On Wed, Feb 04, 2026 at 12:12:01AM -0500, Michael S. Tsirkin wrote:
> On Wed, Feb 04, 2026 at 12:04:20AM -0500, Michael S. Tsirkin wrote:
> > On Tue, Dec 30, 2025 at 04:21:22AM -0600, Saif Abrar wrote:
> > > SW cannot write the read-only(RO) bits of a register
> > > and write-only(WO) bits of a register return 0 when read.
> > >
> > > Added ro_mask[] for each register that defines which
> > > bits in that register are RO.
> > > When writing to a register, the RO-bits are not updated.
> > >
> > > When reading a register, clear the WO bits and return the updated value.
> > >
> > > Tested the registers PHB_DMA_SYNC, PHB_PCIE_HOTPLUG_STATUS, PHB_PCIE_LMR,
> > > PHB_PCIE_DLP_TRWCTL, PHB_LEM_ERROR_AND_MASK and PHB_LEM_ERROR_OR_MASK
> > > by writing all 1's and reading back the value.
> > > The WO bits in these registers should read back as 0.
> > >
> > > Signed-off-by: Saif Abrar <[email protected]>
> > > Reviewed-by: Cédric Le Goater <[email protected]>
> >
> > causes a crash in boot-serial-test:
> > https://gitlab.com/mstredhat/qemu/-/jobs/12975819193
>
> I forgot to say - with tci:
>
> ../configure --enable-tcg-interpreter --target-list=ppc64-softmmu
>
triggered with tcg now, too.
Core was generated by `/scm/qemu-bisect/build/qemu-system-ppc64 -qtest
unix:/tmp/qtest-194326.sock -qtest-log /dev/null -chardev
socket,path=/tmp/qtest-194326.qmp,id=char0 -mon chardev=char0,mode=control
-display none -audio none -run-with
exit-with-parent=on -M powernv9 -no-shutdown -chardev
file,id=serial0,path=/tmp/qtest-boot-serial-sVOZKK3 -serial
chardev:serial0 -accel tcg -accel kvm -accel qtest'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055fe6e84bcc8 in object_link_get_targetp (obj=0x55fe8ebbca10,
lprop=0xf) at ../qom/object.c:1871
1871 if (lprop->flags & OBJ_PROP_LINK_DIRECT) {
[Current thread is 1 (Thread 0x7f2716e774c0 (LWP 194336))]
warning: File "/scm/qemu/.gdbinit" auto-loading has been declined by your
`auto-load safe-path' set to
"$debugdir:$datadir/auto-load:/usr/lib/golang/src/runtime/runtime-gdb.py".
To enable execution of this file add
add-auto-load-safe-path /scm/qemu/.gdbinit
line to your configuration file "/home/mst/.config/gdb/gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/home/mst/.config/gdb/gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual. E.g., run from the
shell:
info "(gdb)Auto-loading safe path"
#0 0x000055fe6e84bcc8 in object_link_get_targetp (obj=0x55fe8ebbca10,
lprop=0xf) at ../qom/object.c:1871
#1 0x000055fe6e84c00f in object_set_link_property (obj=0x55fe8ebbca10,
v=0x55fe8ebc81a0, name=0x55fe6ef9d504 "pec", opaque=0xf,
errp=0x7ffe749d2a00) at ../qom/object.c:1945
#2 0x000055fe6e84aad7 in object_property_set (obj=0x55fe8ebbca10,
name=0x55fe6ef9d504 "pec", v=0x55fe8ebc81a0,
errp=0x7ffe749d2a00) at ../qom/object.c:1450
#3 0x000055fe6e84fcc3 in object_property_set_qobject (obj=0x55fe8ebbca10,
name=0x55fe6ef9d504 "pec", value=0x55fe8ebc8520,
