2 files changed, 10 insertions, 13 deletions

diff --git a/linux-user/signal.c b/linux-user/signal.c
index 8d9e6e8410..e6dfe0adfd 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -1843,6 +1843,12 @@ static void target_setup_frame(int usig, struct target_sigaction *ka,
         layout.total_size += sizeof(struct target_aarch64_ctx);
     }
 
+    /* We must always provide at least the standard 4K reserved space,
+     * even if we don't use all of it (this is part of the ABI)
+     */
+    layout.total_size = MAX(layout.total_size,
+                            sizeof(struct target_rt_sigframe));
+
     /* Reserve space for the return code.  On a real system this would
      * be within the VDSO.  So, despite the name this is not a "real"
      * record within the frame.
@@ -1850,12 +1856,6 @@ static void target_setup_frame(int usig, struct target_sigaction *ka,
     fr_ofs = layout.total_size;
     layout.total_size += sizeof(struct target_rt_frame_record);
 
-    /* We must always provide at least the standard 4K reserved space,
-     * even if we don't use all of it (this is part of the ABI)
-     */
-    layout.total_size = MAX(layout.total_size,
-                            sizeof(struct target_rt_sigframe));
-
     frame_addr = get_sigframe(ka, env, layout.total_size);
     trace_user_setup_frame(env, frame_addr);
     if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0)) {
diff --git a/tcg/mips/tcg-target.inc.c b/tcg/mips/tcg-target.inc.c
index 4b55ab8856..ca5f1d4894 100644
--- a/tcg/mips/tcg-target.inc.c
+++ b/tcg/mips/tcg-target.inc.c
@@ -1229,13 +1229,10 @@ static void tcg_out_tlb_load(TCGContext *s, TCGReg base, TCGReg addrl,
     tcg_out_opc_reg(s, ALIAS_PADD, TCG_REG_A0, TCG_REG_A0, TCG_AREG0);
 
     /* Compensate for very large offsets.  */
-    if (add_off >= 0x8000) {
-        /* Most target env are smaller than 32k; none are larger than 64k.
-           Simplify the logic here merely to offset by 0x7ff0, giving us a
-           range just shy of 64k.  Check this assumption.  */
-        QEMU_BUILD_BUG_ON(offsetof(CPUArchState,
-                                   tlb_table[NB_MMU_MODES - 1][1])
-                          > 0x7ff0 + 0x7fff);
+    while (add_off >= 0x8000) {
+        /* Most target env are smaller than 32k, but a few are larger than 64k,
+         * so handle an arbitrarily large offset.
+         */
         tcg_out_opc_imm(s, ALIAS_PADDI, TCG_REG_A0, TCG_REG_A0, 0x7ff0);
         cmp_off -= 0x7ff0;
         add_off -= 0x7ff0;