From b493ccf1fc82674ef73564b3c61e309105c9336b Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 13 Jul 2018 15:16:35 +0100 Subject: accel/tcg: Use correct test when looking in victim TLB for code In get_page_addr_code(), we were incorrectly looking in the victim TLB for an entry which matched the target address for reads, not for code accesses. This meant that we could hit on a victim TLB entry that indicated that the address was readable but not executable, and incorrectly bypass the call to tlb_fill() which should generate the guest MMU exception. Fix this bug. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20180713141636.18665-2-peter.maydell@linaro.org --- accel/tcg/cputlb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c index 20c147d655..2d5fb15d9a 100644 --- a/accel/tcg/cputlb.c +++ b/accel/tcg/cputlb.c @@ -967,7 +967,7 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr) index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1); mmu_idx = cpu_mmu_index(env, true); if (unlikely(!tlb_hit(env->tlb_table[mmu_idx][index].addr_code, addr))) { - if (!VICTIM_TLB_HIT(addr_read, addr)) { + if (!VICTIM_TLB_HIT(addr_code, addr)) { tlb_fill(ENV_GET_CPU(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0); } } -- cgit v1.2.3