Re: [PATCH v2 4/9] pnv/phb4: Implement read-only and write-only bits of registers

Sun, 08 Feb 2026 21:37:52 -0800 

Hello Michael,

Thanks for the analysis!

I'll send the next patchset with your fix.

Regards,

Saif


On 04-02-2026 12:12 pm, Michael S. Tsirkin wrote:

On Wed, Feb 04, 2026 at 12:12:01AM -0500, Michael S. Tsirkin wrote:

On Wed, Feb 04, 2026 at 12:04:20AM -0500, Michael S. Tsirkin wrote:

On Tue, Dec 30, 2025 at 04:21:22AM -0600, Saif Abrar wrote:

SW cannot write the read-only(RO) bits of a register
and write-only(WO) bits of a register return 0 when read.

Added ro_mask[] for each register that defines which
bits in that register are RO.
When writing to a register, the RO-bits are not updated.

When reading a register, clear the WO bits and return the updated value.

Tested the registers PHB_DMA_SYNC, PHB_PCIE_HOTPLUG_STATUS, PHB_PCIE_LMR,
PHB_PCIE_DLP_TRWCTL, PHB_LEM_ERROR_AND_MASK and PHB_LEM_ERROR_OR_MASK
by writing all 1's and reading back the value.
The WO bits in these registers should read back as 0.

Signed-off-by: Saif Abrar<[email protected]>
Reviewed-by: Cédric Le Goater<[email protected]>

causes a crash in boot-serial-test:
https://gitlab.com/mstredhat/qemu/-/jobs/12975819193

I forgot to say - with tci:

   ../configure --enable-tcg-interpreter --target-list=ppc64-softmmu

triggered with tcg now, too.

