From patchwork Wed Mar 18 04:41:34 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Nicholas Piggin <npiggin@gmail.com>
X-Patchwork-Id: 11444525
Return-Path: 
 <SRS0=XkNc=5D=nongnu.org=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B82C1913
	for <patchwork-qemu-devel@patchwork.kernel.org>;
 Wed, 18 Mar 2020 04:43:52 +0000 (UTC)
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 48E7020768
	for <patchwork-qemu-devel@patchwork.kernel.org>;
 Wed, 18 Mar 2020 04:43:52 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (2048-bit key)
 header.d=gmail.com header.i=@gmail.com header.b="mL/ehmz0"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 48E7020768
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.kernel.org;
 spf=pass
 smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Received: from localhost ([::1]:45058 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>)
	id 1jEQYZ-0001hC-3l
	for patchwork-qemu-devel@patchwork.kernel.org;
 Wed, 18 Mar 2020 00:43:51 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:59397)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <npiggin@gmail.com>) id 1jEQXx-0000i7-22
 for qemu-devel@nongnu.org; Wed, 18 Mar 2020 00:43:14 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <npiggin@gmail.com>) id 1jEQXu-0004rM-BF
 for qemu-devel@nongnu.org; Wed, 18 Mar 2020 00:43:12 -0400
Received: from mail-pf1-x444.google.com ([2607:f8b0:4864:20::444]:42362)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <npiggin@gmail.com>)
 id 1jEQXq-0004VO-Hj; Wed, 18 Mar 2020 00:43:07 -0400
Received: by mail-pf1-x444.google.com with SMTP id x2so12836968pfn.9;
 Tue, 17 Mar 2020 21:43:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=UO3pThTw0bLlMLOdAGNpaCK+RKzxZlZsMKGSRRLJe+0=;
 b=mL/ehmz0/k97cKyGf73ui1QEzIHW46wMjXGgKyhFtTGmdzNZY5mKsksaF9fmoBvP48
 B4YQTiFmCLzy3RAtGAiwQ9O2IDqKoPL4ejtoo1r9ZpRJiIxrRCuGuwZXpYSODRvWD0Tu
 6xJMg8rwGX9fjgvEh5IgPcW+A7Z3Mgtzr9ga3LDUC/lNZvGNbolkW22DlyRkDenSbI30
 WNgslTLONJGNWhkylkc2hcJLskpWyWFU87E+RpoNuOFr85X3zptLX3OGVuxNcYe/X0MO
 FqmI8P3GwhQhdhowjecvDpurQrqOxxOm9Haja0/Z6Wx1mcdwX54i9GcLAYVYG4RRfUQa
 9qGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=UO3pThTw0bLlMLOdAGNpaCK+RKzxZlZsMKGSRRLJe+0=;
 b=V5iwAPWYauUS62tVeXtDGtvbfPXi1jV8T4kQ4nCUWb7uiq5+MslqchlizfrCEZno9L
 IzKmSL3EZCcmUV7uzfPkDvdgamA1cVP6s+xlFuCzUIWr7iN9zmLLY2wzGCyuQygHIZaD
 J6px6gQk9YNNVwL0piqcInOsxSBgOt8V2epswGViBUw4ULyytMtQ6ISQlVxeAvKhKoIV
 QtkukUcv+2hRtCzUOrHNArGangOugcBREiojrbH3HRi6d13xI36iC52gM/Po8F7yKiNb
 gxaefFTJLqHmOA+UqcX2areKEJf9p+0AwmdRdgXj1SVNHnMwCRiO3/1tE6kBDkBYaE5E
 XfYQ==
X-Gm-Message-State: ANhLgQ0wniWaTjnsqucaS5n+RY8gA67vxeve9FzLka+vgkko9yi/4Dns
 sdQ7HTV4Rmks1oHuNhWPq6vXuKXj
X-Google-Smtp-Source: 
 ADFU+vtaVkYjALOZj0tdybEwR5k152vTpBXoH2FalmJtD1hHMEfIzL6r9rBL5ONbSWnkAM9omd2+BA==
X-Received: by 2002:a63:f752:: with SMTP id f18mr2699438pgk.196.1584506584865;
 Tue, 17 Mar 2020 21:43:04 -0700 (PDT)
Received: from bobo.ozlabs.ibm.com (14-202-190-183.tpgi.com.au.
 [14.202.190.183])
 by smtp.gmail.com with ESMTPSA id e28sm4192629pgn.21.2020.03.17.21.43.01
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 17 Mar 2020 21:43:04 -0700 (PDT)
From: Nicholas Piggin <npiggin@gmail.com>
To: qemu-ppc@nongnu.org
Subject: [PATCH 1/2] target/ppc: Fix slbia TLB invalidation gap
Date: Wed, 18 Mar 2020 14:41:34 +1000
Message-Id: <20200318044135.851716-1-npiggin@gmail.com>
X-Mailer: git-send-email 2.23.0
MIME-Version: 1.0
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:4864:20::444
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Greg Kurz <groug@kaod.org>, Nicholas Piggin <npiggin@gmail.com>,
 qemu-devel@nongnu.org, =?utf-8?q?C=C3=A9dric_Le_Goater?= <clg@fr.ibm.com>,
 David Gibson <david@gibson.dropbear.id.au>
Errors-To: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>

