[PATCH 00/43] Remaining MMU clean up patches

[PATCH 00/43] Remaining MMU clean up patches

[BALATON Zoltan]

This is the rest of the MMU clean up series the first part of which
was merged. Here are the remaining patches rebased and some more added.

Regards,
BALATON Zoltan

BALATON Zoltan (43):
  target/ppc: Reorganise and rename ppc_hash32_pp_prot()
  target/ppc/mmu_common.c: Remove local name for a constant
  target/ppc/mmu_common.c: Remove single use local variable
  target/ppc/mmu_common.c: Remove single use local variable
  target/ppc/mmu_common.c: Remove another single use local variable
  target/ppc/mmu_common.c: Remove yet another single use local variable
  target/ppc/mmu_common.c: Return directly in ppc6xx_tlb_pte_check()
  target/ppc/mmu_common.c: Simplify ppc6xx_tlb_pte_check()
  target/ppc/mmu_common.c: Remove unused field from mmu_ctx_t
  target/ppc/mmu_common.c: Remove hash field from mmu_ctx_t
  target/ppc/mmu_common.c: Remove pte_update_flags()
  target/ppc/mmu_common.c: Remove nx field from mmu_ctx_t
  target/ppc/mmu_common.c: Convert local variable to bool
  target/ppc/mmu_common.c: Remove single use local variable
  target/ppc/mmu_common.c: Simplify a switch statement
  target/ppc/mmu_common.c: Inline and remove ppc6xx_tlb_pte_check()
  target/ppc/mmu_common.c: Remove ptem field from mmu_ctx_t
  target/ppc: Add function to get protection key for hash32 MMU
  target/ppc/mmu-hash32.c: Inline and remove ppc_hash32_pte_prot()
  target/ppc/mmu_common.c: Init variable in function that relies on it
  target/ppc/mmu_common.c: Remove key field from mmu_ctx_t
  target/ppc/mmu_common.c: Stop using ctx in ppc6xx_tlb_check()
  target/ppc/mmu_common.c: Rename function parameter
  target/ppc/mmu_common.c: Use defines instead of numeric constants
  target/ppc: Remove bat_size_prot()
  target/ppc/mmu_common.c: Stop using ctx in get_bat_6xx_tlb()
  target/ppc/mmu_common.c: Remove mmu_ctx_t
  target/ppc/mmu-hash32.c: Inline and remove ppc_hash32_pte_raddr()
  target/ppc/mmu-hash32.c: Move get_pteg_offset32() to the header
  target/ppc: Unexport some functions from mmu-book3s-v3.h
  target/ppc/mmu-radix64: Remove externally unused parts from header
  target/ppc: Remove includes from mmu-book3s-v3.h
  target/ppc: Remove single use static inline function
  target/ppc/internal.h: Consolidate ifndef CONFIG_USER_ONLY blocks
  target/ppc/mmu-hash32.c: Change parameter type of
    ppc_hash32_bat_lookup()
  target/ppc/mmu-hash32: Remove some static inlines from header
  target/ppc/mmu-hash32.c: Return and use pte address instead of base +
    offset
  target/ppc/mmu-hash32.c: Use pte address as parameter instead of
    offset
  target/ppc: Change parameter type of some inline functions
  target/ppc: Change parameter type of ppc64_v3_radix()
  target/ppc: Change MMU xlate functions to take CPUState
  target/ppc/mmu-hash32.c: Change parameter type of ppc_hash32_set_[rc]
  target/ppc/mmu-hash32.c: Change parameter type of
    ppc_hash32_direct_store

 hw/ppc/spapr_rtas.c                 |   2 +-
 hw/ppc/spapr_vhyp_mmu.c             |  21 +-
 target/ppc/internal.h               |  34 +--
 target/ppc/mmu-book3s-v3.c          |   1 -
 target/ppc/mmu-book3s-v3.h          |  47 +---
 target/ppc/mmu-booke.c              |   5 +-
 target/ppc/mmu-booke.h              |   2 +-
 target/ppc/mmu-hash32.c             | 165 ++++--------
 target/ppc/mmu-hash32.h             |  86 +++---
 target/ppc/mmu-hash64.c             |  54 +++-
 target/ppc/mmu-hash64.h             |   3 +-
 target/ppc/mmu-radix64.c            |  57 +++-
 target/ppc/mmu-radix64.h            |  55 +---
 target/ppc/mmu_common.c             | 405 ++++++++++------------------
 target/ppc/mmu_helper.c             |   9 +-
 target/ppc/translate/vsx-impl.c.inc |   6 +-
 16 files changed, 376 insertions(+), 576 deletions(-)

-- 
2.30.9

[PATCH 01/43] target/ppc: Reorganise and rename ppc_hash32_pp_prot()

[BALATON Zoltan]

Reorganise ppc_hash32_pp_prot() swapping the if legs so it does not
test for negative first and clean up to make it shorter. Also rename
it to ppc_hash32_prot().

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu-hash32.c |  2 +-
 target/ppc/mmu-hash32.h | 35 +++++++++++++----------------------
 target/ppc/mmu_common.c |  2 +-
 3 files changed, 15 insertions(+), 24 deletions(-)

diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
index d5f2057eb1..8a446c8a7d 100644
--- a/target/ppc/mmu-hash32.c
+++ b/target/ppc/mmu-hash32.c
@@ -45,7 +45,7 @@ static int ppc_hash32_pte_prot(int mmu_idx,
     key = !!(mmuidx_pr(mmu_idx) ? (sr & SR32_KP) : (sr & SR32_KS));
     pp = pte.pte1 & HPTE32_R_PP;
 
-    return ppc_hash32_pp_prot(key, pp, !!(sr & SR32_NX));
+    return ppc_hash32_prot(key, pp, !!(sr & SR32_NX));
 }
 
 static target_ulong hash32_bat_size(int mmu_idx,
diff --git a/target/ppc/mmu-hash32.h b/target/ppc/mmu-hash32.h
index f0ce6951b4..bc4eedbecc 100644
--- a/target/ppc/mmu-hash32.h
+++ b/target/ppc/mmu-hash32.h
@@ -102,49 +102,40 @@ static inline void ppc_hash32_store_hpte1(PowerPCCPU *cpu,
     stl_phys(CPU(cpu)->as, base + pte_offset + HASH_PTE_SIZE_32 / 2, pte1);
 }
 
-static inline int ppc_hash32_pp_prot(bool key, int pp, bool nx)
+static inline int ppc_hash32_prot(bool key, int pp, bool nx)
 {
     int prot;
 
-    if (key == 0) {
+    if (key) {
         switch (pp) {
         case 0x0:
-        case 0x1:
-        case 0x2:
-            prot = PAGE_READ | PAGE_WRITE;
+            prot = 0;
             break;
-
+        case 0x1:
         case 0x3:
             prot = PAGE_READ;
             break;
-
+        case 0x2:
+            prot = PAGE_READ | PAGE_WRITE;
+            break;
         default:
-            abort();
+            g_assert_not_reached();
         }
     } else {
         switch (pp) {
         case 0x0:
-            prot = 0;
-            break;
-
         case 0x1:
-        case 0x3:
-            prot = PAGE_READ;
-            break;
-
         case 0x2:
             prot = PAGE_READ | PAGE_WRITE;
             break;
-
+        case 0x3:
+            prot = PAGE_READ;
+            break;
         default:
-            abort();
+            g_assert_not_reached();
         }
     }
-    if (nx == 0) {
-        prot |= PAGE_EXEC;
-    }
-
-    return prot;
+    return nx ? prot : prot | PAGE_EXEC;
 }
 
 typedef struct {
diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index e2542694f0..08c5b61f76 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -120,7 +120,7 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
             }
             /* Keep the matching PTE information */
             ctx->raddr = pte1;
-            ctx->prot = ppc_hash32_pp_prot(ctx->key, pp, ctx->nx);
+            ctx->prot = ppc_hash32_prot(ctx->key, pp, ctx->nx);
             if (check_prot_access_type(ctx->prot, access_type)) {
                 /* Access granted */
                 qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
-- 
2.30.9

[PATCH 02/43] target/ppc/mmu_common.c: Remove local name for a constant

[BALATON Zoltan]

The mmask local variable is a less descriptive local name for a
constant. Drop it and use the constant directly in the two places it
is needed.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 08c5b61f76..2618cdec6a 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -98,7 +98,7 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
                                 target_ulong pte1, int h,
                                 MMUAccessType access_type)
 {
-    target_ulong ptem, mmask;
+    target_ulong ptem;
     int ret, pteh, ptev, pp;
 
     ret = -1;
@@ -108,12 +108,11 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
     if (ptev && h == pteh) {
         /* Check vsid & api */
         ptem = pte0 & PTE_PTEM_MASK;
-        mmask = PTE_CHECK_MASK;
         pp = pte1 & 0x00000003;
         if (ptem == ctx->ptem) {
             if (ctx->raddr != (hwaddr)-1ULL) {
                 /* all matches should have equal RPN, WIMG & PP */
-                if ((ctx->raddr & mmask) != (pte1 & mmask)) {
+                if ((ctx->raddr & PTE_CHECK_MASK) != (pte1 & PTE_CHECK_MASK)) {
                     qemu_log_mask(CPU_LOG_MMU, "Bad RPN/WIMG/PP\n");
                     return -3;
                 }
-- 
2.30.9

[PATCH 03/43] target/ppc/mmu_common.c: Remove single use local variable

[BALATON Zoltan]

The ptem variable in ppc6xx_tlb_pte_check() is used only once,
simplify by removing it as the value is already clear itself without
adding a local name for it.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 2618cdec6a..371ec24485 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -98,7 +98,6 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
                                 target_ulong pte1, int h,
                                 MMUAccessType access_type)
 {
-    target_ulong ptem;
     int ret, pteh, ptev, pp;
 
     ret = -1;
@@ -107,9 +106,8 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
     pteh = (pte0 >> 6) & 1;
     if (ptev && h == pteh) {
         /* Check vsid & api */
-        ptem = pte0 & PTE_PTEM_MASK;
         pp = pte1 & 0x00000003;
-        if (ptem == ctx->ptem) {
+        if ((pte0 & PTE_PTEM_MASK) == ctx->ptem) {
             if (ctx->raddr != (hwaddr)-1ULL) {
                 /* all matches should have equal RPN, WIMG & PP */
                 if ((ctx->raddr & PTE_CHECK_MASK) != (pte1 & PTE_CHECK_MASK)) {
-- 
2.30.9

[PATCH 04/43] target/ppc/mmu_common.c: Remove single use local variable

[BALATON Zoltan]

The ptev variable in ppc6xx_tlb_pte_check() is used only once and just
obfuscates an otherwise clear value. Get rid of it.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 371ec24485..16578f7fa5 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -98,13 +98,12 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
                                 target_ulong pte1, int h,
                                 MMUAccessType access_type)
 {
-    int ret, pteh, ptev, pp;
+    int ret, pteh, pp;
 
     ret = -1;
     /* Check validity and table match */
-    ptev = pte_is_valid(pte0);
     pteh = (pte0 >> 6) & 1;
-    if (ptev && h == pteh) {
+    if (pte_is_valid(pte0) && h == pteh) {
         /* Check vsid & api */
         pp = pte1 & 0x00000003;
         if ((pte0 & PTE_PTEM_MASK) == ctx->ptem) {
-- 
2.30.9

[PATCH 05/43] target/ppc/mmu_common.c: Remove another single use local variable

[BALATON Zoltan]

In ppc6xx_tlb_pte_check() the pteh variable is used only once to
compare to the h parameter of the function. Inline its value and use
pteh name for the function parameter which is more descriptive.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 16578f7fa5..b21f52290f 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -95,15 +95,14 @@ int ppc6xx_tlb_getnum(CPUPPCState *env, target_ulong eaddr,
 }
 
 static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
-                                target_ulong pte1, int h,
+                                target_ulong pte1, int pteh,
                                 MMUAccessType access_type)
 {
-    int ret, pteh, pp;
+    int ret, pp;
 
     ret = -1;
     /* Check validity and table match */
-    pteh = (pte0 >> 6) & 1;
-    if (pte_is_valid(pte0) && h == pteh) {
+    if (pte_is_valid(pte0) && ((pte0 >> 6) & 1) == pteh) {
         /* Check vsid & api */
         pp = pte1 & 0x00000003;
         if ((pte0 & PTE_PTEM_MASK) == ctx->ptem) {
-- 
2.30.9

[PATCH 06/43] target/ppc/mmu_common.c: Remove yet another single use local variable

[BALATON Zoltan]

In ppc6xx_tlb_pte_check() the pp variable is used only once to pass it
to a function parameter with the same name. Remove the local and
inline the value. Also use named constant for the hex value to make it
clearer.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index b21f52290f..799d2ced9b 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -98,13 +98,12 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
                                 target_ulong pte1, int pteh,
                                 MMUAccessType access_type)
 {
-    int ret, pp;
+    int ret;
 
     ret = -1;
     /* Check validity and table match */
     if (pte_is_valid(pte0) && ((pte0 >> 6) & 1) == pteh) {
         /* Check vsid & api */
-        pp = pte1 & 0x00000003;
         if ((pte0 & PTE_PTEM_MASK) == ctx->ptem) {
             if (ctx->raddr != (hwaddr)-1ULL) {
                 /* all matches should have equal RPN, WIMG & PP */
@@ -115,7 +114,7 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
             }
             /* Keep the matching PTE information */
             ctx->raddr = pte1;
-            ctx->prot = ppc_hash32_prot(ctx->key, pp, ctx->nx);
+            ctx->prot = ppc_hash32_prot(ctx->key, pte1 & HPTE32_R_PP, ctx->nx);
             if (check_prot_access_type(ctx->prot, access_type)) {
                 /* Access granted */
                 qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
-- 
2.30.9

[PATCH 07/43] target/ppc/mmu_common.c: Return directly in ppc6xx_tlb_pte_check()

[BALATON Zoltan]

Instead of using a local ret variable return directly and remove the
local.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 799d2ced9b..a5ae11394d 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -98,9 +98,6 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
                                 target_ulong pte1, int pteh,
                                 MMUAccessType access_type)
 {
-    int ret;
-
-    ret = -1;
     /* Check validity and table match */
     if (pte_is_valid(pte0) && ((pte0 >> 6) & 1) == pteh) {
         /* Check vsid & api */
@@ -118,16 +115,15 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
             if (check_prot_access_type(ctx->prot, access_type)) {
                 /* Access granted */
                 qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
-                ret = 0;
+                return 0;
             } else {
                 /* Access right violation */
                 qemu_log_mask(CPU_LOG_MMU, "PTE access rejected\n");
-                ret = -2;
+                return -2;
             }
         }
     }
-
-    return ret;
+    return -1;
 }
 
 static int pte_update_flags(mmu_ctx_t *ctx, target_ulong *pte1p,
-- 
2.30.9

[PATCH 08/43] target/ppc/mmu_common.c: Simplify ppc6xx_tlb_pte_check()

[BALATON Zoltan]

Invert conditions to avoid deep nested ifs and return early instead.
Remove some obvious comments that don't add more clarity.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 43 ++++++++++++++++++-----------------------
 1 file changed, 19 insertions(+), 24 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index a5ae11394d..28adb3ca10 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -99,31 +99,26 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
                                 MMUAccessType access_type)
 {
     /* Check validity and table match */
-    if (pte_is_valid(pte0) && ((pte0 >> 6) & 1) == pteh) {
-        /* Check vsid & api */
-        if ((pte0 & PTE_PTEM_MASK) == ctx->ptem) {
-            if (ctx->raddr != (hwaddr)-1ULL) {
-                /* all matches should have equal RPN, WIMG & PP */
-                if ((ctx->raddr & PTE_CHECK_MASK) != (pte1 & PTE_CHECK_MASK)) {
-                    qemu_log_mask(CPU_LOG_MMU, "Bad RPN/WIMG/PP\n");
-                    return -3;
-                }
-            }
-            /* Keep the matching PTE information */
-            ctx->raddr = pte1;
-            ctx->prot = ppc_hash32_prot(ctx->key, pte1 & HPTE32_R_PP, ctx->nx);
-            if (check_prot_access_type(ctx->prot, access_type)) {
-                /* Access granted */
-                qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
-                return 0;
-            } else {
-                /* Access right violation */
-                qemu_log_mask(CPU_LOG_MMU, "PTE access rejected\n");
-                return -2;
-            }
-        }
+    if (!pte_is_valid(pte0) || ((pte0 >> 6) & 1) != pteh ||
+        (pte0 & PTE_PTEM_MASK) != ctx->ptem) {
+        return -1;
+    }
+    /* all matches should have equal RPN, WIMG & PP */
+    if (ctx->raddr != (hwaddr)-1ULL &&
+        (ctx->raddr & PTE_CHECK_MASK) != (pte1 & PTE_CHECK_MASK)) {
+        qemu_log_mask(CPU_LOG_MMU, "Bad RPN/WIMG/PP\n");
+        return -3;
+    }
+    /* Keep the matching PTE information */
+    ctx->raddr = pte1;
+    ctx->prot = ppc_hash32_prot(ctx->key, pte1 & HPTE32_R_PP, ctx->nx);
+    if (check_prot_access_type(ctx->prot, access_type)) {
+        qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
+        return 0;
+    } else {
+        qemu_log_mask(CPU_LOG_MMU, "PTE access rejected\n");
+        return -2;
     }
-    return -1;
 }
 
 static int pte_update_flags(mmu_ctx_t *ctx, target_ulong *pte1p,
-- 
2.30.9

[PATCH 09/43] target/ppc/mmu_common.c: Remove unused field from mmu_ctx_t

[BALATON Zoltan]

The eaddr field of mmu_ctx_t is set once but never used so can be
removed.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 28adb3ca10..0a07023f48 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -40,7 +40,6 @@
 /* Context used internally during MMU translations */
 typedef struct {
     hwaddr raddr;      /* Real address             */
-    hwaddr eaddr;      /* Effective address        */
     int prot;          /* Protection bits          */
     hwaddr hash[2];    /* Pagetable hash values    */
     target_ulong ptem; /* Virtual segment ID | API */
@@ -348,7 +347,6 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
 
     /* Perform segment based translation when no BATs matched */
     pr = FIELD_EX64(env->msr, MSR, PR);
-    ctx->eaddr = eaddr;
 
     sr = env->sr[eaddr >> 28];
     ctx->key = (((sr & 0x20000000) && pr) ||
-- 
2.30.9

[PATCH 10/43] target/ppc/mmu_common.c: Remove hash field from mmu_ctx_t

[BALATON Zoltan]

Return hash value via a parameter and remove it from mmu_ctx.t.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 0a07023f48..e3537c63c0 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -41,7 +41,6 @@
 typedef struct {
     hwaddr raddr;      /* Real address             */
     int prot;          /* Protection bits          */
-    hwaddr hash[2];    /* Pagetable hash values    */
     target_ulong ptem; /* Virtual segment ID | API */
     int key;           /* Access key               */
     int nx;            /* Non-execute area         */
@@ -331,7 +330,7 @@ static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
 }
 
 static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
-                                       target_ulong eaddr,
+                                       target_ulong eaddr, hwaddr *hashp,
                                        MMUAccessType access_type, int type)
 {
     PowerPCCPU *cpu = env_archcpu(env);
@@ -379,8 +378,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
         qemu_log_mask(CPU_LOG_MMU, "htab_base " HWADDR_FMT_plx " htab_mask "
                       HWADDR_FMT_plx " hash " HWADDR_FMT_plx "\n",
                       ppc_hash32_hpt_base(cpu), ppc_hash32_hpt_mask(cpu), hash);
-        ctx->hash[0] = hash;
-        ctx->hash[1] = ~hash;
+        *hashp = hash;
 
         /* Initialize real address with an invalid value */
         ctx->raddr = (hwaddr)-1ULL;
@@ -761,8 +759,8 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
     CPUState *cs = CPU(cpu);
     CPUPPCState *env = &cpu->env;
     mmu_ctx_t ctx;
-    int type;
-    int ret;
+    hwaddr hash = 0; /* init to 0 to avoid used uninit warning */
+    int type, ret;
 
     if (ppc_real_mode_xlate(cpu, eaddr, access_type, raddrp, psizep, protp)) {
         return true;
@@ -779,9 +777,8 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
     }
 
     ctx.prot = 0;
-    ctx.hash[0] = 0;
-    ctx.hash[1] = 0;
-    ret = mmu6xx_get_physical_address(env, &ctx, eaddr, access_type, type);
+    ret = mmu6xx_get_physical_address(env, &ctx, eaddr, &hash,
+                                      access_type, type);
     if (ret == 0) {
         *raddrp = ctx.raddr;
         *protp = ctx.prot;
@@ -834,9 +831,9 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
 tlb_miss:
             env->error_code |= ctx.key << 19;
             env->spr[SPR_HASH1] = ppc_hash32_hpt_base(cpu) +
-                                  get_pteg_offset32(cpu, ctx.hash[0]);
+                                  get_pteg_offset32(cpu, hash);
             env->spr[SPR_HASH2] = ppc_hash32_hpt_base(cpu) +
-                                  get_pteg_offset32(cpu, ctx.hash[1]);
+                                  get_pteg_offset32(cpu, ~hash);
             break;
         case -2:
             /* Access rights violation */
-- 
2.30.9

[PATCH 11/43] target/ppc/mmu_common.c: Remove pte_update_flags()

[BALATON Zoltan]

This function is used only once, its return value is ignored and one
of its parameter is a return value from a previous call. It is better
to inline it in the caller and remove it.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 41 +++++++++++++----------------------------
 1 file changed, 13 insertions(+), 28 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index e3537c63c0..c4902b7632 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -119,39 +119,14 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
     }
 }
 
-static int pte_update_flags(mmu_ctx_t *ctx, target_ulong *pte1p,
-                            int ret, MMUAccessType access_type)
-{
-    int store = 0;
-
-    /* Update page flags */
-    if (!(*pte1p & 0x00000100)) {
-        /* Update accessed flag */
-        *pte1p |= 0x00000100;
-        store = 1;
-    }
-    if (!(*pte1p & 0x00000080)) {
-        if (access_type == MMU_DATA_STORE && ret == 0) {
-            /* Update changed flag */
-            *pte1p |= 0x00000080;
-            store = 1;
-        } else {
-            /* Force page fault for first write access */
-            ctx->prot &= ~PAGE_WRITE;
-        }
-    }
-
-    return store;
-}
-
 /* Software driven TLB helpers */
 
 static int ppc6xx_tlb_check(CPUPPCState *env, mmu_ctx_t *ctx,
                             target_ulong eaddr, MMUAccessType access_type)
 {
     ppc6xx_tlb_t *tlb;
-    int nr, best, way;
-    int ret;
+    target_ulong *pte1p;
+    int nr, best, way, ret;
 
     best = -1;
     ret = -1; /* No TLB found */
@@ -204,7 +179,17 @@ done:
                       " prot=%01x ret=%d\n",
                       ctx->raddr & TARGET_PAGE_MASK, ctx->prot, ret);
         /* Update page flags */
-        pte_update_flags(ctx, &env->tlb.tlb6[best].pte1, ret, access_type);
+        pte1p = &env->tlb.tlb6[best].pte1;
+        *pte1p |= 0x00000100; /* Update accessed flag */
+        if (!(*pte1p & 0x00000080)) {
+            if (access_type == MMU_DATA_STORE && ret == 0) {
+                /* Update changed flag */
+                *pte1p |= 0x00000080;
+            } else {
+                /* Force page fault for first write access */
+                ctx->prot &= ~PAGE_WRITE;
+            }
+        }
     }
 #if defined(DUMP_PAGE_TABLES)
     if (qemu_loglevel_mask(CPU_LOG_MMU)) {
-- 
2.30.9

[PATCH 12/43] target/ppc/mmu_common.c: Remove nx field from mmu_ctx_t

[BALATON Zoltan]

Pass it as a parameter instead. Also use named constants instead of
hex values when extracting bits from SR.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index c4902b7632..9f402a979d 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -43,7 +43,6 @@ typedef struct {
     int prot;          /* Protection bits          */
     target_ulong ptem; /* Virtual segment ID | API */
     int key;           /* Access key               */
-    int nx;            /* Non-execute area         */
 } mmu_ctx_t;
 
 void ppc_store_sdr1(CPUPPCState *env, target_ulong value)
@@ -94,7 +93,7 @@ int ppc6xx_tlb_getnum(CPUPPCState *env, target_ulong eaddr,
 
 static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
                                 target_ulong pte1, int pteh,
-                                MMUAccessType access_type)
+                                MMUAccessType access_type, bool nx)
 {
     /* Check validity and table match */
     if (!pte_is_valid(pte0) || ((pte0 >> 6) & 1) != pteh ||
@@ -109,7 +108,7 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
     }
     /* Keep the matching PTE information */
     ctx->raddr = pte1;
-    ctx->prot = ppc_hash32_prot(ctx->key, pte1 & HPTE32_R_PP, ctx->nx);
+    ctx->prot = ppc_hash32_prot(ctx->key, pte1 & HPTE32_R_PP, nx);
     if (check_prot_access_type(ctx->prot, access_type)) {
         qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
         return 0;
@@ -121,8 +120,9 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
 
 /* Software driven TLB helpers */
 
-static int ppc6xx_tlb_check(CPUPPCState *env, mmu_ctx_t *ctx,
-                            target_ulong eaddr, MMUAccessType access_type)
+static int ppc6xx_tlb_check(CPUPPCState *env,
+                            mmu_ctx_t *ctx, target_ulong eaddr,
+                            MMUAccessType access_type, bool nx)
 {
     ppc6xx_tlb_t *tlb;
     target_ulong *pte1p;
@@ -150,7 +150,7 @@ static int ppc6xx_tlb_check(CPUPPCState *env, mmu_ctx_t *ctx,
                       access_type == MMU_DATA_STORE ? 'S' : 'L',
                       access_type == MMU_INST_FETCH ? 'I' : 'D');
         switch (ppc6xx_tlb_pte_check(ctx, tlb->pte0, tlb->pte1,
-                                     0, access_type)) {
+                                     0, access_type, nx)) {
         case -2:
             /* Access violation */
             ret = -2;
@@ -322,7 +322,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
     hwaddr hash;
     target_ulong vsid, sr, pgidx;
     int ds, target_page_bits;
-    bool pr;
+    bool pr, nx;
 
     /* First try to find a BAT entry if there are any */
     if (env->nb_BATs && get_bat_6xx_tlb(env, ctx, eaddr, access_type) == 0) {
@@ -336,8 +336,8 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
     ctx->key = (((sr & 0x20000000) && pr) ||
                 ((sr & 0x40000000) && !pr)) ? 1 : 0;
     ds = sr & 0x80000000 ? 1 : 0;
-    ctx->nx = sr & 0x10000000 ? 1 : 0;
-    vsid = sr & 0x00FFFFFF;
+    nx = sr & SR32_NX;
+    vsid = sr & SR32_VSID;
     target_page_bits = TARGET_PAGE_BITS;
     qemu_log_mask(CPU_LOG_MMU,
                   "Check segment v=" TARGET_FMT_lx " %d " TARGET_FMT_lx
@@ -352,10 +352,10 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
     ctx->ptem = (vsid << 7) | (pgidx >> 10);
 
     qemu_log_mask(CPU_LOG_MMU, "pte segment: key=%d ds %d nx %d vsid "
-                  TARGET_FMT_lx "\n", ctx->key, ds, ctx->nx, vsid);
+                  TARGET_FMT_lx "\n", ctx->key, ds, nx, vsid);
     if (!ds) {
         /* Check if instruction fetch is allowed, if needed */
-        if (type == ACCESS_CODE && ctx->nx) {
+        if (type == ACCESS_CODE && nx) {
             qemu_log_mask(CPU_LOG_MMU, "No access allowed\n");
             return -3;
         }
@@ -368,7 +368,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
         /* Initialize real address with an invalid value */
         ctx->raddr = (hwaddr)-1ULL;
         /* Software TLB search */
-        return ppc6xx_tlb_check(env, ctx, eaddr, access_type);
+        return ppc6xx_tlb_check(env, ctx, eaddr, access_type, nx);
     }
 
     /* Direct-store segment : absolutely *BUGGY* for now */
-- 
2.30.9

[PATCH 13/43] target/ppc/mmu_common.c: Convert local variable to bool

[BALATON Zoltan]

In mmu6xx_get_physical_address() ds is used as bool, declare it as
such. Also use named constant instead of hex value.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 9f402a979d..5145bde7f9 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -321,8 +321,8 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
     PowerPCCPU *cpu = env_archcpu(env);
     hwaddr hash;
     target_ulong vsid, sr, pgidx;
-    int ds, target_page_bits;
-    bool pr, nx;
+    int target_page_bits;
+    bool pr, ds, nx;
 
     /* First try to find a BAT entry if there are any */
     if (env->nb_BATs && get_bat_6xx_tlb(env, ctx, eaddr, access_type) == 0) {
@@ -335,7 +335,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
     sr = env->sr[eaddr >> 28];
     ctx->key = (((sr & 0x20000000) && pr) ||
                 ((sr & 0x40000000) && !pr)) ? 1 : 0;
-    ds = sr & 0x80000000 ? 1 : 0;
+    ds = sr & SR32_T;
     nx = sr & SR32_NX;
     vsid = sr & SR32_VSID;
     target_page_bits = TARGET_PAGE_BITS;
-- 
2.30.9

[PATCH 14/43] target/ppc/mmu_common.c: Remove single use local variable

[BALATON Zoltan]

In mmu6xx_get_physical_address() tagtet_page_bits local is declared
only to use TARGET_PAGE_BITS once. Drop the unneeded variable.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 5145bde7f9..0152e8d875 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -321,7 +321,6 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
     PowerPCCPU *cpu = env_archcpu(env);
     hwaddr hash;
     target_ulong vsid, sr, pgidx;
-    int target_page_bits;
     bool pr, ds, nx;
 
     /* First try to find a BAT entry if there are any */
@@ -338,7 +337,6 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
     ds = sr & SR32_T;
     nx = sr & SR32_NX;
     vsid = sr & SR32_VSID;
-    target_page_bits = TARGET_PAGE_BITS;
     qemu_log_mask(CPU_LOG_MMU,
                   "Check segment v=" TARGET_FMT_lx " %d " TARGET_FMT_lx
                   " nip=" TARGET_FMT_lx " lr=" TARGET_FMT_lx
@@ -347,7 +345,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
                   (int)FIELD_EX64(env->msr, MSR, IR),
                   (int)FIELD_EX64(env->msr, MSR, DR), pr ? 1 : 0,
                   access_type == MMU_DATA_STORE, type);
-    pgidx = (eaddr & ~SEGMENT_MASK_256M) >> target_page_bits;
+    pgidx = (eaddr & ~SEGMENT_MASK_256M) >> TARGET_PAGE_BITS;
     hash = vsid ^ pgidx;
     ctx->ptem = (vsid << 7) | (pgidx >> 10);
 
-- 
2.30.9

[PATCH 15/43] target/ppc/mmu_common.c: Simplify a switch statement

[BALATON Zoltan]

In mmu6xx_get_physical_address() the switch handles all cases so the
default is never reached and can be dropped. Also group together cases
which just return -4.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 19 ++++---------------
 1 file changed, 4 insertions(+), 15 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 0152e8d875..b2993e8563 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -375,15 +375,6 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
     case ACCESS_INT:
         /* Integer load/store : only access allowed */
         break;
-    case ACCESS_CODE:
-        /* No code fetch is allowed in direct-store areas */
-        return -4;
-    case ACCESS_FLOAT:
-        /* Floating point load/store */
-        return -4;
-    case ACCESS_RES:
-        /* lwarx, ldarx or srwcx. */
-        return -4;
     case ACCESS_CACHE:
         /*
          * dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi
@@ -393,12 +384,10 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
          */
         ctx->raddr = eaddr;
         return 0;
-    case ACCESS_EXT:
-        /* eciwx or ecowx */
-        return -4;
-    default:
-        qemu_log_mask(CPU_LOG_MMU, "ERROR: instruction should not need address"
-                                   " translation\n");
+    case ACCESS_CODE: /* No code fetch is allowed in direct-store areas */
+    case ACCESS_FLOAT: /* Floating point load/store */
+    case ACCESS_RES: /* lwarx, ldarx or srwcx. */
+    case ACCESS_EXT: /* eciwx or ecowx */
         return -4;
     }
     if ((access_type == MMU_DATA_STORE || ctx->key != 1) &&
-- 
2.30.9

[PATCH 16/43] target/ppc/mmu_common.c: Inline and remove ppc6xx_tlb_pte_check()

[BALATON Zoltan]

This function is only called once and we can make the caller simpler
by inlining it.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 71 +++++++++++++----------------------------
 1 file changed, 22 insertions(+), 49 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index b2993e8563..784e833ff2 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -91,33 +91,6 @@ int ppc6xx_tlb_getnum(CPUPPCState *env, target_ulong eaddr,
     return nr;
 }
 
-static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
-                                target_ulong pte1, int pteh,
-                                MMUAccessType access_type, bool nx)
-{
-    /* Check validity and table match */
-    if (!pte_is_valid(pte0) || ((pte0 >> 6) & 1) != pteh ||
-        (pte0 & PTE_PTEM_MASK) != ctx->ptem) {
-        return -1;
-    }
-    /* all matches should have equal RPN, WIMG & PP */
-    if (ctx->raddr != (hwaddr)-1ULL &&
-        (ctx->raddr & PTE_CHECK_MASK) != (pte1 & PTE_CHECK_MASK)) {
-        qemu_log_mask(CPU_LOG_MMU, "Bad RPN/WIMG/PP\n");
-        return -3;
-    }
-    /* Keep the matching PTE information */
-    ctx->raddr = pte1;
-    ctx->prot = ppc_hash32_prot(ctx->key, pte1 & HPTE32_R_PP, nx);
-    if (check_prot_access_type(ctx->prot, access_type)) {
-        qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
-        return 0;
-    } else {
-        qemu_log_mask(CPU_LOG_MMU, "PTE access rejected\n");
-        return -2;
-    }
-}
-
 /* Software driven TLB helpers */
 
 static int ppc6xx_tlb_check(CPUPPCState *env,
@@ -149,32 +122,32 @@ static int ppc6xx_tlb_check(CPUPPCState *env,
                       tlb->EPN, eaddr, tlb->pte1,
                       access_type == MMU_DATA_STORE ? 'S' : 'L',
                       access_type == MMU_INST_FETCH ? 'I' : 'D');
-        switch (ppc6xx_tlb_pte_check(ctx, tlb->pte0, tlb->pte1,
-                                     0, access_type, nx)) {
-        case -2:
-            /* Access violation */
-            ret = -2;
-            best = nr;
-            break;
-        case -1: /* No match */
-        case -3: /* TLB inconsistency */
-        default:
-            break;
-        case 0:
-            /* access granted */
-            /*
-             * XXX: we should go on looping to check all TLBs
-             *      consistency but we can speed-up the whole thing as
-             *      the result would be undefined if TLBs are not
-             *      consistent.
-             */
+        /* Check validity and table match */
+        if (!pte_is_valid(tlb->pte0) || ((tlb->pte0 >> 6) & 1) != 0 ||
+            (tlb->pte0 & PTE_PTEM_MASK) != ctx->ptem) {
+            continue;
+        }
+        /* all matches should have equal RPN, WIMG & PP */
+        if (ctx->raddr != (hwaddr)-1ULL &&
+            (ctx->raddr & PTE_CHECK_MASK) != (tlb->pte1 & PTE_CHECK_MASK)) {
+            qemu_log_mask(CPU_LOG_MMU, "Bad RPN/WIMG/PP\n");
+            /* TLB inconsistency */
+            continue;
+        }
+        /* Keep the matching PTE information */
+        best = nr;
+        ctx->raddr = tlb->pte1;
+        ctx->prot = ppc_hash32_prot(ctx->key, tlb->pte1 & HPTE32_R_PP, nx);
+        if (check_prot_access_type(ctx->prot, access_type)) {
+            qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
             ret = 0;
-            best = nr;
-            goto done;
+            break;
+        } else {
+            qemu_log_mask(CPU_LOG_MMU, "PTE access rejected\n");
+            ret = -2;
         }
     }
     if (best != -1) {
-done:
         qemu_log_mask(CPU_LOG_MMU, "found TLB at addr " HWADDR_FMT_plx
                       " prot=%01x ret=%d\n",
                       ctx->raddr & TARGET_PAGE_MASK, ctx->prot, ret);
-- 
2.30.9

[PATCH 17/43] target/ppc/mmu_common.c: Remove ptem field from mmu_ctx_t

[BALATON Zoltan]

Instead of passing around ptem in context use it once in the same
function so it can be removed from mmu_ctx_t.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 784e833ff2..339df377e8 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -41,7 +41,6 @@
 typedef struct {
     hwaddr raddr;      /* Real address             */
     int prot;          /* Protection bits          */
-    target_ulong ptem; /* Virtual segment ID | API */
     int key;           /* Access key               */
 } mmu_ctx_t;
 
@@ -95,16 +94,18 @@ int ppc6xx_tlb_getnum(CPUPPCState *env, target_ulong eaddr,
 
 static int ppc6xx_tlb_check(CPUPPCState *env,
                             mmu_ctx_t *ctx, target_ulong eaddr,
-                            MMUAccessType access_type, bool nx)
+                            MMUAccessType access_type, target_ulong ptem,
+                            bool nx)
 {
     ppc6xx_tlb_t *tlb;
     target_ulong *pte1p;
     int nr, best, way, ret;
+    bool is_code = (access_type == MMU_INST_FETCH);
 
     best = -1;
     ret = -1; /* No TLB found */
     for (way = 0; way < env->nb_ways; way++) {
-        nr = ppc6xx_tlb_getnum(env, eaddr, way, access_type == MMU_INST_FETCH);
+        nr = ppc6xx_tlb_getnum(env, eaddr, way, is_code);
         tlb = &env->tlb.tlb6[nr];
         /* This test "emulates" the PTE index match for hardware TLBs */
         if ((eaddr & TARGET_PAGE_MASK) != tlb->EPN) {
@@ -124,7 +125,7 @@ static int ppc6xx_tlb_check(CPUPPCState *env,
                       access_type == MMU_INST_FETCH ? 'I' : 'D');
         /* Check validity and table match */
         if (!pte_is_valid(tlb->pte0) || ((tlb->pte0 >> 6) & 1) != 0 ||
-            (tlb->pte0 & PTE_PTEM_MASK) != ctx->ptem) {
+            (tlb->pte0 & PTE_PTEM_MASK) != ptem) {
             continue;
         }
         /* all matches should have equal RPN, WIMG & PP */
@@ -164,6 +165,10 @@ static int ppc6xx_tlb_check(CPUPPCState *env,
             }
         }
     }
+    if (ret == -1) {
+        int r = is_code ? SPR_ICMP : SPR_DCMP;
+        env->spr[r] = ptem;
+    }
 #if defined(DUMP_PAGE_TABLES)
     if (qemu_loglevel_mask(CPU_LOG_MMU)) {
         CPUState *cs = env_cpu(env);
@@ -293,7 +298,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
 {
     PowerPCCPU *cpu = env_archcpu(env);
     hwaddr hash;
-    target_ulong vsid, sr, pgidx;
+    target_ulong vsid, sr, pgidx, ptem;
     bool pr, ds, nx;
 
     /* First try to find a BAT entry if there are any */
@@ -320,7 +325,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
                   access_type == MMU_DATA_STORE, type);
     pgidx = (eaddr & ~SEGMENT_MASK_256M) >> TARGET_PAGE_BITS;
     hash = vsid ^ pgidx;
-    ctx->ptem = (vsid << 7) | (pgidx >> 10);
+    ptem = (vsid << 7) | (pgidx >> 10); /* Virtual segment ID | API */
 
     qemu_log_mask(CPU_LOG_MMU, "pte segment: key=%d ds %d nx %d vsid "
                   TARGET_FMT_lx "\n", ctx->key, ds, nx, vsid);
@@ -339,7 +344,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
         /* Initialize real address with an invalid value */
         ctx->raddr = (hwaddr)-1ULL;
         /* Software TLB search */
-        return ppc6xx_tlb_check(env, ctx, eaddr, access_type, nx);
+        return ppc6xx_tlb_check(env, ctx, eaddr, access_type, ptem, nx);
     }
 
