[PATCH v2 00/25] Handle sub-page granularity in cpu_memory_rw_debug()

[PATCH v2 00/25] Handle sub-page granularity in cpu_memory_rw_debug()

[Peter Maydell]

A while back we added support for targets having memory protection at
a sub-page granularity in TCG: the target returns a CPUTLBEntryFull
with a lg_page_size field that tells TCG how big a block of memory the
translation covers. At the moment we only use this in Arm, for the
M-profile and R-profile MPU which can set protections on small regions
of memory.

However, we forgot about cpu_memory_rw_debug(), which still assumes
that translations cover target-page sized regions. It rounds the input
virtual address down to a page boundary, translates that, and then
puts the offset within the page back in again. This causes problems
for the Arm MPU case, because if the MPU is set up so that the memory
at the rounded-down address isn't within a valid region then we
incorrectly conclude that we can't read the memory at the address we
were actually asked about.
https://gitlab.com/qemu-project/qemu/-/work_items/3292 is a report of
this for the semihosting case, but it applies also to general debug
accesses.

This series fixes this by providing and using a new
cpu_translate_for_debug() function which takes a non-page-aligned
virtual address and returns all of:
 - the exact physical address for that virtual address
 - the memory attributes
 - the lg_page_size the translation is valid for

Changes in v2:
 - I noticed that I'd missed that a vapic.c callsite currently relies
   on the i386 "always return a page-aligned result" behaviour;
   patch 1 is new and makes it work with both "returns the page
   address" and "returns the exact adress"
 - fixed a TARGET_PAGE_BITS/TARGET_PAGE_SIZE mixup pointed out
   in code review
 - in the arm translate_for_debug patch, name a (preexisting) bool
   variable 'fault' rather than 'ret' to help clarify that it is
   true-on-failure
 - the last 7 patches are new, and update callers of
   cpu_get_phys_addr_debug() to use the new cpu_translate_for_debug();
   this means we can remove cpu_get_phys_addr_debug() and
   cpu_get_phys_addr_attrs_debug(), so there is only one API
   now for doing debug virt-to-phys translations

Further cleanup for once this series is accepted:
 - we could convert the 15 targets using get_phys_addr_debug and the
   two using get_phys_addr_attrs_debug to translate_for_debug, so we
   only have one CPU method for phys-to-virt translations instead of
   three

Patches 1, 18, and 19-25 need review.

thanks
-- PMM

Peter Maydell (25):
  hw/i386/vapic: Cope with non-page-aligned return from
    cpu_get_phys_page_debug()
  target/riscv: Make get_phys_page_debug handle non-page-aligned addrs
  target/alpha: Make get_phys_page_debug handle non-page-aligned addrs
  target/microblaze: Make get_phys_page_attrs_debug handle
    non-page-aligned addrs
  target/sparc: Make get_phys_page_debug handle non-page-aligned addrs
  target/x86: Make get_phys_page_attrs_debug handle non-page-aligned
    addrs
  target/s390x: Make get_phys_page_debug handle non-page-aligned addrs
  target/ppc: Make get_phys_page_debug handle non-page-aligned addrs
  target: Rename get_phys_page_debug to get_phys_addr_debug
  target: Rename cpu_get_phys_page_{,attrs_}debug
  hw/core: Update docs for get_phys_addr_{attrs_,}debug
  target/arm: Rename arm_cpu_get_phys_page()
  monitor: hmp_gva2gpa: Don't page-align cpu_get_phys_addr_debug() arg
    and return
  plugins/api.c: Trust cpu_get_phys_addr_debug() return address
  hw/core: Implement new cpu_translate_for_debug()
  hw/core: Implement cpu_get_phys_addr_attrs_debug() with
    cpu_translate_for_debug()
  target/arm: Implement translate_for_debug
  system/physmem: Use translate_for_debug() in cpu_memory_rw_debug()
  hw/i386/vapic.c: Use cpu_translate_for_debug()
  target/sparc: Use cpu_translate_for_debug()
  hw/xtensa: Use cpu_translate_for_debug()
  target/xtensa/xtensa-semi: Use cpu_translate_for_debug()
  monitor/hmp-cmds: Use cpu_translate_for_debug()
  plugins/api.c: Use cpu_translate_for_debug()
  Remove cpu_get_phys_addr_debug() and cpu_get_phys_addr_attrs_debug()

 hw/core/cpu-system.c             | 47 ++++++++++++++++++--------------
 hw/i386/vapic.c                  | 13 +++++----
 hw/xtensa/sim.c                  |  6 +++-
 hw/xtensa/xtfpga.c               |  6 +++-
 include/hw/core/cpu.h            | 40 +++++++++++++++------------
 include/hw/core/sysemu-cpu-ops.h | 39 ++++++++++++++++++++++----
 monitor/hmp-cmds.c               |  8 ++----
 plugins/api.c                    |  8 +++---
 system/physmem.c                 | 38 ++++++++++++++++----------
 target/alpha/cpu.c               |  2 +-
 target/alpha/cpu.h               |  2 +-
 target/alpha/helper.c            |  3 +-
 target/arm/cpu.c                 |  2 +-
 target/arm/cpu.h                 |  3 --
 target/arm/internals.h           |  4 +++
 target/arm/ptw.c                 | 39 +++++++++++++++-----------
 target/avr/cpu.c                 |  2 +-
 target/avr/cpu.h                 |  2 +-
 target/avr/helper.c              |  2 +-
 target/hppa/cpu.c                |  2 +-
 target/hppa/cpu.h                |  2 +-
 target/hppa/mem_helper.c         |  2 +-
 target/i386/cpu.c                |  2 +-
 target/i386/cpu.h                |  2 +-
 target/i386/helper.c             |  4 +--
 target/i386/whpx/whpx-all.c      |  2 +-
 target/loongarch/cpu-mmu.h       |  2 +-
 target/loongarch/cpu.c           |  2 +-
 target/loongarch/cpu_helper.c    |  2 +-
 target/m68k/cpu.c                |  2 +-
 target/m68k/cpu.h                |  2 +-
 target/m68k/helper.c             |  2 +-
 target/microblaze/cpu.c          |  2 +-
 target/microblaze/cpu.h          |  2 +-
 target/microblaze/helper.c       | 11 ++++----
 target/mips/cpu.c                |  2 +-
 target/mips/internal.h           |  2 +-
 target/mips/system/physaddr.c    |  2 +-
 target/or1k/cpu.c                |  2 +-
 target/or1k/cpu.h                |  2 +-
 target/or1k/mmu.c                |  2 +-
 target/ppc/cpu.h                 |  2 +-
 target/ppc/cpu_init.c            |  2 +-
 target/ppc/mmu-hash32.c          |  2 +-
 target/ppc/mmu_common.c          |  4 +--
 target/riscv/cpu.c               |  2 +-
 target/riscv/cpu.h               |  2 +-
 target/riscv/cpu_helper.c        |  4 +--
 target/rx/cpu.c                  |  2 +-
 target/rx/cpu.h                  |  2 +-
 target/rx/helper.c               |  2 +-
 target/s390x/cpu-system.c        |  2 +-
 target/s390x/helper.c            | 20 ++++----------
 target/s390x/s390x-internal.h    |  1 -
 target/sh4/cpu.c                 |  2 +-
 target/sh4/cpu.h                 |  2 +-
 target/sh4/helper.c              |  2 +-
 target/sparc/cpu.c               |  2 +-
 target/sparc/cpu.h               |  2 +-
 target/sparc/mmu_helper.c        | 23 ++++++++++++----
 target/tricore/cpu.c             |  2 +-
 target/tricore/cpu.h             |  2 +-
 target/tricore/helper.c          |  2 +-
 target/xtensa/cpu.c              |  2 +-
 target/xtensa/cpu.h              |  2 +-
 target/xtensa/mmu_helper.c       |  2 +-
 target/xtensa/xtensa-semi.c      |  9 ++++--
 67 files changed, 246 insertions(+), 176 deletions(-)

-- 
2.43.0

[PATCH v2 01/25] hw/i386/vapic: Cope with non-page-aligned return from cpu_get_phys_page_debug()

[Peter Maydell]

Currently the i386 implementation of get_phys_page_debug() always
returns an address aligned to a page boundary, and the vapic.c code
assumes this: it adds back in the page offset after the call.  Change
this to OR in the page offset, so that it works whether
cpu_get_phys_page_debug() returns the page address or the exact
physical address. This will mean the code continues to work when
we change the semantics to standardize on "return exact
physical address".

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/i386/vapic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/i386/vapic.c b/hw/i386/vapic.c
index 1acb9f91b2..3738031a05 100644
--- a/hw/i386/vapic.c
+++ b/hw/i386/vapic.c
@@ -309,7 +309,7 @@ static int update_rom_mapping(VAPICROMState *s, CPUX86State *env, target_ulong i
     if (paddr == -1) {
         return -1;
     }
-    paddr += rom_state_vaddr & ~TARGET_PAGE_MASK;
+    paddr |= rom_state_vaddr & ~TARGET_PAGE_MASK;
     if (paddr != s->rom_state_paddr) {
         return -1;
     }
-- 
2.43.0

Re: [PATCH v2 01/25] hw/i386/vapic: Cope with non-page-aligned return from cpu_get_phys_page_debug()

[Philippe Mathieu-Daudé]

On 30/4/26 11:37, Peter Maydell wrote:
> Currently the i386 implementation of get_phys_page_debug() always
> returns an address aligned to a page boundary, and the vapic.c code
> assumes this: it adds back in the page offset after the call.  Change
> this to OR in the page offset, so that it works whether
> cpu_get_phys_page_debug() returns the page address or the exact
> physical address. This will mean the code continues to work when
> we change the semantics to standardize on "return exact
> physical address".
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   hw/i386/vapic.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Re: [PATCH v2 01/25] hw/i386/vapic: Cope with non-page-aligned return from cpu_get_phys_page_debug()

[Richard Henderson]

On 4/30/26 19:37, Peter Maydell wrote:
> Currently the i386 implementation of get_phys_page_debug() always
> returns an address aligned to a page boundary, and the vapic.c code
> assumes this: it adds back in the page offset after the call.  Change
> this to OR in the page offset, so that it works whether
> cpu_get_phys_page_debug() returns the page address or the exact
> physical address. This will mean the code continues to work when
> we change the semantics to standardize on "return exact
> physical address".
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   hw/i386/vapic.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/i386/vapic.c b/hw/i386/vapic.c
> index 1acb9f91b2..3738031a05 100644
> --- a/hw/i386/vapic.c
> +++ b/hw/i386/vapic.c
> @@ -309,7 +309,7 @@ static int update_rom_mapping(VAPICROMState *s, CPUX86State *env, target_ulong i
>       if (paddr == -1) {
>           return -1;
>       }
> -    paddr += rom_state_vaddr & ~TARGET_PAGE_MASK;
> +    paddr |= rom_state_vaddr & ~TARGET_PAGE_MASK;
>       if (paddr != s->rom_state_paddr) {
>           return -1;
>       }

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

Re: [PATCH v2 01/25] hw/i386/vapic: Cope with non-page-aligned return from cpu_get_phys_page_debug()

[Alex Bennée]

Peter Maydell <peter.maydell@linaro.org> writes:

> Currently the i386 implementation of get_phys_page_debug() always
> returns an address aligned to a page boundary, and the vapic.c code
> assumes this: it adds back in the page offset after the call.  Change
> this to OR in the page offset, so that it works whether
> cpu_get_phys_page_debug() returns the page address or the exact
> physical address. This will mean the code continues to work when
> we change the semantics to standardize on "return exact
> physical address".
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

-- 
Alex Bennée
Virtualisation Tech Lead @ Linaro

[PATCH v2 02/25] target/riscv: Make get_phys_page_debug handle non-page-aligned addrs

[Peter Maydell]

Currently our implementations of SysemuCPUOps::get_phys_page_debug
and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
non-page-aligned virtual address and returns the corresponding
non-page-aligned physical address" and "only returns a page-aligned
physical address".  This is awkward for callsites, which in practice
all want the physical address for an arbitrary virtual address and
have to work around the possibility of getting a page-aligned
address, and it doesn't account for protection being possibly on a
sub-page-sized granularity.  We want to standardize on the
implementation having to handle non-page-aligned addresses.

The only thing in the riscv implementation that we need to fix
is the place where we explicitly round the return value down to
a page boundary before returning it. Drop that.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Chao Liu <chao.liu.zevorn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260417173105.1648172-2-peter.maydell@linaro.org
---
 target/riscv/cpu_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index dd6c861a90..475e9cfd57 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -1677,7 +1677,7 @@ hwaddr riscv_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
         }
     }
 
-    return phys_addr & TARGET_PAGE_MASK;
+    return phys_addr;
 }
 
 void riscv_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
-- 
2.43.0

[PATCH v2 03/25] target/alpha: Make get_phys_page_debug handle non-page-aligned addrs

[Peter Maydell]

Currently our implementations of SysemuCPUOps::get_phys_page_debug
and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
non-page-aligned virtual address and returns the corresponding
non-page-aligned physical address" and "only returns a page-aligned
physical address".  This is awkward for callsites, which in practice
all want the physical address for an arbitrary virtual address and
have to work around the possibility of getting a page-aligned
address, and it doesn't account for protection being possibly on a
sub-page-sized granularity.  We want to standardize on the
implementation having to handle non-page-aligned addresses.

For alpha, the get_physical_address() function accepts arbitrary
input addresses but may return an output rounded down to a page
boundary, so in alpha_cpu_get_phys_page_debug() we OR the within-page
offset into it before returning it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260417173105.1648172-3-peter.maydell@linaro.org
---
 target/alpha/helper.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/alpha/helper.c b/target/alpha/helper.c
index 179dc2dc7a..af6d7847d5 100644
--- a/target/alpha/helper.c
+++ b/target/alpha/helper.c
@@ -301,6 +301,7 @@ hwaddr alpha_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
     int prot, fail;
 
     fail = get_physical_address(cpu_env(cs), addr, 0, 0, &phys, &prot);
+    phys |= addr & ~TARGET_PAGE_MASK;
     return (fail >= 0 ? -1 : phys);
 }
 
-- 
2.43.0

[PATCH v2 04/25] target/microblaze: Make get_phys_page_attrs_debug handle non-page-aligned addrs

[Peter Maydell]

Currently our implementations of SysemuCPUOps::get_phys_page_debug
and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
non-page-aligned virtual address and returns the corresponding
non-page-aligned physical address" and "only returns a page-aligned
physical address".  This is awkward for callsites, which in practice
all want the physical address for an arbitrary virtual address and
have to work around the possibility of getting a page-aligned
address, and it doesn't account for protection being possibly on a
sub-page-sized granularity.  We want to standardize on the
implementation having to handle non-page-aligned addresses.

For microblaze, we just need to remove the explicit rounding down to
the page boundary that we were doing in
mb_cpu_get_phys_page_attrs_debug() when calculating the output
physaddr from the results of the MMU lookup.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260417173105.1648172-4-peter.maydell@linaro.org
---
 target/microblaze/helper.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/target/microblaze/helper.c b/target/microblaze/helper.c
index a1857b7217..da8abe063e 100644
--- a/target/microblaze/helper.c
+++ b/target/microblaze/helper.c
@@ -284,7 +284,6 @@ hwaddr mb_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
                                         MemTxAttrs *attrs)
 {
     MicroBlazeCPU *cpu = MICROBLAZE_CPU(cs);
-    vaddr vaddr;
     hwaddr paddr = 0;
     MicroBlazeMMULookup lu;
     int mmu_idx = cpu_mmu_index(cs, false);
@@ -297,12 +296,12 @@ hwaddr mb_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
     if (mmu_idx != MMU_NOMMU_IDX) {
         hit = mmu_translate(cpu, &lu, addr, 0, 0);
         if (hit) {
-            vaddr = addr & TARGET_PAGE_MASK;
-            paddr = lu.paddr + vaddr - lu.vaddr;
+            paddr = lu.paddr + addr - lu.vaddr;
         } else
             paddr = 0; /* ???.  */
-    } else
-        paddr = addr & TARGET_PAGE_MASK;
+    } else {
+        paddr = addr;
+    }
 
     return paddr;
 }
-- 
2.43.0

Re: [PATCH v2 04/25] target/microblaze: Make get_phys_page_attrs_debug handle non-page-aligned addrs

[Alex Bennée]

Peter Maydell <peter.maydell@linaro.org> writes:

> Currently our implementations of SysemuCPUOps::get_phys_page_debug
> and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
> non-page-aligned virtual address and returns the corresponding
> non-page-aligned physical address" and "only returns a page-aligned
> physical address".  This is awkward for callsites, which in practice
> all want the physical address for an arbitrary virtual address and
> have to work around the possibility of getting a page-aligned
> address, and it doesn't account for protection being possibly on a
> sub-page-sized granularity.  We want to standardize on the
> implementation having to handle non-page-aligned addresses.
>
> For microblaze, we just need to remove the explicit rounding down to
> the page boundary that we were doing in
> mb_cpu_get_phys_page_attrs_debug() when calculating the output
> physaddr from the results of the MMU lookup.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
> Message-id: 20260417173105.1648172-4-peter.maydell@linaro.org

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

-- 
Alex Bennée
Virtualisation Tech Lead @ Linaro

[PATCH v2 05/25] target/sparc: Make get_phys_page_debug handle non-page-aligned addrs

[Peter Maydell]

Currently our implementations of SysemuCPUOps::get_phys_page_debug
and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
non-page-aligned virtual address and returns the corresponding
non-page-aligned physical address" and "only returns a page-aligned
physical address".  This is awkward for callsites, which in practice
all want the physical address for an arbitrary virtual address and
have to work around the possibility of getting a page-aligned
address, and it doesn't account for protection being possibly on a
sub-page-sized granularity.  We want to standardize on the
implementation having to handle non-page-aligned addresses.

