Fix off-by-one address checks in MIPS64 MMU, by Aurelien Jarno.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3718 c046a42c-6fe2-441c-8c8c-71466251a162
This commit is contained in:
parent
89dfe89805
commit
67d6abff60
@ -133,7 +133,7 @@ static int get_physical_address (CPUState *env, target_ulong *physical,
|
||||
#if defined(TARGET_MIPS64)
|
||||
} else if (address < 0x4000000000000000ULL) {
|
||||
/* xuseg */
|
||||
if (UX && address < (0x3FFFFFFFFFFFFFFFULL & env->SEGMask)) {
|
||||
if (UX && address <= (0x3FFFFFFFFFFFFFFFULL & env->SEGMask)) {
|
||||
ret = env->tlb->map_address(env, physical, prot, address, rw, access_type);
|
||||
} else {
|
||||
ret = TLBRET_BADADDR;
|
||||
@ -141,7 +141,7 @@ static int get_physical_address (CPUState *env, target_ulong *physical,
|
||||
} else if (address < 0x8000000000000000ULL) {
|
||||
/* xsseg */
|
||||
if ((supervisor_mode || kernel_mode) &&
|
||||
SX && address < (0x7FFFFFFFFFFFFFFFULL & env->SEGMask)) {
|
||||
SX && address <= (0x7FFFFFFFFFFFFFFFULL & env->SEGMask)) {
|
||||
ret = env->tlb->map_address(env, physical, prot, address, rw, access_type);
|
||||
} else {
|
||||
ret = TLBRET_BADADDR;
|
||||
@ -150,7 +150,7 @@ static int get_physical_address (CPUState *env, target_ulong *physical,
|
||||
/* xkphys */
|
||||
/* XXX: Assumes PABITS = 36 (correct for MIPS64R1) */
|
||||
if (kernel_mode && KX &&
|
||||
(address & 0x07FFFFFFFFFFFFFFULL) < 0x0000000FFFFFFFFFULL) {
|
||||
(address & 0x07FFFFFFFFFFFFFFULL) <= 0x0000000FFFFFFFFFULL) {
|
||||
*physical = address & 0x0000000FFFFFFFFFULL;
|
||||
*prot = PAGE_READ | PAGE_WRITE;
|
||||
} else {
|
||||
@ -159,7 +159,7 @@ static int get_physical_address (CPUState *env, target_ulong *physical,
|
||||
} else if (address < 0xFFFFFFFF80000000ULL) {
|
||||
/* xkseg */
|
||||
if (kernel_mode && KX &&
|
||||
address < (0xFFFFFFFF7FFFFFFFULL & env->SEGMask)) {
|
||||
address <= (0xFFFFFFFF7FFFFFFFULL & env->SEGMask)) {
|
||||
ret = env->tlb->map_address(env, physical, prot, address, rw, access_type);
|
||||
} else {
|
||||
ret = TLBRET_BADADDR;
|
||||
|
Loading…
Reference in New Issue
Block a user