From nobody Mon Feb 9 15:29:34 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=sifive.com ARC-Seal: i=1; a=rsa-sha256; t=1769582440; cv=none; d=zohomail.com; s=zohoarc; b=Nc2gF3uaBisgdBPVdEnmz595WQl/rCL+kJb+GSR0CzCshyf3UQoCGAkgdB6je57Lz/6k46iSbZbPJ098NNub7Nh3TnBa8ZEbbXIURq67302N0YbJ4oF5SvrdcXKzg7OYeENT2br34GlV9nrOzDcWLZRGaGxbmDfr831n59+sJ0s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1769582440; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=C1vX8Oa0zQbJhc6oo6JnHi5pnkeeCFy2kauj2VrGdfM=; b=d6hoJ38zalLlTXHXp3XvCuHqg91UGgsa3bj1fDuwDwyZB5KIJ4ysyklLz3Wd+HPz1RvwrnEqbE+1fTXVB5dGeuPTlydEmwKptmuUYuPVXjozbOgZFc41LtSSSnTdTPr0NgA8b15UGkyz0RT1sJ3kMyO2P/1am2VaDjQ/hl179Cg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769582440177539.0298147561554; Tue, 27 Jan 2026 22:40:40 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vkzDS-0004l7-Dr; Wed, 28 Jan 2026 01:39:50 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vkzD1-0004YB-0P for qemu-devel@nongnu.org; Wed, 28 Jan 2026 01:39:24 -0500 Received: from mail-pf1-x42a.google.com ([2607:f8b0:4864:20::42a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vkzCy-0006Vl-Su for qemu-devel@nongnu.org; Wed, 28 Jan 2026 01:39:22 -0500 Received: by mail-pf1-x42a.google.com with SMTP id d2e1a72fcca58-8230f2140beso300503b3a.1 for ; Tue, 27 Jan 2026 22:39:19 -0800 (PST) Received: from hsinchu26.internal.sifive.com ([210.176.154.34]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-c642487f1f5sm1244736a12.0.2026.01.27.22.39.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jan 2026 22:39:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1769582358; x=1770187158; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=C1vX8Oa0zQbJhc6oo6JnHi5pnkeeCFy2kauj2VrGdfM=; b=EuiMv45or0ZoRY2AmAhYFeNPNwTGUm1FyoEiy/QNTuyK/14xGuluJ/WhkS2TgO2IdU Fhxg4+MOlOeijoJ8jadA+p7Y/VAYJQAUNerzKVVED0+X7f4jVot+n3H4xNwU2xYMo0OG WSTkKNraX4QzWO360dAJQMs1+E6CasrUvkj3A0qQx1LuSzRmh/tO/TZZt3J4fd9ttZfF RS9nhFPpINbQdbNm1O12WG+DjWNg342bOOjIy0m85Z+vVC1mepnxrTYmtzjFMk50e1qj txlT4Z5roVK7CFrefcLBh+FbuWxih5Umj13wdA53Qfnb+2eYDjt3TR/2vviUlx4+Kv6F POoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769582358; x=1770187158; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=C1vX8Oa0zQbJhc6oo6JnHi5pnkeeCFy2kauj2VrGdfM=; b=Xx+Ahi4LfUaI+aR3DE2E9BzRI+9hwJWlmrCJz1JrkNRTurGbsPTTXxcnrF0zBw00+9 2GhRdAka3r7ddYvr2mDi3w5G1fjYB0/VieUNjnsM9qI6SUnQv09ay3epvo+2cJykm1i0 yghVOeGlDORIh9SoDvMwIp1ik2XT7JzJCQZ+drQazv4QivNqNaA3mCb4wQrypPdZbj9w kZIUYcrztsXSXB0WRG1FRwpYbt0zQ3VwSWy1NrLyGZWoRfvH0VSqQEHGsNMVORco0o/w xjsuRSOZoCMb6g9CO+8Xh34pNUVqc91KXj7kqiWe/NSbrBEBET6QFN4eov0lxuDzLegD 2kEQ== X-Gm-Message-State: AOJu0Yz4Ow+gvAfPrE7BdKHDNmq+wH+/odFB4VczmCKjIx6dL2yZxCiJ x99RnePnibeYoG/xi3kb7ITwK91vix+Kpj9ldVFaRpc1qMNhy1ImEzDtI/Nf7KDO5kKoyJBEAYE yCHiqRlwPo6YGU0IzOonzRrLmYgwByxQBBB+TUJ3J4vmb9GxEU7PeNZyrIiub5FIlL33IUUiwwH rZHT4OIHDQ4OeW1iY+ImiUYayoTI+DrBBK2D+JSw== X-Gm-Gg: AZuq6aKTJelHDsGS8ixrdHnred4WgU5YiwHKwsLvWzVxN+W6n9sbs2qbG/lQ02w+9UI CXAqwu3ojpjWQOrTZ/ARzvv34zeWEFO/RUsiK8Ny1RXDhAzzrgaxNFlACLsx6uSmlY9LEqhLlvY wlHdtbE6c8Vl1FfB8mlggplSWM94h6Qo+6dHUxzpWZH7qs8pOww/uG3qrPWR7PKInnLefVxxQUj XEYFG5I0uI6Lgk4TXO6fagCdOzWJ6w8JdPMJnfpnbMgCf7TI2BcXriaim31gMAQdnI3WxGLX7RI N5b45qxwkGifcvZ1G11b5vlGF8Cl/GaW/rRS6KrJ7Cpf4kkPCOMEB8K9jG9A5GcOWhy/bbfKREu