The CPU seems to mask a few bits in the offset when running
under HP-UX. ISR/IOR register contents for an address in
the processor HPA (0xfffffffffffa0000) on my C8000 and J6750:
running on Linux: 000000003fffffff c0000000fffa0500
running on HP-UX: 00000000301fffff c0000000fffa0500
I haven't found how this is switched (guess some diag in the
firmware), but linux + seabios seems to handle that as well,
so lets mask out the additional bits.
Signed-off-by: Sven Schnelle <svens@stackframe.org>
---
target/hppa/cpu.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h
index a072d0bb63..9bc4d208fa 100644
--- a/target/hppa/cpu.h
+++ b/target/hppa/cpu.h
@@ -283,12 +283,13 @@ static inline int HPPA_BTLB_ENTRIES(CPUHPPAState *env)
void hppa_translate_init(void);
+#define HPPA_GVA_OFFSET_MASK64 0x301fffffffffffff
#define CPU_RESOLVING_TYPE TYPE_HPPA_CPU
static inline uint64_t gva_offset_mask(target_ulong psw)
{
return (psw & PSW_W
- ? MAKE_64BIT_MASK(0, 62)
+ ? HPPA_GVA_OFFSET_MASK64
: MAKE_64BIT_MASK(0, 32));
}
--
2.43.2On 3/23/24 22:09, Sven Schnelle wrote:
> The CPU seems to mask a few bits in the offset when running
> under HP-UX. ISR/IOR register contents for an address in
> the processor HPA (0xfffffffffffa0000) on my C8000 and J6750:
>
> running on Linux: 000000003fffffff c0000000fffa0500
> running on HP-UX: 00000000301fffff c0000000fffa0500
>
> I haven't found how this is switched (guess some diag in the
> firmware), but linux + seabios seems to handle that as well,
> so lets mask out the additional bits.
>
> Signed-off-by: Sven Schnelle <svens@stackframe.org>
> ---
> target/hppa/cpu.h | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h
> index a072d0bb63..9bc4d208fa 100644
> --- a/target/hppa/cpu.h
> +++ b/target/hppa/cpu.h
> @@ -283,12 +283,13 @@ static inline int HPPA_BTLB_ENTRIES(CPUHPPAState *env)
>
> void hppa_translate_init(void);
>
> +#define HPPA_GVA_OFFSET_MASK64 0x301fffffffffffff
> #define CPU_RESOLVING_TYPE TYPE_HPPA_CPU
>
> static inline uint64_t gva_offset_mask(target_ulong psw)
> {
> return (psw & PSW_W
> - ? MAKE_64BIT_MASK(0, 62)
> + ? HPPA_GVA_OFFSET_MASK64
> : MAKE_64BIT_MASK(0, 32));
> }
>
I'm not keen on this, because it contradicts the manual for forming an address.
Where I can imagine this sort of thing creeping in is the fact that you're getting a
result from trap registers. The cpu does not actually retain the original {space, offset}
tuple that formed the GVA to fill the trap registers, but takes bits [62:32] and
back-computes a space, and subtracts to re-form an offset. See "Interruption Parameter
Registers" in the pa20 manual.
In particular Figure 2-14 for "data translation disabled" may be instructive. Suppose the
cpu does not implement all of the physical address lines (true for all extant pa-risc
cpus; qemu implements 40 bits to match pa-8500 iirc). Suppose when reporting a trap with
translation disabled, it is a truncated physical address that is used as input to Figure 2-14.
If that is so, then the fix might be in hppa_set_ior_and_isr. Perhaps
- env->cr[CR_ISR] &= 0x3fffffff;
+ env->cr[CR_ISR] &= 0x301fffff;
Though my argument would suggest the mask should be 0xff for the 40-bit physical address,
which is not what you see at all, so perhaps the thing is moot. I am at a loss to explain
why or how HP-UX gets a 7-bit hole in the ISR result.
On the other hand, there are some not-well-documented shenanigans (aka implementation
defined behaviour) between Figure H-8 and Figure H-11, where the 62-bit absolute address
is expanded to a 64-bit logical physical address and then compacted to a 40-bit
implementation physical address.
We've already got hacks in place for this in hppa_abs_to_phys_pa2_w1, which just truncates
everything down to 40 bits. But that's probably not what the processor is really doing.