errp=0x7ffe749d2a00) at ../qom/qom-qobject.c:28
#4 0x000055fe6e84ab7b in object_property_set_str (obj=0x55fe8ebbca10,
name=0x55fe6ef9d504 "pec", value=0x55fe8ebbc8e0
"/machine/chip[0]/pec[0]", errp=0x7ffe749d2a00) at ../qom/object.c:1458
#5 0x000055fe6e84ad30 in object_property_set_link (obj=0x55fe8ebbca10,
name=0x55fe6ef9d504 "pec", value=0x55fe8e654330,
errp=0x7ffe749d2a00) at ../qom/object.c:1495
#6 0x000055fe6e7fb1ff in pnv_phb_realize (dev=0x55fe8ebbb960,
errp=0x7ffe749d2a00) at ../hw/pci-host/pnv_phb.c:156
#7 0x000055fe6e8435be in device_set_realized (obj=0x55fe8ebbb960,
value=true, errp=0x7ffe749d2d60) at ../hw/core/qdev.c:523
#8 0x000055fe6e84d060 in property_set_bool (obj=0x55fe8ebbb960,
v=0x55fe8e70db20, name=0x55fe6efb2979 "realized",
opaque=0x55fe8e2595f0, errp=0x7ffe749d2d60) at ../qom/object.c:2376
#9 0x000055fe6e84aad7 in object_property_set (obj=0x55fe8ebbb960,
name=0x55fe6efb2979 "realized", v=0x55fe8e70db20,
errp=0x7ffe749d2d60) at ../qom/object.c:1450
#10 0x000055fe6e84fcc3 in object_property_set_qobject (obj=0x55fe8ebbb960,
name=0x55fe6efb2979 "realized", value=0x55fe8ebbc860,
errp=0x7ffe749d2d60) at ../qom/qom-qobject.c:28
#11 0x000055fe6e84ae8a in object_property_set_bool (obj=0x55fe8ebbb960,
name=0x55fe6efb2979 "realized", value=true,
errp=0x7ffe749d2d60) at ../qom/object.c:1520
#12 0x000055fe6e842c6b in qdev_realize (dev=0x55fe8ebbb960,
bus=0x55fe8e6164d0, errp=0x7ffe749d2d60) at ../hw/core/qdev.c:276
#13 0x000055fe6e1ee440 in sysbus_realize (dev=0x55fe8ebbb960,
errp=0x7ffe749d2d60) at ../hw/core/sysbus.c:249
#14 0x000055fe6e7f9901 in pnv_pec_default_phb_realize (pec=0x55fe8e654330,
stack_no=0, errp=0x7ffe749d2d60) at
../hw/pci-host/pnv_phb4_pec.c:194
#15 0x000055fe6e7f9bc0 in pnv_pec_realize (dev=0x55fe8e654330,
errp=0x7ffe749d2d60) at ../hw/pci-host/pnv_phb4_pec.c:258
#16 0x000055fe6e8435be in device_set_realized (obj=0x55fe8e654330,
value=true, errp=0x7ffe749d2fe8) at ../hw/core/qdev.c:523
#17 0x000055fe6e84d060 in property_set_bool (obj=0x55fe8e654330,
v=0x55fe8e63ea90, name=0x55fe6efb2979 "realized",
opaque=0x55fe8e2595f0, errp=0x7ffe749d2fe8) at ../qom/object.c:2376
#18 0x000055fe6e84aad7 in object_property_set (obj=0x55fe8e654330,
name=0x55fe6efb2979 "realized", v=0x55fe8e63ea90,
errp=0x7ffe749d2fe8) at ../qom/object.c:1450
#19 0x000055fe6e84fcc3 in object_property_set_qobject (obj=0x55fe8e654330,
name=0x55fe6efb2979 "realized", value=0x55fe8ebbb0f0,
errp=0x7ffe749d2fe8) at ../qom/qom-qobject.c:28
#20 0x000055fe6e84ae8a in object_property_set_bool (obj=0x55fe8e654330,
name=0x55fe6efb2979 "realized", value=true,
errp=0x7ffe749d2fe8) at ../qom/object.c:1520
#21 0x000055fe6e842c6b in qdev_realize (dev=0x55fe8e654330, bus=0x0,
errp=0x7ffe749d2fe8) at ../hw/core/qdev.c:276
#22 0x000055fe6e676fef in pnv_chip_power9_pec_realize (chip=0x55fe8e64e4f0,
errp=0x7ffe749d2fe8) at ../hw/ppc/pnv.c:1892
#23 0x000055fe6e677b1b in pnv_chip_power9_realize (dev=0x55fe8e64e4f0,