OJ8kj8/iFDZIpodeKmvKkNOOMEhKufg+Ow6x4y3V5x8sasuY5/sIaB8A/bB1ZmWO6Z4Rugqh4V/ GTDyXPundvifbkQuXFOg3+Fio+BG6uyhJ6 X-Received: by 2002:a05:6a20:918f:b0:38e:9ca2:7e65 with SMTP id adf61e73a8af0-38ec58ec696mr4560874637.0.1769582357982; Tue, 27 Jan 2026 22:39:17 -0800 (PST) From: Jim Shu To: qemu-devel@nongnu.org Cc: Daniel Henrique Barboza , Richard Henderson , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Eduardo Habkost , Marcel Apfelbaum , Yanan Wang , Zhao Liu , Peter Xu , Jim Shu Subject: [PATCH 1/2] accel/tcg: Fix iotlb_to_section() for different AddressSpace Date: Wed, 28 Jan 2026 14:39:06 +0800 Message-ID: <20260128063907.2066100-2-jim.shu@sifive.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260128063907.2066100-1-jim.shu@sifive.com> References: <20260128063907.2066100-1-jim.shu@sifive.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::42a; envelope-from=jim.shu@sifive.com; helo=mail-pf1-x42a.google.com X-Spam_score_int: -4 X-Spam_score: -0.5 X-Spam_bar: / X-Spam_report: (-0.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_SBL=1.623 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @sifive.com) X-ZM-MESSAGEID: 1769582442079158500 Content-Type: text/plain; charset="utf-8" 'CPUTLBEntryFull.xlat_section' stores section_index in last 12 bits to find the correct section when CPU access the IO region over the IOTLB. However, section_index is only unique inside single AddressSpace. If address space translation is over IOMMUMemoryRegion, it could return section from other AddressSpace. 'iotlb_to_section()' API only finds the sections from CPU's AddressSpace so that it couldn't find section in other AddressSpace. Thus, using 'iotlb_to_section()' API will find the wrong section and QEMU will have wrong load/store access. To fix this bug of iotlb_to_section(), store complete MemoryRegionSection pointer in CPUTLBEntryFull to replace the section_index in xlat_section. Rename 'xlat_section' to 'xlat' as we remove last 12 bits section_index inside. Also, since we directly use section pointer in the CPUTLBEntryFull (full->section), we can remove the unused functions: iotlb_to_section(), memory_region_section_get_iotlb(). This bug occurs only when (1) IOMMUMemoryRegion is in the path of CPU access. (2) IOMMUMemoryRegion returns different target_as and the section is in the IO region. Common IOMMU devices don't have this issue since they are only in the path of DMA access. Currently, the bug only occurs when ARM MPC device (hw/misc/tz-mpc.c) returns 'blocked_io_as' to emulate blocked access handling. Upcoming RISC-V wgChecker [1] and IOPMP [2] devices are also affected by this bug. [1] RISC-V WG: https://patchew.org/QEMU/20251021155548.584543-1-jim.shu@sifive.com/ [2] RISC-V IOPMP: https://patchew.org/QEMU/20250312093735.1517740-1-ethan84@andestech.com/ Signed-off-by: Jim Shu Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- accel/tcg/cputlb.c | 32 +++++++++++++++----------------- include/accel/tcg/iommu.h | 15 --------------- include/exec/cputlb.h | 2 +- include/hw/core/cpu.h | 12 +++++++----- system/physmem.c | 25 ------------------------- 5 files changed, 23 insertions(+), 63 deletions(-) diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c index 