qemu/target
Daniel Henrique Barboza d139786e1b ppc/mmu_helper.c: do not truncate 'ea' in booke206_invalidate_ea_tlb()
'tlbivax' is implemented by gen_tlbivax_booke206() via
gen_helper_booke206_tlbivax(). In case the TLB needs to be flushed,
booke206_invalidate_ea_tlb() is called. All these functions, but
booke206_invalidate_ea_tlb(), uses a 64-bit effective address 'ea'.

booke206_invalidate_ea_tlb() uses an uint32_t 'ea' argument that
truncates the original 'ea' value for apparently no particular reason.
This function retrieves the tlb pointer by calling booke206_get_tlbm(),
which also uses a target_ulong address as parameter - in this case, a
truncated 'ea' address. All the surrounding logic considers the
effective TLB address as a 64 bit value, aside from the signature of
booke206_invalidate_ea_tlb().

Last but not the least, PowerISA 2.07B section 6.11.4.9 [2] makes it
clear that the effective address "EA" is a 64 bit value.

Commit 01662f3e51 introduced this code and no changes were made ever
since. An user detected a problem with tlbivax [1] stating that this
address truncation was the cause. This same behavior might be the source
of several subtle bugs that were never caught.

For all these reasons, this patch assumes that this address truncation
is the result of a mistake/oversight of the original commit, and changes
booke206_invalidate_ea_tlb() 'ea' argument to 'vaddr'.

[1] https://gitlab.com/qemu-project/qemu/-/issues/52
[2] https://wiki.raptorcs.com/wiki/File:PowerISA_V2.07B.pdf

Fixes: 01662f3e51 ("PPC: Implement e500 (FSL) MMU")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/52
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-11-11 11:35:13 +01:00
..
alpha target/alpha: Implement alpha_cpu_record_sigbus 2021-11-02 07:00:52 -04:00
arm Add nuvoton sd module for NPCM7XX 2021-11-03 09:31:25 -04:00
avr target/avr: Drop checks for singlestep_enabled 2021-10-15 16:39:14 -07:00
cris target/cris: Make cris_cpu_tlb_fill sysemu only 2021-11-02 07:00:52 -04:00
hexagon This series adds support for the Hexagon Vector eXtensions (HVX) 2021-11-04 06:34:36 -04:00
hppa target/hppa: Make hppa_cpu_tlb_fill sysemu only 2021-11-02 07:00:52 -04:00
i386 target-i386: mmu: fix handling of noncanonical virtual addresses 2021-11-08 08:55:20 +01:00
m68k target/m68k: Make m68k_cpu_tlb_fill sysemu only 2021-11-02 07:00:52 -04:00
microblaze target/microblaze: Do not set MO_ALIGN for user-only 2021-11-02 07:00:52 -04:00
mips MIPS patches queue 2021-11-02 15:12:11 -04:00
nios2 target/nios2: Implement nios2_cpu_record_sigsegv 2021-11-02 07:00:52 -04:00
openrisc target/openrisc: Make openrisc_cpu_tlb_fill sysemu only 2021-11-02 07:00:52 -04:00
ppc ppc/mmu_helper.c: do not truncate 'ea' in booke206_invalidate_ea_tlb() 2021-11-11 11:35:13 +01:00
riscv target/riscv: Make riscv_cpu_tlb_fill sysemu only 2021-11-02 07:00:52 -04:00
rx target/rx: Drop checks for singlestep_enabled 2021-10-15 16:39:14 -07:00
s390x Trivial patches branch pull request 20211101 v2 2021-11-03 11:24:09 -04:00
sh4 target/sh4: Set fault address in superh_cpu_do_unaligned_access 2021-11-02 07:00:52 -04:00
sparc target/sparc: Set fault address in sparc_cpu_do_unaligned_access 2021-11-02 07:00:52 -04:00
tricore target/tricore: Drop check for singlestep_enabled 2021-10-15 16:39:14 -07:00
xtensa Trivial patches branch pull request 20211101 v2 2021-11-03 11:24:09 -04:00
Kconfig meson: Introduce target-specific Kconfig 2021-07-09 18:21:34 +02:00
meson.build Drop the deprecated unicore32 target 2021-05-12 18:20:52 +02:00