPRC/SPRD) access to SCRATCH0-7 are implemented. */
+void helper_store_sprc(CPUPPCState *env, target_ulong val)
+{
+ if (val & ~0x3f8ULL) {
+ qemu_log_mask(LOG_GUEST_ERROR, "Invalid SPRC register value "
+ TARGET_FMT_lx"\n", val);
+ return;
+ }
+ env->spr[SPR_POWER_SPRC] = val;
+}
+
+target_ulong helper_load_sprd(CPUPPCState *env)
+{
+ target_ulong sprc = env->spr[SPR_POWER_SPRC];
+
+ switch (sprc & 0x3c0) {
+ case 0: /* SCRATCH0-7 */
+ return env->scratch[(sprc >> 3) & 0x7];
+ default:
+ qemu_log_mask(LOG_UNIMP, "mfSPRD: Unimplemented SPRC:0x"
+ TARGET_FMT_lx"\n", sprc);
+ break;
+ }
+ return 0;
+}
+
+static void do_store_scratch(CPUPPCState *env, int nr, target_ulong val)
+{
+ CPUState *cs = env_cpu(env);
+ CPUState *ccs;
+ uint32_t nr_threads = cs->nr_threads;
+
+ /*
+ * Log stores to SCRATCH, because some firmware uses these for debugging
+ * and logging, but they would normally be read by the BMC, which is
+ * not implemented in QEMU yet. This gives a way to get at the information.
+ * Could also dump these upon checkstop.
+ */
+ qemu_log("SPRD write 0x%016lx to SCRATCH%d\n", val, nr);
+
+ if (nr_threads == 1) {
+ env->scratch[nr] = val;
+ return;
+ }
+
+ THREAD_SIBLING_FOREACH(cs, ccs) {
+ CPUPPCState *cenv = &POWERPC_CPU(ccs)->env;
+ cenv->scratch[nr] = val;
+ }
+}
+
+void helper_store_sprd(CPUPPCState *env, target_ulong val)
+{
+ target_ulong sprc = env->spr[SPR_POWER_SPRC];
+
+ switch (sprc & 0x3c0) {
+ case 0: /* SCRATCH0-7 */
+ do_store_scratch(env, (sprc >> 3) & 0x7, val);
+ break;
+ default:
+ qemu_log_mask(LOG_UNIMP, "mfSPRD: Unimplemented SPRC:0x"
+ TARGET_FMT_lx"\n", sprc);
+ break;
+ }
+}
#endif /* defined(TARGET_PPC64) */
void helper_store_pidr(CPUPPCState *env, target_ulong val)
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 41aeb2d06e..bdd39c89e0 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -1298,6 +1298,24 @@ void spr_write_tfmr(DisasContext *ctx, int sprn, int gprn)
gen_helper_store_tfmr(tcg_env, cpu_gpr[gprn]);
}
+void spr_write_sprc(DisasContext *ctx, int sprn, int gprn)
+{
+ gen_helper_store_sprc(tcg_env, cpu_gpr[gprn]);
+}
+
+void spr_read_sprd(DisasContext *ctx, int gprn, int sprn)
+{
+ gen_helper_load_sprd(cpu_gpr[gprn], tcg_env);
+}
+
+void spr_write_sprd(DisasContext *ctx, int sprn, int gprn)
+{
+ if (!gen_serialize_core(ctx)) {
+ return;
+ }
+ gen_helper_store_sprd(tcg_env, cpu_gpr[gprn]);
+}
+
void spr_write_lpcr(DisasContext *ctx, int sprn, int gprn)
{
translator_io_start(&ctx->base);
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH 26/26] target/ppc: add SMT support to msgsnd broadcast
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (24 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 25/26] target/ppc: Implement SPRC/SPRD SPRs Nicholas Piggin
@ 2024-01-18 15:06 ` Nicholas Piggin
2024-01-19 8:58 ` [PATCH 00/26] target/ppc: TCG improvements and fixes Cédric Le Goater
26 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-18 15:06 UTC (permalink / raw)
To: qemu-ppc
Cc: Nicholas Piggin, Cédric Le Goater, Frédéric Barrat,
Daniel Henrique Barboza, David Gibson, Harsh Prateek Bora,
qemu-devel
msgsnd has a broadcast mode that sends hypervisor doorbells to all
threads belonging to the same core as the target. A "subcore" mode
sends to all or one thread depending on 1LPAR mode.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
target/ppc/cpu.h | 6 +-
target/ppc/helper.h | 2 +-
