[PATCH 00/17] Handle sub-page granularity in cpu_memory_rw_debug()

[PATCH 00/17] Handle sub-page granularity in cpu_memory_rw_debug()

[Peter Maydell]

A while back we added support for targets having memory protection at
a sub-page granularity in TCG: the target returns a CPUTLBEntryFull
with a lg_page_size field that tells TCG how big a block of memory the
translation covers. At the moment we only use this in Arm, for the
M-profile and R-profile MPU which can set protections on small regions
of memory.

However, we forgot about cpu_memory_rw_debug(), which still assumes
that translations cover target-page sized regions. It rounds the input
virtual address down to a page boundary, translates that, and then
puts the offset within the page back in again. This causes problems
for the Arm MPU case, because if the MPU is set up so that the memory
at the rounded-down address isn't within a valid region then we
incorrectly conclude that we can't read the memory at the address we
were actually asked about.
https://gitlab.com/qemu-project/qemu/-/work_items/3292 is a report of
this for the semihosting case, but it applies also to general debug
accesses.

This series fixes this by providing and using a new
cpu_translate_for_debug() function which takes a non-page-aligned
virtual address and returns all of:
 - the exact physical address for that virtual address
 - the memory attributes
 - the lg_page_size the translation is valid for

To get there, the series starts off by fixing an inconsistency in our
current get_phys_page_debug and get_phys_page_attrs_debug
implementations: most of them can handle non-page-aligned addresses
and return the corresponding non-page-aligned physical address, but
some cannot. As a result most callers need to work around this by
putting the page-offset bits back into the result. The first seven
patches fix the targets which weren't accepting and returning
non-page-aligned addresses (riscv, alpha, microblaze, sparc, x86,
s390x, ppc).

At that point, the "page" in the function names is misleading, so we
rename them to get_phys_addr_debug and get_phys_addr_attrs_debug.
Then we can remove the workarounds in callsits in the monitor and
plugins.

Once all that is complete, we can implement our new
cpu_translate_for_debug(), either with a new translate_for_debug
method provided by the CPU, or falling back to using
get_phys_addr_attrs_debug or get_phys_addr_debug for CPUs where
protections are still page sized. Finally we can rewrite
cpu_memory_rw_debug() to use it.

There is potentially some followup cleanup we could do:
 - the only caller of cpu_get_phys_addr_attrs_debug() now is
   cpu_get_phys_addr_debug() so we could make the latter
   directly call cpu_translate_for_debug()
 - more ambitiously, we could make the 10 callers of
   cpu_get_phys_addr_debug() use cpu_translate_for_debug(),
   so we only have one function for phys-to-virt translations
   instead of three
 - even more ambitious would be to convert the 15 targets
   using get_phys_addr_debug and the two using
   get_phys_addr_attrs_debug to translate_for_debug, so
   we only have one CPU method for phys-to-virt translations
   instead of three

But I thought this was a good place to stop and get feedback on
whether I have the right API for things first, and it does fix the
reported bug.

thanks
-- PMM

Peter Maydell (17):
  target/riscv: Make get_phys_page_debug handle non-page-aligned addrs
  target/alpha: Make get_phys_page_debug handle non-page-aligned addrs
  target/microblaze: Make get_phys_page_attrs_debug handle
    non-page-aligned addrs
  target/sparc: Make get_phys_page_debug handle non-page-aligned addrs
  target/x86: Make get_phys_page_attrs_debug handle non-page-aligned
    addrs
  target/s390x: Make get_phys_page_debug handle non-page-aligned addrs
  target/ppc: Make get_phys_page_debug handle non-page-aligned addrs
  target: Rename get_phys_page_debug to get_phys_addr_debug
  target: Rename cpu_get_phys_page_{,attrs_}debug
  hw/core: Update docs for get_phys_addr_{attrs_,}debug
  target/arm: Rename arm_cpu_get_phys_page()
  monitor: hmp_gva2gpa: Don't page-align cpu_get_phys_addr_debug() arg
    and return
  plugins/api.c: Trust cpu_get_phys_addr_debug() return address
  hw/core: Implement new cpu_translate_for_debug()
  hw/core: Implement cpu_get_phys_addr_attrs_debug() with
    cpu_translate_for_debug()
  target/arm: Implement translate_for_debug
  system/physmem: Use translate_for_debug() in cpu_memory_rw_debug()

 hw/core/cpu-system.c             | 57 +++++++++++++++++++++++---------
 hw/i386/vapic.c                  |  4 +--
 hw/xtensa/sim.c                  |  2 +-
 hw/xtensa/xtfpga.c               |  2 +-
 include/hw/core/cpu.h            | 56 ++++++++++++++++++++++++++-----
 include/hw/core/sysemu-cpu-ops.h | 39 ++++++++++++++++++----
 monitor/hmp-cmds.c               |  5 ++-
 plugins/api.c                    |  4 +--
 system/physmem.c                 | 38 +++++++++++++--------
 target/alpha/cpu.c               |  2 +-
 target/alpha/cpu.h               |  2 +-
 target/alpha/helper.c            |  3 +-
 target/arm/cpu.c                 |  2 +-
 target/arm/cpu.h                 |  3 --
 target/arm/internals.h           |  4 +++
 target/arm/ptw.c                 | 37 ++++++++++++---------
 target/avr/cpu.c                 |  2 +-
 target/avr/cpu.h                 |  2 +-
 target/avr/helper.c              |  2 +-
 target/hppa/cpu.c                |  2 +-
 target/hppa/cpu.h                |  2 +-
 target/hppa/mem_helper.c         |  2 +-
 target/i386/cpu.c                |  2 +-
 target/i386/cpu.h                |  2 +-
 target/i386/helper.c             |  4 +--
 target/i386/whpx/whpx-all.c      |  2 +-
 target/loongarch/cpu-mmu.h       |  2 +-
 target/loongarch/cpu.c           |  2 +-
 target/loongarch/cpu_helper.c    |  2 +-
 target/m68k/cpu.c                |  2 +-
 target/m68k/cpu.h                |  2 +-
 target/m68k/helper.c             |  2 +-
 target/microblaze/cpu.c          |  2 +-
 target/microblaze/cpu.h          |  2 +-
 target/microblaze/helper.c       | 11 +++---
 target/mips/cpu.c                |  2 +-
 target/mips/internal.h           |  2 +-
 target/mips/system/physaddr.c    |  2 +-
 target/or1k/cpu.c                |  2 +-
 target/or1k/cpu.h                |  2 +-
 target/or1k/mmu.c                |  2 +-
 target/ppc/cpu.h                 |  2 +-
 target/ppc/cpu_init.c            |  2 +-
 target/ppc/mmu-hash32.c          |  2 +-
 target/ppc/mmu_common.c          |  4 +--
 target/riscv/cpu.c               |  2 +-
 target/riscv/cpu.h               |  2 +-
 target/riscv/cpu_helper.c        |  4 +--
 target/rx/cpu.c                  |  2 +-
 target/rx/cpu.h                  |  2 +-
 target/rx/helper.c               |  2 +-
 target/s390x/cpu-system.c        |  2 +-
 target/s390x/helper.c            | 20 +++--------
 target/s390x/s390x-internal.h    |  1 -
 target/sh4/cpu.c                 |  2 +-
 target/sh4/cpu.h                 |  2 +-
 target/sh4/helper.c              |  2 +-
 target/sparc/cpu.c               |  2 +-
 target/sparc/cpu.h               |  2 +-
 target/sparc/mmu_helper.c        | 10 +++---
 target/tricore/cpu.c             |  2 +-
 target/tricore/cpu.h             |  2 +-
 target/tricore/helper.c          |  2 +-
 target/xtensa/cpu.c              |  2 +-
 target/xtensa/cpu.h              |  2 +-
 target/xtensa/mmu_helper.c       |  2 +-
 target/xtensa/xtensa-semi.c      |  2 +-
 67 files changed, 250 insertions(+), 152 deletions(-)

-- 
2.43.0

[PATCH 01/17] target/riscv: Make get_phys_page_debug handle non-page-aligned addrs

[Peter Maydell]

Currently our implementations of SysemuCPUOps::get_phys_page_debug
and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
non-page-aligned virtual address and returns the corresponding
non-page-aligned physical address" and "only returns a page-aligned
physical address".  This is awkward for callsites, which in practice
all want the physical address for an arbitrary virtual address and
have to work around the possibility of getting a page-aligned
address, and it doesn't account for protection being possibly on a
sub-page-sized granularity.  We want to standardize on the
implementation having to handle non-page-aligned addresses.