6900a126827..c61339d10a3 100644 --- a/accel/tcg/cputlb.c +++ b/accel/tcg/cputlb.c @@ -1090,7 +1090,7 @@ void tlb_set_page_full(CPUState *cpu, int mmu_idx, } } else { /* I/O or ROMD */ - iotlb =3D memory_region_section_get_iotlb(cpu, section) + xlat; + iotlb =3D xlat; /* * Writes to romd devices must go through MMIO to enable write. * Reads to romd devices go through the ram_ptr found above, @@ -1141,10 +1141,9 @@ void tlb_set_page_full(CPUState *cpu, int mmu_idx, /* * When memory region is ram, iotlb contains a TARGET_PAGE_BITS * aligned ram_addr_t of the page base of the target RAM. - * Otherwise, iotlb contains - * - a physical section number in the lower TARGET_PAGE_BITS - * - the offset within section->mr of the page base (I/O, ROMD) with = the - * TARGET_PAGE_BITS masked off. + * Otherwise, iotlb contains a TARGET_PAGE_BITS aligned + * offset within section->mr of the page base (I/O, ROMD) + * * We subtract addr_page (which is page aligned and thus won't * disturb the low bits) to give an offset which can be added to the * (non-page-aligned) vaddr of the eventual memory access to get @@ -1154,7 +1153,8 @@ void tlb_set_page_full(CPUState *cpu, int mmu_idx, */ desc->fulltlb[index] =3D *full; full =3D &desc->fulltlb[index]; - full->xlat_section =3D iotlb - addr_page; + full->xlat =3D iotlb - addr_page; + full->section =3D section; full->phys_addr =3D paddr_page; =20 /* Now calculate the new entry */ @@ -1270,14 +1270,14 @@ static inline void cpu_unaligned_access(CPUState *c= pu, vaddr addr, } =20 static MemoryRegionSection * -io_prepare(hwaddr *out_offset, CPUState *cpu, hwaddr xlat, +io_prepare(hwaddr *out_offset, CPUState *cpu, CPUTLBEntryFull *full, MemTxAttrs attrs, vaddr addr, uintptr_t retaddr) { MemoryRegionSection *section; hwaddr mr_offset; =20 - section =3D iotlb_to_section(cpu, xlat, attrs); - mr_offset =3D (xlat & TARGET_PAGE_MASK) + addr; + section =3D full->section; + mr_offset =3D full->xlat + addr; cpu->mem_io_pc =3D retaddr; if (!cpu->neg.can_do_io) { cpu_io_recompile(cpu, retaddr); @@ -1336,7 +1336,7 @@ static bool victim_tlb_hit(CPUState *cpu, size_t mmu_= idx, size_t index, static void notdirty_write(CPUState *cpu, vaddr mem_vaddr, unsigned size, CPUTLBEntryFull *full, uintptr_t retaddr) { - ram_addr_t ram_addr =3D mem_vaddr + full->xlat_section; + ram_addr_t ram_addr =3D mem_vaddr + full->xlat; =20 trace_memory_notdirty_write_access(mem_vaddr, ram_addr, size); =20 @@ -1593,9 +1593,7 @@ bool tlb_plugin_lookup(CPUState *cpu, vaddr addr, int= mmu_idx, =20 /* We must have an iotlb entry for MMIO */ if (tlb_addr & TLB_MMIO) { - MemoryRegionSection *section =3D - iotlb_to_section(cpu, full->xlat_section & ~TARGET_PAGE_MASK, - full->attrs); + MemoryRegionSection *section =3D full->section; data->is_io =3D true; data->mr =3D section->mr; } else { @@ -1981,7 +1979,7 @@ static uint64_t do_ld_mmio_beN(CPUState *cpu, CPUTLBE= ntryFull *full, tcg_debug_assert(size > 0 && size <=3D 8); =20 attrs =3D full->attrs; - section =3D io_prepare(&mr_offset, cpu, full->xlat_section, attrs, add= r, ra); + section =3D io_prepare(&mr_offset, cpu, full, attrs, addr, ra); mr =3D section->mr; =20 BQL_LOCK_GUARD(); @@ -2002,7 +2000,7 @@ static Int128 do_ld16_mmio_beN(CPUState *cpu, CPUTLBE= ntryFull *full, tcg_debug_assert(size > 8 && size <=3D 16); =20 attrs =3D full->attrs; - section =3D io_prepare(&mr_offset, cpu, full->xlat_section, attrs, add= r, ra); + section =3D io_prepare(&mr_offset, cpu, full, attrs, addr, ra); mr =3D section->mr; =20 BQL_LOCK_GUARD(); @@ -2499,7 +2497,7 @@ static uint64_t do_st_mmio_leN(CPUState *cpu, CPUTLBE= ntryFull *full, tcg_debug_assert(size > 0 && size <=3D 8); =20 attrs =3D full->attrs; - section =3D io_prepare(&mr_offset, cpu, full->xlat_section, attrs, add= r, ra); + section =3D io_prepare(&mr_offset, cpu, full, attrs, addr, ra); mr =3D section->mr; =20 BQL_LOCK_GUARD(); @@ -2519,7 +2517,7 @@ static uint64_t do_st16_mmio_leN(CPUState *cpu, CPUTL= BEntryFull *full, tcg_debug_assert(size > 8 && size <=3D 16); =20 attrs =3D full->attrs; - section =3D io_prepare(&mr_offset, cpu, full->xlat_section, attrs, add= r, ra); + section =3D io_prepare(&mr_offset, cpu, full, attrs, addr, ra); mr =3D section->mr; =20 BQL_LOCK_GUARD(); diff --git a/include/accel/tcg/iommu.h b/include/accel/tcg/iommu.h index 90cfd6c0ed1..547f8ea0ef0 100644 --- a/include/accel/tcg/iommu.h +++ b/include/accel/tcg/iommu.h @@ -14,18 +14,6 @@ #include "exec/hwaddr.h" #include "exec/memattrs.h" =20 -/** - * iotlb_to_section: - * @cpu: CPU performing the access - * @index: TCG CPU IOTLB entry - * - * Given a TCG CPU IOTLB entry, return the MemoryRegionSection that - * it refers to. @index will have been initially created and returned - * by memory_region_section_get_iotlb(). - */ -MemoryRegionSection *iotlb_to_section(CPUState *cpu, - hwaddr index, MemTxAttrs attrs); - MemoryRegionSection *address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr, @@ -34,8 +22,5 @@ MemoryRegionSection *address_space_translate_for_iotlb(CP= UState *cpu, MemTxAttrs attrs, int *prot); =20 -hwaddr memory_region_section_get_iotlb(CPUState *cpu, - MemoryRegionSection *section); - #endif =20 diff --git a/include/exec/cputlb.h b/include/exec/cputlb.h index 0d1d46429c9..e599a0f7627 100644 --- a/include/exec/cputlb.h +++ b/include/exec/cputlb.h @@ -44,7 +44,7 @@ void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr= _t length); * @full: the details of the tlb entry * * Add an entry to @cpu tlb index @mmu_idx. All of the fields of - * @full must be filled, except for xlat_section, and constitute + * @full must be filled, except for xlat, and constitute * the complete description of the translated page. * * This is generally called by the target tlb_fill function after diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h index 61da2ea4331..7de576ab602 100644 --- a/include/hw/core/cpu.h +++ b/include/hw/core/cpu.h @@ -219,15 +219,17 @@ typedef uint32_t MMUIdxMap; */ struct CPUTLBEntryFull { /* - * @xlat_section contains: - * - in the lower TARGET_PAGE_BITS, a physical section number - * - with the lower TARGET_PAGE_BITS masked off, an offset which - * must be added to the virtual address to obtain: + * @xlat contains: + * - a TARGET_PAGE_BITS aligned offset which must be added to + * the virtual address to obtain: * + the ram_addr_t of the target RAM (if the physical section * number is PHYS_SECTION_NOTDIRTY or PHYS_SECTION_ROM) * + the offset within the target MemoryRegion (otherwise) */ - hwaddr xlat_section; + hwaddr