Re: [PATCH] accel/tcg: Pass actual memop_size to tlb_fill instead of 0

Wed, 22 Oct 2025 21:50:59 -0700 

On Wed, Oct 22, 2025 at 10:32:31AM -0500, Richard Henderson wrote:
> On 10/22/25 06:52, Nikita Novikov wrote:
> > Recent debugging of misaligned access handling on RISC-V revealed that we
> > always call `tlb_fill` with `memop_size == 0`. This behavior effectively
> > disables natural alignment checks in `riscv_tlb_fill_align()`, because we
> > have to fall back from `memop_size` to `size` when computing the alignment 
> > bits.
> > 
> > With `memop_size == 0`, misaligned cross-page stores end up reported as
> > `store access fault` (AF, cause=7) instead of the expected
> > `store page fault` (PF, cause=15), since the “misalign” path triggers before
> > the second page translation can fault. This breaks misaligned accesses at
> > page boundaries.
> > 
> > After switching to pass the real `l->memop` into `tlb_fill`, the cross-page
> > faults are no longer mis-classified as AF.
> > 
> > Fixes: ec03dd972378 ("accel/tcg: Hoist first page lookup above 
> > pointer_wrap")
> > 
> > Signed-off-by: Nikita Novikov <[email protected]>
> > ---
> >   accel/tcg/cputlb.c | 2 +-
> >   1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
> > index 631f1fe135..271c061be1 100644
> > --- a/accel/tcg/cputlb.c
> > +++ b/accel/tcg/cputlb.c
> > @@ -1782,7 +1782,7 @@ static bool mmu_lookup(CPUState *cpu, vaddr addr, 
> > MemOpIdx oi,
> >            * If the lookup potentially resized the table, refresh the
> >            * first CPUTLBEntryFull pointer.
> >            */
> > -        if (mmu_lookup1(cpu, &l->page[1], 0, l->mmu_idx, type, ra)) {
> > +        if (mmu_lookup1(cpu, &l->page[1], l->memop, l->mmu_idx, type, ra)) 
> > {
> >               uintptr_t index = tlb_index(cpu, l->mmu_idx, addr);
> >               l->page[0].full = &cpu->neg.tlb.d[l->mmu_idx].fulltlb[index];
> >           }
> 
> How is the memop really applicable to the second half of a split-page 
> operation?
> 
Because the second half is still part of the same guest memory operation. It 
must obey
the same size, alignment, and atomicity rules. Passing the real memop ensures 
correct
alignment and atomic checks even if the access crosses a page boundary.
> 
> r~
>

Reply via email to