The sparc TLB lookup code can handle non-aligned input addresses but
will return page-aligned results.  Rather than attempting to change
the internals of the lookup code, we take the simple approach of
ORing the page offset back into the phys_addr result.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260417173105.1648172-5-peter.maydell@linaro.org
---
 target/sparc/mmu_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/sparc/mmu_helper.c b/target/sparc/mmu_helper.c
index a6f76a1ab7..25f8a85fae 100644
--- a/target/sparc/mmu_helper.c
+++ b/target/sparc/mmu_helper.c
@@ -913,7 +913,7 @@ hwaddr sparc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
             return -1;
         }
     }
-    return phys_addr;
+    return phys_addr | (addr & ~TARGET_PAGE_MASK);
 }
 
 G_NORETURN void sparc_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
-- 
2.43.0

[PATCH v2 06/25] target/x86: Make get_phys_page_attrs_debug handle non-page-aligned addrs

[Peter Maydell]

Currently our implementations of SysemuCPUOps::get_phys_page_debug
and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
non-page-aligned virtual address and returns the corresponding
non-page-aligned physical address" and "only returns a page-aligned
physical address".  This is awkward for callsites, which in practice
all want the physical address for an arbitrary virtual address and
have to work around the possibility of getting a page-aligned
address, and it doesn't account for protection being possibly on a
sub-page-sized granularity.  We want to standardize on the
implementation having to handle non-page-aligned addresses.

For x86 this is simple: we just need to stop rounding down the
input address to a TARGET_PAGE boundary when calculating the
result to return.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260417173105.1648172-6-peter.maydell@linaro.org
---
 target/i386/helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/i386/helper.c b/target/i386/helper.c
index c397a6fde5..108b02396d 100644
--- a/target/i386/helper.c
+++ b/target/i386/helper.c
@@ -372,7 +372,7 @@ hwaddr x86_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
 out:
 #endif
     pte &= PG_ADDRESS_MASK & ~(page_size - 1);
-    page_offset = (addr & TARGET_PAGE_MASK) & (page_size - 1);
+    page_offset = addr & (page_size - 1);
     return pte | page_offset;
 }
 
-- 
2.43.0

[PATCH v2 07/25] target/s390x: Make get_phys_page_debug handle non-page-aligned addrs

[Peter Maydell]

Currently our implementations of SysemuCPUOps::get_phys_page_debug
and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
non-page-aligned virtual address and returns the corresponding
non-page-aligned physical address" and "only returns a page-aligned
physical address".  This is awkward for callsites, which in practice
all want the physical address for an arbitrary virtual address and
have to work around the possibility of getting a page-aligned
address, and it doesn't account for protection being possibly on a
sub-page-sized granularity.  We want to standardize on the
implementation having to handle non-page-aligned addresses.

s390x already has an implementation of "give me the actual physical
address, not rounded down", in s390_get_phys_addr_debug(), so we can
use this for the SysemuCPUOps::get_phys_page_debug method, and merge
the s390_cpu_get_phys_page_debug() function into
s390_get_phys_addr_debug() which is now its only caller.

This leaves the function implementing the method with a name
that doesn't match the method name, but we will fix that shortly
by renaming the method to *_addr_* for all targets.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260417173105.1648172-7-peter.maydell@linaro.org
---
 target/s390x/cpu-system.c     |  2 +-
 target/s390x/helper.c         | 20 +++++---------------
 target/s390x/s390x-internal.h |  1 -
 3 files changed, 6 insertions(+), 17 deletions(-)

diff --git a/target/s390x/cpu-system.c b/target/s390x/cpu-system.c
index 881171d71a..c133b0c262 100644
--- a/target/s390x/cpu-system.c
+++ b/target/s390x/cpu-system.c
@@ -176,7 +176,7 @@ void s390_cpu_finalize(Object *obj)
 
 static const struct SysemuCPUOps s390_sysemu_ops = {
     .has_work = s390_cpu_has_work,
-    .get_phys_page_debug = s390_cpu_get_phys_page_debug,
+    .get_phys_page_debug = s390_cpu_get_phys_addr_debug,
     .get_crash_info = s390_cpu_get_crash_info,
     .write_elf64_note = s390_cpu_write_elf64_note,
     .legacy_vmsd = &vmstate_s390_cpu,
diff --git a/target/s390x/helper.c b/target/s390x/helper.c
index 667d4a0da7..1a2658eaf9 100644
--- a/target/s390x/helper.c
+++ b/target/s390x/helper.c
@@ -39,7 +39,7 @@ void s390x_cpu_timer(void *opaque)
     cpu_inject_cpu_timer((S390CPU *) opaque);
 }
 
-hwaddr s390_cpu_get_phys_page_debug(CPUState *cs, vaddr vaddr)
+hwaddr s390_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     S390CPU *cpu = S390_CPU(cs);
     CPUS390XState *env = &cpu->env;
@@ -47,10 +47,11 @@ hwaddr s390_cpu_get_phys_page_debug(CPUState *cs, vaddr vaddr)
     int prot;
     uint64_t asc = env->psw.mask & PSW_MASK_ASC;
     uint64_t tec;
+    vaddr page = addr & TARGET_PAGE_MASK;
 
     /* 31-Bit mode */
     if (!(env->psw.mask & PSW_MASK_64)) {
-        vaddr &= 0x7fffffff;
+        page &= 0x7fffffff;
     }
 
     /* We want to read the code (e.g., see what we are single-stepping).*/
@@ -62,24 +63,13 @@ hwaddr s390_cpu_get_phys_page_debug(CPUState *cs, vaddr vaddr)
      * We want to read code even if IEP is active. Use MMU_DATA_LOAD instead
      * of MMU_INST_FETCH.
      */
-    if (mmu_translate(env, vaddr, MMU_DATA_LOAD, asc, &raddr, &prot, &tec)) {
+    if (mmu_translate(env, page, MMU_DATA_LOAD, asc, &raddr, &prot, &tec)) {
         return -1;
     }
+    raddr += (addr & ~TARGET_PAGE_MASK);
     return raddr;
 }
 
-hwaddr s390_cpu_get_phys_addr_debug(CPUState *cs, vaddr v_addr)
-{
-    hwaddr phys_addr;
-    vaddr page;
-
-    page = v_addr & TARGET_PAGE_MASK;
-    phys_addr = cpu_get_phys_page_debug(cs, page);
-    phys_addr += (v_addr & ~TARGET_PAGE_MASK);
-
-    return phys_addr;
-}
-
 static inline bool is_special_wait_psw(uint64_t psw_addr)
 {
     /* signal quiesce */
diff --git a/target/s390x/s390x-internal.h b/target/s390x/s390x-internal.h
index 40850bcdc4..e7e4f2b45d 100644
--- a/target/s390x/s390x-internal.h
+++ b/target/s390x/s390x-internal.h
@@ -321,7 +321,6 @@ void do_restart_interrupt(CPUS390XState *env);
 void s390x_tod_timer(void *opaque);
 void s390x_cpu_timer(void *opaque);
 void s390_handle_wait(S390CPU *cpu);
-hwaddr s390_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
 hwaddr s390_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 LowCore *cpu_map_lowcore(CPUS390XState *env);
 void cpu_unmap_lowcore(CPUS390XState *env, LowCore *lowcore);
-- 
2.43.0

Re: [PATCH v2 07/25] target/s390x: Make get_phys_page_debug handle non-page-aligned addrs

[Philippe Mathieu-Daudé]

On 30/4/26 11:37, Peter Maydell wrote:
> Currently our implementations of SysemuCPUOps::get_phys_page_debug
> and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
> non-page-aligned virtual address and returns the corresponding
> non-page-aligned physical address" and "only returns a page-aligned
> physical address".  This is awkward for callsites, which in practice
> all want the physical address for an arbitrary virtual address and
> have to work around the possibility of getting a page-aligned
> address, and it doesn't account for protection being possibly on a
> sub-page-sized granularity.  We want to standardize on the
> implementation having to handle non-page-aligned addresses.
> 
> s390x already has an implementation of "give me the actual physical
> address, not rounded down", in s390_get_phys_addr_debug(), so we can
> use this for the SysemuCPUOps::get_phys_page_debug method, and merge
> the s390_cpu_get_phys_page_debug() function into
> s390_get_phys_addr_debug() which is now its only caller.
> 
> This leaves the function implementing the method with a name
> that doesn't match the method name, but we will fix that shortly
> by renaming the method to *_addr_* for all targets.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com>
> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
> Message-id: 20260417173105.1648172-7-peter.maydell@linaro.org
> ---
>   target/s390x/cpu-system.c     |  2 +-
>   target/s390x/helper.c         | 20 +++++---------------
>   target/s390x/s390x-internal.h |  1 -
>   3 files changed, 6 insertions(+), 17 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

[PATCH v2 08/25] target/ppc: Make get_phys_page_debug handle non-page-aligned addrs

[Peter Maydell]

Currently our implementations of SysemuCPUOps::get_phys_page_debug
and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
non-page-aligned virtual address and returns the corresponding
non-page-aligned physical address" and "only returns a page-aligned
physical address".  This is awkward for callsites, which in practice
all want the physical address for an arbitrary virtual address and
have to work around the possibility of getting a page-aligned
address, and it doesn't account for protection being possibly on a
sub-page-sized granularity.  We want to standardize on the
implementation having to handle non-page-aligned addresses.

The ppc_xlate() function can accept a non-page-aligned input but may
return a page-aligned output; we take the simple approach of ORing
the page offset back into the result address after calling it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260417173105.1648172-8-peter.maydell@linaro.org
---
 target/ppc/mmu_common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 52d48615ac..a1345df716 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -863,7 +863,7 @@ hwaddr ppc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
                   ppc_env_mmu_index(&cpu->env, false), false) ||
         ppc_xlate(cpu, addr, MMU_INST_FETCH, &raddr, &s, &p,
                   ppc_env_mmu_index(&cpu->env, true), false)) {
-        return raddr & TARGET_PAGE_MASK;
+        return raddr | (addr & ~TARGET_PAGE_MASK);
     }
     return -1;
 }
-- 
2.43.0

Re: [PATCH v2 08/25] target/ppc: Make get_phys_page_debug handle non-page-aligned addrs

[Miles Glenn]

Reviewed-by: Glenn Miles <milesg@linux.ibm.com>

Thanks,

Glenn

On Thu, 2026-04-30 at 10:37 +0100, Peter Maydell wrote:
> Currently our implementations of SysemuCPUOps::get_phys_page_debug
> and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
> non-page-aligned virtual address and returns the corresponding
> non-page-aligned physical address" and "only returns a page-aligned
> physical address".  This is awkward for callsites, which in practice
> all want the physical address for an arbitrary virtual address and
> have to work around the possibility of getting a page-aligned
> address, and it doesn't account for protection being possibly on a
> sub-page-sized granularity.  We want to standardize on the
> implementation having to handle non-page-aligned addresses.
> 
> The ppc_xlate() function can accept a non-page-aligned input but may
> return a page-aligned output; we take the simple approach of ORing
> the page offset back into the result address after calling it.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
> Message-id: 20260417173105.1648172-8-peter.maydell@linaro.org
> ---
>  target/ppc/mmu_common.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index 52d48615ac..a1345df716 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -863,7 +863,7 @@ hwaddr ppc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
>                    ppc_env_mmu_index(&cpu->env, false), false) ||
>          ppc_xlate(cpu, addr, MMU_INST_FETCH, &raddr, &s, &p,
>                    ppc_env_mmu_index(&cpu->env, true), false)) {
> -        return raddr & TARGET_PAGE_MASK;
> +        return raddr | (addr & ~TARGET_PAGE_MASK);
>      }
>      return -1;
>  }

[PATCH v2 09/25] target: Rename get_phys_page_debug to get_phys_addr_debug

[Peter Maydell]

Now that we have ensured that all implementations of the get_phys_page_debug
method handle a non-page-aligned input and return the corresponding
non-page-aligned output, the name of the method is somewhat misleading.
Rename it to get_phys_addr_debug.

This commit was produced with the commands

 sed -i -e 's/_cpu_get_phys_page_debug/_cpu_get_phys_addr_debug/g;s/\<get_phys_page_debug\>/get_phys_addr_debug/g' $(git grep -l get_phys_page_debug)
 sed -i -e 's/_cpu_get_phys_page_attrs_debug/_cpu_get_phys_addr_attrs_debug/g;s/\<get_phys_page_attrs_debug\>/get_phys_addr_attrs_debug/g' $(git grep -l get_phys_page_attrs_debug)

which catches all references to the method name itself plus
the functions which each target uses as the method implementation,
but (deliberately) not the cpu_phys_get_page_debug() and
cpu_phys_get_page_attrs_debug() wrapper functions or their callers.
(We'll deal with those in the next commit.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260417173105.1648172-9-peter.maydell@linaro.org
---
 hw/core/cpu-system.c             |  6 +++---
 include/hw/core/sysemu-cpu-ops.h | 10 +++++-----
 target/alpha/cpu.c               |  2 +-
 target/alpha/cpu.h               |  2 +-
 target/alpha/helper.c            |  2 +-
 target/arm/cpu.c                 |  2 +-
 target/arm/cpu.h                 |  2 +-
 target/arm/ptw.c                 |  2 +-
 target/avr/cpu.c                 |  2 +-
 target/avr/cpu.h                 |  2 +-
 target/avr/helper.c              |  2 +-
 target/hppa/cpu.c                |  2 +-
 target/hppa/cpu.h                |  2 +-
 target/hppa/mem_helper.c         |  2 +-
 target/i386/cpu.c                |  2 +-
 target/i386/cpu.h                |  2 +-
 target/i386/helper.c             |  2 +-
 target/i386/whpx/whpx-all.c      |  2 +-
 target/loongarch/cpu-mmu.h       |  2 +-
 target/loongarch/cpu.c           |  2 +-
 target/loongarch/cpu_helper.c    |  2 +-
 target/m68k/cpu.c                |  2 +-
 target/m68k/cpu.h                |  2 +-
 target/m68k/helper.c             |  2 +-
 target/microblaze/cpu.c          |  2 +-
 target/microblaze/cpu.h          |  2 +-
 target/microblaze/helper.c       |  2 +-
 target/mips/cpu.c                |  2 +-
 target/mips/internal.h           |  2 +-
 target/mips/system/physaddr.c    |  2 +-
 target/or1k/cpu.c                |  2 +-
 target/or1k/cpu.h                |  2 +-
 target/or1k/mmu.c                |  2 +-
 target/ppc/cpu.h                 |  2 +-
 target/ppc/cpu_init.c            |  2 +-
 target/ppc/mmu-hash32.c          |  2 +-
 target/ppc/mmu_common.c          |  2 +-
 target/riscv/cpu.c               |  2 +-
 target/riscv/cpu.h               |  2 +-
 target/riscv/cpu_helper.c        |  2 +-
 target/rx/cpu.c                  |  2 +-
 target/rx/cpu.h                  |  2 +-
 target/rx/helper.c               |  2 +-
 target/s390x/cpu-system.c        |  2 +-
 target/sh4/cpu.c                 |  2 +-
 target/sh4/cpu.h                 |  2 +-
 target/sh4/helper.c              |  2 +-
 target/sparc/cpu.c               |  2 +-
 target/sparc/cpu.h               |  2 +-
 target/sparc/mmu_helper.c        |  2 +-
 target/tricore/cpu.c             |  2 +-
 target/tricore/cpu.h             |  2 +-
 target/tricore/helper.c          |  2 +-
 target/xtensa/cpu.c              |  2 +-
 target/xtensa/cpu.h              |  2 +-
 target/xtensa/mmu_helper.c       |  2 +-
 56 files changed, 62 insertions(+), 62 deletions(-)

diff --git a/hw/core/cpu-system.c b/hw/core/cpu-system.c
index 273b9b7c22..93dc861083 100644
--- a/hw/core/cpu-system.c
+++ b/hw/core/cpu-system.c
@@ -60,13 +60,13 @@ hwaddr cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr,
 {
     hwaddr paddr;
 