     /* Direct-store segment : absolutely *BUGGY* for now */
@@ -741,7 +746,7 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
             cs->exception_index = POWERPC_EXCP_IFTLB;
             env->error_code = 1 << 18;
             env->spr[SPR_IMISS] = eaddr;
-            env->spr[SPR_ICMP] = 0x80000000 | ctx.ptem;
+            env->spr[SPR_ICMP] |= 0x80000000;
             goto tlb_miss;
         case -2:
             /* Access rights violation */
@@ -772,7 +777,7 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
                 env->error_code = 0;
             }
             env->spr[SPR_DMISS] = eaddr;
-            env->spr[SPR_DCMP] = 0x80000000 | ctx.ptem;
+            env->spr[SPR_DCMP] |= 0x80000000;
 tlb_miss:
             env->error_code |= ctx.key << 19;
             env->spr[SPR_HASH1] = ppc_hash32_hpt_base(cpu) +
-- 
2.30.9

[PATCH 18/43] target/ppc: Add function to get protection key for hash32 MMU

[BALATON Zoltan]

Add a function to get key bit from SR and use it instead of open coded
version.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu-hash32.c | 9 ++++++---
 target/ppc/mmu-hash32.h | 5 +++++
 target/ppc/mmu_common.c | 3 +--
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
index 8a446c8a7d..93559447ff 100644
--- a/target/ppc/mmu-hash32.c
+++ b/target/ppc/mmu-hash32.c
@@ -42,7 +42,7 @@ static int ppc_hash32_pte_prot(int mmu_idx,
 {
     unsigned pp, key;
 
-    key = !!(mmuidx_pr(mmu_idx) ? (sr & SR32_KP) : (sr & SR32_KS));
+    key = ppc_hash32_key(mmuidx_pr(mmu_idx), sr);
     pp = pte.pte1 & HPTE32_R_PP;
 
     return ppc_hash32_prot(key, pp, !!(sr & SR32_NX));
@@ -145,7 +145,6 @@ static bool ppc_hash32_direct_store(PowerPCCPU *cpu, target_ulong sr,
 {
     CPUState *cs = CPU(cpu);
     CPUPPCState *env = &cpu->env;
-    int key = !!(mmuidx_pr(mmu_idx) ? (sr & SR32_KP) : (sr & SR32_KS));
 
     qemu_log_mask(CPU_LOG_MMU, "direct store...\n");
 
@@ -206,7 +205,11 @@ static bool ppc_hash32_direct_store(PowerPCCPU *cpu, target_ulong sr,
         cpu_abort(cs, "ERROR: insn should not need address translation\n");
     }
 
-    *prot = key ? PAGE_READ | PAGE_WRITE : PAGE_READ;
+    if (ppc_hash32_key(mmuidx_pr(mmu_idx), sr)) {
+        *prot = PAGE_READ | PAGE_WRITE;
+    } else {
+        *prot = PAGE_READ;
+    }
     if (check_prot_access_type(*prot, access_type)) {
         *raddr = eaddr;
         return true;
diff --git a/target/ppc/mmu-hash32.h b/target/ppc/mmu-hash32.h
index bc4eedbecc..5902cf8333 100644
--- a/target/ppc/mmu-hash32.h
+++ b/target/ppc/mmu-hash32.h
@@ -102,6 +102,11 @@ static inline void ppc_hash32_store_hpte1(PowerPCCPU *cpu,
     stl_phys(CPU(cpu)->as, base + pte_offset + HASH_PTE_SIZE_32 / 2, pte1);
 }
 
+static inline bool ppc_hash32_key(bool pr, target_ulong sr)
+{
+    return pr ? (sr & SR32_KP) : (sr & SR32_KS);
+}
+
 static inline int ppc_hash32_prot(bool key, int pp, bool nx)
 {
     int prot;
diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 339df377e8..1ed2f45ac7 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -310,8 +310,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
     pr = FIELD_EX64(env->msr, MSR, PR);
 
     sr = env->sr[eaddr >> 28];
-    ctx->key = (((sr & 0x20000000) && pr) ||
-                ((sr & 0x40000000) && !pr)) ? 1 : 0;
+    ctx->key = ppc_hash32_key(pr, sr);
     ds = sr & SR32_T;
     nx = sr & SR32_NX;
     vsid = sr & SR32_VSID;
-- 
2.30.9

[PATCH 19/43] target/ppc/mmu-hash32.c: Inline and remove ppc_hash32_pte_prot()

[BALATON Zoltan]

This is used only once and can be inlined.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu-hash32.c | 19 ++++---------------
 1 file changed, 4 insertions(+), 15 deletions(-)

diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
index 93559447ff..160311de87 100644
--- a/target/ppc/mmu-hash32.c
+++ b/target/ppc/mmu-hash32.c
@@ -37,17 +37,6 @@
 #  define LOG_BATS(...) do { } while (0)
 #endif
 
-static int ppc_hash32_pte_prot(int mmu_idx,
-                               target_ulong sr, ppc_hash_pte32_t pte)
-{
-    unsigned pp, key;
-
-    key = ppc_hash32_key(mmuidx_pr(mmu_idx), sr);
-    pp = pte.pte1 & HPTE32_R_PP;
-
-    return ppc_hash32_prot(key, pp, !!(sr & SR32_NX));
-}
-
 static target_ulong hash32_bat_size(int mmu_idx,
                                     target_ulong batu, target_ulong batl)
 {
@@ -341,10 +330,10 @@ bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
     CPUState *cs = CPU(cpu);
     CPUPPCState *env = &cpu->env;
     target_ulong sr;
-    hwaddr pte_offset;
+    hwaddr pte_offset, raddr;
     ppc_hash_pte32_t pte;
+    bool key;
     int prot;
-    hwaddr raddr;
 
     /* There are no hash32 large pages. */
     *psizep = TARGET_PAGE_BITS;
@@ -426,8 +415,8 @@ bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
                 "found PTE at offset %08" HWADDR_PRIx "\n", pte_offset);
 
     /* 7. Check access permissions */
-
-    prot = ppc_hash32_pte_prot(mmu_idx, sr, pte);
+    key = ppc_hash32_key(mmuidx_pr(mmu_idx), sr);
+    prot = ppc_hash32_prot(key, pte.pte1 & HPTE32_R_PP, sr & SR32_NX);
 
     if (!check_prot_access_type(prot, access_type)) {
         /* Access right violation */
-- 
2.30.9

[PATCH 20/43] target/ppc/mmu_common.c: Init variable in function that relies on it

[BALATON Zoltan]

The ppc6xx_tlb_check() relies on the caller to initialise raddr field
in ctx. Move this init from the only caller into the function.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 1ed2f45ac7..fe321ab49c 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -102,6 +102,8 @@ static int ppc6xx_tlb_check(CPUPPCState *env,
     int nr, best, way, ret;
     bool is_code = (access_type == MMU_INST_FETCH);
 
+    /* Initialize real address with an invalid value */
+    ctx->raddr = (hwaddr)-1ULL;
     best = -1;
     ret = -1; /* No TLB found */
     for (way = 0; way < env->nb_ways; way++) {
@@ -340,8 +342,6 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
                       ppc_hash32_hpt_base(cpu), ppc_hash32_hpt_mask(cpu), hash);
         *hashp = hash;
 
-        /* Initialize real address with an invalid value */
-        ctx->raddr = (hwaddr)-1ULL;
         /* Software TLB search */
         return ppc6xx_tlb_check(env, ctx, eaddr, access_type, ptem, nx);
     }
-- 
2.30.9

[PATCH 21/43] target/ppc/mmu_common.c: Remove key field from mmu_ctx_t

[BALATON Zoltan]

Pass it as a function parameter and remove it from mmu_ctx_t.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index fe321ab49c..be09c3b1a3 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -41,7 +41,6 @@
 typedef struct {
     hwaddr raddr;      /* Real address             */
     int prot;          /* Protection bits          */
-    int key;           /* Access key               */
 } mmu_ctx_t;
 
 void ppc_store_sdr1(CPUPPCState *env, target_ulong value)
@@ -95,7 +94,7 @@ int ppc6xx_tlb_getnum(CPUPPCState *env, target_ulong eaddr,
 static int ppc6xx_tlb_check(CPUPPCState *env,
                             mmu_ctx_t *ctx, target_ulong eaddr,
                             MMUAccessType access_type, target_ulong ptem,
-                            bool nx)
+                            bool key, bool nx)
 {
     ppc6xx_tlb_t *tlb;
     target_ulong *pte1p;
@@ -140,7 +139,7 @@ static int ppc6xx_tlb_check(CPUPPCState *env,
         /* Keep the matching PTE information */
         best = nr;
         ctx->raddr = tlb->pte1;
-        ctx->prot = ppc_hash32_prot(ctx->key, tlb->pte1 & HPTE32_R_PP, nx);
+        ctx->prot = ppc_hash32_prot(key, tlb->pte1 & HPTE32_R_PP, nx);
         if (check_prot_access_type(ctx->prot, access_type)) {
             qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
             ret = 0;
@@ -295,13 +294,14 @@ static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
 }
 
 static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
-                                       target_ulong eaddr, hwaddr *hashp,
+                                       target_ulong eaddr,
+                                       hwaddr *hashp, bool *keyp,
                                        MMUAccessType access_type, int type)
 {
     PowerPCCPU *cpu = env_archcpu(env);
     hwaddr hash;
     target_ulong vsid, sr, pgidx, ptem;
-    bool pr, ds, nx;
+    bool key, pr, ds, nx;
 
     /* First try to find a BAT entry if there are any */
     if (env->nb_BATs && get_bat_6xx_tlb(env, ctx, eaddr, access_type) == 0) {
@@ -312,7 +312,8 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
     pr = FIELD_EX64(env->msr, MSR, PR);
 
     sr = env->sr[eaddr >> 28];
-    ctx->key = ppc_hash32_key(pr, sr);
+    key = ppc_hash32_key(pr, sr);
+    *keyp = key;
     ds = sr & SR32_T;
     nx = sr & SR32_NX;
     vsid = sr & SR32_VSID;
@@ -329,7 +330,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
     ptem = (vsid << 7) | (pgidx >> 10); /* Virtual segment ID | API */
 
     qemu_log_mask(CPU_LOG_MMU, "pte segment: key=%d ds %d nx %d vsid "
-                  TARGET_FMT_lx "\n", ctx->key, ds, nx, vsid);
+                  TARGET_FMT_lx "\n", key, ds, nx, vsid);
     if (!ds) {
         /* Check if instruction fetch is allowed, if needed */
         if (type == ACCESS_CODE && nx) {
@@ -343,7 +344,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
         *hashp = hash;
 
         /* Software TLB search */
-        return ppc6xx_tlb_check(env, ctx, eaddr, access_type, ptem, nx);
+        return ppc6xx_tlb_check(env, ctx, eaddr, access_type, ptem, key, nx);
     }
 
     /* Direct-store segment : absolutely *BUGGY* for now */
@@ -367,8 +368,8 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
     case ACCESS_EXT: /* eciwx or ecowx */
         return -4;
     }
-    if ((access_type == MMU_DATA_STORE || ctx->key != 1) &&
-        (access_type == MMU_DATA_LOAD || ctx->key != 0)) {
+    if ((access_type == MMU_DATA_STORE || !key) &&
+        (access_type == MMU_DATA_LOAD || key)) {
         ctx->raddr = eaddr;
         return 2;
     }
@@ -709,6 +710,7 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
     CPUPPCState *env = &cpu->env;
     mmu_ctx_t ctx;
     hwaddr hash = 0; /* init to 0 to avoid used uninit warning */
+    bool key;
     int type, ret;
 
     if (ppc_real_mode_xlate(cpu, eaddr, access_type, raddrp, psizep, protp)) {
@@ -726,7 +728,7 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
     }
 
     ctx.prot = 0;
-    ret = mmu6xx_get_physical_address(env, &ctx, eaddr, &hash,
+    ret = mmu6xx_get_physical_address(env, &ctx, eaddr, &hash, &key,
                                       access_type, type);
     if (ret == 0) {
         *raddrp = ctx.raddr;
@@ -778,7 +780,7 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
             env->spr[SPR_DMISS] = eaddr;
             env->spr[SPR_DCMP] |= 0x80000000;
 tlb_miss:
-            env->error_code |= ctx.key << 19;
+            env->error_code |= key << 19;
             env->spr[SPR_HASH1] = ppc_hash32_hpt_base(cpu) +
                                   get_pteg_offset32(cpu, hash);
             env->spr[SPR_HASH2] = ppc_hash32_hpt_base(cpu) +
-- 
2.30.9

[PATCH 22/43] target/ppc/mmu_common.c: Stop using ctx in ppc6xx_tlb_check()

[BALATON Zoltan]

Pass raddr and prot in function parameters instead.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index be09c3b1a3..ede409eb99 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -91,10 +91,9 @@ int ppc6xx_tlb_getnum(CPUPPCState *env, target_ulong eaddr,
 
 /* Software driven TLB helpers */
 
-static int ppc6xx_tlb_check(CPUPPCState *env,
-                            mmu_ctx_t *ctx, target_ulong eaddr,
-                            MMUAccessType access_type, target_ulong ptem,
-                            bool key, bool nx)
+static int ppc6xx_tlb_check(CPUPPCState *env, hwaddr *raddr, int *prot,
+                            target_ulong eaddr, MMUAccessType access_type,
+                            target_ulong ptem, bool key, bool nx)
 {
     ppc6xx_tlb_t *tlb;
     target_ulong *pte1p;
@@ -102,7 +101,7 @@ static int ppc6xx_tlb_check(CPUPPCState *env,
     bool is_code = (access_type == MMU_INST_FETCH);
 
     /* Initialize real address with an invalid value */
-    ctx->raddr = (hwaddr)-1ULL;
+    *raddr = (hwaddr)-1ULL;
     best = -1;
     ret = -1; /* No TLB found */
     for (way = 0; way < env->nb_ways; way++) {
@@ -130,17 +129,17 @@ static int ppc6xx_tlb_check(CPUPPCState *env,
             continue;
         }
         /* all matches should have equal RPN, WIMG & PP */
-        if (ctx->raddr != (hwaddr)-1ULL &&
-            (ctx->raddr & PTE_CHECK_MASK) != (tlb->pte1 & PTE_CHECK_MASK)) {
+        if (*raddr != (hwaddr)-1ULL &&
+            (*raddr & PTE_CHECK_MASK) != (tlb->pte1 & PTE_CHECK_MASK)) {
             qemu_log_mask(CPU_LOG_MMU, "Bad RPN/WIMG/PP\n");
             /* TLB inconsistency */
             continue;
         }
         /* Keep the matching PTE information */
         best = nr;
-        ctx->raddr = tlb->pte1;
-        ctx->prot = ppc_hash32_prot(key, tlb->pte1 & HPTE32_R_PP, nx);
-        if (check_prot_access_type(ctx->prot, access_type)) {
+        *raddr = tlb->pte1;
+        *prot = ppc_hash32_prot(key, tlb->pte1 & HPTE32_R_PP, nx);
+        if (check_prot_access_type(*prot, access_type)) {
             qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
             ret = 0;
             break;
@@ -152,7 +151,7 @@ static int ppc6xx_tlb_check(CPUPPCState *env,
     if (best != -1) {
         qemu_log_mask(CPU_LOG_MMU, "found TLB at addr " HWADDR_FMT_plx
                       " prot=%01x ret=%d\n",
-                      ctx->raddr & TARGET_PAGE_MASK, ctx->prot, ret);
+                      *raddr & TARGET_PAGE_MASK, *prot, ret);
         /* Update page flags */
         pte1p = &env->tlb.tlb6[best].pte1;
         *pte1p |= 0x00000100; /* Update accessed flag */
@@ -162,7 +161,7 @@ static int ppc6xx_tlb_check(CPUPPCState *env,
                 *pte1p |= 0x00000080;
             } else {
                 /* Force page fault for first write access */
-                ctx->prot &= ~PAGE_WRITE;
+                *prot &= ~PAGE_WRITE;
             }
         }
     }
@@ -344,7 +343,8 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
         *hashp = hash;
 
         /* Software TLB search */
-        return ppc6xx_tlb_check(env, ctx, eaddr, access_type, ptem, key, nx);
+        return ppc6xx_tlb_check(env, &ctx->raddr, &ctx->prot, eaddr,
+                                access_type, ptem, key, nx);
     }
 
     /* Direct-store segment : absolutely *BUGGY* for now */
-- 
2.30.9

[PATCH 23/43] target/ppc/mmu_common.c: Rename function parameter

[BALATON Zoltan]

Rename parameter of get_bat_6xx_tlb() from virtual to eaddr to match
other functions.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index ede409eb99..110936ca83 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -221,7 +221,7 @@ static inline void bat_size_prot(CPUPPCState *env, target_ulong *blp,
 }
 
 static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
-                           target_ulong virtual, MMUAccessType access_type)
+                           target_ulong eaddr, MMUAccessType access_type)
 {
     target_ulong *BATlt, *BATut, *BATu, *BATl;
     target_ulong BEPIl, BEPIu, bl;
@@ -230,7 +230,7 @@ static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
     bool ifetch = access_type == MMU_INST_FETCH;
 
     qemu_log_mask(CPU_LOG_MMU, "%s: %cBAT v " TARGET_FMT_lx "\n", __func__,
-                  ifetch ? 'I' : 'D', virtual);
+                  ifetch ? 'I' : 'D', eaddr);
     if (ifetch) {
         BATlt = env->IBAT[1];
         BATut = env->IBAT[0];
@@ -246,15 +246,15 @@ static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
         bat_size_prot(env, &bl, &valid, &prot, BATu, BATl);
         qemu_log_mask(CPU_LOG_MMU, "%s: %cBAT%d v " TARGET_FMT_lx " BATu "
                       TARGET_FMT_lx " BATl " TARGET_FMT_lx "\n", __func__,
-                      ifetch ? 'I' : 'D', i, virtual, *BATu, *BATl);
-        if ((virtual & 0xF0000000) == BEPIu &&
-            ((virtual & 0x0FFE0000) & ~bl) == BEPIl) {
+                      ifetch ? 'I' : 'D', i, eaddr, *BATu, *BATl);
+        if ((eaddr & 0xF0000000) == BEPIu &&
+            ((eaddr & 0x0FFE0000) & ~bl) == BEPIl) {
             /* BAT matches */
             if (valid != 0) {
                 /* Get physical address */
                 ctx->raddr = (*BATl & 0xF0000000) |
-                    ((virtual & 0x0FFE0000 & bl) | (*BATl & 0x0FFE0000)) |
-                    (virtual & 0x0001F000);
+                    ((eaddr & 0x0FFE0000 & bl) | (*BATl & 0x0FFE0000)) |
+                    (eaddr & 0x0001F000);
                 /* Compute access rights */
                 ctx->prot = prot;
                 if (check_prot_access_type(ctx->prot, access_type)) {
@@ -273,7 +273,7 @@ static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
     if (ret < 0) {
         if (qemu_log_enabled()) {
             qemu_log_mask(CPU_LOG_MMU, "no BAT match for "
-                          TARGET_FMT_lx ":\n", virtual);
+                          TARGET_FMT_lx ":\n", eaddr);
             for (i = 0; i < 4; i++) {
                 BATu = &BATut[i];
                 BATl = &BATlt[i];
@@ -284,7 +284,7 @@ static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
                               " BATu " TARGET_FMT_lx " BATl " TARGET_FMT_lx
                               "\n\t" TARGET_FMT_lx " " TARGET_FMT_lx " "
                               TARGET_FMT_lx "\n", __func__, ifetch ? 'I' : 'D',
-                              i, virtual, *BATu, *BATl, BEPIu, BEPIl, bl);
+                              i, eaddr, *BATu, *BATl, BEPIu, BEPIl, bl);
             }
         }
     }
-- 
2.30.9

[PATCH 24/43] target/ppc/mmu_common.c: Use defines instead of numeric constants

[BALATON Zoltan]

Replace some BAT related constants with defines from mmu-hash32.h

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 110936ca83..aa002bba35 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -201,7 +201,7 @@ static inline void bat_size_prot(CPUPPCState *env, target_ulong *blp,
     target_ulong bl;
     int pp, valid, prot;
 
-    bl = (*BATu & 0x00001FFC) << 15;
+    bl = (*BATu & BATU32_BL) << 15;
     valid = 0;
     prot = 0;
     if ((!FIELD_EX64(env->msr, MSR, PR) && (*BATu & 0x00000002)) ||
@@ -241,19 +241,19 @@ static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
     for (i = 0; i < env->nb_BATs; i++) {
         BATu = &BATut[i];
         BATl = &BATlt[i];
-        BEPIu = *BATu & 0xF0000000;
-        BEPIl = *BATu & 0x0FFE0000;
+        BEPIu = *BATu & BATU32_BEPIU;
+        BEPIl = *BATu & BATU32_BEPIL;
         bat_size_prot(env, &bl, &valid, &prot, BATu, BATl);
         qemu_log_mask(CPU_LOG_MMU, "%s: %cBAT%d v " TARGET_FMT_lx " BATu "
                       TARGET_FMT_lx " BATl " TARGET_FMT_lx "\n", __func__,
                       ifetch ? 'I' : 'D', i, eaddr, *BATu, *BATl);
-        if ((eaddr & 0xF0000000) == BEPIu &&
-            ((eaddr & 0x0FFE0000) & ~bl) == BEPIl) {
+        if ((eaddr & BATU32_BEPIU) == BEPIu &&
+            ((eaddr & BATU32_BEPIL) & ~bl) == BEPIl) {
             /* BAT matches */
             if (valid != 0) {
                 /* Get physical address */
-                ctx->raddr = (*BATl & 0xF0000000) |
-                    ((eaddr & 0x0FFE0000 & bl) | (*BATl & 0x0FFE0000)) |
+                ctx->raddr = (*BATl & BATU32_BEPIU) |
+                    ((eaddr & BATU32_BEPIL & bl) | (*BATl & BATU32_BEPIL)) |
                     (eaddr & 0x0001F000);
                 /* Compute access rights */
                 ctx->prot = prot;
@@ -277,9 +277,9 @@ static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
             for (i = 0; i < 4; i++) {
                 BATu = &BATut[i];
                 BATl = &BATlt[i];
-                BEPIu = *BATu & 0xF0000000;
-                BEPIl = *BATu & 0x0FFE0000;
-                bl = (*BATu & 0x00001FFC) << 15;
+                BEPIu = *BATu & BATU32_BEPIU;
+                BEPIl = *BATu & BATU32_BEPIL;
+                bl = (*BATu & BATU32_BL) << 15;
                 qemu_log_mask(CPU_LOG_MMU, "%s: %cBAT%d v " TARGET_FMT_lx
                               " BATu " TARGET_FMT_lx " BATl " TARGET_FMT_lx
                               "\n\t" TARGET_FMT_lx " " TARGET_FMT_lx " "
@@ -520,9 +520,9 @@ static void mmu6xx_dump_BATs(CPUPPCState *env, int type)
     for (i = 0; i < env->nb_BATs; i++) {
         BATu = &BATut[i];
         BATl = &BATlt[i];
-        BEPIu = *BATu & 0xF0000000;
-        BEPIl = *BATu & 0x0FFE0000;
-        bl = (*BATu & 0x00001FFC) << 15;
+        BEPIu = *BATu & BATU32_BEPIU;
+        BEPIl = *BATu & BATU32_BEPIL;
+        bl = (*BATu & BATU32_BL) << 15;
         qemu_printf("%s BAT%d BATu " TARGET_FMT_lx
                     " BATl " TARGET_FMT_lx "\n\t" TARGET_FMT_lx " "
                     TARGET_FMT_lx " " TARGET_FMT_lx "\n",
-- 
2.30.9

[PATCH 25/43] target/ppc: Remove bat_size_prot()

[BALATON Zoltan]

There is already a hash32_bat_prot() function that does most if this
and the rest can be inlined. Export hash32_bat_prot() and rename it to
ppc_hash32_bat_prot() to match other functions and use it in
get_bat_6xx_tlb().

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu-hash32.c | 18 +-------------
 target/ppc/mmu-hash32.h | 14 +++++++++++
 target/ppc/mmu_common.c | 52 ++++++++++-------------------------------
 3 files changed, 27 insertions(+), 57 deletions(-)

diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
index 160311de87..6f0f0bbb00 100644
--- a/target/ppc/mmu-hash32.c
+++ b/target/ppc/mmu-hash32.c
@@ -48,22 +48,6 @@ static target_ulong hash32_bat_size(int mmu_idx,
     return BATU32_BEPI & ~((batu & BATU32_BL) << 15);
 }
 
-static int hash32_bat_prot(PowerPCCPU *cpu,
-                           target_ulong batu, target_ulong batl)
-{
-    int pp, prot;
-
-    prot = 0;
-    pp = batl & BATL32_PP;
-    if (pp != 0) {
-        prot = PAGE_READ | PAGE_EXEC;
-        if (pp == 0x2) {
-            prot |= PAGE_WRITE;
-        }
-    }
-    return prot;
-}
-
 static hwaddr ppc_hash32_bat_lookup(PowerPCCPU *cpu, target_ulong ea,
                                     MMUAccessType access_type, int *prot,
                                     int mmu_idx)
@@ -95,7 +79,7 @@ static hwaddr ppc_hash32_bat_lookup(PowerPCCPU *cpu, target_ulong ea,
         if (mask && ((ea & mask) == (batu & BATU32_BEPI))) {
             hwaddr raddr = (batl & mask) | (ea & ~mask);
 
-            *prot = hash32_bat_prot(cpu, batu, batl);
+            *prot = ppc_hash32_bat_prot(batu, batl);
 
             return raddr & TARGET_PAGE_MASK;
         }
diff --git a/target/ppc/mmu-hash32.h b/target/ppc/mmu-hash32.h
index 5902cf8333..bd75f7d647 100644
--- a/target/ppc/mmu-hash32.h
+++ b/target/ppc/mmu-hash32.h
@@ -143,6 +143,20 @@ static inline int ppc_hash32_prot(bool key, int pp, bool nx)
     return nx ? prot : prot | PAGE_EXEC;
 }
 
+static inline int ppc_hash32_bat_prot(target_ulong batu, target_ulong batl)
+{
+    int prot = 0;
+    int pp = batl & BATL32_PP;
+
+    if (pp) {
+        prot = PAGE_READ | PAGE_EXEC;
+        if (pp == 0x2) {
+            prot |= PAGE_WRITE;
+        }
+    }
+    return prot;
+}
+
 typedef struct {
     uint32_t pte0, pte1;
 } ppc_hash_pte32_t;
diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index aa002bba35..624ed51a92 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -193,40 +193,13 @@ static int ppc6xx_tlb_check(CPUPPCState *env, hwaddr *raddr, int *prot,
     return ret;
 }
 
-/* Perform BAT hit & translation */
-static inline void bat_size_prot(CPUPPCState *env, target_ulong *blp,
-                                 int *validp, int *protp, target_ulong *BATu,
-                                 target_ulong *BATl)
-{
-    target_ulong bl;
-    int pp, valid, prot;
-
-    bl = (*BATu & BATU32_BL) << 15;
-    valid = 0;
-    prot = 0;
-    if ((!FIELD_EX64(env->msr, MSR, PR) && (*BATu & 0x00000002)) ||
-        (FIELD_EX64(env->msr, MSR, PR) && (*BATu & 0x00000001))) {
-        valid = 1;
-        pp = *BATl & 0x00000003;
-        if (pp != 0) {
-            prot = PAGE_READ | PAGE_EXEC;
-            if (pp == 0x2) {
-                prot |= PAGE_WRITE;
-            }
-        }
-    }
-    *blp = bl;
-    *validp = valid;
-    *protp = prot;
-}
-
 static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
-                           target_ulong eaddr, MMUAccessType access_type)
+                           target_ulong eaddr, MMUAccessType access_type,
+                           bool pr)
 {
     target_ulong *BATlt, *BATut, *BATu, *BATl;
     target_ulong BEPIl, BEPIu, bl;
-    int i, valid, prot;
-    int ret = -1;
+    int i, ret = -1;
     bool ifetch = access_type == MMU_INST_FETCH;
 
     qemu_log_mask(CPU_LOG_MMU, "%s: %cBAT v " TARGET_FMT_lx "\n", __func__,
@@ -243,20 +216,19 @@ static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
         BATl = &BATlt[i];
         BEPIu = *BATu & BATU32_BEPIU;
         BEPIl = *BATu & BATU32_BEPIL;
-        bat_size_prot(env, &bl, &valid, &prot, BATu, BATl);
         qemu_log_mask(CPU_LOG_MMU, "%s: %cBAT%d v " TARGET_FMT_lx " BATu "
                       TARGET_FMT_lx " BATl " TARGET_FMT_lx "\n", __func__,
                       ifetch ? 'I' : 'D', i, eaddr, *BATu, *BATl);
-        if ((eaddr & BATU32_BEPIU) == BEPIu &&
-            ((eaddr & BATU32_BEPIL) & ~bl) == BEPIl) {
-            /* BAT matches */
-            if (valid != 0) {
+        bl = (*BATu & BATU32_BL) << 15;
+        if ((!pr && (*BATu & BATU32_VS)) || (pr && (*BATu & BATU32_VP))) {
+            if ((eaddr & BATU32_BEPIU) == BEPIu &&
+                ((eaddr & BATU32_BEPIL) & ~bl) == BEPIl) {
                 /* Get physical address */
                 ctx->raddr = (*BATl & BATU32_BEPIU) |
                     ((eaddr & BATU32_BEPIL & bl) | (*BATl & BATU32_BEPIL)) |
                     (eaddr & 0x0001F000);
                 /* Compute access rights */
-                ctx->prot = prot;
+                ctx->prot = ppc_hash32_bat_prot(*BATu, *BATl);
                 if (check_prot_access_type(ctx->prot, access_type)) {
                     qemu_log_mask(CPU_LOG_MMU, "BAT %d match: r " HWADDR_FMT_plx
                                   " prot=%c%c\n", i, ctx->raddr,
@@ -300,16 +272,16 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
     PowerPCCPU *cpu = env_archcpu(env);
     hwaddr hash;
     target_ulong vsid, sr, pgidx, ptem;
-    bool key, pr, ds, nx;
+    bool key, ds, nx;
+    bool pr = FIELD_EX64(env->msr, MSR, PR);
 
     /* First try to find a BAT entry if there are any */
-    if (env->nb_BATs && get_bat_6xx_tlb(env, ctx, eaddr, access_type) == 0) {
+    if (env->nb_BATs &&
+        get_bat_6xx_tlb(env, ctx, eaddr, access_type, pr) == 0) {
         return 0;
     }
 
     /* Perform segment based translation when no BATs matched */
-    pr = FIELD_EX64(env->msr, MSR, PR);
-
     sr = env->sr[eaddr >> 28];
     key = ppc_hash32_key(pr, sr);
     *keyp = key;
-- 
2.30.9

[PATCH 26/43] target/ppc/mmu_common.c: Stop using ctx in get_bat_6xx_tlb()

[BALATON Zoltan]

Pass raddr and prot in function parameters instead

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 624ed51a92..4770b43630 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -193,7 +193,7 @@ static int ppc6xx_tlb_check(CPUPPCState *env, hwaddr *raddr, int *prot,
     return ret;
 }
 
-static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
+static int get_bat_6xx_tlb(CPUPPCState *env, hwaddr *raddr, int *prot,
                            target_ulong eaddr, MMUAccessType access_type,
                            bool pr)
 {
@@ -224,16 +224,16 @@ static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
             if ((eaddr & BATU32_BEPIU) == BEPIu &&
                 ((eaddr & BATU32_BEPIL) & ~bl) == BEPIl) {
                 /* Get physical address */
-                ctx->raddr = (*BATl & BATU32_BEPIU) |
+                *raddr = (*BATl & BATU32_BEPIU) |
                     ((eaddr & BATU32_BEPIL & bl) | (*BATl & BATU32_BEPIL)) |
                     (eaddr & 0x0001F000);
                 /* Compute access rights */
-                ctx->prot = ppc_hash32_bat_prot(*BATu, *BATl);
-                if (check_prot_access_type(ctx->prot, access_type)) {
+                *prot = ppc_hash32_bat_prot(*BATu, *BATl);
+                if (check_prot_access_type(*prot, access_type)) {
                     qemu_log_mask(CPU_LOG_MMU, "BAT %d match: r " HWADDR_FMT_plx
-                                  " prot=%c%c\n", i, ctx->raddr,
-                                  ctx->prot & PAGE_READ ? 'R' : '-',
-                                  ctx->prot & PAGE_WRITE ? 'W' : '-');
+                                  " prot=%c%c\n", i, *raddr,
+                                  *prot & PAGE_READ ? 'R' : '-',
+                                  *prot & PAGE_WRITE ? 'W' : '-');
                     ret = 0;
                 } else {
                     ret = -2;
@@ -277,7 +277,8 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
 
     /* First try to find a BAT entry if there are any */
     if (env->nb_BATs &&
-        get_bat_6xx_tlb(env, ctx, eaddr, access_type, pr) == 0) {
+        get_bat_6xx_tlb(env, &ctx->raddr, &ctx->prot, eaddr,
+                        access_type, pr) == 0) {
         return 0;
     }
 
-- 
2.30.9

[PATCH 27/43] target/ppc/mmu_common.c: Remove mmu_ctx_t

[BALATON Zoltan]

Completely get rid of mmu_ctx_t after converting the remaining
functions to pass raddr and prot without the context struct.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu_common.c | 25 +++++++------------------
 1 file changed, 7 insertions(+), 18 deletions(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 4770b43630..60f8736210 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -37,12 +37,6 @@
 
 /* #define DUMP_PAGE_TABLES */
 
-/* Context used internally during MMU translations */
-typedef struct {
-    hwaddr raddr;      /* Real address             */
-    int prot;          /* Protection bits          */
-} mmu_ctx_t;
-
 void ppc_store_sdr1(CPUPPCState *env, target_ulong value)
 {
     PowerPCCPU *cpu = env_archcpu(env);
@@ -264,8 +258,8 @@ static int get_bat_6xx_tlb(CPUPPCState *env, hwaddr *raddr, int *prot,
     return ret;
 }
 
-static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
-                                       target_ulong eaddr,
+static int mmu6xx_get_physical_address(CPUPPCState *env, hwaddr *raddr,
+                                       int *prot, target_ulong eaddr,
                                        hwaddr *hashp, bool *keyp,
                                        MMUAccessType access_type, int type)
 {
@@ -277,8 +271,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
 
     /* First try to find a BAT entry if there are any */
     if (env->nb_BATs &&
-        get_bat_6xx_tlb(env, &ctx->raddr, &ctx->prot, eaddr,
-                        access_type, pr) == 0) {
+        get_bat_6xx_tlb(env, raddr, prot, eaddr, access_type, pr) == 0) {
         return 0;
     }
 
@@ -316,7 +309,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
         *hashp = hash;
 
         /* Software TLB search */
-        return ppc6xx_tlb_check(env, &ctx->raddr, &ctx->prot, eaddr,
+        return ppc6xx_tlb_check(env, raddr, prot, eaddr,
                                 access_type, ptem, key, nx);
     }
 
@@ -333,7 +326,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
          * Should make the instruction do no-op.  As it already do
          * no-op, it's quite easy :-)
          */
-        ctx->raddr = eaddr;
+        *raddr = eaddr;
         return 0;
     case ACCESS_CODE: /* No code fetch is allowed in direct-store areas */
     case ACCESS_FLOAT: /* Floating point load/store */
@@ -343,7 +336,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
     }
     if ((access_type == MMU_DATA_STORE || !key) &&
         (access_type == MMU_DATA_LOAD || key)) {
-        ctx->raddr = eaddr;
+        *raddr = eaddr;
         return 2;
     }
     return -2;
@@ -681,7 +674,6 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
 {
     CPUState *cs = CPU(cpu);
     CPUPPCState *env = &cpu->env;
-    mmu_ctx_t ctx;
     hwaddr hash = 0; /* init to 0 to avoid used uninit warning */
     bool key;
     int type, ret;
@@ -700,12 +692,9 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
         type = ACCESS_INT;
     }
 
-    ctx.prot = 0;
-    ret = mmu6xx_get_physical_address(env, &ctx, eaddr, &hash, &key,
+    ret = mmu6xx_get_physical_address(env, raddrp, protp, eaddr, &hash, &key,
                                       access_type, type);
     if (ret == 0) {
-        *raddrp = ctx.raddr;
-        *protp = ctx.prot;
         *psizep = TARGET_PAGE_BITS;
         return true;
     } else if (!guest_visible) {
-- 
2.30.9

[PATCH 28/43] target/ppc/mmu-hash32.c: Inline and remove ppc_hash32_pte_raddr()

[BALATON Zoltan]

This function is used only once and does not add more clarity than
doing it inline.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu-hash32.c | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
index 6f0f0bbb00..c4de1647e2 100644
--- a/target/ppc/mmu-hash32.c
+++ b/target/ppc/mmu-hash32.c
@@ -298,15 +298,6 @@ static hwaddr ppc_hash32_htab_lookup(PowerPCCPU *cpu,
     return pte_offset;
 }
 
-static hwaddr ppc_hash32_pte_raddr(target_ulong sr, ppc_hash_pte32_t pte,
-                                   target_ulong eaddr)
-{
-    hwaddr rpn = pte.pte1 & HPTE32_R_RPN;
-    hwaddr mask = ~TARGET_PAGE_MASK;
-
-    return (rpn & ~mask) | (eaddr & mask);
-}
-
 bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
                       hwaddr *raddrp, int *psizep, int *protp, int mmu_idx,
                       bool guest_visible)
@@ -440,11 +431,12 @@ bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
              */
             prot &= ~PAGE_WRITE;
         }
-     }
+    }
+    *protp = prot;
 
     /* 9. Determine the real address from the PTE */
-
-    *raddrp = ppc_hash32_pte_raddr(sr, pte, eaddr);
-    *protp = prot;
+    *raddrp = pte.pte1 & HPTE32_R_RPN;
+    *raddrp &= TARGET_PAGE_MASK;
+    *raddrp |= eaddr & ~TARGET_PAGE_MASK;
     return true;
 }
-- 
2.30.9

[PATCH 29/43] target/ppc/mmu-hash32.c: Move get_pteg_offset32() to the header

[BALATON Zoltan]

This function is a simple shared function, move it to other similar
static inline functions in the header.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu-hash32.c | 7 -------
 target/ppc/mmu-hash32.h | 6 +++++-
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
index c4de1647e2..44b16142ab 100644
--- a/target/ppc/mmu-hash32.c
+++ b/target/ppc/mmu-hash32.c
@@ -201,13 +201,6 @@ static bool ppc_hash32_direct_store(PowerPCCPU *cpu, target_ulong sr,
     return false;
 }
 
-hwaddr get_pteg_offset32(PowerPCCPU *cpu, hwaddr hash)
-{
-    target_ulong mask = ppc_hash32_hpt_mask(cpu);
-
-    return (hash * HASH_PTEG_SIZE_32) & mask;
-}
-
 static hwaddr ppc_hash32_pteg_search(PowerPCCPU *cpu, hwaddr pteg_off,
                                      bool secondary, target_ulong ptem,
                                      ppc_hash_pte32_t *pte)
diff --git a/target/ppc/mmu-hash32.h b/target/ppc/mmu-hash32.h
index bd75f7d647..2838de031c 100644
--- a/target/ppc/mmu-hash32.h
+++ b/target/ppc/mmu-hash32.h
@@ -3,7 +3,6 @@
 
