Thanks Tom for your answer I was further more investigating when I received your mail but I have the same feeling as you.
I propose a patch since return of helper_store_msr returns an exception.
The function "helper_store_msr" calls "hreg_store_msr".
"hreg_store_msr" return POWERPC_EXCP_NONE which is -1.
"helper_store_msr" test for non null return value and generates an exception calling "helper_raise_exception"
This one generates an exception with id -1 which leads to this behavior.
I guess this is not the intended behavior and POWERPC_EXCP_NONE shall not raize any exception.
Either helper_store_msr should test for POWERPC_EXCP_NONE or hreg_store_msr shall send 0. I suppose keeping 0 for other exception is best ?
diff -ru qemu-2.1.0.orig/target-ppc/excp_helper.c qemu-2.1.0/target-ppc/excp_helper.c
--- qemu-2.1.0.orig/target-ppc/excp_helper.c 2014-08-01 16:12:17.000000000 +0200
+++ qemu-2.1.0/target-ppc/excp_helper.c 2014-09-03 18:59:06.680102135 +0200
@@ -847,7 +847,7 @@
CPUState *cs;
val = hreg_store_msr(env, val, 0);
- if (val != 0) {
+ if (val != POWERPC_EXCP_NONE) {
cs = CPU(ppc_env_get_cpu(env));
cs->interrupt_request |= CPU_INTERRUPT_EXITTB;
helper_raise_exception(env, val);
diff -ru qemu-2.1.0.orig/target-ppc/helper_regs.h qemu-2.1.0/target-ppc/helper_regs.h
--- qemu-2.1.0.orig/target-ppc/helper_regs.h 2014-08-01 16:12:17.000000000 +0200
+++ qemu-2.1.0/target-ppc/helper_regs.h 2014-09-03 19:15:51.731467306 +0200
@@ -72,7 +72,7 @@
CPUState *cs = CPU(ppc_env_get_cpu(env));
#endif
- excp = 0;
+ excp = POWERPC_EXCP_NONE;
value &= env->msr_mask;
#if !defined(CONFIG_USER_ONLY)
if (!alter_hv) {
I go a little bit further (one instruction after exactly !) and got a POWERPC_EXCP_DTLB (13) that is handled by IVOR12 ... but that is another story , ... for sure ! :D
Cheers
Pierre