errp=0x7ffe749d3080) at ../hw/ppc/pnv.c:2108
#24 0x000055fe6e8435be in device_set_realized (obj=0x55fe8e64e4f0,
value=true, errp=0x7ffe749d3190) at ../hw/core/qdev.c:523
#25 0x000055fe6e84d060 in property_set_bool (obj=0x55fe8e64e4f0,
v=0x55fe8e623cf0, name=0x55fe6efb2979 "realized",
opaque=0x55fe8e2595f0, errp=0x7ffe749d3190) at ../qom/object.c:2376
#26 0x000055fe6e84aad7 in object_property_set (obj=0x55fe8e64e4f0,
name=0x55fe6efb2979 "realized", v=0x55fe8e623cf0,
errp=0x7ffe749d3190) at ../qom/object.c:1450
#27 0x000055fe6e84fcc3 in object_property_set_qobject (obj=0x55fe8e64e4f0,
name=0x55fe6efb2979 "realized", value=0x55fe8e63eb90,
errp=0x55fe6f599380 <error_fatal>) at ../qom/qom-qobject.c:28
#28 0x000055fe6e84ae8a in object_property_set_bool (obj=0x55fe8e64e4f0,
name=0x55fe6efb2979 "realized", value=true,
errp=0x55fe6f599380 <error_fatal>) at ../qom/object.c:1520
#29 0x000055fe6e842c6b in qdev_realize (dev=0x55fe8e64e4f0,
bus=0x55fe8e6164d0, errp=0x55fe6f599380 <error_fatal>) at
../hw/core/qdev.c:276
#30 0x000055fe6e842ca4 in qdev_realize_and_unref (dev=0x55fe8e64e4f0,
bus=0x55fe8e6164d0, errp=0x55fe6f599380 <error_fatal>) at
../hw/core/qdev.c:283
#31 0x000055fe6e1ee488 in sysbus_realize_and_unref (dev=0x55fe8e64e4f0,
errp=0x55fe6f599380 <error_fatal>) at
../hw/core/sysbus.c:254
#32 0x000055fe6e675245 in pnv_init (machine=0x55fe8e615c80) at
../hw/ppc/pnv.c:1221
#33 0x000055fe6e1e62de in machine_run_board_init (machine=0x55fe8e615c80,
mem_path=0x0, errp=0x7ffe749d3420) at
../hw/core/machine.c:1747
#34 0x000055fe6e44f235 in qemu_init_board () at ../system/vl.c:2715
#35 0x000055fe6e44f5c8 in qmp_x_exit_preconfig (errp=0x55fe6f599380
<error_fatal>) at ../system/vl.c:2809
#36 0x000055fe6e452a22 in qemu_init (argc=28, argv=0x7ffe749d37d8) at
../system/vl.c:3849
#37 0x000055fe6e99bb52 in main (argc=28, argv=0x7ffe749d37d8) at
../system/main.c:71
Looking at it:
#0 0x000055fe6e84bcc8 in object_link_get_targetp (obj=0x55fe8ebbca10,
lprop=0xf) at ../qom/object.c:1871
#1 0x000055fe6e84c00f in object_set_link_property (obj=0x55fe8ebbca10,
v=0x55fe8ebc81a0, name=0x55fe6ef9d504 "pec", opaque=0xf,
errp=0x7ffe749d2a00) at ../qom/object.c:1945
The opaque=0xf (15) is being passed as lprop but it should be a pointer to an
ObjectLinkProperty.
Could be this:
-OBJECT_DECLARE_SIMPLE_TYPE(PnvPHB4, PNV_PHB4)
+OBJECT_DECLARE_TYPE(PnvPHB4, PnvPHB4Class, PNV_PHB4)
The following seems to fix it:
$ git diff
diff --git a/hw/pci-host/pnv_phb4.c b/hw/pci-host/pnv_phb4.c
index 48caba9e79..0eb1e7c2bf 100644
--- a/hw/pci-host/pnv_phb4.c
+++ b/hw/pci-host/pnv_phb4.c
@@ -1998,6 +1998,7 @@ static const TypeInfo pnv_phb4_type_info = {
.parent = TYPE_DEVICE,
.instance_init = pnv_phb4_instance_init,
.instance_size = sizeof(PnvPHB4),
+ .class_size = sizeof(PnvPHB4Class),
.class_init = pnv_phb4_class_init,
.interfaces = (const InterfaceInfo[]) {
{ TYPE_XIVE_NOTIFIER },
without .class_size, QOM will allocate sizeof(DeviceClass) and heap is
corrupted.