 #ifndef CONFIG_USER_ONLY
 
-hwaddr get_pteg_offset32(PowerPCCPU *cpu, hwaddr hash);
 bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
                       hwaddr *raddrp, int *psizep, int *protp, int mmu_idx,
                       bool guest_visible);
@@ -102,6 +101,11 @@ static inline void ppc_hash32_store_hpte1(PowerPCCPU *cpu,
     stl_phys(CPU(cpu)->as, base + pte_offset + HASH_PTE_SIZE_32 / 2, pte1);
 }
 
+static inline hwaddr get_pteg_offset32(PowerPCCPU *cpu, hwaddr hash)
+{
+    return (hash * HASH_PTEG_SIZE_32) & ppc_hash32_hpt_mask(cpu);
+}
+
 static inline bool ppc_hash32_key(bool pr, target_ulong sr)
 {
     return pr ? (sr & SR32_KP) : (sr & SR32_KS);
-- 
2.30.9

[PATCH 30/43] target/ppc: Unexport some functions from mmu-book3s-v3.h

[BALATON Zoltan]

The ppc_hash64_hpt_base() and ppc_hash64_hpt_mask() functions are
mostly used by mmu-hash64.c only but there is one call to
ppc_hash64_hpt_mask() in hw/ppc/spapr_vhyp_mmu.c.in a helper function
that can be moved to mmu-hash64.c which allows these functions to be
removed from the header.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 hw/ppc/spapr_vhyp_mmu.c    | 21 ++++------------
 target/ppc/mmu-book3s-v3.h | 40 -------------------------------
 target/ppc/mmu-hash64.c    | 49 ++++++++++++++++++++++++++++++++++++++
 target/ppc/mmu-hash64.h    |  1 +
 4 files changed, 54 insertions(+), 57 deletions(-)

diff --git a/hw/ppc/spapr_vhyp_mmu.c b/hw/ppc/spapr_vhyp_mmu.c
index b3dd8b3a59..2d41d7f77b 100644
--- a/hw/ppc/spapr_vhyp_mmu.c
+++ b/hw/ppc/spapr_vhyp_mmu.c
@@ -15,19 +15,6 @@
 #include "helper_regs.h"
 #include "hw/ppc/spapr.h"
 #include "mmu-hash64.h"
-#include "mmu-book3s-v3.h"
-
-
-static inline bool valid_ptex(PowerPCCPU *cpu, target_ulong ptex)
-{
-    /*
-     * hash value/pteg group index is normalized by HPT mask
-     */
-    if (((ptex & ~7ULL) / HPTES_PER_GROUP) & ~ppc_hash64_hpt_mask(cpu)) {
-        return false;
-    }
-    return true;
-}
 
 static target_ulong h_enter(PowerPCCPU *cpu, SpaprMachineState *spapr,
                             target_ulong opcode, target_ulong *args)
@@ -70,7 +57,7 @@ static target_ulong h_enter(PowerPCCPU *cpu, SpaprMachineState *spapr,
 
     pteh &= ~0x60ULL;
 
-    if (!valid_ptex(cpu, ptex)) {
+    if (!ppc_hash64_valid_ptex(cpu, ptex)) {
         return H_PARAMETER;
     }
 
@@ -119,7 +106,7 @@ static RemoveResult remove_hpte(PowerPCCPU *cpu
     const ppc_hash_pte64_t *hptes;
     target_ulong v, r;
 
-    if (!valid_ptex(cpu, ptex)) {
+    if (!ppc_hash64_valid_ptex(cpu, ptex)) {
         return REMOVE_PARM;
     }
 
@@ -250,7 +237,7 @@ static target_ulong h_protect(PowerPCCPU *cpu, SpaprMachineState *spapr,
     const ppc_hash_pte64_t *hptes;
     target_ulong v, r;
 
-    if (!valid_ptex(cpu, ptex)) {
+    if (!ppc_hash64_valid_ptex(cpu, ptex)) {
         return H_PARAMETER;
     }
 
@@ -287,7 +274,7 @@ static target_ulong h_read(PowerPCCPU *cpu, SpaprMachineState *spapr,
     int i, ridx, n_entries = 1;
     const ppc_hash_pte64_t *hptes;
 
-    if (!valid_ptex(cpu, ptex)) {
+    if (!ppc_hash64_valid_ptex(cpu, ptex)) {
         return H_PARAMETER;
     }
 
diff --git a/target/ppc/mmu-book3s-v3.h b/target/ppc/mmu-book3s-v3.h
index f3f7993958..263ce55c1f 100644
--- a/target/ppc/mmu-book3s-v3.h
+++ b/target/ppc/mmu-book3s-v3.h
@@ -83,46 +83,6 @@ static inline bool ppc64_v3_radix(PowerPCCPU *cpu)
     return !!(cpu->env.spr[SPR_LPCR] & LPCR_HR);
 }
 
-static inline hwaddr ppc_hash64_hpt_base(PowerPCCPU *cpu)
-{
-    uint64_t base;
-
-    if (cpu->vhyp) {
-        return 0;
-    }
-    if (cpu->env.mmu_model == POWERPC_MMU_3_00) {
-        ppc_v3_pate_t pate;
-
-        if (!ppc64_v3_get_pate(cpu, cpu->env.spr[SPR_LPIDR], &pate)) {
-            return 0;
-        }
-        base = pate.dw0;
-    } else {
-        base = cpu->env.spr[SPR_SDR1];
-    }
-    return base & SDR_64_HTABORG;
-}
-
-static inline hwaddr ppc_hash64_hpt_mask(PowerPCCPU *cpu)
-{
-    uint64_t base;
-
-    if (cpu->vhyp) {
-        return cpu->vhyp_class->hpt_mask(cpu->vhyp);
-    }
-    if (cpu->env.mmu_model == POWERPC_MMU_3_00) {
-        ppc_v3_pate_t pate;
-
-        if (!ppc64_v3_get_pate(cpu, cpu->env.spr[SPR_LPIDR], &pate)) {
-            return 0;
-        }
-        base = pate.dw0;
-    } else {
-        base = cpu->env.spr[SPR_SDR1];
-    }
-    return (1ULL << ((base & SDR_64_HTABSIZE) + 18 - 7)) - 1;
-}
-
 #endif /* TARGET_PPC64 */
 
 #endif /* CONFIG_USER_ONLY */
diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index cbc8efa0c3..7bc0323f26 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -508,6 +508,46 @@ static int ppc_hash64_amr_prot(PowerPCCPU *cpu, ppc_hash_pte64_t pte)
     return prot;
 }
 
+static hwaddr ppc_hash64_hpt_base(PowerPCCPU *cpu)
+{
+    uint64_t base;
+
+    if (cpu->vhyp) {
+        return 0;
+    }
+    if (cpu->env.mmu_model == POWERPC_MMU_3_00) {
+        ppc_v3_pate_t pate;
+
+        if (!ppc64_v3_get_pate(cpu, cpu->env.spr[SPR_LPIDR], &pate)) {
+            return 0;
+        }
+        base = pate.dw0;
+    } else {
+        base = cpu->env.spr[SPR_SDR1];
+    }
+    return base & SDR_64_HTABORG;
+}
+
+static hwaddr ppc_hash64_hpt_mask(PowerPCCPU *cpu)
+{
+    uint64_t base;
+
+    if (cpu->vhyp) {
+        return cpu->vhyp_class->hpt_mask(cpu->vhyp);
+    }
+    if (cpu->env.mmu_model == POWERPC_MMU_3_00) {
+        ppc_v3_pate_t pate;
+
+        if (!ppc64_v3_get_pate(cpu, cpu->env.spr[SPR_LPIDR], &pate)) {
+            return 0;
+        }
+        base = pate.dw0;
+    } else {
+        base = cpu->env.spr[SPR_SDR1];
+    }
+    return (1ULL << ((base & SDR_64_HTABSIZE) + 18 - 7)) - 1;
+}
+
 const ppc_hash_pte64_t *ppc_hash64_map_hptes(PowerPCCPU *cpu,
                                              hwaddr ptex, int n)
 {
@@ -545,6 +585,15 @@ void ppc_hash64_unmap_hptes(PowerPCCPU *cpu, const ppc_hash_pte64_t *hptes,
                         false, n * HASH_PTE_SIZE_64);
 }
 
+bool ppc_hash64_valid_ptex(PowerPCCPU *cpu, target_ulong ptex)
+{
+    /* hash value/pteg group index is normalized by HPT mask */
+    if (((ptex & ~7ULL) / HPTES_PER_GROUP) & ~ppc_hash64_hpt_mask(cpu)) {
+        return false;
+    }
+    return true;
+}
+
 static unsigned hpte_page_shift(const PPCHash64SegmentPageSizes *sps,
                                 uint64_t pte0, uint64_t pte1)
 {
diff --git a/target/ppc/mmu-hash64.h b/target/ppc/mmu-hash64.h
index de653fcae5..ae8d4b37ae 100644
--- a/target/ppc/mmu-hash64.h
+++ b/target/ppc/mmu-hash64.h
@@ -120,6 +120,7 @@ const ppc_hash_pte64_t *ppc_hash64_map_hptes(PowerPCCPU *cpu,
                                              hwaddr ptex, int n);
 void ppc_hash64_unmap_hptes(PowerPCCPU *cpu, const ppc_hash_pte64_t *hptes,
                             hwaddr ptex, int n);
+bool ppc_hash64_valid_ptex(PowerPCCPU *cpu, target_ulong ptex);
 
 static inline uint64_t ppc_hash64_hpte0(PowerPCCPU *cpu,
                                         const ppc_hash_pte64_t *hptes, int i)
-- 
2.30.9

[PATCH 31/43] target/ppc/mmu-radix64: Remove externally unused parts from header

[BALATON Zoltan]

Move the parts not needed outside of mmu-radix64.c from the header to
the C file to leave only parts in the header that need to be exported.
Also drop unneded include of this header.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu-book3s-v3.c |  1 -
 target/ppc/mmu-radix64.c   | 49 +++++++++++++++++++++++++++++++++++
 target/ppc/mmu-radix64.h   | 53 +-------------------------------------
 3 files changed, 50 insertions(+), 53 deletions(-)

diff --git a/target/ppc/mmu-book3s-v3.c b/target/ppc/mmu-book3s-v3.c
index c8f69b3df9..a812cb5113 100644
--- a/target/ppc/mmu-book3s-v3.c
+++ b/target/ppc/mmu-book3s-v3.c
@@ -21,7 +21,6 @@
 #include "cpu.h"
 #include "mmu-hash64.h"
 #include "mmu-book3s-v3.h"
-#include "mmu-radix64.h"
 
 bool ppc64_v3_get_pate(PowerPCCPU *cpu, target_ulong lpid, ppc_v3_pate_t *entry)
 {
diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c
index 5a02e4963b..cf9619e847 100644
--- a/target/ppc/mmu-radix64.c
+++ b/target/ppc/mmu-radix64.c
@@ -29,6 +29,37 @@
 #include "mmu-radix64.h"
 #include "mmu-book3s-v3.h"
 
+/* Radix Partition Table Entry Fields */
+#define PATE1_R_PRTB           0x0FFFFFFFFFFFF000
+#define PATE1_R_PRTS           0x000000000000001F
+
+/* Radix Process Table Entry Fields */
+#define PRTBE_R_GET_RTS(rts) \
+    ((((rts >> 58) & 0x18) | ((rts >> 5) & 0x7)) + 31)
+#define PRTBE_R_RPDB            0x0FFFFFFFFFFFFF00
+#define PRTBE_R_RPDS            0x000000000000001F
+
+/* Radix Page Directory/Table Entry Fields */
+#define R_PTE_VALID             0x8000000000000000
+#define R_PTE_LEAF              0x4000000000000000
+#define R_PTE_SW0               0x2000000000000000
+#define R_PTE_RPN               0x01FFFFFFFFFFF000
+#define R_PTE_SW1               0x0000000000000E00
+#define R_GET_SW(sw)            (((sw >> 58) & 0x8) | ((sw >> 9) & 0x7))
+#define R_PTE_R                 0x0000000000000100
+#define R_PTE_C                 0x0000000000000080
+#define R_PTE_ATT               0x0000000000000030
+#define R_PTE_ATT_NORMAL        0x0000000000000000
+#define R_PTE_ATT_SAO           0x0000000000000010
+#define R_PTE_ATT_NI_IO         0x0000000000000020
+#define R_PTE_ATT_TOLERANT_IO   0x0000000000000030
+#define R_PTE_EAA_PRIV          0x0000000000000008
+#define R_PTE_EAA_R             0x0000000000000004
+#define R_PTE_EAA_RW            0x0000000000000002
+#define R_PTE_EAA_X             0x0000000000000001
+#define R_PDE_NLB               PRTBE_R_RPDB
+#define R_PDE_NLS               PRTBE_R_RPDS
+
 static bool ppc_radix64_get_fully_qualified_addr(const CPUPPCState *env,
                                                  vaddr eaddr,
                                                  uint64_t *lpid, uint64_t *pid)
@@ -180,6 +211,24 @@ static void ppc_radix64_raise_hsi(PowerPCCPU *cpu, MMUAccessType access_type,
     }
 }
 
+static int ppc_radix64_get_prot_eaa(uint64_t pte)
+{
+    return (pte & R_PTE_EAA_R ? PAGE_READ : 0) |
+           (pte & R_PTE_EAA_RW ? PAGE_READ | PAGE_WRITE : 0) |
+           (pte & R_PTE_EAA_X ? PAGE_EXEC : 0);
+}
+
+static int ppc_radix64_get_prot_amr(const PowerPCCPU *cpu)
+{
+    const CPUPPCState *env = &cpu->env;
+    int amr = env->spr[SPR_AMR] >> 62; /* We only care about key0 AMR63:62 */
+    int iamr = env->spr[SPR_IAMR] >> 62; /* We only care about key0 IAMR63:62 */
+
+    return (amr & 0x2 ? 0 : PAGE_WRITE) | /* Access denied if bit is set */
+           (amr & 0x1 ? 0 : PAGE_READ) |
+           (iamr & 0x1 ? 0 : PAGE_EXEC);
+}
+
 static bool ppc_radix64_check_prot(PowerPCCPU *cpu, MMUAccessType access_type,
                                    uint64_t pte, int *fault_cause, int *prot,
                                    int mmu_idx, bool partition_scoped)
diff --git a/target/ppc/mmu-radix64.h b/target/ppc/mmu-radix64.h
index c5c04a1527..6620b3d648 100644
--- a/target/ppc/mmu-radix64.h
+++ b/target/ppc/mmu-radix64.h
@@ -3,7 +3,7 @@
 
 #ifndef CONFIG_USER_ONLY
 
-#include "exec/page-protection.h"
+#ifdef TARGET_PPC64
 
 /* Radix Quadrants */
 #define R_EADDR_MASK            0x3FFFFFFFFFFFFFFF
@@ -14,61 +14,10 @@
 #define R_EADDR_QUADRANT2       0x8000000000000000
 #define R_EADDR_QUADRANT3       0xC000000000000000
 
-/* Radix Partition Table Entry Fields */
-#define PATE1_R_PRTB           0x0FFFFFFFFFFFF000
-#define PATE1_R_PRTS           0x000000000000001F
-
-/* Radix Process Table Entry Fields */
-#define PRTBE_R_GET_RTS(rts) \
-    ((((rts >> 58) & 0x18) | ((rts >> 5) & 0x7)) + 31)
-#define PRTBE_R_RPDB            0x0FFFFFFFFFFFFF00
-#define PRTBE_R_RPDS            0x000000000000001F
-
-/* Radix Page Directory/Table Entry Fields */
-#define R_PTE_VALID             0x8000000000000000
-#define R_PTE_LEAF              0x4000000000000000
-#define R_PTE_SW0               0x2000000000000000
-#define R_PTE_RPN               0x01FFFFFFFFFFF000
-#define R_PTE_SW1               0x0000000000000E00
-#define R_GET_SW(sw)            (((sw >> 58) & 0x8) | ((sw >> 9) & 0x7))
-#define R_PTE_R                 0x0000000000000100
-#define R_PTE_C                 0x0000000000000080
-#define R_PTE_ATT               0x0000000000000030
-#define R_PTE_ATT_NORMAL        0x0000000000000000
-#define R_PTE_ATT_SAO           0x0000000000000010
-#define R_PTE_ATT_NI_IO         0x0000000000000020
-#define R_PTE_ATT_TOLERANT_IO   0x0000000000000030
-#define R_PTE_EAA_PRIV          0x0000000000000008
-#define R_PTE_EAA_R             0x0000000000000004
-#define R_PTE_EAA_RW            0x0000000000000002
-#define R_PTE_EAA_X             0x0000000000000001
-#define R_PDE_NLB               PRTBE_R_RPDB
-#define R_PDE_NLS               PRTBE_R_RPDS
-
-#ifdef TARGET_PPC64
-
 bool ppc_radix64_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
                        hwaddr *raddr, int *psizep, int *protp, int mmu_idx,
                        bool guest_visible);
 
-static inline int ppc_radix64_get_prot_eaa(uint64_t pte)
-{
-    return (pte & R_PTE_EAA_R ? PAGE_READ : 0) |
-           (pte & R_PTE_EAA_RW ? PAGE_READ | PAGE_WRITE : 0) |
-           (pte & R_PTE_EAA_X ? PAGE_EXEC : 0);
-}
-
-static inline int ppc_radix64_get_prot_amr(const PowerPCCPU *cpu)
-{
-    const CPUPPCState *env = &cpu->env;
-    int amr = env->spr[SPR_AMR] >> 62; /* We only care about key0 AMR63:62 */
-    int iamr = env->spr[SPR_IAMR] >> 62; /* We only care about key0 IAMR63:62 */
-
-    return (amr & 0x2 ? 0 : PAGE_WRITE) | /* Access denied if bit is set */
-           (amr & 0x1 ? 0 : PAGE_READ) |
-           (iamr & 0x1 ? 0 : PAGE_EXEC);
-}
-
 #endif /* TARGET_PPC64 */
 
 #endif /* CONFIG_USER_ONLY */
-- 
2.30.9

[PATCH 32/43] target/ppc: Remove includes from mmu-book3s-v3.h

[BALATON Zoltan]

Drop includes from header that is not needed by the header itself and
only include them from C files that really need it.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu-book3s-v3.h | 3 ---
 target/ppc/mmu-hash64.c    | 1 +
 target/ppc/mmu-radix64.c   | 1 +
 3 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/target/ppc/mmu-book3s-v3.h b/target/ppc/mmu-book3s-v3.h
index 263ce55c1f..be66e26604 100644
--- a/target/ppc/mmu-book3s-v3.h
+++ b/target/ppc/mmu-book3s-v3.h
@@ -20,9 +20,6 @@
 #ifndef PPC_MMU_BOOK3S_V3_H
 #define PPC_MMU_BOOK3S_V3_H
 
-#include "mmu-hash64.h"
-#include "mmu-books.h"
-
 #ifndef CONFIG_USER_ONLY
 
 /*
diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index 7bc0323f26..5e1983e334 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -31,6 +31,7 @@
 #include "hw/hw.h"
 #include "internal.h"
 #include "mmu-book3s-v3.h"
+#include "mmu-books.h"
 #include "helper_regs.h"
 
 #ifdef CONFIG_TCG
diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c
index cf9619e847..be7a45f254 100644
--- a/target/ppc/mmu-radix64.c
+++ b/target/ppc/mmu-radix64.c
@@ -28,6 +28,7 @@
 #include "internal.h"
 #include "mmu-radix64.h"
 #include "mmu-book3s-v3.h"
+#include "mmu-books.h"
 
 /* Radix Partition Table Entry Fields */
 #define PATE1_R_PRTB           0x0FFFFFFFFFFFF000
-- 
2.30.9

[PATCH 33/43] target/ppc: Remove single use static inline function

[BALATON Zoltan]

The ger_pack_masks() function is only used once and the inverse of
this operation is already inlined so it can be inlined too in the only
caller and removed from the header.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/internal.h               | 9 ---------
 target/ppc/translate/vsx-impl.c.inc | 6 ++++--
 2 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/target/ppc/internal.h b/target/ppc/internal.h
index 20fb2ec593..8e5a241f74 100644
--- a/target/ppc/internal.h
+++ b/target/ppc/internal.h
@@ -293,13 +293,4 @@ FIELD(GER_MSK, XMSK, 0, 4)
 FIELD(GER_MSK, YMSK, 4, 4)
 FIELD(GER_MSK, PMSK, 8, 8)
 
-static inline int ger_pack_masks(int pmsk, int ymsk, int xmsk)
-{
-    int msk = 0;
-    msk = FIELD_DP32(msk, GER_MSK, XMSK, xmsk);
-    msk = FIELD_DP32(msk, GER_MSK, YMSK, ymsk);
-    msk = FIELD_DP32(msk, GER_MSK, PMSK, pmsk);
-    return msk;
-}
-
 #endif /* PPC_INTERNAL_H */
diff --git a/target/ppc/translate/vsx-impl.c.inc b/target/ppc/translate/vsx-impl.c.inc
index 0266f09119..62950d348a 100644
--- a/target/ppc/translate/vsx-impl.c.inc
+++ b/target/ppc/translate/vsx-impl.c.inc
@@ -2819,7 +2819,7 @@ static bool trans_XXSETACCZ(DisasContext *ctx, arg_X_a *a)
 static bool do_ger(DisasContext *ctx, arg_MMIRR_XX3 *a,
     void (*helper)(TCGv_env, TCGv_ptr, TCGv_ptr, TCGv_ptr, TCGv_i32))
 {
-    uint32_t mask;
+    uint32_t mask = 0;
     TCGv_ptr xt, xa, xb;
     REQUIRE_INSNS_FLAGS2(ctx, ISA310);
     REQUIRE_VSX(ctx);
@@ -2832,7 +2832,9 @@ static bool do_ger(DisasContext *ctx, arg_MMIRR_XX3 *a,
     xa = gen_vsr_ptr(a->xa);
     xb = gen_vsr_ptr(a->xb);
 
-    mask = ger_pack_masks(a->pmsk, a->ymsk, a->xmsk);
+    mask = FIELD_DP32(mask, GER_MSK, XMSK, a->xmsk);
+    mask = FIELD_DP32(mask, GER_MSK, YMSK, a->ymsk);
+    mask = FIELD_DP32(mask, GER_MSK, PMSK, a->pmsk);
     helper(tcg_env, xa, xb, xt, tcg_constant_i32(mask));
     return true;
 }
-- 
2.30.9

[PATCH 34/43] target/ppc/internal.h: Consolidate ifndef CONFIG_USER_ONLY blocks

[BALATON Zoltan]

A few pte related definitions are between two ifndef CONFIG_USER_ONLY
blocks but these are not needed for user only and should also be
within these blocks. Consolidate the ifndef blocks so all user only and
not user only definitions are in one #ifdef #else at the end of the file.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/internal.h | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/target/ppc/internal.h b/target/ppc/internal.h
index 8e5a241f74..66ce22bbe9 100644
--- a/target/ppc/internal.h
+++ b/target/ppc/internal.h
@@ -224,6 +224,10 @@ void helper_compute_fprf_float16(CPUPPCState *env, float16 arg);
 void helper_compute_fprf_float32(CPUPPCState *env, float32 arg);
 void helper_compute_fprf_float128(CPUPPCState *env, float128 arg);
 
+FIELD(GER_MSK, XMSK, 0, 4)
+FIELD(GER_MSK, YMSK, 4, 4)
+FIELD(GER_MSK, PMSK, 8, 8)
+
 /* translate.c */
 
 int ppc_fixup_cpu(PowerPCCPU *cpu);
@@ -234,8 +238,11 @@ void destroy_ppc_opcodes(PowerPCCPU *cpu);
 void ppc_gdb_init(CPUState *cs, PowerPCCPUClass *ppc);
 const gchar *ppc_gdb_arch_name(CPUState *cs);
 
-#ifndef CONFIG_USER_ONLY
-
+#ifdef CONFIG_USER_ONLY
+void ppc_cpu_record_sigsegv(CPUState *cs, vaddr addr,
+                            MMUAccessType access_type,
+                            bool maperr, uintptr_t ra);
+#else
 /* Check if permission bit required for the access_type is set in prot */
 static inline int check_prot_access_type(int prot, MMUAccessType access_type)
 {
@@ -252,7 +259,6 @@ bool ppc_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
 int ppc6xx_tlb_getnum(CPUPPCState *env, target_ulong eaddr,
                                     int way, int is_code);
 
-#endif /* !CONFIG_USER_ONLY */
 
 /* Common routines used by software and hardware TLBs emulation */
 static inline int pte_is_valid(target_ulong pte0)
@@ -268,11 +274,6 @@ static inline void pte_invalidate(target_ulong *pte0)
 #define PTE_PTEM_MASK 0x7FFFFFBF
 #define PTE_CHECK_MASK (TARGET_PAGE_MASK | 0x7B)
 
-#ifdef CONFIG_USER_ONLY
-void ppc_cpu_record_sigsegv(CPUState *cs, vaddr addr,
-                            MMUAccessType access_type,
-                            bool maperr, uintptr_t ra);
-#else
 bool ppc_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
                       MMUAccessType access_type, int mmu_idx,
                       bool probe, uintptr_t retaddr);
@@ -287,10 +288,6 @@ void ppc_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
 void ppc_cpu_debug_excp_handler(CPUState *cs);
 bool ppc_cpu_debug_check_breakpoint(CPUState *cs);
 bool ppc_cpu_debug_check_watchpoint(CPUState *cs, CPUWatchpoint *wp);
-#endif
-
-FIELD(GER_MSK, XMSK, 0, 4)
-FIELD(GER_MSK, YMSK, 4, 4)
-FIELD(GER_MSK, PMSK, 8, 8)
+#endif /* !CONFIG_USER_ONLY */
 
 #endif /* PPC_INTERNAL_H */
-- 
2.30.9

[PATCH 35/43] target/ppc/mmu-hash32.c: Change parameter type of ppc_hash32_bat_lookup()

[BALATON Zoltan]

This function takes PowerPCCPU but only needs the env from it. Change
its parameter to CPUPPCState *env.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu-hash32.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
index 44b16142ab..a2c0ac05d2 100644
--- a/target/ppc/mmu-hash32.c
+++ b/target/ppc/mmu-hash32.c
@@ -48,11 +48,10 @@ static target_ulong hash32_bat_size(int mmu_idx,
     return BATU32_BEPI & ~((batu & BATU32_BL) << 15);
 }
 
-static hwaddr ppc_hash32_bat_lookup(PowerPCCPU *cpu, target_ulong ea,
+static hwaddr ppc_hash32_bat_lookup(CPUPPCState *env, target_ulong ea,
                                     MMUAccessType access_type, int *prot,
                                     int mmu_idx)
 {
-    CPUPPCState *env = &cpu->env;
     target_ulong *BATlt, *BATut;
     bool ifetch = access_type == MMU_INST_FETCH;
     int i;
@@ -316,7 +315,7 @@ bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
 
     /* 2. Check Block Address Translation entries (BATs) */
     if (env->nb_BATs != 0) {
-        raddr = ppc_hash32_bat_lookup(cpu, eaddr, access_type, protp, mmu_idx);
+        raddr = ppc_hash32_bat_lookup(env, eaddr, access_type, protp, mmu_idx);
         if (raddr != -1) {
             if (!check_prot_access_type(*protp, access_type)) {
                 if (guest_visible) {
-- 
2.30.9

[PATCH 36/43] target/ppc/mmu-hash32: Remove some static inlines from header

[BALATON Zoltan]

Two of these are not used anywhere and the other two are used only
once and can be inlined and removed from the header.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu-hash32.c |  5 +++--
 target/ppc/mmu-hash32.h | 32 --------------------------------
 2 files changed, 3 insertions(+), 34 deletions(-)

diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
index a2c0ac05d2..7a6a674f8a 100644
--- a/target/ppc/mmu-hash32.c
+++ b/target/ppc/mmu-hash32.c
@@ -206,17 +206,18 @@ static hwaddr ppc_hash32_pteg_search(PowerPCCPU *cpu, hwaddr pteg_off,
 {
     hwaddr pte_offset = pteg_off;
     target_ulong pte0, pte1;
+    hwaddr base = ppc_hash32_hpt_base(cpu);
     int i;
 
     for (i = 0; i < HPTES_PER_GROUP; i++) {
-        pte0 = ppc_hash32_load_hpte0(cpu, pte_offset);
+        pte0 = ldl_phys(CPU(cpu)->as, base + pte_offset);
         /*
          * pte0 contains the valid bit and must be read before pte1,
          * otherwise we might see an old pte1 with a new valid bit and
          * thus an inconsistent hpte value
          */
         smp_rmb();
-        pte1 = ppc_hash32_load_hpte1(cpu, pte_offset);
+        pte1 = ldl_phys(CPU(cpu)->as, base + pte_offset + HASH_PTE_SIZE_32 / 2);
 
         if ((pte0 & HPTE32_V_VALID)
             && (secondary == !!(pte0 & HPTE32_V_SECONDARY))
diff --git a/target/ppc/mmu-hash32.h b/target/ppc/mmu-hash32.h
index 2838de031c..4db55fb0a0 100644
--- a/target/ppc/mmu-hash32.h
+++ b/target/ppc/mmu-hash32.h
@@ -69,38 +69,6 @@ static inline hwaddr ppc_hash32_hpt_mask(PowerPCCPU *cpu)
     return ((cpu->env.spr[SPR_SDR1] & SDR_32_HTABMASK) << 16) | 0xFFFF;
 }
 
-static inline target_ulong ppc_hash32_load_hpte0(PowerPCCPU *cpu,
-                                                 hwaddr pte_offset)
-{
-    target_ulong base = ppc_hash32_hpt_base(cpu);
-
-    return ldl_phys(CPU(cpu)->as, base + pte_offset);
-}
-
-static inline target_ulong ppc_hash32_load_hpte1(PowerPCCPU *cpu,
-                                                 hwaddr pte_offset)
-{
-    target_ulong base = ppc_hash32_hpt_base(cpu);
-
-    return ldl_phys(CPU(cpu)->as, base + pte_offset + HASH_PTE_SIZE_32 / 2);
-}
-
-static inline void ppc_hash32_store_hpte0(PowerPCCPU *cpu,
-                                          hwaddr pte_offset, target_ulong pte0)
-{
-    target_ulong base = ppc_hash32_hpt_base(cpu);
-
-    stl_phys(CPU(cpu)->as, base + pte_offset, pte0);
-}
-
-static inline void ppc_hash32_store_hpte1(PowerPCCPU *cpu,
-                                          hwaddr pte_offset, target_ulong pte1)
-{
-    target_ulong base = ppc_hash32_hpt_base(cpu);
-
-    stl_phys(CPU(cpu)->as, base + pte_offset + HASH_PTE_SIZE_32 / 2, pte1);
-}
-
 static inline hwaddr get_pteg_offset32(PowerPCCPU *cpu, hwaddr hash)
 {
     return (hash * HASH_PTEG_SIZE_32) & ppc_hash32_hpt_mask(cpu);
-- 
2.30.9

[PATCH 37/43] target/ppc/mmu-hash32.c: Return and use pte address instead of base + offset

[BALATON Zoltan]

Change ppc_hash32_pteg_search() to return pte address instead of an
offset to avoid needing to get the base and add offset to it when we
already have the address we need.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu-hash32.c | 51 ++++++++++++++++-------------------------
 1 file changed, 20 insertions(+), 31 deletions(-)

diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
index 7a6a674f8a..cc1e790d0e 100644
--- a/target/ppc/mmu-hash32.c
+++ b/target/ppc/mmu-hash32.c
@@ -204,58 +204,48 @@ static hwaddr ppc_hash32_pteg_search(PowerPCCPU *cpu, hwaddr pteg_off,
                                      bool secondary, target_ulong ptem,
                                      ppc_hash_pte32_t *pte)
 {
-    hwaddr pte_offset = pteg_off;
+    hwaddr pte_addr = ppc_hash32_hpt_base(cpu) + pteg_off;
     target_ulong pte0, pte1;
-    hwaddr base = ppc_hash32_hpt_base(cpu);
     int i;
 
-    for (i = 0; i < HPTES_PER_GROUP; i++) {
-        pte0 = ldl_phys(CPU(cpu)->as, base + pte_offset);
+    for (i = 0; i < HPTES_PER_GROUP; i++, pte_addr += HASH_PTE_SIZE_32) {
+        pte0 = ldl_phys(CPU(cpu)->as, pte_addr);
         /*
          * pte0 contains the valid bit and must be read before pte1,
          * otherwise we might see an old pte1 with a new valid bit and
          * thus an inconsistent hpte value
          */
         smp_rmb();
-        pte1 = ldl_phys(CPU(cpu)->as, base + pte_offset + HASH_PTE_SIZE_32 / 2);
+        pte1 = ldl_phys(CPU(cpu)->as, pte_addr + HASH_PTE_SIZE_32 / 2);
 
         if ((pte0 & HPTE32_V_VALID)
             && (secondary == !!(pte0 & HPTE32_V_SECONDARY))
             && HPTE32_V_COMPARE(pte0, ptem)) {
             pte->pte0 = pte0;
             pte->pte1 = pte1;
-            return pte_offset;
+            return pte_addr;
         }
-
-        pte_offset += HASH_PTE_SIZE_32;
     }
-
     return -1;
 }
 
-static void ppc_hash32_set_r(PowerPCCPU *cpu, hwaddr pte_offset, uint32_t pte1)
+static void ppc_hash32_set_r(PowerPCCPU *cpu, hwaddr pte_addr, uint32_t pte1)
 {
-    target_ulong base = ppc_hash32_hpt_base(cpu);
-    hwaddr offset = pte_offset + 6;
-
     /* The HW performs a non-atomic byte update */
-    stb_phys(CPU(cpu)->as, base + offset, ((pte1 >> 8) & 0xff) | 0x01);
+    stb_phys(CPU(cpu)->as, pte_addr + 6, ((pte1 >> 8) & 0xff) | 0x01);
 }
 
-static void ppc_hash32_set_c(PowerPCCPU *cpu, hwaddr pte_offset, uint64_t pte1)
+static void ppc_hash32_set_c(PowerPCCPU *cpu, hwaddr pte_addr, uint64_t pte1)
 {
-    target_ulong base = ppc_hash32_hpt_base(cpu);
-    hwaddr offset = pte_offset + 7;
-
     /* The HW performs a non-atomic byte update */
-    stb_phys(CPU(cpu)->as, base + offset, (pte1 & 0xff) | 0x80);
+    stb_phys(CPU(cpu)->as, pte_addr + 7, (pte1 & 0xff) | 0x80);
 }
 
 static hwaddr ppc_hash32_htab_lookup(PowerPCCPU *cpu,
                                      target_ulong sr, target_ulong eaddr,
                                      ppc_hash_pte32_t *pte)
 {
-    hwaddr pteg_off, pte_offset;
+    hwaddr pteg_off, pte_addr;
     hwaddr hash;
     uint32_t vsid, pgidx, ptem;
 
@@ -277,18 +267,18 @@ static hwaddr ppc_hash32_htab_lookup(PowerPCCPU *cpu,
             ppc_hash32_hpt_base(cpu), ppc_hash32_hpt_mask(cpu),
             vsid, ptem, hash);
     pteg_off = get_pteg_offset32(cpu, hash);
-    pte_offset = ppc_hash32_pteg_search(cpu, pteg_off, 0, ptem, pte);
-    if (pte_offset == -1) {
+    pte_addr = ppc_hash32_pteg_search(cpu, pteg_off, 0, ptem, pte);
+    if (pte_addr == -1) {
         /* Secondary PTEG lookup */
         qemu_log_mask(CPU_LOG_MMU, "1 htab=" HWADDR_FMT_plx "/" HWADDR_FMT_plx
                 " vsid=%" PRIx32 " api=%" PRIx32
                 " hash=" HWADDR_FMT_plx "\n", ppc_hash32_hpt_base(cpu),
                 ppc_hash32_hpt_mask(cpu), vsid, ptem, ~hash);
         pteg_off = get_pteg_offset32(cpu, ~hash);
-        pte_offset = ppc_hash32_pteg_search(cpu, pteg_off, 1, ptem, pte);
+        pte_addr = ppc_hash32_pteg_search(cpu, pteg_off, 1, ptem, pte);
     }
 
-    return pte_offset;
+    return pte_addr;
 }
 
 bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
@@ -298,7 +288,7 @@ bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
     CPUState *cs = CPU(cpu);
     CPUPPCState *env = &cpu->env;
     target_ulong sr;
-    hwaddr pte_offset, raddr;
+    hwaddr pte_addr, raddr;
     ppc_hash_pte32_t pte;
     bool key;
     int prot;
@@ -360,8 +350,8 @@ bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
     }
 
     /* 6. Locate the PTE in the hash table */
-    pte_offset = ppc_hash32_htab_lookup(cpu, sr, eaddr, &pte);
-    if (pte_offset == -1) {
+    pte_addr = ppc_hash32_htab_lookup(cpu, sr, eaddr, &pte);
+    if (pte_addr == -1) {
         if (guest_visible) {
             if (access_type == MMU_INST_FETCH) {
                 cs->exception_index = POWERPC_EXCP_ISI;
@@ -380,7 +370,7 @@ bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
         return false;
     }
     qemu_log_mask(CPU_LOG_MMU,
-                "found PTE at offset %08" HWADDR_PRIx "\n", pte_offset);
+                  "found PTE at address %08" HWADDR_PRIx "\n", pte_addr);
 
     /* 7. Check access permissions */
     key = ppc_hash32_key(mmuidx_pr(mmu_idx), sr);
@@ -410,13 +400,12 @@ bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
     qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
 
     /* 8. Update PTE referenced and changed bits if necessary */
-
     if (!(pte.pte1 & HPTE32_R_R)) {
-        ppc_hash32_set_r(cpu, pte_offset, pte.pte1);
+        ppc_hash32_set_r(cpu, pte_addr, pte.pte1);
     }
     if (!(pte.pte1 & HPTE32_R_C)) {
         if (access_type == MMU_DATA_STORE) {
-            ppc_hash32_set_c(cpu, pte_offset, pte.pte1);
+            ppc_hash32_set_c(cpu, pte_addr, pte.pte1);
         } else {
             /*
              * Treat the page as read-only for now, so that a later write
-- 
2.30.9

[PATCH 38/43] target/ppc/mmu-hash32.c: Use pte address as parameter instead of offset

[BALATON Zoltan]

Instead of getting base and adding an offset to it pass pte address to
ppc_hash32_pteg_search() that the only caller of this function already
has and can easily pass it. Also add a local variable in the caller to
avoid getting base multiple times.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu-hash32.c | 31 ++++++++++++++-----------------
 1 file changed, 14 insertions(+), 17 deletions(-)

diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
index cc1e790d0e..6d0adf3357 100644
--- a/target/ppc/mmu-hash32.c
+++ b/target/ppc/mmu-hash32.c
@@ -200,11 +200,10 @@ static bool ppc_hash32_direct_store(PowerPCCPU *cpu, target_ulong sr,
     return false;
 }
 
-static hwaddr ppc_hash32_pteg_search(PowerPCCPU *cpu, hwaddr pteg_off,
+static hwaddr ppc_hash32_pteg_search(PowerPCCPU *cpu, hwaddr pte_addr,
                                      bool secondary, target_ulong ptem,
                                      ppc_hash_pte32_t *pte)
 {
-    hwaddr pte_addr = ppc_hash32_hpt_base(cpu) + pteg_off;
     target_ulong pte0, pte1;
     int i;
 
@@ -245,37 +244,35 @@ static hwaddr ppc_hash32_htab_lookup(PowerPCCPU *cpu,
                                      target_ulong sr, target_ulong eaddr,
                                      ppc_hash_pte32_t *pte)
 {
-    hwaddr pteg_off, pte_addr;
-    hwaddr hash;
+    hwaddr hpt_base, pteg_off, pte_addr, hash;
     uint32_t vsid, pgidx, ptem;
 
