From 063cac5326518abfcd4f3f0eaace3fa9b1a97424 Mon Sep 17 00:00:00 2001
From: Alexey Kardashevskiy <aik@ozlabs.ru>
Date: Thu, 10 Jul 2014 00:40:56 +1000
Subject: [PATCH 1/5] target-ppc: Fix number of threads per core limit
The number of threads per core is different for POWER6/7/8 CPUs.
Guest systems do not expect to see more threads per core than
a specific CPU supports so we need to limit this number.
This limit is implemented by ppc_get_compat_smt_threads().
However it has a problem as it checks for PCR (Processor Compatibility
Register) mask, 2.05 means 2 threads per core, 2.06 - 4 threads.
For POWER8 one would expect PCR_COMPAT_2_07 bit set and
ppc_get_compat_smt_threads() checking for it to return 8 threads
per core. But the latest PowerISA spec now is 2.07 and there is
no 2.07 compatibility mode defined, QEMU does not define it either
(will be in PowerISA 2.08).
Instead of relying on a PCR mask, this uses kvmppc_smt_threads()
which returns the maximum supported threads number for KVM or
1 for TCG.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
---
target-ppc/translate_init.c | 18 +++++-------------
1 file changed, 5 insertions(+), 13 deletions(-)
diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index 5eacd46a52..48177ed0a0 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -9098,29 +9098,21 @@ static void ppc_cpu_unrealizefn(DeviceState *dev, Error **errp)
int ppc_get_compat_smt_threads(PowerPCCPU *cpu)
{
- int ret = smp_threads;
- PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu);
+ int ret = MIN(smp_threads, kvmppc_smt_threads());
switch (cpu->cpu_version) {
case CPU_POWERPC_LOGICAL_2_05:
- ret = 2;
+ ret = MIN(ret, 2);
break;
case CPU_POWERPC_LOGICAL_2_06:
- ret = 4;
+ ret = MIN(ret, 4);
break;
case CPU_POWERPC_LOGICAL_2_07:
- ret = 8;
- break;
- default:
- if (pcc->pcr_mask & PCR_COMPAT_2_06) {
- ret = 4;
- } else if (pcc->pcr_mask & PCR_COMPAT_2_05) {
- ret = 2;
- }
+ ret = MIN(ret, 8);
break;
}
- return MIN(ret, smp_threads);
+ return ret;
}
int ppc_set_compat(PowerPCCPU *cpu, uint32_t cpu_version)
From e938ba0c35b0a6732a380b712b0f19511375a6a4 Mon Sep 17 00:00:00 2001
From: "Shreyas B. Prabhu" <shreyas@linux.vnet.ibm.com>
Date: Thu, 10 Jul 2014 17:31:03 +0530
Subject: [PATCH 2/5] ppc: memory: Replace memory_region_init_ram with
memory_region_allocate_system_memory
Commit 0b183fc871:"memory: move mem_path handling to
memory_region_allocate_system_memory" split memory_region_init_ram and
memory_region_init_ram_from_file. Also it moved mem-path handling a step
up from memory_region_init_ram to memory_region_allocate_system_memory.
Therefore for any board that uses memory_region_init_ram directly,
-mem-path is not supported.
Fix this by replacing memory_region_init_ram with
memory_region_allocate_system_memory.