>
> > bisect script:
> >
> > #!/bin/bash
> >
> > cd /scm/qemu-bisect/build
> >
> > make -j$(nproc) || exit 125
> >
> > ninja tests/qtest/boot-serial-test || exit 125
> >
> > QTEST_QEMU_BINARY=./qemu-system-ppc64 timeout 60
> > ./tests/qtest/boot-serial-test -p /ppc64/boot-serial/powernv9 && exit 0 ||
> > exit 1
> >
> >
> > > ---
> > > v1 -> v2: New PnvPHB4Class to hold each register's RO mask.
> > >
> > > hw/pci-host/pnv_phb4.c | 78 ++++++++++++++++++++++++++---
> > > include/hw/pci-host/pnv_phb4.h | 13 ++++-
> > > include/hw/pci-host/pnv_phb4_regs.h | 20 ++++++--
> > > tests/qtest/pnv-phb4-test.c | 60 +++++++++++++++++++++-
> > > 4 files changed, 157 insertions(+), 14 deletions(-)
> > >
> > > diff --git a/hw/pci-host/pnv_phb4.c b/hw/pci-host/pnv_phb4.c
> > > index 70f5af21fa..48caba9e79 100644
> > > --- a/hw/pci-host/pnv_phb4.c
> > > +++ b/hw/pci-host/pnv_phb4.c
> > > @@ -707,6 +707,11 @@ static void pnv_phb4_reg_write(void *opaque, hwaddr
> > > off, uint64_t val,
> > > return;
> > > }
> > >
> > > + /* Update 'val' according to the register's RO-mask */
> > > + PnvPHB4Class *k = PNV_PHB4_GET_CLASS(phb);
> > > + val = (phb->regs[off >> 3] & k->ro_mask[off >> 3]) |
> > > + (val & ~(k->ro_mask[off >>
> > > 3]));
> > > +
> > > /* Record whether it changed */
> > > changed = phb->regs[off >> 3] != val;
> > >
> > > @@ -781,7 +786,7 @@ static void pnv_phb4_reg_write(void *opaque, hwaddr
> > > off, uint64_t val,
> > > case PHB_TCE_TAG_ENABLE:
> > > case PHB_INT_NOTIFY_ADDR:
> > > case PHB_INT_NOTIFY_INDEX:
> > > - case PHB_DMARD_SYNC:
> > > + case PHB_DMA_SYNC:
> > > break;
> > >
> > > /* Noise on anything else */
> > > @@ -819,7 +824,7 @@ static uint64_t pnv_phb4_reg_read(void *opaque,
> > > hwaddr off, unsigned size)
> > > case PHB_VERSION:
> > > return PNV_PHB4_PEC_GET_CLASS(phb->pec)->version;
> > >
> > > - /* Read-only */
> > > + /* Read-only */
> > > case PHB_PHB4_GEN_CAP:
> > > return 0xe4b8000000000000ull;
> > > case PHB_PHB4_TCE_CAP:
> > > @@ -829,18 +834,49 @@ static uint64_t pnv_phb4_reg_read(void *opaque,
> > > hwaddr off, unsigned size)
> > > case PHB_PHB4_EEH_CAP:
> > > return phb->big_phb ? 0x2000000000000000ull :
> > > 0x1000000000000000ull;
> > >
> > > + /* Write-only, read will return zeros */
> > > + case PHB_LEM_ERROR_AND_MASK:
> > > + case PHB_LEM_ERROR_OR_MASK:
> > > + return 0;
> > > + case PHB_PCIE_DLP_TRWCTL:
> > > + val &= ~PHB_PCIE_DLP_TRWCTL_WREN;
> > > + return val;
> > > /* IODA table accesses */
> > > case PHB_IODA_DATA0:
> > > return pnv_phb4_ioda_read(phb);
> > >
> > > + /*
> > > + * DMA sync: make it look like it's complete,
> > > + * clear write-only read/write start sync bits.
