I was trying to translate a very high virtual address (like 0x0010000000000001) to physical on x86-64 with *paging disabled*. The problem is that the obtained physical page is 0 because PG_ADDRESS_MASK is applied to the pte in the virtual to physical to translation (see target/i386/helper.c:842 in the 2.12.1 branch), cutting out the high bits in the virtual address.
I tried to track back when this mask was introduced in the equation, and I found the commit e7e898a76aa00e2238b119ed2910442b1c3cacdd which replaces PHYS_ADDR_MASK with PG_ADDRESS_MASK and moves the line in a section of code that is executed even if paging is disabled. In my opinion, PG_ADDRESS_MASK should not be applied when paging is disabled, but I would like to have some expert's opinion on this.
