QEMU

Bug #811683
Comment #2

Comment 2 for bug 811683

Revision history for this message

agraf (agraf) wrote on 2011-07-18: Re: [Qemu-devel] [Bug 811683] [NEW] 7400, 7410, 7450 cpus vector have wrong exception prefix at reset

On 18.07.2011, at 00:34, Andreas Färber wrote:

> Hi,
>
> Am 16.07.2011 um 23:49 schrieb till:
>
>> I have a proprietary ROM implementing system calls that are executed via
>> the 'SC' instruction.
>>
>> I use qemu-0.14.1,
>>
>> qemu-system-ppc -M prep -cpu $CPU -bios my_bios -kernel my_kernel
>>
>> That works fine on a 604 (CPU=0x00040103) - but does not on an emulated 7400 (CPU=0x000c0209) or 7450 (CPU=0x80000201). I found that the emulator jumps to 0x00000c00 instead of 0xfff00c00.
>> Probably this is due to a wrong setting in target-ppc/translate_init.c:
>>
>> init_excp_604() correctly sets env->hreset_vector=0xfff00000UL;
>>
>> but
>>
>> init_excp_7400() says env->hreset_vector=0x00000000UL;
>>
>> which seems wrong. (the 7400 manual says a hard-reset jumps initializes the
>> prefix to 0xfff00000.)
>
> Do you have a link to a spec saying so? Should be trivial to change then.

According to MPC7450UM.pdf:

MSR Bit Settings

Bit: 25
Name: IP

Exception prefix. The setting of this bit specifies whether an exception vector offset is prepended with Fs or 0s. In the following description, nnnnn is the offset of the exception.

0 Exceptions are vectored to the physical address 0x000n_nnnn.
1 Exceptions are vectored to the physical address 0xFFFn_nnnn.

[...]

9.9.1 Reset Inputs

The MPC7450 has two reset inputs, described as follows:
• HRESET (hard reset)—The HRESET signal is used for power-on reset sequences, or for situations in which the MPC7450 must go through the entire cold start sequence of internal hardware initialization. The MPC7450 will initiate burst transactions after power-on reset in 60x bus mode.
• SRESET (soft reset)—The soft reset input provides warm reset capability. This input can be used to avoid forcing the MPC7450 to complete the cold start sequence.
When either reset input negates, the processor attempts to fetch code from the system reset exception vector. The vector is located at offset 0x00100 from the exception prefix (MSR[IP]).

----> The MSR[IP] bit is set when HRESET negates.

So the correct implementation would be to set hreset_vector to 0xfff00000, but also set MSR_IP and clear hreset_vector when MSR_IP gets modified.

I'll happily take patches :).

Alex

On 18.07.2011, at 00:34, Andreas Färber wrote:

> Hi,
> 
> Am 16.07.2011 um 23:49 schrieb till:
> 
>> I have a proprietary ROM implementing system calls that are executed via
>> the 'SC' instruction.
>> 
>> I use qemu-0.14.1,
>> 
>> qemu-system-ppc -M prep -cpu $CPU -bios my_bios -kernel my_kernel
>> 
>> That works fine on a 604 (CPU=0x00040103) - but does not on an emulated 7400 (CPU=0x000c0209) or 7450 (CPU=0x80000201). I found that the emulator jumps to 0x00000c00 instead of 0xfff00c00.
>> Probably this is due to a wrong setting in target-ppc/translate_init.c:
>> 
>> init_excp_604() correctly sets env->hreset_vector=0xfff00000UL;
>> 
>> but
>> 
>> init_excp_7400() says env->hreset_vector=0x00000000UL;
>> 
>> which seems wrong. (the 7400 manual says a hard-reset jumps initializes the
>> prefix to 0xfff00000.)
> 
> Do you have a link to a spec saying so? Should be trivial to change then.

According to MPC7450UM.pdf:

MSR Bit Settings

Bit: 25
Name: IP

Exception prefix. The setting of this bit specifies whether an exception vector offset is prepended with Fs or 0s. In the following description, nnnnn is the offset of the exception.

0 Exceptions are vectored to the physical address 0x000n_nnnn.
  1 Exceptions are vectored to the physical address 0xFFFn_nnnn.

[...]

9.9.1	Reset Inputs

The MPC7450 has two reset inputs, described as follows:
•	HRESET (hard reset)—The HRESET signal is used for power-on reset sequences, or for situations in which the MPC7450 must go through the entire cold start sequence of internal hardware initialization. The MPC7450 will initiate burst transactions after power-on reset in 60x bus mode.
•	SRESET (soft reset)—The soft reset input provides warm reset capability. This input can be used to avoid forcing the MPC7450 to complete the cold start sequence.
When either reset input negates, the processor attempts to fetch code from the system reset exception vector. The vector is located at offset 0x00100 from the exception prefix (MSR[IP]).

----> The MSR[IP] bit is set when HRESET negates.

So the correct implementation would be to set hreset_vector to 0xfff00000, but also set MSR_IP and clear hreset_vector when MSR_IP gets modified.

I'll happily take patches :).

Alex