Re: [PULL 34/35] target/ppc: Use probe_write for DCBZ
On 2/12/20 10:48 AM, Greg Kurz wrote:
> On Mon, 3 Feb 2020 17:11:22 +1100
> David Gibson wrote:
>
>> From: Richard Henderson
>>
>> Using probe_write instead of tlb_vaddr_to_host means that we
>> process watchpoints and notdirty pages more efficiently.
>>
>> Signed-off-by: Richard Henderson
>> Message-Id: <20200129235040.24022-5-richard.hender...@linaro.org>
>> Tested-by: Howard Spoelstra
>> Signed-off-by: David Gibson
>> ---
>> target/ppc/mem_helper.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
>> index 0cb78777e7..98f589552b 100644
>> --- a/target/ppc/mem_helper.c
>> +++ b/target/ppc/mem_helper.c
>> @@ -298,7 +298,7 @@ static void dcbz_common(CPUPPCState *env, target_ulong
>> addr,
>> }
>>
>> /* Try fast path translate */
>> -haddr = tlb_vaddr_to_host(env, addr, MMU_DATA_STORE, mmu_idx);
>> +haddr = probe_write(env, addr, dcbz_size, mmu_idx, retaddr);
>
> Hi Richard,
>
> This one is making coverity unhappy.
>
>
> ** CID 1419390: Memory - corruptions (OVERRUN)
>
>
> __
> *** CID 1419390: Memory - corruptions (OVERRUN)
> /target/ppc/mem_helper.c: 301 in dcbz_common()
> 295 /* Check reservation */
> 296 if ((env->reserve_addr & mask) == addr) {
> 297 env->reserve_addr = (target_ulong)-1ULL;
> 298 }
> 299
> 300 /* Try fast path translate */
CID 1419390: Memory - corruptions (OVERRUN)
Overrunning callee's array of size 9 by passing argument "mmu_idx"
(which evaluates to 9) in call to "probe_write".
> 301 haddr = probe_write(env, addr, dcbz_size, mmu_idx, retaddr);
> 302 if (haddr) {
> 303 memset(haddr, 0, dcbz_size);
> 304 } else {
> 305 /* Slow path */
> 306 for (i = 0; i < dcbz_size; i += 8) {
>
>
> Can you have a look ?
That's a bit of a mystery, given
#define NB_MMU_MODES 10
So I wonder what array is supposed to be of size 9...
Ho hum. False positive. Expanding everything in the coverity gui shows it's
taking the definition from target/xtensa/cpu-param.h.
r~
Re: [PULL 34/35] target/ppc: Use probe_write for DCBZ
On Mon, 3 Feb 2020 17:11:22 +1100
David Gibson wrote:
> From: Richard Henderson
>
> Using probe_write instead of tlb_vaddr_to_host means that we
> process watchpoints and notdirty pages more efficiently.
>
> Signed-off-by: Richard Henderson
> Message-Id: <20200129235040.24022-5-richard.hender...@linaro.org>
> Tested-by: Howard Spoelstra
> Signed-off-by: David Gibson
> ---
> target/ppc/mem_helper.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
> index 0cb78777e7..98f589552b 100644
> --- a/target/ppc/mem_helper.c
> +++ b/target/ppc/mem_helper.c
> @@ -298,7 +298,7 @@ static void dcbz_common(CPUPPCState *env, target_ulong
> addr,
> }
>
> /* Try fast path translate */
> -haddr = tlb_vaddr_to_host(env, addr, MMU_DATA_STORE, mmu_idx);
> +haddr = probe_write(env, addr, dcbz_size, mmu_idx, retaddr);
Hi Richard,
This one is making coverity unhappy.
** CID 1419390: Memory - corruptions (OVERRUN)
__
*** CID 1419390: Memory - corruptions (OVERRUN)
/target/ppc/mem_helper.c: 301 in dcbz_common()
295 /* Check reservation */
296 if ((env->reserve_addr & mask) == addr) {
297 env->reserve_addr = (target_ulong)-1ULL;
298 }
299
300 /* Try fast path translate */
>>> CID 1419390: Memory - corruptions (OVERRUN)
>>> Overrunning callee's array of size 9 by passing argument "mmu_idx"
>>> (which evaluates to 9) in call to "probe_write".
301 haddr = probe_write(env, addr, dcbz_size, mmu_idx, retaddr);
302 if (haddr) {
303 memset(haddr, 0, dcbz_size);
304 } else {
305 /* Slow path */
306 for (i = 0; i < dcbz_size; i += 8) {
Can you have a look ?
Cheers,
--
Greg
> if (haddr) {
> memset(haddr, 0, dcbz_size);
> } else {
[PULL 34/35] target/ppc: Use probe_write for DCBZ
From: Richard Henderson
Using probe_write instead of tlb_vaddr_to_host means that we
process watchpoints and notdirty pages more efficiently.
Signed-off-by: Richard Henderson
Message-Id: <20200129235040.24022-5-richard.hender...@linaro.org>
Tested-by: Howard Spoelstra
Signed-off-by: David Gibson
---
target/ppc/mem_helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
index 0cb78777e7..98f589552b 100644
--- a/target/ppc/mem_helper.c
+++ b/target/ppc/mem_helper.c
@@ -298,7 +298,7 @@ static void dcbz_common(CPUPPCState *env, target_ulong addr,
}
/* Try fast path translate */
-haddr = tlb_vaddr_to_host(env, addr, MMU_DATA_STORE, mmu_idx);
+haddr = probe_write(env, addr, dcbz_size, mmu_idx, retaddr);
if (haddr) {
memset(haddr, 0, dcbz_size);
} else {
--
2.24.1