   Core was generated by `/scm/qemu-bisect/build/qemu-system-ppc64 -qtest 
unix:/tmp/qtest-194326.sock -qtest-log /dev/null -chardev
      socket,path=/tmp/qtest-194326.qmp,id=char0 -mon 
chardev=char0,mode=control -display none -audio none -run-with
     exit-with-parent=on -M powernv9 -no-shutdown -chardev 
file,id=serial0,path=/tmp/qtest-boot-serial-sVOZKK3 -serial
     chardev:serial0 -accel tcg -accel kvm -accel qtest'.
     Program terminated with signal SIGSEGV, Segmentation fault.
     #0  0x000055fe6e84bcc8 in object_link_get_targetp (obj=0x55fe8ebbca10, 
lprop=0xf) at ../qom/object.c:1871
     1871            if (lprop->flags & OBJ_PROP_LINK_DIRECT) {
     [Current thread is 1 (Thread 0x7f2716e774c0 (LWP 194336))]
     warning: File "/scm/qemu/.gdbinit" auto-loading has been declined by your 
`auto-load safe-path' set to
     "$debugdir:$datadir/auto-load:/usr/lib/golang/src/runtime/runtime-gdb.py".
     To enable execution of this file add
         add-auto-load-safe-path /scm/qemu/.gdbinit
     line to your configuration file "/home/mst/.config/gdb/gdbinit".
     To completely disable this security protection add
         set auto-load safe-path /
     line to your configuration file "/home/mst/.config/gdb/gdbinit".
     For more information about this security protection see the
     "Auto-loading safe path" section in the GDB manual.  E.g., run from the 
shell:
         info "(gdb)Auto-loading safe path"
     #0  0x000055fe6e84bcc8 in object_link_get_targetp (obj=0x55fe8ebbca10, 
lprop=0xf) at ../qom/object.c:1871
     #1  0x000055fe6e84c00f in object_set_link_property (obj=0x55fe8ebbca10, 
v=0x55fe8ebc81a0, name=0x55fe6ef9d504 "pec", opaque=0xf,
      errp=0x7ffe749d2a00) at ../qom/object.c:1945
     #2  0x000055fe6e84aad7 in object_property_set (obj=0x55fe8ebbca10, 
name=0x55fe6ef9d504 "pec", v=0x55fe8ebc81a0,
     errp=0x7ffe749d2a00) at ../qom/object.c:1450
     #3  0x000055fe6e84fcc3 in object_property_set_qobject (obj=0x55fe8ebbca10, 
name=0x55fe6ef9d504 "pec", value=0x55fe8ebc8520,
     errp=0x7ffe749d2a00) at ../qom/qom-qobject.c:28
     #4  0x000055fe6e84ab7b in object_property_set_str (obj=0x55fe8ebbca10, 
name=0x55fe6ef9d504 "pec", value=0x55fe8ebbc8e0
     "/machine/chip[0]/pec[0]", errp=0x7ffe749d2a00) at ../qom/object.c:1458
     #5  0x000055fe6e84ad30 in object_property_set_link (obj=0x55fe8ebbca10, 
name=0x55fe6ef9d504 "pec", value=0x55fe8e654330,
     errp=0x7ffe749d2a00) at ../qom/object.c:1495
     #6  0x000055fe6e7fb1ff in pnv_phb_realize (dev=0x55fe8ebbb960, 
errp=0x7ffe749d2a00) at ../hw/pci-host/pnv_phb.c:156
     #7  0x000055fe6e8435be in device_set_realized (obj=0x55fe8ebbb960, 
value=true, errp=0x7ffe749d2d60) at ../hw/core/qdev.c:523
     #8  0x000055fe6e84d060 in property_set_bool (obj=0x55fe8ebbb960, v=0x55fe8e70db20, 
name=0x55fe6efb2979 "realized",
     opaque=0x55fe8e2595f0, errp=0x7ffe749d2d60) at ../qom/object.c:2376
     #9  0x000055fe6e84aad7 in object_property_set (obj=0x55fe8ebbb960, 
name=0x55fe6efb2979 "realized", v=0x55fe8e70db20,
     errp=0x7ffe749d2d60) at ../qom/object.c:1450
     #10 0x000055fe6e84fcc3 in object_property_set_qobject (obj=0x55fe8ebbb960, 
name=0x55fe6efb2979 "realized", value=0x55fe8ebbc860,
      errp=0x7ffe749d2d60) at ../qom/qom-qobject.c:28
     #11 0x000055fe6e84ae8a in object_property_set_bool (obj=0x55fe8ebbb960, 
name=0x55fe6efb2979 "realized", value=true,
     errp=0x7ffe749d2d60) at ../qom/object.c:1520
     #12 0x000055fe6e842c6b in qdev_realize (dev=0x55fe8ebbb960, 
bus=0x55fe8e6164d0, errp=0x7ffe749d2d60) at ../hw/core/qdev.c:276