Anyhow, will you please try the hppa_set_ior_and_isr change and see if that fixes your
HP-UX problems?
r~
Richard Henderson <richard.henderson@linaro.org> writes: > On 3/23/24 22:09, Sven Schnelle wrote: >> The CPU seems to mask a few bits in the offset when running >> under HP-UX. ISR/IOR register contents for an address in >> the processor HPA (0xfffffffffffa0000) on my C8000 and J6750: >> running on Linux: 000000003fffffff c0000000fffa0500 >> running on HP-UX: 00000000301fffff c0000000fffa0500 >> I haven't found how this is switched (guess some diag in the >> firmware), but linux + seabios seems to handle that as well, >> so lets mask out the additional bits. >> Signed-off-by: Sven Schnelle <svens@stackframe.org> >> [..] > [..] > Though my argument would suggest the mask should be 0xff for the > 40-bit physical address, which is not what you see at all, so perhaps > the thing is moot. I am at a loss to explain why or how HP-UX gets a > 7-bit hole in the ISR result. > > On the other hand, there are some not-well-documented shenanigans (aka > implementation defined behaviour) between Figure H-8 and Figure H-11, > where the 62-bit absolute address is expanded to a 64-bit logical > physical address and then compacted to a 40-bit implementation > physical address. > > We've already got hacks in place for this in hppa_abs_to_phys_pa2_w1, > which just truncates everything down to 40 bits. But that's probably > not what the processor is really doing. I looked into this again, and it's caused by Space-ID hashing. HP-UX asks PDC/Firmware how many bits are used for the hashing. seabios returns zero, in which case HP-UX uses a default mask of 0xf01fffffffffffff. By modifying seabios, i can make HP-UX use the appropriate mask, but switching of SpaceID hashing entirely is impossible. The reason why the CPU doesn't strip the bits when running linux is that Linux switches of Space-ID hashing early in the startup code (before mm gets initialized). My J6750 Firmware only returns two values: 0 when Space-ID hashing is off, 0xfe0 when it is enabled. This is hardcoded in the firmware - the only thing PDC checks is a bit in Debug Register 2, which enables Space-ID hashing. 0xfe0 matches the 0xf01f... mask used by HP-UX pretty well. So if qemu wants to run 64 Bit HP-UX the proper way, i guess it needs to implement Space-ID hashing.
Richard, Sven Schnelle <svens@stackframe.org> writes: > Richard Henderson <richard.henderson@linaro.org> writes: > >> On 3/23/24 22:09, Sven Schnelle wrote: >>> The CPU seems to mask a few bits in the offset when running >>> under HP-UX. ISR/IOR register contents for an address in >>> the processor HPA (0xfffffffffffa0000) on my C8000 and J6750: >>> running on Linux: 000000003fffffff c0000000fffa0500 >>> running on HP-UX: 00000000301fffff c0000000fffa0500 >>> I haven't found how this is switched (guess some diag in the >>> firmware), but linux + seabios seems to handle that as well, >>> so lets mask out the additional bits. >>> Signed-off-by: Sven Schnelle <svens@stackframe.org> >>> [..] >> [..] >> Though my argument would suggest the mask should be 0xff for the >> 40-bit physical address, which is not what you see at all, so perhaps >> the thing is moot. I am at a loss to explain why or how HP-UX gets a >> 7-bit hole in the ISR result. >> >> On the other hand, there are some not-well-documented shenanigans (aka >> implementation defined behaviour) between Figure H-8 and Figure H-11, >> where the 62-bit absolute address is expanded to a 64-bit logical >> physical address and then compacted to a 40-bit implementation >> physical address. >> >> We've already got hacks in place for this in hppa_abs_to_phys_pa2_w1, >> which just truncates everything down to 40 bits. But that's probably >> not what the processor is really doing. > > I looked into this again, and it's caused by Space-ID hashing. HP-UX asks > PDC/Firmware how many bits are used for the hashing. seabios returns > zero, in which case HP-UX uses a default mask of 0xf01fffffffffffff. > By modifying seabios, i can make HP-UX use the appropriate mask, but > switching of SpaceID hashing entirely is impossible. The reason why > the CPU doesn't strip the bits when running linux is that Linux switches > of Space-ID hashing early in the startup code (before mm gets > initialized). > > My J6750 Firmware only returns two values: 0 when Space-ID hashing is > off, 0xfe0 when it is enabled. This is hardcoded in the firmware - the > only thing PDC checks is a bit in Debug Register 2, which enables > Space-ID hashing. 0xfe0 matches the 0xf01f... mask used by HP-UX > pretty well. > > So if qemu wants to run 64 Bit HP-UX the proper way, i guess it needs > to implement Space-ID hashing. I wonder wether it would be acceptable to implement this masking in a switchable way? This would mean: Implement dr2 and the mfdiag/mtdiag instructions. dr2 contains a bit which enables/disables space id hashing. Seabios would then set this bit when booting. Linux would disable it again during boot (this would be the same like on real hardware), while HP-UX would leave it enabled.