The only thing in the riscv implementation that we need to fix
is the place where we explicitly round the return value down to
a page boundary before returning it. Drop that.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/riscv/cpu_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index dd6c861a90..475e9cfd57 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -1677,7 +1677,7 @@ hwaddr riscv_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
         }
     }
 
-    return phys_addr & TARGET_PAGE_MASK;
+    return phys_addr;
 }
 
 void riscv_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
-- 
2.43.0

Re: [PATCH 01/17] target/riscv: Make get_phys_page_debug handle non-page-aligned addrs

[Chao Liu]

On Fri, Apr 17, 2026 at 06:30:49PM +0100, Peter Maydell wrote:
> Currently our implementations of SysemuCPUOps::get_phys_page_debug
> and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
> non-page-aligned virtual address and returns the corresponding
> non-page-aligned physical address" and "only returns a page-aligned
> physical address".  This is awkward for callsites, which in practice
> all want the physical address for an arbitrary virtual address and
> have to work around the possibility of getting a page-aligned
> address, and it doesn't account for protection being possibly on a
> sub-page-sized granularity.  We want to standardize on the
> implementation having to handle non-page-aligned addresses.
> 
> The only thing in the riscv implementation that we need to fix
> is the place where we explicitly round the return value down to
> a page boundary before returning it. Drop that.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Chao Liu <chao.liu.zevorn@gmail.com>

Thanks,
Chao
> ---
>  target/riscv/cpu_helper.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
> index dd6c861a90..475e9cfd57 100644
> --- a/target/riscv/cpu_helper.c
> +++ b/target/riscv/cpu_helper.c
> @@ -1677,7 +1677,7 @@ hwaddr riscv_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
>          }
>      }
>  
> -    return phys_addr & TARGET_PAGE_MASK;
> +    return phys_addr;
>  }
>  
>  void riscv_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
> -- 
> 2.43.0
> 

Re: [PATCH 01/17] target/riscv: Make get_phys_page_debug handle non-page-aligned addrs

[Philippe Mathieu-Daudé]

On 17/4/26 19:30, Peter Maydell wrote:
> Currently our implementations of SysemuCPUOps::get_phys_page_debug
> and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
> non-page-aligned virtual address and returns the corresponding
> non-page-aligned physical address" and "only returns a page-aligned
> physical address".  This is awkward for callsites, which in practice
> all want the physical address for an arbitrary virtual address and
> have to work around the possibility of getting a page-aligned
> address, and it doesn't account for protection being possibly on a
> sub-page-sized granularity.  We want to standardize on the
> implementation having to handle non-page-aligned addresses.
> 
> The only thing in the riscv implementation that we need to fix
> is the place where we explicitly round the return value down to
> a page boundary before returning it. Drop that.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   target/riscv/cpu_helper.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Re: [PATCH 01/17] target/riscv: Make get_phys_page_debug handle non-page-aligned addrs

[Richard Henderson]

On 4/18/26 03:30, Peter Maydell wrote:
> Currently our implementations ofSysemuCPUOps::get_phys_page_debug
> andSysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
> non-page-aligned virtual address and returns the corresponding
> non-page-aligned physical address" and "only returns a page-aligned
> physical address".  This is awkward for callsites, which in practice
> all want the physical address for an arbitrary virtual address and
> have to work around the possibility of getting a page-aligned
> address, and it doesn't account for protection being possibly on a
> sub-page-sized granularity.  We want to standardize on the
> implementation having to handle non-page-aligned addresses.
> 
> The only thing in the riscv implementation that we need to fix
> is the place where we explicitly round the return value down to
> a page boundary before returning it. Drop that.
> 
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
>   target/riscv/cpu_helper.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

[PATCH 02/17] target/alpha: Make get_phys_page_debug handle non-page-aligned addrs

[Peter Maydell]

Currently our implementations of SysemuCPUOps::get_phys_page_debug
and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
non-page-aligned virtual address and returns the corresponding
non-page-aligned physical address" and "only returns a page-aligned
physical address".  This is awkward for callsites, which in practice
all want the physical address for an arbitrary virtual address and
have to work around the possibility of getting a page-aligned
address, and it doesn't account for protection being possibly on a
sub-page-sized granularity.  We want to standardize on the
implementation having to handle non-page-aligned addresses.

For alpha, the get_physical_address() function accepts arbitrary
input addresses but may return an output rounded down to a page
boundary, so in alpha_cpu_get_phys_page_debug() we OR the within-page
offset into it before returning it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/alpha/helper.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/alpha/helper.c b/target/alpha/helper.c
index 179dc2dc7a..af6d7847d5 100644
--- a/target/alpha/helper.c
+++ b/target/alpha/helper.c
@@ -301,6 +301,7 @@ hwaddr alpha_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
     int prot, fail;
 
     fail = get_physical_address(cpu_env(cs), addr, 0, 0, &phys, &prot);
+    phys |= addr & ~TARGET_PAGE_MASK;
     return (fail >= 0 ? -1 : phys);
 }
 
-- 
2.43.0

Re: [PATCH 02/17] target/alpha: Make get_phys_page_debug handle non-page-aligned addrs

[Richard Henderson]

On 4/18/26 03:30, Peter Maydell wrote:
> Currently our implementations ofSysemuCPUOps::get_phys_page_debug
> andSysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
> non-page-aligned virtual address and returns the corresponding
> non-page-aligned physical address" and "only returns a page-aligned
> physical address".  This is awkward for callsites, which in practice
> all want the physical address for an arbitrary virtual address and
> have to work around the possibility of getting a page-aligned
> address, and it doesn't account for protection being possibly on a
> sub-page-sized granularity.  We want to standardize on the
> implementation having to handle non-page-aligned addresses.
> 
> For alpha, the get_physical_address() function accepts arbitrary
> input addresses but may return an output rounded down to a page
> boundary, so in alpha_cpu_get_phys_page_debug() we OR the within-page
> offset into it before returning it.
> 
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
>   target/alpha/helper.c | 1 +
>   1 file changed, 1 insertion(+)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

[PATCH 03/17] target/microblaze: Make get_phys_page_attrs_debug handle non-page-aligned addrs

[Peter Maydell]

Currently our implementations of SysemuCPUOps::get_phys_page_debug
and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
non-page-aligned virtual address and returns the corresponding
non-page-aligned physical address" and "only returns a page-aligned
physical address".  This is awkward for callsites, which in practice
all want the physical address for an arbitrary virtual address and
have to work around the possibility of getting a page-aligned
address, and it doesn't account for protection being possibly on a
sub-page-sized granularity.  We want to standardize on the
implementation having to handle non-page-aligned addresses.

For microblaze, we just need to remove the explicit rounding down to
the page boundary that we were doing in
mb_cpu_get_phys_page_attrs_debug() when calculating the output
physaddr from the results of the MMU lookup.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/microblaze/helper.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/target/microblaze/helper.c b/target/microblaze/helper.c
index a1857b7217..da8abe063e 100644
--- a/target/microblaze/helper.c
+++ b/target/microblaze/helper.c
@@ -284,7 +284,6 @@ hwaddr mb_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
                                         MemTxAttrs *attrs)
 {
     MicroBlazeCPU *cpu = MICROBLAZE_CPU(cs);
-    vaddr vaddr;
     hwaddr paddr = 0;
     MicroBlazeMMULookup lu;
     int mmu_idx = cpu_mmu_index(cs, false);
@@ -297,12 +296,12 @@ hwaddr mb_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
     if (mmu_idx != MMU_NOMMU_IDX) {
         hit = mmu_translate(cpu, &lu, addr, 0, 0);
         if (hit) {
-            vaddr = addr & TARGET_PAGE_MASK;
-            paddr = lu.paddr + vaddr - lu.vaddr;
+            paddr = lu.paddr + addr - lu.vaddr;
         } else
             paddr = 0; /* ???.  */
-    } else
-        paddr = addr & TARGET_PAGE_MASK;
+    } else {
+        paddr = addr;
+    }
 
     return paddr;
 }
-- 
2.43.0

Re: [PATCH 03/17] target/microblaze: Make get_phys_page_attrs_debug handle non-page-aligned addrs

[Philippe Mathieu-Daudé]

On 17/4/26 19:30, Peter Maydell wrote:
> Currently our implementations of SysemuCPUOps::get_phys_page_debug
> and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
> non-page-aligned virtual address and returns the corresponding
> non-page-aligned physical address" and "only returns a page-aligned
> physical address".  This is awkward for callsites, which in practice
> all want the physical address for an arbitrary virtual address and
> have to work around the possibility of getting a page-aligned
> address, and it doesn't account for protection being possibly on a
> sub-page-sized granularity.  We want to standardize on the
> implementation having to handle non-page-aligned addresses.
> 
> For microblaze, we just need to remove the explicit rounding down to
> the page boundary that we were doing in
> mb_cpu_get_phys_page_attrs_debug() when calculating the output
> physaddr from the results of the MMU lookup.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   target/microblaze/helper.c | 9 ++++-----
>   1 file changed, 4 insertions(+), 5 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Re: [PATCH 03/17] target/microblaze: Make get_phys_page_attrs_debug handle non-page-aligned addrs

[Richard Henderson]

On 4/18/26 03:30, Peter Maydell wrote:
> Currently our implementations ofSysemuCPUOps::get_phys_page_debug
> andSysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
> non-page-aligned virtual address and returns the corresponding
> non-page-aligned physical address" and "only returns a page-aligned
> physical address".  This is awkward for callsites, which in practice
> all want the physical address for an arbitrary virtual address and
> have to work around the possibility of getting a page-aligned
> address, and it doesn't account for protection being possibly on a
> sub-page-sized granularity.  We want to standardize on the
> implementation having to handle non-page-aligned addresses.
> 
> For microblaze, we just need to remove the explicit rounding down to
> the page boundary that we were doing in
> mb_cpu_get_phys_page_attrs_debug() when calculating the output
> physaddr from the results of the MMU lookup.
> 
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
>   target/microblaze/helper.c | 9 ++++-----
>   1 file changed, 4 insertions(+), 5 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

[PATCH 04/17] target/sparc: Make get_phys_page_debug handle non-page-aligned addrs

[Peter Maydell]

Currently our implementations of SysemuCPUOps::get_phys_page_debug
and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
non-page-aligned virtual address and returns the corresponding
non-page-aligned physical address" and "only returns a page-aligned
physical address".  This is awkward for callsites, which in practice
all want the physical address for an arbitrary virtual address and
have to work around the possibility of getting a page-aligned
address, and it doesn't account for protection being possibly on a
sub-page-sized granularity.  We want to standardize on the
implementation having to handle non-page-aligned addresses.

