Fix for duplicate tlb check on unaligned access.

Fix for w^x code gen buffer mapping. -----BEGIN PGP SIGNATURE----- iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmLNEksdHHJpY2hhcmQu aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8KPwf9EybXFrlI1u9A2nOK 8puFCKdN7eGjYo2dkRd/CyqugmsaS3IuL9cooWi7/A6pOtyuIWdlyI/r+PAZat3p GfvZvx9GejWpbUv6GYX2extZAev1EbhaaM6ZOg/EZGOWTjiINZMztuIWhbjftRUj 6E8FLkj/5PWQzYvi6TbMMAMqg5QsYERZIZ4SfDfjE2a8s8rloYDBdvVEaG35NOa/ pv93clb7OrnE5VyJLHyfs8VwpbtJKsQy/Twwh1+828X/fetwJWT5AKfPZTIHLELL tVuABJA25wSfPPmjtXTzDjq5x5/UWKc16Zvk1tbcxuknLegxUH0Agy+qJRI3x5FA M3ZHOg== =b4EN -----END PGP SIGNATURE----- Merge tag 'pull-tcg-20220712' of https://gitlab.com/rth7680/qemu into staging Fix for duplicate tlb check on unaligned access. Fix for w^x code gen buffer mapping. # -----BEGIN PGP SIGNATURE----- # # iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmLNEksdHHJpY2hhcmQu # aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8KPwf9EybXFrlI1u9A2nOK # 8puFCKdN7eGjYo2dkRd/CyqugmsaS3IuL9cooWi7/A6pOtyuIWdlyI/r+PAZat3p # GfvZvx9GejWpbUv6GYX2extZAev1EbhaaM6ZOg/EZGOWTjiINZMztuIWhbjftRUj # 6E8FLkj/5PWQzYvi6TbMMAMqg5QsYERZIZ4SfDfjE2a8s8rloYDBdvVEaG35NOa/ # pv93clb7OrnE5VyJLHyfs8VwpbtJKsQy/Twwh1+828X/fetwJWT5AKfPZTIHLELL # tVuABJA25wSfPPmjtXTzDjq5x5/UWKc16Zvk1tbcxuknLegxUH0Agy+qJRI3x5FA # M3ZHOg== # =b4EN # -----END PGP SIGNATURE----- # gpg: Signature made Tue 12 Jul 2022 11:48:51 AM +0530 # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "richard.henderson@linaro.org" # gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate] * tag 'pull-tcg-20220712' of https://gitlab.com/rth7680/qemu: accel/tcg: Fix unaligned stores to s390x low-address-protected lowcore tcg: Fix returned type in alloc_code_gen_buffer_splitwx_memfd() Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-12 11:52:11 +05:30 · 2022-07-12 11:52:11 +05:30 · 08c8a31214
parent 9fed1bca6b b0f650f047
commit 08c8a31214
2 changed files with 6 additions and 4 deletions
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@ -2248,7 +2248,7 @@ store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
    const size_t tlb_off = offsetof(CPUTLBEntry, addr_write);
    uintptr_t index, index2;
    CPUTLBEntry *entry, *entry2;
-    target_ulong page2, tlb_addr, tlb_addr2;
+    target_ulong page1, page2, tlb_addr, tlb_addr2;
    MemOpIdx oi;
    size_t size2;
    int i;
@ -2256,15 +2256,17 @@ store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
    /*
     * Ensure the second page is in the TLB.  Note that the first page
     * is already guaranteed to be filled, and that the second page
-     * cannot evict the first.
+     * cannot evict the first.  An exception to this rule is PAGE_WRITE_INV
+     * handling: the first page could have evicted itself.
     */
+    page1 = addr & TARGET_PAGE_MASK;
    page2 = (addr + size) & TARGET_PAGE_MASK;
    size2 = (addr + size) & ~TARGET_PAGE_MASK;
    index2 = tlb_index(env, mmu_idx, page2);
    entry2 = tlb_entry(env, mmu_idx, page2);

    tlb_addr2 = tlb_addr_write(entry2);
-    if (!tlb_hit_page(tlb_addr2, page2)) {
+    if (page1 != page2 && !tlb_hit_page(tlb_addr2, page2)) {
        if (!victim_tlb_hit(env, mmu_idx, index2, tlb_off, page2)) {
            tlb_fill(env_cpu(env), page2, size2, MMU_DATA_STORE,
                     mmu_idx, retaddr);
--- a/tcg/region.c
+++ b/tcg/region.c
@ -548,7 +548,7 @@ static int alloc_code_gen_buffer_anon(size_t size, int prot,
 #ifdef CONFIG_POSIX
 #include "qemu/memfd.h"

-static bool alloc_code_gen_buffer_splitwx_memfd(size_t size, Error **errp)
+static int alloc_code_gen_buffer_splitwx_memfd(size_t size, Error **errp)
 {
    void *buf_rw = NULL, *buf_rx = MAP_FAILED;
    int fd = -1;