On 4/1/24 20:01, Sven Schnelle wrote: > Implement dr2 and the mfdiag/mtdiag instructions. dr2 contains a bit > which enables/disables space id hashing. Seabios would then set > this bit when booting. Linux would disable it again during boot (this > would be the same like on real hardware), while HP-UX would leave it > enabled. Pointer to documentation? r~
Richard Henderson <richard.henderson@linaro.org> writes: > On 4/1/24 20:01, Sven Schnelle wrote: >> Implement dr2 and the mfdiag/mtdiag instructions. dr2 contains a bit >> which enables/disables space id hashing. Seabios would then set >> this bit when booting. Linux would disable it again during boot (this >> would be the same like on real hardware), while HP-UX would leave it >> enabled. > > Pointer to documentation? There's no documentation about that in the public. There's this code since the beginning of linux on hppa in the linux kernel (arch/parisc/kernel/pacache.S): /* Disable Space Register Hashing for PCXL */ .word 0x141c0600 /* mfdiag %dr0, %r28 */ depwi 0,28,2, %r28 /* Clear DHASH_EN & IHASH_EN */ .word 0x141c0240 /* mtdiag %r28, %dr0 */ b,n srdis_done srdis_pa20: /* Disable Space Register Hashing for PCXU,PCXU+,PCXW,PCXW+,PCXW2 */ .word 0x144008bc /* mfdiag %dr2, %r28 */ depdi 0, 54,1, %r28 /* clear DIAG_SPHASH_ENAB (bit 54) */ .word 0x145c1840 /* mtdiag %r28, %dr2 */ So PCXL (32 bit) uses dr0, while 64 bit uses dr2. This still is the same on my C8000 - i see firmware still contains code reading dr2 to figure out whether space id hashing is enabled. The mfdiag/mtdiag instructions are described in the PCXL/PCXL2 ERS. https://parisc.wiki.kernel.org/index.php/File:PCXL_ers.pdf https://parisc.wiki.kernel.org/index.php/File:Pcxl2_ers.pdf There was a discussion mentioning disabling Space ID hashing in Linux: https://yhbt.net/lore/linux-parisc/199912161642.IAA11478@lucy.cup.hp.com/
On 4/2/24 08:29, Sven Schnelle wrote: > Richard Henderson <richard.henderson@linaro.org> writes: > >> On 4/1/24 20:01, Sven Schnelle wrote: >>> Implement dr2 and the mfdiag/mtdiag instructions. dr2 contains a bit >>> which enables/disables space id hashing. Seabios would then set >>> this bit when booting. Linux would disable it again during boot (this >>> would be the same like on real hardware), while HP-UX would leave it >>> enabled. This is how it works on real physical hardware, and since qemu should mimic real hardware as best as it can, IMHO we should implement it exactly like this. Helge >> Pointer to documentation? > > There's no documentation about that in the public. There's this code since the > beginning of linux on hppa in the linux kernel (arch/parisc/kernel/pacache.S): > > /* Disable Space Register Hashing for PCXL */ > > .word 0x141c0600 /* mfdiag %dr0, %r28 */ > depwi 0,28,2, %r28 /* Clear DHASH_EN & IHASH_EN */ > .word 0x141c0240 /* mtdiag %r28, %dr0 */ > b,n srdis_done > > srdis_pa20: > > /* Disable Space Register Hashing for PCXU,PCXU+,PCXW,PCXW+,PCXW2 */ > > .word 0x144008bc /* mfdiag %dr2, %r28 */ > depdi 0, 54,1, %r28 /* clear DIAG_SPHASH_ENAB (bit 54) */ > .word 0x145c1840 /* mtdiag %r28, %dr2 */ > > So PCXL (32 bit) uses dr0, while 64 bit uses dr2. This still is the same > on my C8000 - i see firmware still contains code reading dr2 to figure > out whether space id hashing is enabled. The mfdiag/mtdiag instructions > are described in the PCXL/PCXL2 ERS. > > https://parisc.wiki.kernel.org/index.php/File:PCXL_ers.pdf > https://parisc.wiki.kernel.org/index.php/File:Pcxl2_ers.pdf > > There was a discussion mentioning disabling Space ID hashing in Linux: > > https://yhbt.net/lore/linux-parisc/199912161642.IAA11478@lucy.cup.hp.com/ >
Hi Richard,
Richard Henderson <richard.henderson@linaro.org> writes:
> In particular Figure 2-14 for "data translation disabled" may be
> instructive. Suppose the cpu does not implement all of the physical
> address lines (true for all extant pa-risc cpus; qemu implements 40
> bits to match pa-8500 iirc). Suppose when reporting a trap with
> translation disabled, it is a truncated physical address that is used
> as input to Figure 2-14.
