Assume the following sequence:
pitlbe r0(sr0,r0)
iitlba r4,(sr0,r0)
ldil L%3000000,r5
iitlbp r5,(sr0,r0)
This will purge the whole TLB and add an entry for page 0. However
the current TLB implementation in helper_iitlba() will store to
the last empty TLB entry, while helper_iitlbp() will write to the
first empty entry. That is because an empty entry will match address
0 in helper_iitlba()
Signed-off-by: Sven Schnelle <sv...@stackframe.org>
---
target/hppa/mem_helper.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/target/hppa/mem_helper.c b/target/hppa/mem_helper.c
index aecf3075f6..f30824f4e1 100644
--- a/target/hppa/mem_helper.c
+++ b/target/hppa/mem_helper.c
@@ -238,15 +238,17 @@ void HELPER(itlba)(CPUHPPAState *env, target_ulong addr,
target_ureg reg)
{
hppa_tlb_entry *empty = NULL;
int i;
-
/* Zap any old entries covering ADDR; notice empty entries on the way. */
for (i = 0; i < ARRAY_SIZE(env->tlb); ++i) {
hppa_tlb_entry *ent = &env->tlb[i];
- if (!ent->entry_valid) {
- empty = ent;
- } else if (ent->va_b <= addr && addr <= ent->va_e) {
- hppa_flush_tlb_ent(env, ent);
- empty = ent;
+ if (ent->va_b <= addr && addr <= ent->va_e) {
+ if (ent->entry_valid) {
+ hppa_flush_tlb_ent(env, ent);
+ }
+
+ if (!empty) {
+ empty = ent;
+ }
}
}
--
2.20.1
