On 09/17/2013 03:02 AM, Emmanuel Blot wrote: > There is a piece of code I'm not sure to understand, in > get_page_addr_code(CPUArchState *env1, target_ulong addr) > > … > if (unlikely(env1->tlb_table[mmu_idx][page_index].addr_code != > (addr & TARGET_PAGE_MASK))) { > cpu_ldub_code(env1, addr); > } > pd = env1->iotlb[mmu_idx][page_index] & ~TARGET_PAGE_MASK; > mr = iotlb_to_region(pd); > if (memory_region_is_unassigned(mr)) > … > > cpu_ldub_code() leads to call io_mem_read() which may trigger a > unassigned_mem_read(). > In this case, the invalid mem access is always considered as a data > access, whereas it is an execution access if I'm not mistaken. > > In other words, before > get_page_addr_code:memory_region_is_unassigned() is tested and > get_page_addr_code:do_unassigned_access() gets a "chance" to be called > as an "instruction" invalid access, another unsigned access is > triggered with a "data" invalid access. > > Did I miss something here?
No miss. That cpu_ldub_code ought to be just a straight tlb fill, rather than a read with discarded result. E.g. the tlb_fill(env, addr, READ_ACCESS_TYPE, mmu_idx, retaddr); line from exec/softmmu_template.h. r~