[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH_v2 6/9] target-openrisc: Correct memory bounds check
From: |
Sebastian Macke |
Subject: |
[Qemu-devel] [PATCH_v2 6/9] target-openrisc: Correct memory bounds checking for the tlb buffers |
Date: |
Tue, 22 Oct 2013 02:12:42 +0200 |
The mtspr and mfspr routines didn't check for the correct memory boundaries.
This fixes a segmentation fault while booting Linux.
Signed-off-by: Sebastian Macke <address@hidden>
---
target-openrisc/sys_helper.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/target-openrisc/sys_helper.c b/target-openrisc/sys_helper.c
index f116588..be06c45 100644
--- a/target-openrisc/sys_helper.c
+++ b/target-openrisc/sys_helper.c
@@ -81,7 +81,7 @@ void HELPER(mtspr)(CPUOpenRISCState *env,
case TO_SPR(0, 64): /* ESR */
env->esr = rb;
break;
- case TO_SPR(1, 512) ... TO_SPR(1, 639): /* DTLBW0MR 0-127 */
+ case TO_SPR(1, 512) ... TO_SPR(1, 512+DTLB_SIZE-1): /* DTLBW0MR 0-127 */
idx = spr - TO_SPR(1, 512);
if (!(rb & 1)) {
tlb_flush_page(env, env->tlb->dtlb[0][idx].mr & TARGET_PAGE_MASK);
@@ -89,7 +89,7 @@ void HELPER(mtspr)(CPUOpenRISCState *env,
env->tlb->dtlb[0][idx].mr = rb;
break;
- case TO_SPR(1, 640) ... TO_SPR(1, 767): /* DTLBW0TR 0-127 */
+ case TO_SPR(1, 640) ... TO_SPR(1, 640+DTLB_SIZE-1): /* DTLBW0TR 0-127 */
idx = spr - TO_SPR(1, 640);
env->tlb->dtlb[0][idx].tr = rb;
break;
@@ -100,7 +100,7 @@ void HELPER(mtspr)(CPUOpenRISCState *env,
case TO_SPR(1, 1280) ... TO_SPR(1, 1407): /* DTLBW3MR 0-127 */
case TO_SPR(1, 1408) ... TO_SPR(1, 1535): /* DTLBW3TR 0-127 */
break;
- case TO_SPR(2, 512) ... TO_SPR(2, 639): /* ITLBW0MR 0-127 */
+ case TO_SPR(2, 512) ... TO_SPR(2, 512+ITLB_SIZE-1): /* ITLBW0MR 0-127 */
idx = spr - TO_SPR(2, 512);
if (!(rb & 1)) {
tlb_flush_page(env, env->tlb->itlb[0][idx].mr & TARGET_PAGE_MASK);
@@ -108,7 +108,7 @@ void HELPER(mtspr)(CPUOpenRISCState *env,
env->tlb->itlb[0][idx].mr = rb;
break;
- case TO_SPR(2, 640) ... TO_SPR(2, 767): /* ITLBW0TR 0-127 */
+ case TO_SPR(2, 640) ... TO_SPR(2, 640+ITLB_SIZE-1): /* ITLBW0TR 0-127 */
idx = spr - TO_SPR(2, 640);
env->tlb->itlb[0][idx].tr = rb;
break;
@@ -212,11 +212,11 @@ target_ulong HELPER(mfspr)(CPUOpenRISCState *env,
case TO_SPR(0, 64): /* ESR */
return env->esr;
- case TO_SPR(1, 512) ... TO_SPR(1, 639): /* DTLBW0MR 0-127 */
+ case TO_SPR(1, 512) ... TO_SPR(1, 512+DTLB_SIZE-1): /* DTLBW0MR 0-127 */
idx = spr - TO_SPR(1, 512);
return env->tlb->dtlb[0][idx].mr;
- case TO_SPR(1, 640) ... TO_SPR(1, 767): /* DTLBW0TR 0-127 */
+ case TO_SPR(1, 640) ... TO_SPR(1, 640+DTLB_SIZE-1): /* DTLBW0TR 0-127 */
idx = spr - TO_SPR(1, 640);