-    if (cpu->cc->sysemu_ops->get_phys_page_attrs_debug) {
-        paddr = cpu->cc->sysemu_ops->get_phys_page_attrs_debug(cpu, addr,
+    if (cpu->cc->sysemu_ops->get_phys_addr_attrs_debug) {
+        paddr = cpu->cc->sysemu_ops->get_phys_addr_attrs_debug(cpu, addr,
                                                                attrs);
     } else {
         /* Fallback for CPUs which don't implement the _attrs_ hook */
         *attrs = MEMTXATTRS_UNSPECIFIED;
-        paddr = cpu->cc->sysemu_ops->get_phys_page_debug(cpu, addr);
+        paddr = cpu->cc->sysemu_ops->get_phys_addr_debug(cpu, addr);
     }
     /* Indicate that this is a debug access. */
     attrs->debug = 1;
diff --git a/include/hw/core/sysemu-cpu-ops.h b/include/hw/core/sysemu-cpu-ops.h
index 7b2d2d2610..a4fc330bea 100644
--- a/include/hw/core/sysemu-cpu-ops.h
+++ b/include/hw/core/sysemu-cpu-ops.h
@@ -30,17 +30,17 @@ typedef struct SysemuCPUOps {
      */
     bool (*get_paging_enabled)(const CPUState *cpu);
     /**
-     * @get_phys_page_debug: Callback for obtaining a physical address.
+     * @get_phys_addr_debug: Callback for obtaining a physical address.
      */
-    hwaddr (*get_phys_page_debug)(CPUState *cpu, vaddr addr);
+    hwaddr (*get_phys_addr_debug)(CPUState *cpu, vaddr addr);
     /**
-     * @get_phys_page_attrs_debug: Callback for obtaining a physical address
+     * @get_phys_addr_attrs_debug: Callback for obtaining a physical address
      *       and the associated memory transaction attributes to use for the
      *       access.
      * CPUs which use memory transaction attributes should implement this
-     * instead of get_phys_page_debug.
+     * instead of get_phys_addr_debug.
      */
-    hwaddr (*get_phys_page_attrs_debug)(CPUState *cpu, vaddr addr,
+    hwaddr (*get_phys_addr_attrs_debug)(CPUState *cpu, vaddr addr,
                                         MemTxAttrs *attrs);
     /**
      * @asidx_from_attrs: Callback to return the CPU AddressSpace to use for
diff --git a/target/alpha/cpu.c b/target/alpha/cpu.c
index ff053043a3..0c35067b20 100644
--- a/target/alpha/cpu.c
+++ b/target/alpha/cpu.c
@@ -242,7 +242,7 @@ static void alpha_cpu_initfn(Object *obj)
 
 static const struct SysemuCPUOps alpha_sysemu_ops = {
     .has_work = alpha_cpu_has_work,
-    .get_phys_page_debug = alpha_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = alpha_cpu_get_phys_addr_debug,
 };
 #endif
 
diff --git a/target/alpha/cpu.h b/target/alpha/cpu.h
index b530cd0088..d6981a6419 100644
--- a/target/alpha/cpu.h
+++ b/target/alpha/cpu.h
@@ -283,7 +283,7 @@ extern const VMStateDescription vmstate_alpha_cpu;
 
 void alpha_cpu_do_interrupt(CPUState *cpu);
 bool alpha_cpu_exec_interrupt(CPUState *cpu, int int_req);
-hwaddr alpha_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr alpha_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 #endif /* !CONFIG_USER_ONLY */
 void alpha_cpu_dump_state(CPUState *cs, FILE *f, int flags);
 int alpha_cpu_gdb_read_register(CPUState *cpu, GByteArray *buf, int reg);
diff --git a/target/alpha/helper.c b/target/alpha/helper.c
index af6d7847d5..33fed0c746 100644
--- a/target/alpha/helper.c
+++ b/target/alpha/helper.c
@@ -295,7 +295,7 @@ static int get_physical_address(CPUAlphaState *env, vaddr addr,
     return ret;
 }
 
-hwaddr alpha_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr alpha_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     hwaddr phys;
     int prot, fail;
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 10feb639c4..9e6b4b1559 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -2436,7 +2436,7 @@ static vaddr aarch64_untagged_addr(CPUState *cs, vaddr x)
 
 static const struct SysemuCPUOps arm_sysemu_ops = {
     .has_work = arm_cpu_has_work,
-    .get_phys_page_attrs_debug = arm_cpu_get_phys_page_attrs_debug,
+    .get_phys_addr_attrs_debug = arm_cpu_get_phys_addr_attrs_debug,
     .asidx_from_attrs = arm_asidx_from_attrs,
     .write_elf32_note = arm_cpu_write_elf32_note,
     .write_elf64_note = arm_cpu_write_elf64_note,
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index be14a47c35..b1563a4d43 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1233,7 +1233,7 @@ extern const VMStateDescription vmstate_arm_cpu;
 void arm_cpu_do_interrupt(CPUState *cpu);
 void arm_v7m_cpu_do_interrupt(CPUState *cpu);
 
-hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr,
+hwaddr arm_cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
                                          MemTxAttrs *attrs);
 
 typedef struct ARMGranuleProtectionConfig {
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 7b993bb5b3..f5f624c7c3 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -3943,7 +3943,7 @@ static hwaddr arm_cpu_get_phys_page(CPUARMState *env, vaddr addr,
     return res.f.phys_addr;
 }
 
-hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
+hwaddr arm_cpu_get_phys_addr_attrs_debug(CPUState *cs, vaddr addr,
                                          MemTxAttrs *attrs)
 {
     ARMCPU *cpu = ARM_CPU(cs);
diff --git a/target/avr/cpu.c b/target/avr/cpu.c
index 8579a7283b..3591219212 100644
--- a/target/avr/cpu.c
+++ b/target/avr/cpu.c
@@ -233,7 +233,7 @@ static void avr_cpu_dump_state(CPUState *cs, FILE *f, int flags)
 
 static const struct SysemuCPUOps avr_sysemu_ops = {
     .has_work = avr_cpu_has_work,
-    .get_phys_page_debug = avr_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = avr_cpu_get_phys_addr_debug,
 };
 
 static const TCGCPUOps avr_tcg_ops = {
diff --git a/target/avr/cpu.h b/target/avr/cpu.h
index 518e243d81..7ebdc7b953 100644
--- a/target/avr/cpu.h
+++ b/target/avr/cpu.h
@@ -178,7 +178,7 @@ extern const struct VMStateDescription vms_avr_cpu;
 
 void avr_cpu_do_interrupt(CPUState *cpu);
 bool avr_cpu_exec_interrupt(CPUState *cpu, int int_req);
-hwaddr avr_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr avr_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 int avr_cpu_gdb_read_register(CPUState *cpu, GByteArray *buf, int reg);
 int avr_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
 int avr_print_insn(bfd_vma addr, disassemble_info *info);
diff --git a/target/avr/helper.c b/target/avr/helper.c
index 365c8c60e1..f3be8483b2 100644
--- a/target/avr/helper.c
+++ b/target/avr/helper.c
@@ -107,7 +107,7 @@ void avr_cpu_do_interrupt(CPUState *cs)
     qemu_plugin_vcpu_interrupt_cb(cs, ret);
 }
 
-hwaddr avr_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr avr_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     return addr; /* I assume 1:1 address correspondence */
 }
diff --git a/target/hppa/cpu.c b/target/hppa/cpu.c
index 92027d129a..6443122cf1 100644
--- a/target/hppa/cpu.c
+++ b/target/hppa/cpu.c
@@ -244,7 +244,7 @@ static ObjectClass *hppa_cpu_class_by_name(const char *cpu_model)
 
 static const struct SysemuCPUOps hppa_sysemu_ops = {
     .has_work = hppa_cpu_has_work,
-    .get_phys_page_debug = hppa_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = hppa_cpu_get_phys_addr_debug,
 };
 #endif
 
diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h
index 7d47afe8ef..8a859d27b0 100644
--- a/target/hppa/cpu.h
+++ b/target/hppa/cpu.h
@@ -389,7 +389,7 @@ int hppa_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
 void hppa_cpu_dump_state(CPUState *cs, FILE *f, int);
 #ifndef CONFIG_USER_ONLY
 void hppa_ptlbe(CPUHPPAState *env);
-hwaddr hppa_cpu_get_phys_page_debug(CPUState *cs, vaddr addr);
+hwaddr hppa_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr);
 void hppa_set_ior_and_isr(CPUHPPAState *env, vaddr addr, bool mmu_disabled);
 bool hppa_cpu_tlb_fill_align(CPUState *cs, CPUTLBEntryFull *out, vaddr addr,
                              MMUAccessType access_type, int mmu_idx,
diff --git a/target/hppa/mem_helper.c b/target/hppa/mem_helper.c
index ffbad8acfd..f507649226 100644
--- a/target/hppa/mem_helper.c
+++ b/target/hppa/mem_helper.c
@@ -345,7 +345,7 @@ int hppa_get_physical_address(CPUHPPAState *env, vaddr addr, int mmu_idx,
     return ret;
 }
 
-hwaddr hppa_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr hppa_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     HPPACPU *cpu = HPPA_CPU(cs);
     hwaddr phys;
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 9d126600c0..cbd064ebb8 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -10692,7 +10692,7 @@ static const struct SysemuCPUOps i386_sysemu_ops = {
     .has_work = x86_cpu_has_work,
     .get_memory_mapping = x86_cpu_get_memory_mapping,
     .get_paging_enabled = x86_cpu_get_paging_enabled,
-    .get_phys_page_attrs_debug = x86_cpu_get_phys_page_attrs_debug,
+    .get_phys_addr_attrs_debug = x86_cpu_get_phys_addr_attrs_debug,
     .asidx_from_attrs = x86_asidx_from_attrs,
     .get_crash_info = x86_cpu_get_crash_info,
     .write_elf32_note = x86_cpu_write_elf32_note,
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index a09d5de121..66bbb37cfc 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -2580,7 +2580,7 @@ int cpu_x86_support_mca_broadcast(CPUX86State *env);
 #ifndef CONFIG_USER_ONLY
 int x86_cpu_pending_interrupt(CPUState *cs, int interrupt_request);
 
-hwaddr x86_cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr,
+hwaddr x86_cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
                                          MemTxAttrs *attrs);
 int cpu_get_pic_interrupt(CPUX86State *s);
 
diff --git a/target/i386/helper.c b/target/i386/helper.c
index 108b02396d..8cc73f619a 100644
--- a/target/i386/helper.c
+++ b/target/i386/helper.c
@@ -252,7 +252,7 @@ void cpu_x86_update_cr4(CPUX86State *env, uint32_t new_cr4)
 }
 
 #if !defined(CONFIG_USER_ONLY)
-hwaddr x86_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
+hwaddr x86_cpu_get_phys_addr_attrs_debug(CPUState *cs, vaddr addr,
                                          MemTxAttrs *attrs)
 {
     X86CPU *cpu = X86_CPU(cs);
diff --git a/target/i386/whpx/whpx-all.c b/target/i386/whpx/whpx-all.c
index e56ae2b343..406ca0355c 100644
--- a/target/i386/whpx/whpx-all.c
+++ b/target/i386/whpx/whpx-all.c
@@ -238,7 +238,7 @@ struct whpx_register_set {
  *          e. Let the affected CPU run in the exclusive mode.
  *          f. Restore the original handler and the exception exit bitmap.
  *        Note that handling all corner cases related to IDT/GDT is harder
- *        than it may seem. See x86_cpu_get_phys_page_attrs_debug() for a
+ *        than it may seem. See x86_cpu_get_phys_addr_attrs_debug() for a
  *        rough idea.
  *
  *     3. In order to properly support guest-level debugging in parallel with
diff --git a/target/loongarch/cpu-mmu.h b/target/loongarch/cpu-mmu.h
index 3286accc14..2d7ebb2d72 100644
--- a/target/loongarch/cpu-mmu.h
+++ b/target/loongarch/cpu-mmu.h
@@ -97,7 +97,7 @@ TLBRet loongarch_ptw(CPULoongArchState *env, MMUContext *context,
                      int access_type, int mmu_idx, int debug);
 void get_dir_base_width(CPULoongArchState *env, uint64_t *dir_base,
                         uint64_t *dir_width, unsigned int level);
-hwaddr loongarch_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr loongarch_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 uint64_t loongarch_palen_mask(CPULoongArchState *env);
 
 #endif  /* LOONGARCH_CPU_MMU_H */
diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
index e22568c84a..43ba414ac5 100644
--- a/target/loongarch/cpu.c
+++ b/target/loongarch/cpu.c
@@ -832,7 +832,7 @@ static void loongarch_cpu_dump_state(CPUState *cs, FILE *f, int flags)
 static const struct SysemuCPUOps loongarch_sysemu_ops = {
     .has_work = loongarch_cpu_has_work,
     .write_elf64_note = loongarch_cpu_write_elf64_note,
-    .get_phys_page_debug = loongarch_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = loongarch_cpu_get_phys_addr_debug,
 };
 
 static int64_t loongarch_cpu_get_arch_id(CPUState *cs)
diff --git a/target/loongarch/cpu_helper.c b/target/loongarch/cpu_helper.c
index 6044168766..181b931130 100644
--- a/target/loongarch/cpu_helper.c
+++ b/target/loongarch/cpu_helper.c
@@ -354,7 +354,7 @@ TLBRet get_physical_address(CPULoongArchState *env, MMUContext *context,
     return loongarch_map_address(env, context, access_type, mmu_idx, is_debug);
 }
 
-hwaddr loongarch_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr loongarch_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     CPULoongArchState *env = cpu_env(cs);
     MMUContext context;
diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c
index d849a4a90f..425efdf7cc 100644
--- a/target/m68k/cpu.c
+++ b/target/m68k/cpu.c
@@ -606,7 +606,7 @@ static const VMStateDescription vmstate_m68k_cpu = {
 
 static const struct SysemuCPUOps m68k_sysemu_ops = {
     .has_work = m68k_cpu_has_work,
-    .get_phys_page_debug = m68k_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = m68k_cpu_get_phys_addr_debug,
 };
 #endif /* !CONFIG_USER_ONLY */
 
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 7911ab9de3..b181d5f981 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -186,7 +186,7 @@ struct M68kCPUClass {
 #ifndef CONFIG_USER_ONLY
 void m68k_cpu_do_interrupt(CPUState *cpu);
 bool m68k_cpu_exec_interrupt(CPUState *cpu, int int_req);
-hwaddr m68k_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr m68k_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 #endif /* !CONFIG_USER_ONLY */
 void m68k_cpu_dump_state(CPUState *cpu, FILE *f, int flags);
 int m68k_cpu_gdb_read_register(CPUState *cpu, GByteArray *buf, int reg);
diff --git a/target/m68k/helper.c b/target/m68k/helper.c
index 9bab184389..2dd9ec1bdc 100644
--- a/target/m68k/helper.c
+++ b/target/m68k/helper.c
@@ -907,7 +907,7 @@ txfail:
     return -1;
 }
 