>
> If that is so, then the fix might be in hppa_set_ior_and_isr. Perhaps
>
> - env->cr[CR_ISR] &= 0x3fffffff;
> + env->cr[CR_ISR] &= 0x301fffff;
>
> Though my argument would suggest the mask should be 0xff for the
> 40-bit physical address, which is not what you see at all, so perhaps
> the thing is moot. I am at a loss to explain why or how HP-UX gets a
> 7-bit hole in the ISR result.
>
> On the other hand, there are some not-well-documented shenanigans (aka
> implementation defined behaviour) between Figure H-8 and Figure H-11,
> where the 62-bit absolute address is expanded to a 64-bit logical
> physical address and then compacted to a 40-bit implementation
> physical address.
>
> We've already got hacks in place for this in hppa_abs_to_phys_pa2_w1,
> which just truncates everything down to 40 bits. But that's probably
> not what the processor is really doing.
>
> Anyhow, will you please try the hppa_set_ior_and_isr change and see if
> that fixes your HP-UX problems?
The problem occurs with data address translation - it's working without,
which is not suprising because no exception can happen there. But as
soon as the kernel enables address translation it will hit a data tlb
miss exception because it can't find 0xfffffffffffb0500 in the page
tables. Trying to truncate the ISR in hppa_set_ior_and_isr() for the
data translation enabled case leads to this loop:
hppa_tlb_fill_excp env=0x55bf06e976e0 addr=0x3ffffffffffb0500 size=4 type=0 mmu_idx=9
hppa_tlb_find_entry env=0x55bf06e976e0 ent=0x55bf06e97b30 valid=1 va_b=0x200000 va_e=0x2fffff pa=0x200000
hppa_tlb_get_physical_address env=0x55bf06e976e0 ret=-1 prot=5 addr=0x26170c phys=0x26170c
hppa_tlb_flush_ent env=0x55bf06e976e0 ent=0x55bf06e97bf0 va_b=0x301ffffffffb0000 va_e=0x301ffffffffb0fff pa=0xfffffffffffb0000
hppa_tlb_itlba env=0x55bf06e976e0 ent=0x55bf06e97bf0 va_b=0x301ffffffffb0000 va_e=0x301ffffffffb0fff pa=0xfffffffffffb0000
hppa_tlb_itlbp env=0x55bf06e976e0 ent=0x55bf06e97bf0 access_id=0 u=1 pl2=0 pl1=0 type=1 b=0 d=0 t=0
So qemu is looking up 0x3ffffffffffb0500 in the TLB, can't find it,
raises an exception, HP-UX says: "ah nice, i have a translation for
you", but that doesn't match because we're only stripping the bits
in the ISR.
