qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/3] target/hppa: mask offset bits in gva

From: Richard Henderson
Subject: Re: [PATCH 2/3] target/hppa: mask offset bits in gva
Date: Sun, 24 Mar 2024 08:13:24 -1000
User-agent: Mozilla Thunderbird 
On 3/23/24 22:09, Sven Schnelle wrote:

The CPU seems to mask a few bits in the offset when running
under HP-UX. ISR/IOR register contents for an address in
the processor HPA (0xfffffffffffa0000) on my C8000 and J6750:

running on Linux: 000000003fffffff c0000000fffa0500
running on HP-UX: 00000000301fffff c0000000fffa0500

I haven't found how this is switched (guess some diag in the
firmware), but linux + seabios seems to handle that as well,
so lets mask out the additional bits.

Signed-off-by: Sven Schnelle <svens@stackframe.org>
---
  target/hppa/cpu.h | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h
index a072d0bb63..9bc4d208fa 100644
--- a/target/hppa/cpu.h
+++ b/target/hppa/cpu.h
@@ -283,12 +283,13 @@ static inline int HPPA_BTLB_ENTRIES(CPUHPPAState *env)
void hppa_translate_init(void); +#define HPPA_GVA_OFFSET_MASK64 0x301fffffffffffff 
  #define CPU_RESOLVING_TYPE TYPE_HPPA_CPU
static inline uint64_t gva_offset_mask(target_ulong psw) 
  {
      return (psw & PSW_W
-            ? MAKE_64BIT_MASK(0, 62)
+            ? HPPA_GVA_OFFSET_MASK64
              : MAKE_64BIT_MASK(0, 32));
  }


I'm not keen on this, because it contradicts the manual for forming an address.
Where I can imagine this sort of thing creeping in is the fact that you're getting a result from trap registers. The cpu does not actually retain the original {space, offset} tuple that formed the GVA to fill the trap registers, but takes bits [62:32] and back-computes a space, and subtracts to re-form an offset. See "Interruption Parameter Registers" in the pa20 manual.
In particular Figure 2-14 for "data translation disabled" may be instructive. Suppose the cpu does not implement all of the physical address lines (true for all extant pa-risc cpus; qemu implements 40 bits to match pa-8500 iirc). Suppose when reporting a trap with translation disabled, it is a truncated physical address that is used as input to Figure 2-14. 

If that is so, then the fix might be in hppa_set_ior_and_isr.  Perhaps

-    env->cr[CR_ISR] &= 0x3fffffff;
+    env->cr[CR_ISR] &= 0x301fffff;
Though my argument would suggest the mask should be 0xff for the 40-bit physical address, which is not what you see at all, so perhaps the thing is moot. I am at a loss to explain why or how HP-UX gets a 7-bit hole in the ISR result.
On the other hand, there are some not-well-documented shenanigans (aka implementation defined behaviour) between Figure H-8 and Figure H-11, where the 62-bit absolute address is expanded to a 64-bit logical physical address and then compacted to a 40-bit implementation physical address.
We've already got hacks in place for this in hppa_abs_to_phys_pa2_w1, which just truncates everything down to 40 bits. But that's probably not what the processor is really doing.
Anyhow, will you please try the hppa_set_ior_and_isr change and see if that fixes your HP-UX problems? 


r~
reply via email to
[Prev in Thread] Current Thread [Next in Thread]