-hwaddr m68k_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr m68k_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     CPUM68KState *env = cpu_env(cs);
     hwaddr phys_addr;
diff --git a/target/microblaze/cpu.c b/target/microblaze/cpu.c
index ec513ae82d..20fffccb60 100644
--- a/target/microblaze/cpu.c
+++ b/target/microblaze/cpu.c
@@ -428,7 +428,7 @@ static ObjectClass *mb_cpu_class_by_name(const char *cpu_model)
 
 static const struct SysemuCPUOps mb_sysemu_ops = {
     .has_work = mb_cpu_has_work,
-    .get_phys_page_attrs_debug = mb_cpu_get_phys_page_attrs_debug,
+    .get_phys_addr_attrs_debug = mb_cpu_get_phys_addr_attrs_debug,
 };
 #endif
 
diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h
index 5a856edaaa..9f342ef618 100644
--- a/target/microblaze/cpu.h
+++ b/target/microblaze/cpu.h
@@ -370,7 +370,7 @@ struct MicroBlazeCPUClass {
 #ifndef CONFIG_USER_ONLY
 void mb_cpu_do_interrupt(CPUState *cs);
 bool mb_cpu_exec_interrupt(CPUState *cs, int int_req);
-hwaddr mb_cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr,
+hwaddr mb_cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
                                         MemTxAttrs *attrs);
 #endif /* !CONFIG_USER_ONLY */
 G_NORETURN void mb_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
diff --git a/target/microblaze/helper.c b/target/microblaze/helper.c
index da8abe063e..f81c4f625b 100644
--- a/target/microblaze/helper.c
+++ b/target/microblaze/helper.c
@@ -280,7 +280,7 @@ void mb_cpu_do_interrupt(CPUState *cs)
     }
 }
 
-hwaddr mb_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
+hwaddr mb_cpu_get_phys_addr_attrs_debug(CPUState *cs, vaddr addr,
                                         MemTxAttrs *attrs)
 {
     MicroBlazeCPU *cpu = MICROBLAZE_CPU(cs);
diff --git a/target/mips/cpu.c b/target/mips/cpu.c
index 5f88c077db..6ef18105b9 100644
--- a/target/mips/cpu.c
+++ b/target/mips/cpu.c
@@ -535,7 +535,7 @@ static ObjectClass *mips_cpu_class_by_name(const char *cpu_model)
 
 static const struct SysemuCPUOps mips_sysemu_ops = {
     .has_work = mips_cpu_has_work,
-    .get_phys_page_debug = mips_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = mips_cpu_get_phys_addr_debug,
     .legacy_vmsd = &vmstate_mips_cpu,
 };
 #endif
diff --git a/target/mips/internal.h b/target/mips/internal.h
index 28eb28936b..24bfa1903c 100644
--- a/target/mips/internal.h
+++ b/target/mips/internal.h
@@ -115,7 +115,7 @@ enum {
 int get_physical_address(CPUMIPSState *env, hwaddr *physical,
                          int *prot, target_ulong real_address,
                          MMUAccessType access_type, int mmu_idx);
-hwaddr mips_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr mips_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 
 typedef struct r4k_tlb_t r4k_tlb_t;
 struct r4k_tlb_t {
diff --git a/target/mips/system/physaddr.c b/target/mips/system/physaddr.c
index b8e1a5ac98..fbbbcf6e00 100644
--- a/target/mips/system/physaddr.c
+++ b/target/mips/system/physaddr.c
@@ -228,7 +228,7 @@ int get_physical_address(CPUMIPSState *env, hwaddr *physical,
     return ret;
 }
 
-hwaddr mips_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr mips_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     CPUMIPSState *env = cpu_env(cs);
     hwaddr phys_addr;
diff --git a/target/or1k/cpu.c b/target/or1k/cpu.c
index 3d1c22bf75..ea29b2e01f 100644
--- a/target/or1k/cpu.c
+++ b/target/or1k/cpu.c
@@ -247,7 +247,7 @@ static void openrisc_any_initfn(Object *obj)
 
 static const struct SysemuCPUOps openrisc_sysemu_ops = {
     .has_work = openrisc_cpu_has_work,
-    .get_phys_page_debug = openrisc_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = openrisc_cpu_get_phys_addr_debug,
 };
 #endif
 
diff --git a/target/or1k/cpu.h b/target/or1k/cpu.h
index c8e2827930..8f20b9a122 100644
--- a/target/or1k/cpu.h
+++ b/target/or1k/cpu.h
@@ -297,7 +297,7 @@ void openrisc_translate_code(CPUState *cs, TranslationBlock *tb,
 int print_insn_or1k(bfd_vma addr, disassemble_info *info);
 
 #ifndef CONFIG_USER_ONLY
-hwaddr openrisc_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr openrisc_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 
 bool openrisc_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
                            MMUAccessType access_type, int mmu_idx,
diff --git a/target/or1k/mmu.c b/target/or1k/mmu.c
index 315debaf3e..3ff288a1f9 100644
--- a/target/or1k/mmu.c
+++ b/target/or1k/mmu.c
@@ -138,7 +138,7 @@ bool openrisc_cpu_tlb_fill(CPUState *cs, vaddr addr, int size,
     cpu_loop_exit_restore(cs, retaddr);
 }
 
-hwaddr openrisc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr openrisc_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     OpenRISCCPU *cpu = OPENRISC_CPU(cs);
     int prot, excp, sr = cpu->env.sr;
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index d637a50798..24a53ee2e1 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1639,7 +1639,7 @@ void ppc_cpu_dump_state(CPUState *cpu, FILE *f, int flags);
 int ppc_cpu_gdb_read_register(CPUState *cpu, GByteArray *buf, int reg);
 int ppc_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
 #ifndef CONFIG_USER_ONLY
-hwaddr ppc_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr ppc_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 #endif
 int ppc64_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs,
                                int cpuid, DumpState *s);
diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index 191f5726f6..d25f69f13b 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -7477,7 +7477,7 @@ static void ppc_disas_set_info(const CPUState *cs, disassemble_info *info)
 
 static const struct SysemuCPUOps ppc_sysemu_ops = {
     .has_work = ppc_cpu_has_work,
-    .get_phys_page_debug = ppc_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = ppc_cpu_get_phys_addr_debug,
     .write_elf32_note = ppc32_cpu_write_elf32_note,
     .write_elf64_note = ppc64_cpu_write_elf64_note,
     .internal_is_big_endian = ppc_cpu_is_big_endian,
diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
index 8b980a5aa9..43d581cadf 100644
--- a/target/ppc/mmu-hash32.c
+++ b/target/ppc/mmu-hash32.c
@@ -131,7 +131,7 @@ static bool ppc_hash32_direct_store(PowerPCCPU *cpu, target_ulong sr,
     }
 
     /*
-     * From ppc_cpu_get_phys_page_debug, env->access_type is not set.
+     * From ppc_cpu_get_phys_addr_debug, env->access_type is not set.
      * Assume ACCESS_INT for that case.
      */
     switch (guest_visible ? env->access_type : ACCESS_INT) {
diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index a1345df716..2499e619f8 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -848,7 +848,7 @@ bool ppc_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
     }
 }
 
-hwaddr ppc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr ppc_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     PowerPCCPU *cpu = POWERPC_CPU(cs);
     hwaddr raddr;
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 8ac935ac06..e5d8592ef2 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -2717,7 +2717,7 @@ static int64_t riscv_get_arch_id(CPUState *cs)
 
 static const struct SysemuCPUOps riscv_sysemu_ops = {
     .has_work = riscv_cpu_has_work,
-    .get_phys_page_debug = riscv_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = riscv_cpu_get_phys_addr_debug,
     .write_elf64_note = riscv_cpu_write_elf64_note,
     .write_elf32_note = riscv_cpu_write_elf32_note,
     .legacy_vmsd = &vmstate_riscv_cpu,
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 35d1f6362c..111afe19d1 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -629,7 +629,7 @@ void riscv_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
                                      MMUAccessType access_type,
                                      int mmu_idx, MemTxAttrs attrs,
                                      MemTxResult response, uintptr_t retaddr);
-hwaddr riscv_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr riscv_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 bool riscv_cpu_exec_interrupt(CPUState *cs, int interrupt_request);
 void riscv_cpu_swap_hypervisor_regs(CPURISCVState *env);
 int riscv_cpu_claim_interrupts(RISCVCPU *cpu, uint64_t interrupts);
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 475e9cfd57..584a3928a4 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -1657,7 +1657,7 @@ static void raise_mmu_exception(CPURISCVState *env, target_ulong address,
     env->two_stage_indirect_lookup = two_stage_indirect;
 }
 
-hwaddr riscv_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr riscv_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     RISCVCPU *cpu = RISCV_CPU(cs);
     CPURISCVState *env = &cpu->env;
diff --git a/target/rx/cpu.c b/target/rx/cpu.c
index b5284199e6..20b188c24c 100644
--- a/target/rx/cpu.c
+++ b/target/rx/cpu.c
@@ -209,7 +209,7 @@ static void rx_cpu_init(Object *obj)
 
 static const struct SysemuCPUOps rx_sysemu_ops = {
     .has_work = rx_cpu_has_work,
-    .get_phys_page_debug = rx_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = rx_cpu_get_phys_addr_debug,
 };
 
 static const TCGCPUOps rx_tcg_ops = {
diff --git a/target/rx/cpu.h b/target/rx/cpu.h
index b3b1ecff5a..328521791b 100644
--- a/target/rx/cpu.h
+++ b/target/rx/cpu.h
@@ -137,7 +137,7 @@ struct RXCPUClass {
 const char *rx_crname(uint8_t cr);
 void rx_cpu_do_interrupt(CPUState *cpu);
 bool rx_cpu_exec_interrupt(CPUState *cpu, int int_req);
-hwaddr rx_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr rx_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 void rx_cpu_dump_state(CPUState *cpu, FILE *f, int flags);
 int rx_cpu_gdb_read_register(CPUState *cpu, GByteArray *buf, int reg);
 int rx_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
diff --git a/target/rx/helper.c b/target/rx/helper.c
index daaeeec1b5..0f99279bba 100644
--- a/target/rx/helper.c
+++ b/target/rx/helper.c
@@ -147,7 +147,7 @@ bool rx_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
     return false;
 }
 
-hwaddr rx_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr rx_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     return addr;
 }
diff --git a/target/s390x/cpu-system.c b/target/s390x/cpu-system.c
index c133b0c262..1bd3721d10 100644
--- a/target/s390x/cpu-system.c
+++ b/target/s390x/cpu-system.c
@@ -176,7 +176,7 @@ void s390_cpu_finalize(Object *obj)
 
 static const struct SysemuCPUOps s390_sysemu_ops = {
     .has_work = s390_cpu_has_work,
-    .get_phys_page_debug = s390_cpu_get_phys_addr_debug,
+    .get_phys_addr_debug = s390_cpu_get_phys_addr_debug,
     .get_crash_info = s390_cpu_get_crash_info,
     .write_elf64_note = s390_cpu_write_elf64_note,
     .legacy_vmsd = &vmstate_s390_cpu,
diff --git a/target/sh4/cpu.c b/target/sh4/cpu.c
index e2bde45761..40d5fde76d 100644
--- a/target/sh4/cpu.c
+++ b/target/sh4/cpu.c
@@ -278,7 +278,7 @@ static const VMStateDescription vmstate_sh_cpu = {
 
 static const struct SysemuCPUOps sh4_sysemu_ops = {
     .has_work = superh_cpu_has_work,
-    .get_phys_page_debug = superh_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = superh_cpu_get_phys_addr_debug,
 };
 #endif
 
diff --git a/target/sh4/cpu.h b/target/sh4/cpu.h
index b0759010c4..3743452190 100644
--- a/target/sh4/cpu.h
+++ b/target/sh4/cpu.h
@@ -252,7 +252,7 @@ void sh4_translate_code(CPUState *cs, TranslationBlock *tb,
                         int *max_insns, vaddr pc, void *host_pc);
 
 #if !defined(CONFIG_USER_ONLY)
-hwaddr superh_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr superh_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 bool superh_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
                          MMUAccessType access_type, int mmu_idx,
                          bool probe, uintptr_t retaddr);
diff --git a/target/sh4/helper.c b/target/sh4/helper.c
index 5d6295618f..b3ec7ce64d 100644
--- a/target/sh4/helper.c
+++ b/target/sh4/helper.c
@@ -435,7 +435,7 @@ static int get_physical_address(CPUSH4State *env, hwaddr* physical,
     return get_mmu_address(env, physical, prot, address, access_type);
 }
 
-hwaddr superh_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr superh_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     hwaddr physical;
     int prot;
diff --git a/target/sparc/cpu.c b/target/sparc/cpu.c
index 7704610428..d198f6ba19 100644
--- a/target/sparc/cpu.c
+++ b/target/sparc/cpu.c
@@ -997,7 +997,7 @@ static const Property sparc_cpu_properties[] = {
 
 static const struct SysemuCPUOps sparc_sysemu_ops = {
     .has_work = sparc_cpu_has_work,
-    .get_phys_page_debug = sparc_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = sparc_cpu_get_phys_addr_debug,
     .legacy_vmsd = &vmstate_sparc_cpu,
 };
 #endif
diff --git a/target/sparc/cpu.h b/target/sparc/cpu.h
index 0139732e4c..307b98b76c 100644
--- a/target/sparc/cpu.h
+++ b/target/sparc/cpu.h
@@ -580,7 +580,7 @@ struct SPARCCPUClass {
 #ifndef CONFIG_USER_ONLY
 extern const VMStateDescription vmstate_sparc_cpu;
 
-hwaddr sparc_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr sparc_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 #endif
 
 void sparc_cpu_do_interrupt(CPUState *cpu);
diff --git a/target/sparc/mmu_helper.c b/target/sparc/mmu_helper.c
index 25f8a85fae..34b212a7aa 100644
--- a/target/sparc/mmu_helper.c
+++ b/target/sparc/mmu_helper.c
@@ -902,7 +902,7 @@ hwaddr cpu_get_phys_page_nofault(CPUSPARCState *env, target_ulong addr,
 }
 #endif
 
-hwaddr sparc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr sparc_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     CPUSPARCState *env = cpu_env(cs);
     hwaddr phys_addr;
diff --git a/target/tricore/cpu.c b/target/tricore/cpu.c
index 04319e107b..472c24ae32 100644
--- a/target/tricore/cpu.c
+++ b/target/tricore/cpu.c
@@ -176,7 +176,7 @@ static bool tricore_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
 
 static const struct SysemuCPUOps tricore_sysemu_ops = {
     .has_work = tricore_cpu_has_work,
-    .get_phys_page_debug = tricore_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = tricore_cpu_get_phys_addr_debug,
 };
 
 static const TCGCPUOps tricore_tcg_ops = {
diff --git a/target/tricore/cpu.h b/target/tricore/cpu.h
index ab46192e26..56241b491f 100644
--- a/target/tricore/cpu.h
+++ b/target/tricore/cpu.h
@@ -80,7 +80,7 @@ struct TriCoreCPUClass {
     ResettablePhases parent_phases;
 };
 
-hwaddr tricore_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr tricore_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 void tricore_cpu_dump_state(CPUState *cpu, FILE *f, int flags);
 
 FIELD(PCXI, PCPN_13, 24, 8)
diff --git a/target/tricore/helper.c b/target/tricore/helper.c
index 7ee8c7fd69..ce1693622b 100644
--- a/target/tricore/helper.c
+++ b/target/tricore/helper.c
@@ -46,7 +46,7 @@ static int get_physical_address(CPUTriCoreState *env, hwaddr *physical,
     return ret;
 }
 
-hwaddr tricore_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr tricore_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     TriCoreCPU *cpu = TRICORE_CPU(cs);
     hwaddr phys_addr;
diff --git a/target/xtensa/cpu.c b/target/xtensa/cpu.c
index eebf40559b..8a22f1a08e 100644
--- a/target/xtensa/cpu.c
+++ b/target/xtensa/cpu.c
@@ -303,7 +303,7 @@ static const VMStateDescription vmstate_xtensa_cpu = {
 
 static const struct SysemuCPUOps xtensa_sysemu_ops = {
     .has_work = xtensa_cpu_has_work,
-    .get_phys_page_debug = xtensa_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = xtensa_cpu_get_phys_addr_debug,
 };
 #endif
 
diff --git a/target/xtensa/cpu.h b/target/xtensa/cpu.h
index 2219292484..546a5e76a6 100644
--- a/target/xtensa/cpu.h
+++ b/target/xtensa/cpu.h
@@ -591,7 +591,7 @@ void xtensa_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr, vaddr addr,
                                       unsigned size, MMUAccessType access_type,
                                       int mmu_idx, MemTxAttrs attrs,
                                       MemTxResult response, uintptr_t retaddr);
-hwaddr xtensa_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr xtensa_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 bool xtensa_debug_check_breakpoint(CPUState *cs);
 #endif
 void xtensa_cpu_dump_state(CPUState *cpu, FILE *f, int flags);
diff --git a/target/xtensa/mmu_helper.c b/target/xtensa/mmu_helper.c
index 71330fc84b..a126f6b671 100644
--- a/target/xtensa/mmu_helper.c
+++ b/target/xtensa/mmu_helper.c
@@ -316,7 +316,7 @@ static void xtensa_tlb_set_entry(CPUXtensaState *env, bool dtlb,
     }
 }
 
-hwaddr xtensa_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr xtensa_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     XtensaCPU *cpu = XTENSA_CPU(cs);
     uint32_t paddr;
-- 
2.43.0

[PATCH v2 10/25] target: Rename cpu_get_phys_page_{,attrs_}debug

[Peter Maydell]

Rename cpu_phys_page_debug() and cpu_phys_page_attrs_debug() to
cpu_phys_addr_debug() and cpu_phys_addr_attrs_debug().

