ppc: loadvm corrupts excp_prefix

[Qemu-devel] [RFC PATCH 0/1] ppc: loadvm corrupts excp_prefix

Kurban Mallachiev posted 1 patch 6 years, 4 months ago

Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20171129162219.16288-1-mallachiev@ispras.ru

Test checkpatch passed

Test docker passed

Test ppc passed

Test s390x passed

target/ppc/machine.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Expand all Fold all

[Qemu-devel] [RFC PATCH 0/1] ppc: loadvm corrupts excp_prefix

Posted by Kurban Mallachiev 6 years, 4 months ago

On processors which don't support MSR_EP bit, loadvm command set exception prefix to an incorrect value and so guest OS freezes.

In cpu_post_load() there is:
	/* Invalidate all msr bits except MSR_TGPR/MSR_HVB before restoring */
	msr = env->msr;
	env->msr ^= ~((1ULL << MSR_TGPR) | MSR_HVB);
	ppc_store_msr(env, msr);

While hreg_store_msr() (called by ppc_store_msr) contains:
	value &= env->msr_mask;
	...
	if (unlikely((value >> MSR_EP) & 1) != msr_ep) {
	/* Change the exception prefix on PowerPC 601 */
	...

where msr_ep is ((env->msr >> MSR_EP) & 1).

If MSR_EP bit in msr_mask is zero, then MSR_EP in 'value' bit is zero, and MSR_EP bit in env->msr is 1. Condition '(value >> MSR_EP) & 1) != msr_ep' is true and so qemu changes exception prefix.

AFAIU we should multiply env->msr by msr_mask, but I am not sure where we should do it: inside hreg_store_msr or outside. This is why this patch is RFC.

Current version of the patch adds msr_mask multiplication before the hreg_store_msr call.

Kurban

Kurban Mallachiev (1):
  target-ppc: Don't invalidate non-supported msr bits

 target/ppc/machine.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.15.0