The Figure 17 "SPR encodings" of the PowerISA 2.07 describes CTRL SPR as:
priviledged
# spr5-9 spr0-4 name mtspr mfspr len cat
136 00100 01000 CTRL - no 32 S
152 00100 11000 CTRL yes - 32 S
According to this chart, the hypervisor's CTRL (#152) does not support
reading, the user-space's CTRL (UCTRL, #136) does not support writing.
This replaces unsupported operations with the default SPR_NOACCESS hook.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
The LPCR special purpose register was introduced with the PowerPC 970MP family.
This patch initializes LPCR for the following families:
- 970 MP
- POWER5+
- POWER7
- POWER8
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Due to missing @one_reg_id assignment in _spr_register(),
the kvm_get_one_reg/kvm_set_one_reg API has never really been working.
This reenables the API by assigning the @one_reg_id field in the SPR
descriptor.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
The existing default value (-1) of the AMR register forbids data access
to all 32 classes. Since the guest linux does not change this register,
we end up with the guest hanging right after switching from the real to
protected mode.
This sets the default AMR value to zero what enables data access for all
classes.
The only reason for not hitting this bug before is that
kvm_arch_put_registers() did not put any SPR to KVM due to missing
assignment of @one_reg_id in _spr_register() (which is going to be fixed
by a separate patch).
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
SPR_750FX_HID2 and L2CR are not defined in 970* user manuals nor POWER5
bookIV nor PowerISA 2.04, the numbers assigned to them are not defined
either so remove them.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
PowerISA 2.04+ puts MMUCFG and MMUCSR0 SPRs to "E" (embedded) category so
remove it from POWER7/8 class as it is "S" (server) category.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
The 970GX definition was added in 2007 and it made sense then but this
version has never been released to the markets and it does not exist in
the real world so there is no point in emulating it.
This removes 970GX.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
PowerISA defines LPCR SPR number as 318=0x13E but QEMU uses the value of
316.
This fixes the definition of LPCR SPR.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
Since last use of PPC_DUMP_CPU by whoever he/she was, env->tlb became
a union and POWERPC CPU class got QOM'ed so defining PPC_DUMP_CPU
breaks compile.
This fixes compiler errors.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
Not only 44x CPUs (BookE) but also 40x CPUs can run with 1k page size.
Move the criteria to a central inline function to avoid repetition
and #ifdef'fery. Update qom-test to no longer exempt them.
Signed-off-by: Andreas Färber <afaerber@suse.de>
So far POWER7+ was a part of POWER7 family. However it has a different
PVR base value so in order to support PVR masks, it needs a separate
family class.
This adds a new family class, PVR base and mask values and moves
Power7+ v2.1 CPU to a new family. The class init function is copied
from the POWER7 family.
This defines a firmware name for the new family as "PowerPC,POWER7+"
instead of previously used "PowerPC,POWER7" from the POWER7 family.
The reason for that is that the Sapphire firmware (a h0st firmware)
uses "PowerPC,POWER7+" already and since no specification defines
exactly the CPU nodes naming in the device tree, we better stay
in sync with the host firmware.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch adds support for the VSX bit of the PowerPC Machine
State Register (MSR) as well as the corresponding VSX Unavailable
exception.
The VSX bit is added to the defined bits masks of the Power7 and
Power8 CPU models.
Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch adds the flag POWERPC_FLAG_VSX to the list of defined
flags and also adds this flag to the list of supported features of
the Power7 and Power8 CPUs. Additionally, the VSX instructions
are added to the list of TCG-enabled instruction.
Signed-off-by: Tom Musta <tommusta@gmail.com>
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
IBM POWERPC processors encode PVR as a CPU family in higher 16 bits and
a CPU version in lower 16 bits. Since there is no significant change
in behavior between versions, there is no point to add every single CPU
version in QEMU's CPU list. Also, new CPU versions of already supported
CPU won't break the existing code.
This adds PVR value/mask support for KVM, i.e. for -cpu host option.
