Commit 88f714aa authored by Peter Maydell's avatar Peter Maydell
Browse files

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.11-20171205' into staging 



ppc patch queue 2017-12-05

Alas, this is yet another fix for ppc that I think it's worth
squeezing into 2.11.  It's a really ugly fix for some pretty ugly
code, but it does seem to address a real problem.  It's also a problem
that's appeared relatively recently, since it was either created by,
or made much easier to trigger by, by the merge of MTTCG.

# gpg: Signature made Tue 05 Dec 2017 05:24:04 GMT
# gpg:                using RSA key 0x6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>"
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>"
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>"
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>"
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-2.11-20171205:
  target/ppc: Fix system lockups caused by interrupt_request state corruption

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
parents 2a4c7e83 044897ef

target/ppc/excp_helper.c

+3 −4
Original line number Diff line number Diff line
@@ -207,7 +207,7 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int excp_model, int excp) 
                        "Entering checkstop state\n");

            }

            cs->halted = 1;

            cs->interrupt_request |= CPU_INTERRUPT_EXITTB;

            cpu_interrupt_exittb(cs);

        }

        if (env->msr_mask & MSR_HVB) {

            /* ISA specifies HV, but can be delivered to guest with HV clear
@@ -940,7 +940,7 @@ void helper_store_msr(CPUPPCState *env, target_ulong val) 


    if (excp != 0) {

        CPUState *cs = CPU(ppc_env_get_cpu(env));

        cs->interrupt_request |= CPU_INTERRUPT_EXITTB;

        cpu_interrupt_exittb(cs);

        raise_exception(env, excp);

    }

}
@@ -995,8 +995,7 @@ static inline void do_rfi(CPUPPCState *env, target_ulong nip, target_ulong msr) 
    /* No need to raise an exception here,

     * as rfi is always the last insn of a TB

     */

    cs->interrupt_request |= CPU_INTERRUPT_EXITTB;



    cpu_interrupt_exittb(cs);

    /* Reset the reservation */

    env->reserve_addr = -1;

target/ppc/helper_regs.h

+15 −2
Original line number Diff line number Diff line
@@ -20,6 +20,8 @@ 
#ifndef HELPER_REGS_H

#define HELPER_REGS_H



#include "qemu/main-loop.h"



/* Swap temporary saved registers with GPRs */

static inline void hreg_swap_gpr_tgpr(CPUPPCState *env)

{
@@ -96,6 +98,17 @@ static inline void hreg_compute_hflags(CPUPPCState *env) 
    env->hflags |= env->hflags_nmsr;

}



static inline void cpu_interrupt_exittb(CPUState *cs)

{

    if (!qemu_mutex_iothread_locked()) {

        qemu_mutex_lock_iothread();

        cpu_interrupt(cs, CPU_INTERRUPT_EXITTB);

        qemu_mutex_unlock_iothread();

    } else {

        cpu_interrupt(cs, CPU_INTERRUPT_EXITTB);

    }

}



static inline int hreg_store_msr(CPUPPCState *env, target_ulong value,

                                 int alter_hv)

{
@@ -114,11 +127,11 @@ static inline int hreg_store_msr(CPUPPCState *env, target_ulong value, 
    }

    if (((value >> MSR_IR) & 1) != msr_ir ||

        ((value >> MSR_DR) & 1) != msr_dr) {

        cs->interrupt_request |= CPU_INTERRUPT_EXITTB;

        cpu_interrupt_exittb(cs);

    }

    if ((env->mmu_model & POWERPC_MMU_BOOKE) &&

        ((value >> MSR_GS) & 1) != msr_gs) {

        cs->interrupt_request |= CPU_INTERRUPT_EXITTB;

        cpu_interrupt_exittb(cs);

    }

    if (unlikely((env->flags & POWERPC_FLAG_TGPR) &&

                 ((value ^ env->msr) & (1 << MSR_TGPR)))) {