Signed-off-by: Shreyas B. Prabhu <shreyas@linux.vnet.ibm.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
---
hw/ppc/e500.c | 3 +--
hw/ppc/mac_newworld.c | 7 +++----
hw/ppc/mac_oldworld.c | 8 ++++----
hw/ppc/ppc405_boards.c | 21 +++++++++------------
hw/ppc/ppc405_uc.c | 5 +++--
hw/ppc/ppc4xx_devs.c | 5 +++--
hw/ppc/prep.c | 3 +--
hw/ppc/virtex_ml507.c | 3 +--
8 files changed, 25 insertions(+), 30 deletions(-)
diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index bb2e75fe1b..1a5b30d3ce 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -701,8 +701,7 @@ void ppce500_init(MachineState *machine, PPCE500Params *params)
machine->ram_size = ram_size;
/* Register Memory */
- memory_region_init_ram(ram, NULL, "mpc8544ds.ram", ram_size);
- vmstate_register_ram_global(ram);
+ memory_region_allocate_system_memory(ram, NULL, "mpc8544ds.ram", ram_size);
memory_region_add_subregion(address_space_mem, 0, ram);
dev = qdev_create(NULL, "e500-ccsr");
diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index 89d3cadf19..7e97af4a23 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -200,13 +200,12 @@ static void ppc_core99_init(MachineState *machine)
}
/* allocate RAM */
- memory_region_init_ram(ram, NULL, "ppc_core99.ram", ram_size);
- vmstate_register_ram_global(ram);
+ memory_region_allocate_system_memory(ram, NULL, "ppc_core99.ram", ram_size);
memory_region_add_subregion(get_system_memory(), 0, ram);
/* allocate and load BIOS */
- memory_region_init_ram(bios, NULL, "ppc_core99.bios", BIOS_SIZE);
- vmstate_register_ram_global(bios);
+ memory_region_allocate_system_memory(bios, NULL, "ppc_core99.bios",
+ BIOS_SIZE);
if (bios_name == NULL)
bios_name = PROM_FILENAME;
filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index 4b5e905fc2..afae8253e9 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -130,13 +130,13 @@ static void ppc_heathrow_init(MachineState *machine)
exit(1);
}
- memory_region_init_ram(ram, NULL, "ppc_heathrow.ram", ram_size);
- vmstate_register_ram_global(ram);
+ memory_region_allocate_system_memory(ram, NULL, "ppc_heathrow.ram",
+ ram_size);
memory_region_add_subregion(sysmem, 0, ram);
/* allocate and load BIOS */
- memory_region_init_ram(bios, NULL, "ppc_heathrow.bios", BIOS_SIZE);
- vmstate_register_ram_global(bios);
+ memory_region_allocate_system_memory(bios, NULL, "ppc_heathrow.bios",
+ BIOS_SIZE);
if (bios_name == NULL)
bios_name = PROM_FILENAME;
filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
diff --git a/hw/ppc/ppc405_boards.c b/hw/ppc/ppc405_boards.c
index 98ad2d75e7..6b566cd8e5 100644
--- a/hw/ppc/ppc405_boards.c
+++ b/hw/ppc/ppc405_boards.c
@@ -199,8 +199,8 @@ static void ref405ep_init(MachineState *machine)
MemoryRegion *sysmem = get_system_memory();
/* XXX: fix this */
- memory_region_init_ram(&ram_memories[0], NULL, "ef405ep.ram", 0x08000000);
- vmstate_register_ram_global(&ram_memories[0]);
+ memory_region_allocate_system_memory(&ram_memories[0], NULL, "ef405ep.ram",
+ 0x08000000);
ram_bases[0] = 0;
ram_sizes[0] = 0x08000000;
memory_region_init(&ram_memories[1], NULL, "ef405ep.ram1", 0);
@@ -214,8 +214,7 @@ static void ref405ep_init(MachineState *machine)