+    hpt_base = ppc_hash32_hpt_base(cpu);
     vsid = sr & SR32_VSID;
     pgidx = (eaddr & ~SEGMENT_MASK_256M) >> TARGET_PAGE_BITS;
     hash = vsid ^ pgidx;
     ptem = (vsid << 7) | (pgidx >> 10);
 
     /* Page address translation */
-    qemu_log_mask(CPU_LOG_MMU, "htab_base " HWADDR_FMT_plx
-            " htab_mask " HWADDR_FMT_plx
-            " hash " HWADDR_FMT_plx "\n",
-            ppc_hash32_hpt_base(cpu), ppc_hash32_hpt_mask(cpu), hash);
+    qemu_log_mask(CPU_LOG_MMU, "htab_base " HWADDR_FMT_plx " htab_mask "
+                  HWADDR_FMT_plx " hash " HWADDR_FMT_plx "\n",
+                  hpt_base, ppc_hash32_hpt_mask(cpu), hash);
 
     /* Primary PTEG lookup */
     qemu_log_mask(CPU_LOG_MMU, "0 htab=" HWADDR_FMT_plx "/" HWADDR_FMT_plx
-            " vsid=%" PRIx32 " ptem=%" PRIx32
-            " hash=" HWADDR_FMT_plx "\n",
-            ppc_hash32_hpt_base(cpu), ppc_hash32_hpt_mask(cpu),
-            vsid, ptem, hash);
+                  " vsid=%" PRIx32 " ptem=%" PRIx32 " hash=" HWADDR_FMT_plx
+                  "\n", hpt_base, ppc_hash32_hpt_mask(cpu), vsid, ptem, hash);
     pteg_off = get_pteg_offset32(cpu, hash);
-    pte_addr = ppc_hash32_pteg_search(cpu, pteg_off, 0, ptem, pte);
+    pte_addr = ppc_hash32_pteg_search(cpu, hpt_base + pteg_off, 0, ptem, pte);
     if (pte_addr == -1) {
         /* Secondary PTEG lookup */
         qemu_log_mask(CPU_LOG_MMU, "1 htab=" HWADDR_FMT_plx "/" HWADDR_FMT_plx
-                " vsid=%" PRIx32 " api=%" PRIx32
-                " hash=" HWADDR_FMT_plx "\n", ppc_hash32_hpt_base(cpu),
-                ppc_hash32_hpt_mask(cpu), vsid, ptem, ~hash);
+                      " vsid=%" PRIx32 " api=%" PRIx32 " hash=" HWADDR_FMT_plx
+                      "\n", hpt_base, ppc_hash32_hpt_mask(cpu), vsid, ptem,
+                      ~hash);
         pteg_off = get_pteg_offset32(cpu, ~hash);
-        pte_addr = ppc_hash32_pteg_search(cpu, pteg_off, 1, ptem, pte);
+        pte_addr = ppc_hash32_pteg_search(cpu, hpt_base + pteg_off, 1, ptem,
+                                          pte);
     }
 
     return pte_addr;
-- 
2.30.9

[PATCH 39/43] target/ppc: Change parameter type of some inline functions

[BALATON Zoltan]

These functions take PowerPCCPU but only need the env from it. Change
their parameter to CPUPPCState *env.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu-hash32.c | 13 +++++++------
 target/ppc/mmu-hash32.h | 12 ++++++------
 target/ppc/mmu_common.c | 20 +++++++++-----------
 3 files changed, 22 insertions(+), 23 deletions(-)

diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
index 6d0adf3357..f18faf0f46 100644
--- a/target/ppc/mmu-hash32.c
+++ b/target/ppc/mmu-hash32.c
@@ -244,10 +244,11 @@ static hwaddr ppc_hash32_htab_lookup(PowerPCCPU *cpu,
                                      target_ulong sr, target_ulong eaddr,
                                      ppc_hash_pte32_t *pte)
 {
+    CPUPPCState *env = &cpu->env;
     hwaddr hpt_base, pteg_off, pte_addr, hash;
     uint32_t vsid, pgidx, ptem;
 
-    hpt_base = ppc_hash32_hpt_base(cpu);
+    hpt_base = ppc_hash32_hpt_base(env);
     vsid = sr & SR32_VSID;
     pgidx = (eaddr & ~SEGMENT_MASK_256M) >> TARGET_PAGE_BITS;
     hash = vsid ^ pgidx;
@@ -256,21 +257,21 @@ static hwaddr ppc_hash32_htab_lookup(PowerPCCPU *cpu,
     /* Page address translation */
     qemu_log_mask(CPU_LOG_MMU, "htab_base " HWADDR_FMT_plx " htab_mask "
                   HWADDR_FMT_plx " hash " HWADDR_FMT_plx "\n",
-                  hpt_base, ppc_hash32_hpt_mask(cpu), hash);
+                  hpt_base, ppc_hash32_hpt_mask(env), hash);
 
     /* Primary PTEG lookup */
     qemu_log_mask(CPU_LOG_MMU, "0 htab=" HWADDR_FMT_plx "/" HWADDR_FMT_plx
                   " vsid=%" PRIx32 " ptem=%" PRIx32 " hash=" HWADDR_FMT_plx
-                  "\n", hpt_base, ppc_hash32_hpt_mask(cpu), vsid, ptem, hash);
-    pteg_off = get_pteg_offset32(cpu, hash);
+                  "\n", hpt_base, ppc_hash32_hpt_mask(env), vsid, ptem, hash);
+    pteg_off = get_pteg_offset32(env, hash);
     pte_addr = ppc_hash32_pteg_search(cpu, hpt_base + pteg_off, 0, ptem, pte);
     if (pte_addr == -1) {
         /* Secondary PTEG lookup */
         qemu_log_mask(CPU_LOG_MMU, "1 htab=" HWADDR_FMT_plx "/" HWADDR_FMT_plx
                       " vsid=%" PRIx32 " api=%" PRIx32 " hash=" HWADDR_FMT_plx
-                      "\n", hpt_base, ppc_hash32_hpt_mask(cpu), vsid, ptem,
+                      "\n", hpt_base, ppc_hash32_hpt_mask(env), vsid, ptem,
                       ~hash);
-        pteg_off = get_pteg_offset32(cpu, ~hash);
+        pteg_off = get_pteg_offset32(env, ~hash);
         pte_addr = ppc_hash32_pteg_search(cpu, hpt_base + pteg_off, 1, ptem,
                                           pte);
     }
diff --git a/target/ppc/mmu-hash32.h b/target/ppc/mmu-hash32.h
index 4db55fb0a0..ec8d881def 100644
--- a/target/ppc/mmu-hash32.h
+++ b/target/ppc/mmu-hash32.h
@@ -59,19 +59,19 @@ bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
 #define HPTE32_R_WIMG           0x00000078
 #define HPTE32_R_PP             0x00000003
 
-static inline hwaddr ppc_hash32_hpt_base(PowerPCCPU *cpu)
+static inline hwaddr ppc_hash32_hpt_base(CPUPPCState *env)
 {
-    return cpu->env.spr[SPR_SDR1] & SDR_32_HTABORG;
+    return env->spr[SPR_SDR1] & SDR_32_HTABORG;
 }
 
-static inline hwaddr ppc_hash32_hpt_mask(PowerPCCPU *cpu)
+static inline hwaddr ppc_hash32_hpt_mask(CPUPPCState *env)
 {
-    return ((cpu->env.spr[SPR_SDR1] & SDR_32_HTABMASK) << 16) | 0xFFFF;
+    return ((env->spr[SPR_SDR1] & SDR_32_HTABMASK) << 16) | 0xFFFF;
 }
 
-static inline hwaddr get_pteg_offset32(PowerPCCPU *cpu, hwaddr hash)
+static inline hwaddr get_pteg_offset32(CPUPPCState *env, hwaddr hash)
 {
-    return (hash * HASH_PTEG_SIZE_32) & ppc_hash32_hpt_mask(cpu);
+    return (hash * HASH_PTEG_SIZE_32) & ppc_hash32_hpt_mask(env);
 }
 
 static inline bool ppc_hash32_key(bool pr, target_ulong sr)
diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 60f8736210..b45eb64f6e 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -166,8 +166,8 @@ static int ppc6xx_tlb_check(CPUPPCState *env, hwaddr *raddr, int *prot,
 #if defined(DUMP_PAGE_TABLES)
     if (qemu_loglevel_mask(CPU_LOG_MMU)) {
         CPUState *cs = env_cpu(env);
-        hwaddr base = ppc_hash32_hpt_base(env_archcpu(env));
-        hwaddr len = ppc_hash32_hpt_mask(env_archcpu(env)) + 0x80;
+        hwaddr base = ppc_hash32_hpt_base(env);
+        hwaddr len = ppc_hash32_hpt_mask(env) + 0x80;
         uint32_t a0, a1, a2, a3;
 
         qemu_log("Page table: " HWADDR_FMT_plx " len " HWADDR_FMT_plx "\n",
@@ -263,7 +263,6 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, hwaddr *raddr,
                                        hwaddr *hashp, bool *keyp,
                                        MMUAccessType access_type, int type)
 {
-    PowerPCCPU *cpu = env_archcpu(env);
     hwaddr hash;
     target_ulong vsid, sr, pgidx, ptem;
     bool key, ds, nx;
@@ -305,7 +304,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, hwaddr *raddr,
         /* Page address translation */
         qemu_log_mask(CPU_LOG_MMU, "htab_base " HWADDR_FMT_plx " htab_mask "
                       HWADDR_FMT_plx " hash " HWADDR_FMT_plx "\n",
-                      ppc_hash32_hpt_base(cpu), ppc_hash32_hpt_mask(cpu), hash);
+                      ppc_hash32_hpt_base(env), ppc_hash32_hpt_mask(env), hash);
         *hashp = hash;
 
         /* Software TLB search */
@@ -499,13 +498,12 @@ static void mmu6xx_dump_BATs(CPUPPCState *env, int type)
 
 static void mmu6xx_dump_mmu(CPUPPCState *env)
 {
-    PowerPCCPU *cpu = env_archcpu(env);
     ppc6xx_tlb_t *tlb;
     target_ulong sr;
     int type, way, entry, i;
 
-    qemu_printf("HTAB base = 0x%"HWADDR_PRIx"\n", ppc_hash32_hpt_base(cpu));
-    qemu_printf("HTAB mask = 0x%"HWADDR_PRIx"\n", ppc_hash32_hpt_mask(cpu));
+    qemu_printf("HTAB base = 0x%"HWADDR_PRIx"\n", ppc_hash32_hpt_base(env));
+    qemu_printf("HTAB mask = 0x%"HWADDR_PRIx"\n", ppc_hash32_hpt_mask(env));
 
     qemu_printf("\nSegment registers:\n");
     for (i = 0; i < 32; i++) {
@@ -743,10 +741,10 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
             env->spr[SPR_DCMP] |= 0x80000000;
 tlb_miss:
             env->error_code |= key << 19;
-            env->spr[SPR_HASH1] = ppc_hash32_hpt_base(cpu) +
-                                  get_pteg_offset32(cpu, hash);
-            env->spr[SPR_HASH2] = ppc_hash32_hpt_base(cpu) +
-                                  get_pteg_offset32(cpu, ~hash);
+            env->spr[SPR_HASH1] = ppc_hash32_hpt_base(env) +
+                                  get_pteg_offset32(env, hash);
+            env->spr[SPR_HASH2] = ppc_hash32_hpt_base(env) +
+                                  get_pteg_offset32(env, ~hash);
             break;
         case -2:
             /* Access rights violation */
-- 
2.30.9

[PATCH 40/43] target/ppc: Change parameter type of ppc64_v3_radix()

[BALATON Zoltan]

This function takes PowerPCCPU but only needs the env from it. Change
its parameter to CPUPPCState *env.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 hw/ppc/spapr_rtas.c        | 2 +-
 target/ppc/mmu-book3s-v3.h | 4 ++--
 target/ppc/mmu_common.c    | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index f329693c55..38e94fc0d7 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -177,7 +177,7 @@ static void rtas_start_cpu(PowerPCCPU *callcpu, SpaprMachineState *spapr,
          * New cpus are expected to start in the same radix/hash mode
          * as the existing CPUs
          */
-        if (ppc64_v3_radix(callcpu)) {
+        if (ppc64_v3_radix(&callcpu->env)) {
             lpcr |= LPCR_UPRT | LPCR_GTSE | LPCR_HR;
         } else {
             lpcr &= ~(LPCR_UPRT | LPCR_GTSE | LPCR_HR);
diff --git a/target/ppc/mmu-book3s-v3.h b/target/ppc/mmu-book3s-v3.h
index be66e26604..e52129ff7f 100644
--- a/target/ppc/mmu-book3s-v3.h
+++ b/target/ppc/mmu-book3s-v3.h
@@ -75,9 +75,9 @@ bool ppc64_v3_get_pate(PowerPCCPU *cpu, target_ulong lpid,
  * dig out the partition table in the fast path. This is
  * also how the HW uses it.
  */
-static inline bool ppc64_v3_radix(PowerPCCPU *cpu)
+static inline bool ppc64_v3_radix(CPUPPCState *env)
 {
-    return !!(cpu->env.spr[SPR_LPCR] & LPCR_HR);
+    return !!(env->spr[SPR_LPCR] & LPCR_HR);
 }
 
 #endif /* TARGET_PPC64 */
diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index b45eb64f6e..ab055ca96b 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -565,7 +565,7 @@ void dump_mmu(CPUPPCState *env)
         dump_slb(env_archcpu(env));
         break;
     case POWERPC_MMU_3_00:
-        if (ppc64_v3_radix(env_archcpu(env))) {
+        if (ppc64_v3_radix(env)) {
             qemu_log_mask(LOG_UNIMP, "%s: the PPC64 MMU is unsupported\n",
                           __func__);
         } else {
@@ -810,7 +810,7 @@ bool ppc_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
     switch (cpu->env.mmu_model) {
 #if defined(TARGET_PPC64)
     case POWERPC_MMU_3_00:
-        if (ppc64_v3_radix(cpu)) {
+        if (ppc64_v3_radix(&cpu->env)) {
             return ppc_radix64_xlate(cpu, eaddr, access_type, raddrp,
                                      psizep, protp, mmu_idx, guest_visible);
         }
-- 
2.30.9

[PATCH 41/43] target/ppc: Change MMU xlate functions to take CPUState

[BALATON Zoltan]

The callers of xlate functions get CPUState which is then cast to
PowerPCCPU that is then cast back to CPUState by most xlate functions.
Avoid this back and forth casting by passing the existing CPUState to
xlate functions and let them convert it as needed.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/internal.h    |  2 +-
 target/ppc/mmu-booke.c   |  5 ++--
 target/ppc/mmu-booke.h   |  2 +-
 target/ppc/mmu-hash32.c  |  4 +--
 target/ppc/mmu-hash32.h  |  2 +-
 target/ppc/mmu-hash64.c  |  4 +--
 target/ppc/mmu-hash64.h  |  2 +-
 target/ppc/mmu-radix64.c |  7 +++---
 target/ppc/mmu-radix64.h |  2 +-
 target/ppc/mmu_common.c  | 54 +++++++++++++++++++---------------------
 target/ppc/mmu_helper.c  |  9 +++----
 11 files changed, 45 insertions(+), 48 deletions(-)

diff --git a/target/ppc/internal.h b/target/ppc/internal.h
index 66ce22bbe9..753fae219c 100644
--- a/target/ppc/internal.h
+++ b/target/ppc/internal.h
@@ -251,7 +251,7 @@ static inline int check_prot_access_type(int prot, MMUAccessType access_type)
 
 /* PowerPC MMU emulation */
 
-bool ppc_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
+bool ppc_xlate(CPUState *cs, vaddr eaddr, MMUAccessType access_type,
                       hwaddr *raddrp, int *psizep, int *protp,
                       int mmu_idx, bool guest_visible);
 
diff --git a/target/ppc/mmu-booke.c b/target/ppc/mmu-booke.c
index 55e5dd7c6b..dd4ea48151 100644
--- a/target/ppc/mmu-booke.c
+++ b/target/ppc/mmu-booke.c
@@ -473,12 +473,11 @@ static void booke206_update_mas_tlb_miss(CPUPPCState *env, target_ulong address,
     env->spr[SPR_BOOKE_MAS0] |= env->last_way << MAS0_NV_SHIFT;
 }
 
-bool ppc_booke_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
+bool ppc_booke_xlate(CPUState *cs, vaddr eaddr, MMUAccessType access_type,
                      hwaddr *raddrp, int *psizep, int *protp, int mmu_idx,
                      bool guest_visible)
 {
-    CPUState *cs = CPU(cpu);
-    CPUPPCState *env = &cpu->env;
+    CPUPPCState *env = cpu_env(cs);
     hwaddr raddr;
     int prot, ret;
 
diff --git a/target/ppc/mmu-booke.h b/target/ppc/mmu-booke.h
index f972843bbb..6c90139be0 100644
--- a/target/ppc/mmu-booke.h
+++ b/target/ppc/mmu-booke.h
@@ -10,7 +10,7 @@ int mmu40x_get_physical_address(CPUPPCState *env, hwaddr *raddr, int *prot,
 hwaddr booke206_tlb_to_page_size(CPUPPCState *env, ppcmas_tlb_t *tlb);
 int ppcmas_tlb_check(CPUPPCState *env, ppcmas_tlb_t *tlb, hwaddr *raddrp,
                      target_ulong address, uint32_t pid);
-bool ppc_booke_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
+bool ppc_booke_xlate(CPUState *cs, vaddr eaddr, MMUAccessType access_type,
                      hwaddr *raddrp, int *psizep, int *protp, int mmu_idx,
                      bool guest_visible);
 
diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
index f18faf0f46..82a02881c2 100644
--- a/target/ppc/mmu-hash32.c
+++ b/target/ppc/mmu-hash32.c
@@ -279,11 +279,11 @@ static hwaddr ppc_hash32_htab_lookup(PowerPCCPU *cpu,
     return pte_addr;
 }
 
-bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
+bool ppc_hash32_xlate(CPUState *cs, vaddr eaddr, MMUAccessType access_type,
                       hwaddr *raddrp, int *psizep, int *protp, int mmu_idx,
                       bool guest_visible)
 {
-    CPUState *cs = CPU(cpu);
+    PowerPCCPU *cpu = POWERPC_CPU(cs);
     CPUPPCState *env = &cpu->env;
     target_ulong sr;
     hwaddr pte_addr, raddr;
diff --git a/target/ppc/mmu-hash32.h b/target/ppc/mmu-hash32.h
index ec8d881def..d9e4977bdc 100644
--- a/target/ppc/mmu-hash32.h
+++ b/target/ppc/mmu-hash32.h
@@ -3,7 +3,7 @@
 
 #ifndef CONFIG_USER_ONLY
 
-bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
+bool ppc_hash32_xlate(CPUState *cs, vaddr eaddr, MMUAccessType access_type,
                       hwaddr *raddrp, int *psizep, int *protp, int mmu_idx,
                       bool guest_visible);
 
diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index 5e1983e334..1559683626 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -979,11 +979,11 @@ static int build_vrma_slbe(PowerPCCPU *cpu, ppc_slb_t *slb)
     return -1;
 }
 
-bool ppc_hash64_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
+bool ppc_hash64_xlate(CPUState *cs, vaddr eaddr, MMUAccessType access_type,
                       hwaddr *raddrp, int *psizep, int *protp, int mmu_idx,
                       bool guest_visible)
 {
-    CPUState *cs = CPU(cpu);
+    PowerPCCPU *cpu = POWERPC_CPU(cs);
     CPUPPCState *env = &cpu->env;
     ppc_slb_t vrma_slbe;
     ppc_slb_t *slb;
diff --git a/target/ppc/mmu-hash64.h b/target/ppc/mmu-hash64.h
index ae8d4b37ae..0c475642e0 100644
--- a/target/ppc/mmu-hash64.h
+++ b/target/ppc/mmu-hash64.h
@@ -7,7 +7,7 @@
 void dump_slb(PowerPCCPU *cpu);
 int ppc_store_slb(PowerPCCPU *cpu, target_ulong slot,
                   target_ulong esid, target_ulong vsid);
-bool ppc_hash64_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
+bool ppc_hash64_xlate(CPUState *cs, vaddr eaddr, MMUAccessType access_type,
                       hwaddr *raddrp, int *psizep, int *protp, int mmu_idx,
                       bool guest_visible);
 void ppc_hash64_tlb_flush_hpte(PowerPCCPU *cpu,
diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c
index be7a45f254..1ca7f9089a 100644
--- a/target/ppc/mmu-radix64.c
+++ b/target/ppc/mmu-radix64.c
@@ -675,11 +675,12 @@ static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu,
  *              | = On        | Process Scoped |    Scoped     |
  *              +-------------+----------------+---------------+
  */
-static bool ppc_radix64_xlate_impl(PowerPCCPU *cpu, vaddr eaddr,
+static bool ppc_radix64_xlate_impl(CPUState *cs, vaddr eaddr,
                                    MMUAccessType access_type, hwaddr *raddr,
                                    int *psizep, int *protp, int mmu_idx,
                                    bool guest_visible)
 {
+    PowerPCCPU *cpu = POWERPC_CPU(cs);
     CPUPPCState *env = &cpu->env;
     uint64_t lpid, pid;
     ppc_v3_pate_t pate;
@@ -805,11 +806,11 @@ static bool ppc_radix64_xlate_impl(PowerPCCPU *cpu, vaddr eaddr,
     return true;
 }
 
-bool ppc_radix64_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
+bool ppc_radix64_xlate(CPUState *cs, vaddr eaddr, MMUAccessType access_type,
                        hwaddr *raddrp, int *psizep, int *protp, int mmu_idx,
                        bool guest_visible)
 {
-    bool ret = ppc_radix64_xlate_impl(cpu, eaddr, access_type, raddrp,
+    bool ret = ppc_radix64_xlate_impl(cs, eaddr, access_type, raddrp,
                                       psizep, protp, mmu_idx, guest_visible);
 
     qemu_log_mask(CPU_LOG_MMU, "%s for %s @0x%"VADDR_PRIx
diff --git a/target/ppc/mmu-radix64.h b/target/ppc/mmu-radix64.h
index 6620b3d648..3758393883 100644
--- a/target/ppc/mmu-radix64.h
+++ b/target/ppc/mmu-radix64.h
@@ -14,7 +14,7 @@
 #define R_EADDR_QUADRANT2       0x8000000000000000
 #define R_EADDR_QUADRANT3       0xC000000000000000
 
-bool ppc_radix64_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
+bool ppc_radix64_xlate(CPUState *cs, vaddr eaddr, MMUAccessType access_type,
                        hwaddr *raddr, int *psizep, int *protp, int mmu_idx,
                        bool guest_visible);
 
diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index ab055ca96b..8d590a9496 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -579,11 +579,11 @@ void dump_mmu(CPUPPCState *env)
 }
 
 
-static bool ppc_real_mode_xlate(PowerPCCPU *cpu, vaddr eaddr,
+static bool ppc_real_mode_xlate(CPUState *cs, vaddr eaddr,
                                 MMUAccessType access_type,
                                 hwaddr *raddrp, int *psizep, int *protp)
 {
-    CPUPPCState *env = &cpu->env;
+    CPUPPCState *env = cpu_env(cs);
 
     if (access_type == MMU_INST_FETCH ? !FIELD_EX64(env->msr, MSR, IR)
                                       : !FIELD_EX64(env->msr, MSR, DR)) {
@@ -592,21 +592,20 @@ static bool ppc_real_mode_xlate(PowerPCCPU *cpu, vaddr eaddr,
         *psizep = TARGET_PAGE_BITS;
         return true;
     } else if (env->mmu_model == POWERPC_MMU_REAL) {
-        cpu_abort(CPU(cpu), "PowerPC in real mode shold not do translation\n");
+        cpu_abort(cs, "PowerPC in real mode shold not do translation\n");
     }
     return false;
 }
 
-static bool ppc_40x_xlate(PowerPCCPU *cpu, vaddr eaddr,
+static bool ppc_40x_xlate(CPUState *cs, vaddr eaddr,
                           MMUAccessType access_type,
                           hwaddr *raddrp, int *psizep, int *protp,
                           int mmu_idx, bool guest_visible)
 {
-    CPUState *cs = CPU(cpu);
-    CPUPPCState *env = &cpu->env;
+    CPUPPCState *env = cpu_env(cs);
     int ret;
 
-    if (ppc_real_mode_xlate(cpu, eaddr, access_type, raddrp, psizep, protp)) {
+    if (ppc_real_mode_xlate(cs, eaddr, access_type, raddrp, psizep, protp)) {
         return true;
     }
 
@@ -665,18 +664,17 @@ static bool ppc_40x_xlate(PowerPCCPU *cpu, vaddr eaddr,
     return false;
 }
 
-static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
+static bool ppc_6xx_xlate(CPUState *cs, vaddr eaddr,
                           MMUAccessType access_type,
                           hwaddr *raddrp, int *psizep, int *protp,
                           int mmu_idx, bool guest_visible)
 {
-    CPUState *cs = CPU(cpu);
-    CPUPPCState *env = &cpu->env;
+    CPUPPCState *env = cpu_env(cs);
     hwaddr hash = 0; /* init to 0 to avoid used uninit warning */
     bool key;
     int type, ret;
 
-    if (ppc_real_mode_xlate(cpu, eaddr, access_type, raddrp, psizep, protp)) {
+    if (ppc_real_mode_xlate(cs, eaddr, access_type, raddrp, psizep, protp)) {
         return true;
     }
 
@@ -803,15 +801,15 @@ tlb_miss:
 
 /*****************************************************************************/
 
-bool ppc_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
+bool ppc_xlate(CPUState *cs, vaddr eaddr, MMUAccessType access_type,
                       hwaddr *raddrp, int *psizep, int *protp,
                       int mmu_idx, bool guest_visible)
 {
-    switch (cpu->env.mmu_model) {
+    switch (cpu_env(cs)->mmu_model) {
 #if defined(TARGET_PPC64)
     case POWERPC_MMU_3_00:
-        if (ppc64_v3_radix(&cpu->env)) {
-            return ppc_radix64_xlate(cpu, eaddr, access_type, raddrp,
+        if (ppc64_v3_radix(cpu_env(cs))) {
+            return ppc_radix64_xlate(cs, eaddr, access_type, raddrp,
                                      psizep, protp, mmu_idx, guest_visible);
         }
         /* fall through */
@@ -819,36 +817,36 @@ bool ppc_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
     case POWERPC_MMU_2_03:
     case POWERPC_MMU_2_06:
     case POWERPC_MMU_2_07:
-        return ppc_hash64_xlate(cpu, eaddr, access_type,
+        return ppc_hash64_xlate(cs, eaddr, access_type,
                                 raddrp, psizep, protp, mmu_idx, guest_visible);
 #endif
 
     case POWERPC_MMU_32B:
-        return ppc_hash32_xlate(cpu, eaddr, access_type, raddrp,
+        return ppc_hash32_xlate(cs, eaddr, access_type, raddrp,
                                psizep, protp, mmu_idx, guest_visible);
     case POWERPC_MMU_BOOKE:
     case POWERPC_MMU_BOOKE206:
-        return ppc_booke_xlate(cpu, eaddr, access_type, raddrp,
+        return ppc_booke_xlate(cs, eaddr, access_type, raddrp,
                                psizep, protp, mmu_idx, guest_visible);
     case POWERPC_MMU_SOFT_4xx:
-        return ppc_40x_xlate(cpu, eaddr, access_type, raddrp,
+        return ppc_40x_xlate(cs, eaddr, access_type, raddrp,
                              psizep, protp, mmu_idx, guest_visible);
     case POWERPC_MMU_SOFT_6xx:
-        return ppc_6xx_xlate(cpu, eaddr, access_type, raddrp,
+        return ppc_6xx_xlate(cs, eaddr, access_type, raddrp,
                              psizep, protp, mmu_idx, guest_visible);
     case POWERPC_MMU_REAL:
-        return ppc_real_mode_xlate(cpu, eaddr, access_type, raddrp, psizep,
+        return ppc_real_mode_xlate(cs, eaddr, access_type, raddrp, psizep,
                                    protp);
     case POWERPC_MMU_MPC8xx:
-        cpu_abort(env_cpu(&cpu->env), "MPC8xx MMU model is not implemented\n");
+        cpu_abort(cs, "MPC8xx MMU model is not implemented\n");
     default:
-        cpu_abort(CPU(cpu), "Unknown or invalid MMU model\n");
+        cpu_abort(cs, "Unknown or invalid MMU model\n");
     }
 }
 
 hwaddr ppc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
 {
-    PowerPCCPU *cpu = POWERPC_CPU(cs);
+    CPUPPCState *env = cpu_env(cs);
     hwaddr raddr;
     int s, p;
 
@@ -857,10 +855,10 @@ hwaddr ppc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
      * try an MMU_DATA_LOAD, we may not be able to read instructions
      * mapped by code TLBs, so we also try a MMU_INST_FETCH.
      */
-    if (ppc_xlate(cpu, addr, MMU_DATA_LOAD, &raddr, &s, &p,
-                  ppc_env_mmu_index(&cpu->env, false), false) ||
-        ppc_xlate(cpu, addr, MMU_INST_FETCH, &raddr, &s, &p,
-                  ppc_env_mmu_index(&cpu->env, true), false)) {
+    if (ppc_xlate(cs, addr, MMU_DATA_LOAD, &raddr, &s, &p,
+                  ppc_env_mmu_index(env, false), false) ||
+        ppc_xlate(cs, addr, MMU_INST_FETCH, &raddr, &s, &p,
+                  ppc_env_mmu_index(env, true), false)) {
         return raddr & TARGET_PAGE_MASK;
     }
     return -1;
diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
index b0a0676beb..cf7ee3b92d 100644
--- a/target/ppc/mmu_helper.c
+++ b/target/ppc/mmu_helper.c
@@ -1361,12 +1361,11 @@ bool ppc_cpu_tlb_fill(CPUState *cs, vaddr eaddr, int size,
                       MMUAccessType access_type, int mmu_idx,
                       bool probe, uintptr_t retaddr)
 {
-    PowerPCCPU *cpu = POWERPC_CPU(cs);
     hwaddr raddr;
     int page_size, prot;
 
-    if (ppc_xlate(cpu, eaddr, access_type, &raddr,
-                  &page_size, &prot, mmu_idx, !probe)) {
+    if (ppc_xlate(cs, eaddr, access_type, &raddr, &page_size, &prot,
+                  mmu_idx, !probe)) {
         tlb_set_page(cs, eaddr & TARGET_PAGE_MASK, raddr & TARGET_PAGE_MASK,
                      prot, mmu_idx, 1UL << page_size);
         return true;
@@ -1374,6 +1373,6 @@ bool ppc_cpu_tlb_fill(CPUState *cs, vaddr eaddr, int size,
     if (probe) {
         return false;
     }
-    raise_exception_err_ra(&cpu->env, cs->exception_index,
-                           cpu->env.error_code, retaddr);
+    raise_exception_err_ra(cpu_env(cs), cs->exception_index,
+                           cpu_env(cs)->error_code, retaddr);
 }
-- 
2.30.9

[PATCH 42/43] target/ppc/mmu-hash32.c: Change parameter type of ppc_hash32_set_[rc]

[BALATON Zoltan]

These functions need AddressSpace from CPUState but take PowerPCCPU
instead and cast that. We have the right type in the caller so change
the parameter type and pass the needed value to avoid casting.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu-hash32.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
index 82a02881c2..0f9c61bf89 100644
--- a/target/ppc/mmu-hash32.c
+++ b/target/ppc/mmu-hash32.c
@@ -228,16 +228,18 @@ static hwaddr ppc_hash32_pteg_search(PowerPCCPU *cpu, hwaddr pte_addr,
     return -1;
 }
 
-static void ppc_hash32_set_r(PowerPCCPU *cpu, hwaddr pte_addr, uint32_t pte1)
+static void ppc_hash32_set_r(AddressSpace *cpu_as, hwaddr pte_addr,
+                             uint32_t pte1)
 {
     /* The HW performs a non-atomic byte update */
-    stb_phys(CPU(cpu)->as, pte_addr + 6, ((pte1 >> 8) & 0xff) | 0x01);
+    stb_phys(cpu_as, pte_addr + 6, ((pte1 >> 8) & 0xff) | 0x01);
 }
 
-static void ppc_hash32_set_c(PowerPCCPU *cpu, hwaddr pte_addr, uint64_t pte1)
+static void ppc_hash32_set_c(AddressSpace *cpu_as, hwaddr pte_addr,
+                             uint64_t pte1)
 {
     /* The HW performs a non-atomic byte update */
-    stb_phys(CPU(cpu)->as, pte_addr + 7, (pte1 & 0xff) | 0x80);
+    stb_phys(cpu_as, pte_addr + 7, (pte1 & 0xff) | 0x80);
 }
 
 static hwaddr ppc_hash32_htab_lookup(PowerPCCPU *cpu,
@@ -399,11 +401,11 @@ bool ppc_hash32_xlate(CPUState *cs, vaddr eaddr, MMUAccessType access_type,
 
     /* 8. Update PTE referenced and changed bits if necessary */
     if (!(pte.pte1 & HPTE32_R_R)) {
-        ppc_hash32_set_r(cpu, pte_addr, pte.pte1);
+        ppc_hash32_set_r(cs->as, pte_addr, pte.pte1);
     }
     if (!(pte.pte1 & HPTE32_R_C)) {
         if (access_type == MMU_DATA_STORE) {
-            ppc_hash32_set_c(cpu, pte_addr, pte.pte1);
+            ppc_hash32_set_c(cs->as, pte_addr, pte.pte1);
         } else {
             /*
              * Treat the page as read-only for now, so that a later write
-- 
2.30.9

[PATCH 43/43] target/ppc/mmu-hash32.c: Change parameter type of ppc_hash32_direct_store

[BALATON Zoltan]

This function needs CPUState and env but takes PowerPCCPU and cast
that. We already have the right types in the caller so pass them to
this function to avoid casting.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
 target/ppc/mmu-hash32.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
index 0f9c61bf89..3588f8f8de 100644
--- a/target/ppc/mmu-hash32.c
+++ b/target/ppc/mmu-hash32.c
@@ -109,15 +109,12 @@ static hwaddr ppc_hash32_bat_lookup(CPUPPCState *env, target_ulong ea,
     return -1;
 }
 
-static bool ppc_hash32_direct_store(PowerPCCPU *cpu, target_ulong sr,
-                                    target_ulong eaddr,
+static bool ppc_hash32_direct_store(CPUState *cs, CPUPPCState *env,
+                                    target_ulong sr, target_ulong eaddr,
                                     MMUAccessType access_type,
                                     hwaddr *raddr, int *prot, int mmu_idx,
                                     bool guest_visible)
 {
-    CPUState *cs = CPU(cpu);
-    CPUPPCState *env = &cpu->env;
-
     qemu_log_mask(CPU_LOG_MMU, "direct store...\n");
 
     if (access_type == MMU_INST_FETCH) {
@@ -336,7 +333,7 @@ bool ppc_hash32_xlate(CPUState *cs, vaddr eaddr, MMUAccessType access_type,
 
     /* 4. Handle direct store segments */
     if (sr & SR32_T) {
-        return ppc_hash32_direct_store(cpu, sr, eaddr, access_type,
+        return ppc_hash32_direct_store(cs, env, sr, eaddr, access_type,
                                        raddrp, protp, mmu_idx, guest_visible);
     }
 
-- 
2.30.9

Re: [PATCH 00/43] Remaining MMU clean up patches

[BALATON Zoltan]

On Mon, 27 May 2024, BALATON Zoltan wrote:
> This is the rest of the MMU clean up series the first part of which
> was merged. Here are the remaining patches rebased and some more added.

Besides cleaning up this code my other goal with this and previous already 
merged series was trying to optimise this a bit. Here are some numbers 
I've got with 9.0 compared to after this series. I've got these running 
old benchmarks that do a lot of memory accesses under AmigaOS on sam460ex 
and amigaone machines. The speed up is not much but measurable.

***
sam460ex:
QEMU v9.0.0
===========
    Sieve of Eratosthenes (Scaled to 10 Iterations)
    Version 1.2, 03 April 1992

    Array Size   Number   Last Prime    Linear     RunTime    MIPS
     (Bytes)   of Primes               Time(sec)    (Sec)
        8191       1899        16381   0.001068   0.001068  1552.2
       10000       2261        19997   0.001304   0.001373  1479.5
       20000       4202        39989   0.002608   0.002747  1498.7
       40000       7836        79999   0.005216   0.005493  1517.0
       80000      14683       160001   0.010432   0.010681  1578.4
      160000      27607       319993   0.020864   0.241089   141.4
      320000      52073       639997   0.041728   0.799561    86.2
      640000      98609      1279997   0.083457   2.019043    68.9
     1280000     187133      2559989   0.166913   4.824219    58.2
     2560000     356243      5119997   0.333827  11.142578    50.9
     5120000     679460     10239989   0.667654  25.488281    44.9
    10240000    1299068     20479999   1.335307  55.898438    41.2
    20480000    2488465     40960001   2.670614  125.625000    37.0

    Average RunTime = 0.020496 (sec)
    High  MIPS      =   1578.4
    Low   MIPS      =     37.0

STREAM version $Revision: 5.10 $
Your clock granularity/precision appears to be 3 microseconds.
Each test below will take on the order of 228749 microseconds.
    (= 76249 clock ticks)
Function    Best Rate MB/s  Avg time     Min time     Max time
Copy:            1703.0     0.097710     0.093951     0.107887
Scale:            706.9     0.233270     0.226353     0.244723
Add:              862.8     0.288949     0.278165     0.302902
Triad:            763.4     0.318530     0.314394     0.324167

QEMU master + this series:
==========================
    Sieve of Eratosthenes (Scaled to 10 Iterations)
    Version 1.2, 03 April 1992

    Array Size   Number   Last Prime    Linear     RunTime    MIPS
     (Bytes)   of Primes               Time(sec)    (Sec)
        8191       1899        16381   0.001068   0.001068  1552.2
       10000       2261        19997   0.001304   0.001259  1614.0
       20000       4202        39989   0.002608   0.002518  1635.0
       40000       7836        79999   0.005216   0.005493  1517.0
       80000      14683       160001   0.010432   0.011597  1453.8
      160000      27607       319993   0.020864   0.218506   156.0
      320000      52073       639997   0.041728   0.747070    92.2
      640000      98609      1279997   0.083457   1.887207    73.7
     1280000     187133      2559989   0.166913   4.633789    60.6
     2560000     356243      5119997   0.333827  10.449219    54.2
     5120000     679460     10239989   0.667654  23.750000    48.1
    10240000    1299068     20479999   1.335307  52.109375    44.2
    20480000    2488465     40960001   2.670614  117.031250    39.7

    Relative to 10 Iterations and the 8191 Array Size:
    Average RunTime = 0.019190 (sec)
    High  MIPS      =   1635.0
    Low   MIPS      =     39.7

STREAM version $Revision: 5.10 $
Your clock granularity/precision appears to be 3 microseconds.
Each test below will take on the order of 189202 microseconds.
    (= 63067 clock ticks)
Function    Best Rate MB/s  Avg time     Min time     Max time
Copy:            1730.8     0.096015     0.092444     0.107926
Scale:            784.4     0.208925     0.203969     0.217610
Add:             1002.6     0.243805     0.239389     0.254176
Triad:            768.9     0.322526     0.312154     0.345777

***
amigaone:
QEMU v9.0.0
===========
    Sieve of Eratosthenes (Scaled to 10 Iterations)
    Version 1.2, 03 April 1992

    Array Size   Number   Last Prime    Linear     RunTime    MIPS
     (Bytes)   of Primes               Time(sec)    (Sec)
        8191       1899        16381   0.001068   0.001068  1552.2
       10000       2261        19997   0.001304   0.001259  1614.0
       20000       4202        39989   0.002608   0.002747  1498.7
       40000       7836        79999   0.005216   0.005493  1517.0
       80000      14683       160001   0.010432   0.010986  1534.6
      160000      27607       319993   0.020864   0.023193  1469.7
      320000      52073       639997   0.041728   0.047607  1446.9
      640000      98609      1279997   0.083457   0.100098  1389.9
     1280000     187133      2559989   0.166913   0.200195  1403.0
     2560000     356243      5119997   0.333827   0.400391  1415.6
     5120000     679460     10239989   0.667654   1.484375   770.2
    10240000    1299068     20479999   1.335307   1.679688  1372.5
    20480000    2488465     40960001   2.670614   6.796875   683.7

    Relative to 10 Iterations and the 8191 Array Size:
    Average RunTime = 0.001397 (sec)
    High  MIPS      =   1614.0
    Low   MIPS      =    683.7

STREAM version $Revision: 5.10 $
Your clock granularity/precision appears to be 2 microseconds.
Each test below will take on the order of 203076 microseconds.
    (= 101538 clock ticks)
Function    Best Rate MB/s  Avg time     Min time     Max time
Copy:            2529.4     0.067538     0.063255     0.079943
Scale:            885.4     0.187032     0.180708     0.194940
Add:             1119.5     0.226545     0.214384     0.246212
Triad:            959.5     0.260417     0.250131     0.281227

QEMU master + this series:
==========================
    Sieve of Eratosthenes (Scaled to 10 Iterations)
    Version 1.2, 03 April 1992

    Array Size   Number   Last Prime    Linear     RunTime    MIPS
     (Bytes)   of Primes               Time(sec)    (Sec)
        8191       1899        16381   0.001068   0.001068  1552.2
       10000       2261        19997   0.001304   0.001373  1479.5
       20000       4202        39989   0.002608   0.002518  1635.0
       40000       7836        79999   0.005216   0.005798  1437.2
       80000      14683       160001   0.010432   0.010986  1534.6
      160000      27607       319993   0.020864   0.021973  1551.3
      320000      52073       639997   0.041728   0.046387  1485.0
      640000      98609      1279997   0.083457   0.100098  1389.9
     1280000     187133      2559989   0.166913   0.200195  1403.0
     2560000     356243      5119997   0.333827   0.400391  1415.6
     5120000     679460     10239989   0.667654   0.859375  1330.4
    10240000    1299068     20479999   1.335307   3.085938   747.1
    20480000    2488465     40960001   2.670614   6.562500   708.1

    Relative to 10 Iterations and the 8191 Array Size:
    Average RunTime = 0.001397 (sec)
    High  MIPS      =   1635.0
    Low   MIPS      =    708.1

STREAM version $Revision: 5.10 $
Your clock granularity/precision appears to be 2 microseconds.
Each test below will take on the order of 168572 microseconds.
    (= 84286 clock ticks)
Function    Best Rate MB/s  Avg time     Min time     Max time
Copy:            2410.2     0.076613     0.066384     0.127486
Scale:           1007.6     0.164015     0.158791     0.175446
Add:             1236.3     0.203815     0.194123     0.216319
Triad:            967.6     0.262833     0.248042     0.281844

There is some variation between results between multiple runs but the 
optimised version seems to run a bit faster and it should be more readable 
code than it was before. It could be possible to improve it further but I 
stop here for now.