     #13 0x000055fe6e1ee440 in sysbus_realize (dev=0x55fe8ebbb960, 
errp=0x7ffe749d2d60) at ../hw/core/sysbus.c:249
     #14 0x000055fe6e7f9901 in pnv_pec_default_phb_realize (pec=0x55fe8e654330, 
stack_no=0, errp=0x7ffe749d2d60) at
     ../hw/pci-host/pnv_phb4_pec.c:194
     #15 0x000055fe6e7f9bc0 in pnv_pec_realize (dev=0x55fe8e654330, 
errp=0x7ffe749d2d60) at ../hw/pci-host/pnv_phb4_pec.c:258
     #16 0x000055fe6e8435be in device_set_realized (obj=0x55fe8e654330, 
value=true, errp=0x7ffe749d2fe8) at ../hw/core/qdev.c:523
     #17 0x000055fe6e84d060 in property_set_bool (obj=0x55fe8e654330, v=0x55fe8e63ea90, 
name=0x55fe6efb2979 "realized",
     opaque=0x55fe8e2595f0, errp=0x7ffe749d2fe8) at ../qom/object.c:2376
     #18 0x000055fe6e84aad7 in object_property_set (obj=0x55fe8e654330, 
name=0x55fe6efb2979 "realized", v=0x55fe8e63ea90,
     errp=0x7ffe749d2fe8) at ../qom/object.c:1450
     #19 0x000055fe6e84fcc3 in object_property_set_qobject (obj=0x55fe8e654330, 
name=0x55fe6efb2979 "realized", value=0x55fe8ebbb0f0,
      errp=0x7ffe749d2fe8) at ../qom/qom-qobject.c:28
     #20 0x000055fe6e84ae8a in object_property_set_bool (obj=0x55fe8e654330, 
name=0x55fe6efb2979 "realized", value=true,
     errp=0x7ffe749d2fe8) at ../qom/object.c:1520
     #21 0x000055fe6e842c6b in qdev_realize (dev=0x55fe8e654330, bus=0x0, 
errp=0x7ffe749d2fe8) at ../hw/core/qdev.c:276
     #22 0x000055fe6e676fef in pnv_chip_power9_pec_realize 
(chip=0x55fe8e64e4f0, errp=0x7ffe749d2fe8) at ../hw/ppc/pnv.c:1892
     #23 0x000055fe6e677b1b in pnv_chip_power9_realize (dev=0x55fe8e64e4f0, 
errp=0x7ffe749d3080) at ../hw/ppc/pnv.c:2108
     #24 0x000055fe6e8435be in device_set_realized (obj=0x55fe8e64e4f0, 
value=true, errp=0x7ffe749d3190) at ../hw/core/qdev.c:523
     #25 0x000055fe6e84d060 in property_set_bool (obj=0x55fe8e64e4f0, v=0x55fe8e623cf0, 
name=0x55fe6efb2979 "realized",
     opaque=0x55fe8e2595f0, errp=0x7ffe749d3190) at ../qom/object.c:2376
     #26 0x000055fe6e84aad7 in object_property_set (obj=0x55fe8e64e4f0, 
name=0x55fe6efb2979 "realized", v=0x55fe8e623cf0,
     errp=0x7ffe749d3190) at ../qom/object.c:1450
     #27 0x000055fe6e84fcc3 in object_property_set_qobject (obj=0x55fe8e64e4f0, 
name=0x55fe6efb2979 "realized", value=0x55fe8e63eb90,
      errp=0x55fe6f599380 <error_fatal>) at ../qom/qom-qobject.c:28
     #28 0x000055fe6e84ae8a in object_property_set_bool (obj=0x55fe8e64e4f0, 
name=0x55fe6efb2979 "realized", value=true,
     errp=0x55fe6f599380 <error_fatal>) at ../qom/object.c:1520
     #29 0x000055fe6e842c6b in qdev_realize (dev=0x55fe8e64e4f0, bus=0x55fe8e6164d0, 
errp=0x55fe6f599380 <error_fatal>) at
     ../hw/core/qdev.c:276
     #30 0x000055fe6e842ca4 in qdev_realize_and_unref (dev=0x55fe8e64e4f0, 
bus=0x55fe8e6164d0, errp=0x55fe6f599380 <error_fatal>) at
     ../hw/core/qdev.c:283
     #31 0x000055fe6e1ee488 in sysbus_realize_and_unref (dev=0x55fe8e64e4f0, 
errp=0x55fe6f599380 <error_fatal>) at
     ../hw/core/sysbus.c:254
     #32 0x000055fe6e675245 in pnv_init (machine=0x55fe8e615c80) at 
../hw/ppc/pnv.c:1221
     #33 0x000055fe6e1e62de in machine_run_board_init (machine=0x55fe8e615c80, 
mem_path=0x0, errp=0x7ffe749d3420) at
     ../hw/core/machine.c:1747
     #34 0x000055fe6e44f235 in qemu_init_board () at ../system/vl.c:2715
     #35 0x000055fe6e44f5c8 in qmp_x_exit_preconfig (errp=0x55fe6f599380 
<error_fatal>) at ../system/vl.c:2809
     #36 0x000055fe6e452a22 in qemu_init (argc=28, argv=0x7ffe749d37d8) at 
../system/vl.c:3849
     #37 0x000055fe6e99bb52 in main (argc=28, argv=0x7ffe749d37d8) at 
../system/main.c:71