The sparc TLB lookup code can handle non-aligned input addresses but
will return page-aligned results.  Rather than attempting to change
the internals of the lookup code, we take the simple approach of
ORing the page offset back into the phys_addr result.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/sparc/mmu_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/sparc/mmu_helper.c b/target/sparc/mmu_helper.c
index a6f76a1ab7..25f8a85fae 100644
--- a/target/sparc/mmu_helper.c
+++ b/target/sparc/mmu_helper.c
@@ -913,7 +913,7 @@ hwaddr sparc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
             return -1;
         }
     }
-    return phys_addr;
+    return phys_addr | (addr & ~TARGET_PAGE_MASK);
 }
 
 G_NORETURN void sparc_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
-- 
2.43.0

Re: [PATCH 04/17] target/sparc: Make get_phys_page_debug handle non-page-aligned addrs

[Richard Henderson]

On 4/18/26 03:30, Peter Maydell wrote:
> Currently our implementations ofSysemuCPUOps::get_phys_page_debug
> andSysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
> non-page-aligned virtual address and returns the corresponding
> non-page-aligned physical address" and "only returns a page-aligned
> physical address".  This is awkward for callsites, which in practice
> all want the physical address for an arbitrary virtual address and
> have to work around the possibility of getting a page-aligned
> address, and it doesn't account for protection being possibly on a
> sub-page-sized granularity.  We want to standardize on the
> implementation having to handle non-page-aligned addresses.
> 
> The sparc TLB lookup code can handle non-aligned input addresses but
> will return page-aligned results.  Rather than attempting to change
> the internals of the lookup code, we take the simple approach of
> ORing the page offset back into the phys_addr result.
> 
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
>   target/sparc/mmu_helper.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

[PATCH 05/17] target/x86: Make get_phys_page_attrs_debug handle non-page-aligned addrs

[Peter Maydell]

Currently our implementations of SysemuCPUOps::get_phys_page_debug
and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
non-page-aligned virtual address and returns the corresponding
non-page-aligned physical address" and "only returns a page-aligned
physical address".  This is awkward for callsites, which in practice
all want the physical address for an arbitrary virtual address and
have to work around the possibility of getting a page-aligned
address, and it doesn't account for protection being possibly on a
sub-page-sized granularity.  We want to standardize on the
implementation having to handle non-page-aligned addresses.

For x86 this is simple: we just need to stop rounding down the
input address to a TARGET_PAGE boundary when calculating the
result to return.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/i386/helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/i386/helper.c b/target/i386/helper.c
index c397a6fde5..108b02396d 100644
--- a/target/i386/helper.c
+++ b/target/i386/helper.c
@@ -372,7 +372,7 @@ hwaddr x86_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
 out:
 #endif
     pte &= PG_ADDRESS_MASK & ~(page_size - 1);
-    page_offset = (addr & TARGET_PAGE_MASK) & (page_size - 1);
+    page_offset = addr & (page_size - 1);
     return pte | page_offset;
 }
 
-- 
2.43.0

Re: [PATCH 05/17] target/x86: Make get_phys_page_attrs_debug handle non-page-aligned addrs

[Richard Henderson]

On 4/18/26 03:30, Peter Maydell wrote:
> Currently our implementations of SysemuCPUOps::get_phys_page_debug
> and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
> non-page-aligned virtual address and returns the corresponding
> non-page-aligned physical address" and "only returns a page-aligned
> physical address".  This is awkward for callsites, which in practice
> all want the physical address for an arbitrary virtual address and
> have to work around the possibility of getting a page-aligned
> address, and it doesn't account for protection being possibly on a
> sub-page-sized granularity.  We want to standardize on the
> implementation having to handle non-page-aligned addresses.
> 
> For x86 this is simple: we just need to stop rounding down the
> input address to a TARGET_PAGE boundary when calculating the
> result to return.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   target/i386/helper.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

> 
> diff --git a/target/i386/helper.c b/target/i386/helper.c
> index c397a6fde5..108b02396d 100644
> --- a/target/i386/helper.c
> +++ b/target/i386/helper.c
> @@ -372,7 +372,7 @@ hwaddr x86_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
>   out:
>   #endif
>       pte &= PG_ADDRESS_MASK & ~(page_size - 1);
> -    page_offset = (addr & TARGET_PAGE_MASK) & (page_size - 1);
> +    page_offset = addr & (page_size - 1);
>       return pte | page_offset;
>   }
>   

[PATCH 06/17] target/s390x: Make get_phys_page_debug handle non-page-aligned addrs

[Peter Maydell]

Currently our implementations of SysemuCPUOps::get_phys_page_debug
and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
non-page-aligned virtual address and returns the corresponding
non-page-aligned physical address" and "only returns a page-aligned
physical address".  This is awkward for callsites, which in practice
all want the physical address for an arbitrary virtual address and
have to work around the possibility of getting a page-aligned
address, and it doesn't account for protection being possibly on a
sub-page-sized granularity.  We want to standardize on the
implementation having to handle non-page-aligned addresses.

s390x already has an implementation of "give me the actual physical
address, not rounded down", in s390_get_phys_addr_debug(), so we can
use this for the SysemuCPUOps::get_phys_page_debug method, and merge
the s390_cpu_get_phys_page_debug() function into
s390_get_phys_addr_debug() which is now its only caller.

This leaves the function implementing the method with a name
that doesn't match the method name, but we will fix that shortly
by renaming the method to *_addr_* for all targets.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/s390x/cpu-system.c     |  2 +-
 target/s390x/helper.c         | 20 +++++---------------
 target/s390x/s390x-internal.h |  1 -
 3 files changed, 6 insertions(+), 17 deletions(-)

diff --git a/target/s390x/cpu-system.c b/target/s390x/cpu-system.c
index 881171d71a..c133b0c262 100644
--- a/target/s390x/cpu-system.c
+++ b/target/s390x/cpu-system.c
@@ -176,7 +176,7 @@ void s390_cpu_finalize(Object *obj)
 
 static const struct SysemuCPUOps s390_sysemu_ops = {
     .has_work = s390_cpu_has_work,
-    .get_phys_page_debug = s390_cpu_get_phys_page_debug,
+    .get_phys_page_debug = s390_cpu_get_phys_addr_debug,
     .get_crash_info = s390_cpu_get_crash_info,
     .write_elf64_note = s390_cpu_write_elf64_note,
     .legacy_vmsd = &vmstate_s390_cpu,
diff --git a/target/s390x/helper.c b/target/s390x/helper.c
index 667d4a0da7..1a2658eaf9 100644
--- a/target/s390x/helper.c
+++ b/target/s390x/helper.c
@@ -39,7 +39,7 @@ void s390x_cpu_timer(void *opaque)
     cpu_inject_cpu_timer((S390CPU *) opaque);
 }
 
-hwaddr s390_cpu_get_phys_page_debug(CPUState *cs, vaddr vaddr)
+hwaddr s390_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     S390CPU *cpu = S390_CPU(cs);
     CPUS390XState *env = &cpu->env;
@@ -47,10 +47,11 @@ hwaddr s390_cpu_get_phys_page_debug(CPUState *cs, vaddr vaddr)
     int prot;
     uint64_t asc = env->psw.mask & PSW_MASK_ASC;
     uint64_t tec;
+    vaddr page = addr & TARGET_PAGE_MASK;
 
     /* 31-Bit mode */
     if (!(env->psw.mask & PSW_MASK_64)) {
-        vaddr &= 0x7fffffff;
+        page &= 0x7fffffff;
     }
 
     /* We want to read the code (e.g., see what we are single-stepping).*/
@@ -62,24 +63,13 @@ hwaddr s390_cpu_get_phys_page_debug(CPUState *cs, vaddr vaddr)
      * We want to read code even if IEP is active. Use MMU_DATA_LOAD instead
      * of MMU_INST_FETCH.
      */
-    if (mmu_translate(env, vaddr, MMU_DATA_LOAD, asc, &raddr, &prot, &tec)) {
+    if (mmu_translate(env, page, MMU_DATA_LOAD, asc, &raddr, &prot, &tec)) {
         return -1;
     }
+    raddr += (addr & ~TARGET_PAGE_MASK);
     return raddr;
 }
 
-hwaddr s390_cpu_get_phys_addr_debug(CPUState *cs, vaddr v_addr)
-{
-    hwaddr phys_addr;
-    vaddr page;
-
-    page = v_addr & TARGET_PAGE_MASK;
-    phys_addr = cpu_get_phys_page_debug(cs, page);
-    phys_addr += (v_addr & ~TARGET_PAGE_MASK);
-
-    return phys_addr;
-}
-
 static inline bool is_special_wait_psw(uint64_t psw_addr)
 {
     /* signal quiesce */
diff --git a/target/s390x/s390x-internal.h b/target/s390x/s390x-internal.h
index 40850bcdc4..e7e4f2b45d 100644
--- a/target/s390x/s390x-internal.h
+++ b/target/s390x/s390x-internal.h
@@ -321,7 +321,6 @@ void do_restart_interrupt(CPUS390XState *env);
 void s390x_tod_timer(void *opaque);
 void s390x_cpu_timer(void *opaque);
 void s390_handle_wait(S390CPU *cpu);
-hwaddr s390_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
 hwaddr s390_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 LowCore *cpu_map_lowcore(CPUS390XState *env);
 void cpu_unmap_lowcore(CPUS390XState *env, LowCore *lowcore);
-- 
2.43.0

Re: [PATCH 06/17] target/s390x: Make get_phys_page_debug handle non-page-aligned addrs

[Ilya Leoshkevich]

