Commit 6d967cb8 authored by Emilio G. Cota's avatar Emilio G. Cota Committed by Richard Henderson
Browse files

cputlb: update TLB entry/index after tlb_fill 



We are failing to take into account that tlb_fill() can cause a
TLB resize, which renders prior TLB entry pointers/indices stale.
Fix it by re-doing the TLB entry lookups immediately after tlb_fill.

Fixes: 86e1eff8 ("tcg: introduce dynamic TLB sizing", 2019-01-28)
Reported-by: default avatarMax Filippov <jcmvbkbc@gmail.com>
Tested-by: default avatarMax Filippov <jcmvbkbc@gmail.com>
Signed-off-by: default avatarEmilio G. Cota <cota@braap.org>
Message-Id: <20190209162745.12668-3-cota@braap.org>
Signed-off-by: default avatarRichard Henderson <richard.henderson@linaro.org>
parent ae56a2ff

accel/tcg/cputlb.c

+4 −0
Original line number Diff line number Diff line
@@ -1045,6 +1045,8 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr) 
    if (unlikely(!tlb_hit(entry->addr_code, addr))) {

        if (!VICTIM_TLB_HIT(addr_code, addr)) {

            tlb_fill(ENV_GET_CPU(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0);

            index = tlb_index(env, mmu_idx, addr);

            entry = tlb_entry(env, mmu_idx, addr);

        }

        assert(tlb_hit(entry->addr_code, addr));

    }
@@ -1125,6 +1127,8 @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr, 
        if (!VICTIM_TLB_HIT(addr_write, addr)) {

            tlb_fill(ENV_GET_CPU(env), addr, 1 << s_bits, MMU_DATA_STORE,

                     mmu_idx, retaddr);

            index = tlb_index(env, mmu_idx, addr);

            tlbe = tlb_entry(env, mmu_idx, addr);

        }

        tlb_addr = tlb_addr_write(tlbe) & ~TLB_INVALID_MASK;

    }

accel/tcg/softmmu_template.h

+8 −0
Original line number Diff line number Diff line
@@ -129,6 +129,8 @@ WORD_TYPE helper_le_ld_name(CPUArchState *env, target_ulong addr, 
        if (!VICTIM_TLB_HIT(ADDR_READ, addr)) {

            tlb_fill(ENV_GET_CPU(env), addr, DATA_SIZE, READ_ACCESS_TYPE,

                     mmu_idx, retaddr);

            index = tlb_index(env, mmu_idx, addr);

            entry = tlb_entry(env, mmu_idx, addr);

        }

        tlb_addr = entry->ADDR_READ;

    }
@@ -198,6 +200,8 @@ WORD_TYPE helper_be_ld_name(CPUArchState *env, target_ulong addr, 
        if (!VICTIM_TLB_HIT(ADDR_READ, addr)) {

            tlb_fill(ENV_GET_CPU(env), addr, DATA_SIZE, READ_ACCESS_TYPE,

                     mmu_idx, retaddr);

            index = tlb_index(env, mmu_idx, addr);

            entry = tlb_entry(env, mmu_idx, addr);

        }

        tlb_addr = entry->ADDR_READ;

    }
@@ -294,6 +298,8 @@ void helper_le_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val, 
        if (!VICTIM_TLB_HIT(addr_write, addr)) {

            tlb_fill(ENV_GET_CPU(env), addr, DATA_SIZE, MMU_DATA_STORE,

                     mmu_idx, retaddr);

            index = tlb_index(env, mmu_idx, addr);

            entry = tlb_entry(env, mmu_idx, addr);

        }

        tlb_addr = tlb_addr_write(entry) & ~TLB_INVALID_MASK;

    }
@@ -372,6 +378,8 @@ void helper_be_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val, 
        if (!VICTIM_TLB_HIT(addr_write, addr)) {

            tlb_fill(ENV_GET_CPU(env), addr, DATA_SIZE, MMU_DATA_STORE,

                     mmu_idx, retaddr);

            index = tlb_index(env, mmu_idx, addr);

            entry = tlb_entry(env, mmu_idx, addr);

        }

        tlb_addr = tlb_addr_write(entry) & ~TLB_INVALID_MASK;

    }