On 08/10/2025 13:38, Mark Burton wrote:
All, sorry for the wide CC, I’m trying to find somebody who understands this
corder of the code…. This is perhaps a obscure, but I think it should work.
I am trying to access an MMIO region through an IOMMU, from TCG.
The IOMMU translation has provided an address space that is different from the
CPU’s own address space.
In address_space_translate_for_iotlb the section is calculated using the
address space provide by the IOMMU translation.
d = flatview_to_dispatch(address_space_to_flatview(iotlb.target_as));
Later, we come to do the actual access (via e.g. do_st_mmio_leN), and at this
point we pick up the cpu’s address spaces in iotlb_to_section, which is
different, and the recorded section therefore seems to be incorrect.
CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
AddressSpaceDispatch *d = cpuas->memory_dispatch;
int section_index = index & ~TARGET_PAGE_MASK;
MemoryRegionSection *ret;
assert(section_index < d->map.sections_nb);
ret = d->map.sections + section_index;
What I don’t fully understand is how this is supposed to work….?
Have I missed something obvious?
Cheers
Mark.
What version of QEMU are you using? I'm wondering if you're getting
caught out by a variant of this:
https://gitlab.com/qemu-project/qemu/-/issues/3040.
ATB,
Mark.
