Re: [PULL 34/35] target/ppc: Use probe_write for DCBZ
On 2/12/20 10:48 AM, Greg Kurz wrote: > On Mon, 3 Feb 2020 17:11:22 +1100 > David Gibson wrote: > >> From: Richard Henderson >> >> Using probe_write instead of tlb_vaddr_to_host means that we >> process watchpoints and notdirty pages more efficiently. >> >> Signed-off-by: Richard Henderson >> Message-Id: <20200129235040.24022-5-richard.hender...@linaro.org> >> Tested-by: Howard Spoelstra >> Signed-off-by: David Gibson >> --- >> target/ppc/mem_helper.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c >> index 0cb78777e7..98f589552b 100644 >> --- a/target/ppc/mem_helper.c >> +++ b/target/ppc/mem_helper.c >> @@ -298,7 +298,7 @@ static void dcbz_common(CPUPPCState *env, target_ulong >> addr, >> } >> >> /* Try fast path translate */ >> -haddr = tlb_vaddr_to_host(env, addr, MMU_DATA_STORE, mmu_idx); >> +haddr = probe_write(env, addr, dcbz_size, mmu_idx, retaddr); > > Hi Richard, > > This one is making coverity unhappy. > > > ** CID 1419390: Memory - corruptions (OVERRUN) > > > __ > *** CID 1419390: Memory - corruptions (OVERRUN) > /target/ppc/mem_helper.c: 301 in dcbz_common() > 295 /* Check reservation */ > 296 if ((env->reserve_addr & mask) == addr) { > 297 env->reserve_addr = (target_ulong)-1ULL; > 298 } > 299 > 300 /* Try fast path translate */ CID 1419390: Memory - corruptions (OVERRUN) Overrunning callee's array of size 9 by passing argument "mmu_idx" (which evaluates to 9) in call to "probe_write". > 301 haddr = probe_write(env, addr, dcbz_size, mmu_idx, retaddr); > 302 if (haddr) { > 303 memset(haddr, 0, dcbz_size); > 304 } else { > 305 /* Slow path */ > 306 for (i = 0; i < dcbz_size; i += 8) { > > > Can you have a look ? That's a bit of a mystery, given #define NB_MMU_MODES 10 So I wonder what array is supposed to be of size 9... Ho hum. False positive. Expanding everything in the coverity gui shows it's taking the definition from target/xtensa/cpu-param.h. r~
Re: [PULL 34/35] target/ppc: Use probe_write for DCBZ
On Mon, 3 Feb 2020 17:11:22 +1100 David Gibson wrote: > From: Richard Henderson > > Using probe_write instead of tlb_vaddr_to_host means that we > process watchpoints and notdirty pages more efficiently. > > Signed-off-by: Richard Henderson > Message-Id: <20200129235040.24022-5-richard.hender...@linaro.org> > Tested-by: Howard Spoelstra > Signed-off-by: David Gibson > --- > target/ppc/mem_helper.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c > index 0cb78777e7..98f589552b 100644 > --- a/target/ppc/mem_helper.c > +++ b/target/ppc/mem_helper.c > @@ -298,7 +298,7 @@ static void dcbz_common(CPUPPCState *env, target_ulong > addr, > } > > /* Try fast path translate */ > -haddr = tlb_vaddr_to_host(env, addr, MMU_DATA_STORE, mmu_idx); > +haddr = probe_write(env, addr, dcbz_size, mmu_idx, retaddr); Hi Richard, This one is making coverity unhappy. ** CID 1419390: Memory - corruptions (OVERRUN) __ *** CID 1419390: Memory - corruptions (OVERRUN) /target/ppc/mem_helper.c: 301 in dcbz_common() 295 /* Check reservation */ 296 if ((env->reserve_addr & mask) == addr) { 297 env->reserve_addr = (target_ulong)-1ULL; 298 } 299 300 /* Try fast path translate */ >>> CID 1419390: Memory - corruptions (OVERRUN) >>> Overrunning callee's array of size 9 by passing argument "mmu_idx" >>> (which evaluates to 9) in call to "probe_write". 301 haddr = probe_write(env, addr, dcbz_size, mmu_idx, retaddr); 302 if (haddr) { 303 memset(haddr, 0, dcbz_size); 304 } else { 305 /* Slow path */ 306 for (i = 0; i < dcbz_size; i += 8) { Can you have a look ? Cheers, -- Greg > if (haddr) { > memset(haddr, 0, dcbz_size); > } else {
[PULL 34/35] target/ppc: Use probe_write for DCBZ
From: Richard Henderson Using probe_write instead of tlb_vaddr_to_host means that we process watchpoints and notdirty pages more efficiently. Signed-off-by: Richard Henderson Message-Id: <20200129235040.24022-5-richard.hender...@linaro.org> Tested-by: Howard Spoelstra Signed-off-by: David Gibson --- target/ppc/mem_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c index 0cb78777e7..98f589552b 100644 --- a/target/ppc/mem_helper.c +++ b/target/ppc/mem_helper.c @@ -298,7 +298,7 @@ static void dcbz_common(CPUPPCState *env, target_ulong addr, } /* Try fast path translate */ -haddr = tlb_vaddr_to_host(env, addr, MMU_DATA_STORE, mmu_idx); +haddr = probe_write(env, addr, dcbz_size, mmu_idx, retaddr); if (haddr) { memset(haddr, 0, dcbz_size); } else { -- 2.24.1