On Tue, May 26, 2026 at 11:13 PM Peter Maydell <[email protected]> wrote: > > On Tue, 26 May 2026 at 17:49, Mohammadfaiz Bawa <[email protected]> wrote: > > > > memory_region_init_ram_device_ptr() requires the target page > > size to be finalized, which has not happened during > > instance_init. Calling it from tpm_tis_sysbus_initfn() causes > > an assertion failure when the device is introspected without > > being realized, for example: > > > > $ qemu-system-aarch64 -device tpm-tis-device,help > > qemu-system-aarch64: ../system/physmem.c:2524: > > qemu_ram_alloc_internal: > > Assertion 'target_page.decided' failed. > > Aborted (core dumped) > > > > Property introspection only calls instance_init, never > > realizefn, so moving the memory region setup to realizefn > > avoids the crash while keeping the device fully functional > > when actually used in a VM. > > > > Move the PPI buffer allocation, memory_region_init_ram_device_ptr() > > and the corresponding sysbus_init_mmio() from > > tpm_tis_sysbus_initfn() to tpm_tis_sysbus_realizefn(), placing > > them just before the existing vmstate_register_ram() call. > > > > Signed-off-by: Mohammadfaiz Bawa <[email protected]> > > --- > > hw/tpm/tpm_tis_sysbus.c | 13 ++++++------- > > 1 file changed, 6 insertions(+), 7 deletions(-) > > > > diff --git a/hw/tpm/tpm_tis_sysbus.c b/hw/tpm/tpm_tis_sysbus.c > > index 6bec30c36f..33fe9e332c 100644 > > --- a/hw/tpm/tpm_tis_sysbus.c > > +++ b/hw/tpm/tpm_tis_sysbus.c > > @@ -100,7 +100,6 @@ static void tpm_tis_sysbus_initfn(Object *obj) > > { > > TPMStateSysBus *sbdev = TPM_TIS_SYSBUS(obj); > > TPMState *s = &sbdev->state; > > - size_t host_page_size = qemu_real_host_page_size(); > > This is asking about the host page size, so why does it wind up > asserting about the target page size not being fixed ? > > thanks > -- PMM
The host_page_size line itself doesn't cause the crash - qemu_real_host_page_size() is safe to call anywhere. It was moved simply because it has no other consumers in initfn. The actual crash comes from memory_region_init_ram_device_ptr() - which calls qemu_ram_alloc_internal(). In there, line 2522 evaluates TARGET_PAGE_SIZE: align = MAX(align, TARGET_PAGE_SIZE); With CONFIG_DEBUG_TCG, TARGET_PAGE_SIZE expands through TARGET_PAGE_MASK which contains: assert(target_page.decided) That's where it blows up: the target page size hasn't been finalized yet during instance_init. Thanks -- Faiz
