From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58322) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fdysK-0006pZ-Np for qemu-devel@nongnu.org; Fri, 13 Jul 2018 10:16:49 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fdysJ-0003az-Pj for qemu-devel@nongnu.org; Fri, 13 Jul 2018 10:16:48 -0400 From: Peter Maydell Date: Fri, 13 Jul 2018 15:16:35 +0100 Message-Id: <20180713141636.18665-2-peter.maydell@linaro.org> In-Reply-To: <20180713141636.18665-1-peter.maydell@linaro.org> References: <20180713141636.18665-1-peter.maydell@linaro.org> Subject: [Qemu-devel] [PATCH for-3.0 1/2] accel/tcg: Use correct test when looking in victim TLB for code List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: patches@linaro.org, Richard Henderson In get_page_addr_code(), we were incorrectly looking in the victim TLB for an entry which matched the target address for reads, not for code accesses. This meant that we could hit on a victim TLB entry that indicated that the address was readable but not executable, and incorrectly bypass the call to tlb_fill() which should generate the guest MMU exception. Fix this bug. Signed-off-by: Peter Maydell --- accel/tcg/cputlb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c index 20c147d6554..2d5fb15d9a3 100644 --- a/accel/tcg/cputlb.c +++ b/accel/tcg/cputlb.c @@ -967,7 +967,7 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr) index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1); mmu_idx = cpu_mmu_index(env, true); if (unlikely(!tlb_hit(env->tlb_table[mmu_idx][index].addr_code, addr))) { - if (!VICTIM_TLB_HIT(addr_read, addr)) { + if (!VICTIM_TLB_HIT(addr_code, addr)) { tlb_fill(ENV_GET_CPU(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0); } } -- 2.17.1