As i was a bit puzzled in the beginning what's going on, i dumped the
pagetables and wrote a small dump program:
680000: val=000f47ff301fffff r2=110e0f0000000001 r1=01ffffffffe8ffe0 phys=fffffffff47ff000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
680020: val=000f47fe301fffff r2=110e0f0000000001 r1=01ffffffffe8ffc0 phys=fffffffff47fe000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
680060: val=000f47fc301fffff r2=110e0f0000000001 r1=01ffffffffe8ff80 phys=fffffffff47fc000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d5860: val=000fed3c301fffff r2=010e000000000001 r1=01fffffffffda780 phys=fffffffffed3c000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d58e0: val=000fed38301fffff r2=010e000000000001 r1=01fffffffffda700 phys=fffffffffed38000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d59a0: val=000fed32301fffff r2=010e000000000001 r1=01fffffffffda640 phys=fffffffffed32000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d59e0: val=000fed30301fffff r2=110e0f0000000001 r1=01fffffffffda600 phys=fffffffffed30000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d5a00: val=000fed2f301fffff r2=010e000000000001 r1=01fffffffffda5e0 phys=fffffffffed2f000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d5a20: val=000fed2e301fffff r2=010e000000000001 r1=01fffffffffda5c0 phys=fffffffffed2e000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d5a40: val=000fed2d301fffff r2=010e000000000001 r1=01fffffffffda5a0 phys=fffffffffed2d000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d5a60: val=000fed2c301fffff r2=010e000000000001 r1=01fffffffffda580 phys=fffffffffed2c000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d5a80: val=000fed2b301fffff r2=010e000000000001 r1=01fffffffffda560 phys=fffffffffed2b000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d5aa0: val=000fed2a301fffff r2=010e000000000001 r1=01fffffffffda540 phys=fffffffffed2a000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d5ac0: val=000fed29301fffff r2=010e000000000001 r1=01fffffffffda520 phys=fffffffffed29000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d5ae0: val=000fed28301fffff r2=010e000000000001 r1=01fffffffffda500 phys=fffffffffed28000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d5b00: val=000fed27301fffff r2=010e000000000001 r1=01fffffffffda4e0 phys=fffffffffed27000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d5b20: val=000fed26301fffff r2=010e000000000001 r1=01fffffffffda4c0 phys=fffffffffed26000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d5b40: val=000fed25301fffff r2=010e000000000001 r1=01fffffffffda4a0 phys=fffffffffed25000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d5b60: val=000fed24301fffff r2=010e000000000001 r1=01fffffffffda480 phys=fffffffffed24000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d5b80: val=000fed23301fffff r2=010e000000000001 r1=01fffffffffda460 phys=fffffffffed23000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d5ba0: val=000fed22301fffff r2=110e0f0000000001 r1=01fffffffffda440 phys=fffffffffed22000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d5bc0: val=000fed21301fffff r2=010e000000000001 r1=01fffffffffda420 phys=fffffffffed21000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d5be0: val=000fed20301fffff r2=010e000000000001 r1=01fffffffffda400 phys=fffffffffed20000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d5de0: val=000fed10301fffff r2=010e000000000001 r1=01fffffffffda200 phys=fffffffffed10000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7d5fe0: val=000fed00301fffff r2=110e0f0000000001 r1=01fffffffffda000 phys=fffffffffed00000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7f07e0: val=000fffc0301fffff r2=010e000000000001 r1=01fffffffffff800 phys=fffffffffffc0000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
7f09e0: val=000fffb0301fffff r2=110e0f0000000001 r1=01fffffffffff600 phys=fffffffffffb0000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW)
'val' is the value constructed from IOR/ISR, r1/r2 are the args for the
idtlbt instructions, while the GVA just stays in IOR/ISR. If you look
at the val value, you'll recognize the 0301ffff... part. First i was
assuming some bug when creating the pagetables, but dumping pagetables
on my C3750/J6750 showed the same values.
The fastpath of the fault handler is:
$i_dtlb_miss_2_0
$TLB$:0002a1e0 02 a0 08 a9 mfctl IOR,r9
$TLB$:0002a1e4 d9 21 0a 6c extrd,u,* r9,51,20,r1
$TLB$:0002a1e8 02 80 08 a8 mfctl ISR,r8
$TLB$:0002a1ec 35 18 00 00 copy r8,r24
$TLB$:0002a1f0 f0 28 06 96 depd,* r8,43,10,r1
$TLB$:0002a1f4 d9 11 1a aa extrd,u,* r8,53,54,r17
dtlb_bl_patch_2_0
$TLB$:0002a1f8 e8 00 18 80 b dtlbmss_PCXU
$TLB$:0002a1fc 0a 21 02 91 xor r1,r17,r17
dtlbmss_PCXU
$TLB$:0002ae40 d9 19 03 e0 extrd,u,* r8,31,32,r25
$TLB$:0002ae44 0b 21 02 99 xor r1,r25,r25
$TLB$:0002ae48 f3 19 0c 0c depd,* r25,31,20,r24
pdir_base_patch_017
$TLB$:0002ae4c 20 20 00 0a ldil 0x500000,r1
pdir_shift_patch_017
$TLB$:0002ae50 f0 21 00 00 depd,z,* r1,0x3f,0x20,r1
pdir_mask_patch_017
$TLB$:0002ae54 f0 31 04 a8 depd,* r17,58,24,r1
$TLB$:0002ae58 0c 20 10 d1 ldd 0x0(r1),r17
$TLB$:0002ae5c bf 11 20 5a cmpb,*<>,n r17,r24,d_target_miss_PCXU
$TLB$:0002ae60 50 29 00 20 ldd 0x10(r1),r9
$TLB$:0002ae64 0c 30 10 c8 ldd 0x8(r1),r8
$TLB$:0002ae68 d9 10 02 de extrd,u,* r8,0x16,0x2,r16
$TLB$:0002ae6c 8e 06 20 12 cmpib,<>,n 0x3,r16,make_nop_if_split_TLB_2_0_7
$TLB$:0002ae70 05 09 18 00 idtlbt r9,r8
$TLB$:0002ae74 00 00 0c a0 rfi,r
$TLB$:0002ae78 08 00 02 40 nop
So the patch above was the only thing i could come up with - if you have
any better idea, let me know.