The sam460ex seems to be slower due to TLB misses generating an exception 
on embedded PPC and exceptions are slow on QEMU (not only because of 
needing to go through guest code but generally, I've also seen this with 
workloads that do a lot of syscalls but I don't have measurements of that 
now). The amigaone with G4 CPU uses hash MMU which can access the needed 
data from guest memory without an exception so it can keep running faster 
with TLB misses.

Regards,
BALATON Zoltan

Re: [PATCH 00/43] Remaining MMU clean up patches

[BALATON Zoltan]

On Mon, 27 May 2024, BALATON Zoltan wrote:
> This is the rest of the MMU clean up series the first part of which
> was merged. Here are the remaining patches rebased and some more added.

Ping?

> Regards,
> BALATON Zoltan
>
> BALATON Zoltan (43):
>  target/ppc: Reorganise and rename ppc_hash32_pp_prot()
>  target/ppc/mmu_common.c: Remove local name for a constant
>  target/ppc/mmu_common.c: Remove single use local variable
>  target/ppc/mmu_common.c: Remove single use local variable
>  target/ppc/mmu_common.c: Remove another single use local variable
>  target/ppc/mmu_common.c: Remove yet another single use local variable
>  target/ppc/mmu_common.c: Return directly in ppc6xx_tlb_pte_check()
>  target/ppc/mmu_common.c: Simplify ppc6xx_tlb_pte_check()
>  target/ppc/mmu_common.c: Remove unused field from mmu_ctx_t
>  target/ppc/mmu_common.c: Remove hash field from mmu_ctx_t
>  target/ppc/mmu_common.c: Remove pte_update_flags()
>  target/ppc/mmu_common.c: Remove nx field from mmu_ctx_t
>  target/ppc/mmu_common.c: Convert local variable to bool
>  target/ppc/mmu_common.c: Remove single use local variable
>  target/ppc/mmu_common.c: Simplify a switch statement
>  target/ppc/mmu_common.c: Inline and remove ppc6xx_tlb_pte_check()
>  target/ppc/mmu_common.c: Remove ptem field from mmu_ctx_t
>  target/ppc: Add function to get protection key for hash32 MMU
>  target/ppc/mmu-hash32.c: Inline and remove ppc_hash32_pte_prot()
>  target/ppc/mmu_common.c: Init variable in function that relies on it
>  target/ppc/mmu_common.c: Remove key field from mmu_ctx_t
>  target/ppc/mmu_common.c: Stop using ctx in ppc6xx_tlb_check()
>  target/ppc/mmu_common.c: Rename function parameter
>  target/ppc/mmu_common.c: Use defines instead of numeric constants
>  target/ppc: Remove bat_size_prot()
>  target/ppc/mmu_common.c: Stop using ctx in get_bat_6xx_tlb()
>  target/ppc/mmu_common.c: Remove mmu_ctx_t
>  target/ppc/mmu-hash32.c: Inline and remove ppc_hash32_pte_raddr()
>  target/ppc/mmu-hash32.c: Move get_pteg_offset32() to the header
>  target/ppc: Unexport some functions from mmu-book3s-v3.h
>  target/ppc/mmu-radix64: Remove externally unused parts from header
>  target/ppc: Remove includes from mmu-book3s-v3.h
>  target/ppc: Remove single use static inline function
>  target/ppc/internal.h: Consolidate ifndef CONFIG_USER_ONLY blocks
>  target/ppc/mmu-hash32.c: Change parameter type of
>    ppc_hash32_bat_lookup()
>  target/ppc/mmu-hash32: Remove some static inlines from header
>  target/ppc/mmu-hash32.c: Return and use pte address instead of base +
>    offset
>  target/ppc/mmu-hash32.c: Use pte address as parameter instead of
>    offset
>  target/ppc: Change parameter type of some inline functions
>  target/ppc: Change parameter type of ppc64_v3_radix()
>  target/ppc: Change MMU xlate functions to take CPUState
>  target/ppc/mmu-hash32.c: Change parameter type of ppc_hash32_set_[rc]
>  target/ppc/mmu-hash32.c: Change parameter type of
>    ppc_hash32_direct_store
>
> hw/ppc/spapr_rtas.c                 |   2 +-
> hw/ppc/spapr_vhyp_mmu.c             |  21 +-
> target/ppc/internal.h               |  34 +--
> target/ppc/mmu-book3s-v3.c          |   1 -
> target/ppc/mmu-book3s-v3.h          |  47 +---
> target/ppc/mmu-booke.c              |   5 +-
> target/ppc/mmu-booke.h              |   2 +-
> target/ppc/mmu-hash32.c             | 165 ++++--------
> target/ppc/mmu-hash32.h             |  86 +++---
> target/ppc/mmu-hash64.c             |  54 +++-
> target/ppc/mmu-hash64.h             |   3 +-
> target/ppc/mmu-radix64.c            |  57 +++-
> target/ppc/mmu-radix64.h            |  55 +---
> target/ppc/mmu_common.c             | 405 ++++++++++------------------
> target/ppc/mmu_helper.c             |   9 +-
> target/ppc/translate/vsx-impl.c.inc |   6 +-
> 16 files changed, 376 insertions(+), 576 deletions(-)
>
>

Re: [PATCH 01/43] target/ppc: Reorganise and rename ppc_hash32_pp_prot()

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> Reorganise ppc_hash32_pp_prot() swapping the if legs so it does not
> test for negative first and clean up to make it shorter. Also rename
> it to ppc_hash32_prot().

Rename makes sense since it's not entirely derived from pp but
also key and nx.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu-hash32.c |  2 +-
>  target/ppc/mmu-hash32.h | 35 +++++++++++++----------------------
>  target/ppc/mmu_common.c |  2 +-
>  3 files changed, 15 insertions(+), 24 deletions(-)
>
> diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
> index d5f2057eb1..8a446c8a7d 100644
> --- a/target/ppc/mmu-hash32.c
> +++ b/target/ppc/mmu-hash32.c
> @@ -45,7 +45,7 @@ static int ppc_hash32_pte_prot(int mmu_idx,
>      key = !!(mmuidx_pr(mmu_idx) ? (sr & SR32_KP) : (sr & SR32_KS));
>      pp = pte.pte1 & HPTE32_R_PP;
>  
> -    return ppc_hash32_pp_prot(key, pp, !!(sr & SR32_NX));
> +    return ppc_hash32_prot(key, pp, !!(sr & SR32_NX));
>  }
>  
>  static target_ulong hash32_bat_size(int mmu_idx,
> diff --git a/target/ppc/mmu-hash32.h b/target/ppc/mmu-hash32.h
> index f0ce6951b4..bc4eedbecc 100644
> --- a/target/ppc/mmu-hash32.h
> +++ b/target/ppc/mmu-hash32.h
> @@ -102,49 +102,40 @@ static inline void ppc_hash32_store_hpte1(PowerPCCPU *cpu,
>      stl_phys(CPU(cpu)->as, base + pte_offset + HASH_PTE_SIZE_32 / 2, pte1);
>  }
>  
> -static inline int ppc_hash32_pp_prot(bool key, int pp, bool nx)
> +static inline int ppc_hash32_prot(bool key, int pp, bool nx)
>  {
>      int prot;
>  
> -    if (key == 0) {
> +    if (key) {
>          switch (pp) {
>          case 0x0:
> -        case 0x1:
> -        case 0x2:
> -            prot = PAGE_READ | PAGE_WRITE;
> +            prot = 0;
>              break;
> -
> +        case 0x1:
>          case 0x3:
>              prot = PAGE_READ;
>              break;
> -
> +        case 0x2:
> +            prot = PAGE_READ | PAGE_WRITE;
> +            break;
>          default:
> -            abort();
> +            g_assert_not_reached();
>          }
>      } else {
>          switch (pp) {
>          case 0x0:
> -            prot = 0;
> -            break;
> -
>          case 0x1:
> -        case 0x3:
> -            prot = PAGE_READ;
> -            break;
> -
>          case 0x2:
>              prot = PAGE_READ | PAGE_WRITE;
>              break;
> -
> +        case 0x3:
> +            prot = PAGE_READ;
> +            break;
>          default:
> -            abort();
> +            g_assert_not_reached();
>          }
>      }
> -    if (nx == 0) {
> -        prot |= PAGE_EXEC;
> -    }
> -
> -    return prot;
> +    return nx ? prot : prot | PAGE_EXEC;
>  }
>  
>  typedef struct {
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index e2542694f0..08c5b61f76 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -120,7 +120,7 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
>              }
>              /* Keep the matching PTE information */
>              ctx->raddr = pte1;
> -            ctx->prot = ppc_hash32_pp_prot(ctx->key, pp, ctx->nx);
> +            ctx->prot = ppc_hash32_prot(ctx->key, pp, ctx->nx);
>              if (check_prot_access_type(ctx->prot, access_type)) {
>                  /* Access granted */
>                  qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");

Re: [PATCH 02/43] target/ppc/mmu_common.c: Remove local name for a constant

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> The mmask local variable is a less descriptive local name for a
> constant. Drop it and use the constant directly in the two places it
> is needed.
>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

> ---
>  target/ppc/mmu_common.c | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index 08c5b61f76..2618cdec6a 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -98,7 +98,7 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
>                                  target_ulong pte1, int h,
>                                  MMUAccessType access_type)
>  {
> -    target_ulong ptem, mmask;
> +    target_ulong ptem;
>      int ret, pteh, ptev, pp;
>  
>      ret = -1;
> @@ -108,12 +108,11 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
>      if (ptev && h == pteh) {
>          /* Check vsid & api */
>          ptem = pte0 & PTE_PTEM_MASK;
> -        mmask = PTE_CHECK_MASK;
>          pp = pte1 & 0x00000003;
>          if (ptem == ctx->ptem) {
>              if (ctx->raddr != (hwaddr)-1ULL) {
>                  /* all matches should have equal RPN, WIMG & PP */
> -                if ((ctx->raddr & mmask) != (pte1 & mmask)) {
> +                if ((ctx->raddr & PTE_CHECK_MASK) != (pte1 & PTE_CHECK_MASK)) {
>                      qemu_log_mask(CPU_LOG_MMU, "Bad RPN/WIMG/PP\n");
>                      return -3;
>                  }

Re: [PATCH 03/43] target/ppc/mmu_common.c: Remove single use local variable

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> The ptem variable in ppc6xx_tlb_pte_check() is used only once,
> simplify by removing it as the value is already clear itself without
> adding a local name for it.
>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

> ---
>  target/ppc/mmu_common.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index 2618cdec6a..371ec24485 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -98,7 +98,6 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
>                                  target_ulong pte1, int h,
>                                  MMUAccessType access_type)
>  {
> -    target_ulong ptem;
>      int ret, pteh, ptev, pp;
>  
>      ret = -1;
> @@ -107,9 +106,8 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
>      pteh = (pte0 >> 6) & 1;
>      if (ptev && h == pteh) {
>          /* Check vsid & api */
> -        ptem = pte0 & PTE_PTEM_MASK;
>          pp = pte1 & 0x00000003;
> -        if (ptem == ctx->ptem) {
> +        if ((pte0 & PTE_PTEM_MASK) == ctx->ptem) {
>              if (ctx->raddr != (hwaddr)-1ULL) {
>                  /* all matches should have equal RPN, WIMG & PP */
>                  if ((ctx->raddr & PTE_CHECK_MASK) != (pte1 & PTE_CHECK_MASK)) {

Re: [PATCH 04/43] target/ppc/mmu_common.c: Remove single use local variable

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> The ptev variable in ppc6xx_tlb_pte_check() is used only once and just
> obfuscates an otherwise clear value. Get rid of it.
>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

> ---
>  target/ppc/mmu_common.c | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index 371ec24485..16578f7fa5 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -98,13 +98,12 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
>                                  target_ulong pte1, int h,
>                                  MMUAccessType access_type)
>  {
> -    int ret, pteh, ptev, pp;
> +    int ret, pteh, pp;
>  
>      ret = -1;
>      /* Check validity and table match */
> -    ptev = pte_is_valid(pte0);
>      pteh = (pte0 >> 6) & 1;
> -    if (ptev && h == pteh) {
> +    if (pte_is_valid(pte0) && h == pteh) {
>          /* Check vsid & api */
>          pp = pte1 & 0x00000003;
>          if ((pte0 & PTE_PTEM_MASK) == ctx->ptem) {

Re: [PATCH 05/43] target/ppc/mmu_common.c: Remove another single use local variable

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> In ppc6xx_tlb_pte_check() the pteh variable is used only once to
> compare to the h parameter of the function. Inline its value and use
> pteh name for the function parameter which is more descriptive.
>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

> ---
>  target/ppc/mmu_common.c | 7 +++----
>  1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index 16578f7fa5..b21f52290f 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -95,15 +95,14 @@ int ppc6xx_tlb_getnum(CPUPPCState *env, target_ulong eaddr,
>  }
>  
>  static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
> -                                target_ulong pte1, int h,
> +                                target_ulong pte1, int pteh,
>                                  MMUAccessType access_type)
>  {
> -    int ret, pteh, pp;
> +    int ret, pp;
>  
>      ret = -1;
>      /* Check validity and table match */
> -    pteh = (pte0 >> 6) & 1;
> -    if (pte_is_valid(pte0) && h == pteh) {
> +    if (pte_is_valid(pte0) && ((pte0 >> 6) & 1) == pteh) {
>          /* Check vsid & api */
>          pp = pte1 & 0x00000003;
>          if ((pte0 & PTE_PTEM_MASK) == ctx->ptem) {

Re: [PATCH 06/43] target/ppc/mmu_common.c: Remove yet another single use local variable

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> In ppc6xx_tlb_pte_check() the pp variable is used only once to pass it
> to a function parameter with the same name. Remove the local and
> inline the value. Also use named constant for the hex value to make it
> clearer.
>

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu_common.c | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index b21f52290f..799d2ced9b 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -98,13 +98,12 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
>                                  target_ulong pte1, int pteh,
>                                  MMUAccessType access_type)
>  {
> -    int ret, pp;
> +    int ret;
>  
>      ret = -1;
>      /* Check validity and table match */
>      if (pte_is_valid(pte0) && ((pte0 >> 6) & 1) == pteh) {
>          /* Check vsid & api */
> -        pp = pte1 & 0x00000003;
>          if ((pte0 & PTE_PTEM_MASK) == ctx->ptem) {
>              if (ctx->raddr != (hwaddr)-1ULL) {
>                  /* all matches should have equal RPN, WIMG & PP */
> @@ -115,7 +114,7 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
>              }
>              /* Keep the matching PTE information */
>              ctx->raddr = pte1;
> -            ctx->prot = ppc_hash32_prot(ctx->key, pp, ctx->nx);
> +            ctx->prot = ppc_hash32_prot(ctx->key, pte1 & HPTE32_R_PP, ctx->nx);
>              if (check_prot_access_type(ctx->prot, access_type)) {
>                  /* Access granted */
>                  qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");

Re: [PATCH 07/43] target/ppc/mmu_common.c: Return directly in ppc6xx_tlb_pte_check()

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> Instead of using a local ret variable return directly and remove the
> local.
>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>

Some people probably prefer the existing style but I don't
mind early returns.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

> ---
>  target/ppc/mmu_common.c | 10 +++-------
>  1 file changed, 3 insertions(+), 7 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index 799d2ced9b..a5ae11394d 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -98,9 +98,6 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
>                                  target_ulong pte1, int pteh,
>                                  MMUAccessType access_type)
>  {
> -    int ret;
> -
> -    ret = -1;
>      /* Check validity and table match */
>      if (pte_is_valid(pte0) && ((pte0 >> 6) & 1) == pteh) {
>          /* Check vsid & api */
> @@ -118,16 +115,15 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
>              if (check_prot_access_type(ctx->prot, access_type)) {
>                  /* Access granted */
>                  qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
> -                ret = 0;
> +                return 0;
>              } else {
>                  /* Access right violation */
>                  qemu_log_mask(CPU_LOG_MMU, "PTE access rejected\n");
> -                ret = -2;
> +                return -2;
>              }
>          }
>      }
> -
> -    return ret;
> +    return -1;
>  }
>  
>  static int pte_update_flags(mmu_ctx_t *ctx, target_ulong *pte1p,

Re: [PATCH 08/43] target/ppc/mmu_common.c: Simplify ppc6xx_tlb_pte_check()

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> Invert conditions to avoid deep nested ifs and return early instead.
> Remove some obvious comments that don't add more clarity.
>

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu_common.c | 43 ++++++++++++++++++-----------------------
>  1 file changed, 19 insertions(+), 24 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index a5ae11394d..28adb3ca10 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -99,31 +99,26 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
>                                  MMUAccessType access_type)
>  {
>      /* Check validity and table match */
> -    if (pte_is_valid(pte0) && ((pte0 >> 6) & 1) == pteh) {
> -        /* Check vsid & api */
> -        if ((pte0 & PTE_PTEM_MASK) == ctx->ptem) {
> -            if (ctx->raddr != (hwaddr)-1ULL) {
> -                /* all matches should have equal RPN, WIMG & PP */
> -                if ((ctx->raddr & PTE_CHECK_MASK) != (pte1 & PTE_CHECK_MASK)) {
> -                    qemu_log_mask(CPU_LOG_MMU, "Bad RPN/WIMG/PP\n");
> -                    return -3;
> -                }
> -            }
> -            /* Keep the matching PTE information */
> -            ctx->raddr = pte1;
> -            ctx->prot = ppc_hash32_prot(ctx->key, pte1 & HPTE32_R_PP, ctx->nx);
> -            if (check_prot_access_type(ctx->prot, access_type)) {
> -                /* Access granted */
> -                qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
> -                return 0;
> -            } else {
> -                /* Access right violation */
> -                qemu_log_mask(CPU_LOG_MMU, "PTE access rejected\n");
> -                return -2;
> -            }
> -        }
> +    if (!pte_is_valid(pte0) || ((pte0 >> 6) & 1) != pteh ||
> +        (pte0 & PTE_PTEM_MASK) != ctx->ptem) {
> +        return -1;
> +    }
> +    /* all matches should have equal RPN, WIMG & PP */
> +    if (ctx->raddr != (hwaddr)-1ULL &&
> +        (ctx->raddr & PTE_CHECK_MASK) != (pte1 & PTE_CHECK_MASK)) {
> +        qemu_log_mask(CPU_LOG_MMU, "Bad RPN/WIMG/PP\n");
> +        return -3;
> +    }
> +    /* Keep the matching PTE information */
> +    ctx->raddr = pte1;
> +    ctx->prot = ppc_hash32_prot(ctx->key, pte1 & HPTE32_R_PP, ctx->nx);
> +    if (check_prot_access_type(ctx->prot, access_type)) {
> +        qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
> +        return 0;
> +    } else {
> +        qemu_log_mask(CPU_LOG_MMU, "PTE access rejected\n");
> +        return -2;
>      }
> -    return -1;
>  }
>  
>  static int pte_update_flags(mmu_ctx_t *ctx, target_ulong *pte1p,

Re: [PATCH 09/43] target/ppc/mmu_common.c: Remove unused field from mmu_ctx_t

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> The eaddr field of mmu_ctx_t is set once but never used so can be
> removed.
>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

> ---
>  target/ppc/mmu_common.c | 2 --
>  1 file changed, 2 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index 28adb3ca10..0a07023f48 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -40,7 +40,6 @@
>  /* Context used internally during MMU translations */
>  typedef struct {
>      hwaddr raddr;      /* Real address             */
> -    hwaddr eaddr;      /* Effective address        */
>      int prot;          /* Protection bits          */
>      hwaddr hash[2];    /* Pagetable hash values    */
>      target_ulong ptem; /* Virtual segment ID | API */
> @@ -348,7 +347,6 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>  
>      /* Perform segment based translation when no BATs matched */
>      pr = FIELD_EX64(env->msr, MSR, PR);
> -    ctx->eaddr = eaddr;
>  
>      sr = env->sr[eaddr >> 28];
>      ctx->key = (((sr & 0x20000000) && pr) ||

Re: [PATCH 10/43] target/ppc/mmu_common.c: Remove hash field from mmu_ctx_t

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> Return hash value via a parameter and remove it from mmu_ctx.t.
>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

> ---
>  target/ppc/mmu_common.c | 19 ++++++++-----------
>  1 file changed, 8 insertions(+), 11 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index 0a07023f48..e3537c63c0 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -41,7 +41,6 @@
>  typedef struct {
>      hwaddr raddr;      /* Real address             */
>      int prot;          /* Protection bits          */
> -    hwaddr hash[2];    /* Pagetable hash values    */
>      target_ulong ptem; /* Virtual segment ID | API */
>      int key;           /* Access key               */
>      int nx;            /* Non-execute area         */
> @@ -331,7 +330,7 @@ static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
>  }
>  
>  static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
> -                                       target_ulong eaddr,
> +                                       target_ulong eaddr, hwaddr *hashp,
>                                         MMUAccessType access_type, int type)
>  {
>      PowerPCCPU *cpu = env_archcpu(env);
> @@ -379,8 +378,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>          qemu_log_mask(CPU_LOG_MMU, "htab_base " HWADDR_FMT_plx " htab_mask "
>                        HWADDR_FMT_plx " hash " HWADDR_FMT_plx "\n",
>                        ppc_hash32_hpt_base(cpu), ppc_hash32_hpt_mask(cpu), hash);
> -        ctx->hash[0] = hash;
> -        ctx->hash[1] = ~hash;
> +        *hashp = hash;
>  
>          /* Initialize real address with an invalid value */
>          ctx->raddr = (hwaddr)-1ULL;
> @@ -761,8 +759,8 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
>      CPUState *cs = CPU(cpu);
>      CPUPPCState *env = &cpu->env;
>      mmu_ctx_t ctx;
> -    int type;
> -    int ret;
> +    hwaddr hash = 0; /* init to 0 to avoid used uninit warning */
> +    int type, ret;
>  
>      if (ppc_real_mode_xlate(cpu, eaddr, access_type, raddrp, psizep, protp)) {
>          return true;
> @@ -779,9 +777,8 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
>      }
>  
>      ctx.prot = 0;
> -    ctx.hash[0] = 0;
> -    ctx.hash[1] = 0;
> -    ret = mmu6xx_get_physical_address(env, &ctx, eaddr, access_type, type);
> +    ret = mmu6xx_get_physical_address(env, &ctx, eaddr, &hash,
> +                                      access_type, type);
>      if (ret == 0) {
>          *raddrp = ctx.raddr;
>          *protp = ctx.prot;
> @@ -834,9 +831,9 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
>  tlb_miss:
>              env->error_code |= ctx.key << 19;
>              env->spr[SPR_HASH1] = ppc_hash32_hpt_base(cpu) +
> -                                  get_pteg_offset32(cpu, ctx.hash[0]);
> +                                  get_pteg_offset32(cpu, hash);
>              env->spr[SPR_HASH2] = ppc_hash32_hpt_base(cpu) +
> -                                  get_pteg_offset32(cpu, ctx.hash[1]);
> +                                  get_pteg_offset32(cpu, ~hash);
>              break;
>          case -2:
>              /* Access rights violation */

Re: [PATCH 11/43] target/ppc/mmu_common.c: Remove pte_update_flags()

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> This function is used only once, its return value is ignored and one
> of its parameter is a return value from a previous call. It is better
> to inline it in the caller and remove it.
>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu_common.c | 41 +++++++++++++----------------------------
>  1 file changed, 13 insertions(+), 28 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index e3537c63c0..c4902b7632 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -119,39 +119,14 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
>      }
>  }
>  
> -static int pte_update_flags(mmu_ctx_t *ctx, target_ulong *pte1p,
> -                            int ret, MMUAccessType access_type)
> -{
> -    int store = 0;
> -
> -    /* Update page flags */
> -    if (!(*pte1p & 0x00000100)) {
> -        /* Update accessed flag */
> -        *pte1p |= 0x00000100;
> -        store = 1;
> -    }
> -    if (!(*pte1p & 0x00000080)) {
> -        if (access_type == MMU_DATA_STORE && ret == 0) {
> -            /* Update changed flag */
> -            *pte1p |= 0x00000080;
> -            store = 1;
> -        } else {
> -            /* Force page fault for first write access */
> -            ctx->prot &= ~PAGE_WRITE;
> -        }
> -    }
> -
> -    return store;
> -}
> -
>  /* Software driven TLB helpers */
>  
>  static int ppc6xx_tlb_check(CPUPPCState *env, mmu_ctx_t *ctx,
>                              target_ulong eaddr, MMUAccessType access_type)
>  {
>      ppc6xx_tlb_t *tlb;
> -    int nr, best, way;
> -    int ret;
> +    target_ulong *pte1p;
> +    int nr, best, way, ret;
>  
>      best = -1;
>      ret = -1; /* No TLB found */
> @@ -204,7 +179,17 @@ done:
>                        " prot=%01x ret=%d\n",
>                        ctx->raddr & TARGET_PAGE_MASK, ctx->prot, ret);
>          /* Update page flags */
> -        pte_update_flags(ctx, &env->tlb.tlb6[best].pte1, ret, access_type);
> +        pte1p = &env->tlb.tlb6[best].pte1;
> +        *pte1p |= 0x00000100; /* Update accessed flag */
> +        if (!(*pte1p & 0x00000080)) {
> +            if (access_type == MMU_DATA_STORE && ret == 0) {
> +                /* Update changed flag */
> +                *pte1p |= 0x00000080;
> +            } else {
> +                /* Force page fault for first write access */
> +                ctx->prot &= ~PAGE_WRITE;

Out of curiosity, I guess this unusual part is because ctx->prot can get
PAGE_WRITE set in the bat lookup, then it has to be cleared if the PTE
does not have changed bit?

> +            }
> +        }
>      }

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

>  #if defined(DUMP_PAGE_TABLES)
>      if (qemu_loglevel_mask(CPU_LOG_MMU)) {

Re: [PATCH 12/43] target/ppc/mmu_common.c: Remove nx field from mmu_ctx_t

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> Pass it as a parameter instead. Also use named constants instead of
> hex values when extracting bits from SR.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu_common.c | 24 ++++++++++++------------
>  1 file changed, 12 insertions(+), 12 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index c4902b7632..9f402a979d 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -43,7 +43,6 @@ typedef struct {
>      int prot;          /* Protection bits          */
>      target_ulong ptem; /* Virtual segment ID | API */
>      int key;           /* Access key               */
> -    int nx;            /* Non-execute area         */
>  } mmu_ctx_t;
>  
>  void ppc_store_sdr1(CPUPPCState *env, target_ulong value)
> @@ -94,7 +93,7 @@ int ppc6xx_tlb_getnum(CPUPPCState *env, target_ulong eaddr,
>  
>  static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
>                                  target_ulong pte1, int pteh,
> -                                MMUAccessType access_type)
> +                                MMUAccessType access_type, bool nx)
>  {
>      /* Check validity and table match */
>      if (!pte_is_valid(pte0) || ((pte0 >> 6) & 1) != pteh ||
> @@ -109,7 +108,7 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
>      }
>      /* Keep the matching PTE information */
>      ctx->raddr = pte1;
> -    ctx->prot = ppc_hash32_prot(ctx->key, pte1 & HPTE32_R_PP, ctx->nx);
> +    ctx->prot = ppc_hash32_prot(ctx->key, pte1 & HPTE32_R_PP, nx);
>      if (check_prot_access_type(ctx->prot, access_type)) {
>          qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
>          return 0;
> @@ -121,8 +120,9 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
>  
>  /* Software driven TLB helpers */
>  
> -static int ppc6xx_tlb_check(CPUPPCState *env, mmu_ctx_t *ctx,
> -                            target_ulong eaddr, MMUAccessType access_type)
> +static int ppc6xx_tlb_check(CPUPPCState *env,
> +                            mmu_ctx_t *ctx, target_ulong eaddr,
> +                            MMUAccessType access_type, bool nx)
>  {
>      ppc6xx_tlb_t *tlb;
>      target_ulong *pte1p;
> @@ -150,7 +150,7 @@ static int ppc6xx_tlb_check(CPUPPCState *env, mmu_ctx_t *ctx,
>                        access_type == MMU_DATA_STORE ? 'S' : 'L',
>                        access_type == MMU_INST_FETCH ? 'I' : 'D');
>          switch (ppc6xx_tlb_pte_check(ctx, tlb->pte0, tlb->pte1,
> -                                     0, access_type)) {
> +                                     0, access_type, nx)) {
>          case -2:
>              /* Access violation */
>              ret = -2;
> @@ -322,7 +322,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>      hwaddr hash;
>      target_ulong vsid, sr, pgidx;
>      int ds, target_page_bits;
> -    bool pr;
> +    bool pr, nx;
>  
>      /* First try to find a BAT entry if there are any */
>      if (env->nb_BATs && get_bat_6xx_tlb(env, ctx, eaddr, access_type) == 0) {
> @@ -336,8 +336,8 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>      ctx->key = (((sr & 0x20000000) && pr) ||
>                  ((sr & 0x40000000) && !pr)) ? 1 : 0;
>      ds = sr & 0x80000000 ? 1 : 0;
> -    ctx->nx = sr & 0x10000000 ? 1 : 0;
> -    vsid = sr & 0x00FFFFFF;
> +    nx = sr & SR32_NX;
> +    vsid = sr & SR32_VSID;
>      target_page_bits = TARGET_PAGE_BITS;
>      qemu_log_mask(CPU_LOG_MMU,
>                    "Check segment v=" TARGET_FMT_lx " %d " TARGET_FMT_lx
> @@ -352,10 +352,10 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>      ctx->ptem = (vsid << 7) | (pgidx >> 10);
>  
>      qemu_log_mask(CPU_LOG_MMU, "pte segment: key=%d ds %d nx %d vsid "
> -                  TARGET_FMT_lx "\n", ctx->key, ds, ctx->nx, vsid);
> +                  TARGET_FMT_lx "\n", ctx->key, ds, nx, vsid);

This could be !!nx for consistency.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

>      if (!ds) {
>          /* Check if instruction fetch is allowed, if needed */
> -        if (type == ACCESS_CODE && ctx->nx) {
> +        if (type == ACCESS_CODE && nx) {
>              qemu_log_mask(CPU_LOG_MMU, "No access allowed\n");
>              return -3;
>          }
> @@ -368,7 +368,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>          /* Initialize real address with an invalid value */
>          ctx->raddr = (hwaddr)-1ULL;
>          /* Software TLB search */
> -        return ppc6xx_tlb_check(env, ctx, eaddr, access_type);
> +        return ppc6xx_tlb_check(env, ctx, eaddr, access_type, nx);
>      }
>  
>      /* Direct-store segment : absolutely *BUGGY* for now */

Re: [PATCH 13/43] target/ppc/mmu_common.c: Convert local variable to bool

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> In mmu6xx_get_physical_address() ds is used as bool, declare it as
> such. Also use named constant instead of hex value.

Oh nx was bool, ignore my previous comment then.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu_common.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index 9f402a979d..5145bde7f9 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -321,8 +321,8 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>      PowerPCCPU *cpu = env_archcpu(env);
>      hwaddr hash;
>      target_ulong vsid, sr, pgidx;
> -    int ds, target_page_bits;
> -    bool pr, nx;
> +    int target_page_bits;
> +    bool pr, ds, nx;
>  
>      /* First try to find a BAT entry if there are any */
>      if (env->nb_BATs && get_bat_6xx_tlb(env, ctx, eaddr, access_type) == 0) {
> @@ -335,7 +335,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>      sr = env->sr[eaddr >> 28];
>      ctx->key = (((sr & 0x20000000) && pr) ||
>                  ((sr & 0x40000000) && !pr)) ? 1 : 0;
> -    ds = sr & 0x80000000 ? 1 : 0;
> +    ds = sr & SR32_T;
>      nx = sr & SR32_NX;
>      vsid = sr & SR32_VSID;
>      target_page_bits = TARGET_PAGE_BITS;

Re: [PATCH 14/43] target/ppc/mmu_common.c: Remove single use local variable

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> In mmu6xx_get_physical_address() tagtet_page_bits local is declared
> only to use TARGET_PAGE_BITS once. Drop the unneeded variable.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu_common.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index 5145bde7f9..0152e8d875 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -321,7 +321,6 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>      PowerPCCPU *cpu = env_archcpu(env);
>      hwaddr hash;
>      target_ulong vsid, sr, pgidx;
> -    int target_page_bits;
>      bool pr, ds, nx;
>  
>      /* First try to find a BAT entry if there are any */
> @@ -338,7 +337,6 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>      ds = sr & SR32_T;
>      nx = sr & SR32_NX;
>      vsid = sr & SR32_VSID;
> -    target_page_bits = TARGET_PAGE_BITS;
>      qemu_log_mask(CPU_LOG_MMU,
>                    "Check segment v=" TARGET_FMT_lx " %d " TARGET_FMT_lx
>                    " nip=" TARGET_FMT_lx " lr=" TARGET_FMT_lx
> @@ -347,7 +345,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>                    (int)FIELD_EX64(env->msr, MSR, IR),
>                    (int)FIELD_EX64(env->msr, MSR, DR), pr ? 1 : 0,
>                    access_type == MMU_DATA_STORE, type);
> -    pgidx = (eaddr & ~SEGMENT_MASK_256M) >> target_page_bits;
> +    pgidx = (eaddr & ~SEGMENT_MASK_256M) >> TARGET_PAGE_BITS;
>      hash = vsid ^ pgidx;
>      ctx->ptem = (vsid << 7) | (pgidx >> 10);
>  

Re: [PATCH 15/43] target/ppc/mmu_common.c: Simplify a switch statement

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> In mmu6xx_get_physical_address() the switch handles all cases so the
> default is never reached and can be dropped. Also group together cases
> which just return -4.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu_common.c | 19 ++++---------------
>  1 file changed, 4 insertions(+), 15 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index 0152e8d875..b2993e8563 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -375,15 +375,6 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>      case ACCESS_INT:
>          /* Integer load/store : only access allowed */
>          break;
> -    case ACCESS_CODE:
> -        /* No code fetch is allowed in direct-store areas */
> -        return -4;
> -    case ACCESS_FLOAT:
> -        /* Floating point load/store */
> -        return -4;
> -    case ACCESS_RES:
> -        /* lwarx, ldarx or srwcx. */
> -        return -4;
>      case ACCESS_CACHE:
>          /*
>           * dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi
> @@ -393,12 +384,10 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>           */
>          ctx->raddr = eaddr;
>          return 0;
> -    case ACCESS_EXT:
> -        /* eciwx or ecowx */
> -        return -4;
> -    default:
> -        qemu_log_mask(CPU_LOG_MMU, "ERROR: instruction should not need address"
> -                                   " translation\n");
> +    case ACCESS_CODE: /* No code fetch is allowed in direct-store areas */
> +    case ACCESS_FLOAT: /* Floating point load/store */
> +    case ACCESS_RES: /* lwarx, ldarx or srwcx. */
> +    case ACCESS_EXT: /* eciwx or ecowx */
>          return -4;
>      }
>      if ((access_type == MMU_DATA_STORE || ctx->key != 1) &&

Re: [PATCH 16/43] target/ppc/mmu_common.c: Inline and remove ppc6xx_tlb_pte_check()

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> This function is only called once and we can make the caller simpler
> by inlining it.

I'm inclined to agree. Splitting into function can be nice,
but translating return values here is pretty horrible.

