1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
id = 2647
title = "A code error in accel/tcg/user-exec.c"
state = "closed"
created_at = "2024-11-01T09:37:53.416Z"
closed_at = "2024-11-16T21:18:19.560Z"
labels = ["Closed::Fixed", "kind::Bug", "linux-user"]
url = "https://gitlab.com/qemu-project/qemu/-/issues/2647"
host-os = "n/a"
host-arch = "n/a"
qemu-version = "n/a"
guest-os = "n/a"
guest-arch = "n/a"
description = """accel/tcg/user-exec.c:
```
static int probe_access_internal(CPUArchState *env, vaddr addr,
int fault_size, MMUAccessType access_type,
bool nonfault, uintptr_t ra)
{
int acc_flag;
bool maperr;
switch (access_type) {
case MMU_DATA_STORE:
acc_flag = PAGE_WRITE_ORG;
break;
case MMU_DATA_LOAD:
acc_flag = PAGE_READ;
break;
case MMU_INST_FETCH:
acc_flag = PAGE_EXEC;
break;
default:
g_assert_not_reached();
}
if (guest_addr_valid_untagged(addr)) {
int page_flags = page_get_flags(addr);
if (page_flags & acc_flag) {
if ((acc_flag == PAGE_READ || acc_flag == PAGE_WRITE)
&& cpu_plugin_mem_cbs_enabled(env_cpu(env))) {
return TLB_MMIO;
}
return 0; /* success */
}
maperr = !(page_flags & PAGE_VALID);
} else {
maperr = true;
}
if (nonfault) {
return TLB_INVALID_MASK;
}
cpu_loop_exit_sigsegv(env_cpu(env), addr, access_type, maperr, ra);
}
```
The conditional judgment "acc_flag == PAGE_WRITE" seems to have an issue, because acc_flag can only be PAGE_WRITE_ORG, PAGE_READ or PAGE_EXEC from the previous code."""
reproduce = "n/a"
additional = "n/a"
|