Kirill Martynov reported assertation in cpu_asidx_from_attrs() being hit when x86_cpu_dump_state() is called to dump the CPU state[*]. It happens when the CPU is in SMM and KVM emulation failure due to misbehaving guest.
The root cause is that QEMU i386 never enables the SMM addressspace for cpu since kvm SMM support has been added. Enable the SMM cpu address space under KVM when the SMM is enabled for the x86machine. [*] https://lore.kernel.org/qemu-devel/20250523154431.506993-1-stdcalll...@yandex-team.ru/ Reported-by: Kirill Martynov <stdcalll...@yandex-team.ru> Signed-off-by: Xiaoyao Li <xiaoyao...@intel.com> --- system/physmem.c | 5 ----- target/i386/kvm/kvm-cpu.c | 10 ++++++++++ target/i386/kvm/kvm.c | 5 +++++ 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/system/physmem.c b/system/physmem.c index 130c148ffb5c..76e1c33aab5c 100644 --- a/system/physmem.c +++ b/system/physmem.c @@ -795,9 +795,6 @@ void cpu_address_space_init(CPUState *cpu, int asidx, cpu->as = as; } - /* KVM cannot currently support multiple address spaces. */ - assert(asidx == 0 || !kvm_enabled()); - if (!cpu->cpu_ases) { cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases); cpu->cpu_ases_count = cpu->num_ases; @@ -820,8 +817,6 @@ void cpu_address_space_destroy(CPUState *cpu, int asidx) assert(cpu->cpu_ases); assert(asidx >= 0 && asidx < cpu->num_ases); - /* KVM cannot currently support multiple address spaces. */ - assert(asidx == 0 || !kvm_enabled()); cpuas = &cpu->cpu_ases[asidx]; if (tcg_enabled()) { diff --git a/target/i386/kvm/kvm-cpu.c b/target/i386/kvm/kvm-cpu.c index 89a795365945..aa657c2a4627 100644 --- a/target/i386/kvm/kvm-cpu.c +++ b/target/i386/kvm/kvm-cpu.c @@ -13,6 +13,7 @@ #include "qapi/error.h" #include "system/system.h" #include "hw/boards.h" +#include "hw/i386/x86.h" #include "kvm_i386.h" #include "accel/accel-cpu-target.h" @@ -91,6 +92,15 @@ static bool kvm_cpu_realizefn(CPUState *cs, Error **errp) kvm_set_guest_phys_bits(cs); } + /* + * When SMM is enabled, there is 2 address spaces. Otherwise only 1. + * + * Only init address space 0 here, the second one for SMM is initialized at + * register_smram_listener() after machine init done. + */ + cs->num_ases = x86_machine_is_smm_enabled(X86_MACHINE(current_machine)) ? 2 : 1; + cpu_address_space_init(cs, 0, "cpu-mmeory", cs->memory); + return true; } diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 369626f8c8d7..47fb5c673c8e 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -2704,6 +2704,7 @@ static MemoryRegion smram_as_mem; static void register_smram_listener(Notifier *n, void *unused) { + CPUState *cpu; MemoryRegion *smram = (MemoryRegion *) object_resolve_path("/machine/smram", NULL); @@ -2728,6 +2729,10 @@ static void register_smram_listener(Notifier *n, void *unused) address_space_init(&smram_address_space, &smram_as_root, "KVM-SMRAM"); kvm_memory_listener_register(kvm_state, &smram_listener, &smram_address_space, 1, "kvm-smram"); + + CPU_FOREACH(cpu) { + cpu_address_space_init(cpu, 1, "cpu-smm", &smram_as_root); + } } static void *kvm_msr_energy_thread(void *data) -- 2.43.0
