Le mar. 3 nov. 2015 à 14:33, Mark Cave-Ayland <mark.cave-ayl...@ilande.co.uk> a écrit :
> On 03/11/15 12:16, Michael Tokarev wrote: > > > 03.11.2015 11:00, Julio Guerra wrote: > >> Ping :) > > > > Well, I'm not sure what can I do with this. I've no idea what is IBAT > to start > > with, so while technically the patch is a one-liner, I've no idea what > it does > > and how trivial it is :) > > > > Maybe you can include some context which teaches me what it is all > about, and in > > that case it becomes really trivial, or.. I dunno :) > > FWIW PPC has a set of IBAT and DBAT registers on chip, each of which > indicates a large continuous physical/virtual memory mapping for > Instruction and Data memory respectively. The idea is that the OS can > use these to provide "fast" virtual to physical lookups instead of > invoking a time-consuming hash lookup to provide the translation. > > From casual observation comparing with spr_write_ibatu_h() in the same > file (which already includes the +4 offset that the patch is adding to > spr_read_ibat_h()), it does look like a genuine bug. However it really > needs someone who understands PPC architecture a bit more to give a RB > to ensure this is doing the right thing. > > I would add the reason the bug never appeared is probably due to the fact BATs are not likely to be read by kernels, they simply write to them to program a large memory mapping. In our case, we saw the bug when fully saving/restoring the CPU context since we were in fact reading at BAT0-3 instead of BAT4-7 and then restoring BAT these values in BAT4-7... And the result can be very perverse... Linux PPC, which I think is how Alexander Graf tests qemu-ppc, probably does not use these higher BAT registers, they are CPU-specific.
