Check for TLB invalidation after read callback(s). (#1122)

* Adding regression test for issue where writing memory into a read only segment during a access callback fails. * Check for TLB invalidation when calling read callbacks; Writes to read-only memory by the callback cause a TLB flush which requires a re-read of the TLB.
2019-08-22 02:54:24 -07:00
parent 8f0f77233d
commit bc572be472
2 changed files with 38 additions and 2 deletions
--- a/qemu/softmmu_template.h
+++ b/qemu/softmmu_template.h
@@ -289,8 +289,11 @@ WORD_TYPE helper_le_ld_name(CPUArchState *env, target_ulong addr, int mmu_idx,
    retaddr -= GETPC_ADJ;

    /* If the TLB entry is for a different page, reload and try again.  */
+    /* If the TLB entry addend is invalidated by any callbacks (perhaps due to
+       a TLB flush), reload and try again.  */
    if ((addr & TARGET_PAGE_MASK)
-         != (tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
+         != (tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK))
+         || env->tlb_table[mmu_idx][index].addend == -1) {
 #ifdef ALIGNED_ONLY
        if ((addr & (DATA_SIZE - 1)) != 0) {
            //cpu_unaligned_access(ENV_GET_CPU(env), addr, READ_ACCESS_TYPE,
@@ -517,8 +520,11 @@ WORD_TYPE helper_be_ld_name(CPUArchState *env, target_ulong addr, int mmu_idx,
    retaddr -= GETPC_ADJ;

    /* If the TLB entry is for a different page, reload and try again.  */
+    /* If the TLB entry addend is invalidated by any callbacks (perhaps due to
+       a TLB flush), reload and try again.  */
    if ((addr & TARGET_PAGE_MASK)
-         != (tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
+         != (tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK))
+         || env->tlb_table[mmu_idx][index].addend == -1) {
 #ifdef ALIGNED_ONLY
        if ((addr & (DATA_SIZE - 1)) != 0) {
            //cpu_unaligned_access(ENV_GET_CPU(env), addr, READ_ACCESS_TYPE,