Looking at it:

     #0  0x000055fe6e84bcc8 in object_link_get_targetp (obj=0x55fe8ebbca10, 
lprop=0xf) at ../qom/object.c:1871
     #1  0x000055fe6e84c00f in object_set_link_property (obj=0x55fe8ebbca10, 
v=0x55fe8ebc81a0, name=0x55fe6ef9d504 "pec", opaque=0xf,
      errp=0x7ffe749d2a00) at ../qom/object.c:1945

   The opaque=0xf (15) is being passed as lprop but it should be a pointer to 
an ObjectLinkProperty.

Could be this:
   -OBJECT_DECLARE_SIMPLE_TYPE(PnvPHB4, PNV_PHB4)
   +OBJECT_DECLARE_TYPE(PnvPHB4, PnvPHB4Class, PNV_PHB4)

The following seems to fix it:

$ git diff
diff --git a/hw/pci-host/pnv_phb4.c b/hw/pci-host/pnv_phb4.c
index 48caba9e79..0eb1e7c2bf 100644
--- a/hw/pci-host/pnv_phb4.c
+++ b/hw/pci-host/pnv_phb4.c
@@ -1998,6 +1998,7 @@ static const TypeInfo pnv_phb4_type_info = {
      .parent        = TYPE_DEVICE,
      .instance_init = pnv_phb4_instance_init,
      .instance_size = sizeof(PnvPHB4),
+    .class_size    = sizeof(PnvPHB4Class),
      .class_init    = pnv_phb4_class_init,
      .interfaces = (const InterfaceInfo[]) {
              { TYPE_XIVE_NOTIFIER },


without .class_size, QOM will allocate sizeof(DeviceClass) and heap is
corrupted.


bisect script:

#!/bin/bash
cd /scm/qemu-bisect/build
make -j$(nproc) || exit 125
ninja tests/qtest/boot-serial-test || exit 125
QTEST_QEMU_BINARY=./qemu-system-ppc64 timeout 60 ./tests/qtest/boot-serial-test -p 
/ppc64/boot-serial/powernv9 && exit 0 || exit 1



---
v1 -> v2: New PnvPHB4Class to hold each register's RO mask.

  hw/pci-host/pnv_phb4.c              | 78 ++++++++++++++++++++++++++---
  include/hw/pci-host/pnv_phb4.h      | 13 ++++-
  include/hw/pci-host/pnv_phb4_regs.h | 20 ++++++--
  tests/qtest/pnv-phb4-test.c         | 60 +++++++++++++++++++++-
  4 files changed, 157 insertions(+), 14 deletions(-)

