On Wed, 2016-08-03 at 19:50 +1000, Benjamin Herrenschmidt wrote: > > > I'm confused. Is this just swapping the order of the operands to > > '+'? > > I wouldn't expect that to make any difference because typecast has > > higher precedence than '+'... > > The typecast to target_ulong which is 32-bits :-)
But you are right, this isn't the breakage. Patch 1/2 is sufficient to fix it, though I didn't realize it at first. "vaddr" is actually a typedef, so the whole tlb_vaddr_to_host() turned into a cast of guest_base to vaddr... The g2h part was just me being tired. It's true though that target_ulong is going to be 32-bits which I don't like but type promotion makes it work. So drop that patch and stick to patch 1/2 which is the real fix. As to why you don't hit the bug on ARM, well, maybe you don't many helpers using tlb_vaddr_to_host ? Also address randomization makes things hit or miss here ... Cheers, Ben.
