Paolo Bonzini <[email protected]> writes:
> Il 07/03/2014 00:34, Alexander Graf ha scritto:
>> @@ -105,30 +106,37 @@ static target_ulong h_enter(PowerPCCPU *cpu,
>> sPAPREnvironment *spapr,
>> if (!valid_pte_index(env, pte_index)) {
>> return H_PARAMETER;
>> }
>> +
>> + index = 0;
>> + hpte = pte_index * HASH_PTE_SIZE_64;
>> if (likely((flags & H_EXACT) == 0)) {
>> pte_index &= ~7ULL;
>> - hpte = pte_index * HASH_PTE_SIZE_64;
>> - for (i = 0; ; ++i) {
>> - if (i == 8) {
>> + token = ppc_hash64_start_access(cpu, pte_index);
>> + do {
>> + if (index == 8) {
>> + ppc_hash64_stop_access(token);
>> return H_PTEG_FULL;
>> }
>> - if ((ppc_hash64_load_hpte0(env, hpte) & HPTE64_V_VALID) == 0) {
>> + if ((ppc_hash64_load_hpte0(env, token, index) & HPTE64_V_VALID)
>> == 0) {
>> break;
>> }
>> - hpte += HASH_PTE_SIZE_64;
>> - }
>> + } while (index++);
>> + ppc_hash64_stop_access(token);
>
> I'm afraid you have a bug here, as spotted by Coverity. The do...while
> loop only loops once. I'm not sure what you meant, could you rewrite it
> with a "for (index = 0; index < 8; i++)" instead?
good find. how about
diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index e999bbaea062..e079be050fc7 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -118,7 +118,8 @@ static target_ulong h_enter(PowerPCCPU *cpu,
sPAPREnvironment *spapr,
if ((ppc_hash64_load_hpte0(env, token, index) & HPTE64_V_VALID) ==
0) {
break;
}
- } while (index++);
+ index++;
+ } while (1);
ppc_hash64_stop_access(token);
} else {
token = ppc_hash64_start_access(cpu, pte_index);
-aneesh