On 4/17/26 18:30, Peter Maydell wrote:
> Currently our implementations of SysemuCPUOps::get_phys_page_debug
> and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
> non-page-aligned virtual address and returns the corresponding
> non-page-aligned physical address" and "only returns a page-aligned
> physical address".  This is awkward for callsites, which in practice
> all want the physical address for an arbitrary virtual address and
> have to work around the possibility of getting a page-aligned
> address, and it doesn't account for protection being possibly on a
> sub-page-sized granularity.  We want to standardize on the
> implementation having to handle non-page-aligned addresses.
>
> s390x already has an implementation of "give me the actual physical
> address, not rounded down", in s390_get_phys_addr_debug(), so we can
> use this for the SysemuCPUOps::get_phys_page_debug method, and merge
> the s390_cpu_get_phys_page_debug() function into
> s390_get_phys_addr_debug() which is now its only caller.
>
> This leaves the function implementing the method with a name
> that doesn't match the method name, but we will fix that shortly
> by renaming the method to *_addr_* for all targets.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   target/s390x/cpu-system.c     |  2 +-
>   target/s390x/helper.c         | 20 +++++---------------
>   target/s390x/s390x-internal.h |  1 -
>   3 files changed, 6 insertions(+), 17 deletions(-)

Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com>

Re: [PATCH 06/17] target/s390x: Make get_phys_page_debug handle non-page-aligned addrs

[Richard Henderson]

On 4/18/26 03:30, Peter Maydell wrote:
> Currently our implementations ofSysemuCPUOps::get_phys_page_debug
> andSysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
> non-page-aligned virtual address and returns the corresponding
> non-page-aligned physical address" and "only returns a page-aligned
> physical address".  This is awkward for callsites, which in practice
> all want the physical address for an arbitrary virtual address and
> have to work around the possibility of getting a page-aligned
> address, and it doesn't account for protection being possibly on a
> sub-page-sized granularity.  We want to standardize on the
> implementation having to handle non-page-aligned addresses.
> 
> s390x already has an implementation of "give me the actual physical
> address, not rounded down", in s390_get_phys_addr_debug(), so we can
> use this for theSysemuCPUOps::get_phys_page_debug method, and merge
> the s390_cpu_get_phys_page_debug() function into
> s390_get_phys_addr_debug() which is now its only caller.
> 
> This leaves the function implementing the method with a name
> that doesn't match the method name, but we will fix that shortly
> by renaming the method to *_addr_* for all targets.
> 
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
>   target/s390x/cpu-system.c     |  2 +-
>   target/s390x/helper.c         | 20 +++++---------------
>   target/s390x/s390x-internal.h |  1 -
>   3 files changed, 6 insertions(+), 17 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

[PATCH 07/17] target/ppc: Make get_phys_page_debug handle non-page-aligned addrs

[Peter Maydell]

Currently our implementations of SysemuCPUOps::get_phys_page_debug
and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
non-page-aligned virtual address and returns the corresponding
non-page-aligned physical address" and "only returns a page-aligned
physical address".  This is awkward for callsites, which in practice
all want the physical address for an arbitrary virtual address and
have to work around the possibility of getting a page-aligned
address, and it doesn't account for protection being possibly on a
sub-page-sized granularity.  We want to standardize on the
implementation having to handle non-page-aligned addresses.

The ppc_xlate() function can accept a non-page-aligned input but may
return a page-aligned output; we take the simple approach of ORing
the page offset back into the result address after calling it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/ppc/mmu_common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 52d48615ac..a1345df716 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -863,7 +863,7 @@ hwaddr ppc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
                   ppc_env_mmu_index(&cpu->env, false), false) ||
         ppc_xlate(cpu, addr, MMU_INST_FETCH, &raddr, &s, &p,
                   ppc_env_mmu_index(&cpu->env, true), false)) {
-        return raddr & TARGET_PAGE_MASK;
+        return raddr | (addr & ~TARGET_PAGE_MASK);
     }
     return -1;
 }
-- 
2.43.0

Re: [PATCH 07/17] target/ppc: Make get_phys_page_debug handle non-page-aligned addrs

[Richard Henderson]

On 4/18/26 03:30, Peter Maydell wrote:
> Currently our implementations of SysemuCPUOps::get_phys_page_debug
> and SysemuCPUOps::get_phys_page_attrs_debug are a mix of "accepts a
> non-page-aligned virtual address and returns the corresponding
> non-page-aligned physical address" and "only returns a page-aligned
> physical address".  This is awkward for callsites, which in practice
> all want the physical address for an arbitrary virtual address and
> have to work around the possibility of getting a page-aligned
> address, and it doesn't account for protection being possibly on a
> sub-page-sized granularity.  We want to standardize on the
> implementation having to handle non-page-aligned addresses.
> 
> The ppc_xlate() function can accept a non-page-aligned input but may
> return a page-aligned output; we take the simple approach of ORing
> the page offset back into the result address after calling it.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   target/ppc/mmu_common.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~
> 
> diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
> index 52d48615ac..a1345df716 100644
> --- a/target/ppc/mmu_common.c
> +++ b/target/ppc/mmu_common.c
> @@ -863,7 +863,7 @@ hwaddr ppc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
>                     ppc_env_mmu_index(&cpu->env, false), false) ||
>           ppc_xlate(cpu, addr, MMU_INST_FETCH, &raddr, &s, &p,
>                     ppc_env_mmu_index(&cpu->env, true), false)) {
> -        return raddr & TARGET_PAGE_MASK;
> +        return raddr | (addr & ~TARGET_PAGE_MASK);
>       }
>       return -1;
>   }

[PATCH 08/17] target: Rename get_phys_page_debug to get_phys_addr_debug

[Peter Maydell]

Now that we have ensured that all implementations of the get_phys_page_debug
method handle a non-page-aligned input and return the corresponding
non-page-aligned output, the name of the method is somewhat misleading.
Rename it to get_phys_addr_debug.

This commit was produced with the commands

 sed -i -e 's/_cpu_get_phys_page_debug/_cpu_get_phys_addr_debug/g;s/\<get_phys_page_debug\>/get_phys_addr_debug/g' $(git grep -l get_phys_page_debug)
 sed -i -e 's/_cpu_get_phys_page_attrs_debug/_cpu_get_phys_addr_attrs_debug/g;s/\<get_phys_page_attrs_debug\>/get_phys_addr_attrs_debug/g' $(git grep -l get_phys_page_attrs_debug)

which catches all references to the method name itself plus
the functions which each target uses as the method implementation,
but (deliberately) not the cpu_phys_get_page_debug() and
cpu_phys_get_page_attrs_debug() wrapper functions or their callers.
(We'll deal with those in the next commit.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/core/cpu-system.c             |  6 +++---
 include/hw/core/sysemu-cpu-ops.h | 10 +++++-----
 target/alpha/cpu.c               |  2 +-
 target/alpha/cpu.h               |  2 +-
 target/alpha/helper.c            |  2 +-
 target/arm/cpu.c                 |  2 +-
 target/arm/cpu.h                 |  2 +-
 target/arm/ptw.c                 |  2 +-
 target/avr/cpu.c                 |  2 +-
 target/avr/cpu.h                 |  2 +-
 target/avr/helper.c              |  2 +-
 target/hppa/cpu.c                |  2 +-
 target/hppa/cpu.h                |  2 +-
 target/hppa/mem_helper.c         |  2 +-
 target/i386/cpu.c                |  2 +-
 target/i386/cpu.h                |  2 +-
 target/i386/helper.c             |  2 +-
 target/i386/whpx/whpx-all.c      |  2 +-
 target/loongarch/cpu-mmu.h       |  2 +-
 target/loongarch/cpu.c           |  2 +-
 target/loongarch/cpu_helper.c    |  2 +-
 target/m68k/cpu.c                |  2 +-
 target/m68k/cpu.h                |  2 +-
 target/m68k/helper.c             |  2 +-
 target/microblaze/cpu.c          |  2 +-
 target/microblaze/cpu.h          |  2 +-
 target/microblaze/helper.c       |  2 +-
 target/mips/cpu.c                |  2 +-
 target/mips/internal.h           |  2 +-
 target/mips/system/physaddr.c    |  2 +-
 target/or1k/cpu.c                |  2 +-
 target/or1k/cpu.h                |  2 +-
 target/or1k/mmu.c                |  2 +-
 target/ppc/cpu.h                 |  2 +-
 target/ppc/cpu_init.c            |  2 +-
 target/ppc/mmu-hash32.c          |  2 +-
 target/ppc/mmu_common.c          |  2 +-
 target/riscv/cpu.c               |  2 +-
 target/riscv/cpu.h               |  2 +-
 target/riscv/cpu_helper.c        |  2 +-
 target/rx/cpu.c                  |  2 +-
 target/rx/cpu.h                  |  2 +-
 target/rx/helper.c               |  2 +-
 target/s390x/cpu-system.c        |  2 +-
 target/sh4/cpu.c                 |  2 +-
 target/sh4/cpu.h                 |  2 +-
 target/sh4/helper.c              |  2 +-
 target/sparc/cpu.c               |  2 +-
 target/sparc/cpu.h               |  2 +-
 target/sparc/mmu_helper.c        |  2 +-
 target/tricore/cpu.c             |  2 +-
 target/tricore/cpu.h             |  2 +-
 target/tricore/helper.c          |  2 +-
 target/xtensa/cpu.c              |  2 +-
 target/xtensa/cpu.h              |  2 +-
 target/xtensa/mmu_helper.c       |  2 +-
 56 files changed, 62 insertions(+), 62 deletions(-)

diff --git a/hw/core/cpu-system.c b/hw/core/cpu-system.c
index 273b9b7c22..93dc861083 100644
--- a/hw/core/cpu-system.c
+++ b/hw/core/cpu-system.c
@@ -60,13 +60,13 @@ hwaddr cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr,
 {
     hwaddr paddr;
 