> > > + */
> > > + case PHB_DMA_SYNC:
> > > + val = PHB_DMA_SYNC_RD_COMPLETE |
> > > + ~(PHB_DMA_SYNC_RD_START | PHB_DMA_SYNC_WR_START);
> > > + return val;
> > > +
> > > + /*
> > > + * PCI-E Stack registers
> > > + */
> > > + case PHB_PCIE_SCR:
> > > + val |= PHB_PCIE_SCR_PLW_X16; /* RO bit */
> > > + break;
> > > +
> > > /* Link training always appears trained */
> > > case PHB_PCIE_DLP_TRAIN_CTL:
> > > /* TODO: Do something sensible with speed ? */
> > > - return PHB_PCIE_DLP_INBAND_PRESENCE | PHB_PCIE_DLP_TL_LINKACT;
> > > + val |= PHB_PCIE_DLP_INBAND_PRESENCE | PHB_PCIE_DLP_TL_LINKACT;
> > > + return val;
> > > +
> > > + case PHB_PCIE_HOTPLUG_STATUS:
> > > + /* Clear write-only bit */
> > > + val &= ~PHB_PCIE_HPSTAT_RESAMPLE;
> > > + return val;
> > >
> > > - /* DMA read sync: make it look like it's complete */
> > > - case PHB_DMARD_SYNC:
> > > - return PHB_DMARD_SYNC_COMPLETE;
> > > + /* Link Management Register */
> > > + case PHB_PCIE_LMR:
> > > + /* These write-only bits always read as 0 */
> > > + val &= ~(PHB_PCIE_LMR_CHANGELW | PHB_PCIE_LMR_RETRAINLINK);
> > > + return val;
> > >
> > > /* Silent simple reads */
> > > case PHB_LSI_SOURCE_ID:
> > > @@ -1685,6 +1721,32 @@ static PCIIOMMUOps pnv_phb4_iommu_ops = {
> > > .get_address_space = pnv_phb4_dma_iommu,
> > > };
> > >
> > > +static void pnv_phb4_ro_mask_init(PnvPHB4 *phb)
> > > +{
> > > + PnvPHB4Class *phb4c = PNV_PHB4_GET_CLASS(phb);
> > > +
> > > + /*
> > > + * Set register specific RO-masks
> > > + */
> > > +
> > > + /* PBL - Error Injection Register (0x1910) */
> > > + phb4c->ro_mask[PHB_PBL_ERR_INJECT >> 3] =
> > > + PPC_BITMASK(0, 23) | PPC_BITMASK(28, 35) | PPC_BIT(38) |
> > > PPC_BIT(46) |
> > > + PPC_BITMASK(49, 51) | PPC_BITMASK(55, 63);
> > > +
> > > + /* Reserved bits[60:63] */
> > > + phb4c->ro_mask[PHB_TXE_ERR_LEM_ENABLE >> 3] =
> > > + phb4c->ro_mask[PHB_TXE_ERR_AIB_FENCE_ENABLE >> 3] = PPC_BITMASK(60,
> > > 63);
> > > + /* Reserved bits[36:63] */
> > > + phb4c->ro_mask[PHB_RXE_TCE_ERR_LEM_ENABLE >> 3] =
> > > + phb4c->ro_mask[PHB_RXE_TCE_ERR_AIB_FENCE_ENABLE >> 3] =
> > > PPC_BITMASK(36, 63);
> > > + /* Reserved bits[40:63] */
> > > + phb4c->ro_mask[PHB_ERR_LEM_ENABLE >> 3] =
> > > + phb4c->ro_mask[PHB_ERR_AIB_FENCE_ENABLE >> 3] = PPC_BITMASK(40, 63);
> > > +
> > > + /* TODO: Add more RO-masks as regs are implemented in the model */
> > > +}
> > > +
> > > static void pnv_phb4_err_reg_reset(PnvPHB4 *phb)
> > > {
> > > STICKY_RST(PHB_ERR_STATUS, 0, PPC_BITMASK(0, 33));