slbia must invalidate TLBs even if it does not remove a valid SLB
entry, because slbmte can overwrite valid entries without removing
their TLBs.

As the architecture says, slbia invalidates all lookaside information,
not conditionally based on if it removed valid entries.

It does not seem possible for POWER8 or earlier Linux kernels to hit
this bug because it never changes its kernel SLB translations, and it
should always have valid entries if any accesses are made to usespace
regions. However other operating systems which may modify SLB entry 0
or do more fancy things with segments might be affected.

When POWER9 slbia support is added in the next patch, this becomes a
real problem because some new slbia variants don't invalidate all
non-zero entries.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
---
 target/ppc/mmu-hash64.c | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index 34f6009b1e..373d44de74 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -100,20 +100,29 @@ void helper_slbia(CPUPPCState *env)
     PowerPCCPU *cpu = env_archcpu(env);
     int n;
 
+    /*
+     * slbia must always flush all TLB (which is equivalent to ERAT in ppc
+     * architecture). Matching on SLB_ESID_V is not good enough, because slbmte
+     * can overwrite a valid SLB without flushing its lookaside information.
+     *
+     * It would be possible to keep the TLB in synch with the SLB by flushing
+     * when a valid entry is overwritten by slbmte, and therefore slbia would
+     * not have to flush unless it evicts a valid SLB entry. However it is
+     * expected that slbmte is more common than slbia, and slbia is usually
+     * going to evict valid SLB entries, so that tradeoff is unlikely to be a
+     * good one.
+     */
+
     /* XXX: Warning: slbia never invalidates the first segment */
     for (n = 1; n < cpu->hash64_opts->slb_size; n++) {
         ppc_slb_t *slb = &env->slb[n];
 
         if (slb->esid & SLB_ESID_V) {
             slb->esid &= ~SLB_ESID_V;
-            /*
-             * XXX: given the fact that segment size is 256 MB or 1TB,
-             *      and we still don't have a tlb_flush_mask(env, n, mask)
-             *      in QEMU, we just invalidate all TLBs
-             */
-            env->tlb_need_flush |= TLB_NEED_LOCAL_FLUSH;
         }
     }
+
+    env->tlb_need_flush |= TLB_NEED_LOCAL_FLUSH;
 }
 