target/ppc/excp_helper.c | 57 +++++++++++++------
.../ppc/translate/processor-ctrl-impl.c.inc | 2 +-
4 files changed, 46 insertions(+), 21 deletions(-)
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index a50440ea51..376aee652f 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1165,7 +1165,11 @@ FIELD(FPSCR, FI, FPSCR_FI, 1)
#define DBELL_TYPE_DBELL_SERVER (0x05 << DBELL_TYPE_SHIFT)
-#define DBELL_BRDCAST PPC_BIT(37)
+#define DBELL_BRDCAST_MASK PPC_BITMASK(37, 38)
+#define DBELL_BRDCAST_SHIFT 25
+#define DBELL_BRDCAST_SUBPROC (0x1 << DBELL_BRDCAST_SHIFT)
+#define DBELL_BRDCAST_CORE (0x2 << DBELL_BRDCAST_SHIFT)
+
#define DBELL_LPIDTAG_SHIFT 14
#define DBELL_LPIDTAG_MASK (0xfff << DBELL_LPIDTAG_SHIFT)
#define DBELL_PIRTAG_MASK 0x3fff
diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 43333b4d5e..cb1b5345fb 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -695,7 +695,7 @@ DEF_HELPER_FLAGS_3(store_sr, TCG_CALL_NO_RWG, void, env, tl, tl)
DEF_HELPER_1(msgsnd, void, tl)
DEF_HELPER_2(msgclr, void, env, tl)
-DEF_HELPER_1(book3s_msgsnd, void, tl)
+DEF_HELPER_2(book3s_msgsnd, void, env, tl)
DEF_HELPER_2(book3s_msgclr, void, env, tl)
#endif
diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index 030260e8a9..1db6aaf7ee 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -3067,7 +3067,7 @@ void helper_msgsnd(target_ulong rb)
PowerPCCPU *cpu = POWERPC_CPU(cs);
CPUPPCState *cenv = &cpu->env;
- if ((rb & DBELL_BRDCAST) || (cenv->spr[SPR_BOOKE_PIR] == pir)) {
+ if ((rb & DBELL_BRDCAST_MASK) || (cenv->spr[SPR_BOOKE_PIR] == pir)) {
ppc_set_irq(cpu, irq, 1);
}
}
@@ -3086,6 +3086,16 @@ static bool dbell_type_server(target_ulong rb)
return (rb & DBELL_TYPE_MASK) == DBELL_TYPE_DBELL_SERVER;
}
+static inline bool dbell_bcast_core(target_ulong rb)
+{
+ return (rb & DBELL_BRDCAST_MASK) == DBELL_BRDCAST_CORE;
+}
+
+static inline bool dbell_bcast_subproc(target_ulong rb)
+{
+ return (rb & DBELL_BRDCAST_MASK) == DBELL_BRDCAST_SUBPROC;
+}
+
void helper_book3s_msgclr(CPUPPCState *env, target_ulong rb)
{
if (!dbell_type_server(rb)) {
@@ -3095,32 +3105,43 @@ void helper_book3s_msgclr(CPUPPCState *env, target_ulong rb)
ppc_set_irq(env_archcpu(env), PPC_INTERRUPT_HDOORBELL, 0);
}
-static void book3s_msgsnd_common(int pir, int irq)
+void helper_book3s_msgsnd(CPUPPCState *env, target_ulong rb)
{
- CPUState *cs;
+ int pir = rb & DBELL_PROCIDTAG_MASK;
+ bool brdcast = false;
+ CPUState *cs, *ccs;
+ PowerPCCPU *cpu;
- bql_lock();
- CPU_FOREACH(cs) {
- PowerPCCPU *cpu = POWERPC_CPU(cs);
- CPUPPCState *cenv = &cpu->env;
+ if (!dbell_type_server(rb)) {
+ return;
+ }
- /* TODO: broadcast message to all threads of the same processor */
- if (cenv->spr_cb[SPR_PIR].default_value == pir) {
- ppc_set_irq(cpu, irq, 1);
- }
+ cpu = ppc_get_vcpu_by_pir(pir);
+ if (!cpu) {
+ return;
}
- bql_unlock();
-}
+ cs = CPU(cpu);
-void helper_book3s_msgsnd(target_ulong rb)
-{
- int pir = rb & DBELL_PROCIDTAG_MASK;
+ if (dbell_bcast_core(rb) || (dbell_bcast_subproc(rb) &&
+ (env->flags & POWERPC_FLAG_SMT_1LPAR))) {
+ brdcast = true;
+ }
- if (!dbell_type_server(rb)) {
+ if (cs->nr_threads == 1 || !brdcast) {
+ ppc_set_irq(cpu, PPC_INTERRUPT_HDOORBELL, 1);
return;
}
- book3s_msgsnd_common(pir, PPC_INTERRUPT_HDOORBELL);
+ /*
+ * Why is bql needed for walking CPU list? Answer seems to be because ppc
+ * irq handling needs it, but ppc_set_irq takes the lock itself if needed,
+ * so could this be removed?
