Le mar. 3 nov. 2015 à 14:33, Mark Cave-Ayland <
address@hidden> a écrit :
On 03/11/15 12:16, Michael Tokarev wrote:
> 03.11.2015 11:00, Julio Guerra wrote:
>> Ping :)
>
> Well, I'm not sure what can I do with this. I've no idea what is IBAT to start
> with, so while technically the patch is a one-liner, I've no idea what it does
> and how trivial it is :)
>
> Maybe you can include some context which teaches me what it is all about, and in
> that case it becomes really trivial, or.. I dunno :)
FWIW PPC has a set of IBAT and DBAT registers on chip, each of which
indicates a large continuous physical/virtual memory mapping for
Instruction and Data memory respectively. The idea is that the OS can
use these to provide "fast" virtual to physical lookups instead of
invoking a time-consuming hash lookup to provide the translation.
>From casual observation comparing with spr_write_ibatu_h() in the same
file (which already includes the +4 offset that the patch is adding to
spr_read_ibat_h()), it does look like a genuine bug. However it really
needs someone who understands PPC architecture a bit more to give a RB
to ensure this is doing the right thing.
I would add the reason the bug never appeared is probably due to the fact BATs are not likely to be read by kernels, they simply write to them to program a large memory mapping. In our case, we saw the bug when fully saving/restoring the CPU context since we were in fact reading at BAT0-3 instead of BAT4-7 and then restoring BAT these values in BAT4-7... And the result can be very perverse...
Linux PPC, which I think is how Alexander Graf tests qemu-ppc, probably does not use these higher BAT registers, they are CPU-specific.