From nobody Tue Feb 10 03:39:06 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1552990153299689.2946351899996;
 Tue, 19 Mar 2019 03:09:13 -0700 (PDT)
Received: from localhost ([127.0.0.1]:54473 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1h6BgB-0007yU-FD
	for importer@patchew.org; Tue, 19 Mar 2019 06:09:07 -0400
Received: from eggs.gnu.org ([209.51.188.92]:39936)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dgibson@ozlabs.org>) id 1h6BeF-0006wu-71
	for qemu-devel@nongnu.org; Tue, 19 Mar 2019 06:07:08 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <dgibson@ozlabs.org>) id 1h6BeE-0002WR-8P
	for qemu-devel@nongnu.org; Tue, 19 Mar 2019 06:07:07 -0400
Received: from ozlabs.org ([203.11.71.1]:45197)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <dgibson@ozlabs.org>)
	id 1h6BeA-0002K0-M0; Tue, 19 Mar 2019 06:07:05 -0400
Received: by ozlabs.org (Postfix, from userid 1007)
	id 44Npcf20sPz9s47; Tue, 19 Mar 2019 21:06:58 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
	d=gibson.dropbear.id.au; s=201602; t=1552990018;
	bh=yokn5u9jc6e5ToE0KNjZwilU4LUtOel94X/lpnMp/N4=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=DVwPRF065O2ZPOxXFsaju57f2IPdsgKY9eGF9jykW6Zd+CH4MJlucE6CnVkpqnW96
	Ou+d8uGhA9bF0WblOyWL7in01s2q8RtTBrrIIPo04YuTJWlM0E6cMHRNRraJBDbgyl
	NcZEIU2uVgjFSfWyKA13thY/sLty9QJMr9I8EVXY=
From: David Gibson <david@gibson.dropbear.id.au>
To: peter.maydell@linaro.org
Date: Tue, 19 Mar 2019 21:06:39 +1100
Message-Id: <20190319100645.31407-2-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190319100645.31407-1-david@gibson.dropbear.id.au>
References: <20190319100645.31407-1-david@gibson.dropbear.id.au>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 203.11.71.1
Subject: [Qemu-devel] [PULL 1/7] spapr: Correctly set LPCR[GTSE] in
 H_REGISTER_PROCESS_TABLE
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: groug@kaod.org, qemu-devel@nongnu.org, qemu-ppc@nongnu.org, clg@kaod.org,
	Cleber Rosa <crosa@redhat.com>, David Gibson <david@gibson.dropbear.id.au>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
Content-Type: text/plain; charset="utf-8"

176dccee "target/ppc/spapr: Clear partition table entry when allocating
hash table" reworked the H_REGISTER_PROCESS_TABLE hypercall, but
unfortunately due to a small error no longer correctly sets the LPCR[GTSE]
bit which allows the guest to directly execute (some types of) tlbie (TLB
flush) instructions without involving the hypervisor.

We got away with this, initially, because POWER9 did not have hypervisor
mode enabled in its msr_mask, which meant we didn't actually run hypervisor
privilege checks in TCG at all.  However, da874d90 "target/ppc: add HV
support for POWER9" turned on HV support on POWER9 for the benefit of the
powernv machine type.

This exposed the earlier bug in H_REGISTER_PROCESS_TABLE, and causes guests
which rely on LPCR[GTSE] (i.e. basically all of them) to crash during early
boot when their first tlbie instruction causes an unexpected trap.

Fixes: 176dccee target/ppc/spapr: Clear partition table entry when allocati=
ng hash table
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: C=C3=A9dric Le Goater <clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Tested-by: Cleber Rosa <crosa@redhat.com>
---
 hw/ppc/spapr_hcall.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 0761e10142..8a736797b9 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1400,7 +1400,8 @@ static target_ulong h_register_process_table(PowerPCC=
PU *cpu,
     else if (flags & FLAG_HASH_PROC_TBL) /* Hash with process tables */
         update_lpcr |=3D LPCR_UPRT;
     if (flags & FLAG_GTSE)      /* Guest translation shootdown enable */
-        update_lpcr |=3D FLAG_GTSE;
+        update_lpcr |=3D LPCR_GTSE;
+
     spapr_set_all_lpcrs(update_lpcr, LPCR_UPRT | LPCR_HR | LPCR_GTSE);
=20
     if (kvm_enabled()) {
--=20
2.20.1