Commit created with:
 sed -i -e 's/cpu_get_phys_page_debug/cpu_get_phys_addr_debug/g;s/cpu_get_phys_page_attrs_debug/cpu_get_phys_addr_attrs_debug/g' $(git grep -l cpu_get_phys_page)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260417173105.1648172-10-peter.maydell@linaro.org
---
 hw/core/cpu-system.c        | 6 +++---
 hw/i386/vapic.c             | 4 ++--
 hw/xtensa/sim.c             | 2 +-
 hw/xtensa/xtfpga.c          | 2 +-
 include/hw/core/cpu.h       | 8 ++++----
 monitor/hmp-cmds.c          | 2 +-
 plugins/api.c               | 2 +-
 system/physmem.c            | 2 +-
 target/sparc/mmu_helper.c   | 6 +++---
 target/xtensa/xtensa-semi.c | 2 +-
 10 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/hw/core/cpu-system.c b/hw/core/cpu-system.c
index 93dc861083..05c126ecb6 100644
--- a/hw/core/cpu-system.c
+++ b/hw/core/cpu-system.c
@@ -55,7 +55,7 @@ bool cpu_get_memory_mapping(CPUState *cpu, MemoryMappingList *list,
     return false;
 }
 
-hwaddr cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr,
+hwaddr cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
                                      MemTxAttrs *attrs)
 {
     hwaddr paddr;
@@ -73,11 +73,11 @@ hwaddr cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr,
     return paddr;
 }
 
-hwaddr cpu_get_phys_page_debug(CPUState *cpu, vaddr addr)
+hwaddr cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr)
 {
     MemTxAttrs attrs = {};
 
-    return cpu_get_phys_page_attrs_debug(cpu, addr, &attrs);
+    return cpu_get_phys_addr_attrs_debug(cpu, addr, &attrs);
 }
 
 int cpu_asidx_from_attrs(CPUState *cpu, MemTxAttrs attrs)
diff --git a/hw/i386/vapic.c b/hw/i386/vapic.c
index 3738031a05..225f19a75c 100644
--- a/hw/i386/vapic.c
+++ b/hw/i386/vapic.c
@@ -173,7 +173,7 @@ static int find_real_tpr_addr(VAPICROMState *s, CPUX86State *env)
      * virtual address space for the APIC mapping.
      */
     for (addr = 0xfffff000; addr >= 0x80000000; addr -= TARGET_PAGE_SIZE) {
-        paddr = cpu_get_phys_page_debug(cs, addr);
+        paddr = cpu_get_phys_addr_debug(cs, addr);
         if (paddr != APIC_DEFAULT_ADDRESS) {
             continue;
         }
@@ -305,7 +305,7 @@ static int update_rom_mapping(VAPICROMState *s, CPUX86State *env, target_ulong i
 
     /* find out virtual address of the ROM */
     rom_state_vaddr = s->rom_state_paddr + (ip & 0xf0000000);
-    paddr = cpu_get_phys_page_debug(cs, rom_state_vaddr);
+    paddr = cpu_get_phys_addr_debug(cs, rom_state_vaddr);
     if (paddr == -1) {
         return -1;
     }
diff --git a/hw/xtensa/sim.c b/hw/xtensa/sim.c
index 994460d041..32eb16442f 100644
--- a/hw/xtensa/sim.c
+++ b/hw/xtensa/sim.c
@@ -41,7 +41,7 @@ static uint64_t translate_phys_addr(void *opaque, uint64_t addr)
 {
     XtensaCPU *cpu = opaque;
 
-    return cpu_get_phys_page_debug(CPU(cpu), addr);
+    return cpu_get_phys_addr_debug(CPU(cpu), addr);
 }
 
 static void sim_reset(void *opaque)
diff --git a/hw/xtensa/xtfpga.c b/hw/xtensa/xtfpga.c
index 5e509216df..256497e162 100644
--- a/hw/xtensa/xtfpga.c
+++ b/hw/xtensa/xtfpga.c
@@ -192,7 +192,7 @@ static uint64_t translate_phys_addr(void *opaque, uint64_t addr)
 {
     XtensaCPU *cpu = opaque;
 
-    return cpu_get_phys_page_debug(CPU(cpu), addr);
+    return cpu_get_phys_addr_debug(CPU(cpu), addr);
 }
 
 static void xtfpga_reset(void *opaque)
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 207a7a1bec..9d6b4fd697 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -745,7 +745,7 @@ enum CPUDumpFlags {
 void cpu_dump_state(CPUState *cpu, FILE *f, int flags);
 
 /**
- * cpu_get_phys_page_attrs_debug:
+ * cpu_get_phys_addr_attrs_debug:
  * @cpu: The CPU to obtain the physical page address for.
  * @addr: The virtual address.
  * @attrs: Updated on return with the memory transaction attributes to use
@@ -757,11 +757,11 @@ void cpu_dump_state(CPUState *cpu, FILE *f, int flags);
  *
  * Returns: Corresponding physical page address or -1 if no page found.
  */
-hwaddr cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr,
+hwaddr cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
                                      MemTxAttrs *attrs);
 
 /**
- * cpu_get_phys_page_debug:
+ * cpu_get_phys_addr_debug:
  * @cpu: The CPU to obtain the physical page address for.
  * @addr: The virtual address.
  *
@@ -770,7 +770,7 @@ hwaddr cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr,
  *
  * Returns: Corresponding physical page address or -1 if no page found.
  */
-hwaddr cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 
 /** cpu_asidx_from_attrs:
  * @cpu: CPU
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
index bc26b39d70..e6d8322bcc 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -720,7 +720,7 @@ void hmp_gva2gpa(Monitor *mon, const QDict *qdict)
         return;
     }
 
-    gpa  = cpu_get_phys_page_debug(cs, addr & TARGET_PAGE_MASK);
+    gpa  = cpu_get_phys_addr_debug(cs, addr & TARGET_PAGE_MASK);
     if (gpa == -1) {
         monitor_printf(mon, "Unmapped\n");
     } else {
diff --git a/plugins/api.c b/plugins/api.c
index 0c348a789b..4b6fad4999 100644
--- a/plugins/api.c
+++ b/plugins/api.c
@@ -619,7 +619,7 @@ bool qemu_plugin_translate_vaddr(uint64_t vaddr, uint64_t *hwaddr)
 #ifdef CONFIG_SOFTMMU
     g_assert(current_cpu);
 
-    uint64_t res = cpu_get_phys_page_debug(current_cpu, vaddr);
+    uint64_t res = cpu_get_phys_addr_debug(current_cpu, vaddr);
 
     if (res == (uint64_t)-1) {
         return false;
diff --git a/system/physmem.c b/system/physmem.c
index c58d940e80..652b03ad5f 100644
--- a/system/physmem.c
+++ b/system/physmem.c
@@ -4041,7 +4041,7 @@ int cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
         MemTxResult res;
 
         page = addr & TARGET_PAGE_MASK;
-        phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
+        phys_addr = cpu_get_phys_addr_attrs_debug(cpu, page, &attrs);
         asidx = cpu_asidx_from_attrs(cpu, attrs);
         /* if no physical page mapped, return an error */
         if (phys_addr == -1)
diff --git a/target/sparc/mmu_helper.c b/target/sparc/mmu_helper.c
index 34b212a7aa..e1abd520c4 100644
--- a/target/sparc/mmu_helper.c
+++ b/target/sparc/mmu_helper.c
@@ -366,20 +366,20 @@ void dump_mmu(CPUSPARCState *env)
     for (n = 0, va = 0; n < 256; n++, va += 16 * 1024 * 1024) {
         pde = mmu_probe(env, va, 2);
         if (pde) {
-            pa = cpu_get_phys_page_debug(cs, va);
+            pa = cpu_get_phys_addr_debug(cs, va);
             qemu_printf("VA: " TARGET_FMT_lx ", PA: " HWADDR_FMT_plx
                         " PDE: " TARGET_FMT_lx "\n", va, pa, pde);
             for (m = 0, va1 = va; m < 64; m++, va1 += 256 * 1024) {
                 pde = mmu_probe(env, va1, 1);
                 if (pde) {
-                    pa = cpu_get_phys_page_debug(cs, va1);
+                    pa = cpu_get_phys_addr_debug(cs, va1);
                     qemu_printf(" VA: " TARGET_FMT_lx ", PA: "
                                 HWADDR_FMT_plx " PDE: " TARGET_FMT_lx "\n",
                                 va1, pa, pde);
                     for (o = 0, va2 = va1; o < 64; o++, va2 += 4 * 1024) {
                         pde = mmu_probe(env, va2, 0);
                         if (pde) {
-                            pa = cpu_get_phys_page_debug(cs, va2);
+                            pa = cpu_get_phys_addr_debug(cs, va2);
                             qemu_printf("  VA: " TARGET_FMT_lx ", PA: "
                                         HWADDR_FMT_plx " PTE: "
                                         TARGET_FMT_lx "\n",
diff --git a/target/xtensa/xtensa-semi.c b/target/xtensa/xtensa-semi.c
index 28dfb29cbd..9a6a9c8b4e 100644
--- a/target/xtensa/xtensa-semi.c
+++ b/target/xtensa/xtensa-semi.c
@@ -215,7 +215,7 @@ void HELPER(simcall)(CPUXtensaState *env)
             uint32_t len_done = 0;
 
             while (len > 0) {
-                hwaddr paddr = cpu_get_phys_page_debug(cs, vaddr);
+                hwaddr paddr = cpu_get_phys_addr_debug(cs, vaddr);
                 uint32_t page_left =
                     TARGET_PAGE_SIZE - (vaddr & (TARGET_PAGE_SIZE - 1));
                 uint32_t io_sz = page_left < len ? page_left : len;
-- 
2.43.0

[PATCH v2 11/25] hw/core: Update docs for get_phys_addr_{attrs_, }debug

[Peter Maydell]

Update the documentation for the get_phys_addr_{attrs_,}debug methods
and wrapper functions to state that they can handle non-page aligned
addresses and will return the corresponding exact physaddr for them.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20260417173105.1648172-11-peter.maydell@linaro.org
---
 include/hw/core/cpu.h            | 16 +++++++++++-----
 include/hw/core/sysemu-cpu-ops.h |  4 ++++
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 9d6b4fd697..730876b7b8 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -746,15 +746,18 @@ void cpu_dump_state(CPUState *cpu, FILE *f, int flags);
 
 /**
  * cpu_get_phys_addr_attrs_debug:
- * @cpu: The CPU to obtain the physical page address for.
+ * @cpu: The CPU to use for the virtual-to-physical translation
  * @addr: The virtual address.
  * @attrs: Updated on return with the memory transaction attributes to use
  *         for this access.
  *
- * Obtains the physical page corresponding to a virtual one, together
+ * Obtains the physical address corresponding to a virtual one, together
  * with the corresponding memory transaction attributes to use for the access.
  * Use it only for debugging because no protection checks are done.
  *
+ * The address need not be page-aligned; the returned address will
+ * be the physical address corresponding to that virtual address.
+ *
  * Returns: Corresponding physical page address or -1 if no page found.
  */
 hwaddr cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
@@ -762,13 +765,16 @@ hwaddr cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
 
 /**
  * cpu_get_phys_addr_debug:
- * @cpu: The CPU to obtain the physical page address for.
+ * @cpu: The CPU to use for the virtual-to-physical translation
  * @addr: The virtual address.
  *
- * Obtains the physical page corresponding to a virtual one.
+ * Obtains the physical address corresponding to a virtual one.
  * Use it only for debugging because no protection checks are done.
  *
- * Returns: Corresponding physical page address or -1 if no page found.
+ * The address need not be page-aligned; the returned address will
+ * be the physical address corresponding to that virtual address.
+ *
+ * Returns: Corresponding physical address, or -1 if no page found.
  */
 hwaddr cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 
diff --git a/include/hw/core/sysemu-cpu-ops.h b/include/hw/core/sysemu-cpu-ops.h
index a4fc330bea..a87c55d922 100644
--- a/include/hw/core/sysemu-cpu-ops.h
+++ b/include/hw/core/sysemu-cpu-ops.h
@@ -31,6 +31,8 @@ typedef struct SysemuCPUOps {
     bool (*get_paging_enabled)(const CPUState *cpu);
     /**
      * @get_phys_addr_debug: Callback for obtaining a physical address.
+     * This must be able to handle a non-page-aligned address, and will
+     * return the physical address corresponding to that address.
      */
     hwaddr (*get_phys_addr_debug)(CPUState *cpu, vaddr addr);
     /**
@@ -39,6 +41,8 @@ typedef struct SysemuCPUOps {
      *       access.
      * CPUs which use memory transaction attributes should implement this
      * instead of get_phys_addr_debug.
+     * This must be able to handle a non-page-aligned address, and will
+     * return the physical address corresponding to that address.
      */
     hwaddr (*get_phys_addr_attrs_debug)(CPUState *cpu, vaddr addr,
                                         MemTxAttrs *attrs);
-- 
2.43.0

[PATCH v2 12/25] target/arm: Rename arm_cpu_get_phys_page()

[Peter Maydell]

The internal helper function arm_cpu_get_phys_page() is named that
way because of its use in the get_phys_page_attrs_debug method.  Now
we've renamed the method, rename the helper to match, since it can
handle non-page-aligned addresses.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20260417173105.1648172-12-peter.maydell@linaro.org
---
 target/arm/ptw.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index f5f624c7c3..8be6f243e6 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -3922,7 +3922,7 @@ bool get_phys_addr(CPUARMState *env, vaddr address,
                              memop, result, fi);
 }
 
-static hwaddr arm_cpu_get_phys_page(CPUARMState *env, vaddr addr,
+static hwaddr arm_cpu_get_phys_addr(CPUARMState *env, vaddr addr,
                                     MemTxAttrs *attrs, ARMMMUIdx mmu_idx)
 {
     S1Translate ptw = {
@@ -3950,7 +3950,7 @@ hwaddr arm_cpu_get_phys_addr_attrs_debug(CPUState *cs, vaddr addr,
     CPUARMState *env = &cpu->env;
     ARMMMUIdx mmu_idx = arm_mmu_idx(env);
 
-    hwaddr res = arm_cpu_get_phys_page(env, addr, attrs, mmu_idx);
+    hwaddr res = arm_cpu_get_phys_addr(env, addr, attrs, mmu_idx);
 
     if (res != -1) {
         return res;
@@ -3964,10 +3964,10 @@ hwaddr arm_cpu_get_phys_addr_attrs_debug(CPUState *cs, vaddr addr,
     switch (mmu_idx) {
     case ARMMMUIdx_E10_1:
     case ARMMMUIdx_E10_1_PAN:
-        return arm_cpu_get_phys_page(env, addr, attrs, ARMMMUIdx_E10_0);
+        return arm_cpu_get_phys_addr(env, addr, attrs, ARMMMUIdx_E10_0);
     case ARMMMUIdx_E20_2:
     case ARMMMUIdx_E20_2_PAN:
-        return arm_cpu_get_phys_page(env, addr, attrs, ARMMMUIdx_E20_0);
+        return arm_cpu_get_phys_addr(env, addr, attrs, ARMMMUIdx_E20_0);
     default:
         return -1;
     }
-- 
2.43.0

[PATCH v2 13/25] monitor: hmp_gva2gpa: Don't page-align cpu_get_phys_addr_debug() arg and return

[Peter Maydell]

In hmp_gva2gpa() we currently have a workaround for not all implementations
of get_phys_addr_debug handling non-page-aligned addresses: we round the
input address from the user down to the target page boundary before the
call and then add the page offset back to the returned value.

