qemu/include/exec
Peter Maydell 55a7cb144d accel/tcg: Check whether TLB entry is RAM consistently with how we set it up
We set up TLB entries in tlb_set_page_with_attrs(), where we have
some logic for determining whether the TLB entry is considered
to be RAM-backed, and thus has a valid addend field. When we
look at the TLB entry in get_page_addr_code(), we use different
logic for determining whether to treat the page as RAM-backed
and use the addend field. This is confusing, and in fact buggy,
because the code in tlb_set_page_with_attrs() correctly decides
that rom_device memory regions not in romd mode are not RAM-backed,
but the code in get_page_addr_code() thinks they are RAM-backed.
This typically results in "Bad ram pointer" assertion if the
guest tries to execute from such a memory region.

Fix this by making get_page_addr_code() just look at the
TLB_MMIO bit in the code_address field of the TLB, which
tlb_set_page_with_attrs() sets if and only if the addend
field is not valid for code execution.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180713150945.12348-1-peter.maydell@linaro.org
2018-08-14 17:17:19 +01:00
..
user linux-user: Assert on bad type in thunk_type_align() and thunk_type_size() 2018-05-24 20:46:54 +02:00
address-spaces.h
cpu_ldst_template.h
cpu_ldst_useronly_template.h trace: fix misreporting of TCG access sizes for user-space 2018-06-27 11:09:24 +01:00
cpu_ldst.h tcg: Define and use new tlb_hit() and tlb_hit_page() functions 2018-07-02 08:02:20 -07:00
cpu-all.h tcg: Define and use new tlb_hit() and tlb_hit_page() functions 2018-07-02 08:02:20 -07:00
cpu-common.h tcg: remove tb_lock 2018-06-15 08:18:48 -10:00
cpu-defs.h cpu-defs.h: Document CPUIOTLBEntry 'addr' field 2018-06-15 15:23:34 +01:00
cputlb.h cputlb: bring back tlb_flush_count under !TLB_DEBUG 2017-10-10 07:37:10 -07:00
exec-all.h accel/tcg: Check whether TLB entry is RAM consistently with how we set it up 2018-08-14 17:17:19 +01:00
gdbstub.h gdbstub: Clarify what gdb_handlesig() is doing 2018-05-25 10:10:55 +02:00
gen-icount.h tcg: Pass tb and index to tcg_gen_exit_tb separately 2018-06-01 15:15:27 -07:00
helper-gen.h tcg: Allow 6 arguments to TCG helpers 2017-12-29 12:43:40 -08:00
helper-head.h tcg: Fix helper function vs host abi for float16 2018-05-31 14:50:51 +01:00
helper-proto.h tcg: Allow 6 arguments to TCG helpers 2017-12-29 12:43:40 -08:00
helper-tcg.h tcg: Allow 6 arguments to TCG helpers 2017-12-29 12:43:40 -08:00
hwaddr.h
ioport.h
log.h disas: Remove unused flags arguments 2017-10-25 11:55:09 +02:00
memattrs.h memory.h: Move MemTxResult type to memattrs.h 2017-09-04 15:21:54 +01:00
memory_ldst_cached.inc.h exec: reintroduce MemoryRegion caching 2018-05-09 00:13:38 +02:00
memory_ldst_phys.inc.h exec: move memory access declarations to a common header, inline *_phys functions 2018-05-09 00:13:38 +02:00
memory_ldst.inc.h exec: move memory access declarations to a common header, inline *_phys functions 2018-05-09 00:13:38 +02:00
memory-internal.h tcg: remove tb_lock 2018-06-15 08:18:48 -10:00
memory.h memory/hmp: Print owners/parents in "info mtree" 2018-06-28 19:05:36 +02:00
poison.h include/exec/poison: Mark CONFIG_SOFTMMU as poisoned 2017-07-04 14:39:11 +02:00
ram_addr.h move public invalidate APIs out of translate-all.{c,h}, clean up 2018-06-28 19:05:30 +02:00
ramlist.h migration: Poison ramblock loops in migration 2018-06-15 14:40:56 +01:00
semihost.h
softmmu-semi.h
target_page.h
tb-context.h tcg: remove tb_lock 2018-06-15 08:18:48 -10:00
tb-hash-xx.h tcg: define CF_PARALLEL and use it for TB hashing along with CF_COUNT_MASK 2017-10-24 13:53:41 -07:00
tb-hash.h tcg: define CF_PARALLEL and use it for TB hashing along with CF_COUNT_MASK 2017-10-24 13:53:41 -07:00
tb-lookup.h Clean up includes 2018-02-09 05:05:11 +01:00
translator.h translator: merge max_insns into DisasContextBase 2018-05-09 10:12:21 -07:00