If we execute linux-user code that does the following:
* A = mmap()
* execute code in A
* munmap(A)
* B = mmap(), but mmap returns the same address as A
* execute code in B
we end up executing a stale cached tb that contains translated code
from A, while we want new code from B.
This patch adds a TB flush for mmap'ed regions, before we return them,
avoiding the whole issue.
Reported-by: Peter Maydell <peter.mayd...@linaro.org>
Signed-off-by: Alexander Graf <ag...@suse.de>
---
linux-user/mmap.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 2620f88..390e940 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -587,6 +587,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int
prot,
page_dump(stdout);
printf("\n");
#endif
+ tb_invalidate_phys_page_range(start, start + len, 0);
mmap_unlock();
return start;
fail:
@@ -768,6 +769,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong
old_size,
page_set_flags(old_addr, old_addr + old_size, 0);
page_set_flags(new_addr, new_addr + new_size, prot | PAGE_VALID);
}
+ tb_invalidate_phys_page_range(new_addr, new_addr + new_size, 0);
mmap_unlock();
return new_addr;
}
--
1.6.0.2
