qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PULL 03/11] target/hppa: fix TLB handling for page 0

From: Richard Henderson
Subject: [Qemu-devel] [PULL 03/11] target/hppa: fix TLB handling for page 0
Date: Tue, 12 Mar 2019 09:18:56 -0700 
From: Sven Schnelle <address@hidden>

Assume the following sequence:

pitlbe r0(sr0,r0)
iitlba r4,(sr0,r0)
ldil L%3000000,r5
iitlbp r5,(sr0,r0)

This will purge the whole TLB and add an entry for page 0. However
the current TLB implementation in helper_iitlba() will store to
the last empty TLB entry, while helper_iitlbp() will write to the
first empty entry. That is because an empty entry will match address
0 in helper_iitlba()

Signed-off-by: Sven Schnelle <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Richard Henderson <address@hidden>
---
 target/hppa/mem_helper.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/target/hppa/mem_helper.c b/target/hppa/mem_helper.c
index aecf3075f6..648b94cc12 100644
--- a/target/hppa/mem_helper.c
+++ b/target/hppa/mem_helper.c
@@ -242,11 +242,13 @@ void HELPER(itlba)(CPUHPPAState *env, target_ulong addr, 
target_ureg reg)
     /* Zap any old entries covering ADDR; notice empty entries on the way.  */
     for (i = 0; i < ARRAY_SIZE(env->tlb); ++i) {
         hppa_tlb_entry *ent = &env->tlb[i];
-        if (!ent->entry_valid) {
-            empty = ent;
-        } else if (ent->va_b <= addr && addr <= ent->va_e) {
-            hppa_flush_tlb_ent(env, ent);
-            empty = ent;
+        if (ent->va_b <= addr && addr <= ent->va_e) {
+            if (ent->entry_valid) {
+                hppa_flush_tlb_ent(env, ent);
+            }
+            if (!empty) {
+                empty = ent;
+            }
         }
     }
 
-- 
2.17.2
reply via email to
[Prev in Thread] Current Thread [Next in Thread]