Now that we guarantee that all implementations will return the correct
exact physaddr for a virtual address, we can drop this handling.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Dr. David Alan Gilbert <dave@treblig.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20260417173105.1648172-13-peter.maydell@linaro.org
---
 monitor/hmp-cmds.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
index e6d8322bcc..f8380bda58 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -720,12 +720,11 @@ void hmp_gva2gpa(Monitor *mon, const QDict *qdict)
         return;
     }
 
-    gpa  = cpu_get_phys_addr_debug(cs, addr & TARGET_PAGE_MASK);
+    gpa  = cpu_get_phys_addr_debug(cs, addr);
     if (gpa == -1) {
         monitor_printf(mon, "Unmapped\n");
     } else {
-        monitor_printf(mon, "gpa: 0x%" HWADDR_PRIx "\n",
-                       gpa + (addr & ~TARGET_PAGE_MASK));
+        monitor_printf(mon, "gpa: 0x%" HWADDR_PRIx "\n", gpa);
     }
 }
 
-- 
2.43.0

[PATCH v2 14/25] plugins/api.c: Trust cpu_get_phys_addr_debug() return address

[Peter Maydell]

In qemu_plugin_translate_vaddr() we have a workaround for not all
implementations of get_phys_addr_debug returning an exact physaddr
for the input virtual address: we OR back in the page offset to the
return value.

Now that we guarantee that get_phys_addr_debug returns the exact
physaddr for the input virtual address, we can drop this workaround.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260417173105.1648172-14-peter.maydell@linaro.org
---
 plugins/api.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/api.c b/plugins/api.c
index 4b6fad4999..c97cc68882 100644
--- a/plugins/api.c
+++ b/plugins/api.c
@@ -625,7 +625,7 @@ bool qemu_plugin_translate_vaddr(uint64_t vaddr, uint64_t *hwaddr)
         return false;
     }
 
-    *hwaddr = res | (vaddr & ~TARGET_PAGE_MASK);
+    *hwaddr = res;
 
     return true;
 #else
-- 
2.43.0

[PATCH v2 15/25] hw/core: Implement new cpu_translate_for_debug()

[Peter Maydell]

In cpu_memory_rw_debug() we need to do a virtual-to-physical address
translation for debug access.  Currently we assume that the
translation is valid for an entire guest page, but this may not be
true if the target implements some protection regions that have
sub-page granularity. (Currently the only such target is the Arm
CPUs when using an MPU, as in R-profile and M-profile.)

For TCG's emulated accesses, we handle sub-page granularity by the
CPU filling in the lg_page_size field of the CPUTLBEntryFull struct
to tell us how large the region covered by the result is.  But we
didn't extend this to the debug-access code path, with the result
that debug accesses might incorrectly fail because they are looking
at the mapping for the address rounded down to a page boundary.

Provide a cpu_translate_for_debug() function which reports to the
caller not just the physical address and attributes of the
translation but also the lg_page_size for which it is valid.  The
fallback implementation calls cpu_get_phys_addr_attrs_debug() and
assumes target-page-sized validity.

NB: the "return true on valid access, false on failure" follows
the same convention as TCGCPUOps::tlb_fill_align() (though it
is the opposite of what we use in some other places, e.g.
in target/arm's get_phys_addr_* functions).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20260417173105.1648172-15-peter.maydell@linaro.org
---
changes in v2: lg_page_size wants TARGET_PAGE_BITS, not TARGET_PAGE_SIZE
---
 hw/core/cpu-system.c             | 32 ++++++++++++++++++++++++++++++++
 include/hw/core/cpu.h            | 32 ++++++++++++++++++++++++++++++++
 include/hw/core/sysemu-cpu-ops.h | 27 +++++++++++++++++++++++++--
 3 files changed, 89 insertions(+), 2 deletions(-)

diff --git a/hw/core/cpu-system.c b/hw/core/cpu-system.c
index 05c126ecb6..252e90c8fd 100644
--- a/hw/core/cpu-system.c
+++ b/hw/core/cpu-system.c
@@ -22,6 +22,7 @@
 #include "qapi/error.h"
 #include "system/address-spaces.h"
 #include "exec/cputlb.h"
+#include "exec/target_page.h"
 #include "system/memory.h"
 #include "qemu/target-info.h"
 #include "hw/core/qdev.h"
@@ -55,6 +56,37 @@ bool cpu_get_memory_mapping(CPUState *cpu, MemoryMappingList *list,
     return false;
 }
 
+bool cpu_translate_for_debug(CPUState *cpu, vaddr addr,
+                             TranslateForDebugResult *result)
+{
+    if (cpu->cc->sysemu_ops->translate_for_debug) {
+        return cpu->cc->sysemu_ops->translate_for_debug(cpu, addr, result);
+    } else {
+        /* Fallbacks for CPUs which don't implement translate_for_debug */
+        if (cpu->cc->sysemu_ops->get_phys_addr_attrs_debug) {
+            result->physaddr =
+                cpu->cc->sysemu_ops->get_phys_addr_attrs_debug(cpu, addr,
+                                                               &result->attrs);
+        } else {
+            result->physaddr
+                = cpu->cc->sysemu_ops->get_phys_addr_debug(cpu, addr);
+            result->attrs = MEMTXATTRS_UNSPECIFIED;
+        }
+        if (result->physaddr == -1) {
+            return false;
+        }
+        /* Indicate that this is a debug access. */
+        result->attrs.debug = 1;
+        /*
+         * Assume memory access permissions are valid for the whole page.
+         * Targets where this isn't true should implement the
+         * translate_for_debug method.
+         */
+        result->lg_page_size = TARGET_PAGE_BITS;
+        return true;
+    }
+}
+
 hwaddr cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
                                      MemTxAttrs *attrs)
 {
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 730876b7b8..6a6b78af31 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -778,6 +778,38 @@ hwaddr cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
  */
 hwaddr cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 
+/**
+ * TranslateForDebugResult: gives result of cpu_translate_for_debug()
+ *
+ * @physaddr: the physical address corresponding to the virtual address
+ * @attrs: the transaction attributes for this access
+ * @lg_page_size: log2 of the size of the aligned block of memory
+ * that this physaddr and attrs are valid for.
+ */
+typedef struct TranslateForDebugResult {
+    hwaddr physaddr;
+    MemTxAttrs attrs;
+    uint8_t lg_page_size;
+} TranslateForDebugResult;
+
+/**
+ * cpu_translate_for_debug:
+ * @cpu: The CPU use for the virtual-to-physical translation
+ * @addr: The virtual address
+ * @result: Struct filled in with results of translation
+ *
+ * Perform a virtual-to-physical address translation for debug accesses.
+ * Use it only for debugging because no protection checks are done.
+ *
+ * The address need not be page-aligned; the returned address in @result
+ * will be the physical address corresponding to that virtual address.
+ *
+ * Returns: false on translation failure; true on successful translation
+ * and fills in the fields of @result.
+ */
+bool cpu_translate_for_debug(CPUState *cpu, vaddr addr,
+                             TranslateForDebugResult *result);
+
 /** cpu_asidx_from_attrs:
  * @cpu: CPU
  * @attrs: memory transaction attributes
diff --git a/include/hw/core/sysemu-cpu-ops.h b/include/hw/core/sysemu-cpu-ops.h
index a87c55d922..8625ebb564 100644
--- a/include/hw/core/sysemu-cpu-ops.h
+++ b/include/hw/core/sysemu-cpu-ops.h
@@ -33,19 +33,42 @@ typedef struct SysemuCPUOps {
      * @get_phys_addr_debug: Callback for obtaining a physical address.
      * This must be able to handle a non-page-aligned address, and will
      * return the physical address corresponding to that address.
+     *
+     * CPUs should prefer to implement translate_for_debug instead of
+     * this (and must do so if their translations are not always valid
+     * for a complete target page or they use memory attributes).
      */
     hwaddr (*get_phys_addr_debug)(CPUState *cpu, vaddr addr);
     /**
      * @get_phys_addr_attrs_debug: Callback for obtaining a physical address
      *       and the associated memory transaction attributes to use for the
      *       access.
-     * CPUs which use memory transaction attributes should implement this
-     * instead of get_phys_addr_debug.
+     *
      * This must be able to handle a non-page-aligned address, and will
      * return the physical address corresponding to that address.
+     *
+     * CPUs should prefer to implement translate_for_debug instead of
+     * this (and must do so if their translations are not always valid
+     * for a complete target page).
      */
     hwaddr (*get_phys_addr_attrs_debug)(CPUState *cpu, vaddr addr,
                                         MemTxAttrs *attrs);
+    /**
+     * @translate_for_debug: Callback for translating a virtual address into
+     * a physical address for debug purposes.
+     * The implementation should fill in @result with the physical address,
+     * transaction attributes, and log2 of the size of the aligned block of
+     * memory that the translation is valid for.
+     * This must be able to handle a non-page-aligned address, and will
+     * return the physical address corresponding to that address.
+     * The attributes must include the debug flag being set.
+     * Returns false on translation failure; on success returns true and
+     * fills in @result.
+     *
+     * This is the preferred method to implement for new CPUs.
+     */
+    bool (*translate_for_debug)(CPUState *cpu, vaddr addr,
+                                TranslateForDebugResult *result);
     /**
      * @asidx_from_attrs: Callback to return the CPU AddressSpace to use for
      *       a memory access with the specified memory transaction attributes.
-- 
2.43.0

Re: [PATCH v2 15/25] hw/core: Implement new cpu_translate_for_debug()

[Richard Henderson]

On 4/30/26 19:38, Peter Maydell wrote:
> In cpu_memory_rw_debug() we need to do a virtual-to-physical address
> translation for debug access.  Currently we assume that the
> translation is valid for an entire guest page, but this may not be
> true if the target implements some protection regions that have
> sub-page granularity. (Currently the only such target is the Arm
> CPUs when using an MPU, as in R-profile and M-profile.)
> 
> For TCG's emulated accesses, we handle sub-page granularity by the
> CPU filling in the lg_page_size field of the CPUTLBEntryFull struct
> to tell us how large the region covered by the result is.  But we
> didn't extend this to the debug-access code path, with the result
> that debug accesses might incorrectly fail because they are looking
> at the mapping for the address rounded down to a page boundary.
> 
> Provide a cpu_translate_for_debug() function which reports to the
> caller not just the physical address and attributes of the
> translation but also the lg_page_size for which it is valid.  The
> fallback implementation calls cpu_get_phys_addr_attrs_debug() and
> assumes target-page-sized validity.
> 
> NB: the "return true on valid access, false on failure" follows
> the same convention asTCGCPUOps::tlb_fill_align() (though it
> is the opposite of what we use in some other places, e.g.
> in target/arm's get_phys_addr_* functions).
> 
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> Reviewed-by: Philippe Mathieu-Daudé<philmd@linaro.org>
> Message-id:20260417173105.1648172-15-peter.maydell@linaro.org
> ---
> changes in v2: lg_page_size wants TARGET_PAGE_BITS, not TARGET_PAGE_SIZE
> ---
>   hw/core/cpu-system.c             | 32 ++++++++++++++++++++++++++++++++
>   include/hw/core/cpu.h            | 32 ++++++++++++++++++++++++++++++++
>   include/hw/core/sysemu-cpu-ops.h | 27 +++++++++++++++++++++++++--
>   3 files changed, 89 insertions(+), 2 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

[PATCH v2 16/25] hw/core: Implement cpu_get_phys_addr_attrs_debug() with cpu_translate_for_debug()

[Peter Maydell]

Implement cpu_get_phys_addr_attrs_debug() with
cpu_translate_for_debug(), so that CPUs can implement only the
translate_for_debug method and have all of the wrapper functions
cpu_translate_for_debug(), cpu_get_phys_addr_attrs_debug() and
cpu_get_phys_addr_debug() work.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260417173105.1648172-16-peter.maydell@linaro.org
---
 hw/core/cpu-system.c | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/hw/core/cpu-system.c b/hw/core/cpu-system.c
index 252e90c8fd..954b81931d 100644
--- a/hw/core/cpu-system.c
+++ b/hw/core/cpu-system.c
@@ -90,19 +90,14 @@ bool cpu_translate_for_debug(CPUState *cpu, vaddr addr,
 hwaddr cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
                                      MemTxAttrs *attrs)
 {
-    hwaddr paddr;
+    TranslateForDebugResult result;
 
-    if (cpu->cc->sysemu_ops->get_phys_addr_attrs_debug) {
-        paddr = cpu->cc->sysemu_ops->get_phys_addr_attrs_debug(cpu, addr,
-                                                               attrs);
-    } else {
-        /* Fallback for CPUs which don't implement the _attrs_ hook */
-        *attrs = MEMTXATTRS_UNSPECIFIED;
-        paddr = cpu->cc->sysemu_ops->get_phys_addr_debug(cpu, addr);
+    if (!cpu_translate_for_debug(cpu, addr, &result)) {
+        return -1;
     }
-    /* Indicate that this is a debug access. */
-    attrs->debug = 1;
-    return paddr;
+
+    *attrs = result.attrs;
+    return result.physaddr;
 }
 
 hwaddr cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr)
-- 
2.43.0

Re: [PATCH v2 16/25] hw/core: Implement cpu_get_phys_addr_attrs_debug() with cpu_translate_for_debug()

[Philippe Mathieu-Daudé]

On 30/4/26 11:38, Peter Maydell wrote:
> Implement cpu_get_phys_addr_attrs_debug() with
> cpu_translate_for_debug(), so that CPUs can implement only the
> translate_for_debug method and have all of the wrapper functions
> cpu_translate_for_debug(), cpu_get_phys_addr_attrs_debug() and
> cpu_get_phys_addr_debug() work.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
> Message-id: 20260417173105.1648172-16-peter.maydell@linaro.org
> ---
>   hw/core/cpu-system.c | 17 ++++++-----------
>   1 file changed, 6 insertions(+), 11 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

[PATCH v2 17/25] target/arm: Implement translate_for_debug

[Peter Maydell]

Implement the translate_for_debug method instead of the
get_phys_addr_attrs_debug one.  This allows us to pass the caller the
lg_page_size from our internal GetPhysAddrResult struct.

Awkwardly, translate_for_debug's "true on success" convention
is the opposite of the one we use internally in ptw.c, so
we have to be careful about the sense of the return values.
This corresponds to the way that arm_cpu_tlb_fill_align()
also has to return true when get_phys_addr() returns false.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20260417173105.1648172-17-peter.maydell@linaro.org
---
v1->v2: use 'fault' for the bool variable, not 'ret'
---
 target/arm/cpu.c       |  2 +-
 target/arm/cpu.h       |  3 ---
 target/arm/internals.h |  4 ++++
 target/arm/ptw.c       | 39 +++++++++++++++++++++++----------------
 4 files changed, 28 insertions(+), 20 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 9e6b4b1559..eaa1805160 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -2436,7 +2436,7 @@ static vaddr aarch64_untagged_addr(CPUState *cs, vaddr x)
 
 static const struct SysemuCPUOps arm_sysemu_ops = {
     .has_work = arm_cpu_has_work,
-    .get_phys_addr_attrs_debug = arm_cpu_get_phys_addr_attrs_debug,
+    .translate_for_debug = arm_cpu_translate_for_debug,
     .asidx_from_attrs = arm_asidx_from_attrs,
     .write_elf32_note = arm_cpu_write_elf32_note,
     .write_elf64_note = arm_cpu_write_elf64_note,
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index b1563a4d43..6fd7c4bd30 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1233,9 +1233,6 @@ extern const VMStateDescription vmstate_arm_cpu;
 void arm_cpu_do_interrupt(CPUState *cpu);
 void arm_v7m_cpu_do_interrupt(CPUState *cpu);
 
-hwaddr arm_cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
-                                         MemTxAttrs *attrs);
-
 typedef struct ARMGranuleProtectionConfig {
     /* GPCCR_EL3 */
     uint64_t gpccr;
diff --git a/target/arm/internals.h b/target/arm/internals.h
index a632584a4e..81b2973b20 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1540,6 +1540,10 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
 
 void arm_log_exception(CPUState *cs);
 
+/* Implementation of SysemuCPUOps::translate_for_debug */
+bool arm_cpu_translate_for_debug(CPUState *cs, vaddr addr,
+                                 TranslateForDebugResult *result);
+
 #endif /* !CONFIG_USER_ONLY */
 
 /*
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 8be6f243e6..cc7f78c329 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -3922,8 +3922,9 @@ bool get_phys_addr(CPUARMState *env, vaddr address,
                              memop, result, fi);
 }
 
