Re: e6500 stvx instruction

[BALATON Zoltan]

On Wed, 16 Jun 2021, Mark Cave-Ayland wrote:
> On 15/06/2021 20:03, BALATON Zoltan wrote:
>
> > Hello,
> >
> > Trying to boot an installed Debian Linux 10 with -M ppce500 -cpu e6500 
> > fails with an assert:
> >
> > ----------------
> > IN:
> > 0x3fffbe09b820:  7e8029ce  stvx     v20, 0, r5
> >
> > qemu: fatal: Raised an exception without defined vector 73
> >
> > NIP 00003fffbe09b820   LR 00003fffbe098f3c CTR 00003fffbe098ed0 XER 
> > 0000000000000000 CPU#0
> > MSR 000000008002f002 HID0 0000000000000000  HF 00006006 iidx 0 didx 0
> > TB 00000000 1559667347 DECR 289366
> > GPR00 0000000000000000 00003fffc2fd22a0 00003fffbe0c2e00 00003fffc2fd2320
> > GPR04 0000000000000000 00003fffc2fd2460 00003fffc2fd2470 7f7f7f7f7f7f7f7f
> > GPR08 00000001103ed290 00003fffc2fd2310 00003fffc2fd25b0 0000000000000000
> > GPR12 00003fffbe098ed0 0000000000000000 00003fffc2fd2660 00003fffc2fd2660
> > GPR16 00003fffbe0b9940 00003fffc2fd2660 4f524947494e5f50 00003fffbe0b9eb8
> > GPR20 00003fffc2fd2aa0 00003fffc2fd2ac8 0000000000000000 00000001103e78f8
> > GPR24 00000001103ed27d 0000000000000001 00003fffbe0bc1b8 0000000000000000
> > GPR28 00003fffc2fd2aa0 00003fffbe0b9eb8 0000000000000000 00003fffc2fd2ac8
> > CR 28002281  [ E  L  -  -  E  E  L  -O ]             RES ffffffffffffffff
> > FPR00 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> > FPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> > FPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> > FPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> > FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> > FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> > FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> > FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> > FPSCR 0000000000000000
> >   SRR0 00003fffbe09b6a4  SRR1 000000008002f002    PVR 0000000080400020 
> > VRSAVE 0000000000000000
> > SPRG0 0000000000000000 SPRG1 c000000001b2f000  SPRG2 c000000001b2f098  
> > SPRG3 0000000000000000
> > SPRG4 0000000000000000 SPRG5 0000000000000000  SPRG6 0000000000000000  
> > SPRG7 0000000000000000
> > CSRR0 0000000000000000 CSRR1 0000000000000000 MCSRR0 0000000000000000 
> > MCSRR1 0000000000000000
> >    TCR 0000000004000000   TSR 0000000000000000    ESR 0000000000000000   
> > DEAR 00003fffbe077d90
> >    PIR 0000000000000000 DECAR 0000000000000000   IVPR c000000000010000   
> > EPCR 0000000003000000
> >   MCSR 0000000000000000 SPRG8 0000000000000000    EPR 00000000000000e0
> >   MCAR 0000000000000000  PID1 0000000000000000   PID2 0000000000000000    
> > SVR 0000000000000000
> >   MAS0 0000000000050006  MAS1 0000000080010100   MAS2 00003fffbe077004   
> > MAS3 0000000001781023
> >   MAS4 0000000000000104  MAS6 0000000000010000   MAS7 0000000000000000    
> > PID 0000000000000001
> > MMUCFG 0000000006510b45 TLB0CFG 0000000008052400 TLB1CFG 0000000040028040
> > Aborted (core dumped)
> >
> > The assert is from
> >
> > https://git.qemu.org/?p=qemu.git;a=blob;f=target/ppc/excp_helper.c;h=fd147e2a37662456d30f7ab74b23bfb036260ced;hb=HEAD#l877 
> >
> > and in cpu.h
> >
> > POWERPC_EXCP_VPU      = 73, /* Vector unavailable exception */
> >
> > But the e6500 supports Altivec and the appropriate flag is set in 
> > cpu_init,c so I think this should not happen. Also the stvx is listed in 
> > the docs for e6500 as a valid instruction as far as I can see. I've tried 
> > searching for it in target/ppc but I did not find anything. Is stvx 
> > implemented and if not how should it be implemented?
> >
> > This was reported by Mario in cc and he could test patches or provide more 
> > details I think.
>
> I have a little bit of experience here having worked on the PPC vector 
> instructions: I can tell you that the stvx implementation should be being 
> generated by this template: 
> https://git.qemu.org/?p=qemu.git;a=blob;f=target/ppc/translate/vmx-impl.c.inc;h=92b9527aff35dc4ca37e20edc8c58517c1a3e66c;hb=1ea06abceec61b6f3ab33dadb0510b6e09fb61e2#l52.

Ah. thanks. I've missed that as I've only looked in .c files and it's in 
.c.inc. If I get this macro correctly it pastes name to gen_st so I expect 
to see a GEN_VR_STX(vx,...) somewhere for stvx but I can only find:

GEN_VR_STX(svx, 0x07, 0x07);
/* As we don't emulate the cache, stvxl is stricly equivalent to stvx */
GEN_VR_STX(svxl, 0x07, 0x0F);

so where is stvx defined at the end or how does this work?

Then I've checked the opcode above: 0x7e8029ce which seems to be 
1f-07-07-00 so the GEN_VR_STX(svx, 0x07, 0x07) seems to match that.

> From this you can see the exception is thrown if ctx->altivec_enabled isn't 
> true, where ctx->altivec_enabled is set in ppc_tr_init_disas_context() to:
>
>    ctx->altivec_enabled = (hflags >> HFLAGS_VR) & 1;
>
> It seems the issue is that somehow HFLAGS_VR isn't being set from the 
> CPUPPCState env->flags in hreg_compute_hflags_value(). There was a recent 
> patchset from Richard that tidied up the hflags (see 
> https://patchew.org/QEMU/20210323184340.619757-1-richard.henderson@linaro.org/) 
> so it could be the issue was accidentally introduced there.

As far as I could trace this back MSR_VR that should correspond to 
HFLAGS_VR is turned on by POWERPC_FLAG_VRE which is set in 
PowerPCCPUClass::flags in POWERPC_FAMILY(e6500) in cpu_init.c (the last 
thing in that function). This is done in hreg_compute_hflags_value(). 
Other than that HFLAGS_VR only appears in ppc_tr_init_disas_context() so 
probably this should correspond to MSR_VR which the e6500 manual calls 
MSR[SPV] and seems to be off in the register dump above. So maybe it's a 
guest bug trying to execute Altivec instruction without enabling the 
vector unit?

Regards,
BALATON Zoltan