 static void __helper_slbie(CPUPPCState *env, target_ulong addr,

From patchwork Wed Mar 18 04:41:35 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nicholas Piggin <npiggin@gmail.com>
X-Patchwork-Id: 11444527
Return-Path: 
 <SRS0=XkNc=5D=nongnu.org=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 67BDB6CA
	for <patchwork-qemu-devel@patchwork.kernel.org>;
 Wed, 18 Mar 2020 04:43:53 +0000 (UTC)
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 3B64A20768
	for <patchwork-qemu-devel@patchwork.kernel.org>;
 Wed, 18 Mar 2020 04:43:53 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (2048-bit key)
 header.d=gmail.com header.i=@gmail.com header.b="t4vuX6uI"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3B64A20768
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.kernel.org;
 spf=pass
 smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Received: from localhost ([::1]:45060 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>)
	id 1jEQYa-0001ir-8r
	for patchwork-qemu-devel@patchwork.kernel.org;
 Wed, 18 Mar 2020 00:43:52 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:59452)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <npiggin@gmail.com>) id 1jEQXz-0000kt-JF
 for qemu-devel@nongnu.org; Wed, 18 Mar 2020 00:43:16 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <npiggin@gmail.com>) id 1jEQXy-00054L-9Y
 for qemu-devel@nongnu.org; Wed, 18 Mar 2020 00:43:15 -0400
Received: from mail-pj1-x1036.google.com ([2607:f8b0:4864:20::1036]:53219)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <npiggin@gmail.com>)
 id 1jEQXt-0004nK-UR; Wed, 18 Mar 2020 00:43:10 -0400
Received: by mail-pj1-x1036.google.com with SMTP id ng8so770178pjb.2;
 Tue, 17 Mar 2020 21:43:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=lTa9s69zsSSP7eKn2sDXJ96v9u0GvLRbRyFh6bHh4rY=;
 b=t4vuX6uID88rpnei+OS2nSfNaEHv/xNVFa8WnTs06NZ++gE5uglxYS9EuCSF6zyFPk
 FL2Omubr6+6e8H6Sg7EzSmAuaf0nwGkBn8BCmojy3JS32zfzQ/p6Zwe/qIwweqZPk62s
 fr7XaytiTk/En4wTl4bDoKo2f5tCknLdeajA7R1sIEsTHm1NQIJBPmsYuyHKDn8E9Qva
 4jrHgc459wcGHJrLF3cWnAe0MWsI8viDSI9hYOLAasuYRRTEG5EpF3MEFqZ/MCn70IfZ
 LQRHmOSus1irlFZP9VjCwq3W109nFQ8kPd3UCgCr+rORrhFhpfvqlcVBpGLjLyXx3Hr1
 Us9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=lTa9s69zsSSP7eKn2sDXJ96v9u0GvLRbRyFh6bHh4rY=;
 b=E/iJy3xL/CjsCvlAZW1qJu1BFGBEU8EqZ4Im8ot9WhGcceqfi2smnAX2GiCj9y4Ka3
 DvFPhu+mgeQrjtzk7c2jUR/gkeMpl53C71u8JwLIAp1n6Hsdkww54xyrReYf07E/PA0L
 zDuEn+/cwIH99lmbsFi3TpezM+lvTz4Ot0oMJuG4BwRYBqK2Munn/RuYC8iNipyzuAAG
 qjOyOOFDfpI5qmQOQ8TBnhYTS4b6aUHkiGXHgSgtVEOz0TR0A7m39zMT15yCn9JpQGyV
 CDJW6qLihTTh4XdpZi9btwIaBJJTxzN+LA9kXG/hBPpnlCjbcxZrim8VvUwuomQGZLa1
 SlFA==
X-Gm-Message-State: ANhLgQ1Qj/KyEM8y/0xjTcpznP0DFyk+ZHdw+rcIIQ7jW9O9/dLJhSl2
 pasWr049F22hKPHX/GLL2MzYszXO
X-Google-Smtp-Source: 
 ADFU+vsyrsUibOc/WxGANPC84nJaNqfGE39BL7SPhHaWcAzmxtYfDTqT4WTwbKqf+rzAPqlmfjCcqw==
X-Received: by 2002:a17:902:b193:: with SMTP id
 s19mr2160836plr.130.1584506588616;
 Tue, 17 Mar 2020 21:43:08 -0700 (PDT)
Received: from bobo.ozlabs.ibm.com (14-202-190-183.tpgi.com.au.
 [14.202.190.183])
 by smtp.gmail.com with ESMTPSA id e28sm4192629pgn.21.2020.03.17.21.43.05
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 17 Mar 2020 21:43:08 -0700 (PDT)
From: Nicholas Piggin <npiggin@gmail.com>
To: qemu-ppc@nongnu.org
Subject: [PATCH 2/2] target/ppc: Fix ISA v3.0 (POWER9) slbia implementation
Date: Wed, 18 Mar 2020 14:41:35 +1000
Message-Id: <20200318044135.851716-2-npiggin@gmail.com>
X-Mailer: git-send-email 2.23.0
In-Reply-To: <20200318044135.851716-1-npiggin@gmail.com>
References: <20200318044135.851716-1-npiggin@gmail.com>
MIME-Version: 1.0
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:4864:20::1036
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Greg Kurz <groug@kaod.org>, Nicholas Piggin <npiggin@gmail.com>,
 qemu-devel@nongnu.org, =?utf-8?q?C=C3=A9dric_Le_Goater?= <clg@fr.ibm.com>,
 David Gibson <david@gibson.dropbear.id.au>
Errors-To: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>