As CPU family class name for POWER7 is "POWER7-family", there is no need
to touch aliases.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Instead of relying on cpu_model, obtain the device tree node label
per CPU. Use DeviceClass::fw_name as source.
Whenever DeviceClass::fw_name is unknown, default to "PowerPC,UNKNOWN".
As a consequence, spapr_fixup_cpu_dt() can operate on each CPU's fw_name,
obsoleting sPAPREnvironment::cpu_model, and spapr_create_fdt_skel() can
drop its cpu_model argument.
Signed-off-by: Prerna Saxena <prerna@linux.vnet.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Set the expected values for POWER7, POWER7+, POWER8 and POWER5+.
Note that POWER5+ and POWER7+ are intentionally lacking the '+', so the
lack of a POWER7P family constitutes no problem.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
This patch add support for dumping guest memory using dump-guest-memory
monitor command.
Before patch:
(qemu) dump-guest-memory testcrash
this feature or command is not currently supported
(qemu)
After patch:
(qemu) dump-guest-memory testcrash
(qemu)
crash was able to read the file
crash> bt
PID: 0 TASK: c000000000c0d0d0 CPU: 0 COMMAND: "swapper/0"
R0: 0000000028000084 R1: c000000000cafa50 R2: c000000000cb05b0
R3: 0000000000000000 R4: c000000000bc4cb0 R5: 0000000000000000
R6: 001efe93b8000000 R7: 0000000000000000 R8: 0000000000000000
R9: b000000000001032 R10: 0000000000000001 R11: 0001eb2117e00d55
....
...
NOTE: Currently crash tools doesn't look at ELF notes in the dump on ppc64.
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Commit 2345f1c01 was supposed to render L2CR writes into noops. Instead,
it made them illegal instruction traps which apparently didn't confuse
XNU, but can easily confuse other OSs.
Fix it up by actually doing nothing when we write to L2CR.
Reported-by: Julio Guerra <guerr@julio.in>
Signed-off-by: Alexander Graf <agraf@suse.de>
Tested-by: Julio Guerra <guerr@julio.in>
Since this is only read in cpu_copy() and linux-user has a global
cpu_model, drop the field from generic code.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Add MSR_LE to the msr_mask for POWER7.
Signed-off-by: Anton Blanchard <anton@samba.org>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Convert stderr messages calling error_get_pretty()
to error_report().
Timestamp is prepended by -msg timstamp option with it.
Per Markus's comment below, A conversion from fprintf() to
error_report() is always an improvement, regardless of
error_get_pretty().
http://marc.info/?l=qemu-devel&m=137513283408601&w=2
But, it is not reasonable to convert them at one time
because fprintf() is used everwhere in qemu.
So, it should be done step by step with avoiding regression.
Signed-off-by: Seiji Aguchi <seiji.aguchi@hds.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
It is ISA 2.03. Modelled as 970FX minus AltiVec flag.
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Message-id: 1375321323-29954-4-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Message-id: 1375106733-832-2-git-send-email-afaerber@suse.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The savevm code for the powerpc cpu emulation is currently based around
the old register_savevm() rather than register_vmstate() method. It's also
rather broken, missing some important state on some CPU models.
This patch completely rewrites the savevm for target-ppc, using the new
VMStateDescription approach. Exactly what needs to be saved in what
configurations has been more carefully examined, too. This introduces a
new version (5) of the cpu save format. The old load function is retained
to support version 4 images.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Message-id: 1374175984-8930-2-git-send-email-aliguori@us.ibm.com
[aik: ppc cpu savevm convertion fixed to use PowerPCCPU instead of CPUPPCState]
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Commit c643bed99 moved qemu_init_vcpu() calls to common CPUState code.
This causes x86 cpu-add to fail with "KVM: setting VAPIC address failed".
The reason for the failure is that CPUClass::kvm_fd is not yet
initialized in the following call graph:
->x86_cpu_realizefn
->x86_cpu_apic_realize
->qdev_init
->device_set_realized
->device_reset (hotplugged == 1)
->apic_reset_common
->vapic_base_update
->kvm_apic_vapic_base_update
This causes attempted KVM vCPU ioctls to fail.
