On Sat, Jun 30, 2018 at 12:20 PM, Max Filippov <[email protected]> wrote: > Hi Peter, > > On Wed, Jun 20, 2018 at 6:06 AM, Peter Maydell <[email protected]> > wrote: >> Add support for MMU protection regions that are smaller than >> TARGET_PAGE_SIZE. We do this by marking the TLB entry for those >> pages with a flag TLB_RECHECK. This flag causes us to always >> take the slow-path for accesses. In the slow path we can then >> special case them to always call tlb_fill() again, so we have >> the correct information for the exact address being accessed. >> >> This change allows us to handle reading and writing from small >> regions; we cannot deal with execution from the small region. >> >> Signed-off-by: Peter Maydell <[email protected]> >> --- >> accel/tcg/softmmu_template.h | 24 ++++--- >> include/exec/cpu-all.h | 5 +- >> accel/tcg/cputlb.c | 131 +++++++++++++++++++++++++++++------ >> 3 files changed, 130 insertions(+), 30 deletions(-) > > I'm observing the following failure with xtensa tests: > > (qemu) qemu: fatal: Unable to handle guest executing from RAM within a > small MPU region at 0xd0000804 > > Bisection points to this patch. Any idea what happened?
Ok, I think I've found the issue: the following check in the get_page_addr_code does not work correctly when -1 is in the addr_code in the QEMU TLB: if (unlikely(env->tlb_table[mmu_idx][index].addr_code & TLB_RECHECK)) tlb_set_page_with_attrs sets addr_code to -1 in the TLB entry when the translation is not executable. -- Thanks. -- Max
