Skip to content

Commit 6d967cb

Browse files
cotarth7680
cota
authored and
rth7680
committed
cputlb: update TLB entry/index after tlb_fill
We are failing to take into account that tlb_fill() can cause a TLB resize, which renders prior TLB entry pointers/indices stale. Fix it by re-doing the TLB entry lookups immediately after tlb_fill. Fixes: 86e1eff ("tcg: introduce dynamic TLB sizing", 2019-01-28) Reported-by: Max Filippov <[email protected]> Tested-by: Max Filippov <[email protected]> Signed-off-by: Emilio G. Cota <[email protected]> Message-Id: <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
1 parent ae56a2f commit 6d967cb

File tree

2 files changed

+12
-0
lines changed

2 files changed

+12
-0
lines changed

accel/tcg/cputlb.c

+4
Original file line numberDiff line numberDiff line change
@@ -1045,6 +1045,8 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
10451045
if (unlikely(!tlb_hit(entry->addr_code, addr))) {
10461046
if (!VICTIM_TLB_HIT(addr_code, addr)) {
10471047
tlb_fill(ENV_GET_CPU(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0);
1048+
index = tlb_index(env, mmu_idx, addr);
1049+
entry = tlb_entry(env, mmu_idx, addr);
10481050
}
10491051
assert(tlb_hit(entry->addr_code, addr));
10501052
}
@@ -1125,6 +1127,8 @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
11251127
if (!VICTIM_TLB_HIT(addr_write, addr)) {
11261128
tlb_fill(ENV_GET_CPU(env), addr, 1 << s_bits, MMU_DATA_STORE,
11271129
mmu_idx, retaddr);
1130+
index = tlb_index(env, mmu_idx, addr);
1131+
tlbe = tlb_entry(env, mmu_idx, addr);
11281132
}
11291133
tlb_addr = tlb_addr_write(tlbe) & ~TLB_INVALID_MASK;
11301134
}

accel/tcg/softmmu_template.h

+8
Original file line numberDiff line numberDiff line change
@@ -129,6 +129,8 @@ WORD_TYPE helper_le_ld_name(CPUArchState *env, target_ulong addr,
129129
if (!VICTIM_TLB_HIT(ADDR_READ, addr)) {
130130
tlb_fill(ENV_GET_CPU(env), addr, DATA_SIZE, READ_ACCESS_TYPE,
131131
mmu_idx, retaddr);
132+
index = tlb_index(env, mmu_idx, addr);
133+
entry = tlb_entry(env, mmu_idx, addr);
132134
}
133135
tlb_addr = entry->ADDR_READ;
134136
}
@@ -198,6 +200,8 @@ WORD_TYPE helper_be_ld_name(CPUArchState *env, target_ulong addr,
198200
if (!VICTIM_TLB_HIT(ADDR_READ, addr)) {
199201
tlb_fill(ENV_GET_CPU(env), addr, DATA_SIZE, READ_ACCESS_TYPE,
200202
mmu_idx, retaddr);
203+
index = tlb_index(env, mmu_idx, addr);
204+
entry = tlb_entry(env, mmu_idx, addr);
201205
}
202206
tlb_addr = entry->ADDR_READ;
203207
}
@@ -294,6 +298,8 @@ void helper_le_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
294298
if (!VICTIM_TLB_HIT(addr_write, addr)) {
295299
tlb_fill(ENV_GET_CPU(env), addr, DATA_SIZE, MMU_DATA_STORE,
296300
mmu_idx, retaddr);
301+
index = tlb_index(env, mmu_idx, addr);
302+
entry = tlb_entry(env, mmu_idx, addr);
297303
}
298304
tlb_addr = tlb_addr_write(entry) & ~TLB_INVALID_MASK;
299305
}
@@ -372,6 +378,8 @@ void helper_be_st_name(CPUArchState *env, target_ulong addr, DATA_TYPE val,
372378
if (!VICTIM_TLB_HIT(addr_write, addr)) {
373379
tlb_fill(ENV_GET_CPU(env), addr, DATA_SIZE, MMU_DATA_STORE,
374380
mmu_idx, retaddr);
381+
index = tlb_index(env, mmu_idx, addr);
382+
entry = tlb_entry(env, mmu_idx, addr);
375383
}
376384
tlb_addr = tlb_addr_write(entry) & ~TLB_INVALID_MASK;
377385
}

0 commit comments

Comments
 (0)