[v1] Bugfix: TCG cross-page overflow for 32 bit guest

[PATCH qemu 1/2] Fix: TCG cross-page overflow for 32 bit guest

~percival_foss posted 2 patches 7 months ago

Diff against v2
Download mbox

Maintainers: Richard Henderson <richard.henderson@linaro.org>, Paolo Bonzini <pbonzini@redhat.com>

There is a newer version of this series

[PATCH qemu 1/2] Fix: TCG cross-page overflow for 32 bit guest

Posted by ~percival_foss 7 months ago

From: foss@percivaleng.com <sean.stultz@percivaleng.com>

---
 accel/tcg/cputlb.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index fb22048876..457b3f8ec7 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -1767,6 +1767,13 @@ static bool mmu_lookup(CPUState *cpu, vaddr addr, MemOpIdx oi,
         l->page[1].size = l->page[0].size - size0;
         l->page[0].size = size0;
 
+        /* check for wrapping address space on page crossing if target is 32 bit */
+        #if TARGET_LONG_BITS == 32
+        if (l->page[1].addr >= (1UL << TARGET_LONG_BITS)) {
+            l->page[1].addr %= (1UL << TARGET_LONG_BITS);
+        }
+        # endif
+
         /*
          * Lookup both pages, recognizing exceptions from either.  If the
          * second lookup potentially resized, refresh first CPUTLBEntryFull.
-- 
2.45.3

[PATCH qemu 1/2] Fix: TCG cross-page overflow for 32 bit guest
[PATCH qemu 2/2] Added TCG cross-page overflow test