On 2/6/23 20:38, Richard Henderson wrote: > If an instruction straddles a page boundary, and the first page > was ram, but the second page was MMIO, we would abort. Handle > this as if both pages are MMIO, by setting the ram_addr_t for > the first page to -1. > > Reported-by: Sid Manning <sidn...@quicinc.com> > Reported-by: Jørgen Hansen <jorgen.han...@wdc.com> > Signed-off-by: Richard Henderson <richard.hender...@linaro.org> > --- > accel/tcg/translator.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > > diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c > index ef5193c67e..1cf404ced0 100644 > --- a/accel/tcg/translator.c > +++ b/accel/tcg/translator.c > @@ -176,8 +176,16 @@ static void *translator_access(CPUArchState *env, > DisasContextBase *db, > if (host == NULL) { > tb_page_addr_t phys_page = > get_page_addr_code_hostp(env, base, &db->host_addr[1]); > - /* We cannot handle MMIO as second page. */ > - assert(phys_page != -1); > + > + /* > + * If the second page is MMIO, treat as if the first page > + * was MMIO as well, so that we do not cache the TB. > + */ > + if (unlikely(phys_page == -1)) { > + tb_set_page_addr0(tb, -1); > + return NULL; > + } > + > tb_set_page_addr1(tb, phys_page); > #ifdef CONFIG_USER_ONLY > page_protect(end); > -- > 2.34.1 >
Thanks a lot for the quick turnaround. I've verified that the patch resolves the issue we experienced.