MIPS: Fix tlbwi/tlbwr

In CP0 Index register, bit 31 means 'Probe Failure', while lowest bits
contain the TLB index.

In tlbwi and tlbwr instructions, this Probe Failure bit must be ignored
when reading the TLB index.

Attached patch fixes it.

(Hervé Poussineau)

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5215 c046a42c-6fe2-441c-8c8c-71466251a162
diff --git a/target-mips/op_helper.c b/target-mips/op_helper.c
index da882b8..dcadd03 100644
--- a/target-mips/op_helper.c
+++ b/target-mips/op_helper.c
@@ -1572,13 +1572,17 @@
 
 void r4k_do_tlbwi (void)
 {
+    int idx;
+
+    idx = (env->CP0_Index & ~0x80000000) % env->tlb->nb_tlb;
+
     /* Discard cached TLB entries.  We could avoid doing this if the
        tlbwi is just upgrading access permissions on the current entry;
        that might be a further win.  */
     r4k_mips_tlb_flush_extra (env, env->tlb->nb_tlb);
 
-    r4k_invalidate_tlb(env, env->CP0_Index % env->tlb->nb_tlb, 0);
-    r4k_fill_tlb(env->CP0_Index % env->tlb->nb_tlb);
+    r4k_invalidate_tlb(env, idx, 0);
+    r4k_fill_tlb(idx);
 }
 
 void r4k_do_tlbwr (void)
@@ -1635,9 +1639,11 @@
 {
     r4k_tlb_t *tlb;
     uint8_t ASID;
+    int idx;
 
     ASID = env->CP0_EntryHi & 0xFF;
-    tlb = &env->tlb->mmu.r4k.tlb[env->CP0_Index % env->tlb->nb_tlb];
+    idx = (env->CP0_Index & ~0x80000000) % env->tlb->nb_tlb;
+    tlb = &env->tlb->mmu.r4k.tlb[idx];
 
     /* If this will change the current ASID, flush qemu's TLB.  */
     if (ASID != tlb->ASID)