diff options
author | Peter Maydell <peter.maydell@linaro.org> | 2018-08-14 17:17:19 +0100 |
---|---|---|
committer | Peter Maydell <peter.maydell@linaro.org> | 2018-08-14 17:17:19 +0100 |
commit | 55a7cb144d8565583d31c323672745f87fca9954 (patch) | |
tree | 9433478562044ee5ff2eddaca0734f84f5217573 /exec.c | |
parent | d4b6275df320cee764d56b194b1898547f545857 (diff) | |
download | qemu-55a7cb144d8565583d31c323672745f87fca9954.zip qemu-55a7cb144d8565583d31c323672745f87fca9954.tar.gz qemu-55a7cb144d8565583d31c323672745f87fca9954.tar.bz2 |
accel/tcg: Check whether TLB entry is RAM consistently with how we set it up
We set up TLB entries in tlb_set_page_with_attrs(), where we have
some logic for determining whether the TLB entry is considered
to be RAM-backed, and thus has a valid addend field. When we
look at the TLB entry in get_page_addr_code(), we use different
logic for determining whether to treat the page as RAM-backed
and use the addend field. This is confusing, and in fact buggy,
because the code in tlb_set_page_with_attrs() correctly decides
that rom_device memory regions not in romd mode are not RAM-backed,
but the code in get_page_addr_code() thinks they are RAM-backed.
This typically results in "Bad ram pointer" assertion if the
guest tries to execute from such a memory region.
Fix this by making get_page_addr_code() just look at the
TLB_MMIO bit in the code_address field of the TLB, which
tlb_set_page_with_attrs() sets if and only if the addend
field is not valid for code execution.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180713150945.12348-1-peter.maydell@linaro.org
Diffstat (limited to 'exec.c')
-rw-r--r-- | exec.c | 6 |
1 files changed, 0 insertions, 6 deletions
@@ -402,12 +402,6 @@ static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr addr) } } -bool memory_region_is_unassigned(MemoryRegion *mr) -{ - return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device - && mr != &io_mem_watch; -} - /* Called from RCU critical section */ static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d, hwaddr addr, |