-static hwaddr arm_cpu_get_phys_addr(CPUARMState *env, vaddr addr,
-                                    MemTxAttrs *attrs, ARMMMUIdx mmu_idx)
+static bool arm_cpu_get_phys_addr(CPUARMState *env, vaddr addr,
+                                  TranslateForDebugResult *result,
+                                  ARMMMUIdx mmu_idx)
 {
     S1Translate ptw = {
         .in_mmu_idx = mmu_idx,
@@ -3934,26 +3935,31 @@ static hwaddr arm_cpu_get_phys_addr(CPUARMState *env, vaddr addr,
     };
     GetPhysAddrResult res = {};
     ARMMMUFaultInfo fi = {};
-    bool ret = get_phys_addr_gpc(env, &ptw, addr, MMU_DATA_LOAD, 0, &res, &fi);
-    *attrs = res.f.attrs;
+    bool fault = get_phys_addr_gpc(env, &ptw, addr, MMU_DATA_LOAD, 0, &res, &fi);
 
-    if (ret) {
-        return -1;
+    if (!fault) {
+        /* translation succeeded */
+        result->physaddr = res.f.phys_addr;
+        result->attrs = res.f.attrs;
+        result->lg_page_size = res.f.lg_page_size;
     }
-    return res.f.phys_addr;
+    return fault;
 }
 
-hwaddr arm_cpu_get_phys_addr_attrs_debug(CPUState *cs, vaddr addr,
-                                         MemTxAttrs *attrs)
+bool arm_cpu_translate_for_debug(CPUState *cs, vaddr addr,
+                                 TranslateForDebugResult *result)
 {
     ARMCPU *cpu = ARM_CPU(cs);
     CPUARMState *env = &cpu->env;
     ARMMMUIdx mmu_idx = arm_mmu_idx(env);
 
-    hwaddr res = arm_cpu_get_phys_addr(env, addr, attrs, mmu_idx);
-
-    if (res != -1) {
-        return res;
+    /*
+     * Note that this function returns true on translation success,
+     * but arm_cpu_get_phys_addr() and all the other get_phys_addr
+     * style functions in this file return true on failure.
+     */
+    if (!arm_cpu_get_phys_addr(env, addr, result, mmu_idx)) {
+        return true;
     }
 
     /*
@@ -3964,11 +3970,12 @@ hwaddr arm_cpu_get_phys_addr_attrs_debug(CPUState *cs, vaddr addr,
     switch (mmu_idx) {
     case ARMMMUIdx_E10_1:
     case ARMMMUIdx_E10_1_PAN:
-        return arm_cpu_get_phys_addr(env, addr, attrs, ARMMMUIdx_E10_0);
+        return !arm_cpu_get_phys_addr(env, addr, result, ARMMMUIdx_E10_0);
     case ARMMMUIdx_E20_2:
     case ARMMMUIdx_E20_2_PAN:
-        return arm_cpu_get_phys_addr(env, addr, attrs, ARMMMUIdx_E20_0);
+        return !arm_cpu_get_phys_addr(env, addr, result, ARMMMUIdx_E20_0);
     default:
-        return -1;
+        /* translation failed */
+        return false;
     }
 }
-- 
2.43.0

Re: [PATCH v2 17/25] target/arm: Implement translate_for_debug

[Richard Henderson]

On 4/30/26 19:38, Peter Maydell wrote:
> Implement the translate_for_debug method instead of the
> get_phys_addr_attrs_debug one.  This allows us to pass the caller the
> lg_page_size from our internal GetPhysAddrResult struct.
> 
> Awkwardly, translate_for_debug's "true on success" convention
> is the opposite of the one we use internally in ptw.c, so
> we have to be careful about the sense of the return values.
> This corresponds to the way that arm_cpu_tlb_fill_align()
> also has to return true when get_phys_addr() returns false.
> 
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> Reviewed-by: Philippe Mathieu-Daudé<philmd@linaro.org>
> Message-id:20260417173105.1648172-17-peter.maydell@linaro.org
> ---
> v1->v2: use 'fault' for the bool variable, not 'ret'
> ---
>   target/arm/cpu.c       |  2 +-
>   target/arm/cpu.h       |  3 ---
>   target/arm/internals.h |  4 ++++
>   target/arm/ptw.c       | 39 +++++++++++++++++++++++----------------
>   4 files changed, 28 insertions(+), 20 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

[PATCH v2 18/25] system/physmem: Use translate_for_debug() in cpu_memory_rw_debug()

[Peter Maydell]

Currently cpu_memory_rw_debug() assumes page-granularity for translations,
and it works in a loop where each iteration translates for the vaddr
rounded down to a page boundary and then copies up to the end of the
page boundary.

Rewrite it to use the new cpu_translate_for_debug(): we no longer want
to round down the input address, and the boundary we copy up to is now
determined by the lg_page_size it returns rather than being assumed
to be page-sized.

This, together with the implementation of translate_for_debug for
Arm targets, fixes the bug where semihosting would incorrectly
fail to access parameter blocks that were in memory where the
start of the 4K region they were in was inaccessible due to MPU
region settings, even if the parameter block itself was readable.

Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3292
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260417173105.1648172-18-peter.maydell@linaro.org
---
 system/physmem.c | 38 ++++++++++++++++++++++++--------------
 1 file changed, 24 insertions(+), 14 deletions(-)

diff --git a/system/physmem.c b/system/physmem.c
index 652b03ad5f..7bcbf87573 100644
--- a/system/physmem.c
+++ b/system/physmem.c
@@ -4030,28 +4030,38 @@ address_space_write_cached_slow(MemoryRegionCache *cache, hwaddr addr,
 int cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
                         void *ptr, size_t len, bool is_write)
 {
-    hwaddr phys_addr;
-    vaddr l, page;
     uint8_t *buf = ptr;
 
     cpu_synchronize_state(cpu);
     while (len > 0) {
         int asidx;
-        MemTxAttrs attrs;
+        TranslateForDebugResult tres;
         MemTxResult res;
+        hwaddr blk_base, blk_size, l;
 
-        page = addr & TARGET_PAGE_MASK;
-        phys_addr = cpu_get_phys_addr_attrs_debug(cpu, page, &attrs);
-        asidx = cpu_asidx_from_attrs(cpu, attrs);
-        /* if no physical page mapped, return an error */
-        if (phys_addr == -1)
+        if (!cpu_translate_for_debug(cpu, addr, &tres)) {
+            /* Return error if no physical page mapped */
             return -1;
-        l = (page + TARGET_PAGE_SIZE) - addr;
-        if (l > len)
-            l = len;
-        phys_addr += (addr & ~TARGET_PAGE_MASK);
-        res = address_space_rw(cpu->cpu_ases[asidx].as, phys_addr, attrs, buf,
-                               l, is_write);
+        }
+        asidx = cpu_asidx_from_attrs(cpu, tres.attrs);
+        /*
+         * Clamp the amount we read to not go beyond a page even if
+         * the CPU returned a larger lg_page_size, in case this access
+         * is to a memory-mapped IO region.
+         */
+        tres.lg_page_size = MIN(tres.lg_page_size, TARGET_PAGE_BITS);
+        /*
+         * Find the length in bytes from tres.physaddr to the end of the
+         * block whose size is 1 << tres.lg_page_size; we will access
+         * that much in one go.
+         */
+        blk_size = 1ULL << tres.lg_page_size;
+        blk_base = ROUND_DOWN(tres.physaddr, blk_size);
+        l = blk_base + blk_size - tres.physaddr;
+        l = MIN(l, len);
+
+        res = address_space_rw(cpu->cpu_ases[asidx].as, tres.physaddr,
+                               tres.attrs, buf, l, is_write);
         if (res != MEMTX_OK) {
             return -1;
         }
-- 
2.43.0

Re: [PATCH v2 18/25] system/physmem: Use translate_for_debug() in cpu_memory_rw_debug()

[Richard Henderson]

On 4/30/26 19:38, Peter Maydell wrote:
> Currently cpu_memory_rw_debug() assumes page-granularity for translations,
> and it works in a loop where each iteration translates for the vaddr
> rounded down to a page boundary and then copies up to the end of the
> page boundary.
> 
> Rewrite it to use the new cpu_translate_for_debug(): we no longer want
> to round down the input address, and the boundary we copy up to is now
> determined by the lg_page_size it returns rather than being assumed
> to be page-sized.
> 
> This, together with the implementation of translate_for_debug for
> Arm targets, fixes the bug where semihosting would incorrectly
> fail to access parameter blocks that were in memory where the
> start of the 4K region they were in was inaccessible due to MPU
> region settings, even if the parameter block itself was readable.
> 
> Resolves:https://gitlab.com/qemu-project/qemu/-/work_items/3292
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> Message-id:20260417173105.1648172-18-peter.maydell@linaro.org
> ---
>   system/physmem.c | 38 ++++++++++++++++++++++++--------------
>   1 file changed, 24 insertions(+), 14 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

Re: [PATCH v2 18/25] system/physmem: Use translate_for_debug() in cpu_memory_rw_debug()

[Peter Xu]

On Thu, Apr 30, 2026 at 10:38:03AM +0100, Peter Maydell wrote:
> Currently cpu_memory_rw_debug() assumes page-granularity for translations,
> and it works in a loop where each iteration translates for the vaddr
> rounded down to a page boundary and then copies up to the end of the
> page boundary.
> 
> Rewrite it to use the new cpu_translate_for_debug(): we no longer want
> to round down the input address, and the boundary we copy up to is now
> determined by the lg_page_size it returns rather than being assumed
> to be page-sized.
> 
> This, together with the implementation of translate_for_debug for
> Arm targets, fixes the bug where semihosting would incorrectly
> fail to access parameter blocks that were in memory where the
> start of the 4K region they were in was inaccessible due to MPU
> region settings, even if the parameter block itself was readable.
> 
> Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3292
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> Message-id: 20260417173105.1648172-18-peter.maydell@linaro.org

Acked-by: Peter Xu <peterx@redhat.com>

-- 
Peter Xu

[PATCH v2 19/25] hw/i386/vapic.c: Use cpu_translate_for_debug()

[Peter Maydell]

We would like to remove the cpu_get_phys_addr_debug() function, by
moving all callers to cpu_translate_for_debug(). Update the callsites
in vapic.c.

In the process we can drop the old "OR the page offset back in"
workaround that we had for when cpu_get_phys_page_addr() returned
the physaddr of the page base rather than the exact physaddr of
the input virtual address.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/i386/vapic.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/hw/i386/vapic.c b/hw/i386/vapic.c
index 225f19a75c..781bf2a7fa 100644
--- a/hw/i386/vapic.c
+++ b/hw/i386/vapic.c
@@ -161,7 +161,6 @@ static void update_guest_rom_state(VAPICROMState *s)
 static int find_real_tpr_addr(VAPICROMState *s, CPUX86State *env)
 {
     CPUState *cs = env_cpu(env);
-    hwaddr paddr;
     target_ulong addr;
 
     if (s->state == VAPIC_ACTIVE) {
@@ -173,8 +172,10 @@ static int find_real_tpr_addr(VAPICROMState *s, CPUX86State *env)
      * virtual address space for the APIC mapping.
      */
     for (addr = 0xfffff000; addr >= 0x80000000; addr -= TARGET_PAGE_SIZE) {
-        paddr = cpu_get_phys_addr_debug(cs, addr);
-        if (paddr != APIC_DEFAULT_ADDRESS) {
+        TranslateForDebugResult tres;
+
+        if (!cpu_translate_for_debug(cs, addr, &tres) ||
+            tres.physaddr != APIC_DEFAULT_ADDRESS) {
             continue;
         }
         s->real_tpr_addr = addr + 0x80;
@@ -292,6 +293,7 @@ static int update_rom_mapping(VAPICROMState *s, CPUX86State *env, target_ulong i
     hwaddr paddr;
     uint32_t rom_state_vaddr;
     uint32_t pos, patch, offset;
+    TranslateForDebugResult tres;
 
     /* nothing to do if already activated */
     if (s->state == VAPIC_ACTIVE) {
@@ -305,11 +307,10 @@ static int update_rom_mapping(VAPICROMState *s, CPUX86State *env, target_ulong i
 
     /* find out virtual address of the ROM */
     rom_state_vaddr = s->rom_state_paddr + (ip & 0xf0000000);
-    paddr = cpu_get_phys_addr_debug(cs, rom_state_vaddr);
-    if (paddr == -1) {
+    if (!cpu_translate_for_debug(cs, rom_state_vaddr, &tres)) {
         return -1;
     }
-    paddr |= rom_state_vaddr & ~TARGET_PAGE_MASK;
+    paddr = tres.physaddr;
     if (paddr != s->rom_state_paddr) {
         return -1;
     }
-- 
2.43.0

Re: [PATCH v2 19/25] hw/i386/vapic.c: Use cpu_translate_for_debug()

[Philippe Mathieu-Daudé]

On 30/4/26 11:38, Peter Maydell wrote:
> We would like to remove the cpu_get_phys_addr_debug() function, by
> moving all callers to cpu_translate_for_debug(). Update the callsites
> in vapic.c.
> 
> In the process we can drop the old "OR the page offset back in"
> workaround that we had for when cpu_get_phys_page_addr() returned
> the physaddr of the page base rather than the exact physaddr of
> the input virtual address.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   hw/i386/vapic.c | 13 +++++++------
>   1 file changed, 7 insertions(+), 6 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

[PATCH v2 20/25] target/sparc: Use cpu_translate_for_debug()

[Peter Maydell]

We want to remove the cpu_get_phys_addr_debug() function; update the
sparc dump_mmu() function to use cpu_translate_for_debug() instead.

The "mmu_probe succeeds but debug translate fails" cases are probably
not possible in practice; since cpu_get_phys_addr_debug() would
return -1 in that situation we make this conversion retain that
behaviour.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/sparc/mmu_helper.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/target/sparc/mmu_helper.c b/target/sparc/mmu_helper.c
index e1abd520c4..e441ffb8f7 100644
--- a/target/sparc/mmu_helper.c
+++ b/target/sparc/mmu_helper.c
@@ -360,26 +360,39 @@ void dump_mmu(CPUSPARCState *env)
     unsigned int n, m, o;
     hwaddr pa;
     uint32_t pde;
+    TranslateForDebugResult tres;
 
     qemu_printf("Root ptr: " HWADDR_FMT_plx ", ctx: %d\n",
                 (hwaddr)env->mmuregs[1] << 4, env->mmuregs[2]);
     for (n = 0, va = 0; n < 256; n++, va += 16 * 1024 * 1024) {
         pde = mmu_probe(env, va, 2);
         if (pde) {
-            pa = cpu_get_phys_addr_debug(cs, va);
+            if (!cpu_translate_for_debug(cs, va, &tres)) {
+                pa = -1;
+            } else {
+                pa = tres.physaddr;
+            }
             qemu_printf("VA: " TARGET_FMT_lx ", PA: " HWADDR_FMT_plx
                         " PDE: " TARGET_FMT_lx "\n", va, pa, pde);
             for (m = 0, va1 = va; m < 64; m++, va1 += 256 * 1024) {
                 pde = mmu_probe(env, va1, 1);
                 if (pde) {
-                    pa = cpu_get_phys_addr_debug(cs, va1);
+                    if (!cpu_translate_for_debug(cs, va1, &tres)) {
+                        pa = -1;
+                    } else {
+                        pa = tres.physaddr;
+                    }
                     qemu_printf(" VA: " TARGET_FMT_lx ", PA: "
                                 HWADDR_FMT_plx " PDE: " TARGET_FMT_lx "\n",
                                 va1, pa, pde);
                     for (o = 0, va2 = va1; o < 64; o++, va2 += 4 * 1024) {
                         pde = mmu_probe(env, va2, 0);
                         if (pde) {
-                            pa = cpu_get_phys_addr_debug(cs, va2);
+                            if (!cpu_translate_for_debug(cs, va2, &tres)) {
+                                pa = -1;
+                            } else {
+                                pa = tres.physaddr;
+                            }
                             qemu_printf("  VA: " TARGET_FMT_lx ", PA: "
                                         HWADDR_FMT_plx " PTE: "
                                         TARGET_FMT_lx "\n",
-- 
2.43.0

Re: [PATCH v2 20/25] target/sparc: Use cpu_translate_for_debug()

[Richard Henderson]

On 4/30/26 19:38, Peter Maydell wrote:
> We want to remove the cpu_get_phys_addr_debug() function; update the
> sparc dump_mmu() function to use cpu_translate_for_debug() instead.
> 
> The "mmu_probe succeeds but debug translate fails" cases are probably
> not possible in practice; since cpu_get_phys_addr_debug() would
> return -1 in that situation we make this conversion retain that
> behaviour.
> 
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
>   target/sparc/mmu_helper.c | 19 ++++++++++++++++---
>   1 file changed, 16 insertions(+), 3 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

