cpu_mips_get_random() function is used to generate a random index from
CP0.Wired to TLBSize-1 range. Current implementation avoids generating
the same as before value, hence the while loop. If the guest sets
CP0.Wired to TLBSize-1 (which actually does not sound to be very
practical) QEMU will get stuck in the loop infinitely as we always
generate the same index.
Signed-off-by: Leon Alrae <leon.al...@imgtec.com>
---
hw/mips/cputimer.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/hw/mips/cputimer.c b/hw/mips/cputimer.c
index 577c9ae..c55d102 100644
--- a/hw/mips/cputimer.c
+++ b/hw/mips/cputimer.c
@@ -33,10 +33,16 @@ uint32_t cpu_mips_get_random (CPUMIPSState *env)
static uint32_t lfsr = 1;
static uint32_t prev_idx = 0;
uint32_t idx;
+ uint32_t nb_rand_tlb = env->tlb->nb_tlb - env->CP0_Wired;
+
+ if (nb_rand_tlb == 1) {
+ return env->tlb->nb_tlb - 1;
+ }
+
/* Don't return same value twice, so get another value */
do {
lfsr = (lfsr >> 1) ^ (-(lfsr & 1u) & 0xd0000001u);
- idx = lfsr % (env->tlb->nb_tlb - env->CP0_Wired) + env->CP0_Wired;
+ idx = lfsr % nb_rand_tlb + env->CP0_Wired;
} while (idx == prev_idx);
prev_idx = idx;
return idx;
--
2.1.0