-    if (cpu->cc->sysemu_ops->get_phys_page_attrs_debug) {
-        paddr = cpu->cc->sysemu_ops->get_phys_page_attrs_debug(cpu, addr,
+    if (cpu->cc->sysemu_ops->get_phys_addr_attrs_debug) {
+        paddr = cpu->cc->sysemu_ops->get_phys_addr_attrs_debug(cpu, addr,
                                                                attrs);
     } else {
         /* Fallback for CPUs which don't implement the _attrs_ hook */
         *attrs = MEMTXATTRS_UNSPECIFIED;
-        paddr = cpu->cc->sysemu_ops->get_phys_page_debug(cpu, addr);
+        paddr = cpu->cc->sysemu_ops->get_phys_addr_debug(cpu, addr);
     }
     /* Indicate that this is a debug access. */
     attrs->debug = 1;
diff --git a/include/hw/core/sysemu-cpu-ops.h b/include/hw/core/sysemu-cpu-ops.h
index 7b2d2d2610..a4fc330bea 100644
--- a/include/hw/core/sysemu-cpu-ops.h
+++ b/include/hw/core/sysemu-cpu-ops.h
@@ -30,17 +30,17 @@ typedef struct SysemuCPUOps {
      */
     bool (*get_paging_enabled)(const CPUState *cpu);
     /**
-     * @get_phys_page_debug: Callback for obtaining a physical address.
+     * @get_phys_addr_debug: Callback for obtaining a physical address.
      */
-    hwaddr (*get_phys_page_debug)(CPUState *cpu, vaddr addr);
+    hwaddr (*get_phys_addr_debug)(CPUState *cpu, vaddr addr);
     /**
-     * @get_phys_page_attrs_debug: Callback for obtaining a physical address
+     * @get_phys_addr_attrs_debug: Callback for obtaining a physical address
      *       and the associated memory transaction attributes to use for the
      *       access.
      * CPUs which use memory transaction attributes should implement this
-     * instead of get_phys_page_debug.
+     * instead of get_phys_addr_debug.
      */
-    hwaddr (*get_phys_page_attrs_debug)(CPUState *cpu, vaddr addr,
+    hwaddr (*get_phys_addr_attrs_debug)(CPUState *cpu, vaddr addr,
                                         MemTxAttrs *attrs);
     /**
      * @asidx_from_attrs: Callback to return the CPU AddressSpace to use for
diff --git a/target/alpha/cpu.c b/target/alpha/cpu.c
index ff053043a3..0c35067b20 100644
--- a/target/alpha/cpu.c
+++ b/target/alpha/cpu.c
@@ -242,7 +242,7 @@ static void alpha_cpu_initfn(Object *obj)
 
 static const struct SysemuCPUOps alpha_sysemu_ops = {
     .has_work = alpha_cpu_has_work,
-    .get_phys_page_debug = alpha_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = alpha_cpu_get_phys_addr_debug,
 };
 #endif
 
diff --git a/target/alpha/cpu.h b/target/alpha/cpu.h
index 45944e46b5..e49ebca578 100644
--- a/target/alpha/cpu.h
+++ b/target/alpha/cpu.h
@@ -283,7 +283,7 @@ extern const VMStateDescription vmstate_alpha_cpu;
 
 void alpha_cpu_do_interrupt(CPUState *cpu);
 bool alpha_cpu_exec_interrupt(CPUState *cpu, int int_req);
-hwaddr alpha_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr alpha_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 #endif /* !CONFIG_USER_ONLY */
 void alpha_cpu_dump_state(CPUState *cs, FILE *f, int flags);
 int alpha_cpu_gdb_read_register(CPUState *cpu, GByteArray *buf, int reg);
diff --git a/target/alpha/helper.c b/target/alpha/helper.c
index af6d7847d5..33fed0c746 100644
--- a/target/alpha/helper.c
+++ b/target/alpha/helper.c
@@ -295,7 +295,7 @@ static int get_physical_address(CPUAlphaState *env, vaddr addr,
     return ret;
 }
 
-hwaddr alpha_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr alpha_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     hwaddr phys;
     int prot, fail;
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index ccc47c8a9a..f28c74a94b 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -2295,7 +2295,7 @@ static vaddr aarch64_untagged_addr(CPUState *cs, vaddr x)
 
 static const struct SysemuCPUOps arm_sysemu_ops = {
     .has_work = arm_cpu_has_work,
-    .get_phys_page_attrs_debug = arm_cpu_get_phys_page_attrs_debug,
+    .get_phys_addr_attrs_debug = arm_cpu_get_phys_addr_attrs_debug,
     .asidx_from_attrs = arm_asidx_from_attrs,
     .write_elf32_note = arm_cpu_write_elf32_note,
     .write_elf64_note = arm_cpu_write_elf64_note,
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 657ff4ab20..917e4668da 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1231,7 +1231,7 @@ extern const VMStateDescription vmstate_arm_cpu;
 void arm_cpu_do_interrupt(CPUState *cpu);
 void arm_v7m_cpu_do_interrupt(CPUState *cpu);
 
-hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr,
+hwaddr arm_cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
                                          MemTxAttrs *attrs);
 
 typedef struct ARMGranuleProtectionConfig {
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 7b993bb5b3..f5f624c7c3 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -3943,7 +3943,7 @@ static hwaddr arm_cpu_get_phys_page(CPUARMState *env, vaddr addr,
     return res.f.phys_addr;
 }
 
-hwaddr arm_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
+hwaddr arm_cpu_get_phys_addr_attrs_debug(CPUState *cs, vaddr addr,
                                          MemTxAttrs *attrs)
 {
     ARMCPU *cpu = ARM_CPU(cs);
diff --git a/target/avr/cpu.c b/target/avr/cpu.c
index 8579a7283b..3591219212 100644
--- a/target/avr/cpu.c
+++ b/target/avr/cpu.c
@@ -233,7 +233,7 @@ static void avr_cpu_dump_state(CPUState *cs, FILE *f, int flags)
 
 static const struct SysemuCPUOps avr_sysemu_ops = {
     .has_work = avr_cpu_has_work,
-    .get_phys_page_debug = avr_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = avr_cpu_get_phys_addr_debug,
 };
 
 static const TCGCPUOps avr_tcg_ops = {
diff --git a/target/avr/cpu.h b/target/avr/cpu.h
index 518e243d81..7ebdc7b953 100644
--- a/target/avr/cpu.h
+++ b/target/avr/cpu.h
@@ -178,7 +178,7 @@ extern const struct VMStateDescription vms_avr_cpu;
 
 void avr_cpu_do_interrupt(CPUState *cpu);
 bool avr_cpu_exec_interrupt(CPUState *cpu, int int_req);
-hwaddr avr_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr avr_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 int avr_cpu_gdb_read_register(CPUState *cpu, GByteArray *buf, int reg);
 int avr_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
 int avr_print_insn(bfd_vma addr, disassemble_info *info);
diff --git a/target/avr/helper.c b/target/avr/helper.c
index 365c8c60e1..f3be8483b2 100644
--- a/target/avr/helper.c
+++ b/target/avr/helper.c
@@ -107,7 +107,7 @@ void avr_cpu_do_interrupt(CPUState *cs)
     qemu_plugin_vcpu_interrupt_cb(cs, ret);
 }
 
-hwaddr avr_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr avr_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     return addr; /* I assume 1:1 address correspondence */
 }
diff --git a/target/hppa/cpu.c b/target/hppa/cpu.c
index 92027d129a..6443122cf1 100644
--- a/target/hppa/cpu.c
+++ b/target/hppa/cpu.c
@@ -244,7 +244,7 @@ static ObjectClass *hppa_cpu_class_by_name(const char *cpu_model)
 
 static const struct SysemuCPUOps hppa_sysemu_ops = {
     .has_work = hppa_cpu_has_work,
-    .get_phys_page_debug = hppa_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = hppa_cpu_get_phys_addr_debug,
 };
 #endif
 
diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h
index 7d47afe8ef..8a859d27b0 100644
--- a/target/hppa/cpu.h
+++ b/target/hppa/cpu.h
@@ -389,7 +389,7 @@ int hppa_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
 void hppa_cpu_dump_state(CPUState *cs, FILE *f, int);
 #ifndef CONFIG_USER_ONLY
 void hppa_ptlbe(CPUHPPAState *env);
-hwaddr hppa_cpu_get_phys_page_debug(CPUState *cs, vaddr addr);
+hwaddr hppa_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr);
 void hppa_set_ior_and_isr(CPUHPPAState *env, vaddr addr, bool mmu_disabled);
 bool hppa_cpu_tlb_fill_align(CPUState *cs, CPUTLBEntryFull *out, vaddr addr,
                              MMUAccessType access_type, int mmu_idx,
diff --git a/target/hppa/mem_helper.c b/target/hppa/mem_helper.c
index ffbad8acfd..f507649226 100644
--- a/target/hppa/mem_helper.c
+++ b/target/hppa/mem_helper.c
@@ -345,7 +345,7 @@ int hppa_get_physical_address(CPUHPPAState *env, vaddr addr, int mmu_idx,
     return ret;
 }
 
-hwaddr hppa_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr hppa_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     HPPACPU *cpu = HPPA_CPU(cs);
     hwaddr phys;
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index c6fd1dc00e..be331cab25 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -10691,7 +10691,7 @@ static const struct SysemuCPUOps i386_sysemu_ops = {
     .has_work = x86_cpu_has_work,
     .get_memory_mapping = x86_cpu_get_memory_mapping,
     .get_paging_enabled = x86_cpu_get_paging_enabled,
-    .get_phys_page_attrs_debug = x86_cpu_get_phys_page_attrs_debug,
+    .get_phys_addr_attrs_debug = x86_cpu_get_phys_addr_attrs_debug,
     .asidx_from_attrs = x86_asidx_from_attrs,
     .get_crash_info = x86_cpu_get_crash_info,
     .write_elf32_note = x86_cpu_write_elf32_note,
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 0b539155c4..8615361cc9 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -2580,7 +2580,7 @@ int cpu_x86_support_mca_broadcast(CPUX86State *env);
 #ifndef CONFIG_USER_ONLY
 int x86_cpu_pending_interrupt(CPUState *cs, int interrupt_request);
 
