1. Patchew
  2. QEMU
  3. [Qemu-devel] [PULL 0/8] target-arm queue
  4. View patch

[Qemu-devel] [PULL 7/8] accel/tcg: Use correct test when looking in victim TLB for code

Peter Maydell posted 8 patches 6 years, 9 months ago
There is a newer version of this series
[Qemu-devel] [PULL 7/8] accel/tcg: Use correct test when looking in victim TLB for code
Posted by Peter Maydell 6 years, 9 months ago 
In get_page_addr_code(), we were incorrectly looking in the victim
TLB for an entry which matched the target address for reads, not
for code accesses. This meant that we could hit on a victim TLB
entry that indicated that the address was readable but not
executable, and incorrectly bypass the call to tlb_fill() which
should generate the guest MMU exception. Fix this bug.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180713141636.18665-2-peter.maydell@linaro.org
---
 accel/tcg/cputlb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index 20c147d6554..2d5fb15d9a3 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -967,7 +967,7 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
     index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
     mmu_idx = cpu_mmu_index(env, true);
     if (unlikely(!tlb_hit(env->tlb_table[mmu_idx][index].addr_code, addr))) {
-        if (!VICTIM_TLB_HIT(addr_read, addr)) {
+        if (!VICTIM_TLB_HIT(addr_code, addr)) {
             tlb_fill(ENV_GET_CPU(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0);
         }
     }
-- 
2.17.1

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.