xlat; + + /* @section contains physical section. */ + MemoryRegionSection *section; =20 /* * @phys_addr contains the physical address in the address space diff --git a/system/physmem.c b/system/physmem.c index b0311f45312..d17596a77fb 100644 --- a/system/physmem.c +++ b/system/physmem.c @@ -747,31 +747,6 @@ translate_fail: return &d->map.sections[PHYS_SECTION_UNASSIGNED]; } =20 -MemoryRegionSection *iotlb_to_section(CPUState *cpu, - hwaddr index, MemTxAttrs attrs) -{ - int asidx =3D cpu_asidx_from_attrs(cpu, attrs); - CPUAddressSpace *cpuas =3D &cpu->cpu_ases[asidx]; - AddressSpaceDispatch *d =3D address_space_to_dispatch(cpuas->as); - int section_index =3D index & ~TARGET_PAGE_MASK; - MemoryRegionSection *ret; - - assert(section_index < d->map.sections_nb); - ret =3D d->map.sections + section_index; - assert(ret->mr); - assert(ret->mr->ops); - - return ret; -} - -/* Called from RCU critical section */ -hwaddr memory_region_section_get_iotlb(CPUState *cpu, - MemoryRegionSection *section) -{ - AddressSpaceDispatch *d =3D flatview_to_dispatch(section->fv); - return section - d->map.sections; -} - #endif /* CONFIG_TCG */ =20 void cpu_address_space_init(CPUState *cpu, int asidx, --=20 2.43.0 From nobody Mon Feb 9 15:29:34 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=sifive.com ARC-Seal: i=1; a=rsa-sha256; t=1769582418; cv=none; d=zohomail.com; s=zohoarc; b=fleYY/4Lf8yMfF2uTyP5M0ZCji3xKqzWkc5hUavDCZr4Jnr2CZ8EbYMbtKo3UMcChBRXFD0SA8SUyetgoTgBbSmREbV7A45/nGUPvWIj1FkPw4vOiJWi+pKmd8d++LcTSb9IFrJQtUhuzkkktOWk1ac5agX8uOD/f0XvQ39d6ag= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1769582418; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Xlz7hyCztKb/ddjMOgK8ThA+NqW4yiGJ0YmFpHJkjZQ=; b=X+5KhyutjEDR7+6eFy1K2hptt/rkWA1XmzTMRUfVVn+E1QhwxMqexQi2c54xBBWyZB1H22Js1vZt41V0krSVxwjnC7H7LtmIYIN5l0rnRysJ/DAp+TZlRBsU+2z496jt1HBV3vrUBi105CkyGmICHAmEvadJME/aM0vOFx3RgIM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769582418481556.8553057023449; Tue, 27 Jan 2026 22:40:18 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vkzDI-0004gm-9F; Wed, 28 Jan 2026 01:39:41 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vkzD2-0004YL-0f for qemu-devel@nongnu.org; Wed, 28 Jan 2026 01:39:24 -0500 Received: from mail-pg1-x543.google.com ([2607:f8b0:4864:20::543]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vkzD0-0006Vv-JH for qemu-devel@nongnu.org; Wed, 28 Jan 2026 01:39:23 -0500 Received: by mail-pg1-x543.google.com with SMTP id 41be03b00d2f7-c05d66dbab2so4364989a12.0 for ; Tue, 27 Jan 2026 22:39:22 -0800 (PST) Received: from hsinchu26.internal.sifive.com ([210.176.154.34]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-c642487f1f5sm1244736a12.0.2026.01.27.22.39.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Jan 2026 22:39:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1769582360; x=1770187160; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Xlz7hyCztKb/ddjMOgK8ThA+NqW4yiGJ0YmFpHJkjZQ=; b=lRSpWw3iC73gRPLGzLAceIWH7BVAg5aT/bmeRJdRUjeQ7U++c5cX1mziHK4f8duPQC XjSBuyIvqj5ciJtWIk7QcHOLIPDy1I4A8FkNGCBK70rBYGHxBxCA3UV+oMT0Fe/xwdDt 2rvCkNs8xKqxibJiukTNLw/q8Beg3pYVCB0tNZ4v74e1nKCKbW9Qsn3QRhMKlfbaRXw4 fyLQIpn5ryDaEcpJjquTMKTjvJwyIhbyqzJ+sBF00e3DKQ/nFWuU8BAp7+dV4ezJ9UWE 