I think it looks right.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu_common.c | 71 +++++++++++++----------------------------
>  1 file changed, 22 insertions(+), 49 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index b2993e8563..784e833ff2 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -91,33 +91,6 @@ int ppc6xx_tlb_getnum(CPUPPCState *env, target_ulong eaddr,
>      return nr;
>  }
>  
> -static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
> -                                target_ulong pte1, int pteh,
> -                                MMUAccessType access_type, bool nx)
> -{
> -    /* Check validity and table match */
> -    if (!pte_is_valid(pte0) || ((pte0 >> 6) & 1) != pteh ||
> -        (pte0 & PTE_PTEM_MASK) != ctx->ptem) {
> -        return -1;
> -    }
> -    /* all matches should have equal RPN, WIMG & PP */
> -    if (ctx->raddr != (hwaddr)-1ULL &&
> -        (ctx->raddr & PTE_CHECK_MASK) != (pte1 & PTE_CHECK_MASK)) {
> -        qemu_log_mask(CPU_LOG_MMU, "Bad RPN/WIMG/PP\n");
> -        return -3;
> -    }
> -    /* Keep the matching PTE information */
> -    ctx->raddr = pte1;
> -    ctx->prot = ppc_hash32_prot(ctx->key, pte1 & HPTE32_R_PP, nx);
> -    if (check_prot_access_type(ctx->prot, access_type)) {
> -        qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
> -        return 0;
> -    } else {
> -        qemu_log_mask(CPU_LOG_MMU, "PTE access rejected\n");
> -        return -2;
> -    }
> -}
> -
>  /* Software driven TLB helpers */
>  
>  static int ppc6xx_tlb_check(CPUPPCState *env,
> @@ -149,32 +122,32 @@ static int ppc6xx_tlb_check(CPUPPCState *env,
>                        tlb->EPN, eaddr, tlb->pte1,
>                        access_type == MMU_DATA_STORE ? 'S' : 'L',
>                        access_type == MMU_INST_FETCH ? 'I' : 'D');
> -        switch (ppc6xx_tlb_pte_check(ctx, tlb->pte0, tlb->pte1,
> -                                     0, access_type, nx)) {
> -        case -2:
> -            /* Access violation */
> -            ret = -2;
> -            best = nr;
> -            break;
> -        case -1: /* No match */
> -        case -3: /* TLB inconsistency */
> -        default:
> -            break;
> -        case 0:
> -            /* access granted */
> -            /*
> -             * XXX: we should go on looping to check all TLBs
> -             *      consistency but we can speed-up the whole thing as
> -             *      the result would be undefined if TLBs are not
> -             *      consistent.
> -             */
> +        /* Check validity and table match */
> +        if (!pte_is_valid(tlb->pte0) || ((tlb->pte0 >> 6) & 1) != 0 ||
> +            (tlb->pte0 & PTE_PTEM_MASK) != ctx->ptem) {
> +            continue;
> +        }
> +        /* all matches should have equal RPN, WIMG & PP */
> +        if (ctx->raddr != (hwaddr)-1ULL &&
> +            (ctx->raddr & PTE_CHECK_MASK) != (tlb->pte1 & PTE_CHECK_MASK)) {
> +            qemu_log_mask(CPU_LOG_MMU, "Bad RPN/WIMG/PP\n");
> +            /* TLB inconsistency */
> +            continue;
> +        }
> +        /* Keep the matching PTE information */
> +        best = nr;
> +        ctx->raddr = tlb->pte1;
> +        ctx->prot = ppc_hash32_prot(ctx->key, tlb->pte1 & HPTE32_R_PP, nx);
> +        if (check_prot_access_type(ctx->prot, access_type)) {
> +            qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
>              ret = 0;
> -            best = nr;
> -            goto done;
> +            break;
> +        } else {
> +            qemu_log_mask(CPU_LOG_MMU, "PTE access rejected\n");
> +            ret = -2;
>          }
>      }
>      if (best != -1) {
> -done:
>          qemu_log_mask(CPU_LOG_MMU, "found TLB at addr " HWADDR_FMT_plx
>                        " prot=%01x ret=%d\n",
>                        ctx->raddr & TARGET_PAGE_MASK, ctx->prot, ret);

Re: [PATCH 17/43] target/ppc/mmu_common.c: Remove ptem field from mmu_ctx_t

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> Instead of passing around ptem in context use it once in the same
> function so it can be removed from mmu_ctx_t.

The downside here is now updating the SPRs in different places.

You already passed hash back with a pointer elsewhere, what about
passing ptmem back? I woud prefer that but you're maintaining
this code so if you prefer this... Either way,

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu_common.c | 23 ++++++++++++++---------
>  1 file changed, 14 insertions(+), 9 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index 784e833ff2..339df377e8 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -41,7 +41,6 @@
>  typedef struct {
>      hwaddr raddr;      /* Real address             */
>      int prot;          /* Protection bits          */
> -    target_ulong ptem; /* Virtual segment ID | API */
>      int key;           /* Access key               */
>  } mmu_ctx_t;
>  
> @@ -95,16 +94,18 @@ int ppc6xx_tlb_getnum(CPUPPCState *env, target_ulong eaddr,
>  
>  static int ppc6xx_tlb_check(CPUPPCState *env,
>                              mmu_ctx_t *ctx, target_ulong eaddr,
> -                            MMUAccessType access_type, bool nx)
> +                            MMUAccessType access_type, target_ulong ptem,
> +                            bool nx)
>  {
>      ppc6xx_tlb_t *tlb;
>      target_ulong *pte1p;
>      int nr, best, way, ret;
> +    bool is_code = (access_type == MMU_INST_FETCH);
>  
>      best = -1;
>      ret = -1; /* No TLB found */
>      for (way = 0; way < env->nb_ways; way++) {
> -        nr = ppc6xx_tlb_getnum(env, eaddr, way, access_type == MMU_INST_FETCH);
> +        nr = ppc6xx_tlb_getnum(env, eaddr, way, is_code);
>          tlb = &env->tlb.tlb6[nr];
>          /* This test "emulates" the PTE index match for hardware TLBs */
>          if ((eaddr & TARGET_PAGE_MASK) != tlb->EPN) {
> @@ -124,7 +125,7 @@ static int ppc6xx_tlb_check(CPUPPCState *env,
>                        access_type == MMU_INST_FETCH ? 'I' : 'D');
>          /* Check validity and table match */
>          if (!pte_is_valid(tlb->pte0) || ((tlb->pte0 >> 6) & 1) != 0 ||
> -            (tlb->pte0 & PTE_PTEM_MASK) != ctx->ptem) {
> +            (tlb->pte0 & PTE_PTEM_MASK) != ptem) {
>              continue;
>          }
>          /* all matches should have equal RPN, WIMG & PP */
> @@ -164,6 +165,10 @@ static int ppc6xx_tlb_check(CPUPPCState *env,
>              }
>          }
>      }
> +    if (ret == -1) {
> +        int r = is_code ? SPR_ICMP : SPR_DCMP;
> +        env->spr[r] = ptem;
> +    }
>  #if defined(DUMP_PAGE_TABLES)
>      if (qemu_loglevel_mask(CPU_LOG_MMU)) {
>          CPUState *cs = env_cpu(env);
> @@ -293,7 +298,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>  {
>      PowerPCCPU *cpu = env_archcpu(env);
>      hwaddr hash;
> -    target_ulong vsid, sr, pgidx;
> +    target_ulong vsid, sr, pgidx, ptem;
>      bool pr, ds, nx;
>  
>      /* First try to find a BAT entry if there are any */
> @@ -320,7 +325,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>                    access_type == MMU_DATA_STORE, type);
>      pgidx = (eaddr & ~SEGMENT_MASK_256M) >> TARGET_PAGE_BITS;
>      hash = vsid ^ pgidx;
> -    ctx->ptem = (vsid << 7) | (pgidx >> 10);
> +    ptem = (vsid << 7) | (pgidx >> 10); /* Virtual segment ID | API */
>  
>      qemu_log_mask(CPU_LOG_MMU, "pte segment: key=%d ds %d nx %d vsid "
>                    TARGET_FMT_lx "\n", ctx->key, ds, nx, vsid);
> @@ -339,7 +344,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>          /* Initialize real address with an invalid value */
>          ctx->raddr = (hwaddr)-1ULL;
>          /* Software TLB search */
> -        return ppc6xx_tlb_check(env, ctx, eaddr, access_type, nx);
> +        return ppc6xx_tlb_check(env, ctx, eaddr, access_type, ptem, nx);
>      }
>  
>      /* Direct-store segment : absolutely *BUGGY* for now */
> @@ -741,7 +746,7 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
>              cs->exception_index = POWERPC_EXCP_IFTLB;
>              env->error_code = 1 << 18;
>              env->spr[SPR_IMISS] = eaddr;
> -            env->spr[SPR_ICMP] = 0x80000000 | ctx.ptem;
> +            env->spr[SPR_ICMP] |= 0x80000000;
>              goto tlb_miss;
>          case -2:
>              /* Access rights violation */
> @@ -772,7 +777,7 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
>                  env->error_code = 0;
>              }
>              env->spr[SPR_DMISS] = eaddr;
> -            env->spr[SPR_DCMP] = 0x80000000 | ctx.ptem;
> +            env->spr[SPR_DCMP] |= 0x80000000;
>  tlb_miss:
>              env->error_code |= ctx.key << 19;
>              env->spr[SPR_HASH1] = ppc_hash32_hpt_base(cpu) +

Re: [PATCH 18/43] target/ppc: Add function to get protection key for hash32 MMU

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> Add a function to get key bit from SR and use it instead of open coded
> version.
>

Nice.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu-hash32.c | 9 ++++++---
>  target/ppc/mmu-hash32.h | 5 +++++
>  target/ppc/mmu_common.c | 3 +--
>  3 files changed, 12 insertions(+), 5 deletions(-)
>
> diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
> index 8a446c8a7d..93559447ff 100644
> --- a/target/ppc/mmu-hash32.c
> +++ b/target/ppc/mmu-hash32.c
> @@ -42,7 +42,7 @@ static int ppc_hash32_pte_prot(int mmu_idx,
>  {
>      unsigned pp, key;
>  
> -    key = !!(mmuidx_pr(mmu_idx) ? (sr & SR32_KP) : (sr & SR32_KS));
> +    key = ppc_hash32_key(mmuidx_pr(mmu_idx), sr);
>      pp = pte.pte1 & HPTE32_R_PP;
>  
>      return ppc_hash32_prot(key, pp, !!(sr & SR32_NX));
> @@ -145,7 +145,6 @@ static bool ppc_hash32_direct_store(PowerPCCPU *cpu, target_ulong sr,
>  {
>      CPUState *cs = CPU(cpu);
>      CPUPPCState *env = &cpu->env;
> -    int key = !!(mmuidx_pr(mmu_idx) ? (sr & SR32_KP) : (sr & SR32_KS));
>  
>      qemu_log_mask(CPU_LOG_MMU, "direct store...\n");
>  
> @@ -206,7 +205,11 @@ static bool ppc_hash32_direct_store(PowerPCCPU *cpu, target_ulong sr,
>          cpu_abort(cs, "ERROR: insn should not need address translation\n");
>      }
>  
> -    *prot = key ? PAGE_READ | PAGE_WRITE : PAGE_READ;
> +    if (ppc_hash32_key(mmuidx_pr(mmu_idx), sr)) {
> +        *prot = PAGE_READ | PAGE_WRITE;
> +    } else {
> +        *prot = PAGE_READ;
> +    }
>      if (check_prot_access_type(*prot, access_type)) {
>          *raddr = eaddr;
>          return true;
> diff --git a/target/ppc/mmu-hash32.h b/target/ppc/mmu-hash32.h
> index bc4eedbecc..5902cf8333 100644
> --- a/target/ppc/mmu-hash32.h
> +++ b/target/ppc/mmu-hash32.h
> @@ -102,6 +102,11 @@ static inline void ppc_hash32_store_hpte1(PowerPCCPU *cpu,
>      stl_phys(CPU(cpu)->as, base + pte_offset + HASH_PTE_SIZE_32 / 2, pte1);
>  }
>  
> +static inline bool ppc_hash32_key(bool pr, target_ulong sr)
> +{
> +    return pr ? (sr & SR32_KP) : (sr & SR32_KS);
> +}
> +
>  static inline int ppc_hash32_prot(bool key, int pp, bool nx)
>  {
>      int prot;
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index 339df377e8..1ed2f45ac7 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -310,8 +310,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>      pr = FIELD_EX64(env->msr, MSR, PR);
>  
>      sr = env->sr[eaddr >> 28];
> -    ctx->key = (((sr & 0x20000000) && pr) ||
> -                ((sr & 0x40000000) && !pr)) ? 1 : 0;
> +    ctx->key = ppc_hash32_key(pr, sr);
>      ds = sr & SR32_T;
>      nx = sr & SR32_NX;
>      vsid = sr & SR32_VSID;

Re: [PATCH 19/43] target/ppc/mmu-hash32.c: Inline and remove ppc_hash32_pte_prot()

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> This is used only once and can be inlined.
>

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu-hash32.c | 19 ++++---------------
>  1 file changed, 4 insertions(+), 15 deletions(-)
>
> diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
> index 93559447ff..160311de87 100644
> --- a/target/ppc/mmu-hash32.c
> +++ b/target/ppc/mmu-hash32.c
> @@ -37,17 +37,6 @@
>  #  define LOG_BATS(...) do { } while (0)
>  #endif
>  
> -static int ppc_hash32_pte_prot(int mmu_idx,
> -                               target_ulong sr, ppc_hash_pte32_t pte)
> -{
> -    unsigned pp, key;
> -
> -    key = ppc_hash32_key(mmuidx_pr(mmu_idx), sr);
> -    pp = pte.pte1 & HPTE32_R_PP;
> -
> -    return ppc_hash32_prot(key, pp, !!(sr & SR32_NX));
> -}
> -
>  static target_ulong hash32_bat_size(int mmu_idx,
>                                      target_ulong batu, target_ulong batl)
>  {
> @@ -341,10 +330,10 @@ bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
>      CPUState *cs = CPU(cpu);
>      CPUPPCState *env = &cpu->env;
>      target_ulong sr;
> -    hwaddr pte_offset;
> +    hwaddr pte_offset, raddr;
>      ppc_hash_pte32_t pte;
> +    bool key;
>      int prot;
> -    hwaddr raddr;
>  
>      /* There are no hash32 large pages. */
>      *psizep = TARGET_PAGE_BITS;
> @@ -426,8 +415,8 @@ bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
>                  "found PTE at offset %08" HWADDR_PRIx "\n", pte_offset);
>  
>      /* 7. Check access permissions */
> -
> -    prot = ppc_hash32_pte_prot(mmu_idx, sr, pte);
> +    key = ppc_hash32_key(mmuidx_pr(mmu_idx), sr);
> +    prot = ppc_hash32_prot(key, pte.pte1 & HPTE32_R_PP, sr & SR32_NX);
>  
>      if (!check_prot_access_type(prot, access_type)) {
>          /* Access right violation */

Re: [PATCH 20/43] target/ppc/mmu_common.c: Init variable in function that relies on it

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> The ppc6xx_tlb_check() relies on the caller to initialise raddr field
> in ctx. Move this init from the only caller into the function.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu_common.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index 1ed2f45ac7..fe321ab49c 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -102,6 +102,8 @@ static int ppc6xx_tlb_check(CPUPPCState *env,
>      int nr, best, way, ret;
>      bool is_code = (access_type == MMU_INST_FETCH);
>  
> +    /* Initialize real address with an invalid value */
> +    ctx->raddr = (hwaddr)-1ULL;
>      best = -1;
>      ret = -1; /* No TLB found */
>      for (way = 0; way < env->nb_ways; way++) {
> @@ -340,8 +342,6 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>                        ppc_hash32_hpt_base(cpu), ppc_hash32_hpt_mask(cpu), hash);
>          *hashp = hash;
>  
> -        /* Initialize real address with an invalid value */
> -        ctx->raddr = (hwaddr)-1ULL;
>          /* Software TLB search */
>          return ppc6xx_tlb_check(env, ctx, eaddr, access_type, ptem, nx);
>      }

Re: [PATCH 21/43] target/ppc/mmu_common.c: Remove key field from mmu_ctx_t

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> Pass it as a function parameter and remove it from mmu_ctx_t.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu_common.c | 26 ++++++++++++++------------
>  1 file changed, 14 insertions(+), 12 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index fe321ab49c..be09c3b1a3 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -41,7 +41,6 @@
>  typedef struct {
>      hwaddr raddr;      /* Real address             */
>      int prot;          /* Protection bits          */
> -    int key;           /* Access key               */
>  } mmu_ctx_t;
>  
>  void ppc_store_sdr1(CPUPPCState *env, target_ulong value)
> @@ -95,7 +94,7 @@ int ppc6xx_tlb_getnum(CPUPPCState *env, target_ulong eaddr,
>  static int ppc6xx_tlb_check(CPUPPCState *env,
>                              mmu_ctx_t *ctx, target_ulong eaddr,
>                              MMUAccessType access_type, target_ulong ptem,
> -                            bool nx)
> +                            bool key, bool nx)
>  {
>      ppc6xx_tlb_t *tlb;
>      target_ulong *pte1p;
> @@ -140,7 +139,7 @@ static int ppc6xx_tlb_check(CPUPPCState *env,
>          /* Keep the matching PTE information */
>          best = nr;
>          ctx->raddr = tlb->pte1;
> -        ctx->prot = ppc_hash32_prot(ctx->key, tlb->pte1 & HPTE32_R_PP, nx);
> +        ctx->prot = ppc_hash32_prot(key, tlb->pte1 & HPTE32_R_PP, nx);
>          if (check_prot_access_type(ctx->prot, access_type)) {
>              qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
>              ret = 0;
> @@ -295,13 +294,14 @@ static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
>  }
>  
>  static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
> -                                       target_ulong eaddr, hwaddr *hashp,
> +                                       target_ulong eaddr,
> +                                       hwaddr *hashp, bool *keyp,
>                                         MMUAccessType access_type, int type)
>  {
>      PowerPCCPU *cpu = env_archcpu(env);
>      hwaddr hash;
>      target_ulong vsid, sr, pgidx, ptem;
> -    bool pr, ds, nx;
> +    bool key, pr, ds, nx;
>  
>      /* First try to find a BAT entry if there are any */
>      if (env->nb_BATs && get_bat_6xx_tlb(env, ctx, eaddr, access_type) == 0) {
> @@ -312,7 +312,8 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>      pr = FIELD_EX64(env->msr, MSR, PR);
>  
>      sr = env->sr[eaddr >> 28];
> -    ctx->key = ppc_hash32_key(pr, sr);
> +    key = ppc_hash32_key(pr, sr);
> +    *keyp = key;
>      ds = sr & SR32_T;
>      nx = sr & SR32_NX;
>      vsid = sr & SR32_VSID;
> @@ -329,7 +330,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>      ptem = (vsid << 7) | (pgidx >> 10); /* Virtual segment ID | API */
>  
>      qemu_log_mask(CPU_LOG_MMU, "pte segment: key=%d ds %d nx %d vsid "
> -                  TARGET_FMT_lx "\n", ctx->key, ds, nx, vsid);
> +                  TARGET_FMT_lx "\n", key, ds, nx, vsid);
>      if (!ds) {
>          /* Check if instruction fetch is allowed, if needed */
>          if (type == ACCESS_CODE && nx) {
> @@ -343,7 +344,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>          *hashp = hash;
>  
>          /* Software TLB search */
> -        return ppc6xx_tlb_check(env, ctx, eaddr, access_type, ptem, nx);
> +        return ppc6xx_tlb_check(env, ctx, eaddr, access_type, ptem, key, nx);
>      }
>  
>      /* Direct-store segment : absolutely *BUGGY* for now */
> @@ -367,8 +368,8 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>      case ACCESS_EXT: /* eciwx or ecowx */
>          return -4;
>      }
> -    if ((access_type == MMU_DATA_STORE || ctx->key != 1) &&
> -        (access_type == MMU_DATA_LOAD || ctx->key != 0)) {
> +    if ((access_type == MMU_DATA_STORE || !key) &&
> +        (access_type == MMU_DATA_LOAD || key)) {
>          ctx->raddr = eaddr;
>          return 2;
>      }
> @@ -709,6 +710,7 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
>      CPUPPCState *env = &cpu->env;
>      mmu_ctx_t ctx;
>      hwaddr hash = 0; /* init to 0 to avoid used uninit warning */
> +    bool key;
>      int type, ret;
>  
>      if (ppc_real_mode_xlate(cpu, eaddr, access_type, raddrp, psizep, protp)) {
> @@ -726,7 +728,7 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
>      }
>  
>      ctx.prot = 0;
> -    ret = mmu6xx_get_physical_address(env, &ctx, eaddr, &hash,
> +    ret = mmu6xx_get_physical_address(env, &ctx, eaddr, &hash, &key,
>                                        access_type, type);
>      if (ret == 0) {
>          *raddrp = ctx.raddr;
> @@ -778,7 +780,7 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
>              env->spr[SPR_DMISS] = eaddr;
>              env->spr[SPR_DCMP] |= 0x80000000;
>  tlb_miss:
> -            env->error_code |= ctx.key << 19;
> +            env->error_code |= key << 19;
>              env->spr[SPR_HASH1] = ppc_hash32_hpt_base(cpu) +
>                                    get_pteg_offset32(cpu, hash);
>              env->spr[SPR_HASH2] = ppc_hash32_hpt_base(cpu) +

Re: [PATCH 22/43] target/ppc/mmu_common.c: Stop using ctx in ppc6xx_tlb_check()

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> Pass raddr and prot in function parameters instead.
>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

> ---
>  target/ppc/mmu_common.c | 26 +++++++++++++-------------
>  1 file changed, 13 insertions(+), 13 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index be09c3b1a3..ede409eb99 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -91,10 +91,9 @@ int ppc6xx_tlb_getnum(CPUPPCState *env, target_ulong eaddr,
>  
>  /* Software driven TLB helpers */
>  
> -static int ppc6xx_tlb_check(CPUPPCState *env,
> -                            mmu_ctx_t *ctx, target_ulong eaddr,
> -                            MMUAccessType access_type, target_ulong ptem,
> -                            bool key, bool nx)
> +static int ppc6xx_tlb_check(CPUPPCState *env, hwaddr *raddr, int *prot,
> +                            target_ulong eaddr, MMUAccessType access_type,
> +                            target_ulong ptem, bool key, bool nx)
>  {
>      ppc6xx_tlb_t *tlb;
>      target_ulong *pte1p;
> @@ -102,7 +101,7 @@ static int ppc6xx_tlb_check(CPUPPCState *env,
>      bool is_code = (access_type == MMU_INST_FETCH);
>  
>      /* Initialize real address with an invalid value */
> -    ctx->raddr = (hwaddr)-1ULL;
> +    *raddr = (hwaddr)-1ULL;
>      best = -1;
>      ret = -1; /* No TLB found */
>      for (way = 0; way < env->nb_ways; way++) {
> @@ -130,17 +129,17 @@ static int ppc6xx_tlb_check(CPUPPCState *env,
>              continue;
>          }
>          /* all matches should have equal RPN, WIMG & PP */
> -        if (ctx->raddr != (hwaddr)-1ULL &&
> -            (ctx->raddr & PTE_CHECK_MASK) != (tlb->pte1 & PTE_CHECK_MASK)) {
> +        if (*raddr != (hwaddr)-1ULL &&
> +            (*raddr & PTE_CHECK_MASK) != (tlb->pte1 & PTE_CHECK_MASK)) {
>              qemu_log_mask(CPU_LOG_MMU, "Bad RPN/WIMG/PP\n");
>              /* TLB inconsistency */
>              continue;
>          }
>          /* Keep the matching PTE information */
>          best = nr;
> -        ctx->raddr = tlb->pte1;
> -        ctx->prot = ppc_hash32_prot(key, tlb->pte1 & HPTE32_R_PP, nx);
> -        if (check_prot_access_type(ctx->prot, access_type)) {
> +        *raddr = tlb->pte1;
> +        *prot = ppc_hash32_prot(key, tlb->pte1 & HPTE32_R_PP, nx);
> +        if (check_prot_access_type(*prot, access_type)) {
>              qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
>              ret = 0;
>              break;
> @@ -152,7 +151,7 @@ static int ppc6xx_tlb_check(CPUPPCState *env,
>      if (best != -1) {
>          qemu_log_mask(CPU_LOG_MMU, "found TLB at addr " HWADDR_FMT_plx
>                        " prot=%01x ret=%d\n",
> -                      ctx->raddr & TARGET_PAGE_MASK, ctx->prot, ret);
> +                      *raddr & TARGET_PAGE_MASK, *prot, ret);
>          /* Update page flags */
>          pte1p = &env->tlb.tlb6[best].pte1;
>          *pte1p |= 0x00000100; /* Update accessed flag */
> @@ -162,7 +161,7 @@ static int ppc6xx_tlb_check(CPUPPCState *env,
>                  *pte1p |= 0x00000080;
>              } else {
>                  /* Force page fault for first write access */
> -                ctx->prot &= ~PAGE_WRITE;
> +                *prot &= ~PAGE_WRITE;
>              }
>          }
>      }
> @@ -344,7 +343,8 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>          *hashp = hash;
>  
>          /* Software TLB search */
> -        return ppc6xx_tlb_check(env, ctx, eaddr, access_type, ptem, key, nx);
> +        return ppc6xx_tlb_check(env, &ctx->raddr, &ctx->prot, eaddr,
> +                                access_type, ptem, key, nx);
>      }
>  
>      /* Direct-store segment : absolutely *BUGGY* for now */

Re: [PATCH 23/43] target/ppc/mmu_common.c: Rename function parameter

[Nicholas Piggin]

On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> Rename parameter of get_bat_6xx_tlb() from virtual to eaddr to match
> other functions.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu_common.c | 18 +++++++++---------
>  1 file changed, 9 insertions(+), 9 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index ede409eb99..110936ca83 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -221,7 +221,7 @@ static inline void bat_size_prot(CPUPPCState *env, target_ulong *blp,
>  }
>  
>  static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
> -                           target_ulong virtual, MMUAccessType access_type)
> +                           target_ulong eaddr, MMUAccessType access_type)
>  {
>      target_ulong *BATlt, *BATut, *BATu, *BATl;
>      target_ulong BEPIl, BEPIu, bl;
> @@ -230,7 +230,7 @@ static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
>      bool ifetch = access_type == MMU_INST_FETCH;
>  
>      qemu_log_mask(CPU_LOG_MMU, "%s: %cBAT v " TARGET_FMT_lx "\n", __func__,
> -                  ifetch ? 'I' : 'D', virtual);
> +                  ifetch ? 'I' : 'D', eaddr);
>      if (ifetch) {
>          BATlt = env->IBAT[1];
>          BATut = env->IBAT[0];
> @@ -246,15 +246,15 @@ static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
>          bat_size_prot(env, &bl, &valid, &prot, BATu, BATl);
>          qemu_log_mask(CPU_LOG_MMU, "%s: %cBAT%d v " TARGET_FMT_lx " BATu "
>                        TARGET_FMT_lx " BATl " TARGET_FMT_lx "\n", __func__,
> -                      ifetch ? 'I' : 'D', i, virtual, *BATu, *BATl);
> -        if ((virtual & 0xF0000000) == BEPIu &&
> -            ((virtual & 0x0FFE0000) & ~bl) == BEPIl) {
> +                      ifetch ? 'I' : 'D', i, eaddr, *BATu, *BATl);
> +        if ((eaddr & 0xF0000000) == BEPIu &&
> +            ((eaddr & 0x0FFE0000) & ~bl) == BEPIl) {
>              /* BAT matches */
>              if (valid != 0) {
>                  /* Get physical address */
>                  ctx->raddr = (*BATl & 0xF0000000) |
> -                    ((virtual & 0x0FFE0000 & bl) | (*BATl & 0x0FFE0000)) |
> -                    (virtual & 0x0001F000);
> +                    ((eaddr & 0x0FFE0000 & bl) | (*BATl & 0x0FFE0000)) |
> +                    (eaddr & 0x0001F000);
>                  /* Compute access rights */
>                  ctx->prot = prot;
>                  if (check_prot_access_type(ctx->prot, access_type)) {
> @@ -273,7 +273,7 @@ static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
>      if (ret < 0) {
>          if (qemu_log_enabled()) {
>              qemu_log_mask(CPU_LOG_MMU, "no BAT match for "
> -                          TARGET_FMT_lx ":\n", virtual);
> +                          TARGET_FMT_lx ":\n", eaddr);
>              for (i = 0; i < 4; i++) {
>                  BATu = &BATut[i];
>                  BATl = &BATlt[i];
> @@ -284,7 +284,7 @@ static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
>                                " BATu " TARGET_FMT_lx " BATl " TARGET_FMT_lx
>                                "\n\t" TARGET_FMT_lx " " TARGET_FMT_lx " "
>                                TARGET_FMT_lx "\n", __func__, ifetch ? 'I' : 'D',
> -                              i, virtual, *BATu, *BATl, BEPIu, BEPIl, bl);
> +                              i, eaddr, *BATu, *BATl, BEPIu, BEPIl, bl);
>              }
>          }
>      }

Re: [PATCH 24/43] target/ppc/mmu_common.c: Use defines instead of numeric constants

[Nicholas Piggin]

On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
> Replace some BAT related constants with defines from mmu-hash32.h

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu_common.c | 26 +++++++++++++-------------
>  1 file changed, 13 insertions(+), 13 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index 110936ca83..aa002bba35 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -201,7 +201,7 @@ static inline void bat_size_prot(CPUPPCState *env, target_ulong *blp,
>      target_ulong bl;
>      int pp, valid, prot;
>  
> -    bl = (*BATu & 0x00001FFC) << 15;
> +    bl = (*BATu & BATU32_BL) << 15;
>      valid = 0;
>      prot = 0;
>      if ((!FIELD_EX64(env->msr, MSR, PR) && (*BATu & 0x00000002)) ||
> @@ -241,19 +241,19 @@ static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
>      for (i = 0; i < env->nb_BATs; i++) {
>          BATu = &BATut[i];
>          BATl = &BATlt[i];
> -        BEPIu = *BATu & 0xF0000000;
> -        BEPIl = *BATu & 0x0FFE0000;
> +        BEPIu = *BATu & BATU32_BEPIU;
> +        BEPIl = *BATu & BATU32_BEPIL;
>          bat_size_prot(env, &bl, &valid, &prot, BATu, BATl);
>          qemu_log_mask(CPU_LOG_MMU, "%s: %cBAT%d v " TARGET_FMT_lx " BATu "
>                        TARGET_FMT_lx " BATl " TARGET_FMT_lx "\n", __func__,
>                        ifetch ? 'I' : 'D', i, eaddr, *BATu, *BATl);
> -        if ((eaddr & 0xF0000000) == BEPIu &&
> -            ((eaddr & 0x0FFE0000) & ~bl) == BEPIl) {
> +        if ((eaddr & BATU32_BEPIU) == BEPIu &&
> +            ((eaddr & BATU32_BEPIL) & ~bl) == BEPIl) {
>              /* BAT matches */
>              if (valid != 0) {
>                  /* Get physical address */
> -                ctx->raddr = (*BATl & 0xF0000000) |
> -                    ((eaddr & 0x0FFE0000 & bl) | (*BATl & 0x0FFE0000)) |
> +                ctx->raddr = (*BATl & BATU32_BEPIU) |
> +                    ((eaddr & BATU32_BEPIL & bl) | (*BATl & BATU32_BEPIL)) |
>                      (eaddr & 0x0001F000);
>                  /* Compute access rights */
>                  ctx->prot = prot;
> @@ -277,9 +277,9 @@ static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
>              for (i = 0; i < 4; i++) {
>                  BATu = &BATut[i];
>                  BATl = &BATlt[i];
> -                BEPIu = *BATu & 0xF0000000;
> -                BEPIl = *BATu & 0x0FFE0000;
> -                bl = (*BATu & 0x00001FFC) << 15;
> +                BEPIu = *BATu & BATU32_BEPIU;
> +                BEPIl = *BATu & BATU32_BEPIL;
> +                bl = (*BATu & BATU32_BL) << 15;
>                  qemu_log_mask(CPU_LOG_MMU, "%s: %cBAT%d v " TARGET_FMT_lx
>                                " BATu " TARGET_FMT_lx " BATl " TARGET_FMT_lx
>                                "\n\t" TARGET_FMT_lx " " TARGET_FMT_lx " "
> @@ -520,9 +520,9 @@ static void mmu6xx_dump_BATs(CPUPPCState *env, int type)
>      for (i = 0; i < env->nb_BATs; i++) {
>          BATu = &BATut[i];
>          BATl = &BATlt[i];
> -        BEPIu = *BATu & 0xF0000000;
> -        BEPIl = *BATu & 0x0FFE0000;
> -        bl = (*BATu & 0x00001FFC) << 15;
> +        BEPIu = *BATu & BATU32_BEPIU;
> +        BEPIl = *BATu & BATU32_BEPIL;
> +        bl = (*BATu & BATU32_BL) << 15;
>          qemu_printf("%s BAT%d BATu " TARGET_FMT_lx
>                      " BATl " TARGET_FMT_lx "\n\t" TARGET_FMT_lx " "
>                      TARGET_FMT_lx " " TARGET_FMT_lx "\n",

Re: [PATCH 25/43] target/ppc: Remove bat_size_prot()

[Nicholas Piggin]

On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
> There is already a hash32_bat_prot() function that does most if this
> and the rest can be inlined. Export hash32_bat_prot() and rename it to
> ppc_hash32_bat_prot() to match other functions and use it in
> get_bat_6xx_tlb().

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu-hash32.c | 18 +-------------
>  target/ppc/mmu-hash32.h | 14 +++++++++++
>  target/ppc/mmu_common.c | 52 ++++++++++-------------------------------
>  3 files changed, 27 insertions(+), 57 deletions(-)
>
> diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
> index 160311de87..6f0f0bbb00 100644
> --- a/target/ppc/mmu-hash32.c
> +++ b/target/ppc/mmu-hash32.c
> @@ -48,22 +48,6 @@ static target_ulong hash32_bat_size(int mmu_idx,
>      return BATU32_BEPI & ~((batu & BATU32_BL) << 15);
>  }
>  
> -static int hash32_bat_prot(PowerPCCPU *cpu,
> -                           target_ulong batu, target_ulong batl)
> -{
> -    int pp, prot;
> -
> -    prot = 0;
> -    pp = batl & BATL32_PP;
> -    if (pp != 0) {
> -        prot = PAGE_READ | PAGE_EXEC;
> -        if (pp == 0x2) {
> -            prot |= PAGE_WRITE;
> -        }
> -    }
> -    return prot;
> -}
> -
>  static hwaddr ppc_hash32_bat_lookup(PowerPCCPU *cpu, target_ulong ea,
>                                      MMUAccessType access_type, int *prot,
>                                      int mmu_idx)
> @@ -95,7 +79,7 @@ static hwaddr ppc_hash32_bat_lookup(PowerPCCPU *cpu, target_ulong ea,
>          if (mask && ((ea & mask) == (batu & BATU32_BEPI))) {
>              hwaddr raddr = (batl & mask) | (ea & ~mask);
>  
> -            *prot = hash32_bat_prot(cpu, batu, batl);
> +            *prot = ppc_hash32_bat_prot(batu, batl);
>  
>              return raddr & TARGET_PAGE_MASK;
>          }
> diff --git a/target/ppc/mmu-hash32.h b/target/ppc/mmu-hash32.h
> index 5902cf8333..bd75f7d647 100644
> --- a/target/ppc/mmu-hash32.h
> +++ b/target/ppc/mmu-hash32.h
> @@ -143,6 +143,20 @@ static inline int ppc_hash32_prot(bool key, int pp, bool nx)
>      return nx ? prot : prot | PAGE_EXEC;
>  }
>  
> +static inline int ppc_hash32_bat_prot(target_ulong batu, target_ulong batl)
> +{
> +    int prot = 0;
> +    int pp = batl & BATL32_PP;
> +
> +    if (pp) {
> +        prot = PAGE_READ | PAGE_EXEC;
> +        if (pp == 0x2) {
> +            prot |= PAGE_WRITE;
> +        }
> +    }
> +    return prot;
> +}
> +
>  typedef struct {
>      uint32_t pte0, pte1;
>  } ppc_hash_pte32_t;
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index aa002bba35..624ed51a92 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -193,40 +193,13 @@ static int ppc6xx_tlb_check(CPUPPCState *env, hwaddr *raddr, int *prot,
>      return ret;
>  }
>  
> -/* Perform BAT hit & translation */
> -static inline void bat_size_prot(CPUPPCState *env, target_ulong *blp,
> -                                 int *validp, int *protp, target_ulong *BATu,
> -                                 target_ulong *BATl)
> -{
> -    target_ulong bl;
> -    int pp, valid, prot;
> -
> -    bl = (*BATu & BATU32_BL) << 15;
> -    valid = 0;
> -    prot = 0;
> -    if ((!FIELD_EX64(env->msr, MSR, PR) && (*BATu & 0x00000002)) ||
> -        (FIELD_EX64(env->msr, MSR, PR) && (*BATu & 0x00000001))) {
> -        valid = 1;
> -        pp = *BATl & 0x00000003;
> -        if (pp != 0) {
> -            prot = PAGE_READ | PAGE_EXEC;
> -            if (pp == 0x2) {
> -                prot |= PAGE_WRITE;
> -            }
> -        }
> -    }
> -    *blp = bl;
> -    *validp = valid;
> -    *protp = prot;
> -}
> -
>  static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
> -                           target_ulong eaddr, MMUAccessType access_type)
> +                           target_ulong eaddr, MMUAccessType access_type,
> +                           bool pr)
>  {
>      target_ulong *BATlt, *BATut, *BATu, *BATl;
>      target_ulong BEPIl, BEPIu, bl;
> -    int i, valid, prot;
> -    int ret = -1;
> +    int i, ret = -1;
>      bool ifetch = access_type == MMU_INST_FETCH;
>  
>      qemu_log_mask(CPU_LOG_MMU, "%s: %cBAT v " TARGET_FMT_lx "\n", __func__,
> @@ -243,20 +216,19 @@ static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
>          BATl = &BATlt[i];
>          BEPIu = *BATu & BATU32_BEPIU;
>          BEPIl = *BATu & BATU32_BEPIL;
> -        bat_size_prot(env, &bl, &valid, &prot, BATu, BATl);
>          qemu_log_mask(CPU_LOG_MMU, "%s: %cBAT%d v " TARGET_FMT_lx " BATu "
>                        TARGET_FMT_lx " BATl " TARGET_FMT_lx "\n", __func__,
>                        ifetch ? 'I' : 'D', i, eaddr, *BATu, *BATl);
> -        if ((eaddr & BATU32_BEPIU) == BEPIu &&
> -            ((eaddr & BATU32_BEPIL) & ~bl) == BEPIl) {
> -            /* BAT matches */
> -            if (valid != 0) {
> +        bl = (*BATu & BATU32_BL) << 15;
> +        if ((!pr && (*BATu & BATU32_VS)) || (pr && (*BATu & BATU32_VP))) {
> +            if ((eaddr & BATU32_BEPIU) == BEPIu &&
> +                ((eaddr & BATU32_BEPIL) & ~bl) == BEPIl) {
>                  /* Get physical address */
>                  ctx->raddr = (*BATl & BATU32_BEPIU) |
>                      ((eaddr & BATU32_BEPIL & bl) | (*BATl & BATU32_BEPIL)) |
>                      (eaddr & 0x0001F000);
>                  /* Compute access rights */
> -                ctx->prot = prot;
> +                ctx->prot = ppc_hash32_bat_prot(*BATu, *BATl);
>                  if (check_prot_access_type(ctx->prot, access_type)) {
>                      qemu_log_mask(CPU_LOG_MMU, "BAT %d match: r " HWADDR_FMT_plx
>                                    " prot=%c%c\n", i, ctx->raddr,
> @@ -300,16 +272,16 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>      PowerPCCPU *cpu = env_archcpu(env);
>      hwaddr hash;
>      target_ulong vsid, sr, pgidx, ptem;
> -    bool key, pr, ds, nx;
> +    bool key, ds, nx;
> +    bool pr = FIELD_EX64(env->msr, MSR, PR);
>  
>      /* First try to find a BAT entry if there are any */
> -    if (env->nb_BATs && get_bat_6xx_tlb(env, ctx, eaddr, access_type) == 0) {
> +    if (env->nb_BATs &&
> +        get_bat_6xx_tlb(env, ctx, eaddr, access_type, pr) == 0) {
>          return 0;
>      }
>  
>      /* Perform segment based translation when no BATs matched */
> -    pr = FIELD_EX64(env->msr, MSR, PR);
> -
>      sr = env->sr[eaddr >> 28];
>      key = ppc_hash32_key(pr, sr);
>      *keyp = key;

Re: [PATCH 26/43] target/ppc/mmu_common.c: Stop using ctx in get_bat_6xx_tlb()

