[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PULL 34/35] target/ppc: Use probe_write for DCBZ
|
From: |
Richard Henderson |
|
Subject: |
Re: [PULL 34/35] target/ppc: Use probe_write for DCBZ |
|
Date: |
Wed, 12 Feb 2020 14:36:58 -0800 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 |
On 2/12/20 10:48 AM, Greg Kurz wrote:
> On Mon, 3 Feb 2020 17:11:22 +1100
> David Gibson <address@hidden> wrote:
>
>> From: Richard Henderson <address@hidden>
>>
>> Using probe_write instead of tlb_vaddr_to_host means that we
>> process watchpoints and notdirty pages more efficiently.
>>
>> Signed-off-by: Richard Henderson <address@hidden>
>> Message-Id: <address@hidden>
>> Tested-by: Howard Spoelstra <address@hidden>
>> Signed-off-by: David Gibson <address@hidden>
>> ---
>> target/ppc/mem_helper.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
>> index 0cb78777e7..98f589552b 100644
>> --- a/target/ppc/mem_helper.c
>> +++ b/target/ppc/mem_helper.c
>> @@ -298,7 +298,7 @@ static void dcbz_common(CPUPPCState *env, target_ulong
>> addr,
>> }
>>
>> /* Try fast path translate */
>> - haddr = tlb_vaddr_to_host(env, addr, MMU_DATA_STORE, mmu_idx);
>> + haddr = probe_write(env, addr, dcbz_size, mmu_idx, retaddr);
>
> Hi Richard,
>
> This one is making coverity unhappy.
>
>
> ** CID 1419390: Memory - corruptions (OVERRUN)
>
>
> ______________________________________________________________________________________________________
> *** CID 1419390: Memory - corruptions (OVERRUN)
> /target/ppc/mem_helper.c: 301 in dcbz_common()
> 295 /* Check reservation */
> 296 if ((env->reserve_addr & mask) == addr) {
> 297 env->reserve_addr = (target_ulong)-1ULL;
> 298 }
> 299
> 300 /* Try fast path translate */
>>>> CID 1419390: Memory - corruptions (OVERRUN)
>>>> Overrunning callee's array of size 9 by passing argument "mmu_idx"
>>>> (which evaluates to 9) in call to "probe_write".
> 301 haddr = probe_write(env, addr, dcbz_size, mmu_idx, retaddr);
> 302 if (haddr) {
> 303 memset(haddr, 0, dcbz_size);
> 304 } else {
> 305 /* Slow path */
> 306 for (i = 0; i < dcbz_size; i += 8) {
>
>
> Can you have a look ?
That's a bit of a mystery, given
#define NB_MMU_MODES 10
So I wonder what array is supposed to be of size 9...
Ho hum. False positive. Expanding everything in the coverity gui shows it's
taking the definition from target/xtensa/cpu-param.h.
r~
- [PULL 23/35] target/ppc/cpu.h: Put macro parameter in parentheses, (continued)
- [PULL 23/35] target/ppc/cpu.h: Put macro parameter in parentheses, David Gibson, 2020/02/03
- [PULL 21/35] ppc/pnv: change the PowerNV machine devices to be non user creatable, David Gibson, 2020/02/03
- [PULL 24/35] Wrapper function to wait on condition for the main loop mutex, David Gibson, 2020/02/03
- [PULL 27/35] target/ppc: Build rtas error log upon an MCE, David Gibson, 2020/02/03
- [PULL 30/35] ppc: spapr: Activate the FWNMI functionality, David Gibson, 2020/02/03
- [PULL 32/35] target/ppc: Use probe_access for LMW, STMW, David Gibson, 2020/02/03
- [PULL 26/35] target/ppc: Handle NMI guest exit, David Gibson, 2020/02/03
- [PULL 29/35] migration: Include migration support for machine check handling, David Gibson, 2020/02/03
- [PULL 34/35] target/ppc: Use probe_write for DCBZ, David Gibson, 2020/02/03
- [PULL 35/35] tests: Silence various warnings with pseries, David Gibson, 2020/02/03
- [PULL 28/35] ppc: spapr: Handle "ibm, nmi-register" and "ibm, nmi-interlock" RTAS calls, David Gibson, 2020/02/03
- [PULL 19/35] ppc/pnv: Add models for POWER9 PHB4 PCIe Host bridge, David Gibson, 2020/02/03
[PULL 31/35] target/ppc: Use probe_access for LSW, STSW, David Gibson, 2020/02/03
[PULL 33/35] target/ppc: Remove redundant mask in DCBZ, David Gibson, 2020/02/03