Paolo Bonzini <pbonz...@redhat.com> writes: > Il 07/03/2014 00:34, Alexander Graf ha scritto: >> @@ -105,30 +106,37 @@ static target_ulong h_enter(PowerPCCPU *cpu, >> sPAPREnvironment *spapr, >> if (!valid_pte_index(env, pte_index)) { >> return H_PARAMETER; >> } >> + >> + index = 0; >> + hpte = pte_index * HASH_PTE_SIZE_64; >> if (likely((flags & H_EXACT) == 0)) { >> pte_index &= ~7ULL; >> - hpte = pte_index * HASH_PTE_SIZE_64; >> - for (i = 0; ; ++i) { >> - if (i == 8) { >> + token = ppc_hash64_start_access(cpu, pte_index); >> + do { >> + if (index == 8) { >> + ppc_hash64_stop_access(token); >> return H_PTEG_FULL; >> } >> - if ((ppc_hash64_load_hpte0(env, hpte) & HPTE64_V_VALID) == 0) { >> + if ((ppc_hash64_load_hpte0(env, token, index) & HPTE64_V_VALID) >> == 0) { >> break; >> } >> - hpte += HASH_PTE_SIZE_64; >> - } >> + } while (index++); >> + ppc_hash64_stop_access(token); > > I'm afraid you have a bug here, as spotted by Coverity. The do...while > loop only loops once. I'm not sure what you meant, could you rewrite it > with a "for (index = 0; index < 8; i++)" instead?
good find. how about diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c index e999bbaea062..e079be050fc7 100644 --- a/hw/ppc/spapr_hcall.c +++ b/hw/ppc/spapr_hcall.c @@ -118,7 +118,8 @@ static target_ulong h_enter(PowerPCCPU *cpu, sPAPREnvironment *spapr, if ((ppc_hash64_load_hpte0(env, token, index) & HPTE64_V_VALID) == 0) { break; } - } while (index++); + index++; + } while (1); ppc_hash64_stop_access(token); } else { token = ppc_hash64_start_access(cpu, pte_index); -aneesh