33333333, &pic, kernel_filename == NULL ? 0 : 1);
/* allocate SRAM */
sram_size = 512 * 1024;
- memory_region_init_ram(sram, NULL, "ef405ep.sram", sram_size);
- vmstate_register_ram_global(sram);
+ memory_region_allocate_system_memory(sram, NULL, "ef405ep.sram", sram_size);
memory_region_add_subregion(sysmem, 0xFFF00000, sram);
/* allocate and load BIOS */
#ifdef DEBUG_BOARD_INIT
@@ -246,8 +245,8 @@ static void ref405ep_init(MachineState *machine)
printf("Load BIOS from file\n");
#endif
bios = g_new(MemoryRegion, 1);
- memory_region_init_ram(bios, NULL, "ef405ep.bios", BIOS_SIZE);
- vmstate_register_ram_global(bios);
+ memory_region_allocate_system_memory(bios, NULL, "ef405ep.bios",
+ BIOS_SIZE);
if (bios_name == NULL)
bios_name = BIOS_FILENAME;
filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
@@ -518,14 +517,12 @@ static void taihu_405ep_init(MachineState *machine)
DriveInfo *dinfo;
/* RAM is soldered to the board so the size cannot be changed */
- memory_region_init_ram(&ram_memories[0], NULL,
+ memory_region_allocate_system_memory(&ram_memories[0], NULL,
"taihu_405ep.ram-0", 0x04000000);
- vmstate_register_ram_global(&ram_memories[0]);
ram_bases[0] = 0;
ram_sizes[0] = 0x04000000;
- memory_region_init_ram(&ram_memories[1], NULL,
+ memory_region_allocate_system_memory(&ram_memories[1], NULL,
"taihu_405ep.ram-1", 0x04000000);
- vmstate_register_ram_global(&ram_memories[1]);
ram_bases[1] = 0x04000000;
ram_sizes[1] = 0x04000000;
ram_size = 0x08000000;
@@ -567,8 +564,8 @@ static void taihu_405ep_init(MachineState *machine)
if (bios_name == NULL)
bios_name = BIOS_FILENAME;
bios = g_new(MemoryRegion, 1);
- memory_region_init_ram(bios, NULL, "taihu_405ep.bios", BIOS_SIZE);
- vmstate_register_ram_global(bios);
+ memory_region_allocate_system_memory(bios, NULL, "taihu_405ep.bios",
+ BIOS_SIZE);
filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
if (filename) {
bios_size = load_image(filename, memory_region_get_ram_ptr(bios));
diff --git a/hw/ppc/ppc405_uc.c b/hw/ppc/ppc405_uc.c
index 54ba59e73a..fcd5f2d917 100644
--- a/hw/ppc/ppc405_uc.c
+++ b/hw/ppc/ppc405_uc.c
@@ -23,6 +23,7 @@
*/
#include "hw/hw.h"
#include "hw/ppc/ppc.h"
+#include "hw/boards.h"
#include "ppc405.h"
#include "hw/char/serial.h"
#include "qemu/timer.h"
@@ -973,8 +974,8 @@ static void ppc405_ocm_init(CPUPPCState *env)
ocm = g_malloc0(sizeof(ppc405_ocm_t));
/* XXX: Size is 4096 or 0x04000000 */
- memory_region_init_ram(&ocm->isarc_ram, NULL, "ppc405.ocm", 4096);
- vmstate_register_ram_global(&ocm->isarc_ram);
+ memory_region_allocate_system_memory(&ocm->isarc_ram, NULL, "ppc405.ocm",
+ 4096);
memory_region_init_alias(&ocm->dsarc_ram, NULL, "ppc405.dsarc", &ocm->isarc_ram,
0, 4096);
qemu_register_reset(&ocm_reset, ocm);
diff --git a/hw/ppc/ppc4xx_devs.c b/hw/ppc/ppc4xx_devs.c
index 8a43111a51..07f9d00ea7 100644
--- a/hw/ppc/ppc4xx_devs.c
+++ b/hw/ppc/ppc4xx_devs.c
@@ -24,6 +24,7 @@
#include "hw/hw.h"
#include "hw/ppc/ppc.h"
#include "hw/ppc/ppc4xx.h"
+#include "hw/boards.h"
#include "qemu/log.h"
#include "exec/address-spaces.h"
@@ -694,8 +695,8 @@ ram_addr_t ppc4xx_sdram_adjust(ram_addr_t ram_size, int nr_banks,
if (bank_size <= size_left) {
char name[32];