diff --git a/hw/pci-host/pnv_phb4.c b/hw/pci-host/pnv_phb4.c
index 70f5af21fa..48caba9e79 100644
--- a/hw/pci-host/pnv_phb4.c
+++ b/hw/pci-host/pnv_phb4.c
@@ -707,6 +707,11 @@ static void pnv_phb4_reg_write(void *opaque, hwaddr off, 
uint64_t val,
          return;
      }
+ /* Update 'val' according to the register's RO-mask */ 
+    PnvPHB4Class *k = PNV_PHB4_GET_CLASS(phb);
+    val = (phb->regs[off >> 3] & k->ro_mask[off >> 3]) |
+                                            (val & ~(k->ro_mask[off >> 3]));
+
      /* Record whether it changed */
      changed = phb->regs[off >> 3] != val;
@@ -781,7 +786,7 @@ static void pnv_phb4_reg_write(void *opaque, hwaddr off, uint64_t val, 
      case PHB_TCE_TAG_ENABLE:
      case PHB_INT_NOTIFY_ADDR:
      case PHB_INT_NOTIFY_INDEX:
-    case PHB_DMARD_SYNC:
+    case PHB_DMA_SYNC:
         break;
/* Noise on anything else */ 
@@ -819,7 +824,7 @@ static uint64_t pnv_phb4_reg_read(void *opaque, hwaddr off, 
unsigned size)
      case PHB_VERSION:
          return PNV_PHB4_PEC_GET_CLASS(phb->pec)->version;
- /* Read-only */ 
+    /* Read-only */
      case PHB_PHB4_GEN_CAP:
          return 0xe4b8000000000000ull;
      case PHB_PHB4_TCE_CAP:
@@ -829,18 +834,49 @@ static uint64_t pnv_phb4_reg_read(void *opaque, hwaddr 
off, unsigned size)
      case PHB_PHB4_EEH_CAP:
          return phb->big_phb ? 0x2000000000000000ull : 0x1000000000000000ull;
+ /* Write-only, read will return zeros */ 
+    case PHB_LEM_ERROR_AND_MASK:
+    case PHB_LEM_ERROR_OR_MASK:
+        return 0;
+    case PHB_PCIE_DLP_TRWCTL:
+        val &= ~PHB_PCIE_DLP_TRWCTL_WREN;
+        return val;
      /* IODA table accesses */
      case PHB_IODA_DATA0:
          return pnv_phb4_ioda_read(phb);
+ /* 
+     * DMA sync: make it look like it's complete,
+     *           clear write-only read/write start sync bits.
+     */
+    case PHB_DMA_SYNC:
+        val = PHB_DMA_SYNC_RD_COMPLETE |
+            ~(PHB_DMA_SYNC_RD_START | PHB_DMA_SYNC_WR_START);
+        return val;
+
+    /*
+     * PCI-E Stack registers
+     */
+    case PHB_PCIE_SCR:
+        val |= PHB_PCIE_SCR_PLW_X16; /* RO bit */
+        break;
+
      /* Link training always appears trained */
      case PHB_PCIE_DLP_TRAIN_CTL:
          /* TODO: Do something sensible with speed ? */
-        return PHB_PCIE_DLP_INBAND_PRESENCE | PHB_PCIE_DLP_TL_LINKACT;
+        val |= PHB_PCIE_DLP_INBAND_PRESENCE | PHB_PCIE_DLP_TL_LINKACT;
+        return val;
+
+    case PHB_PCIE_HOTPLUG_STATUS:
+        /* Clear write-only bit */
+        val &= ~PHB_PCIE_HPSTAT_RESAMPLE;
+        return val;
- /* DMA read sync: make it look like it's complete */ 
-    case PHB_DMARD_SYNC:
-        return PHB_DMARD_SYNC_COMPLETE;
+    /* Link Management Register */
+    case PHB_PCIE_LMR:
+        /* These write-only bits always read as 0 */
+        val &= ~(PHB_PCIE_LMR_CHANGELW | PHB_PCIE_LMR_RETRAINLINK);
