[Qemu-ppc] [PATCH] target-ppc: Correct ppc3500_spin initial TLB size

[alarson]

When e500 PPC is booted multi-core, the non-boot cores are started via
the spin table.  ppce500_spin.c:spin_kick() calls
mmubooke_create_initial_mapping() to allocate a 64MB TLB entry, but
the created TLB entry is only 256KB.

The root cause is that the function computing the size of the TLB
entry, namely booke206_page_size_to_tlb assumes MAS1.TSIZE as defined
by latter PPC cores, specifically (n**4)KB. The result is then used by
mmubooke_create_initial_mapping using MAS1_TSIZE_SHIFT, but
MAS1_TSIZE_SHIFT is defined assuming TLB entries are (n**2)KB. I.e., a
difference of shift=7 or shift=8.

Simply changing MAS1_TSIZE_SHIFT from 7 to 8 is not appropriate since
the macro is used elsewhere.

Signed-off-by: Aaron Larson <address@hidden>
---
 hw/ppc/ppce500_spin.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/ppce500_spin.c b/hw/ppc/ppce500_spin.c
index 76bd78b..7e38f0c 100644
--- a/hw/ppc/ppce500_spin.c
+++ b/hw/ppc/ppce500_spin.c
@@ -75,7 +75,11 @@ static void spin_reset(void *opaque)
 /* Create -kernel TLB entries for BookE, linearly spanning 256MB.  */
 static inline hwaddr booke206_page_size_to_tlb(uint64_t size)
 {
-    return ctz32(size >> 10) >> 1;
+    /* The EREF indicates that TLB pages are (4 to the power of 2)KB, which
+     * corresponds to MAS1_TSIZE_SHIFT=8, but to support legacy processors that
+     * assume TLB pages are (2 to the power of 2)KB MAS1_TSIZE_SHIFT is
+     * currently 7. */
+    return ctz32(size >> 10) >> (MAS1_TSIZE_SHIFT - 7);
 }
 
 static void mmubooke_create_initial_mapping(CPUPPCState *env,
-- 
2.7.4