snprintf(name, sizeof(name), "ppc4xx.sdram%d", i);
- memory_region_init_ram(&ram_memories[i], NULL, name, bank_size);
- vmstate_register_ram_global(&ram_memories[i]);
+ memory_region_allocate_system_memory(&ram_memories[i], NULL,
+ name, bank_size);
ram_bases[i] = base;
ram_sizes[i] = bank_size;
base += bank_size;
diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index aa8717d75d..f0ef1af118 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -417,8 +417,7 @@ static void ppc_prep_init(MachineState *machine)
}
/* allocate RAM */
- memory_region_init_ram(ram, NULL, "ppc_prep.ram", ram_size);
- vmstate_register_ram_global(ram);
+ memory_region_allocate_system_memory(ram, NULL, "ppc_prep.ram", ram_size);
memory_region_add_subregion(sysmem, 0, ram);
if (linux_boot) {
diff --git a/hw/ppc/virtex_ml507.c b/hw/ppc/virtex_ml507.c
index 02b4f828d3..0de51481f3 100644
--- a/hw/ppc/virtex_ml507.c
+++ b/hw/ppc/virtex_ml507.c
@@ -222,8 +222,7 @@ static void virtex_init(MachineState *machine)
env = &cpu->env;
qemu_register_reset(main_cpu_reset, cpu);
- memory_region_init_ram(phys_ram, NULL, "ram", ram_size);
- vmstate_register_ram_global(phys_ram);
+ memory_region_allocate_system_memory(phys_ram, NULL, "ram", ram_size);
memory_region_add_subregion(address_space_mem, ram_base, phys_ram);
dinfo = drive_get(IF_PFLASH, 0, 0);
From 658fa66b8192e4b755880609f2845aef9797d048 Mon Sep 17 00:00:00 2001
From: Alexey Kardashevskiy <aik@ozlabs.ru>
Date: Fri, 11 Jul 2014 01:03:41 +1000
Subject: [PATCH 3/5] spapr: Move RMA memory region registration code
PPC970 does not support VRMA (virtual RMA) so real memory required
for SLOF to execute must be allocated by the KVM_ALLOCATE_RMA ioctl.
Later this memory is used as a part of the guest RAM area.
The RMA allocating code also registers a memory region for this piece
of RAM.
We are going to simplify memory regions layout: RMA memory region
will be a subregion in the RAM memory region, both starting from zero.
This way we will not have to take care of start address alignment for
the piece of RAM next to the RMA.
This moves memory region business closer to the RAM memory region
creation/allocation code.
As this is a mechanical patch, no change in behaviour is expected.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
[agraf: fix compilation on non-kvm systems]
Signed-off-by: Alexander Graf <agraf@suse.de>
---
hw/ppc/spapr.c | 12 +++++++++++-
target-ppc/kvm.c | 13 +++----------
target-ppc/kvm_ppc.h | 4 ++--
3 files changed, 16 insertions(+), 13 deletions(-)
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index a23c0f080e..4ae5dbf8ba 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1223,6 +1223,8 @@ static void ppc_spapr_init(MachineState *machine)
int i;
MemoryRegion *sysmem = get_system_memory();
MemoryRegion *ram = g_new(MemoryRegion, 1);
+ MemoryRegion *rma_region;
+ void *rma = NULL;
hwaddr rma_alloc_size;
hwaddr node0_size = (nb_numa_nodes > 1) ? numa_info[0].node_mem : ram_size;
uint32_t initrd_base = 0;
@@ -1239,7 +1241,7 @@ static void ppc_spapr_init(MachineState *machine)
cpu_ppc_hypercall = emulate_spapr_hypercall;
/* Allocate RMA if necessary */
- rma_alloc_size = kvmppc_alloc_rma("ppc_spapr.rma", sysmem);