+        return val;
/* Silent simple reads */ 
      case PHB_LSI_SOURCE_ID:
@@ -1685,6 +1721,32 @@ static PCIIOMMUOps pnv_phb4_iommu_ops = {
      .get_address_space = pnv_phb4_dma_iommu,
  };
+static void pnv_phb4_ro_mask_init(PnvPHB4 *phb) 
+{
+    PnvPHB4Class *phb4c = PNV_PHB4_GET_CLASS(phb);
+
+    /*
+     * Set register specific RO-masks
+     */
+
+    /* PBL - Error Injection Register (0x1910) */
+    phb4c->ro_mask[PHB_PBL_ERR_INJECT >> 3] =
+        PPC_BITMASK(0, 23) | PPC_BITMASK(28, 35) | PPC_BIT(38) | PPC_BIT(46) |
+        PPC_BITMASK(49, 51) | PPC_BITMASK(55, 63);
+
+    /* Reserved bits[60:63] */
+    phb4c->ro_mask[PHB_TXE_ERR_LEM_ENABLE >> 3] =
+    phb4c->ro_mask[PHB_TXE_ERR_AIB_FENCE_ENABLE >> 3] = PPC_BITMASK(60, 63);
+    /* Reserved bits[36:63] */
+    phb4c->ro_mask[PHB_RXE_TCE_ERR_LEM_ENABLE >> 3] =
+    phb4c->ro_mask[PHB_RXE_TCE_ERR_AIB_FENCE_ENABLE >> 3] = PPC_BITMASK(36, 
63);
+    /* Reserved bits[40:63] */
+    phb4c->ro_mask[PHB_ERR_LEM_ENABLE >> 3] =
+    phb4c->ro_mask[PHB_ERR_AIB_FENCE_ENABLE >> 3] = PPC_BITMASK(40, 63);
+
+    /* TODO: Add more RO-masks as regs are implemented in the model */
+}
+
  static void pnv_phb4_err_reg_reset(PnvPHB4 *phb)
  {
      STICKY_RST(PHB_ERR_STATUS,       0, PPC_BITMASK(0, 33));
@@ -1743,6 +1805,7 @@ static void pnv_phb4_reset(Object *obj, ResetType type)
      pnv_phb4_err_reg_reset(phb);
      pnv_phb4_pcie_stack_reg_reset(phb);
      pnv_phb4_regb_err_reg_reset(phb);
+    phb->regs[PHB_PCIE_CRESET >> 3] = 0xE000000000000000;
  }
static void pnv_phb4_instance_init(Object *obj) 
@@ -1753,6 +1816,9 @@ static void pnv_phb4_instance_init(Object *obj)
/* XIVE interrupt source object */ 
      object_initialize_child(obj, "source", &phb->xsrc, TYPE_XIVE_SOURCE);
+
+    /* Initialize RO-mask of registers */
+    pnv_phb4_ro_mask_init(phb);
  }
void pnv_phb4_bus_init(DeviceState *dev, PnvPHB4 *phb) 
diff --git a/include/hw/pci-host/pnv_phb4.h b/include/hw/pci-host/pnv_phb4.h
index 47a5c3edf5..bea0684724 100644
--- a/include/hw/pci-host/pnv_phb4.h
+++ b/include/hw/pci-host/pnv_phb4.h
@@ -19,7 +19,7 @@
#define TYPE_PNV_PHB4 "pnv-phb4" 
-OBJECT_DECLARE_SIMPLE_TYPE(PnvPHB4, PNV_PHB4)
+OBJECT_DECLARE_TYPE(PnvPHB4, PnvPHB4Class, PNV_PHB4)
typedef struct PnvPhb4PecStack PnvPhb4PecStack; @@ -156,6 +156,17 @@ struct PnvPHB4 { 
      QLIST_HEAD(, PnvPhb4DMASpace) dma_spaces;
  };
+typedef struct PnvPHB4Class { 
+    DeviceClass parent_class;
+
+    /*
+     * Read-only bitmask for registers
+     * Bit value: 1 => RO bit
+     *            0 => RW bit
+     */
+    uint64_t ro_mask[PNV_PHB4_NUM_REGS];
+} PnvPHB4Class;
+
  void pnv_phb4_pic_print_info(PnvPHB4 *phb, GString *buf);
  int pnv_phb4_pec_get_phb_id(PnvPhb4PecState *pec, int stack_index);
  PnvPhb4PecState *pnv_pec_add_phb(PnvChip *chip, PnvPHB *phb, Error **errp);
