When running 31-bit code we can potentially map the same virtual
address twice - once as 0x0yyyyyyy and once as 0x8yyyyyyy, because
the upper bit gets ignored.
This also should be reflected in the tlb invalidation path, so we
really invalidate also the transparently created tlb entries.
Signed-off-by: Alexander Graf <ag...@suse.de>
---
target-s390x/op_helper.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/target-s390x/op_helper.c b/target-s390x/op_helper.c
index 1db6f5e..245fb2c 100644
--- a/target-s390x/op_helper.c
+++ b/target-s390x/op_helper.c
@@ -2949,6 +2949,13 @@ void HELPER(ipte)(uint64_t pte_addr, uint64_t vaddr)
/* XXX we exploit the fact that Linux passes the exact virtual
address here - it's not obliged to! */
tlb_flush_page(env, page);
+
+ /* XXX 31-bit hack */
+ if (page & 0x80000000) {
+ tlb_flush_page(env, page & ~0x80000000);
+ } else {
+ tlb_flush_page(env, page | 0x80000000);
+ }
}
/* flush local tlb */
--
1.6.0.2