Linux using the hash MMU ("disable_radix" command line) on a POWER9
machine quickly hits translation bugs due to using v3.0 slbia
features that are not implemented in TCG. Add them.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
 target/ppc/helper.h     |  2 +-
 target/ppc/mmu-hash64.c | 57 ++++++++++++++++++++++++++++++++++++-----
 target/ppc/translate.c  |  5 +++-
 3 files changed, 55 insertions(+), 9 deletions(-)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index ee1498050d..2dfa1c6942 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -615,7 +615,7 @@ DEF_HELPER_FLAGS_3(store_slb, TCG_CALL_NO_RWG, void, env, tl, tl)
 DEF_HELPER_2(load_slb_esid, tl, env, tl)
 DEF_HELPER_2(load_slb_vsid, tl, env, tl)
 DEF_HELPER_2(find_slb_vsid, tl, env, tl)
-DEF_HELPER_FLAGS_1(slbia, TCG_CALL_NO_RWG, void, env)
+DEF_HELPER_FLAGS_2(slbia, TCG_CALL_NO_RWG, void, env, i32)
 DEF_HELPER_FLAGS_2(slbie, TCG_CALL_NO_RWG, void, env, tl)
 DEF_HELPER_FLAGS_2(slbieg, TCG_CALL_NO_RWG, void, env, tl)
 #endif
diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index 373d44de74..deb1c13a66 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -95,9 +95,10 @@ void dump_slb(PowerPCCPU *cpu)
     }
 }
 
-void helper_slbia(CPUPPCState *env)
+void helper_slbia(CPUPPCState *env, uint32_t ih)
 {
     PowerPCCPU *cpu = env_archcpu(env);
+    int starting_entry;
     int n;
 
     /*
@@ -111,18 +112,59 @@ void helper_slbia(CPUPPCState *env)
      * expected that slbmte is more common than slbia, and slbia is usually
      * going to evict valid SLB entries, so that tradeoff is unlikely to be a
      * good one.
+     *
+     * ISA v2.05 introduced IH field with values 0,1,2,6. These all invalidate
+     * the same SLB entries (everything but entry 0), but differ in what
+     * "lookaside information" is invalidated. TCG can ignore this and flush
+     * everything.
+     *
+     * ISA v3.0 introduced additional values 3,4,7, which change what SLBs are
+     * invalidated.
      */
 
-    /* XXX: Warning: slbia never invalidates the first segment */
-    for (n = 1; n < cpu->hash64_opts->slb_size; n++) {
-        ppc_slb_t *slb = &env->slb[n];
+    env->tlb_need_flush |= TLB_NEED_LOCAL_FLUSH;
+
+    starting_entry = 1; /* default for IH=0,1,2,6 */
+
+    if (env->mmu_model == POWERPC_MMU_3_00) {
+        switch (ih) {
+        case 0x7:
+            /* invalidate no SLBs, but all lookaside information */
+            return;
 
-        if (slb->esid & SLB_ESID_V) {
-            slb->esid &= ~SLB_ESID_V;
+        case 0x3:
+        case 0x4:
+            /* also considers SLB entry 0 */
+            starting_entry = 0;
+            break;
+
+        case 0x5:
+            /* treat undefined values as ih==0, and warn */
+            qemu_log_mask(LOG_GUEST_ERROR,
+                          "slbia undefined IH field %u.\n", ih);
+            break;
+
+        default:
+            /* 0,1,2,6 */
+            break;
         }
     }
 
-    env->tlb_need_flush |= TLB_NEED_LOCAL_FLUSH;
+    for (n = starting_entry; n < cpu->hash64_opts->slb_size; n++) {
+        ppc_slb_t *slb = &env->slb[n];
+
+        if (!(slb->esid & SLB_ESID_V)) {
+            continue;
+        }
+        if (env->mmu_model == POWERPC_MMU_3_00) {
+            if (ih == 0x3 && (slb->vsid & SLB_VSID_C) == 0) {
+                /* preserves entries with a class value of 0 */
+                continue;
+            }
+        }
+
+        slb->esid &= ~SLB_ESID_V;
+    }
 }
 
 static void __helper_slbie(CPUPPCState *env, target_ulong addr,
@@ -136,6 +178,7 @@ static void __helper_slbie(CPUPPCState *env, target_ulong addr,
         return;
     }
 
+    env->tlb_need_flush |= TLB_NEED_LOCAL_FLUSH;
     if (slb->esid & SLB_ESID_V) {
         slb->esid &= ~SLB_ESID_V;
 
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index eb0ddba850..e514732a09 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -5027,12 +5027,15 @@ static void gen_tlbsync(DisasContext *ctx)
 /* slbia */
 static void gen_slbia(DisasContext *ctx)
 {
+    uint32_t ih = (ctx->opcode >> 21) & 0x7;
+    TCGv_i32 t0 = tcg_const_i32(ih);
+
 #if defined(CONFIG_USER_ONLY)
     GEN_PRIV;
 #else
     CHK_SV;
 
-    gen_helper_slbia(cpu_env);
+    gen_helper_slbia(cpu_env, t0);
 #endif /* defined(CONFIG_USER_ONLY) */
 }