diff --git a/include/hw/pci-host/pnv_phb4_regs.h 
b/include/hw/pci-host/pnv_phb4_regs.h
index df5e86d29a..dfd0e01d1e 100644
--- a/include/hw/pci-host/pnv_phb4_regs.h
+++ b/include/hw/pci-host/pnv_phb4_regs.h
@@ -180,9 +180,11 @@
  #define PHB_M64_AOMASK                  0x1d0
  #define PHB_M64_UPPER_BITS              0x1f0
  #define PHB_NXLATE_PREFIX               0x1f8
-#define PHB_DMARD_SYNC                  0x200
-#define   PHB_DMARD_SYNC_START          PPC_BIT(0)
-#define   PHB_DMARD_SYNC_COMPLETE       PPC_BIT(1)
+#define PHB_DMA_SYNC                    0x200
+#define   PHB_DMA_SYNC_RD_START         PPC_BIT(0)
+#define   PHB_DMA_SYNC_RD_COMPLETE      PPC_BIT(1)
+#define   PHB_DMA_SYNC_WR_START         PPC_BIT(2)
+#define   PHB_DMA_SYNC_WR_COMPLETE      PPC_BIT(3)
  #define PHB_RTC_INVALIDATE              0x208
  #define   PHB_RTC_INVALIDATE_ALL        PPC_BIT(0)
  #define   PHB_RTC_INVALIDATE_RID        PPC_BITMASK(16, 31)
@@ -370,6 +372,7 @@
  #define P32_CAP                                 0x228
  #define P32_CTL                                 0x22C
  #define P32_STAT                                0x230
+
  /* PHB4 REGB registers */
/* PBL core */ 
@@ -395,8 +398,8 @@
  #define PHB_PCIE_SCR                    0x1A00
  #define   PHB_PCIE_SCR_SLOT_CAP         PPC_BIT(15)
  #define   PHB_PCIE_SCR_MAXLINKSPEED     PPC_BITMASK(32, 35)
+#define   PHB_PCIE_SCR_PLW_X16          PPC_BIT(41) /* x16 */
  #define PHB_PCIE_BNR                    0x1A08
-
  #define PHB_PCIE_CRESET                 0x1A10
  #define   PHB_PCIE_CRESET_CFG_CORE      PPC_BIT(0)
  #define   PHB_PCIE_CRESET_TLDLP         PPC_BIT(1)
@@ -405,7 +408,14 @@
  #define   PHB_PCIE_CRESET_PIPE_N        PPC_BIT(4)
  #define   PHB_PCIE_CRESET_REFCLK_N      PPC_BIT(8)
  #define PHB_PCIE_HOTPLUG_STATUS         0x1A20
+#define   PHB_PCIE_HPSTAT_SIMDIAG       PPC_BIT(3)
+#define   PHB_PCIE_HPSTAT_RESAMPLE      PPC_BIT(9)
  #define   PHB_PCIE_HPSTAT_PRESENCE      PPC_BIT(10)
+#define   PHB_PCIE_HPSTAT_LINKACTIVE    PPC_BIT(12)
+#define PHB_PCIE_LMR                    0x1A30
+#define   PHB_PCIE_LMR_CHANGELW         PPC_BIT(0)
+#define   PHB_PCIE_LMR_RETRAINLINK      PPC_BIT(1)
+#define   PHB_PCIE_LMR_LINKACTIVE       PPC_BIT(8)
#define PHB_PCIE_DLP_TRAIN_CTL 0x1A40 
  #define   PHB_PCIE_DLP_LINK_WIDTH       PPC_BITMASK(30, 35)
@@ -433,7 +443,7 @@
#define PHB_PCIE_DLP_TRWCTL 0x1A80 
  #define   PHB_PCIE_DLP_TRWCTL_EN        PPC_BIT(0)
-
+#define   PHB_PCIE_DLP_TRWCTL_WREN      PPC_BIT(1)
  #define PHB_PCIE_DLP_ERRLOG1            0x1AA0
  #define PHB_PCIE_DLP_ERRLOG2            0x1AA8
  #define PHB_PCIE_DLP_ERR_STATUS         0x1AB0
diff --git a/tests/qtest/pnv-phb4-test.c b/tests/qtest/pnv-phb4-test.c
index f186efaf0d..841306ae3f 100644
--- a/tests/qtest/pnv-phb4-test.c
+++ b/tests/qtest/pnv-phb4-test.c
@@ -73,7 +73,8 @@ static void phb4_sticky_rst_test(QTestState *qts)