+ rma_alloc_size = kvmppc_alloc_rma(&rma);
if (rma_alloc_size == -1) {
hw_error("qemu: Unable to create RMA\n");
@@ -1342,6 +1344,14 @@ static void ppc_spapr_init(MachineState *machine)
memory_region_add_subregion(sysmem, nonrma_base, ram);
}
+ if (rma_alloc_size && rma) {
+ rma_region = g_new(MemoryRegion, 1);
+ memory_region_init_ram_ptr(rma_region, NULL, "ppc_spapr.rma",
+ rma_alloc_size, rma);
+ vmstate_register_ram_global(rma_region);
+ memory_region_add_subregion(sysmem, 0, rma_region);
+ }
+
filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, "spapr-rtas.bin");
spapr->rtas_size = load_image_targphys(filename, spapr->rtas_addr,
rtas_limit - spapr->rtas_addr);
diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
index 2d87108d8b..42718f77ae 100644
--- a/target-ppc/kvm.c
+++ b/target-ppc/kvm.c
@@ -1580,13 +1580,11 @@ int kvmppc_smt_threads(void)
}
#ifdef TARGET_PPC64
-off_t kvmppc_alloc_rma(const char *name, MemoryRegion *sysmem)
+off_t kvmppc_alloc_rma(void **rma)
{
- void *rma;
off_t size;
int fd;
struct kvm_allocate_rma ret;
- MemoryRegion *rma_region;
/* If cap_ppc_rma == 0, contiguous RMA allocation is not supported
* if cap_ppc_rma == 1, contiguous RMA allocation is supported, but
@@ -1609,17 +1607,12 @@ off_t kvmppc_alloc_rma(const char *name, MemoryRegion *sysmem)
size = MIN(ret.rma_size, 256ul << 20);
- rma = mmap(NULL, size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
- if (rma == MAP_FAILED) {
+ *rma = mmap(NULL, size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
+ if (*rma == MAP_FAILED) {
fprintf(stderr, "KVM: Error mapping RMA: %s\n", strerror(errno));
return -1;
};
- rma_region = g_new(MemoryRegion, 1);
- memory_region_init_ram_ptr(rma_region, NULL, name, size, rma);
- vmstate_register_ram_global(rma_region);
- memory_region_add_subregion(sysmem, 0, rma_region);
-
return size;
}
diff --git a/target-ppc/kvm_ppc.h b/target-ppc/kvm_ppc.h
index 1118122d89..d9516e73ef 100644
--- a/target-ppc/kvm_ppc.h
+++ b/target-ppc/kvm_ppc.h
@@ -31,7 +31,7 @@ int kvmppc_or_tsr_bits(PowerPCCPU *cpu, uint32_t tsr_bits);
int kvmppc_set_tcr(PowerPCCPU *cpu);
int kvmppc_booke_watchdog_enable(PowerPCCPU *cpu);
#ifndef CONFIG_USER_ONLY
-off_t kvmppc_alloc_rma(const char *name, MemoryRegion *sysmem);
+off_t kvmppc_alloc_rma(void **rma);
bool kvmppc_spapr_use_multitce(void);
void *kvmppc_create_spapr_tce(uint32_t liobn, uint32_t window_size, int *pfd,
bool vfio_accel);
@@ -134,7 +134,7 @@ static inline int kvmppc_booke_watchdog_enable(PowerPCCPU *cpu)
}
#ifndef CONFIG_USER_ONLY
-static inline off_t kvmppc_alloc_rma(const char *name, MemoryRegion *sysmem)
+static inline off_t kvmppc_alloc_rma(void **rma)
{
return 0;
}
From f92f5da108225fc7dcc5f357fdc473083890fe3f Mon Sep 17 00:00:00 2001
From: Alexey Kardashevskiy <aik@ozlabs.ru>
Date: Fri, 11 Jul 2014 01:03:42 +1000
Subject: [PATCH 4/5] spapr: Enable use of huge pages
0b183fc87 "memory: move mem_path handling to
memory_region_allocate_system_memory" disabled -mempath use for all
machines that do not use memory_region_allocate_system_memory() to
register RAM. Since SPAPR uses memory_region_init_ram(), the huge pages
support was disabled for it.
