On Mon, 3 Feb 2020 17:11:22 +1100
David Gibson <da...@gibson.dropbear.id.au> wrote:
> From: Richard Henderson <richard.hender...@linaro.org>
>
> Using probe_write instead of tlb_vaddr_to_host means that we
> process watchpoints and notdirty pages more efficiently.
>
> Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
> Message-Id: <20200129235040.24022-5-richard.hender...@linaro.org>
> Tested-by: Howard Spoelstra <hsp.c...@gmail.com>
> Signed-off-by: David Gibson <da...@gibson.dropbear.id.au>
> ---
> target/ppc/mem_helper.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
> index 0cb78777e7..98f589552b 100644
> --- a/target/ppc/mem_helper.c
> +++ b/target/ppc/mem_helper.c
> @@ -298,7 +298,7 @@ static void dcbz_common(CPUPPCState *env, target_ulong
> addr,
> }
>
> /* Try fast path translate */
> - haddr = tlb_vaddr_to_host(env, addr, MMU_DATA_STORE, mmu_idx);
> + haddr = probe_write(env, addr, dcbz_size, mmu_idx, retaddr);
Hi Richard,
This one is making coverity unhappy.
** CID 1419390: Memory - corruptions (OVERRUN)
______________________________________________________________________________________________________
*** CID 1419390: Memory - corruptions (OVERRUN)
/target/ppc/mem_helper.c: 301 in dcbz_common()
295 /* Check reservation */
296 if ((env->reserve_addr & mask) == addr) {
297 env->reserve_addr = (target_ulong)-1ULL;
298 }
299
300 /* Try fast path translate */
>>> CID 1419390: Memory - corruptions (OVERRUN)
>>> Overrunning callee's array of size 9 by passing argument "mmu_idx"
>>> (which evaluates to 9) in call to "probe_write".
301 haddr = probe_write(env, addr, dcbz_size, mmu_idx, retaddr);
302 if (haddr) {
303 memset(haddr, 0, dcbz_size);
304 } else {
305 /* Slow path */
306 for (i = 0; i < dcbz_size; i += 8) {
Can you have a look ?
Cheers,
--
Greg
> if (haddr) {
> memset(haddr, 0, dcbz_size);
> } else {
