On Wed, 3 Sep 2025, Danila Zhebryakov wrote:
Add support for passing TLB_BSWAP flag from powerpc booke206 MMU
Fix instruction fetches from LE pages being treated as MMIO
This change should not affect SPARC, as its instruction fetches are always BE
Signed-off-by: Danila Zhebryakov <[email protected]>
---
accel/tcg/cputlb.c | 26 +++++++++++++++-----------
target/ppc/mmu-booke.c | 4 ++++
target/ppc/translate.c | 42 +++++++++++++++++++++++++++++++++++++-----
3 files changed, 56 insertions(+), 16 deletions(-)
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index d5b94c384c..deb9f9ad24 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -1401,7 +1401,8 @@ static int probe_access_internal(CPUState *cpu, vaddr
addr,
flags |= full->slow_flags[access_type];
/* Fold all "mmio-like" bits into TLB_MMIO. This is not RAM. */
- if (unlikely(flags & ~(TLB_WATCHPOINT | TLB_NOTDIRTY | TLB_CHECK_ALIGNED))
+ if (unlikely(flags & ~(TLB_WATCHPOINT | TLB_NOTDIRTY
+ | TLB_CHECK_ALIGNED | TLB_BSWAP))
|| (access_type != MMU_INST_FETCH && force_mmio)) {
*phost = NULL;
return TLB_MMIO;
@@ -1792,12 +1793,19 @@ static bool mmu_lookup(CPUState *cpu, vaddr addr,
MemOpIdx oi,
mmu_watch_or_dirty(cpu, &l->page[1], type, ra);
}
- /*
- * Since target/sparc is the only user of TLB_BSWAP, and all
- * Sparc accesses are aligned, any treatment across two pages
- * would be arbitrary. Refuse it until there's a use.
- */
- tcg_debug_assert((flags & TLB_BSWAP) == 0);
+ if (unlikely(flags & TLB_BSWAP)) {
+ /*
+ * TLB_BSWAP is relevant to SPARC and powerPC e500.
+ * SPARC never ends up here, as all its accesses are aligned
+ * cross-page accesses do work for e500, but crossing boundary
+ * between different endian pages should generate an exception
+ * Adding this would require another callback for a cpu for
+ * *just* this case, and such accesses are not correct anyway,
+ * so it just fails.
+ */
+ assert(!(TLB_BSWAP & (l->page[0].flags ^ l->page[1].flags)));
+ l->memop ^= MO_BSWAP;
+ }
}
return crosspage;
@@ -1895,10 +1903,6 @@ static void *atomic_mmu_lookup(CPUState *cpu, vaddr
addr, MemOpIdx oi,
}
if (unlikely(tlb_addr & TLB_BSWAP)) {
- assert(!( ( full->slow_flags[MMU_DATA_STORE]
- ^ full->slow_flags[MMU_DATA_LOAD ])
- & TLB_BSWAP));
-
mop ^= MO_BSWAP;
}
diff --git a/target/ppc/mmu-booke.c b/target/ppc/mmu-booke.c
index 10ba8052d4..172e9604e0 100644
--- a/target/ppc/mmu-booke.c
+++ b/target/ppc/mmu-booke.c
@@ -362,6 +362,10 @@ found_tlb:
uint8_t *prot = &(full->prot);
*prot = 0;
+ if (tlb->mas2 & MAS2_E) {
+ full->tlb_fill_flags |= TLB_BSWAP;
+ }
+
if (pr) {
if (tlb->mas7_3 & MAS3_UR) {
*prot |= PAGE_READ;
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 27f90c3cc5..2ebb862b69 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -24,7 +24,9 @@
#include "exec/target_page.h"
#include "tcg/tcg-op.h"
#include "tcg/tcg-op-gvec.h"
+#include "accel/tcg/probe.h"
#include "qemu/host-utils.h"
+#include "exec/tlb-flags.h"
#include "exec/helper-proto.h"
#include "exec/helper-gen.h"
@@ -171,7 +173,7 @@ struct DisasContext {
target_ulong cia; /* current instruction address */
uint32_t opcode;
/* Routine used to access memory */
- bool pr, hv, dr, le_mode;
+ bool pr, hv, dr, le_mode, insn_le_mode;
bool lazy_tlb_flush;
bool need_access_type;
int mem_idx;
@@ -209,16 +211,42 @@ struct DisasContext {
#define DISAS_CHAIN DISAS_TARGET_2 /* lookup next tb, pc updated */
#define DISAS_CHAIN_UPDATE DISAS_TARGET_3 /* lookup next tb, pc stale */
-/* Return true iff byteswap is needed in a scalar memop */
+/* Return true if byteswap is needed in instruction fetch */
This is likely not a typo but short for if and only if. Leave it
unchanged.
Regards,
BALATON Zoltan