[Nicholas Piggin]

On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
> Pass raddr and prot in function parameters instead

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu_common.c | 17 +++++++++--------
>  1 file changed, 9 insertions(+), 8 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index 624ed51a92..4770b43630 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -193,7 +193,7 @@ static int ppc6xx_tlb_check(CPUPPCState *env, hwaddr *raddr, int *prot,
>      return ret;
>  }
>  
> -static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
> +static int get_bat_6xx_tlb(CPUPPCState *env, hwaddr *raddr, int *prot,
>                             target_ulong eaddr, MMUAccessType access_type,
>                             bool pr)
>  {
> @@ -224,16 +224,16 @@ static int get_bat_6xx_tlb(CPUPPCState *env, mmu_ctx_t *ctx,
>              if ((eaddr & BATU32_BEPIU) == BEPIu &&
>                  ((eaddr & BATU32_BEPIL) & ~bl) == BEPIl) {
>                  /* Get physical address */
> -                ctx->raddr = (*BATl & BATU32_BEPIU) |
> +                *raddr = (*BATl & BATU32_BEPIU) |
>                      ((eaddr & BATU32_BEPIL & bl) | (*BATl & BATU32_BEPIL)) |
>                      (eaddr & 0x0001F000);
>                  /* Compute access rights */
> -                ctx->prot = ppc_hash32_bat_prot(*BATu, *BATl);
> -                if (check_prot_access_type(ctx->prot, access_type)) {
> +                *prot = ppc_hash32_bat_prot(*BATu, *BATl);
> +                if (check_prot_access_type(*prot, access_type)) {
>                      qemu_log_mask(CPU_LOG_MMU, "BAT %d match: r " HWADDR_FMT_plx
> -                                  " prot=%c%c\n", i, ctx->raddr,
> -                                  ctx->prot & PAGE_READ ? 'R' : '-',
> -                                  ctx->prot & PAGE_WRITE ? 'W' : '-');
> +                                  " prot=%c%c\n", i, *raddr,
> +                                  *prot & PAGE_READ ? 'R' : '-',
> +                                  *prot & PAGE_WRITE ? 'W' : '-');
>                      ret = 0;
>                  } else {
>                      ret = -2;
> @@ -277,7 +277,8 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>  
>      /* First try to find a BAT entry if there are any */
>      if (env->nb_BATs &&
> -        get_bat_6xx_tlb(env, ctx, eaddr, access_type, pr) == 0) {
> +        get_bat_6xx_tlb(env, &ctx->raddr, &ctx->prot, eaddr,
> +                        access_type, pr) == 0) {
>          return 0;
>      }
>  

Re: [PATCH 27/43] target/ppc/mmu_common.c: Remove mmu_ctx_t

[Nicholas Piggin]

On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
> Completely get rid of mmu_ctx_t after converting the remaining
> functions to pass raddr and prot without the context struct.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu_common.c | 25 +++++++------------------
>  1 file changed, 7 insertions(+), 18 deletions(-)
>
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index 4770b43630..60f8736210 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -37,12 +37,6 @@
>  
>  /* #define DUMP_PAGE_TABLES */
>  
> -/* Context used internally during MMU translations */
> -typedef struct {
> -    hwaddr raddr;      /* Real address             */
> -    int prot;          /* Protection bits          */
> -} mmu_ctx_t;
> -
>  void ppc_store_sdr1(CPUPPCState *env, target_ulong value)
>  {
>      PowerPCCPU *cpu = env_archcpu(env);
> @@ -264,8 +258,8 @@ static int get_bat_6xx_tlb(CPUPPCState *env, hwaddr *raddr, int *prot,
>      return ret;
>  }
>  
> -static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
> -                                       target_ulong eaddr,
> +static int mmu6xx_get_physical_address(CPUPPCState *env, hwaddr *raddr,
> +                                       int *prot, target_ulong eaddr,
>                                         hwaddr *hashp, bool *keyp,
>                                         MMUAccessType access_type, int type)
>  {
> @@ -277,8 +271,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>  
>      /* First try to find a BAT entry if there are any */
>      if (env->nb_BATs &&
> -        get_bat_6xx_tlb(env, &ctx->raddr, &ctx->prot, eaddr,
> -                        access_type, pr) == 0) {
> +        get_bat_6xx_tlb(env, raddr, prot, eaddr, access_type, pr) == 0) {
>          return 0;
>      }
>  
> @@ -316,7 +309,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>          *hashp = hash;
>  
>          /* Software TLB search */
> -        return ppc6xx_tlb_check(env, &ctx->raddr, &ctx->prot, eaddr,
> +        return ppc6xx_tlb_check(env, raddr, prot, eaddr,
>                                  access_type, ptem, key, nx);
>      }
>  
> @@ -333,7 +326,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>           * Should make the instruction do no-op.  As it already do
>           * no-op, it's quite easy :-)
>           */
> -        ctx->raddr = eaddr;
> +        *raddr = eaddr;
>          return 0;
>      case ACCESS_CODE: /* No code fetch is allowed in direct-store areas */
>      case ACCESS_FLOAT: /* Floating point load/store */
> @@ -343,7 +336,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, mmu_ctx_t *ctx,
>      }
>      if ((access_type == MMU_DATA_STORE || !key) &&
>          (access_type == MMU_DATA_LOAD || key)) {
> -        ctx->raddr = eaddr;
> +        *raddr = eaddr;
>          return 2;
>      }
>      return -2;
> @@ -681,7 +674,6 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
>  {
>      CPUState *cs = CPU(cpu);
>      CPUPPCState *env = &cpu->env;
> -    mmu_ctx_t ctx;
>      hwaddr hash = 0; /* init to 0 to avoid used uninit warning */
>      bool key;
>      int type, ret;
> @@ -700,12 +692,9 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
>          type = ACCESS_INT;
>      }
>  
> -    ctx.prot = 0;
> -    ret = mmu6xx_get_physical_address(env, &ctx, eaddr, &hash, &key,
> +    ret = mmu6xx_get_physical_address(env, raddrp, protp, eaddr, &hash, &key,
>                                        access_type, type);
>      if (ret == 0) {
> -        *raddrp = ctx.raddr;
> -        *protp = ctx.prot;
>          *psizep = TARGET_PAGE_BITS;
>          return true;
>      } else if (!guest_visible) {

Re: [PATCH 28/43] target/ppc/mmu-hash32.c: Inline and remove ppc_hash32_pte_raddr()

[Nicholas Piggin]

On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
> This function is used only once and does not add more clarity than
> doing it inline.
>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>

Ah, not really sure I agree. Yes I suppose in this case because it
has that comment. But you could instead remove the comment and
leave the function there (because the comment is redundant with
the function name), and then your main function is 1 line
instead of 4.

Don't remove functions just because they're called once, if they
are a nice self-contained and well named thing. But okay for here
I suppose.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

> ---
>  target/ppc/mmu-hash32.c | 18 +++++-------------
>  1 file changed, 5 insertions(+), 13 deletions(-)
>
> diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
> index 6f0f0bbb00..c4de1647e2 100644
> --- a/target/ppc/mmu-hash32.c
> +++ b/target/ppc/mmu-hash32.c
> @@ -298,15 +298,6 @@ static hwaddr ppc_hash32_htab_lookup(PowerPCCPU *cpu,
>      return pte_offset;
>  }
>  
> -static hwaddr ppc_hash32_pte_raddr(target_ulong sr, ppc_hash_pte32_t pte,
> -                                   target_ulong eaddr)
> -{
> -    hwaddr rpn = pte.pte1 & HPTE32_R_RPN;
> -    hwaddr mask = ~TARGET_PAGE_MASK;
> -
> -    return (rpn & ~mask) | (eaddr & mask);
> -}
> -
>  bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
>                        hwaddr *raddrp, int *psizep, int *protp, int mmu_idx,
>                        bool guest_visible)
> @@ -440,11 +431,12 @@ bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
>               */
>              prot &= ~PAGE_WRITE;
>          }
> -     }
> +    }
> +    *protp = prot;
>  
>      /* 9. Determine the real address from the PTE */
> -
> -    *raddrp = ppc_hash32_pte_raddr(sr, pte, eaddr);
> -    *protp = prot;
> +    *raddrp = pte.pte1 & HPTE32_R_RPN;
> +    *raddrp &= TARGET_PAGE_MASK;
> +    *raddrp |= eaddr & ~TARGET_PAGE_MASK;
>      return true;
>  }

Re: [PATCH 29/43] target/ppc/mmu-hash32.c: Move get_pteg_offset32() to the header

[Nicholas Piggin]

On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
> This function is a simple shared function, move it to other similar
> static inline functions in the header.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu-hash32.c | 7 -------
>  target/ppc/mmu-hash32.h | 6 +++++-
>  2 files changed, 5 insertions(+), 8 deletions(-)
>
> diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
> index c4de1647e2..44b16142ab 100644
> --- a/target/ppc/mmu-hash32.c
> +++ b/target/ppc/mmu-hash32.c
> @@ -201,13 +201,6 @@ static bool ppc_hash32_direct_store(PowerPCCPU *cpu, target_ulong sr,
>      return false;
>  }
>  
> -hwaddr get_pteg_offset32(PowerPCCPU *cpu, hwaddr hash)
> -{
> -    target_ulong mask = ppc_hash32_hpt_mask(cpu);
> -
> -    return (hash * HASH_PTEG_SIZE_32) & mask;
> -}
> -
>  static hwaddr ppc_hash32_pteg_search(PowerPCCPU *cpu, hwaddr pteg_off,
>                                       bool secondary, target_ulong ptem,
>                                       ppc_hash_pte32_t *pte)
> diff --git a/target/ppc/mmu-hash32.h b/target/ppc/mmu-hash32.h
> index bd75f7d647..2838de031c 100644
> --- a/target/ppc/mmu-hash32.h
> +++ b/target/ppc/mmu-hash32.h
> @@ -3,7 +3,6 @@
>  
>  #ifndef CONFIG_USER_ONLY
>  
> -hwaddr get_pteg_offset32(PowerPCCPU *cpu, hwaddr hash);
>  bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
>                        hwaddr *raddrp, int *psizep, int *protp, int mmu_idx,
>                        bool guest_visible);
> @@ -102,6 +101,11 @@ static inline void ppc_hash32_store_hpte1(PowerPCCPU *cpu,
>      stl_phys(CPU(cpu)->as, base + pte_offset + HASH_PTE_SIZE_32 / 2, pte1);
>  }
>  
> +static inline hwaddr get_pteg_offset32(PowerPCCPU *cpu, hwaddr hash)
> +{
> +    return (hash * HASH_PTEG_SIZE_32) & ppc_hash32_hpt_mask(cpu);
> +}
> +
>  static inline bool ppc_hash32_key(bool pr, target_ulong sr)
>  {
>      return pr ? (sr & SR32_KP) : (sr & SR32_KS);

Re: [PATCH 30/43] target/ppc: Unexport some functions from mmu-book3s-v3.h

[Nicholas Piggin]

On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
> The ppc_hash64_hpt_base() and ppc_hash64_hpt_mask() functions are
> mostly used by mmu-hash64.c only but there is one call to
> ppc_hash64_hpt_mask() in hw/ppc/spapr_vhyp_mmu.c.in a helper function
> that can be moved to mmu-hash64.c which allows these functions to be
> removed from the header.
>

Fine. Probably too big to inline anyway.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  hw/ppc/spapr_vhyp_mmu.c    | 21 ++++------------
>  target/ppc/mmu-book3s-v3.h | 40 -------------------------------
>  target/ppc/mmu-hash64.c    | 49 ++++++++++++++++++++++++++++++++++++++
>  target/ppc/mmu-hash64.h    |  1 +
>  4 files changed, 54 insertions(+), 57 deletions(-)
>
> diff --git a/hw/ppc/spapr_vhyp_mmu.c b/hw/ppc/spapr_vhyp_mmu.c
> index b3dd8b3a59..2d41d7f77b 100644
> --- a/hw/ppc/spapr_vhyp_mmu.c
> +++ b/hw/ppc/spapr_vhyp_mmu.c
> @@ -15,19 +15,6 @@
>  #include "helper_regs.h"
>  #include "hw/ppc/spapr.h"
>  #include "mmu-hash64.h"
> -#include "mmu-book3s-v3.h"
> -
> -
> -static inline bool valid_ptex(PowerPCCPU *cpu, target_ulong ptex)
> -{
> -    /*
> -     * hash value/pteg group index is normalized by HPT mask
> -     */
> -    if (((ptex & ~7ULL) / HPTES_PER_GROUP) & ~ppc_hash64_hpt_mask(cpu)) {
> -        return false;
> -    }
> -    return true;
> -}
>  
>  static target_ulong h_enter(PowerPCCPU *cpu, SpaprMachineState *spapr,
>                              target_ulong opcode, target_ulong *args)
> @@ -70,7 +57,7 @@ static target_ulong h_enter(PowerPCCPU *cpu, SpaprMachineState *spapr,
>  
>      pteh &= ~0x60ULL;
>  
> -    if (!valid_ptex(cpu, ptex)) {
> +    if (!ppc_hash64_valid_ptex(cpu, ptex)) {
>          return H_PARAMETER;
>      }
>  
> @@ -119,7 +106,7 @@ static RemoveResult remove_hpte(PowerPCCPU *cpu
>      const ppc_hash_pte64_t *hptes;
>      target_ulong v, r;
>  
> -    if (!valid_ptex(cpu, ptex)) {
> +    if (!ppc_hash64_valid_ptex(cpu, ptex)) {
>          return REMOVE_PARM;
>      }
>  
> @@ -250,7 +237,7 @@ static target_ulong h_protect(PowerPCCPU *cpu, SpaprMachineState *spapr,
>      const ppc_hash_pte64_t *hptes;
>      target_ulong v, r;
>  
> -    if (!valid_ptex(cpu, ptex)) {
> +    if (!ppc_hash64_valid_ptex(cpu, ptex)) {
>          return H_PARAMETER;
>      }
>  
> @@ -287,7 +274,7 @@ static target_ulong h_read(PowerPCCPU *cpu, SpaprMachineState *spapr,
>      int i, ridx, n_entries = 1;
>      const ppc_hash_pte64_t *hptes;
>  
> -    if (!valid_ptex(cpu, ptex)) {
> +    if (!ppc_hash64_valid_ptex(cpu, ptex)) {
>          return H_PARAMETER;
>      }
>  
> diff --git a/target/ppc/mmu-book3s-v3.h b/target/ppc/mmu-book3s-v3.h
> index f3f7993958..263ce55c1f 100644
> --- a/target/ppc/mmu-book3s-v3.h
> +++ b/target/ppc/mmu-book3s-v3.h
> @@ -83,46 +83,6 @@ static inline bool ppc64_v3_radix(PowerPCCPU *cpu)
>      return !!(cpu->env.spr[SPR_LPCR] & LPCR_HR);
>  }
>  
> -static inline hwaddr ppc_hash64_hpt_base(PowerPCCPU *cpu)
> -{
> -    uint64_t base;
> -
> -    if (cpu->vhyp) {
> -        return 0;
> -    }
> -    if (cpu->env.mmu_model == POWERPC_MMU_3_00) {
> -        ppc_v3_pate_t pate;
> -
> -        if (!ppc64_v3_get_pate(cpu, cpu->env.spr[SPR_LPIDR], &pate)) {
> -            return 0;
> -        }
> -        base = pate.dw0;
> -    } else {
> -        base = cpu->env.spr[SPR_SDR1];
> -    }
> -    return base & SDR_64_HTABORG;
> -}
> -
> -static inline hwaddr ppc_hash64_hpt_mask(PowerPCCPU *cpu)
> -{
> -    uint64_t base;
> -
> -    if (cpu->vhyp) {
> -        return cpu->vhyp_class->hpt_mask(cpu->vhyp);
> -    }
> -    if (cpu->env.mmu_model == POWERPC_MMU_3_00) {
> -        ppc_v3_pate_t pate;
> -
> -        if (!ppc64_v3_get_pate(cpu, cpu->env.spr[SPR_LPIDR], &pate)) {
> -            return 0;
> -        }
> -        base = pate.dw0;
> -    } else {
> -        base = cpu->env.spr[SPR_SDR1];
> -    }
> -    return (1ULL << ((base & SDR_64_HTABSIZE) + 18 - 7)) - 1;
> -}
> -
>  #endif /* TARGET_PPC64 */
>  
>  #endif /* CONFIG_USER_ONLY */
> diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
> index cbc8efa0c3..7bc0323f26 100644
> --- a/target/ppc/mmu-hash64.c
> +++ b/target/ppc/mmu-hash64.c
> @@ -508,6 +508,46 @@ static int ppc_hash64_amr_prot(PowerPCCPU *cpu, ppc_hash_pte64_t pte)
>      return prot;
>  }
>  
> +static hwaddr ppc_hash64_hpt_base(PowerPCCPU *cpu)
> +{
> +    uint64_t base;
> +
> +    if (cpu->vhyp) {
> +        return 0;
> +    }
> +    if (cpu->env.mmu_model == POWERPC_MMU_3_00) {
> +        ppc_v3_pate_t pate;
> +
> +        if (!ppc64_v3_get_pate(cpu, cpu->env.spr[SPR_LPIDR], &pate)) {
> +            return 0;
> +        }
> +        base = pate.dw0;
> +    } else {
> +        base = cpu->env.spr[SPR_SDR1];
> +    }
> +    return base & SDR_64_HTABORG;
> +}
> +
> +static hwaddr ppc_hash64_hpt_mask(PowerPCCPU *cpu)
> +{
> +    uint64_t base;
> +
> +    if (cpu->vhyp) {
> +        return cpu->vhyp_class->hpt_mask(cpu->vhyp);
> +    }
> +    if (cpu->env.mmu_model == POWERPC_MMU_3_00) {
> +        ppc_v3_pate_t pate;
> +
> +        if (!ppc64_v3_get_pate(cpu, cpu->env.spr[SPR_LPIDR], &pate)) {
> +            return 0;
> +        }
> +        base = pate.dw0;
> +    } else {
> +        base = cpu->env.spr[SPR_SDR1];
> +    }
> +    return (1ULL << ((base & SDR_64_HTABSIZE) + 18 - 7)) - 1;
> +}
> +
>  const ppc_hash_pte64_t *ppc_hash64_map_hptes(PowerPCCPU *cpu,
>                                               hwaddr ptex, int n)
>  {
> @@ -545,6 +585,15 @@ void ppc_hash64_unmap_hptes(PowerPCCPU *cpu, const ppc_hash_pte64_t *hptes,
>                          false, n * HASH_PTE_SIZE_64);
>  }
>  
> +bool ppc_hash64_valid_ptex(PowerPCCPU *cpu, target_ulong ptex)
> +{
> +    /* hash value/pteg group index is normalized by HPT mask */
> +    if (((ptex & ~7ULL) / HPTES_PER_GROUP) & ~ppc_hash64_hpt_mask(cpu)) {
> +        return false;
> +    }
> +    return true;
> +}
> +
>  static unsigned hpte_page_shift(const PPCHash64SegmentPageSizes *sps,
>                                  uint64_t pte0, uint64_t pte1)
>  {
> diff --git a/target/ppc/mmu-hash64.h b/target/ppc/mmu-hash64.h
> index de653fcae5..ae8d4b37ae 100644
> --- a/target/ppc/mmu-hash64.h
> +++ b/target/ppc/mmu-hash64.h
> @@ -120,6 +120,7 @@ const ppc_hash_pte64_t *ppc_hash64_map_hptes(PowerPCCPU *cpu,
>                                               hwaddr ptex, int n);
>  void ppc_hash64_unmap_hptes(PowerPCCPU *cpu, const ppc_hash_pte64_t *hptes,
>                              hwaddr ptex, int n);
> +bool ppc_hash64_valid_ptex(PowerPCCPU *cpu, target_ulong ptex);
>  
>  static inline uint64_t ppc_hash64_hpte0(PowerPCCPU *cpu,
>                                          const ppc_hash_pte64_t *hptes, int i)

Re: [PATCH 31/43] target/ppc/mmu-radix64: Remove externally unused parts from header

[Nicholas Piggin]

On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
> Move the parts not needed outside of mmu-radix64.c from the header to
> the C file to leave only parts in the header that need to be exported.
> Also drop unneded include of this header.
>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>

Acked-by: Nicholas Piggin <npiggin@gmail.com>

> ---
>  target/ppc/mmu-book3s-v3.c |  1 -
>  target/ppc/mmu-radix64.c   | 49 +++++++++++++++++++++++++++++++++++
>  target/ppc/mmu-radix64.h   | 53 +-------------------------------------
>  3 files changed, 50 insertions(+), 53 deletions(-)
>
> diff --git a/target/ppc/mmu-book3s-v3.c b/target/ppc/mmu-book3s-v3.c
> index c8f69b3df9..a812cb5113 100644
> --- a/target/ppc/mmu-book3s-v3.c
> +++ b/target/ppc/mmu-book3s-v3.c
> @@ -21,7 +21,6 @@
>  #include "cpu.h"
>  #include "mmu-hash64.h"
>  #include "mmu-book3s-v3.h"
> -#include "mmu-radix64.h"
>  
>  bool ppc64_v3_get_pate(PowerPCCPU *cpu, target_ulong lpid, ppc_v3_pate_t *entry)
>  {
> diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c
> index 5a02e4963b..cf9619e847 100644
> --- a/target/ppc/mmu-radix64.c
> +++ b/target/ppc/mmu-radix64.c
> @@ -29,6 +29,37 @@
>  #include "mmu-radix64.h"
>  #include "mmu-book3s-v3.h"
>  
> +/* Radix Partition Table Entry Fields */
> +#define PATE1_R_PRTB           0x0FFFFFFFFFFFF000
> +#define PATE1_R_PRTS           0x000000000000001F
> +
> +/* Radix Process Table Entry Fields */
> +#define PRTBE_R_GET_RTS(rts) \
> +    ((((rts >> 58) & 0x18) | ((rts >> 5) & 0x7)) + 31)
> +#define PRTBE_R_RPDB            0x0FFFFFFFFFFFFF00
> +#define PRTBE_R_RPDS            0x000000000000001F
> +
> +/* Radix Page Directory/Table Entry Fields */
> +#define R_PTE_VALID             0x8000000000000000
> +#define R_PTE_LEAF              0x4000000000000000
> +#define R_PTE_SW0               0x2000000000000000
> +#define R_PTE_RPN               0x01FFFFFFFFFFF000
> +#define R_PTE_SW1               0x0000000000000E00
> +#define R_GET_SW(sw)            (((sw >> 58) & 0x8) | ((sw >> 9) & 0x7))
> +#define R_PTE_R                 0x0000000000000100
> +#define R_PTE_C                 0x0000000000000080
> +#define R_PTE_ATT               0x0000000000000030
> +#define R_PTE_ATT_NORMAL        0x0000000000000000
> +#define R_PTE_ATT_SAO           0x0000000000000010
> +#define R_PTE_ATT_NI_IO         0x0000000000000020
> +#define R_PTE_ATT_TOLERANT_IO   0x0000000000000030
> +#define R_PTE_EAA_PRIV          0x0000000000000008
> +#define R_PTE_EAA_R             0x0000000000000004
> +#define R_PTE_EAA_RW            0x0000000000000002
> +#define R_PTE_EAA_X             0x0000000000000001
> +#define R_PDE_NLB               PRTBE_R_RPDB
> +#define R_PDE_NLS               PRTBE_R_RPDS
> +
>  static bool ppc_radix64_get_fully_qualified_addr(const CPUPPCState *env,
>                                                   vaddr eaddr,
>                                                   uint64_t *lpid, uint64_t *pid)
> @@ -180,6 +211,24 @@ static void ppc_radix64_raise_hsi(PowerPCCPU *cpu, MMUAccessType access_type,
>      }
>  }
>  
> +static int ppc_radix64_get_prot_eaa(uint64_t pte)
> +{
> +    return (pte & R_PTE_EAA_R ? PAGE_READ : 0) |
> +           (pte & R_PTE_EAA_RW ? PAGE_READ | PAGE_WRITE : 0) |
> +           (pte & R_PTE_EAA_X ? PAGE_EXEC : 0);
> +}
> +
> +static int ppc_radix64_get_prot_amr(const PowerPCCPU *cpu)
> +{
> +    const CPUPPCState *env = &cpu->env;
> +    int amr = env->spr[SPR_AMR] >> 62; /* We only care about key0 AMR63:62 */
> +    int iamr = env->spr[SPR_IAMR] >> 62; /* We only care about key0 IAMR63:62 */
> +
> +    return (amr & 0x2 ? 0 : PAGE_WRITE) | /* Access denied if bit is set */
> +           (amr & 0x1 ? 0 : PAGE_READ) |
> +           (iamr & 0x1 ? 0 : PAGE_EXEC);
> +}
> +
>  static bool ppc_radix64_check_prot(PowerPCCPU *cpu, MMUAccessType access_type,
>                                     uint64_t pte, int *fault_cause, int *prot,
>                                     int mmu_idx, bool partition_scoped)
> diff --git a/target/ppc/mmu-radix64.h b/target/ppc/mmu-radix64.h
> index c5c04a1527..6620b3d648 100644
> --- a/target/ppc/mmu-radix64.h
> +++ b/target/ppc/mmu-radix64.h
> @@ -3,7 +3,7 @@
>  
>  #ifndef CONFIG_USER_ONLY
>  
> -#include "exec/page-protection.h"
> +#ifdef TARGET_PPC64
>  
>  /* Radix Quadrants */
>  #define R_EADDR_MASK            0x3FFFFFFFFFFFFFFF
> @@ -14,61 +14,10 @@
>  #define R_EADDR_QUADRANT2       0x8000000000000000
>  #define R_EADDR_QUADRANT3       0xC000000000000000
>  
> -/* Radix Partition Table Entry Fields */
> -#define PATE1_R_PRTB           0x0FFFFFFFFFFFF000
> -#define PATE1_R_PRTS           0x000000000000001F
> -
> -/* Radix Process Table Entry Fields */
> -#define PRTBE_R_GET_RTS(rts) \
> -    ((((rts >> 58) & 0x18) | ((rts >> 5) & 0x7)) + 31)
> -#define PRTBE_R_RPDB            0x0FFFFFFFFFFFFF00
> -#define PRTBE_R_RPDS            0x000000000000001F
> -
> -/* Radix Page Directory/Table Entry Fields */
> -#define R_PTE_VALID             0x8000000000000000
> -#define R_PTE_LEAF              0x4000000000000000
> -#define R_PTE_SW0               0x2000000000000000
> -#define R_PTE_RPN               0x01FFFFFFFFFFF000
> -#define R_PTE_SW1               0x0000000000000E00
> -#define R_GET_SW(sw)            (((sw >> 58) & 0x8) | ((sw >> 9) & 0x7))
> -#define R_PTE_R                 0x0000000000000100
> -#define R_PTE_C                 0x0000000000000080
> -#define R_PTE_ATT               0x0000000000000030
> -#define R_PTE_ATT_NORMAL        0x0000000000000000
> -#define R_PTE_ATT_SAO           0x0000000000000010
> -#define R_PTE_ATT_NI_IO         0x0000000000000020
> -#define R_PTE_ATT_TOLERANT_IO   0x0000000000000030
> -#define R_PTE_EAA_PRIV          0x0000000000000008
> -#define R_PTE_EAA_R             0x0000000000000004
> -#define R_PTE_EAA_RW            0x0000000000000002
> -#define R_PTE_EAA_X             0x0000000000000001
> -#define R_PDE_NLB               PRTBE_R_RPDB
> -#define R_PDE_NLS               PRTBE_R_RPDS
> -
> -#ifdef TARGET_PPC64
> -
>  bool ppc_radix64_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
>                         hwaddr *raddr, int *psizep, int *protp, int mmu_idx,
>                         bool guest_visible);
>  
> -static inline int ppc_radix64_get_prot_eaa(uint64_t pte)
> -{
> -    return (pte & R_PTE_EAA_R ? PAGE_READ : 0) |
> -           (pte & R_PTE_EAA_RW ? PAGE_READ | PAGE_WRITE : 0) |
> -           (pte & R_PTE_EAA_X ? PAGE_EXEC : 0);
> -}
> -
> -static inline int ppc_radix64_get_prot_amr(const PowerPCCPU *cpu)
> -{
> -    const CPUPPCState *env = &cpu->env;
> -    int amr = env->spr[SPR_AMR] >> 62; /* We only care about key0 AMR63:62 */
> -    int iamr = env->spr[SPR_IAMR] >> 62; /* We only care about key0 IAMR63:62 */
> -
> -    return (amr & 0x2 ? 0 : PAGE_WRITE) | /* Access denied if bit is set */
> -           (amr & 0x1 ? 0 : PAGE_READ) |
> -           (iamr & 0x1 ? 0 : PAGE_EXEC);
> -}
> -
>  #endif /* TARGET_PPC64 */
>  
>  #endif /* CONFIG_USER_ONLY */

Re: [PATCH 32/43] target/ppc: Remove includes from mmu-book3s-v3.h

[Nicholas Piggin]

On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
> Drop includes from header that is not needed by the header itself and
> only include them from C files that really need it.

Acked-by: Nicholas Piggin <npiggin@gmail.com>

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu-book3s-v3.h | 3 ---
>  target/ppc/mmu-hash64.c    | 1 +
>  target/ppc/mmu-radix64.c   | 1 +
>  3 files changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/target/ppc/mmu-book3s-v3.h b/target/ppc/mmu-book3s-v3.h
> index 263ce55c1f..be66e26604 100644
> --- a/target/ppc/mmu-book3s-v3.h
> +++ b/target/ppc/mmu-book3s-v3.h
> @@ -20,9 +20,6 @@
>  #ifndef PPC_MMU_BOOK3S_V3_H
>  #define PPC_MMU_BOOK3S_V3_H
>  
> -#include "mmu-hash64.h"
> -#include "mmu-books.h"
> -
>  #ifndef CONFIG_USER_ONLY
>  
>  /*
> diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
> index 7bc0323f26..5e1983e334 100644
> --- a/target/ppc/mmu-hash64.c
> +++ b/target/ppc/mmu-hash64.c
> @@ -31,6 +31,7 @@
>  #include "hw/hw.h"
>  #include "internal.h"
>  #include "mmu-book3s-v3.h"
> +#include "mmu-books.h"
>  #include "helper_regs.h"
>  
>  #ifdef CONFIG_TCG
> diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c
> index cf9619e847..be7a45f254 100644
> --- a/target/ppc/mmu-radix64.c
> +++ b/target/ppc/mmu-radix64.c
> @@ -28,6 +28,7 @@
>  #include "internal.h"
>  #include "mmu-radix64.h"
>  #include "mmu-book3s-v3.h"
> +#include "mmu-books.h"
>  
>  /* Radix Partition Table Entry Fields */
>  #define PATE1_R_PRTB           0x0FFFFFFFFFFFF000

Re: [PATCH 33/43] target/ppc: Remove single use static inline function

[Nicholas Piggin]

On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
> The ger_pack_masks() function is only used once and the inverse of
> this operation is already inlined so it can be inlined too in the only
> caller and removed from the header.

Is this needed for later patches? I might prefer to keep it, even
move it into vsx-impl.c.inc and pull its inverse out into its own
function too even.

Thanks,
Nick

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/internal.h               | 9 ---------
>  target/ppc/translate/vsx-impl.c.inc | 6 ++++--
>  2 files changed, 4 insertions(+), 11 deletions(-)
>
> diff --git a/target/ppc/internal.h b/target/ppc/internal.h
> index 20fb2ec593..8e5a241f74 100644
> --- a/target/ppc/internal.h
> +++ b/target/ppc/internal.h
> @@ -293,13 +293,4 @@ FIELD(GER_MSK, XMSK, 0, 4)
>  FIELD(GER_MSK, YMSK, 4, 4)
>  FIELD(GER_MSK, PMSK, 8, 8)
>  
> -static inline int ger_pack_masks(int pmsk, int ymsk, int xmsk)
> -{
> -    int msk = 0;
> -    msk = FIELD_DP32(msk, GER_MSK, XMSK, xmsk);
> -    msk = FIELD_DP32(msk, GER_MSK, YMSK, ymsk);
> -    msk = FIELD_DP32(msk, GER_MSK, PMSK, pmsk);
> -    return msk;
> -}
> -
>  #endif /* PPC_INTERNAL_H */
> diff --git a/target/ppc/translate/vsx-impl.c.inc b/target/ppc/translate/vsx-impl.c.inc
> index 0266f09119..62950d348a 100644
> --- a/target/ppc/translate/vsx-impl.c.inc
> +++ b/target/ppc/translate/vsx-impl.c.inc
> @@ -2819,7 +2819,7 @@ static bool trans_XXSETACCZ(DisasContext *ctx, arg_X_a *a)
>  static bool do_ger(DisasContext *ctx, arg_MMIRR_XX3 *a,
>      void (*helper)(TCGv_env, TCGv_ptr, TCGv_ptr, TCGv_ptr, TCGv_i32))
>  {
> -    uint32_t mask;
> +    uint32_t mask = 0;
>      TCGv_ptr xt, xa, xb;
>      REQUIRE_INSNS_FLAGS2(ctx, ISA310);
>      REQUIRE_VSX(ctx);
> @@ -2832,7 +2832,9 @@ static bool do_ger(DisasContext *ctx, arg_MMIRR_XX3 *a,
>      xa = gen_vsr_ptr(a->xa);
>      xb = gen_vsr_ptr(a->xb);
>  
> -    mask = ger_pack_masks(a->pmsk, a->ymsk, a->xmsk);
> +    mask = FIELD_DP32(mask, GER_MSK, XMSK, a->xmsk);
> +    mask = FIELD_DP32(mask, GER_MSK, YMSK, a->ymsk);
> +    mask = FIELD_DP32(mask, GER_MSK, PMSK, a->pmsk);
>      helper(tcg_env, xa, xb, xt, tcg_constant_i32(mask));
>      return true;
>  }

Re: [PATCH 35/43] target/ppc/mmu-hash32.c: Change parameter type of ppc_hash32_bat_lookup()

[Nicholas Piggin]

On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
> This function takes PowerPCCPU but only needs the env from it. Change
> its parameter to CPUPPCState *env.
>

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu-hash32.c | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
> index 44b16142ab..a2c0ac05d2 100644
> --- a/target/ppc/mmu-hash32.c
> +++ b/target/ppc/mmu-hash32.c
> @@ -48,11 +48,10 @@ static target_ulong hash32_bat_size(int mmu_idx,
>      return BATU32_BEPI & ~((batu & BATU32_BL) << 15);
>  }
>  
> -static hwaddr ppc_hash32_bat_lookup(PowerPCCPU *cpu, target_ulong ea,
> +static hwaddr ppc_hash32_bat_lookup(CPUPPCState *env, target_ulong ea,
>                                      MMUAccessType access_type, int *prot,
>                                      int mmu_idx)
>  {
> -    CPUPPCState *env = &cpu->env;
>      target_ulong *BATlt, *BATut;
>      bool ifetch = access_type == MMU_INST_FETCH;
>      int i;
> @@ -316,7 +315,7 @@ bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
>  
>      /* 2. Check Block Address Translation entries (BATs) */
>      if (env->nb_BATs != 0) {
> -        raddr = ppc_hash32_bat_lookup(cpu, eaddr, access_type, protp, mmu_idx);
> +        raddr = ppc_hash32_bat_lookup(env, eaddr, access_type, protp, mmu_idx);
>          if (raddr != -1) {
>              if (!check_prot_access_type(*protp, access_type)) {
>                  if (guest_visible) {

Re: [PATCH 36/43] target/ppc/mmu-hash32: Remove some static inlines from header

[Nicholas Piggin]

On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
> Two of these are not used anywhere and the other two are used only
> once and can be inlined and removed from the header.

I'd prefer to put these in the .c file. Probably calculating the
base once would generate marginally better code since it would not
have to keep reloading it (since there is a barrier there it can't
cache the value).

Thanks,
Nick

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu-hash32.c |  5 +++--
>  target/ppc/mmu-hash32.h | 32 --------------------------------
>  2 files changed, 3 insertions(+), 34 deletions(-)
>
> diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
> index a2c0ac05d2..7a6a674f8a 100644
> --- a/target/ppc/mmu-hash32.c
> +++ b/target/ppc/mmu-hash32.c
> @@ -206,17 +206,18 @@ static hwaddr ppc_hash32_pteg_search(PowerPCCPU *cpu, hwaddr pteg_off,
>  {
>      hwaddr pte_offset = pteg_off;
>      target_ulong pte0, pte1;
> +    hwaddr base = ppc_hash32_hpt_base(cpu);
>      int i;
>  
>      for (i = 0; i < HPTES_PER_GROUP; i++) {
> -        pte0 = ppc_hash32_load_hpte0(cpu, pte_offset);
> +        pte0 = ldl_phys(CPU(cpu)->as, base + pte_offset);
>          /*
>           * pte0 contains the valid bit and must be read before pte1,
>           * otherwise we might see an old pte1 with a new valid bit and
>           * thus an inconsistent hpte value
>           */
>          smp_rmb();
> -        pte1 = ppc_hash32_load_hpte1(cpu, pte_offset);
> +        pte1 = ldl_phys(CPU(cpu)->as, base + pte_offset + HASH_PTE_SIZE_32 / 2);
>  
>          if ((pte0 & HPTE32_V_VALID)
>              && (secondary == !!(pte0 & HPTE32_V_SECONDARY))
> diff --git a/target/ppc/mmu-hash32.h b/target/ppc/mmu-hash32.h
> index 2838de031c..4db55fb0a0 100644
> --- a/target/ppc/mmu-hash32.h
> +++ b/target/ppc/mmu-hash32.h
> @@ -69,38 +69,6 @@ static inline hwaddr ppc_hash32_hpt_mask(PowerPCCPU *cpu)
>      return ((cpu->env.spr[SPR_SDR1] & SDR_32_HTABMASK) << 16) | 0xFFFF;
>  }
>  
> -static inline target_ulong ppc_hash32_load_hpte0(PowerPCCPU *cpu,
> -                                                 hwaddr pte_offset)
> -{
> -    target_ulong base = ppc_hash32_hpt_base(cpu);
> -
> -    return ldl_phys(CPU(cpu)->as, base + pte_offset);
> -}
> -
> -static inline target_ulong ppc_hash32_load_hpte1(PowerPCCPU *cpu,
> -                                                 hwaddr pte_offset)
> -{
> -    target_ulong base = ppc_hash32_hpt_base(cpu);
> -
> -    return ldl_phys(CPU(cpu)->as, base + pte_offset + HASH_PTE_SIZE_32 / 2);
> -}
> -
> -static inline void ppc_hash32_store_hpte0(PowerPCCPU *cpu,
> -                                          hwaddr pte_offset, target_ulong pte0)
> -{
> -    target_ulong base = ppc_hash32_hpt_base(cpu);
> -
> -    stl_phys(CPU(cpu)->as, base + pte_offset, pte0);
> -}
> -
> -static inline void ppc_hash32_store_hpte1(PowerPCCPU *cpu,
> -                                          hwaddr pte_offset, target_ulong pte1)
> -{
> -    target_ulong base = ppc_hash32_hpt_base(cpu);
> -
> -    stl_phys(CPU(cpu)->as, base + pte_offset + HASH_PTE_SIZE_32 / 2, pte1);
> -}
> -
>  static inline hwaddr get_pteg_offset32(PowerPCCPU *cpu, hwaddr hash)
>  {
>      return (hash * HASH_PTEG_SIZE_32) & ppc_hash32_hpt_mask(cpu);

Re: [PATCH 37/43] target/ppc/mmu-hash32.c: Return and use pte address instead of base + offset

[Nicholas Piggin]

On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
> Change ppc_hash32_pteg_search() to return pte address instead of an
> offset to avoid needing to get the base and add offset to it when we
> already have the address we need.