By contrast, in the non-hotplug case the APIC is reset much later, when
the vCPU is already initialized.
As a quick and safe solution, move the qemu_init_vcpu() call back into
the targets' realize functions.
Reported-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Acked-by: Igor Mammedov <imammedo@redhat.com> (for i386)
Tested-by: Jia Liu <proljc@gmail.com> (for openrisc)
Signed-off-by: Andreas Färber <afaerber@suse.de>
Replace the GDB_CORE_XML define in gdbstub.c with a CPUClass field.
Use first_cpu for qSupported and qXfer:features:read: for now.
Add a stub for xml_builtin.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Completes migration of target-specific code to new target-*/gdbstub.c.
Acked-by: Michael Walle <michael@walle.cc> (for lm32)
Acked-by: Max Filippov <jcmvbkbc@gmail.com> (for xtensa)
Signed-off-by: Andreas Färber <afaerber@suse.de>
CPUState::gdb_num_regs replaces num_g_regs.
CPUClass::gdb_num_core_regs replaces NUM_CORE_REGS.
Allows building gdb_register_coprocessor() for xtensa, too.
As a side effect this should fix coprocessor register numbering for SMP.
Acked-by: Michael Walle <michael@walle.cc> (for lm32)
Acked-by: Max Filippov <jcmvbkbc@gmail.com> (for xtensa)
Signed-off-by: Andreas Färber <afaerber@suse.de>
Change breakpoint_invalidate() argument to CPUState alongside.
Since all targets now assign a softmmu-only field, we can drop helpers
cpu_class_set_{do_unassigned_access,vmsd}() and device_class_set_vmsd().
Prepares for changing cpu_memory_rw_debug() argument to CPUState.
Acked-by: Max Filippov <jcmvbkbc@gmail.com> (for xtensa)
Signed-off-by: Andreas Färber <afaerber@suse.de>
This moves setting the Program Counter from gdbstub into target code.
Use vaddr type as upper-bound replacement for target_ulong.
Signed-off-by: Andreas Färber <afaerber@suse.de>
This patch adds CPU PVR definition for POWER8,
and enables QEMU to launch guests on POWER8 hardware.
Signed-off-by: Prerna Saxena <prerna@linux.vnet.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Paul Mackerras <paulus@samba.org>
Reviewed-by: Andreas Farber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
MPC86xx processors are based on the e600 core, which is not the case
in qemu where it is based on the 7400 processor.
This patch creates the e600 core and instantiates the MPC86xx
processors based on it. Therefore, adding the high BATs, the SPRG
4..7 registers, which are e600-specific [1], and a HW MMU model (as 7400).
This allows to define the MPC8610 processor too.
Tested with a kernel using the HW TLB misses.
[1] http://cache.freescale.com/files/32bit/doc/ref_manual/E600CORERM.pdf
Signed-off-by: Julio Guerra <guerr@julio.in>
Signed-off-by: Alexander Graf <agraf@suse.de>
x86 was using additional CPU_DUMP_* flags, so make that configurable in
CPUClass::reset_dump_flags.
This adds reset logging for alpha, unicore32 and xtensa.
Acked-by: Michael Walle <michael@walle.cc> (for lm32)
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Since commit 878096eeb2 (cpu: Turn
cpu_dump_{state,statistics}() into CPUState hooks) CPUArchState is no
longer needed.
Add documentation and make the functions available through qemu/log.h
outside NEED_CPU_H to allow use in qom/cpu.c. Moving them to qom/cpu.h
was not yet possible due to convoluted include paths, so that some
devices grow an implicit and unneeded dependency on qom/cpu.h for now.
Acked-by: Michael Walle <michael@walle.cc> (for lm32)
Reviewed-by: Richard Henderson <rth@twiddle.net>
[AF: Simplified mb_cpu_do_interrupt() and do_interrupt_all() changes]
Signed-off-by: Andreas Färber <afaerber@suse.de>
The L2CR register contains a number of bits that either impose configuration
which we can't deal with or mean "something is in progress until the bit is
0 again".
