aboutsummaryrefslogtreecommitdiff
path: root/accel/tcg
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2018-07-13 15:16:35 +0100
committerPeter Maydell <peter.maydell@linaro.org>2018-07-16 17:26:01 +0100
commitb493ccf1fc82674ef73564b3c61e309105c9336b (patch)
tree4d782c803f7aeab41e4e80520f217651dc823b7f /accel/tcg
parent65e9f27f22ba273672a1960cabad0e6aae0fbba2 (diff)
accel/tcg: Use correct test when looking in victim TLB for code
In get_page_addr_code(), we were incorrectly looking in the victim TLB for an entry which matched the target address for reads, not for code accesses. This meant that we could hit on a victim TLB entry that indicated that the address was readable but not executable, and incorrectly bypass the call to tlb_fill() which should generate the guest MMU exception. Fix this bug. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20180713141636.18665-2-peter.maydell@linaro.org
Diffstat (limited to 'accel/tcg')
-rw-r--r--accel/tcg/cputlb.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index 20c147d655..2d5fb15d9a 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -967,7 +967,7 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
mmu_idx = cpu_mmu_index(env, true);
if (unlikely(!tlb_hit(env->tlb_table[mmu_idx][index].addr_code, addr))) {
- if (!VICTIM_TLB_HIT(addr_read, addr)) {
+ if (!VICTIM_TLB_HIT(addr_code, addr)) {
tlb_fill(ENV_GET_CPU(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0);
}
}