diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2018-07-13 15:16:35 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2018-07-16 17:26:01 +0100 |
| commit | b493ccf1fc82674ef73564b3c61e309105c9336b (patch) | |
| tree | 4d782c803f7aeab41e4e80520f217651dc823b7f /accel/tcg | |
| parent | 65e9f27f22ba273672a1960cabad0e6aae0fbba2 (diff) | |
| download | qemu-b493ccf1fc82674ef73564b3c61e309105c9336b.zip qemu-b493ccf1fc82674ef73564b3c61e309105c9336b.tar.gz qemu-b493ccf1fc82674ef73564b3c61e309105c9336b.tar.bz2 | |
accel/tcg: Use correct test when looking in victim TLB for code
In get_page_addr_code(), we were incorrectly looking in the victim
TLB for an entry which matched the target address for reads, not
for code accesses. This meant that we could hit on a victim TLB
entry that indicated that the address was readable but not
executable, and incorrectly bypass the call to tlb_fill() which
should generate the guest MMU exception. Fix this bug.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20180713141636.18665-2-peter.maydell@linaro.org
Diffstat (limited to 'accel/tcg')
| -rw-r--r-- | accel/tcg/cputlb.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c index 20c147d..2d5fb15 100644 --- a/accel/tcg/cputlb.c +++ b/accel/tcg/cputlb.c @@ -967,7 +967,7 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr) index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1); mmu_idx = cpu_mmu_index(env, true); if (unlikely(!tlb_hit(env->tlb_table[mmu_idx][index].addr_code, addr))) { - if (!VICTIM_TLB_HIT(addr_read, addr)) { + if (!VICTIM_TLB_HIT(addr_code, addr)) { tlb_fill(ENV_GET_CPU(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0); } } |