-hwaddr x86_cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr,
+hwaddr x86_cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
                                          MemTxAttrs *attrs);
 int cpu_get_pic_interrupt(CPUX86State *s);
 
diff --git a/target/i386/helper.c b/target/i386/helper.c
index 108b02396d..8cc73f619a 100644
--- a/target/i386/helper.c
+++ b/target/i386/helper.c
@@ -252,7 +252,7 @@ void cpu_x86_update_cr4(CPUX86State *env, uint32_t new_cr4)
 }
 
 #if !defined(CONFIG_USER_ONLY)
-hwaddr x86_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
+hwaddr x86_cpu_get_phys_addr_attrs_debug(CPUState *cs, vaddr addr,
                                          MemTxAttrs *attrs)
 {
     X86CPU *cpu = X86_CPU(cs);
diff --git a/target/i386/whpx/whpx-all.c b/target/i386/whpx/whpx-all.c
index e56ae2b343..406ca0355c 100644
--- a/target/i386/whpx/whpx-all.c
+++ b/target/i386/whpx/whpx-all.c
@@ -238,7 +238,7 @@ struct whpx_register_set {
  *          e. Let the affected CPU run in the exclusive mode.
  *          f. Restore the original handler and the exception exit bitmap.
  *        Note that handling all corner cases related to IDT/GDT is harder
- *        than it may seem. See x86_cpu_get_phys_page_attrs_debug() for a
+ *        than it may seem. See x86_cpu_get_phys_addr_attrs_debug() for a
  *        rough idea.
  *
  *     3. In order to properly support guest-level debugging in parallel with
diff --git a/target/loongarch/cpu-mmu.h b/target/loongarch/cpu-mmu.h
index 3286accc14..2d7ebb2d72 100644
--- a/target/loongarch/cpu-mmu.h
+++ b/target/loongarch/cpu-mmu.h
@@ -97,7 +97,7 @@ TLBRet loongarch_ptw(CPULoongArchState *env, MMUContext *context,
                      int access_type, int mmu_idx, int debug);
 void get_dir_base_width(CPULoongArchState *env, uint64_t *dir_base,
                         uint64_t *dir_width, unsigned int level);
-hwaddr loongarch_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr loongarch_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 uint64_t loongarch_palen_mask(CPULoongArchState *env);
 
 #endif  /* LOONGARCH_CPU_MMU_H */
diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
index e22568c84a..43ba414ac5 100644
--- a/target/loongarch/cpu.c
+++ b/target/loongarch/cpu.c
@@ -832,7 +832,7 @@ static void loongarch_cpu_dump_state(CPUState *cs, FILE *f, int flags)
 static const struct SysemuCPUOps loongarch_sysemu_ops = {
     .has_work = loongarch_cpu_has_work,
     .write_elf64_note = loongarch_cpu_write_elf64_note,
-    .get_phys_page_debug = loongarch_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = loongarch_cpu_get_phys_addr_debug,
 };
 
 static int64_t loongarch_cpu_get_arch_id(CPUState *cs)
diff --git a/target/loongarch/cpu_helper.c b/target/loongarch/cpu_helper.c
index 6044168766..181b931130 100644
--- a/target/loongarch/cpu_helper.c
+++ b/target/loongarch/cpu_helper.c
@@ -354,7 +354,7 @@ TLBRet get_physical_address(CPULoongArchState *env, MMUContext *context,
     return loongarch_map_address(env, context, access_type, mmu_idx, is_debug);
 }
 
-hwaddr loongarch_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr loongarch_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     CPULoongArchState *env = cpu_env(cs);
     MMUContext context;
diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c
index d849a4a90f..425efdf7cc 100644
--- a/target/m68k/cpu.c
+++ b/target/m68k/cpu.c
@@ -606,7 +606,7 @@ static const VMStateDescription vmstate_m68k_cpu = {
 
 static const struct SysemuCPUOps m68k_sysemu_ops = {
     .has_work = m68k_cpu_has_work,
-    .get_phys_page_debug = m68k_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = m68k_cpu_get_phys_addr_debug,
 };
 #endif /* !CONFIG_USER_ONLY */
 
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 7911ab9de3..b181d5f981 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -186,7 +186,7 @@ struct M68kCPUClass {
 #ifndef CONFIG_USER_ONLY
 void m68k_cpu_do_interrupt(CPUState *cpu);
 bool m68k_cpu_exec_interrupt(CPUState *cpu, int int_req);
-hwaddr m68k_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr m68k_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 #endif /* !CONFIG_USER_ONLY */
 void m68k_cpu_dump_state(CPUState *cpu, FILE *f, int flags);
 int m68k_cpu_gdb_read_register(CPUState *cpu, GByteArray *buf, int reg);
diff --git a/target/m68k/helper.c b/target/m68k/helper.c
index 9bab184389..2dd9ec1bdc 100644
--- a/target/m68k/helper.c
+++ b/target/m68k/helper.c
@@ -907,7 +907,7 @@ txfail:
     return -1;
 }
 
-hwaddr m68k_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr m68k_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     CPUM68KState *env = cpu_env(cs);
     hwaddr phys_addr;
diff --git a/target/microblaze/cpu.c b/target/microblaze/cpu.c
index ec513ae82d..20fffccb60 100644
--- a/target/microblaze/cpu.c
+++ b/target/microblaze/cpu.c
@@ -428,7 +428,7 @@ static ObjectClass *mb_cpu_class_by_name(const char *cpu_model)
 
 static const struct SysemuCPUOps mb_sysemu_ops = {
     .has_work = mb_cpu_has_work,
-    .get_phys_page_attrs_debug = mb_cpu_get_phys_page_attrs_debug,
+    .get_phys_addr_attrs_debug = mb_cpu_get_phys_addr_attrs_debug,
 };
 #endif
 
diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h
index d26b933b6d..d42565808f 100644
--- a/target/microblaze/cpu.h
+++ b/target/microblaze/cpu.h
@@ -370,7 +370,7 @@ struct MicroBlazeCPUClass {
 #ifndef CONFIG_USER_ONLY
 void mb_cpu_do_interrupt(CPUState *cs);
 bool mb_cpu_exec_interrupt(CPUState *cs, int int_req);
-hwaddr mb_cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr,
+hwaddr mb_cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
                                         MemTxAttrs *attrs);
 #endif /* !CONFIG_USER_ONLY */
 G_NORETURN void mb_cpu_do_unaligned_access(CPUState *cs, vaddr vaddr,
diff --git a/target/microblaze/helper.c b/target/microblaze/helper.c
index da8abe063e..f81c4f625b 100644
--- a/target/microblaze/helper.c
+++ b/target/microblaze/helper.c
@@ -280,7 +280,7 @@ void mb_cpu_do_interrupt(CPUState *cs)
     }
 }
 
-hwaddr mb_cpu_get_phys_page_attrs_debug(CPUState *cs, vaddr addr,
+hwaddr mb_cpu_get_phys_addr_attrs_debug(CPUState *cs, vaddr addr,
                                         MemTxAttrs *attrs)
 {
     MicroBlazeCPU *cpu = MICROBLAZE_CPU(cs);
diff --git a/target/mips/cpu.c b/target/mips/cpu.c
index 5f88c077db..6ef18105b9 100644
--- a/target/mips/cpu.c
+++ b/target/mips/cpu.c
@@ -535,7 +535,7 @@ static ObjectClass *mips_cpu_class_by_name(const char *cpu_model)
 
 static const struct SysemuCPUOps mips_sysemu_ops = {
     .has_work = mips_cpu_has_work,
-    .get_phys_page_debug = mips_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = mips_cpu_get_phys_addr_debug,
     .legacy_vmsd = &vmstate_mips_cpu,
 };
 #endif
diff --git a/target/mips/internal.h b/target/mips/internal.h
index 28eb28936b..24bfa1903c 100644
--- a/target/mips/internal.h
+++ b/target/mips/internal.h
@@ -115,7 +115,7 @@ enum {
 int get_physical_address(CPUMIPSState *env, hwaddr *physical,
                          int *prot, target_ulong real_address,
                          MMUAccessType access_type, int mmu_idx);
-hwaddr mips_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr mips_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 
 typedef struct r4k_tlb_t r4k_tlb_t;
 struct r4k_tlb_t {
diff --git a/target/mips/system/physaddr.c b/target/mips/system/physaddr.c
index b8e1a5ac98..fbbbcf6e00 100644
--- a/target/mips/system/physaddr.c
+++ b/target/mips/system/physaddr.c
@@ -228,7 +228,7 @@ int get_physical_address(CPUMIPSState *env, hwaddr *physical,
     return ret;
 }
 
-hwaddr mips_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr mips_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     CPUMIPSState *env = cpu_env(cs);
     hwaddr phys_addr;
diff --git a/target/or1k/cpu.c b/target/or1k/cpu.c
index 3d1c22bf75..ea29b2e01f 100644
--- a/target/or1k/cpu.c
+++ b/target/or1k/cpu.c
@@ -247,7 +247,7 @@ static void openrisc_any_initfn(Object *obj)
 
 static const struct SysemuCPUOps openrisc_sysemu_ops = {
     .has_work = openrisc_cpu_has_work,
-    .get_phys_page_debug = openrisc_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = openrisc_cpu_get_phys_addr_debug,
 };
 #endif
 
diff --git a/target/or1k/cpu.h b/target/or1k/cpu.h
index c8e2827930..8f20b9a122 100644
--- a/target/or1k/cpu.h
+++ b/target/or1k/cpu.h
@@ -297,7 +297,7 @@ void openrisc_translate_code(CPUState *cs, TranslationBlock *tb,
 int print_insn_or1k(bfd_vma addr, disassemble_info *info);
 
