From patchwork Tue Feb 7 02:56:51 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Bobroff X-Patchwork-Id: 9559121 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 80B7A604DC for ; Tue, 7 Feb 2017 03:02:38 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7375D205FD for ; Tue, 7 Feb 2017 03:02:38 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6684427FC0; Tue, 7 Feb 2017 03:02:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 385D6205FD for ; Tue, 7 Feb 2017 03:02:37 +0000 (UTC) Received: from localhost ([::1]:51730 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1caw3A-0008Ts-A0 for patchwork-qemu-devel@patchwork.kernel.org; Mon, 06 Feb 2017 22:02:36 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51908) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cavz6-0005PG-Ne for qemu-devel@nongnu.org; Mon, 06 Feb 2017 21:58:26 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cavz4-0002za-T0 for qemu-devel@nongnu.org; Mon, 06 Feb 2017 21:58:24 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:40085) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cavz4-0002ys-JX for qemu-devel@nongnu.org; Mon, 06 Feb 2017 21:58:22 -0500 Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v172rwYF111301 for ; Mon, 6 Feb 2017 21:58:21 -0500 Received: from e23smtp02.au.ibm.com (e23smtp02.au.ibm.com [202.81.31.144]) by mx0a-001b2d01.pphosted.com with ESMTP id 28eups6s10-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Mon, 06 Feb 2017 21:58:21 -0500 Received: from localhost by e23smtp02.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 7 Feb 2017 12:58:18 +1000 Received: from d23dlp02.au.ibm.com (202.81.31.213) by e23smtp02.au.ibm.com (202.81.31.208) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Tue, 7 Feb 2017 12:58:15 +1000 Received: from d23relay10.au.ibm.com (d23relay10.au.ibm.com [9.190.26.77]) by d23dlp02.au.ibm.com (Postfix) with ESMTP id 344F22BB0055; Tue, 7 Feb 2017 13:58:15 +1100 (EST) Received: from d23av01.au.ibm.com (d23av01.au.ibm.com [9.190.234.96]) by d23relay10.au.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v172w77v30998660; Tue, 7 Feb 2017 13:58:15 +1100 Received: from d23av01.au.ibm.com (localhost [127.0.0.1]) by d23av01.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id v172vgNc004389; Tue, 7 Feb 2017 13:57:43 +1100 Received: from ozlabs.au.ibm.com (ozlabs.au.ibm.com [9.192.253.14]) by d23av01.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id v172vfJX003509; Tue, 7 Feb 2017 13:57:42 +1100 Received: from tungsten.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher AES128-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 0AA24A03B0; Tue, 7 Feb 2017 13:56:53 +1100 (AEDT) From: Sam Bobroff To: qemu-devel@nongnu.org Date: Tue, 7 Feb 2017 13:56:51 +1100 X-Mailer: git-send-email 2.1.4 In-Reply-To: References: In-Reply-To: References: X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 17020702-0004-0000-0000-000001DD9208 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17020702-0005-0000-0000-0000099EC63C Message-Id: <0d06b1c772cf35947e9f095202ab4ca2a50aaf76.1486436186.git.sam.bobroff@au1.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-02-07_02:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=1 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1612050000 definitions=main-1702070026 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy] X-Received-From: 148.163.156.1 Subject: [Qemu-devel] [RFC PATCH 8/9] spapr: Advertise ISA 3.0 MMU features in pa_features X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-ppc@nongnu.org, david@gibson.dropbear.id.au Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Set the default ibm,pa_features