> > > @@ -1743,6 +1805,7 @@ static void pnv_phb4_reset(Object *obj, ResetType
> > > type)
> > > pnv_phb4_err_reg_reset(phb);
> > > pnv_phb4_pcie_stack_reg_reset(phb);
> > > pnv_phb4_regb_err_reg_reset(phb);
> > > + phb->regs[PHB_PCIE_CRESET >> 3] = 0xE000000000000000;
> > > }
> > >
> > > static void pnv_phb4_instance_init(Object *obj)
> > > @@ -1753,6 +1816,9 @@ static void pnv_phb4_instance_init(Object *obj)
> > >
> > > /* XIVE interrupt source object */
> > > object_initialize_child(obj, "source", &phb->xsrc, TYPE_XIVE_SOURCE);
> > > +
> > > + /* Initialize RO-mask of registers */
> > > + pnv_phb4_ro_mask_init(phb);
> > > }
> > >
> > > void pnv_phb4_bus_init(DeviceState *dev, PnvPHB4 *phb)
> > > diff --git a/include/hw/pci-host/pnv_phb4.h
> > > b/include/hw/pci-host/pnv_phb4.h
> > > index 47a5c3edf5..bea0684724 100644
> > > --- a/include/hw/pci-host/pnv_phb4.h
> > > +++ b/include/hw/pci-host/pnv_phb4.h
> > > @@ -19,7 +19,7 @@
> > >
> > >
> > > #define TYPE_PNV_PHB4 "pnv-phb4"
> > > -OBJECT_DECLARE_SIMPLE_TYPE(PnvPHB4, PNV_PHB4)
> > > +OBJECT_DECLARE_TYPE(PnvPHB4, PnvPHB4Class, PNV_PHB4)
> > >
> > > typedef struct PnvPhb4PecStack PnvPhb4PecStack;
> > >
> > > @@ -156,6 +156,17 @@ struct PnvPHB4 {
> > > QLIST_HEAD(, PnvPhb4DMASpace) dma_spaces;
> > > };
> > >
> > > +typedef struct PnvPHB4Class {
> > > + DeviceClass parent_class;
> > > +
> > > + /*
> > > + * Read-only bitmask for registers
> > > + * Bit value: 1 => RO bit
> > > + * 0 => RW bit
> > > + */
> > > + uint64_t ro_mask[PNV_PHB4_NUM_REGS];
> > > +} PnvPHB4Class;
> > > +
> > > void pnv_phb4_pic_print_info(PnvPHB4 *phb, GString *buf);
> > > int pnv_phb4_pec_get_phb_id(PnvPhb4PecState *pec, int stack_index);
> > > PnvPhb4PecState *pnv_pec_add_phb(PnvChip *chip, PnvPHB *phb, Error
> > > **errp);
> > > diff --git a/include/hw/pci-host/pnv_phb4_regs.h
> > > b/include/hw/pci-host/pnv_phb4_regs.h
> > > index df5e86d29a..dfd0e01d1e 100644
> > > --- a/include/hw/pci-host/pnv_phb4_regs.h
> > > +++ b/include/hw/pci-host/pnv_phb4_regs.h
> > > @@ -180,9 +180,11 @@
> > > #define PHB_M64_AOMASK 0x1d0
> > > #define PHB_M64_UPPER_BITS 0x1f0
> > > #define PHB_NXLATE_PREFIX 0x1f8
> > > -#define PHB_DMARD_SYNC 0x200
> > > -#define PHB_DMARD_SYNC_START PPC_BIT(0)
> > > -#define PHB_DMARD_SYNC_COMPLETE PPC_BIT(1)
> > > +#define PHB_DMA_SYNC 0x200
> > > +#define PHB_DMA_SYNC_RD_START PPC_BIT(0)
> > > +#define PHB_DMA_SYNC_RD_COMPLETE PPC_BIT(1)
> > > +#define PHB_DMA_SYNC_WR_START PPC_BIT(2)