I also patched linux to execute exactly the same instruction with the
same address (space is 0), and i've seen different ISR/IOR values
compared to the values presented when HPUX is running. I think the
only explanation is that HPUX or firmware switches the behaviour
during runtime.
On 3/24/24 08:41, Sven Schnelle wrote: > 7f09e0: val=000fffb0301fffff r2=110e0f0000000001 r1=01fffffffffff600 phys=fffffffffffb0000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW) > > 'val' is the value constructed from IOR/ISR, Is this byte swapped in some weird way? I do not see how 'val' corresponds to any of the addresses we're talking about. From here, the string "301fffff" appears to an out-of-context grep hit. r~
Richard Henderson <richard.henderson@linaro.org> writes: > On 3/24/24 08:41, Sven Schnelle wrote: >> 7f09e0: val=000fffb0301fffff r2=110e0f0000000001 r1=01fffffffffff600 phys=fffffffffffb0000 4K aid=1 pl1=0, pl2=0 type=1 (DATA RW) >> 'val' is the value constructed from IOR/ISR, > > Is this byte swapped in some weird way? I do not see how 'val' > corresponds to any of the addresses we're talking about. From here, > the string "301fffff" appears to an out-of-context grep hit. It's just both values combined together, where the 301fffff is basically the ISR content. It's not a out of context grep - the real machines i have are constructing the same value, and the same offset into the pagetable. I verified that by patching the DTLB miss handler in HPUX to write the ISR/IOR and calulated pagetable offset/value to PAGE0 and looked with the kernel debugger at the values.
On 3/24/24 09:09, Sven Schnelle wrote:
> The CPU seems to mask a few bits in the offset when running
> under HP-UX. ISR/IOR register contents for an address in
> the processor HPA (0xfffffffffffa0000) on my C8000 and J6750:
>
> running on Linux: 000000003fffffff c0000000fffa0500
> running on HP-UX: 00000000301fffff c0000000fffa0500
>
> I haven't found how this is switched (guess some diag in the
> firmware), but linux + seabios seems to handle that as well,
> so lets mask out the additional bits.
>
> Signed-off-by: Sven Schnelle <svens@stackframe.org>
I've seen the issue on HP-UX too, and can confirm the patch does
not break existing 32- and 64-bit Linux installations, so:
Tested-by: Helge Deller <deller@gmx.de>
Thanks!
Helge
> ---
> target/hppa/cpu.h | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h
> index a072d0bb63..9bc4d208fa 100644
> --- a/target/hppa/cpu.h
> +++ b/target/hppa/cpu.h
> @@ -283,12 +283,13 @@ static inline int HPPA_BTLB_ENTRIES(CPUHPPAState *env)
>
> void hppa_translate_init(void);
>
> +#define HPPA_GVA_OFFSET_MASK64 0x301fffffffffffff
> #define CPU_RESOLVING_TYPE TYPE_HPPA_CPU
>
> static inline uint64_t gva_offset_mask(target_ulong psw)
> {
> return (psw & PSW_W
> - ? MAKE_64BIT_MASK(0, 62)
> + ? HPPA_GVA_OFFSET_MASK64
> : MAKE_64BIT_MASK(0, 32));
> }
>
© 2016 - 2026 Red Hat, Inc.