Skip to content

QEMU fails an assertion when hitting a breakpoint that is set on a tlb-missed 2-stage translated AArch64 memory

Host environment

  • Operating system: Fedora 36
  • OS/kernel version: 
    6.0.15-200.fc36.x86_64
  • Architecture: x86
  • QEMU flavor: qemu-system-aarch64
  • QEMU version: 7.2.0

Emulated/Virtualized environment

  • Architecture: AArch64

Description of problem

After upgrading to QEMU v7.2.0 from v7.1.0, when hitting an instruction breakpoint on a memory address that is translated by 2 stages of translation, and is not already cached in the TLB, QEMU fails the assertion at target/arm/ptw.c:301 (assert(fi->type != ARMFault_None);).

I believe this was introduced in f3639a64 (@rth7680), since in that commit the failure check for the return value of get_phys_addr_lpae() changed from checking for true (meaning failure) to checking for false (which actually means success).

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information