aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Gibson <david@gibson.dropbear.id.au>2013-03-12 00:31:44 +0000
committerAlexander Graf <agraf@suse.de>2013-03-22 15:28:53 +0100
commit75d5ec89c03cb2f1a2bd0d9912e624ceb6fd1999 (patch)
tree103be9c1bae88ed2042ca742b0658944c90c3027
parent6d11d998bb866c92b0f81eb3cea2f7a3e617feb8 (diff)
downloadqemu-75d5ec89c03cb2f1a2bd0d9912e624ceb6fd1999.zip
qemu-75d5ec89c03cb2f1a2bd0d9912e624ceb6fd1999.tar.gz
qemu-75d5ec89c03cb2f1a2bd0d9912e624ceb6fd1999.tar.bz2
mmu-hash*: Correctly mask RPN from hash PTE
BEHAVIOUR CHANGE At present we take the whole of word 1 of the hash PTE as the real page number used to calculate the translated address. This is incorrect, because it leaves the flags from the low bits of PTE word 1 in place in the rpm. We mostly get away with that because the value is later masked by TARGET_PAGE_MASK. More recent 64-bit CPUs also have a small number of flag bits (PP0 and KEY) in the top bits of PTE word 1. Any guest which used those bits would fail with the current code. This patch fixes the problem by correctly masking out the RPN field of PTE word 1. This is safe, even for older CPUs which didn't have PP0 and KEY, because although the RPN notionally extended to the very top of PTE word 1, none of those CPUs actually implemented that many real address bits. We add analogous masking to the 32-bit code, even though it also doesn't have the high flag bits, for consistency and clarity. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Alexander Graf <agraf@suse.de>
-rw-r--r--target-ppc/mmu-hash32.c2
-rw-r--r--target-ppc/mmu-hash64.c2
2 files changed, 2 insertions, 2 deletions
diff --git a/target-ppc/mmu-hash32.c b/target-ppc/mmu-hash32.c
index e5ee29b..07e9b8c 100644
--- a/target-ppc/mmu-hash32.c
+++ b/target-ppc/mmu-hash32.c
@@ -346,7 +346,7 @@ static hwaddr ppc_hash32_htab_lookup(CPUPPCState *env,
static hwaddr ppc_hash32_pte_raddr(target_ulong sr, ppc_hash_pte32_t pte,
target_ulong eaddr)
{
- hwaddr rpn = pte.pte1;
+ hwaddr rpn = pte.pte1 & HPTE32_R_RPN;
hwaddr mask = ~TARGET_PAGE_MASK;
return (rpn & ~mask) | (eaddr & mask);
diff --git a/target-ppc/mmu-hash64.c b/target-ppc/mmu-hash64.c
index 5e168d5..d986c0f 100644
--- a/target-ppc/mmu-hash64.c
+++ b/target-ppc/mmu-hash64.c
@@ -365,7 +365,7 @@ static hwaddr ppc_hash64_htab_lookup(CPUPPCState *env,
static hwaddr ppc_hash64_pte_raddr(ppc_slb_t *slb, ppc_hash_pte64_t pte,
target_ulong eaddr)
{
- hwaddr rpn = pte.pte1;
+ hwaddr rpn = pte.pte1 & HPTE64_R_RPN;
/* FIXME: Add support for SLLP extended page sizes */
int target_page_bits = (slb->vsid & SLB_VSID_L)
? TARGET_PAGE_BITS_16M : TARGET_PAGE_BITS;