[PATCH v2 21/25] hw/xtensa: Use cpu_translate_for_debug()

[Peter Maydell]

We want to remove the cpu_get_phys_addr_debug() function; update the
xtensa boards to use cpu_translate_for_debug() instead.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/xtensa/sim.c    | 6 +++++-
 hw/xtensa/xtfpga.c | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/hw/xtensa/sim.c b/hw/xtensa/sim.c
index 32eb16442f..835cd04fe0 100644
--- a/hw/xtensa/sim.c
+++ b/hw/xtensa/sim.c
@@ -40,8 +40,12 @@
 static uint64_t translate_phys_addr(void *opaque, uint64_t addr)
 {
     XtensaCPU *cpu = opaque;
+    TranslateForDebugResult tres;
 
-    return cpu_get_phys_addr_debug(CPU(cpu), addr);
+    if (!cpu_translate_for_debug(CPU(cpu), addr, &tres)) {
+        return -1;
+    }
+    return tres.physaddr;
 }
 
 static void sim_reset(void *opaque)
diff --git a/hw/xtensa/xtfpga.c b/hw/xtensa/xtfpga.c
index 256497e162..33a2d9485c 100644
--- a/hw/xtensa/xtfpga.c
+++ b/hw/xtensa/xtfpga.c
@@ -191,8 +191,12 @@ static PFlashCFI01 *xtfpga_flash_init(MemoryRegion *address_space,
 static uint64_t translate_phys_addr(void *opaque, uint64_t addr)
 {
     XtensaCPU *cpu = opaque;
+    TranslateForDebugResult tres;
 
-    return cpu_get_phys_addr_debug(CPU(cpu), addr);
+    if (!cpu_translate_for_debug(CPU(cpu), addr, &tres)) {
+        return -1;
+    }
+    return tres.physaddr;
 }
 
 static void xtfpga_reset(void *opaque)
-- 
2.43.0

Re: [PATCH v2 21/25] hw/xtensa: Use cpu_translate_for_debug()

[Philippe Mathieu-Daudé]

On 30/4/26 11:38, Peter Maydell wrote:
> We want to remove the cpu_get_phys_addr_debug() function; update the
> xtensa boards to use cpu_translate_for_debug() instead.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   hw/xtensa/sim.c    | 6 +++++-
>   hw/xtensa/xtfpga.c | 6 +++++-
>   2 files changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/xtensa/sim.c b/hw/xtensa/sim.c
> index 32eb16442f..835cd04fe0 100644
> --- a/hw/xtensa/sim.c
> +++ b/hw/xtensa/sim.c
> @@ -40,8 +40,12 @@
>   static uint64_t translate_phys_addr(void *opaque, uint64_t addr)
>   {


> diff --git a/hw/xtensa/xtfpga.c b/hw/xtensa/xtfpga.c
> index 256497e162..33a2d9485c 100644
> --- a/hw/xtensa/xtfpga.c
> +++ b/hw/xtensa/xtfpga.c

>   static uint64_t translate_phys_addr(void *opaque, uint64_t addr)
>   {

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

As a future cleanup we could rename these 2 methods:
hwaddr loader_translate(void *opaque, vaddr addr);

(or unify as a single exported one).

Re: [PATCH v2 21/25] hw/xtensa: Use cpu_translate_for_debug()

[Richard Henderson]

On 4/30/26 19:38, Peter Maydell wrote:
> We want to remove the cpu_get_phys_addr_debug() function; update the
> xtensa boards to use cpu_translate_for_debug() instead.
> 
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
>   hw/xtensa/sim.c    | 6 +++++-
>   hw/xtensa/xtfpga.c | 6 +++++-
>   2 files changed, 10 insertions(+), 2 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

[PATCH v2 22/25] target/xtensa/xtensa-semi: Use cpu_translate_for_debug()

[Peter Maydell]

We want to remove the cpu_get_phys_addr_debug() function; update the
xtensa semihosting code to use cpu_translate_for_debug() instead.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/xtensa/xtensa-semi.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/target/xtensa/xtensa-semi.c b/target/xtensa/xtensa-semi.c
index 9a6a9c8b4e..3340bd1d41 100644
--- a/target/xtensa/xtensa-semi.c
+++ b/target/xtensa/xtensa-semi.c
@@ -215,15 +215,20 @@ void HELPER(simcall)(CPUXtensaState *env)
             uint32_t len_done = 0;
 
             while (len > 0) {
-                hwaddr paddr = cpu_get_phys_addr_debug(cs, vaddr);
+                TranslateForDebugResult tres;
                 uint32_t page_left =
                     TARGET_PAGE_SIZE - (vaddr & (TARGET_PAGE_SIZE - 1));
                 uint32_t io_sz = page_left < len ? page_left : len;
                 hwaddr sz = io_sz;
-                void *buf = address_space_map(as, paddr, &sz, !is_write, attrs);
+                void *buf = NULL;
                 uint32_t io_done;
                 bool error = false;
 
+                if (cpu_translate_for_debug(cs, vaddr, &tres)) {
+                    buf = address_space_map(as, tres.physaddr, &sz,
+                                            !is_write, attrs);
+                }
+
                 if (buf) {
                     vaddr += io_sz;
                     len -= io_sz;
-- 
2.43.0

Re: [PATCH v2 22/25] target/xtensa/xtensa-semi: Use cpu_translate_for_debug()

[Philippe Mathieu-Daudé]

On 30/4/26 11:38, Peter Maydell wrote:
> We want to remove the cpu_get_phys_addr_debug() function; update the
> xtensa semihosting code to use cpu_translate_for_debug() instead.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   target/xtensa/xtensa-semi.c | 9 +++++++--
>   1 file changed, 7 insertions(+), 2 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Re: [PATCH v2 22/25] target/xtensa/xtensa-semi: Use cpu_translate_for_debug()

[Richard Henderson]

On 4/30/26 19:38, Peter Maydell wrote:
> We want to remove the cpu_get_phys_addr_debug() function; update the
> xtensa semihosting code to use cpu_translate_for_debug() instead.
> 
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
>   target/xtensa/xtensa-semi.c | 9 +++++++--
>   1 file changed, 7 insertions(+), 2 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

[PATCH v2 23/25] monitor/hmp-cmds: Use cpu_translate_for_debug()

[Peter Maydell]

We want to remove the cpu_get_phys_addr_debug() function; update the
HMP gva2gpa command implementation to use cpu_translate_for_debug()
instead.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 monitor/hmp-cmds.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
index f8380bda58..2acdcf7d78 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -713,18 +713,17 @@ void hmp_gva2gpa(Monitor *mon, const QDict *qdict)
 {
     vaddr addr = qdict_get_int(qdict, "addr");
     CPUState *cs = mon_get_cpu(mon);
-    hwaddr gpa;
+    TranslateForDebugResult tres;
 
     if (!cs) {
         monitor_printf(mon, "No cpu\n");
         return;
     }
 
-    gpa  = cpu_get_phys_addr_debug(cs, addr);
-    if (gpa == -1) {
+    if (!cpu_translate_for_debug(cs, addr, &tres)) {
         monitor_printf(mon, "Unmapped\n");
     } else {
-        monitor_printf(mon, "gpa: 0x%" HWADDR_PRIx "\n", gpa);
+        monitor_printf(mon, "gpa: 0x%" HWADDR_PRIx "\n", tres.physaddr);
     }
 }
 
-- 
2.43.0

Re: [PATCH v2 23/25] monitor/hmp-cmds: Use cpu_translate_for_debug()

[Philippe Mathieu-Daudé]

On 30/4/26 11:38, Peter Maydell wrote:
> We want to remove the cpu_get_phys_addr_debug() function; update the
> HMP gva2gpa command implementation to use cpu_translate_for_debug()
> instead.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   monitor/hmp-cmds.c | 7 +++----
>   1 file changed, 3 insertions(+), 4 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Re: [PATCH v2 23/25] monitor/hmp-cmds: Use cpu_translate_for_debug()

[Richard Henderson]

On 4/30/26 19:38, Peter Maydell wrote:
> We want to remove the cpu_get_phys_addr_debug() function; update the
> HMP gva2gpa command implementation to use cpu_translate_for_debug()
> instead.
> 
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
>   monitor/hmp-cmds.c | 7 +++----
>   1 file changed, 3 insertions(+), 4 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

[PATCH v2 24/25] plugins/api.c: Use cpu_translate_for_debug()

[Peter Maydell]

We want to remove the cpu_get_phys_addr_debug() function; update the
plugin code to use cpu_translate_for_debug() instead.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 plugins/api.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/plugins/api.c b/plugins/api.c
index c97cc68882..2d5fe9327f 100644
--- a/plugins/api.c
+++ b/plugins/api.c
@@ -617,15 +617,15 @@ qemu_plugin_write_memory_hwaddr(hwaddr addr, GByteArray *data)
 bool qemu_plugin_translate_vaddr(uint64_t vaddr, uint64_t *hwaddr)
 {
 #ifdef CONFIG_SOFTMMU
+    TranslateForDebugResult tres;
+
     g_assert(current_cpu);
 
-    uint64_t res = cpu_get_phys_addr_debug(current_cpu, vaddr);
-
-    if (res == (uint64_t)-1) {
+    if (!cpu_translate_for_debug(current_cpu, vaddr, &tres)) {
         return false;
     }
 
-    *hwaddr = res;
+    *hwaddr = tres.physaddr;
 
     return true;
 #else
-- 
2.43.0

Re: [PATCH v2 24/25] plugins/api.c: Use cpu_translate_for_debug()

[Philippe Mathieu-Daudé]

On 30/4/26 11:38, Peter Maydell wrote:
> We want to remove the cpu_get_phys_addr_debug() function; update the
> plugin code to use cpu_translate_for_debug() instead.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   plugins/api.c | 8 ++++----
>   1 file changed, 4 insertions(+), 4 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Re: [PATCH v2 24/25] plugins/api.c: Use cpu_translate_for_debug()

[Richard Henderson]

On 4/30/26 19:38, Peter Maydell wrote:
> We want to remove the cpu_get_phys_addr_debug() function; update the
> plugin code to use cpu_translate_for_debug() instead.
> 
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
>   plugins/api.c | 8 ++++----
>   1 file changed, 4 insertions(+), 4 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

[PATCH v2 25/25] Remove cpu_get_phys_addr_debug() and cpu_get_phys_addr_attrs_debug()

[Peter Maydell]

All the callers of cpu_get_phys_addr_debug() and
cpu_get_phys_addr_attrs_debug() have now been updated to use
cpu_translate_for_debug(), so we can remove them.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/core/cpu-system.c  | 20 --------------------
 include/hw/core/cpu.h | 34 ----------------------------------
 2 files changed, 54 deletions(-)

diff --git a/hw/core/cpu-system.c b/hw/core/cpu-system.c
index 954b81931d..16f048c956 100644
--- a/hw/core/cpu-system.c
+++ b/hw/core/cpu-system.c
@@ -87,26 +87,6 @@ bool cpu_translate_for_debug(CPUState *cpu, vaddr addr,
     }
 }
 
-hwaddr cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
-                                     MemTxAttrs *attrs)
-{
-    TranslateForDebugResult result;
-
-    if (!cpu_translate_for_debug(cpu, addr, &result)) {
-        return -1;
-    }
-
-    *attrs = result.attrs;
-    return result.physaddr;
-}
-
-hwaddr cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr)
-{
-    MemTxAttrs attrs = {};
-
-    return cpu_get_phys_addr_attrs_debug(cpu, addr, &attrs);
-}
-
 int cpu_asidx_from_attrs(CPUState *cpu, MemTxAttrs attrs)
 {
     int ret = 0;
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 6a6b78af31..eac5329889 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -744,40 +744,6 @@ enum CPUDumpFlags {
  */
 void cpu_dump_state(CPUState *cpu, FILE *f, int flags);
 
-/**
- * cpu_get_phys_addr_attrs_debug:
- * @cpu: The CPU to use for the virtual-to-physical translation
- * @addr: The virtual address.
- * @attrs: Updated on return with the memory transaction attributes to use
- *         for this access.
- *
- * Obtains the physical address corresponding to a virtual one, together
- * with the corresponding memory transaction attributes to use for the access.
- * Use it only for debugging because no protection checks are done.
- *
- * The address need not be page-aligned; the returned address will
- * be the physical address corresponding to that virtual address.
- *
- * Returns: Corresponding physical page address or -1 if no page found.
- */
-hwaddr cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
-                                     MemTxAttrs *attrs);
-
-/**
- * cpu_get_phys_addr_debug:
- * @cpu: The CPU to use for the virtual-to-physical translation
- * @addr: The virtual address.
- *
- * Obtains the physical address corresponding to a virtual one.
- * Use it only for debugging because no protection checks are done.
- *
- * The address need not be page-aligned; the returned address will
- * be the physical address corresponding to that virtual address.
- *
- * Returns: Corresponding physical address, or -1 if no page found.
- */
-hwaddr cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
-
 /**
  * TranslateForDebugResult: gives result of cpu_translate_for_debug()
  *
-- 
2.43.0

Re: [PATCH v2 25/25] Remove cpu_get_phys_addr_debug() and cpu_get_phys_addr_attrs_debug()

[Philippe Mathieu-Daudé]

On 30/4/26 11:38, Peter Maydell wrote:
> All the callers of cpu_get_phys_addr_debug() and
> cpu_get_phys_addr_attrs_debug() have now been updated to use
> cpu_translate_for_debug(), so we can remove them.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   hw/core/cpu-system.c  | 20 --------------------
>   include/hw/core/cpu.h | 34 ----------------------------------
>   2 files changed, 54 deletions(-)

Yay \o/

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Re: [PATCH v2 25/25] Remove cpu_get_phys_addr_debug() and cpu_get_phys_addr_attrs_debug()

[Richard Henderson]

On 4/30/26 19:38, Peter Maydell wrote:
> All the callers of cpu_get_phys_addr_debug() and
> cpu_get_phys_addr_attrs_debug() have now been updated to use
> cpu_translate_for_debug(), so we can remove them.
> 
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
>   hw/core/cpu-system.c  | 20 --------------------
>   include/hw/core/cpu.h | 34 ----------------------------------
>   2 files changed, 54 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

Re: [PATCH v2 00/25] Handle sub-page granularity in cpu_memory_rw_debug()

[Philippe Mathieu-Daudé]

> Peter Maydell (25):
>    hw/i386/vapic: Cope with non-page-aligned return from
>      cpu_get_phys_page_debug()
>    target/riscv: Make get_phys_page_debug handle non-page-aligned addrs
>    target/alpha: Make get_phys_page_debug handle non-page-aligned addrs
>    target/microblaze: Make get_phys_page_attrs_debug handle
>      non-page-aligned addrs
>    target/sparc: Make get_phys_page_debug handle non-page-aligned addrs
>    target/x86: Make get_phys_page_attrs_debug handle non-page-aligned
>      addrs
>    target/s390x: Make get_phys_page_debug handle non-page-aligned addrs
>    target/ppc: Make get_phys_page_debug handle non-page-aligned addrs
>    target: Rename get_phys_page_debug to get_phys_addr_debug
>    target: Rename cpu_get_phys_page_{,attrs_}debug
>    hw/core: Update docs for get_phys_addr_{attrs_,}debug
>    target/arm: Rename arm_cpu_get_phys_page()
>    monitor: hmp_gva2gpa: Don't page-align cpu_get_phys_addr_debug() arg
>      and return
>    plugins/api.c: Trust cpu_get_phys_addr_debug() return address
>    hw/core: Implement new cpu_translate_for_debug()
>    hw/core: Implement cpu_get_phys_addr_attrs_debug() with
>      cpu_translate_for_debug()
>    target/arm: Implement translate_for_debug
>    system/physmem: Use translate_for_debug() in cpu_memory_rw_debug()
>    hw/i386/vapic.c: Use cpu_translate_for_debug()
>    target/sparc: Use cpu_translate_for_debug()
>    hw/xtensa: Use cpu_translate_for_debug()
>    target/xtensa/xtensa-semi: Use cpu_translate_for_debug()
>    monitor/hmp-cmds: Use cpu_translate_for_debug()
>    plugins/api.c: Use cpu_translate_for_debug()
>    Remove cpu_get_phys_addr_debug() and cpu_get_phys_addr_attrs_debug()

Series queued via hw-misc tree, thanks.