From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:43437)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <agraf@suse.de>) id 1QhIdu-0004oI-DR
	for qemu-devel@nongnu.org; Thu, 14 Jul 2011 05:55:41 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <agraf@suse.de>) id 1QhIdr-000569-6U
	for qemu-devel@nongnu.org; Thu, 14 Jul 2011 05:55:38 -0400
Received: from cantor2.suse.de ([195.135.220.15]:41004 helo=mx2.suse.de)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <agraf@suse.de>) id 1QhIdq-00055g-7P
	for qemu-devel@nongnu.org; Thu, 14 Jul 2011 05:55:34 -0400
Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.221.2])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx2.suse.de (Postfix) with ESMTP id 07EBF8EEDE
	for <qemu-devel@nongnu.org>; Thu, 14 Jul 2011 11:55:32 +0200 (CEST)
From: Alexander Graf <agraf@suse.de>
Date: Wed, 13 Jul 2011 04:44:09 +0200
Message-Id: <1310525052-22530-3-git-send-email-agraf@suse.de>
In-Reply-To: <1310525052-22530-1-git-send-email-agraf@suse.de>
References: <1310525052-22530-1-git-send-email-agraf@suse.de>
Subject: [Qemu-devel] [PATCH 2/5] s390x: make ipte 31-bit aware
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "qemu-devel@nongnu.org Developers" <qemu-devel@nongnu.org>

When running 31-bit code we can potentially map the same virtual
address twice - once as 0x0yyyyyyy and once as 0x8yyyyyyy, because
the upper bit gets ignored.

This also should be reflected in the tlb invalidation path, so we
really invalidate also the transparently created tlb entries.

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 target-s390x/op_helper.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/target-s390x/op_helper.c b/target-s390x/op_helper.c
index 1db6f5e..245fb2c 100644
--- a/target-s390x/op_helper.c
+++ b/target-s390x/op_helper.c
@@ -2949,6 +2949,13 @@ void HELPER(ipte)(uint64_t pte_addr, uint64_t vaddr)
     /* XXX we exploit the fact that Linux passes the exact virtual
            address here - it's not obliged to! */
     tlb_flush_page(env, page);
+
+    /* XXX 31-bit hack */
+    if (page & 0x80000000) {
+        tlb_flush_page(env, page & ~0x80000000);
+    } else {
+        tlb_flush_page(env, page | 0x80000000);
+    }
 }
 
 /* flush local tlb */
-- 
1.6.0.2