[Qemu-ppc] [PATCH] QEMU PPC Book-E TLB matching

[Alex Zuepke]

Hi,

I think I found a mismatch in the TLB match process in QEMU
for Book-E-based processors when a valid TLB entry matches,
but the current access permissions are wrong.

I'm doing a write access to a read-only TLB
and I expect to see an IVOR 3 (DSI) exception,
but QEMU activates IVOR 13 (Data TLB error) exception instead.

The Freescale Book-E manual and the ppc440 manual state that a TLB
entry matches if the TLB is valid, virtual address and size match,
the TLB entry's TS field matches MSR.DS/IS, and TID is 0 or matches PID.
And in a second step, the hardware checks the access permissions.

But in QEMU, mmubooke_get_physical_address() loops over all TLBs
until a TLB entry is found that matches the virtual address _and_
the access permission.
I think the match process should fail early when a TLB entry "matches"
according to the spec, but the access permissions are wrong,
as in the attached patch.

Note that Linux does not trigger this issue because its TLB error handlers
always check the permissions in the page tables instead of relying
on this the hardware to raise a DSI or ISI exception.


Best regards
Alex


Alex Zuepke (1):
  target-ppc: fix Book-E TLB matching

 target/ppc/mmu_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-- 
1.9.1