Seen on a Sapphire Rapids box with LA57. The top level of the pte array is taken for CR3, so there was one entry too little for 5-level paging.
Signed-off-by: Mohamed Mediouni <[email protected]> --- target/i386/emulate/x86_mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/i386/emulate/x86_mmu.c b/target/i386/emulate/x86_mmu.c index 8261ca1635..4e39bae025 100644 --- a/target/i386/emulate/x86_mmu.c +++ b/target/i386/emulate/x86_mmu.c @@ -56,7 +56,7 @@ static bool is_user(CPUState *cpu) struct gpt_translation { target_ulong gva; uint64_t gpa; - uint64_t pte[5]; + uint64_t pte[6]; }; static int gpt_top_level(CPUState *cpu, bool pae) -- 2.50.1 (Apple Git-155)