       * Sticky reset test of PHB_PBL_ERR_STATUS.
       *
       * Write all 1's to reg PHB_PBL_ERR_INJECT.
-     * Updated value will be copied to reg PHB_PBL_ERR_STATUS.
+     * RO-only bits will not be written and
+     * updated value will be copied to reg PHB_PBL_ERR_STATUS.
       *
       * Reset PBL core by setting PHB_PCIE_CRESET_PBL in reg PHB_PCIE_CRESET.
       * Verify the sticky bits are still set.
@@ -81,7 +82,59 @@ static void phb4_sticky_rst_test(QTestState *qts)
      phb4_xscom_write(PHB_PBL_ERR_INJECT, PPC_BITMASK(0, 63));
      phb4_xscom_write(PHB_PCIE_CRESET, PHB_PCIE_CRESET_PBL); /*Reset*/
      val = phb4_xscom_read(PHB_PBL_ERR_STATUS);
-    g_assert_cmpuint(val, ==, (PPC_BITMASK(0, 9) | PPC_BITMASK(12, 63)));
+    g_assert_cmpuint(val, ==, 0xF00DFD8E00);
+}
+
+/* Check that write-only bits/regs return 0 when read */
+static void phb4_writeonly_read_test(QTestState *qts)
+{
+    uint64_t val;
+
+    /*
+     * Set all bits of PHB_DMA_SYNC,
+     * bits 0 and 2 are write-only and should be read as 0.
+     */
+    phb4_xscom_write(PHB_DMA_SYNC, PPC_BITMASK(0, 63));
+    val = phb4_xscom_read(PHB_DMA_SYNC);
+    g_assert_cmpuint(val & PPC_BIT(0), ==, 0x0);
+    g_assert_cmpuint(val & PPC_BIT(2), ==, 0x0);
+
+    /*
+     * Set all bits of PHB_PCIE_HOTPLUG_STATUS,
+     * bit 9 is write-only and should be read as 0.
+     */
+    phb4_xscom_write(PHB_PCIE_HOTPLUG_STATUS, PPC_BITMASK(0, 63));
+    val = phb4_xscom_read(PHB_PCIE_HOTPLUG_STATUS);
+    g_assert_cmpuint(val & PPC_BIT(9), ==, 0x0);
+
+    /*
+     * Set all bits of PHB_PCIE_LMR,
+     * bits 0 and 1 are write-only and should be read as 0.
+     */
+    phb4_xscom_write(PHB_PCIE_LMR, PPC_BITMASK(0, 63));
+    val = phb4_xscom_read(PHB_PCIE_LMR);
+    g_assert_cmpuint(val & PPC_BIT(0), ==, 0x0);
+    g_assert_cmpuint(val & PPC_BIT(1), ==, 0x0);
+
+    /*
+     * Set all bits of PHB_PCIE_DLP_TRWCTL,
+     * write-only bit-1 should be read as 0.
+     */
+    phb4_xscom_write(PHB_PCIE_DLP_TRWCTL, PPC_BITMASK(0, 63));
+    val = phb4_xscom_read(PHB_PCIE_DLP_TRWCTL);
+    g_assert_cmpuint(val & PPC_BIT(1), ==, 0x0);
+
+    /*
+     * Set all bits of PHB_LEM_ERROR_AND_MASK, PHB_LEM_ERROR_OR_MASK,
+     * both regs are write-only and should be read as 0.
+     */
+    phb4_xscom_write(PHB_LEM_ERROR_AND_MASK, PPC_BITMASK(0, 63));
+    val = phb4_xscom_read(PHB_LEM_ERROR_AND_MASK);
+    g_assert_cmpuint(val, ==, 0x0);
+
+    phb4_xscom_write(PHB_LEM_ERROR_OR_MASK, PPC_BITMASK(0, 63));
+    val = phb4_xscom_read(PHB_LEM_ERROR_OR_MASK);
+    g_assert_cmpuint(val, ==, 0x0);
  }
static void phb4_tests(void) 
@@ -96,6 +149,9 @@ static void phb4_tests(void)
      /* Check sticky reset of a register */
      phb4_sticky_rst_test(qts);
+ /* Check write-only logic */ 
+    phb4_writeonly_read_test(qts);
+
      qtest_quit(qts);
  }
-- 
2.47.3

Reply via email to