I think this looks good, but would need small rebase if the previous
patch is changed.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu-hash32.c | 51 ++++++++++++++++-------------------------
>  1 file changed, 20 insertions(+), 31 deletions(-)
>
> diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
> index 7a6a674f8a..cc1e790d0e 100644
> --- a/target/ppc/mmu-hash32.c
> +++ b/target/ppc/mmu-hash32.c
> @@ -204,58 +204,48 @@ static hwaddr ppc_hash32_pteg_search(PowerPCCPU *cpu, hwaddr pteg_off,
>                                       bool secondary, target_ulong ptem,
>                                       ppc_hash_pte32_t *pte)
>  {
> -    hwaddr pte_offset = pteg_off;
> +    hwaddr pte_addr = ppc_hash32_hpt_base(cpu) + pteg_off;
>      target_ulong pte0, pte1;
> -    hwaddr base = ppc_hash32_hpt_base(cpu);
>      int i;
>  
> -    for (i = 0; i < HPTES_PER_GROUP; i++) {
> -        pte0 = ldl_phys(CPU(cpu)->as, base + pte_offset);
> +    for (i = 0; i < HPTES_PER_GROUP; i++, pte_addr += HASH_PTE_SIZE_32) {
> +        pte0 = ldl_phys(CPU(cpu)->as, pte_addr);
>          /*
>           * pte0 contains the valid bit and must be read before pte1,
>           * otherwise we might see an old pte1 with a new valid bit and
>           * thus an inconsistent hpte value
>           */
>          smp_rmb();
> -        pte1 = ldl_phys(CPU(cpu)->as, base + pte_offset + HASH_PTE_SIZE_32 / 2);
> +        pte1 = ldl_phys(CPU(cpu)->as, pte_addr + HASH_PTE_SIZE_32 / 2);
>  
>          if ((pte0 & HPTE32_V_VALID)
>              && (secondary == !!(pte0 & HPTE32_V_SECONDARY))
>              && HPTE32_V_COMPARE(pte0, ptem)) {
>              pte->pte0 = pte0;
>              pte->pte1 = pte1;
> -            return pte_offset;
> +            return pte_addr;
>          }
> -
> -        pte_offset += HASH_PTE_SIZE_32;
>      }
> -
>      return -1;
>  }
>  
> -static void ppc_hash32_set_r(PowerPCCPU *cpu, hwaddr pte_offset, uint32_t pte1)
> +static void ppc_hash32_set_r(PowerPCCPU *cpu, hwaddr pte_addr, uint32_t pte1)
>  {
> -    target_ulong base = ppc_hash32_hpt_base(cpu);
> -    hwaddr offset = pte_offset + 6;
> -
>      /* The HW performs a non-atomic byte update */
> -    stb_phys(CPU(cpu)->as, base + offset, ((pte1 >> 8) & 0xff) | 0x01);
> +    stb_phys(CPU(cpu)->as, pte_addr + 6, ((pte1 >> 8) & 0xff) | 0x01);
>  }
>  
> -static void ppc_hash32_set_c(PowerPCCPU *cpu, hwaddr pte_offset, uint64_t pte1)
> +static void ppc_hash32_set_c(PowerPCCPU *cpu, hwaddr pte_addr, uint64_t pte1)
>  {
> -    target_ulong base = ppc_hash32_hpt_base(cpu);
> -    hwaddr offset = pte_offset + 7;
> -
>      /* The HW performs a non-atomic byte update */
> -    stb_phys(CPU(cpu)->as, base + offset, (pte1 & 0xff) | 0x80);
> +    stb_phys(CPU(cpu)->as, pte_addr + 7, (pte1 & 0xff) | 0x80);
>  }
>  
>  static hwaddr ppc_hash32_htab_lookup(PowerPCCPU *cpu,
>                                       target_ulong sr, target_ulong eaddr,
>                                       ppc_hash_pte32_t *pte)
>  {
> -    hwaddr pteg_off, pte_offset;
> +    hwaddr pteg_off, pte_addr;
>      hwaddr hash;
>      uint32_t vsid, pgidx, ptem;
>  
> @@ -277,18 +267,18 @@ static hwaddr ppc_hash32_htab_lookup(PowerPCCPU *cpu,
>              ppc_hash32_hpt_base(cpu), ppc_hash32_hpt_mask(cpu),
>              vsid, ptem, hash);
>      pteg_off = get_pteg_offset32(cpu, hash);
> -    pte_offset = ppc_hash32_pteg_search(cpu, pteg_off, 0, ptem, pte);
> -    if (pte_offset == -1) {
> +    pte_addr = ppc_hash32_pteg_search(cpu, pteg_off, 0, ptem, pte);
> +    if (pte_addr == -1) {
>          /* Secondary PTEG lookup */
>          qemu_log_mask(CPU_LOG_MMU, "1 htab=" HWADDR_FMT_plx "/" HWADDR_FMT_plx
>                  " vsid=%" PRIx32 " api=%" PRIx32
>                  " hash=" HWADDR_FMT_plx "\n", ppc_hash32_hpt_base(cpu),
>                  ppc_hash32_hpt_mask(cpu), vsid, ptem, ~hash);
>          pteg_off = get_pteg_offset32(cpu, ~hash);
> -        pte_offset = ppc_hash32_pteg_search(cpu, pteg_off, 1, ptem, pte);
> +        pte_addr = ppc_hash32_pteg_search(cpu, pteg_off, 1, ptem, pte);
>      }
>  
> -    return pte_offset;
> +    return pte_addr;
>  }
>  
>  bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
> @@ -298,7 +288,7 @@ bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
>      CPUState *cs = CPU(cpu);
>      CPUPPCState *env = &cpu->env;
>      target_ulong sr;
> -    hwaddr pte_offset, raddr;
> +    hwaddr pte_addr, raddr;
>      ppc_hash_pte32_t pte;
>      bool key;
>      int prot;
> @@ -360,8 +350,8 @@ bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
>      }
>  
>      /* 6. Locate the PTE in the hash table */
> -    pte_offset = ppc_hash32_htab_lookup(cpu, sr, eaddr, &pte);
> -    if (pte_offset == -1) {
> +    pte_addr = ppc_hash32_htab_lookup(cpu, sr, eaddr, &pte);
> +    if (pte_addr == -1) {
>          if (guest_visible) {
>              if (access_type == MMU_INST_FETCH) {
>                  cs->exception_index = POWERPC_EXCP_ISI;
> @@ -380,7 +370,7 @@ bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
>          return false;
>      }
>      qemu_log_mask(CPU_LOG_MMU,
> -                "found PTE at offset %08" HWADDR_PRIx "\n", pte_offset);
> +                  "found PTE at address %08" HWADDR_PRIx "\n", pte_addr);
>  
>      /* 7. Check access permissions */
>      key = ppc_hash32_key(mmuidx_pr(mmu_idx), sr);
> @@ -410,13 +400,12 @@ bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
>      qemu_log_mask(CPU_LOG_MMU, "PTE access granted !\n");
>  
>      /* 8. Update PTE referenced and changed bits if necessary */
> -
>      if (!(pte.pte1 & HPTE32_R_R)) {
> -        ppc_hash32_set_r(cpu, pte_offset, pte.pte1);
> +        ppc_hash32_set_r(cpu, pte_addr, pte.pte1);
>      }
>      if (!(pte.pte1 & HPTE32_R_C)) {
>          if (access_type == MMU_DATA_STORE) {
> -            ppc_hash32_set_c(cpu, pte_offset, pte.pte1);
> +            ppc_hash32_set_c(cpu, pte_addr, pte.pte1);
>          } else {
>              /*
>               * Treat the page as read-only for now, so that a later write

Re: [PATCH 39/43] target/ppc: Change parameter type of some inline functions

[Nicholas Piggin]

On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
> These functions take PowerPCCPU but only need the env from it. Change
> their parameter to CPUPPCState *env.

I suppose that's okay. Probably generates a little better code.

Acked-by: Nicholas Piggin <npiggin@gmail.com>

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  target/ppc/mmu-hash32.c | 13 +++++++------
>  target/ppc/mmu-hash32.h | 12 ++++++------
>  target/ppc/mmu_common.c | 20 +++++++++-----------
>  3 files changed, 22 insertions(+), 23 deletions(-)
>
> diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
> index 6d0adf3357..f18faf0f46 100644
> --- a/target/ppc/mmu-hash32.c
> +++ b/target/ppc/mmu-hash32.c
> @@ -244,10 +244,11 @@ static hwaddr ppc_hash32_htab_lookup(PowerPCCPU *cpu,
>                                       target_ulong sr, target_ulong eaddr,
>                                       ppc_hash_pte32_t *pte)
>  {
> +    CPUPPCState *env = &cpu->env;
>      hwaddr hpt_base, pteg_off, pte_addr, hash;
>      uint32_t vsid, pgidx, ptem;
>  
> -    hpt_base = ppc_hash32_hpt_base(cpu);
> +    hpt_base = ppc_hash32_hpt_base(env);
>      vsid = sr & SR32_VSID;
>      pgidx = (eaddr & ~SEGMENT_MASK_256M) >> TARGET_PAGE_BITS;
>      hash = vsid ^ pgidx;
> @@ -256,21 +257,21 @@ static hwaddr ppc_hash32_htab_lookup(PowerPCCPU *cpu,
>      /* Page address translation */
>      qemu_log_mask(CPU_LOG_MMU, "htab_base " HWADDR_FMT_plx " htab_mask "
>                    HWADDR_FMT_plx " hash " HWADDR_FMT_plx "\n",
> -                  hpt_base, ppc_hash32_hpt_mask(cpu), hash);
> +                  hpt_base, ppc_hash32_hpt_mask(env), hash);
>  
>      /* Primary PTEG lookup */
>      qemu_log_mask(CPU_LOG_MMU, "0 htab=" HWADDR_FMT_plx "/" HWADDR_FMT_plx
>                    " vsid=%" PRIx32 " ptem=%" PRIx32 " hash=" HWADDR_FMT_plx
> -                  "\n", hpt_base, ppc_hash32_hpt_mask(cpu), vsid, ptem, hash);
> -    pteg_off = get_pteg_offset32(cpu, hash);
> +                  "\n", hpt_base, ppc_hash32_hpt_mask(env), vsid, ptem, hash);
> +    pteg_off = get_pteg_offset32(env, hash);
>      pte_addr = ppc_hash32_pteg_search(cpu, hpt_base + pteg_off, 0, ptem, pte);
>      if (pte_addr == -1) {
>          /* Secondary PTEG lookup */
>          qemu_log_mask(CPU_LOG_MMU, "1 htab=" HWADDR_FMT_plx "/" HWADDR_FMT_plx
>                        " vsid=%" PRIx32 " api=%" PRIx32 " hash=" HWADDR_FMT_plx
> -                      "\n", hpt_base, ppc_hash32_hpt_mask(cpu), vsid, ptem,
> +                      "\n", hpt_base, ppc_hash32_hpt_mask(env), vsid, ptem,
>                        ~hash);
> -        pteg_off = get_pteg_offset32(cpu, ~hash);
> +        pteg_off = get_pteg_offset32(env, ~hash);
>          pte_addr = ppc_hash32_pteg_search(cpu, hpt_base + pteg_off, 1, ptem,
>                                            pte);
>      }
> diff --git a/target/ppc/mmu-hash32.h b/target/ppc/mmu-hash32.h
> index 4db55fb0a0..ec8d881def 100644
> --- a/target/ppc/mmu-hash32.h
> +++ b/target/ppc/mmu-hash32.h
> @@ -59,19 +59,19 @@ bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
>  #define HPTE32_R_WIMG           0x00000078
>  #define HPTE32_R_PP             0x00000003
>  
> -static inline hwaddr ppc_hash32_hpt_base(PowerPCCPU *cpu)
> +static inline hwaddr ppc_hash32_hpt_base(CPUPPCState *env)
>  {
> -    return cpu->env.spr[SPR_SDR1] & SDR_32_HTABORG;
> +    return env->spr[SPR_SDR1] & SDR_32_HTABORG;
>  }
>  
> -static inline hwaddr ppc_hash32_hpt_mask(PowerPCCPU *cpu)
> +static inline hwaddr ppc_hash32_hpt_mask(CPUPPCState *env)
>  {
> -    return ((cpu->env.spr[SPR_SDR1] & SDR_32_HTABMASK) << 16) | 0xFFFF;
> +    return ((env->spr[SPR_SDR1] & SDR_32_HTABMASK) << 16) | 0xFFFF;
>  }
>  
> -static inline hwaddr get_pteg_offset32(PowerPCCPU *cpu, hwaddr hash)
> +static inline hwaddr get_pteg_offset32(CPUPPCState *env, hwaddr hash)
>  {
> -    return (hash * HASH_PTEG_SIZE_32) & ppc_hash32_hpt_mask(cpu);
> +    return (hash * HASH_PTEG_SIZE_32) & ppc_hash32_hpt_mask(env);
>  }
>  
>  static inline bool ppc_hash32_key(bool pr, target_ulong sr)
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index 60f8736210..b45eb64f6e 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -166,8 +166,8 @@ static int ppc6xx_tlb_check(CPUPPCState *env, hwaddr *raddr, int *prot,
>  #if defined(DUMP_PAGE_TABLES)
>      if (qemu_loglevel_mask(CPU_LOG_MMU)) {
>          CPUState *cs = env_cpu(env);
> -        hwaddr base = ppc_hash32_hpt_base(env_archcpu(env));
> -        hwaddr len = ppc_hash32_hpt_mask(env_archcpu(env)) + 0x80;
> +        hwaddr base = ppc_hash32_hpt_base(env);
> +        hwaddr len = ppc_hash32_hpt_mask(env) + 0x80;
>          uint32_t a0, a1, a2, a3;
>  
>          qemu_log("Page table: " HWADDR_FMT_plx " len " HWADDR_FMT_plx "\n",
> @@ -263,7 +263,6 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, hwaddr *raddr,
>                                         hwaddr *hashp, bool *keyp,
>                                         MMUAccessType access_type, int type)
>  {
> -    PowerPCCPU *cpu = env_archcpu(env);
>      hwaddr hash;
>      target_ulong vsid, sr, pgidx, ptem;
>      bool key, ds, nx;
> @@ -305,7 +304,7 @@ static int mmu6xx_get_physical_address(CPUPPCState *env, hwaddr *raddr,
>          /* Page address translation */
>          qemu_log_mask(CPU_LOG_MMU, "htab_base " HWADDR_FMT_plx " htab_mask "
>                        HWADDR_FMT_plx " hash " HWADDR_FMT_plx "\n",
> -                      ppc_hash32_hpt_base(cpu), ppc_hash32_hpt_mask(cpu), hash);
> +                      ppc_hash32_hpt_base(env), ppc_hash32_hpt_mask(env), hash);
>          *hashp = hash;
>  
>          /* Software TLB search */
> @@ -499,13 +498,12 @@ static void mmu6xx_dump_BATs(CPUPPCState *env, int type)
>  
>  static void mmu6xx_dump_mmu(CPUPPCState *env)
>  {
> -    PowerPCCPU *cpu = env_archcpu(env);
>      ppc6xx_tlb_t *tlb;
>      target_ulong sr;
>      int type, way, entry, i;
>  
> -    qemu_printf("HTAB base = 0x%"HWADDR_PRIx"\n", ppc_hash32_hpt_base(cpu));
> -    qemu_printf("HTAB mask = 0x%"HWADDR_PRIx"\n", ppc_hash32_hpt_mask(cpu));
> +    qemu_printf("HTAB base = 0x%"HWADDR_PRIx"\n", ppc_hash32_hpt_base(env));
> +    qemu_printf("HTAB mask = 0x%"HWADDR_PRIx"\n", ppc_hash32_hpt_mask(env));
>  
>      qemu_printf("\nSegment registers:\n");
>      for (i = 0; i < 32; i++) {
> @@ -743,10 +741,10 @@ static bool ppc_6xx_xlate(PowerPCCPU *cpu, vaddr eaddr,
>              env->spr[SPR_DCMP] |= 0x80000000;
>  tlb_miss:
>              env->error_code |= key << 19;
> -            env->spr[SPR_HASH1] = ppc_hash32_hpt_base(cpu) +
> -                                  get_pteg_offset32(cpu, hash);
> -            env->spr[SPR_HASH2] = ppc_hash32_hpt_base(cpu) +
> -                                  get_pteg_offset32(cpu, ~hash);
> +            env->spr[SPR_HASH1] = ppc_hash32_hpt_base(env) +
> +                                  get_pteg_offset32(env, hash);
> +            env->spr[SPR_HASH2] = ppc_hash32_hpt_base(env) +
> +                                  get_pteg_offset32(env, ~hash);
>              break;
>          case -2:
>              /* Access rights violation */

Re: [PATCH 40/43] target/ppc: Change parameter type of ppc64_v3_radix()

[Nicholas Piggin]

On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
> This function takes PowerPCCPU but only needs the env from it. Change
> its parameter to CPUPPCState *env.

Acked-by: Nicholas Piggin <npiggin@gmail.com>

>
> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> ---
>  hw/ppc/spapr_rtas.c        | 2 +-
>  target/ppc/mmu-book3s-v3.h | 4 ++--
>  target/ppc/mmu_common.c    | 4 ++--
>  3 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
> index f329693c55..38e94fc0d7 100644
> --- a/hw/ppc/spapr_rtas.c
> +++ b/hw/ppc/spapr_rtas.c
> @@ -177,7 +177,7 @@ static void rtas_start_cpu(PowerPCCPU *callcpu, SpaprMachineState *spapr,
>           * New cpus are expected to start in the same radix/hash mode
>           * as the existing CPUs
>           */
> -        if (ppc64_v3_radix(callcpu)) {
> +        if (ppc64_v3_radix(&callcpu->env)) {
>              lpcr |= LPCR_UPRT | LPCR_GTSE | LPCR_HR;
>          } else {
>              lpcr &= ~(LPCR_UPRT | LPCR_GTSE | LPCR_HR);
> diff --git a/target/ppc/mmu-book3s-v3.h b/target/ppc/mmu-book3s-v3.h
> index be66e26604..e52129ff7f 100644
> --- a/target/ppc/mmu-book3s-v3.h
> +++ b/target/ppc/mmu-book3s-v3.h
> @@ -75,9 +75,9 @@ bool ppc64_v3_get_pate(PowerPCCPU *cpu, target_ulong lpid,
>   * dig out the partition table in the fast path. This is
>   * also how the HW uses it.
>   */
> -static inline bool ppc64_v3_radix(PowerPCCPU *cpu)
> +static inline bool ppc64_v3_radix(CPUPPCState *env)
>  {
> -    return !!(cpu->env.spr[SPR_LPCR] & LPCR_HR);
> +    return !!(env->spr[SPR_LPCR] & LPCR_HR);
>  }
>  
>  #endif /* TARGET_PPC64 */
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index b45eb64f6e..ab055ca96b 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -565,7 +565,7 @@ void dump_mmu(CPUPPCState *env)
>          dump_slb(env_archcpu(env));
>          break;
>      case POWERPC_MMU_3_00:
> -        if (ppc64_v3_radix(env_archcpu(env))) {
> +        if (ppc64_v3_radix(env)) {
>              qemu_log_mask(LOG_UNIMP, "%s: the PPC64 MMU is unsupported\n",
>                            __func__);
>          } else {
> @@ -810,7 +810,7 @@ bool ppc_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
>      switch (cpu->env.mmu_model) {
>  #if defined(TARGET_PPC64)
>      case POWERPC_MMU_3_00:
> -        if (ppc64_v3_radix(cpu)) {
> +        if (ppc64_v3_radix(&cpu->env)) {
>              return ppc_radix64_xlate(cpu, eaddr, access_type, raddrp,
>                                       psizep, protp, mmu_idx, guest_visible);
>          }

Re: [PATCH 41/43] target/ppc: Change MMU xlate functions to take CPUState

[Nicholas Piggin]

On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
> The callers of xlate functions get CPUState which is then cast to
> PowerPCCPU that is then cast back to CPUState by most xlate functions.
> Avoid this back and forth casting by passing the existing CPUState to
> xlate functions and let them convert it as needed.

I guess. Is this faster?

Thanks,
Nick

Re: [PATCH 11/43] target/ppc/mmu_common.c: Remove pte_update_flags()

[BALATON Zoltan]

On Thu, 4 Jul 2024, Nicholas Piggin wrote:
> On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
>> This function is used only once, its return value is ignored and one
>> of its parameter is a return value from a previous call. It is better
>> to inline it in the caller and remove it.
>>
>> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
>> ---
>>  target/ppc/mmu_common.c | 41 +++++++++++++----------------------------
>>  1 file changed, 13 insertions(+), 28 deletions(-)
>>
>> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
>> index e3537c63c0..c4902b7632 100644
>> --- a/target/ppc/mmu_common.c
>> +++ b/target/ppc/mmu_common.c
>> @@ -119,39 +119,14 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
>>      }
>>  }
>>
>> -static int pte_update_flags(mmu_ctx_t *ctx, target_ulong *pte1p,
>> -                            int ret, MMUAccessType access_type)
>> -{
>> -    int store = 0;
>> -
>> -    /* Update page flags */
>> -    if (!(*pte1p & 0x00000100)) {
>> -        /* Update accessed flag */
>> -        *pte1p |= 0x00000100;
>> -        store = 1;
>> -    }
>> -    if (!(*pte1p & 0x00000080)) {
>> -        if (access_type == MMU_DATA_STORE && ret == 0) {
>> -            /* Update changed flag */
>> -            *pte1p |= 0x00000080;
>> -            store = 1;
>> -        } else {
>> -            /* Force page fault for first write access */
>> -            ctx->prot &= ~PAGE_WRITE;
>> -        }
>> -    }
>> -
>> -    return store;
>> -}
>> -
>>  /* Software driven TLB helpers */
>>
>>  static int ppc6xx_tlb_check(CPUPPCState *env, mmu_ctx_t *ctx,
>>                              target_ulong eaddr, MMUAccessType access_type)
>>  {
>>      ppc6xx_tlb_t *tlb;
>> -    int nr, best, way;
>> -    int ret;
>> +    target_ulong *pte1p;
>> +    int nr, best, way, ret;
>>
>>      best = -1;
>>      ret = -1; /* No TLB found */
>> @@ -204,7 +179,17 @@ done:
>>                        " prot=%01x ret=%d\n",
>>                        ctx->raddr & TARGET_PAGE_MASK, ctx->prot, ret);
>>          /* Update page flags */
>> -        pte_update_flags(ctx, &env->tlb.tlb6[best].pte1, ret, access_type);
>> +        pte1p = &env->tlb.tlb6[best].pte1;
>> +        *pte1p |= 0x00000100; /* Update accessed flag */
>> +        if (!(*pte1p & 0x00000080)) {
>> +            if (access_type == MMU_DATA_STORE && ret == 0) {
>> +                /* Update changed flag */
>> +                *pte1p |= 0x00000080;
>> +            } else {
>> +                /* Force page fault for first write access */
>> +                ctx->prot &= ~PAGE_WRITE;
>
> Out of curiosity, I guess this unusual part is because ctx->prot can get
> PAGE_WRITE set in the bat lookup, then it has to be cleared if the PTE
> does not have changed bit?

I have no idea. I was just trying to clean up this code to make it simpler 
with this series. I think historically there was a single function that 
handled all models but as these became too different it was split up by 
MMU models. It could be some of this are remnants of some old code where 
some other model needed it and not needed any more or this could be merged 
with hash32 but I did not try to find that out, just try to make sure not 
to break it any more than it might already be broken.

Regards,
BALATON Zoltan

>> +            }
>> +        }
>>      }
>
> Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
>
>>  #if defined(DUMP_PAGE_TABLES)
>>      if (qemu_loglevel_mask(CPU_LOG_MMU)) {
>
>

Re: [PATCH 11/43] target/ppc/mmu_common.c: Remove pte_update_flags()

[Nicholas Piggin]

On Thu Jul 4, 2024 at 10:34 PM AEST, BALATON Zoltan wrote:
> On Thu, 4 Jul 2024, Nicholas Piggin wrote:
> > On Mon May 27, 2024 at 9:12 AM AEST, BALATON Zoltan wrote:
> >> This function is used only once, its return value is ignored and one
> >> of its parameter is a return value from a previous call. It is better
> >> to inline it in the caller and remove it.
> >>
> >> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
> >> ---
> >>  target/ppc/mmu_common.c | 41 +++++++++++++----------------------------
> >>  1 file changed, 13 insertions(+), 28 deletions(-)
> >>
> >> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> >> index e3537c63c0..c4902b7632 100644
> >> --- a/target/ppc/mmu_common.c
> >> +++ b/target/ppc/mmu_common.c
> >> @@ -119,39 +119,14 @@ static int ppc6xx_tlb_pte_check(mmu_ctx_t *ctx, target_ulong pte0,
> >>      }
> >>  }
> >>
> >> -static int pte_update_flags(mmu_ctx_t *ctx, target_ulong *pte1p,
> >> -                            int ret, MMUAccessType access_type)
> >> -{
> >> -    int store = 0;
> >> -
> >> -    /* Update page flags */
> >> -    if (!(*pte1p & 0x00000100)) {
> >> -        /* Update accessed flag */
> >> -        *pte1p |= 0x00000100;
> >> -        store = 1;
> >> -    }
> >> -    if (!(*pte1p & 0x00000080)) {
> >> -        if (access_type == MMU_DATA_STORE && ret == 0) {
> >> -            /* Update changed flag */
> >> -            *pte1p |= 0x00000080;
> >> -            store = 1;
> >> -        } else {
> >> -            /* Force page fault for first write access */
> >> -            ctx->prot &= ~PAGE_WRITE;
> >> -        }
> >> -    }
> >> -
> >> -    return store;
> >> -}
> >> -
> >>  /* Software driven TLB helpers */
> >>
> >>  static int ppc6xx_tlb_check(CPUPPCState *env, mmu_ctx_t *ctx,
> >>                              target_ulong eaddr, MMUAccessType access_type)
> >>  {
> >>      ppc6xx_tlb_t *tlb;
> >> -    int nr, best, way;
> >> -    int ret;
> >> +    target_ulong *pte1p;
> >> +    int nr, best, way, ret;
> >>
> >>      best = -1;
> >>      ret = -1; /* No TLB found */
> >> @@ -204,7 +179,17 @@ done:
> >>                        " prot=%01x ret=%d\n",
> >>                        ctx->raddr & TARGET_PAGE_MASK, ctx->prot, ret);
> >>          /* Update page flags */
> >> -        pte_update_flags(ctx, &env->tlb.tlb6[best].pte1, ret, access_type);
> >> +        pte1p = &env->tlb.tlb6[best].pte1;
> >> +        *pte1p |= 0x00000100; /* Update accessed flag */
> >> +        if (!(*pte1p & 0x00000080)) {
> >> +            if (access_type == MMU_DATA_STORE && ret == 0) {
> >> +                /* Update changed flag */
> >> +                *pte1p |= 0x00000080;
> >> +            } else {
> >> +                /* Force page fault for first write access */
> >> +                ctx->prot &= ~PAGE_WRITE;
> >
> > Out of curiosity, I guess this unusual part is because ctx->prot can get
> > PAGE_WRITE set in the bat lookup, then it has to be cleared if the PTE
> > does not have changed bit?
>
> I have no idea. I was just trying to clean up this code to make it simpler 

Yeah that's fine I wouldn't expect it to change here, just wondering
if you'd dug into it more. I *think* that is the reaon for it.

Thanks,
Nick

> with this series. I think historically there was a single function that 
> handled all models but as these became too different it was split up by 
> MMU models. It could be some of this are remnants of some old code where 
> some other model needed it and not needed any more or this could be merged 
> with hash32 but I did not try to find that out, just try to make sure not 
> to break it any more than it might already be broken.
>
> Regards,
> BALATON Zoltan
>
> >> +            }
> >> +        }
> >>      }
> >
> > Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
> >
> >>  #if defined(DUMP_PAGE_TABLES)
> >>      if (qemu_loglevel_mask(CPU_LOG_MMU)) {
> >
> >

Re: [PATCH 33/43] target/ppc: Remove single use static inline function

[BALATON Zoltan]

On Thu, 4 Jul 2024, Nicholas Piggin wrote:
> On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
>> The ger_pack_masks() function is only used once and the inverse of
>> this operation is already inlined so it can be inlined too in the only
>> caller and removed from the header.
>
> Is this needed for later patches? I might prefer to keep it, even

No, I think this patch can just be dropped then. I don't plan to make 
another version of it so just leave it out if you don't want to take it.

Regards,
BALATON Zoltan

> move it into vsx-impl.c.inc and pull its inverse out into its own
> function too even.
>
> Thanks,
> Nick
>
>>
>> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
>> ---
>>  target/ppc/internal.h               | 9 ---------
>>  target/ppc/translate/vsx-impl.c.inc | 6 ++++--
>>  2 files changed, 4 insertions(+), 11 deletions(-)
>>
>> diff --git a/target/ppc/internal.h b/target/ppc/internal.h
>> index 20fb2ec593..8e5a241f74 100644
>> --- a/target/ppc/internal.h
>> +++ b/target/ppc/internal.h
>> @@ -293,13 +293,4 @@ FIELD(GER_MSK, XMSK, 0, 4)
>>  FIELD(GER_MSK, YMSK, 4, 4)
>>  FIELD(GER_MSK, PMSK, 8, 8)
>>
>> -static inline int ger_pack_masks(int pmsk, int ymsk, int xmsk)
>> -{
>> -    int msk = 0;
>> -    msk = FIELD_DP32(msk, GER_MSK, XMSK, xmsk);
>> -    msk = FIELD_DP32(msk, GER_MSK, YMSK, ymsk);
>> -    msk = FIELD_DP32(msk, GER_MSK, PMSK, pmsk);
>> -    return msk;
>> -}
>> -
>>  #endif /* PPC_INTERNAL_H */
>> diff --git a/target/ppc/translate/vsx-impl.c.inc b/target/ppc/translate/vsx-impl.c.inc
>> index 0266f09119..62950d348a 100644
>> --- a/target/ppc/translate/vsx-impl.c.inc
>> +++ b/target/ppc/translate/vsx-impl.c.inc
>> @@ -2819,7 +2819,7 @@ static bool trans_XXSETACCZ(DisasContext *ctx, arg_X_a *a)
>>  static bool do_ger(DisasContext *ctx, arg_MMIRR_XX3 *a,
>>      void (*helper)(TCGv_env, TCGv_ptr, TCGv_ptr, TCGv_ptr, TCGv_i32))
>>  {
>> -    uint32_t mask;
>> +    uint32_t mask = 0;
>>      TCGv_ptr xt, xa, xb;
>>      REQUIRE_INSNS_FLAGS2(ctx, ISA310);
>>      REQUIRE_VSX(ctx);
>> @@ -2832,7 +2832,9 @@ static bool do_ger(DisasContext *ctx, arg_MMIRR_XX3 *a,
>>      xa = gen_vsr_ptr(a->xa);
>>      xb = gen_vsr_ptr(a->xb);
>>
>> -    mask = ger_pack_masks(a->pmsk, a->ymsk, a->xmsk);
>> +    mask = FIELD_DP32(mask, GER_MSK, XMSK, a->xmsk);
>> +    mask = FIELD_DP32(mask, GER_MSK, YMSK, a->ymsk);
>> +    mask = FIELD_DP32(mask, GER_MSK, PMSK, a->pmsk);
>>      helper(tcg_env, xa, xb, xt, tcg_constant_i32(mask));
>>      return true;
>>  }
>
>

Re: [PATCH 36/43] target/ppc/mmu-hash32: Remove some static inlines from header

[BALATON Zoltan]

On Thu, 4 Jul 2024, Nicholas Piggin wrote:
> On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
>> Two of these are not used anywhere and the other two are used only
>> once and can be inlined and removed from the header.
>
> I'd prefer to put these in the .c file. Probably calculating the
> base once would generate marginally better code since it would not
> have to keep reloading it (since there is a barrier there it can't
> cache the value).

These aren't even used anywhere but one function and they are inefficient 
becuase they would call ppc_hash32_hpt_base() on each call. Next patch 
even removes base and calculates pte_addr once before the loop, then it's 
quite straight forward what these read from guest memory even without 
inline functions. I see no reason to keep these inline functions.

> Thanks,
> Nick
>
>>
>> Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
>> ---
>>  target/ppc/mmu-hash32.c |  5 +++--
>>  target/ppc/mmu-hash32.h | 32 --------------------------------
>>  2 files changed, 3 insertions(+), 34 deletions(-)
>>
>> diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
>> index a2c0ac05d2..7a6a674f8a 100644
>> --- a/target/ppc/mmu-hash32.c
>> +++ b/target/ppc/mmu-hash32.c
>> @@ -206,17 +206,18 @@ static hwaddr ppc_hash32_pteg_search(PowerPCCPU *cpu, hwaddr pteg_off,
>>  {
>>      hwaddr pte_offset = pteg_off;
>>      target_ulong pte0, pte1;
>> +    hwaddr base = ppc_hash32_hpt_base(cpu);
>>      int i;
>>
>>      for (i = 0; i < HPTES_PER_GROUP; i++) {
>> -        pte0 = ppc_hash32_load_hpte0(cpu, pte_offset);
>> +        pte0 = ldl_phys(CPU(cpu)->as, base + pte_offset);
>>          /*
>>           * pte0 contains the valid bit and must be read before pte1,
>>           * otherwise we might see an old pte1 with a new valid bit and
>>           * thus an inconsistent hpte value
>>           */
>>          smp_rmb();
>> -        pte1 = ppc_hash32_load_hpte1(cpu, pte_offset);
>> +        pte1 = ldl_phys(CPU(cpu)->as, base + pte_offset + HASH_PTE_SIZE_32 / 2);
>>
>>          if ((pte0 & HPTE32_V_VALID)
>>              && (secondary == !!(pte0 & HPTE32_V_SECONDARY))
>> diff --git a/target/ppc/mmu-hash32.h b/target/ppc/mmu-hash32.h
>> index 2838de031c..4db55fb0a0 100644
>> --- a/target/ppc/mmu-hash32.h
>> +++ b/target/ppc/mmu-hash32.h
>> @@ -69,38 +69,6 @@ static inline hwaddr ppc_hash32_hpt_mask(PowerPCCPU *cpu)
>>      return ((cpu->env.spr[SPR_SDR1] & SDR_32_HTABMASK) << 16) | 0xFFFF;
>>  }
>>
>> -static inline target_ulong ppc_hash32_load_hpte0(PowerPCCPU *cpu,
>> -                                                 hwaddr pte_offset)
>> -{
>> -    target_ulong base = ppc_hash32_hpt_base(cpu);
>> -
>> -    return ldl_phys(CPU(cpu)->as, base + pte_offset);
>> -}
>> -
>> -static inline target_ulong ppc_hash32_load_hpte1(PowerPCCPU *cpu,
>> -                                                 hwaddr pte_offset)
>> -{
>> -    target_ulong base = ppc_hash32_hpt_base(cpu);
>> -
>> -    return ldl_phys(CPU(cpu)->as, base + pte_offset + HASH_PTE_SIZE_32 / 2);
>> -}
>> -
>> -static inline void ppc_hash32_store_hpte0(PowerPCCPU *cpu,
>> -                                          hwaddr pte_offset, target_ulong pte0)
>> -{
>> -    target_ulong base = ppc_hash32_hpt_base(cpu);
>> -
>> -    stl_phys(CPU(cpu)->as, base + pte_offset, pte0);
>> -}
>> -
>> -static inline void ppc_hash32_store_hpte1(PowerPCCPU *cpu,
>> -                                          hwaddr pte_offset, target_ulong pte1)
>> -{
>> -    target_ulong base = ppc_hash32_hpt_base(cpu);
>> -
>> -    stl_phys(CPU(cpu)->as, base + pte_offset + HASH_PTE_SIZE_32 / 2, pte1);
>> -}
>> -
>>  static inline hwaddr get_pteg_offset32(PowerPCCPU *cpu, hwaddr hash)
>>  {
>>      return (hash * HASH_PTEG_SIZE_32) & ppc_hash32_hpt_mask(cpu);
>
>

Re: [PATCH 41/43] target/ppc: Change MMU xlate functions to take CPUState

[BALATON Zoltan]

On Thu, 4 Jul 2024, Nicholas Piggin wrote:
> On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
>> The callers of xlate functions get CPUState which is then cast to
>> PowerPCCPU that is then cast back to CPUState by most xlate functions.
>> Avoid this back and forth casting by passing the existing CPUState to
>> xlate functions and let them convert it as needed.
>
> I guess. Is this faster?

I've sent some measurements as a reply to the cover letter. It can be 
found in the list archives or in patchew:
https://patchew.org/QEMU/cover.1716763435.git.balaton@eik.bme.hu/

Regards,
BALATON Zoltan

Re: [PATCH 36/43] target/ppc/mmu-hash32: Remove some static inlines from header

[Nicholas Piggin]

On Sun Jul 7, 2024 at 6:18 AM AEST, BALATON Zoltan wrote:
> On Thu, 4 Jul 2024, Nicholas Piggin wrote:
> > On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
> >> Two of these are not used anywhere and the other two are used only
> >> once and can be inlined and removed from the header.
> >
> > I'd prefer to put these in the .c file. Probably calculating the
> > base once would generate marginally better code since it would not
> > have to keep reloading it (since there is a barrier there it can't
> > cache the value).
>
> These aren't even used anywhere but one function and they are inefficient 
> becuase they would call ppc_hash32_hpt_base() on each call. Next patch 
> even removes base and calculates pte_addr once before the loop, then it's 
> quite straight forward what these read from guest memory even without 
> inline functions. I see no reason to keep these inline functions.

Make them take the hash base instead of cpu if that's the performance
issue to solve. And open coded access can always be converted to use
it.

Thanks,
Nick

Re: [PATCH 36/43] target/ppc/mmu-hash32: Remove some static inlines from header

[BALATON Zoltan]

On Mon, 8 Jul 2024, Nicholas Piggin wrote:
> On Sun Jul 7, 2024 at 6:18 AM AEST, BALATON Zoltan wrote:
>> On Thu, 4 Jul 2024, Nicholas Piggin wrote:
>>> On Mon May 27, 2024 at 9:13 AM AEST, BALATON Zoltan wrote:
>>>> Two of these are not used anywhere and the other two are used only
>>>> once and can be inlined and removed from the header.
>>>
>>> I'd prefer to put these in the .c file. Probably calculating the
>>> base once would generate marginally better code since it would not
>>> have to keep reloading it (since there is a barrier there it can't
>>> cache the value).
>>
>> These aren't even used anywhere but one function and they are inefficient
>> becuase they would call ppc_hash32_hpt_base() on each call. Next patch
>> even removes base and calculates pte_addr once before the loop, then it's
>> quite straight forward what these read from guest memory even without
>> inline functions. I see no reason to keep these inline functions.
>
> Make them take the hash base instead of cpu if that's the performance
> issue to solve. And open coded access can always be converted to use
> it.

If you look at the next patch you can see the base calculatoin is gone and 
it does pte_addr = ppc_hash32_hpt_base(cpu) + pteg_off once at the 
beginning before the loop, then the function you want to make is just: 
pte0 = ldl_phys(CPU(cpu)->as, pte_addr). I don't think it's worth making 
it a separate fucntion .The other one
pte1 = ldl_phys(CPU(cpu)->as, pte_addr + HASH_PTE_SIZE_32 / 2)
still has some calculation left but that's pretty straight forward. Maybe 
we could add a mcacro for HASH_PTE_SIZE_32 / 2 like HARH_PTE1_OFFS or 
something but I don't think that or having separate functions for this 
would add any more clarity just unnecessary complication. Yout one line 
helpers would only be used by ppc_hash32_pteg_search which is already a 
helper tp get pte values so open coding it within this function is OK in 
my opinion. There are no other places your helper functions would be 
needed.

Regards,
BALATON Zoltlan