Since we don't model the former and we do want to accomodate guests using the
latter semantics, let's just ignore writes to L2CR. That way guests always read
back 0 and are usually happy with that.
Signed-off-by: Alexander Graf <agraf@suse.de>
When running QEMU with "-cpu ?" we walk through every alias for every
target CPU we know about. This takes several seconds on my very fast
host system.
Let's introduce a class object cache in the alias table. Using that we
don't have to go through the tedious work of finding our target class.
Instead, we can just go directly from the alias name to the target class
pointer.
This patch brings -cpu "?" to reasonable times again.
Before:
real 0m4.716s
After:
real 0m0.025s
Signed-off-by: Alexander Graf <agraf@suse.de>
Use it to clean up the opcode table, resolving a former TODO from Jocelyn.
Also switch from malloc() to g_malloc().
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
IABR SPR is already registered in gen_spr_603(), called from init_proc_603E().
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Previous code has #define POWERPC_INSNS2_<family> PPC_NONE in some
places for macrofied assignment to insns_flags2 field.
PPC_NONE is defined as zero though and QOM classes are zero-initialized,
so drop any pcc->insns_flags2 = PPC_NONE; assignments.
PPC_NONE itself is still in use in translate.c.
Suggested-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
This allows to move the call into CPUState's realizefn.
Therefore move the stub into libqemustub.a.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Make cpustats monitor command available unconditionally.
Prepares for changing kvm_handle_internal_error() and kvm_cpu_exec()
arguments to CPUState.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Recent Linux kernels save and restore the PPR across exceptions
so we need to handle it.
Signed-off-by: Anton Blanchard <anton@au1.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
.. and enable it on POWER7 CPU.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Alexander Graf <agraf@suse.de>
In addition to the performance monitor registers found on nearly all
6xx chips, the POWER7 has two additional counters (PMC5 & PMC6) and an
extra control register (MMCRA). This patch adds stub support for them to
qemu - the registers won't do anything, but with this change won't cause
illegal instruction traps accessing them. They're also registered with
their ONE_REG ids, so their value will be kept in sync with KVM where
appropriate.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
PAPR requires that the device tree's CPU nodes have several properties
with information about the L1 cache. We already create two of these
properties, but with incorrect names - "[id]cache-block-size" instead
of "[id]-cache-block-size" (note the extra hyphen).
We were also missing some of the required cache properties. This
patch adds the [id]-cache-line-size properties (which have the same
values as the block size properties in all current cases). We also
add the [id]-cache-size properties.
Adding the cache sizes requires some extra infrastructure in the
general target-ppc code to (optionally) set the cache sizes for
various CPUs. The CPU family descriptions in translate_init.c can set
these sizes - this patch adds correct information for POWER7, I'm
leaving other CPU types to people who have a physical example to
verify against. In addition, for -cpu host we take the values
advertised by the host (if available) and use those to override the
information based on PVR.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
According to the different user's manuals, the vector offset for system
reset (both /HRESET and /SRESET) is 0x00100.
This patch may break support of some executables, as the power-on start
address may change. For a specific board, if the power-on start address
is different than HRESET vector (i.e. 0x00000100 or 0xfff00100), this
should be fixed in board's initialization code.
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
This value is not needed if we use correctly the MSR[IP] bit.
excp_prefix is always 0x00000000, except when the MSR[IP] bit is
implemented and set to 1, in that case excp_prefix is 0xfff00000.
The handling of MSR[IP] was already implemented but not used at reset
because the value of env->msr was changed "manually".
The patch uses the function hreg_store_msr() to set env->msr, this
ensures a good handling of MSR[IP] at reset, and therefore a good value
for excp_prefix.
Signed-off-by: Fabien Chouteau <chouteau@adacore.com>
Signed-off-by: Alexander Graf <agraf@suse.de>