Regression 9.1.0rc2: target/i386/tcg/access.c:18: access_prepare_mmu: Assertion '...' failed.
Host environment
- Operating system: Linux
- OS/kernel version: Linux rodrigo 6.1.0-23-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.99-1 (2024-07-15) x86_64 GNU/Linux
- Architecture: x86_64
- QEMU flavor: qemu-system-x86_64
- QEMU version: QEMU emulator version 9.0.50 (v9.0.0-2240-g8b13106508-dirty)
- QEMU command line:
qemu-system-x86_64 -drive file=visopsys-0.9-usb.img,format=raw
Emulated/Virtualized environment
- Operating system: Visopsys
- OS/kernel version: Visopsys visopsys 0.9 Apr 16 2020 08:28:34 x86_64
- Architecture: x86_64
Description of problem
Executing QEMU command line crashes with
qemu-system-x86_64: ../target/i386/tcg/access.c:18: access_prepare_mmu: Assertion `size > 0 && size <= TARGET_PAGE_SIZE' failed.Steps to reproduce
- Download https://www.qemu-advent-calendar.org/2020/download/day07.tar.gz
- Execute with QEMU command line
Additional information
git bisect finishes with:
8b131065080af3cf2dda04e4e190c5a74fec2f31 is the first bad commit
commit 8b131065080af3cf2dda04e4e190c5a74fec2f31
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue Jun 18 09:13:49 2024 +0200
target/i386/tcg: use X86Access for TSS access
This takes care of probing the vaddr range in advance, and is also faster
because it avoids repeated TLB lookups. It also matches the Intel manual
better, as it says "Checks that the current (old) TSS, new TSS, and all
segment descriptors used in the task switch are paged into system memory";
note however that it's not clear how the processor checks for segment
descriptors, and this check is not included in the AMD manual.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
target/i386/tcg/seg_helper.c | 110 +++++++++++++++++++++++--------------------
1 file changed, 58 insertions(+), 52 deletions(-)