Re: [PULL 34/35] target/ppc: Use probe_write for DCBZ

Wed, 12 Feb 2020 14:37:14 -0800 

On 2/12/20 10:48 AM, Greg Kurz wrote:
> On Mon,  3 Feb 2020 17:11:22 +1100
> David Gibson <da...@gibson.dropbear.id.au> wrote:
> 
>> From: Richard Henderson <richard.hender...@linaro.org>
>>
>> Using probe_write instead of tlb_vaddr_to_host means that we
>> process watchpoints and notdirty pages more efficiently.
>>
>> Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
>> Message-Id: <20200129235040.24022-5-richard.hender...@linaro.org>
>> Tested-by: Howard Spoelstra <hsp.c...@gmail.com>
>> Signed-off-by: David Gibson <da...@gibson.dropbear.id.au>
>> ---
>>  target/ppc/mem_helper.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
>> index 0cb78777e7..98f589552b 100644
>> --- a/target/ppc/mem_helper.c
>> +++ b/target/ppc/mem_helper.c
>> @@ -298,7 +298,7 @@ static void dcbz_common(CPUPPCState *env, target_ulong 
>> addr,
>>      }
>>  
>>      /* Try fast path translate */
>> -    haddr = tlb_vaddr_to_host(env, addr, MMU_DATA_STORE, mmu_idx);
>> +    haddr = probe_write(env, addr, dcbz_size, mmu_idx, retaddr);
> 
> Hi Richard,
> 
> This one is making coverity unhappy.
> 
> 
> ** CID 1419390:  Memory - corruptions  (OVERRUN)
> 
> 
> ______________________________________________________________________________________________________
> *** CID 1419390:  Memory - corruptions  (OVERRUN)
> /target/ppc/mem_helper.c: 301 in dcbz_common()
> 295         /* Check reservation */
> 296         if ((env->reserve_addr & mask) == addr)  {
> 297             env->reserve_addr = (target_ulong)-1ULL;
> 298         }
> 299     
> 300         /* Try fast path translate */
>>>>     CID 1419390:  Memory - corruptions  (OVERRUN)
>>>>     Overrunning callee's array of size 9 by passing argument "mmu_idx" 
>>>> (which evaluates to 9) in call to "probe_write".  
> 301         haddr = probe_write(env, addr, dcbz_size, mmu_idx, retaddr);
> 302         if (haddr) {
> 303             memset(haddr, 0, dcbz_size);
> 304         } else {
> 305             /* Slow path */
> 306             for (i = 0; i < dcbz_size; i += 8) {
> 
> 
> Can you have a look ?

That's a bit of a mystery, given

#define NB_MMU_MODES 10

So I wonder what array is supposed to be of size 9...

Ho hum.  False positive.  Expanding everything in the coverity gui shows it's
taking the definition from target/xtensa/cpu-param.h.


r~

Reply via email to