On 10/22/25 06:52, Nikita Novikov wrote:
Recent debugging of misaligned access handling on RISC-V revealed that we always call `tlb_fill` with `memop_size == 0`. This behavior effectively disables natural alignment checks in `riscv_tlb_fill_align()`, because we have to fall back from `memop_size` to `size` when computing the alignment bits.With `memop_size == 0`, misaligned cross-page stores end up reported as `store access fault` (AF, cause=7) instead of the expected `store page fault` (PF, cause=15), since the “misalign” path triggers before the second page translation can fault. This breaks misaligned accesses at page boundaries. After switching to pass the real `l->memop` into `tlb_fill`, the cross-page faults are no longer mis-classified as AF. Fixes: ec03dd972378 ("accel/tcg: Hoist first page lookup above pointer_wrap") Signed-off-by: Nikita Novikov <[email protected]> --- accel/tcg/cputlb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c index 631f1fe135..271c061be1 100644 --- a/accel/tcg/cputlb.c +++ b/accel/tcg/cputlb.c @@ -1782,7 +1782,7 @@ static bool mmu_lookup(CPUState *cpu, vaddr addr, MemOpIdx oi, * If the lookup potentially resized the table, refresh the * first CPUTLBEntryFull pointer. */ - if (mmu_lookup1(cpu, &l->page[1], 0, l->mmu_idx, type, ra)) { + if (mmu_lookup1(cpu, &l->page[1], l->memop, l->mmu_idx, type, ra)) { uintptr_t index = tlb_index(cpu, l->mmu_idx, addr); l->page[0].full = &cpu->neg.tlb.d[l->mmu_idx].fulltlb[index]; }
How is the memop really applicable to the second half of a split-page operation? r~