bits for ISA 3.0. Providing the radix MMU support bit in ibm,pa-features will cause some recent (e.g. 4.9) kernels to attempt to initialize the MMU as if they were a radix host, which will cause them to crash. So, if a guest performs a client architecture support call without indicating ISA 3.00 support (specifically, if they do not indicate that they support either new radix or new hash mode) then the radix bit is removed from ibm,pa-features to avoid triggering the bug. Signed-off-by: Sam Bobroff --- hw/ppc/spapr.c | 125 +++++++++++++++++++++++++++++++------------------ hw/ppc/spapr_hcall.c | 4 +- include/hw/ppc/spapr.h | 1 + 3 files changed, 83 insertions(+), 47 deletions(-) diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index c6a3a638cd..325a9c587b 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -194,6 +194,76 @@ static int spapr_fixup_cpu_numa_dt(void *fdt, int offset, CPUState *cs) return ret; } +/* Populate the "ibm,pa-features" property */ +static int spapr_populate_pa_features(CPUPPCState *env, void *fdt, int offset, + bool legacy_guest) +{ + uint8_t pa_features_206[] = { 6, 0, + 0xf6, 0x1f, 0xc7, 0x00, 0x80, 0xc0 }; + uint8_t pa_features_207[] = { 24, 0, + 0xf6, 0x1f, 0xc7, 0xc0, 0x80, 0xf0, + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, + 0x80, 0x00, 0x80, 0x00, 0x00, 0x00 }; + uint8_t pa_features_300[70 + 2] = { 70, 0, + 0xf6, 0x3f, 0xc7, 0xc0, 0x80, 0xf0, /* 0 - 5 */ + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, /* 6 - 11 */ + 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, /* 12 - 17 */ + 0x80, 0x00, 0x80, 0x00, 0x80, 0x00, /* 18 - 23 */ + 0x80, 0x00, 0x80, 0x00, 0x80, 0x00, /* 24 - 29 */ + 0x80, 0x00, 0x80, 0x00, 0xC0, 0x00, /* 30 - 35 */ + 0x80, 0x00, 0x80, 0x00, 0x80, 0x00, /* 36 - 41 */ + 0x80, 0x00, 0x80, 0x00, 0x80, 0x00, /* 42 - 47 */ + 0x80, 0x00, 0x80, 0x00, 0x80, 0x00, /* 48 - 53 */ + 0x80, 0x00, 0x80, 0x00, 0x80, 0x00, /* 54 - 59 */ + 0x80, 0x00, 0x80, 0x00, 0x00, 0x00, /* 60 - 64 */ + 0x00, 0x00, 0x00, 0x00, /* 66 - 69 */ + }; + uint8_t *pa_features; + size_t pa_size; + + switch (env->mmu_model) { + case POWERPC_MMU_2_06: + case POWERPC_MMU_2_06a: + pa_features = pa_features_206; + pa_size = sizeof(pa_features_206); + break; + case POWERPC_MMU_2_07: + case POWERPC_MMU_2_07a: + pa_features = pa_features_207; + pa_size = sizeof(pa_features_207); + break; + case POWERPC_MMU_3_00: + pa_features = pa_features_300; + pa_size = sizeof(pa_features_300); + break; + default: + return 0; /* TODO, this is actually an error! */ + } + + if (env->ci_large_pages) { + /* + * Note: we keep CI large pages off by default because a 64K capable + * guest provisioned with large pages might otherwise try to map a qemu + * framebuffer (or other kind of memory mapped PCI BAR) using 64K pages + * even if that qemu runs on a 4k host. + * We dd this bit back here if we are confident this is not an issue + */ + pa_features[3] |= 0x20; + } + if (kvmppc_has_cap_htm() && pa_size > 24) { + pa_features[24] |= 0x80; /* Transactional memory support */ + } + if (legacy_guest && pa_size > 40) { + /* Workaround for broken kernels that attempt (guest) radix + * mode when they can't handle it, if they see the radix bit set + * in pa-features. So hide it from them. */ + pa_features[40 + 2] &= ~0x80; /* Radix MMU */ + } + + return fdt_setprop(fdt, offset, "ibm,pa-features", pa_features, pa_size); +} + static int spapr_fixup_cpu_dt(void *fdt, sPAPRMachineState *spapr) { int ret = 0, offset, cpus_offset; @@ -204,6 +274,7 @@ static int spapr_fixup_cpu_dt(void *fdt, sPAPRMachineState *spapr) CPU_FOREACH(cs) { PowerPCCPU *cpu = POWERPC_CPU(cs); + CPUPPCState *env = &cpu->env; DeviceClass *dc = DEVICE_GET_CLASS(cs); int index = ppc_get_vcpu_dt_id(cpu); @@ -245,6 +316,12 @@ static int spapr_fixup_cpu_dt(void *fdt, sPAPRMachineState *spapr) if (ret < 0) { return ret; } + + ret = spapr_populate_pa_features(env, fdt, offset, + spapr->cas_legacy_guest_workaround); + if (ret < 0) { + return ret; + } } return ret; } @@ -346,51 +423,6 @@ static int spapr_populate_memory(sPAPRMachineState *spapr, void *fdt) return 0; } -/* Populate the "ibm,pa-features" property */ -static void spapr_populate_pa_features(CPUPPCState *env, void *fdt, int offset) -{ - uint8_t pa_features_206[] = { 6, 0, - 0xf6, 0x1f, 0xc7, 0x00, 0x80, 0xc0 }; - uint8_t pa_features_207[] = { 24, 0, - 0xf6, 0x1f, 0xc7, 0xc0, 0x80, 0xf0, - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, - 0x80, 0x00, 0x80, 0x00, 0x00, 0x00 }; - uint8_t *pa_features; - size_t pa_size; - - switch (env->mmu_model) { - case POWERPC_MMU_2_06: - case POWERPC_MMU_2_06a: - pa_features = pa_features_206; - pa_size = sizeof(pa_features_206); - break; - case POWERPC_MMU_2_07: - case POWERPC_MMU_2_07a: - pa_features = pa_features_207; - pa_size = sizeof(pa_features_207); - break; - default: - return; - } - - if (env->ci_large_pages) { - /* - * Note: we keep CI large pages off by default because a 64K capable - * guest provisioned with large pages might otherwise try to map a qemu - * framebuffer (or other kind of memory mapped PCI BAR) using 64K pages - * even if that qemu runs on a 4k host. - * We dd this bit back here if we are confident this is not an issue - */ - pa_features[3] |= 0x20; - } - if (kvmppc_has_cap_htm() && pa_size > 24) { - pa_features[24] |= 0x80; /* Transactional memory support */ - } - - _FDT((fdt_setprop(fdt, offset, "ibm,pa-features", pa_features, pa_size))); -} - static void spapr_populate_cpu_dt(CPUState *cs, void *fdt, int offset, sPAPRMachineState *spapr) { @@ -484,7 +516,7 @@ static void spapr_populate_cpu_dt(CPUState *cs, void *fdt, int offset, page_sizes_prop, page_sizes_prop_size))); } - spapr_populate_pa_features(env, fdt, offset); + _FDT(spapr_populate_pa_features(env, fdt, offset, false)); _FDT((fdt_setprop_cell(fdt, offset, "ibm,chip-id", cs->cpu_index / vcpus_per_socket))); @@ -1870,6 +1902,7 @@ static void ppc_spapr_init(MachineState *machine) } spapr_ovec_set(spapr->ov5, OV5_SEG_HCALL); spapr_ovec_set(spapr->ov5, OV5_SHOOTDOWN); + spapr_ovec_set(spapr->ov5, OV5_SEG_HCALL); /* advertise support for dedicated HP event source to guests */ if (spapr->use_hotplug_event_source) { diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c index 4de511c386..d04f696e65 100644 --- a/hw/ppc/spapr_hcall.c +++ b/hw/ppc/spapr_hcall.c @@ -999,7 +999,7 @@ static target_ulong h_client_architecture_support(PowerPCCPU *cpu_, } } - if (!cpu_version) { + if (!cpu_version && !spapr->cas_legacy_guest_workaround) { cpu_update = false; } @@ -1033,6 +1033,8 @@ static target_ulong h_client_architecture_support(PowerPCCPU *cpu_, ov5_cas_old, spapr->ov5_cas); spapr_ovec_stderr("update", 16, ov5_updates); fprintf(stderr, "Old CAS reboot flag: %d\n", spapr->cas_reboot); + spapr->cas_legacy_guest_workaround = !spapr_ovec_test(ov5_updates, OV5_MMU_RADIX) && + !spapr_ovec_test(ov5_updates, OV5_MMU_HASH); if (!spapr->cas_reboot) { spapr->cas_reboot = diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h index 92bda0f36d..974338d1df 100644 --- a/include/hw/ppc/spapr.h +++ b/include/hw/ppc/spapr.h @@ -77,6 +77,7 @@ struct sPAPRMachineState { sPAPROptionVector *ov5; /* QEMU-supported option vectors */ sPAPROptionVector *ov5_cas; /* negotiated (via CAS) option vectors */ bool cas_reboot; + bool cas_legacy_guest_workaround; Notifier epow_notifier; QTAILQ_HEAD(, sPAPREventLogEntry) pending_events;