Re: [PATCH] tpm_tis_sysbus: move PPI memory region setup to realizefn

Tue, 26 May 2026 12:46:10 -0700 

+Richard/Pierrick

On 26/5/26 20:07, Mohammadfaiz Bawa wrote:

On Tue, May 26, 2026 at 11:13 PM Peter Maydell <[email protected]> wrote:


On Tue, 26 May 2026 at 17:49, Mohammadfaiz Bawa <[email protected]> wrote:


memory_region_init_ram_device_ptr() requires the target page
size to be finalized, which has not happened during
instance_init. Calling it from tpm_tis_sysbus_initfn() causes
an assertion failure when the device is introspected without
being realized, for example:

   $ qemu-system-aarch64 -device tpm-tis-device,help
   qemu-system-aarch64: ../system/physmem.c:2524:
   qemu_ram_alloc_internal:
   Assertion 'target_page.decided' failed.
   Aborted (core dumped)

Property introspection only calls instance_init, never
realizefn, so moving the memory region setup to realizefn
avoids the crash while keeping the device fully functional
when actually used in a VM.

Move the PPI buffer allocation, memory_region_init_ram_device_ptr()
and the corresponding sysbus_init_mmio() from
tpm_tis_sysbus_initfn() to tpm_tis_sysbus_realizefn(), placing
them just before the existing vmstate_register_ram() call.

Signed-off-by: Mohammadfaiz Bawa <[email protected]>
---
  hw/tpm/tpm_tis_sysbus.c | 13 ++++++-------
  1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/hw/tpm/tpm_tis_sysbus.c b/hw/tpm/tpm_tis_sysbus.c
index 6bec30c36f..33fe9e332c 100644
--- a/hw/tpm/tpm_tis_sysbus.c
+++ b/hw/tpm/tpm_tis_sysbus.c
@@ -100,7 +100,6 @@ static void tpm_tis_sysbus_initfn(Object *obj)
  {
      TPMStateSysBus *sbdev = TPM_TIS_SYSBUS(obj);
      TPMState *s = &sbdev->state;
-    size_t host_page_size = qemu_real_host_page_size();


This is asking about the host page size, so why does it wind up
asserting about the target page size not being fixed ?

thanks
-- PMM


The host_page_size line itself doesn't cause the crash -
qemu_real_host_page_size() is safe to call anywhere. It was
moved simply because it has no other consumers in initfn.

The actual crash comes from memory_region_init_ram_device_ptr()
- which calls qemu_ram_alloc_internal(). In there, line 2522
evaluates TARGET_PAGE_SIZE: align = MAX(align, TARGET_PAGE_SIZE);

With CONFIG_DEBUG_TCG, TARGET_PAGE_SIZE expands through
TARGET_PAGE_MASK which contains: assert(target_page.decided)

That's where it blows up: the target page size hasn't been
finalized yet during instance_init.

Thanks
-- Faiz



























					Reply via email to