> > > +#define PHB_DMA_SYNC_WR_COMPLETE PPC_BIT(3)
> > > #define PHB_RTC_INVALIDATE 0x208
> > > #define PHB_RTC_INVALIDATE_ALL PPC_BIT(0)
> > > #define PHB_RTC_INVALIDATE_RID PPC_BITMASK(16, 31)
> > > @@ -370,6 +372,7 @@
> > > #define P32_CAP 0x228
> > > #define P32_CTL 0x22C
> > > #define P32_STAT 0x230
> > > +
> > > /* PHB4 REGB registers */
> > >
> > > /* PBL core */
> > > @@ -395,8 +398,8 @@
> > > #define PHB_PCIE_SCR 0x1A00
> > > #define PHB_PCIE_SCR_SLOT_CAP PPC_BIT(15)
> > > #define PHB_PCIE_SCR_MAXLINKSPEED PPC_BITMASK(32, 35)
> > > +#define PHB_PCIE_SCR_PLW_X16 PPC_BIT(41) /* x16 */
> > > #define PHB_PCIE_BNR 0x1A08
> > > -
> > > #define PHB_PCIE_CRESET 0x1A10
> > > #define PHB_PCIE_CRESET_CFG_CORE PPC_BIT(0)
> > > #define PHB_PCIE_CRESET_TLDLP PPC_BIT(1)
> > > @@ -405,7 +408,14 @@
> > > #define PHB_PCIE_CRESET_PIPE_N PPC_BIT(4)
> > > #define PHB_PCIE_CRESET_REFCLK_N PPC_BIT(8)
> > > #define PHB_PCIE_HOTPLUG_STATUS 0x1A20
> > > +#define PHB_PCIE_HPSTAT_SIMDIAG PPC_BIT(3)
> > > +#define PHB_PCIE_HPSTAT_RESAMPLE PPC_BIT(9)
> > > #define PHB_PCIE_HPSTAT_PRESENCE PPC_BIT(10)
> > > +#define PHB_PCIE_HPSTAT_LINKACTIVE PPC_BIT(12)
> > > +#define PHB_PCIE_LMR 0x1A30
> > > +#define PHB_PCIE_LMR_CHANGELW PPC_BIT(0)
> > > +#define PHB_PCIE_LMR_RETRAINLINK PPC_BIT(1)
> > > +#define PHB_PCIE_LMR_LINKACTIVE PPC_BIT(8)
> > >
> > > #define PHB_PCIE_DLP_TRAIN_CTL 0x1A40
> > > #define PHB_PCIE_DLP_LINK_WIDTH PPC_BITMASK(30, 35)
> > > @@ -433,7 +443,7 @@
> > >
> > > #define PHB_PCIE_DLP_TRWCTL 0x1A80
> > > #define PHB_PCIE_DLP_TRWCTL_EN PPC_BIT(0)
> > > -
> > > +#define PHB_PCIE_DLP_TRWCTL_WREN PPC_BIT(1)
> > > #define PHB_PCIE_DLP_ERRLOG1 0x1AA0
> > > #define PHB_PCIE_DLP_ERRLOG2 0x1AA8
> > > #define PHB_PCIE_DLP_ERR_STATUS 0x1AB0
> > > diff --git a/tests/qtest/pnv-phb4-test.c b/tests/qtest/pnv-phb4-test.c
> > > index f186efaf0d..841306ae3f 100644
> > > --- a/tests/qtest/pnv-phb4-test.c
> > > +++ b/tests/qtest/pnv-phb4-test.c
> > > @@ -73,7 +73,8 @@ static void phb4_sticky_rst_test(QTestState *qts)
> > > * Sticky reset test of PHB_PBL_ERR_STATUS.
> > > *
> > > * Write all 1's to reg PHB_PBL_ERR_INJECT.
> > > - * Updated value will be copied to reg PHB_PBL_ERR_STATUS.
> > > + * RO-only bits will not be written and
> > > + * updated value will be copied to reg PHB_PBL_ERR_STATUS.
> > > *
> > > * Reset PBL core by setting PHB_PCIE_CRESET_PBL in reg
> > > PHB_PCIE_CRESET.
> > > * Verify the sticky bits are still set.