+ */
+ bql_lock();
+ THREAD_SIBLING_FOREACH(cs, ccs) {
+ ppc_set_irq(POWERPC_CPU(ccs), PPC_INTERRUPT_HDOORBELL, 1);
+ }
+ bql_unlock();
}
#if defined(TARGET_PPC64)
diff --git a/target/ppc/translate/processor-ctrl-impl.c.inc b/target/ppc/translate/processor-ctrl-impl.c.inc
index 0142801985..8abbb89630 100644
--- a/target/ppc/translate/processor-ctrl-impl.c.inc
+++ b/target/ppc/translate/processor-ctrl-impl.c.inc
@@ -59,7 +59,7 @@ static bool trans_MSGSND(DisasContext *ctx, arg_X_rb *a)
#if !defined(CONFIG_USER_ONLY)
if (is_book3s_arch2x(ctx)) {
- gen_helper_book3s_msgsnd(cpu_gpr[a->rb]);
+ gen_helper_book3s_msgsnd(tcg_env, cpu_gpr[a->rb]);
} else {
gen_helper_msgsnd(cpu_gpr[a->rb]);
}
--
2.42.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* Re: [PATCH 00/26] target/ppc: TCG improvements and fixes
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
` (25 preceding siblings ...)
2024-01-18 15:06 ` [PATCH 26/26] target/ppc: add SMT support to msgsnd broadcast Nicholas Piggin
@ 2024-01-19 8:58 ` Cédric Le Goater
2024-01-23 1:53 ` Nicholas Piggin
26 siblings, 1 reply; 29+ messages in thread
From: Cédric Le Goater @ 2024-01-19 8:58 UTC (permalink / raw)
To: Nicholas Piggin, qemu-ppc
Cc: Frédéric Barrat, Daniel Henrique Barboza, David Gibson,
Harsh Prateek Bora, qemu-devel
Hello Nick,
On 1/18/24 16:06, Nicholas Piggin wrote:
> This is mostly TCG core emulation improvements and fixes. I
> got the chiptod model in there because it's intertwined with
> TFMR SPR.
>
> Other non-TCG patches are spapr MSR entry point change which
> goes together with the other machine check / MSR[ME] fixes.
> And Saif's gdb patches, as well as some SPR renaming.
>
> Will probably a bit more similar patches too, e.g., Dan's SPR
> patches, but I'll just get this out for review before
> upstreaming it.
Before we start a new round of reviews, could we please uptream the ones
reviewed in the previous cycle [1] ? Some are part of this series and we
shoudn't have to go through them again.
Thanks,
C.
[1] https://patchwork.ozlabs.org/project/qemu-ppc/list/
^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: [PATCH 00/26] target/ppc: TCG improvements and fixes
2024-01-19 8:58 ` [PATCH 00/26] target/ppc: TCG improvements and fixes Cédric Le Goater
@ 2024-01-23 1:53 ` Nicholas Piggin
0 siblings, 0 replies; 29+ messages in thread
From: Nicholas Piggin @ 2024-01-23 1:53 UTC (permalink / raw)
To: Cédric Le Goater, qemu-ppc
Cc: Frédéric Barrat, Daniel Henrique Barboza, David Gibson,
Harsh Prateek Bora, qemu-devel
On Fri Jan 19, 2024 at 6:58 PM AEST, Cédric Le Goater wrote:
> Hello Nick,
>
> On 1/18/24 16:06, Nicholas Piggin wrote:
> > This is mostly TCG core emulation improvements and fixes. I
> > got the chiptod model in there because it's intertwined with
> > TFMR SPR.
> >
> > Other non-TCG patches are spapr MSR entry point change which
> > goes together with the other machine check / MSR[ME] fixes.
> > And Saif's gdb patches, as well as some SPR renaming.
