Bypass any tlb protection checks, as this is not a "real"
access to memory per the architecture.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/hppa/int_helper.c |  2 +-
 target/hppa/mem_helper.c | 19 ++++++++++++++-----
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/target/hppa/int_helper.c b/target/hppa/int_helper.c
index ee72769544..e831944b8d 100644
--- a/target/hppa/int_helper.c
+++ b/target/hppa/int_helper.c
@@ -154,7 +154,7 @@ void hppa_cpu_do_interrupt(CPUState *cs)
                 int prot, t;
 
                 vaddr = hppa_form_gva_psw(old_psw, iasq_f, iaoq_f & -4);
-                t = hppa_get_physical_address(env, vaddr, 0, MMU_INST_FETCH,
+                t = hppa_get_physical_address(env, vaddr, 0, MMU_DEBUG_LOAD,
                                               &paddr, &prot);
                 if (t >= 0) {
                     /* We can't re-load the instruction.  */
diff --git a/target/hppa/mem_helper.c b/target/hppa/mem_helper.c
index a0a385cb54..4bdc4d77e5 100644
--- a/target/hppa/mem_helper.c
+++ b/target/hppa/mem_helper.c
@@ -131,12 +131,21 @@ int hppa_get_physical_address(CPUHPPAState *env, vaddr addr, int mmu_idx,
     /* ??? Check PSW_P and ent->access_prot.  This can remove PROT_WRITE.  */
 
     /* Map MMUAccessType to QEMU protection.  */
-    if (ifetch) {
-        a_prot = PROT_EXEC;
-    } else if (type == MMU_DATA_STORE) {
-        a_prot = PROT_WRITE;
-    } else {
+    switch (type) {
+    case MMU_DATA_LOAD:
         a_prot = PROT_READ;
+        break;
+    case MMU_DATA_STORE:
+        a_prot = PROT_WRITE;
+        break;
+    case MMU_INST_FETCH:
+        a_prot = PROT_EXEC;
+        break;
+    case MMU_DEBUG_LOAD:
+        ret = -1;
+        goto egress;
+    default:
+        g_assert_not_reached();
     }
 
     if (unlikely(!(prot & a_prot))) {
-- 
2.14.3