1wUgI30ztz84pW8K/9sdofAKzwG/c6dGro5wOg7A+vVlUeV6mEDG8AO51vIkbkm/n0xK K6eA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769582360; x=1770187160; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Xlz7hyCztKb/ddjMOgK8ThA+NqW4yiGJ0YmFpHJkjZQ=; b=NLy8k/jLNlw3I6+qs2U3hW3A4MWxW4EC1+cJVtq+z64n4OHHiGGUgGj01xeQ+wB3MI 2YYjEN6Wv9tKHKgIF8N6dTTGq/0xiN5vHsOSFTbl/5Rt7qIQCCp+Y/mn9+vUke6rnmn4 fcOk1HGCRouSh4XshMn4wffBrIBi80i5Giz21QVIEpeYUidpyqI/qI+b5pN5BBcXNUb7 iti2E4LvswPQbx8C5dEmNJm8uyTbLjr8YH5Ce8TmAdLihIfKM+OyCsyQC21tsyHw6Eyc y0ciFl8r3GMwHQrmrYjxLdy/6Gf5IZ6by6OwgIkDRY6Sl6TYf+/uePEcGvxscSpg3lri SF5w== X-Gm-Message-State: AOJu0YwTx6Emc5SShybxeF5O06xZja4OGi7HotdJlNsYef2H9+y+zXDB kHblkRLo0rmHdhBGCLNjPl43CUNCmd1lqTwkK5s9kKMvWT0m9wExoS81XEpGIgs77xAYeawPQHi Uh6yYZMcCAL6ccN8CAMS9oJVgWB0Ix48BwnbAKEpXuyjBwwHZlQKOEQcdaHe+eaEQRFZec4aJeM 4MsXsKV/E7uBX5ALO9xbf+zdhZWAuB7f3VizYv/ga/ X-Gm-Gg: AZuq6aLD2mlcvsolAbzCEmg/Rdae2QuSMMeH1LHAnRKRqFYDeyF1FWbb1CAWKLw7RRR Npa9MEHLrNIJSh5iWkWHGXwQL3Try6ExR5AL8d7faDj0ruy91ER8Z92PTR6kalGzUTwydrErWE/ ICpF9VlJqfM+yfTNwaYya9p3qJVIG0jWD7BCF+1wzj6CFvevHR0jMn3s5oVXogw7/MMUj2iYXy9 n8NL5LhyIV5CEywy1EHf55pI8rye2Nl/LHZ4Du8yDJ+MC0in2sULf96k0L65fW4qyAOhzABvJqm HVAIEdzjSKxs1qevxgJnYfwNxYONLN5LCMyhrnHf0lw9iJMnCqfGiL4NscSK94Ejq6lgD8+AYiQ AdrhY/i7z3/lQCdi5O9HmpTI+ozE07OliANkUkYmQTKG60zWf9dthWXl8K5TON860IN77lJnMCE wpy3NDE06sqzODiINV3zePx3Uy/5bOrjJA X-Received: by 2002:a05:6a20:918f:b0:34f:1623:2354 with SMTP id adf61e73a8af0-38ec6421854mr4092640637.42.1769582360388; Tue, 27 Jan 2026 22:39:20 -0800 (PST) From: Jim Shu To: qemu-devel@nongnu.org Cc: Daniel Henrique Barboza , Richard Henderson , Paolo Bonzini , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Eduardo Habkost , Marcel Apfelbaum , Yanan Wang , Zhao Liu , Peter Xu , Jim Shu Subject: [PATCH 2/2] system/physmem: Remove the assertion of page-aligned section number Date: Wed, 28 Jan 2026 14:39:07 +0800 Message-ID: <20260128063907.2066100-3-jim.shu@sifive.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260128063907.2066100-1-jim.shu@sifive.com> References: <20260128063907.2066100-1-jim.shu@sifive.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::543; envelope-from=jim.shu@sifive.com; helo=mail-pg1-x543.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @sifive.com) X-ZM-MESSAGEID: 1769582423174154100 Content-Type: text/plain; charset="utf-8" The physical section number is no longer ORed into the IOTLB entries together with a page-aligned pointer, so it no longer needs to be page-aligned. Signed-off-by: Jim Shu --- system/physmem.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/system/physmem.c b/system/physmem.c index d17596a77fb..2fb0c25c93b 100644 --- a/system/physmem.c +++ b/system/physmem.c @@ -1323,12 +1323,6 @@ static subpage_t *subpage_init(FlatView *fv, hwaddr = base); static uint16_t phys_section_add(PhysPageMap *map, MemoryRegionSection *section) { - /* The physical section number is ORed with a page-aligned - * pointer to produce the iotlb entries. Thus it should - * never overflow into the page-aligned value. - */ - assert(map->sections_nb < TARGET_PAGE_SIZE); - if (map->sections_nb =3D=3D map->sections_nb_alloc) { map->sections_nb_alloc =3D MAX(map->sections_nb_alloc * 2, 16); map->sections =3D g_renew(MemoryRegionSection, map->sections, --=20 2.43.0