 #ifndef CONFIG_USER_ONLY
-hwaddr openrisc_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr openrisc_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 
 bool openrisc_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
                            MMUAccessType access_type, int mmu_idx,
diff --git a/target/or1k/mmu.c b/target/or1k/mmu.c
index 315debaf3e..3ff288a1f9 100644
--- a/target/or1k/mmu.c
+++ b/target/or1k/mmu.c
@@ -138,7 +138,7 @@ bool openrisc_cpu_tlb_fill(CPUState *cs, vaddr addr, int size,
     cpu_loop_exit_restore(cs, retaddr);
 }
 
-hwaddr openrisc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr openrisc_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     OpenRISCCPU *cpu = OPENRISC_CPU(cs);
     int prot, excp, sr = cpu->env.sr;
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index d637a50798..24a53ee2e1 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1639,7 +1639,7 @@ void ppc_cpu_dump_state(CPUState *cpu, FILE *f, int flags);
 int ppc_cpu_gdb_read_register(CPUState *cpu, GByteArray *buf, int reg);
 int ppc_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
 #ifndef CONFIG_USER_ONLY
-hwaddr ppc_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr ppc_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 #endif
 int ppc64_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs,
                                int cpuid, DumpState *s);
diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index 191f5726f6..d25f69f13b 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -7477,7 +7477,7 @@ static void ppc_disas_set_info(const CPUState *cs, disassemble_info *info)
 
 static const struct SysemuCPUOps ppc_sysemu_ops = {
     .has_work = ppc_cpu_has_work,
-    .get_phys_page_debug = ppc_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = ppc_cpu_get_phys_addr_debug,
     .write_elf32_note = ppc32_cpu_write_elf32_note,
     .write_elf64_note = ppc64_cpu_write_elf64_note,
     .internal_is_big_endian = ppc_cpu_is_big_endian,
diff --git a/target/ppc/mmu-hash32.c b/target/ppc/mmu-hash32.c
index 8b980a5aa9..43d581cadf 100644
--- a/target/ppc/mmu-hash32.c
+++ b/target/ppc/mmu-hash32.c
@@ -131,7 +131,7 @@ static bool ppc_hash32_direct_store(PowerPCCPU *cpu, target_ulong sr,
     }
 
     /*
-     * From ppc_cpu_get_phys_page_debug, env->access_type is not set.
+     * From ppc_cpu_get_phys_addr_debug, env->access_type is not set.
      * Assume ACCESS_INT for that case.
      */
     switch (guest_visible ? env->access_type : ACCESS_INT) {
diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index a1345df716..2499e619f8 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -848,7 +848,7 @@ bool ppc_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
     }
 }
 
-hwaddr ppc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr ppc_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     PowerPCCPU *cpu = POWERPC_CPU(cs);
     hwaddr raddr;
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 8ac935ac06..e5d8592ef2 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -2717,7 +2717,7 @@ static int64_t riscv_get_arch_id(CPUState *cs)
 
 static const struct SysemuCPUOps riscv_sysemu_ops = {
     .has_work = riscv_cpu_has_work,
-    .get_phys_page_debug = riscv_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = riscv_cpu_get_phys_addr_debug,
     .write_elf64_note = riscv_cpu_write_elf64_note,
     .write_elf32_note = riscv_cpu_write_elf32_note,
     .legacy_vmsd = &vmstate_riscv_cpu,
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 35d1f6362c..111afe19d1 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -629,7 +629,7 @@ void riscv_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr,
                                      MMUAccessType access_type,
                                      int mmu_idx, MemTxAttrs attrs,
                                      MemTxResult response, uintptr_t retaddr);
-hwaddr riscv_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr riscv_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 bool riscv_cpu_exec_interrupt(CPUState *cs, int interrupt_request);
 void riscv_cpu_swap_hypervisor_regs(CPURISCVState *env);
 int riscv_cpu_claim_interrupts(RISCVCPU *cpu, uint64_t interrupts);
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 475e9cfd57..584a3928a4 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -1657,7 +1657,7 @@ static void raise_mmu_exception(CPURISCVState *env, target_ulong address,
     env->two_stage_indirect_lookup = two_stage_indirect;
 }
 
-hwaddr riscv_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr riscv_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     RISCVCPU *cpu = RISCV_CPU(cs);
     CPURISCVState *env = &cpu->env;
diff --git a/target/rx/cpu.c b/target/rx/cpu.c
index b5284199e6..20b188c24c 100644
--- a/target/rx/cpu.c
+++ b/target/rx/cpu.c
@@ -209,7 +209,7 @@ static void rx_cpu_init(Object *obj)
 
 static const struct SysemuCPUOps rx_sysemu_ops = {
     .has_work = rx_cpu_has_work,
-    .get_phys_page_debug = rx_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = rx_cpu_get_phys_addr_debug,
 };
 
 static const TCGCPUOps rx_tcg_ops = {
diff --git a/target/rx/cpu.h b/target/rx/cpu.h
index b3b1ecff5a..328521791b 100644
--- a/target/rx/cpu.h
+++ b/target/rx/cpu.h
@@ -137,7 +137,7 @@ struct RXCPUClass {
 const char *rx_crname(uint8_t cr);
 void rx_cpu_do_interrupt(CPUState *cpu);
 bool rx_cpu_exec_interrupt(CPUState *cpu, int int_req);
-hwaddr rx_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr rx_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 void rx_cpu_dump_state(CPUState *cpu, FILE *f, int flags);
 int rx_cpu_gdb_read_register(CPUState *cpu, GByteArray *buf, int reg);
 int rx_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
diff --git a/target/rx/helper.c b/target/rx/helper.c
index daaeeec1b5..0f99279bba 100644
--- a/target/rx/helper.c
+++ b/target/rx/helper.c
@@ -147,7 +147,7 @@ bool rx_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
     return false;
 }
 
-hwaddr rx_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr rx_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     return addr;
 }
diff --git a/target/s390x/cpu-system.c b/target/s390x/cpu-system.c
index c133b0c262..1bd3721d10 100644
--- a/target/s390x/cpu-system.c
+++ b/target/s390x/cpu-system.c
@@ -176,7 +176,7 @@ void s390_cpu_finalize(Object *obj)
 
 static const struct SysemuCPUOps s390_sysemu_ops = {
     .has_work = s390_cpu_has_work,
-    .get_phys_page_debug = s390_cpu_get_phys_addr_debug,
+    .get_phys_addr_debug = s390_cpu_get_phys_addr_debug,
     .get_crash_info = s390_cpu_get_crash_info,
     .write_elf64_note = s390_cpu_write_elf64_note,
     .legacy_vmsd = &vmstate_s390_cpu,
diff --git a/target/sh4/cpu.c b/target/sh4/cpu.c
index e2bde45761..40d5fde76d 100644
--- a/target/sh4/cpu.c
+++ b/target/sh4/cpu.c
@@ -278,7 +278,7 @@ static const VMStateDescription vmstate_sh_cpu = {
 
 static const struct SysemuCPUOps sh4_sysemu_ops = {
     .has_work = superh_cpu_has_work,
-    .get_phys_page_debug = superh_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = superh_cpu_get_phys_addr_debug,
 };
 #endif
 
diff --git a/target/sh4/cpu.h b/target/sh4/cpu.h
index b0759010c4..3743452190 100644
--- a/target/sh4/cpu.h
+++ b/target/sh4/cpu.h
@@ -252,7 +252,7 @@ void sh4_translate_code(CPUState *cs, TranslationBlock *tb,
                         int *max_insns, vaddr pc, void *host_pc);
 
 #if !defined(CONFIG_USER_ONLY)
-hwaddr superh_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr superh_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 bool superh_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
                          MMUAccessType access_type, int mmu_idx,
                          bool probe, uintptr_t retaddr);
diff --git a/target/sh4/helper.c b/target/sh4/helper.c
index 5d6295618f..b3ec7ce64d 100644
--- a/target/sh4/helper.c
+++ b/target/sh4/helper.c
@@ -435,7 +435,7 @@ static int get_physical_address(CPUSH4State *env, hwaddr* physical,
     return get_mmu_address(env, physical, prot, address, access_type);
 }
 
-hwaddr superh_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr superh_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     hwaddr physical;
     int prot;
diff --git a/target/sparc/cpu.c b/target/sparc/cpu.c
index 1493336e7a..d5a08928e5 100644
--- a/target/sparc/cpu.c
+++ b/target/sparc/cpu.c
@@ -997,7 +997,7 @@ static const Property sparc_cpu_properties[] = {
 
 static const struct SysemuCPUOps sparc_sysemu_ops = {
     .has_work = sparc_cpu_has_work,
-    .get_phys_page_debug = sparc_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = sparc_cpu_get_phys_addr_debug,
     .legacy_vmsd = &vmstate_sparc_cpu,
 };
 #endif
diff --git a/target/sparc/cpu.h b/target/sparc/cpu.h
index 0139732e4c..307b98b76c 100644
--- a/target/sparc/cpu.h
+++ b/target/sparc/cpu.h
@@ -580,7 +580,7 @@ struct SPARCCPUClass {
 #ifndef CONFIG_USER_ONLY
 extern const VMStateDescription vmstate_sparc_cpu;
 
-hwaddr sparc_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr sparc_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 #endif
 
 void sparc_cpu_do_interrupt(CPUState *cpu);
diff --git a/target/sparc/mmu_helper.c b/target/sparc/mmu_helper.c
index 25f8a85fae..34b212a7aa 100644
--- a/target/sparc/mmu_helper.c
+++ b/target/sparc/mmu_helper.c
@@ -902,7 +902,7 @@ hwaddr cpu_get_phys_page_nofault(CPUSPARCState *env, target_ulong addr,
 }
 #endif
 