> > > @@ -81,7 +82,59 @@ static void phb4_sticky_rst_test(QTestState *qts)
> > > phb4_xscom_write(PHB_PBL_ERR_INJECT, PPC_BITMASK(0, 63));
> > > phb4_xscom_write(PHB_PCIE_CRESET, PHB_PCIE_CRESET_PBL); /*Reset*/
> > > val = phb4_xscom_read(PHB_PBL_ERR_STATUS);
> > > - g_assert_cmpuint(val, ==, (PPC_BITMASK(0, 9) | PPC_BITMASK(12, 63)));
> > > + g_assert_cmpuint(val, ==, 0xF00DFD8E00);
> > > +}
> > > +
> > > +/* Check that write-only bits/regs return 0 when read */
> > > +static void phb4_writeonly_read_test(QTestState *qts)
> > > +{
> > > + uint64_t val;
> > > +
> > > + /*
> > > + * Set all bits of PHB_DMA_SYNC,
> > > + * bits 0 and 2 are write-only and should be read as 0.
> > > + */
> > > + phb4_xscom_write(PHB_DMA_SYNC, PPC_BITMASK(0, 63));
> > > + val = phb4_xscom_read(PHB_DMA_SYNC);
> > > + g_assert_cmpuint(val & PPC_BIT(0), ==, 0x0);
> > > + g_assert_cmpuint(val & PPC_BIT(2), ==, 0x0);
> > > +
> > > + /*
> > > + * Set all bits of PHB_PCIE_HOTPLUG_STATUS,
> > > + * bit 9 is write-only and should be read as 0.
> > > + */
> > > + phb4_xscom_write(PHB_PCIE_HOTPLUG_STATUS, PPC_BITMASK(0, 63));
> > > + val = phb4_xscom_read(PHB_PCIE_HOTPLUG_STATUS);
> > > + g_assert_cmpuint(val & PPC_BIT(9), ==, 0x0);
> > > +
> > > + /*
> > > + * Set all bits of PHB_PCIE_LMR,
> > > + * bits 0 and 1 are write-only and should be read as 0.
> > > + */
> > > + phb4_xscom_write(PHB_PCIE_LMR, PPC_BITMASK(0, 63));
> > > + val = phb4_xscom_read(PHB_PCIE_LMR);
> > > + g_assert_cmpuint(val & PPC_BIT(0), ==, 0x0);
> > > + g_assert_cmpuint(val & PPC_BIT(1), ==, 0x0);
> > > +
> > > + /*
> > > + * Set all bits of PHB_PCIE_DLP_TRWCTL,
> > > + * write-only bit-1 should be read as 0.
> > > + */
> > > + phb4_xscom_write(PHB_PCIE_DLP_TRWCTL, PPC_BITMASK(0, 63));
> > > + val = phb4_xscom_read(PHB_PCIE_DLP_TRWCTL);
> > > + g_assert_cmpuint(val & PPC_BIT(1), ==, 0x0);
> > > +
> > > + /*
> > > + * Set all bits of PHB_LEM_ERROR_AND_MASK, PHB_LEM_ERROR_OR_MASK,
> > > + * both regs are write-only and should be read as 0.
> > > + */
> > > + phb4_xscom_write(PHB_LEM_ERROR_AND_MASK, PPC_BITMASK(0, 63));
> > > + val = phb4_xscom_read(PHB_LEM_ERROR_AND_MASK);
> > > + g_assert_cmpuint(val, ==, 0x0);
> > > +
> > > + phb4_xscom_write(PHB_LEM_ERROR_OR_MASK, PPC_BITMASK(0, 63));
> > > + val = phb4_xscom_read(PHB_LEM_ERROR_OR_MASK);
> > > + g_assert_cmpuint(val, ==, 0x0);
> > > }
> > >
> > > static void phb4_tests(void)
> > > @@ -96,6 +149,9 @@ static void phb4_tests(void)
> > > /* Check sticky reset of a register */
> > > phb4_sticky_rst_test(qts);
> > >
> > > + /* Check write-only logic */
> > > + phb4_writeonly_read_test(qts);
> > > +
> > > qtest_quit(qts);
> > > }
> > >
> > > --
> > > 2.47.3
