PC alignment faults have priority over instruction aborts and we have code to deal with this in the translation front-ends. However during tb_lookup we can see a potentially faulting probe which doesn't get a MemOp set. If the page isn't available this results in EC_INSNABORT (0x20) instead of EC_PCALIGNMENT (0x22).
As there is no easy way to set the appropriate MemOp in the instruction fetch probe path lets just detect it in arm_cpu_tlb_fill_align() and set memop appropriately. Fixes: https://gitlab.com/qemu-project/qemu/-/issues/3233 Signed-off-by: Alex Bennée <[email protected]> --- target/arm/tcg/tlb_helper.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/target/arm/tcg/tlb_helper.c b/target/arm/tcg/tlb_helper.c index f1983a5732e..78c85cb3306 100644 --- a/target/arm/tcg/tlb_helper.c +++ b/target/arm/tcg/tlb_helper.c @@ -345,6 +345,17 @@ bool arm_cpu_tlb_fill_align(CPUState *cs, CPUTLBEntryFull *out, vaddr address, fi = memset(&local_fi, 0, sizeof(local_fi)); } + /* + * PC alignment faults should be dealt with at translation time + * but we also need to make sure other faults don't preempt them + * while being probed. + */ + if (access_type == MMU_INST_FETCH && !cpu->env.thumb) { + /* probe sets memop to 0 */ + g_assert(!memop); + memop |= MO_ALIGN_4; + } + /* * Per R_XCHFJ, alignment fault not due to memory type has * highest precedence. Otherwise, walk the page table and -- 2.47.3