return env->tlb->dtlb[0][idx].tr;
@@ -228,11 +228,11 @@ target_ulong HELPER(mfspr)(CPUOpenRISCState *env,
case TO_SPR(1, 1408) ... TO_SPR(1, 1535): /* DTLBW3TR 0-127 */
break;
- case TO_SPR(2, 512) ... TO_SPR(2, 639): /* ITLBW0MR 0-127 */
+ case TO_SPR(2, 512) ... TO_SPR(2, 512+ITLB_SIZE-1): /* ITLBW0MR 0-127 */
idx = spr - TO_SPR(2, 512);
return env->tlb->itlb[0][idx].mr;
- case TO_SPR(2, 640) ... TO_SPR(2, 767): /* ITLBW0TR 0-127 */
+ case TO_SPR(2, 640) ... TO_SPR(2, 640+ITLB_SIZE-1): /* ITLBW0TR 0-127 */
idx = spr - TO_SPR(2, 640);
return env->tlb->itlb[0][idx].tr;
--
1.8.4.1
- [Qemu-devel] [PATCH_v2 0/9] target-openrisc: Corrections and speed improvements, Sebastian Macke, 2013/10/21
- [Qemu-devel] [PATCH_v2 1/9] target-openrisc: Speed up move instruction, Sebastian Macke, 2013/10/21
- [Qemu-devel] [PATCH_v2 2/9] target-openrisc: Remove unnecessary code generated by jump instructions, Sebastian Macke, 2013/10/21
- [Qemu-devel] [PATCH_v2 4/9] target-openrisc: Correct wrong epcr register in interrupt handler, Sebastian Macke, 2013/10/21
- [Qemu-devel] [PATCH_v2 3/9] target-openrisc: Remove executable flag for every page, Sebastian Macke, 2013/10/21
- [Qemu-devel] [PATCH_v2 6/9] target-openrisc: Correct memory bounds checking for the tlb buffers,
Sebastian Macke <=
- [Qemu-devel] [PATCH_v2 7/9] target-openrisc: Separate branch flag from Supervision register, Sebastian Macke, 2013/10/21
- [Qemu-devel] [PATCH_v2 5/9] openrisc-timer: Reduce overhead, Separate clock update functions, Sebastian Macke, 2013/10/21
- [Qemu-devel] [PATCH_v2 8/9] target-openrisc: Complete remove of npc and ppc variables, Sebastian Macke, 2013/10/21
- [Qemu-devel] [PATCH_v2 9/9] target-openrisc: Correct carry flag check of l.addc and l.addic test cases, Sebastian Macke, 2013/10/21
- Re: [Qemu-devel] [PATCH_v2 9/9] target-openrisc: Correct carry flagcheck of l.addc and l.addic test casess, Alex Bennée, 2013/10/22
- Re: [Qemu-devel] [PATCH_v2 9/9] target-openrisc: Correct carry flagcheck of l.addc and l.addic test casess, Sebastian Macke, 2013/10/22
- Re: [Qemu-devel] [PATCH_v2 9/9] target-openrisc: Correct carry flagcheck of l.addc and l.addic test casess, Max Filippov, 2013/10/22
- Re: [Qemu-devel] [PATCH_v2 9/9] target-openrisc: Correct carry flagcheck of l.addc and l.addic test casess, Alex Bennée, 2013/10/22
- Re: [Qemu-devel] [PATCH_v2 9/9] target-openrisc: Correct carry flagcheck of l.addc and l.addic test casess, Sebastian Macke, 2013/10/22
- Re: [Qemu-devel] [PATCH_v2 9/9] target-openrisc: Correct carry flagcheck of l.addc and l.addic test casess, Max Filippov, 2013/10/23