id = 1958
title = "PPC msgsnd for DOORBELL CRITICAL masked by MSR[EE] instead of MSR[CE]"
state = "opened"
created_at = "2023-10-25T07:32:40.218Z"
closed_at = "n/a"
labels = ["target: ppc"]
url = "https://gitlab.com/qemu-project/qemu/-/issues/1958"
host-os = "Debian 11"
host-arch = "amd64"
qemu-version = "QEMU emulator version 8.1.2"
guest-os = "Custom"
guest-arch = "PPC E500mc"
description = """When executing PPC instruction "msgsnd r3. with r3 = 0x08000001" an DOORBELL CRITICAL exception is raised on core number 1. But this exception is masked by MSR\\[EE\\] bit, the MSR\\[EE\\] should be set to 1 in core1 to get this exception. But the NXP E500MCRM.pdf reference manual indicates that MSR\\[CE\\] is the mask bit for DOORBELL_CRITICAL Exception."""
reproduce = "n/a"
additional = """In qemu-8.1.2/target/ppc/excp_helper.c i try to change in ppc_next_unmasked_interrupt_generic function:
   
```
if (FIELD_EX64(env->msr, MSR, CE)) {
    /* Critical doorbell */
    if (env->pending_interrupts & PPC_INTERRUPT_CDOORBELL) {   <- move this part from (async_deliver != 0)
        return PPC_INTERRUPT_CDOORBELL;
     }
     /* External critical interrupt */
     if (env->pending_interrupts & PPC_INTERRUPT_CEXT) {
         return PPC_INTERRUPT_CEXT;
     }
}
```
 

And it seems to work in my case."""