> >
> > Will probably a bit more similar patches too, e.g., Dan's SPR
> > patches, but I'll just get this out for review before
> > upstreaming it.
>
> Before we start a new round of reviews, could we please uptream the ones
> reviewed in the previous cycle [1] ? Some are part of this series and we
> shoudn't have to go through them again.
Yeah good idea, will do.
Thanks,
Nick
^ permalink raw reply [flat|nested] 29+ messages in thread
end of thread, other threads:[~2024-01-23 1:54 UTC | newest]
Thread overview: 29+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-01-18 15:06 [PATCH 00/26] target/ppc: TCG improvements and fixes Nicholas Piggin
2024-01-18 15:06 ` [PATCH 01/26] target/ppc: Fix crash on machine check caused by ifetch Nicholas Piggin
2024-01-18 15:06 ` [PATCH 02/26] target/ppc: Prevent supervisor from modifying MSR[ME] Nicholas Piggin
2024-01-18 15:06 ` [PATCH 03/26] spapr: set MSR[ME] and MSR[FP] on client entry Nicholas Piggin
2024-01-18 15:06 ` [PATCH 04/26] target/ppc: Rename registers to match ISA Nicholas Piggin
2024-01-18 15:06 ` [PATCH 05/26] target/ppc: Update gdbstub to read SPR's CFAR, DEC, HDEC, TB-L/U Nicholas Piggin
2024-01-18 15:06 ` [PATCH 06/26] target/ppc: Rename TBL to TB on 64-bit Nicholas Piggin
2024-01-18 15:06 ` [PATCH 07/26] target/ppc: Improve timebase register defines naming Nicholas Piggin
2024-01-18 15:06 ` [PATCH 08/26] target/ppc: Fix move-to timebase SPR access permissions Nicholas Piggin
2024-01-18 15:06 ` [PATCH 09/26] pnv/chiptod: Add POWER9/10 chiptod model Nicholas Piggin
2024-01-18 15:06 ` [PATCH 10/26] ppc/pnv: Wire ChipTOD model to powernv9 and powernv10 machines Nicholas Piggin
2024-01-18 15:06 ` [PATCH 11/26] pnv/chiptod: Implement the ChipTOD to Core transfer Nicholas Piggin
2024-01-18 15:06 ` [PATCH 12/26] target/ppc: Implement core timebase state machine and TFMR Nicholas Piggin
2024-01-18 15:06 ` [PATCH 13/26] target/ppc: Add SMT support to time facilities Nicholas Piggin
2024-01-18 15:06 ` [PATCH 14/26] target/ppc: Add new hflags to support BHRB Nicholas Piggin
2024-01-18 15:06 ` [PATCH 15/26] target/ppc: Add recording of taken branches to BHRB Nicholas Piggin
2024-01-18 15:06 ` [PATCH 16/26] target/ppc: Add clrbhrb and mfbhrbe instructions Nicholas Piggin
2024-01-18 15:06 ` [PATCH 17/26] target/ppc: Add migration support for BHRB Nicholas Piggin
2024-01-18 15:06 ` [PATCH 18/26] target/ppc: BookE DECAR SPR is 32-bit Nicholas Piggin
2024-01-18 15:06 ` [PATCH 19/26] target/ppc: Wire up BookE ATB registers for e500 family Nicholas Piggin
2024-01-18 15:06 ` [PATCH 20/26] target/ppc: Add PPR32 SPR Nicholas Piggin
2024-01-18 15:06 ` [PATCH 21/26] target/ppc: add helper to write per-LPAR SPRs Nicholas Piggin
2024-01-18 15:06 ` [PATCH 22/26] target/ppc: Add SMT support to simple SPRs Nicholas Piggin
2024-01-18 15:06 ` [PATCH 23/26] target/ppc: Add SMT support to PTCR SPR Nicholas Piggin
2024-01-18 15:06 ` [PATCH 24/26] target/ppc: Implement LDBAR, TTR SPRs Nicholas Piggin
2024-01-18 15:06 ` [PATCH 25/26] target/ppc: Implement SPRC/SPRD SPRs Nicholas Piggin
2024-01-18 15:06 ` [PATCH 26/26] target/ppc: add SMT support to msgsnd broadcast Nicholas Piggin
2024-01-19 8:58 ` [PATCH 00/26] target/ppc: TCG improvements and fixes Cédric Le Goater
2024-01-23 1:53 ` Nicholas Piggin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).