This replaces memory_region_init_ram()+vmstate_register_ram_global() with
memory_region_allocate_system_memory() to get huge pages back.
This changes RAM size from (ram_limit - rma_alloc_size) to ram_limit as
the previous patch moved RMA memory region allocation after RAM allocation
and therefore this change does not have immediate effect but simplifies
the code.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexander Graf <agraf@suse.de>
---
hw/ppc/spapr.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 4ae5dbf8ba..d01978f3dc 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1335,14 +1335,9 @@ static void ppc_spapr_init(MachineState *machine)
/* allocate RAM */
spapr->ram_limit = ram_size;
- if (spapr->ram_limit > rma_alloc_size) {
- ram_addr_t nonrma_base = rma_alloc_size;
- ram_addr_t nonrma_size = spapr->ram_limit - rma_alloc_size;
-
- memory_region_init_ram(ram, NULL, "ppc_spapr.ram", nonrma_size);
- vmstate_register_ram_global(ram);
- memory_region_add_subregion(sysmem, nonrma_base, ram);
- }
+ memory_region_allocate_system_memory(ram, NULL, "ppc_spapr.ram",
+ spapr->ram_limit);
+ memory_region_add_subregion(sysmem, 0, ram);
if (rma_alloc_size && rma) {
rma_region = g_new(MemoryRegion, 1);
From 27e27782f78212cbd97170b0854c35a0738cfd34 Mon Sep 17 00:00:00 2001
From: Gavin Shan <gwshan@linux.vnet.ibm.com>
Date: Mon, 14 Jul 2014 22:09:43 +1000
Subject: [PATCH 5/5] sPAPR/IOMMU: Fix TCE entry permission
The permission of TCE entry should exclude physical base address.
Otherwise, unmapping TCE entry can be interpreted to mapping TCE
entry wrongly for VFIO devices.
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
---
hw/misc/vfio.c | 2 +-
hw/ppc/spapr_iommu.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c
index aef4c9ce9d..0b9eba0c84 100644
--- a/hw/misc/vfio.c
+++ b/hw/misc/vfio.c
@@ -2489,7 +2489,7 @@ static void vfio_iommu_map_notify(Notifier *n, void *data)
return;
}
- if (iotlb->perm != IOMMU_NONE) {
+ if ((iotlb->perm & IOMMU_RW) != IOMMU_NONE) {
vaddr = memory_region_get_ram_ptr(mr) + xlat;
ret = vfio_dma_map(container, iotlb->iova,
diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c
index 698ae60953..f6e32a48af 100644
--- a/hw/ppc/spapr_iommu.c
+++ b/hw/ppc/spapr_iommu.c
@@ -81,7 +81,7 @@ static IOMMUTLBEntry spapr_tce_translate_iommu(MemoryRegion *iommu, hwaddr addr)
ret.iova = addr & page_mask;
ret.translated_addr = tce & page_mask;
ret.addr_mask = ~page_mask;
- ret.perm = tce;
+ ret.perm = tce & IOMMU_RW;
}
trace_spapr_iommu_xlate(tcet->liobn, addr, ret.iova, ret.perm,
ret.addr_mask);
@@ -223,7 +223,7 @@ static target_ulong put_tce_emu(sPAPRTCETable *tcet, target_ulong ioba,
entry.iova = ioba & page_mask;
entry.translated_addr = tce & page_mask;
entry.addr_mask = ~page_mask;
- entry.perm = tce;
+ entry.perm = tce & IOMMU_RW;
memory_region_notify_iommu(&tcet->iommu, entry);
return H_SUCCESS;