[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qemu-devel
Subject:    Re: [PATCH 2/3] target/hppa: mask offset bits in gva
From:       Richard Henderson <richard.henderson () linaro ! org>
Date:       2024-03-24 18:13:24
Message-ID: ec050630-a866-4a51-8878-d35844fb66a6 () linaro ! org
[Download RAW message or body]

On 3/23/24 22:09, Sven Schnelle wrote:
> The CPU seems to mask a few bits in the offset when running
> under HP-UX. ISR/IOR register contents for an address in
> the processor HPA (0xfffffffffffa0000) on my C8000 and J6750:
> 
> running on Linux: 000000003fffffff c0000000fffa0500
> running on HP-UX: 00000000301fffff c0000000fffa0500
> 
> I haven't found how this is switched (guess some diag in the
> firmware), but linux + seabios seems to handle that as well,
> so lets mask out the additional bits.
> 
> Signed-off-by: Sven Schnelle <svens@stackframe.org>
> ---
>   target/hppa/cpu.h | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h
> index a072d0bb63..9bc4d208fa 100644
> --- a/target/hppa/cpu.h
> +++ b/target/hppa/cpu.h
> @@ -283,12 +283,13 @@ static inline int HPPA_BTLB_ENTRIES(CPUHPPAState *env)
>   
>   void hppa_translate_init(void);
>   
> +#define HPPA_GVA_OFFSET_MASK64 0x301fffffffffffff
>   #define CPU_RESOLVING_TYPE TYPE_HPPA_CPU
>   
>   static inline uint64_t gva_offset_mask(target_ulong psw)
>   {
>       return (psw & PSW_W
> -            ? MAKE_64BIT_MASK(0, 62)
> +            ? HPPA_GVA_OFFSET_MASK64
>               : MAKE_64BIT_MASK(0, 32));
>   }
>   

I'm not keen on this, because it contradicts the manual for forming an address.

Where I can imagine this sort of thing creeping in is the fact that you're getting a 
result from trap registers.  The cpu does not actually retain the original {space, offset} 
tuple that formed the GVA to fill the trap registers, but takes bits [62:32] and 
back-computes a space, and subtracts to re-form an offset.  See "Interruption Parameter 
Registers" in the pa20 manual.

In particular Figure 2-14 for "data translation disabled" may be instructive.  Suppose the 
cpu does not implement all of the physical address lines (true for all extant pa-risc 
cpus; qemu implements 40 bits to match pa-8500 iirc).  Suppose when reporting a trap with 
translation disabled, it is a truncated physical address that is used as input to Figure 2-14.

If that is so, then the fix might be in hppa_set_ior_and_isr.  Perhaps

-    env->cr[CR_ISR] &= 0x3fffffff;
+    env->cr[CR_ISR] &= 0x301fffff;

Though my argument would suggest the mask should be 0xff for the 40-bit physical address, 
which is not what you see at all, so perhaps the thing is moot.  I am at a loss to explain 
why or how HP-UX gets a 7-bit hole in the ISR result.

On the other hand, there are some not-well-documented shenanigans (aka implementation 
defined behaviour) between Figure H-8 and Figure H-11, where the 62-bit absolute address 
is expanded to a 64-bit logical physical address and then compacted to a 40-bit 
implementation physical address.

We've already got hacks in place for this in hppa_abs_to_phys_pa2_w1, which just truncates 
everything down to 40 bits.  But that's probably not what the processor is really doing.

Anyhow, will you please try the hppa_set_ior_and_isr change and see if that fixes your 
HP-UX problems?


r~

[prev in list] [next in list] [prev in thread] [next in thread]