-hwaddr sparc_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr sparc_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     CPUSPARCState *env = cpu_env(cs);
     hwaddr phys_addr;
diff --git a/target/tricore/cpu.c b/target/tricore/cpu.c
index 04319e107b..472c24ae32 100644
--- a/target/tricore/cpu.c
+++ b/target/tricore/cpu.c
@@ -176,7 +176,7 @@ static bool tricore_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
 
 static const struct SysemuCPUOps tricore_sysemu_ops = {
     .has_work = tricore_cpu_has_work,
-    .get_phys_page_debug = tricore_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = tricore_cpu_get_phys_addr_debug,
 };
 
 static const TCGCPUOps tricore_tcg_ops = {
diff --git a/target/tricore/cpu.h b/target/tricore/cpu.h
index ab46192e26..56241b491f 100644
--- a/target/tricore/cpu.h
+++ b/target/tricore/cpu.h
@@ -80,7 +80,7 @@ struct TriCoreCPUClass {
     ResettablePhases parent_phases;
 };
 
-hwaddr tricore_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr tricore_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 void tricore_cpu_dump_state(CPUState *cpu, FILE *f, int flags);
 
 FIELD(PCXI, PCPN_13, 24, 8)
diff --git a/target/tricore/helper.c b/target/tricore/helper.c
index 7ee8c7fd69..ce1693622b 100644
--- a/target/tricore/helper.c
+++ b/target/tricore/helper.c
@@ -46,7 +46,7 @@ static int get_physical_address(CPUTriCoreState *env, hwaddr *physical,
     return ret;
 }
 
-hwaddr tricore_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr tricore_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     TriCoreCPU *cpu = TRICORE_CPU(cs);
     hwaddr phys_addr;
diff --git a/target/xtensa/cpu.c b/target/xtensa/cpu.c
index eebf40559b..8a22f1a08e 100644
--- a/target/xtensa/cpu.c
+++ b/target/xtensa/cpu.c
@@ -303,7 +303,7 @@ static const VMStateDescription vmstate_xtensa_cpu = {
 
 static const struct SysemuCPUOps xtensa_sysemu_ops = {
     .has_work = xtensa_cpu_has_work,
-    .get_phys_page_debug = xtensa_cpu_get_phys_page_debug,
+    .get_phys_addr_debug = xtensa_cpu_get_phys_addr_debug,
 };
 #endif
 
diff --git a/target/xtensa/cpu.h b/target/xtensa/cpu.h
index 2219292484..546a5e76a6 100644
--- a/target/xtensa/cpu.h
+++ b/target/xtensa/cpu.h
@@ -591,7 +591,7 @@ void xtensa_cpu_do_transaction_failed(CPUState *cs, hwaddr physaddr, vaddr addr,
                                       unsigned size, MMUAccessType access_type,
                                       int mmu_idx, MemTxAttrs attrs,
                                       MemTxResult response, uintptr_t retaddr);
-hwaddr xtensa_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr xtensa_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 bool xtensa_debug_check_breakpoint(CPUState *cs);
 #endif
 void xtensa_cpu_dump_state(CPUState *cpu, FILE *f, int flags);
diff --git a/target/xtensa/mmu_helper.c b/target/xtensa/mmu_helper.c
index 71330fc84b..a126f6b671 100644
--- a/target/xtensa/mmu_helper.c
+++ b/target/xtensa/mmu_helper.c
@@ -316,7 +316,7 @@ static void xtensa_tlb_set_entry(CPUXtensaState *env, bool dtlb,
     }
 }
 
-hwaddr xtensa_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
+hwaddr xtensa_cpu_get_phys_addr_debug(CPUState *cs, vaddr addr)
 {
     XtensaCPU *cpu = XTENSA_CPU(cs);
     uint32_t paddr;
-- 
2.43.0

Re: [PATCH 08/17] target: Rename get_phys_page_debug to get_phys_addr_debug

[Philippe Mathieu-Daudé]

On 17/4/26 19:30, Peter Maydell wrote:
> Now that we have ensured that all implementations of the get_phys_page_debug
> method handle a non-page-aligned input and return the corresponding
> non-page-aligned output, the name of the method is somewhat misleading.
> Rename it to get_phys_addr_debug.
> 
> This commit was produced with the commands
> 
>   sed -i -e 's/_cpu_get_phys_page_debug/_cpu_get_phys_addr_debug/g;s/\<get_phys_page_debug\>/get_phys_addr_debug/g' $(git grep -l get_phys_page_debug)
>   sed -i -e 's/_cpu_get_phys_page_attrs_debug/_cpu_get_phys_addr_attrs_debug/g;s/\<get_phys_page_attrs_debug\>/get_phys_addr_attrs_debug/g' $(git grep -l get_phys_page_attrs_debug)
> 
> which catches all references to the method name itself plus
> the functions which each target uses as the method implementation,
> but (deliberately) not the cpu_phys_get_page_debug() and
> cpu_phys_get_page_attrs_debug() wrapper functions or their callers.
> (We'll deal with those in the next commit.)
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   hw/core/cpu-system.c             |  6 +++---
>   include/hw/core/sysemu-cpu-ops.h | 10 +++++-----
>   target/alpha/cpu.c               |  2 +-
>   target/alpha/cpu.h               |  2 +-
>   target/alpha/helper.c            |  2 +-
>   target/arm/cpu.c                 |  2 +-
>   target/arm/cpu.h                 |  2 +-
>   target/arm/ptw.c                 |  2 +-
>   target/avr/cpu.c                 |  2 +-
>   target/avr/cpu.h                 |  2 +-
>   target/avr/helper.c              |  2 +-
>   target/hppa/cpu.c                |  2 +-
>   target/hppa/cpu.h                |  2 +-
>   target/hppa/mem_helper.c         |  2 +-
>   target/i386/cpu.c                |  2 +-
>   target/i386/cpu.h                |  2 +-
>   target/i386/helper.c             |  2 +-
>   target/i386/whpx/whpx-all.c      |  2 +-
>   target/loongarch/cpu-mmu.h       |  2 +-
>   target/loongarch/cpu.c           |  2 +-
>   target/loongarch/cpu_helper.c    |  2 +-
>   target/m68k/cpu.c                |  2 +-
>   target/m68k/cpu.h                |  2 +-
>   target/m68k/helper.c             |  2 +-
>   target/microblaze/cpu.c          |  2 +-
>   target/microblaze/cpu.h          |  2 +-
>   target/microblaze/helper.c       |  2 +-
>   target/mips/cpu.c                |  2 +-
>   target/mips/internal.h           |  2 +-
>   target/mips/system/physaddr.c    |  2 +-
>   target/or1k/cpu.c                |  2 +-
>   target/or1k/cpu.h                |  2 +-
>   target/or1k/mmu.c                |  2 +-
>   target/ppc/cpu.h                 |  2 +-
>   target/ppc/cpu_init.c            |  2 +-
>   target/ppc/mmu-hash32.c          |  2 +-
>   target/ppc/mmu_common.c          |  2 +-
>   target/riscv/cpu.c               |  2 +-
>   target/riscv/cpu.h               |  2 +-
>   target/riscv/cpu_helper.c        |  2 +-
>   target/rx/cpu.c                  |  2 +-
>   target/rx/cpu.h                  |  2 +-
>   target/rx/helper.c               |  2 +-
>   target/s390x/cpu-system.c        |  2 +-
>   target/sh4/cpu.c                 |  2 +-
>   target/sh4/cpu.h                 |  2 +-
>   target/sh4/helper.c              |  2 +-
>   target/sparc/cpu.c               |  2 +-
>   target/sparc/cpu.h               |  2 +-
>   target/sparc/mmu_helper.c        |  2 +-
>   target/tricore/cpu.c             |  2 +-
>   target/tricore/cpu.h             |  2 +-
>   target/tricore/helper.c          |  2 +-
>   target/xtensa/cpu.c              |  2 +-
>   target/xtensa/cpu.h              |  2 +-
>   target/xtensa/mmu_helper.c       |  2 +-
>   56 files changed, 62 insertions(+), 62 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Re: [PATCH 08/17] target: Rename get_phys_page_debug to get_phys_addr_debug

[Richard Henderson]

On 4/18/26 03:30, Peter Maydell wrote:
> Now that we have ensured that all implementations of the get_phys_page_debug
> method handle a non-page-aligned input and return the corresponding
> non-page-aligned output, the name of the method is somewhat misleading.
> Rename it to get_phys_addr_debug.
> 
> This commit was produced with the commands
> 
>   sed -i -e 's/_cpu_get_phys_page_debug/_cpu_get_phys_addr_debug/g;s/\<get_phys_page_debug\>/get_phys_addr_debug/g' $(git grep -l get_phys_page_debug)
>   sed -i -e 's/_cpu_get_phys_page_attrs_debug/_cpu_get_phys_addr_attrs_debug/g;s/\<get_phys_page_attrs_debug\>/get_phys_addr_attrs_debug/g' $(git grep -l get_phys_page_attrs_debug)
> 
> which catches all references to the method name itself plus
> the functions which each target uses as the method implementation,
> but (deliberately) not the cpu_phys_get_page_debug() and
> cpu_phys_get_page_attrs_debug() wrapper functions or their callers.
> (We'll deal with those in the next commit.)
> 
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

[PATCH 09/17] target: Rename cpu_get_phys_page_{,attrs_}debug

[Peter Maydell]

Rename cpu_phys_page_debug() and cpu_phys_page_attrs_debug() to
cpu_phys_addr_debug() and cpu_phys_addr_attrs_debug().

Commit created with:
 sed -i -e 's/cpu_get_phys_page_debug/cpu_get_phys_addr_debug/g;s/cpu_get_phys_page_attrs_debug/cpu_get_phys_addr_attrs_debug/g' $(git grep -l cpu_get_phys_page)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/core/cpu-system.c        | 6 +++---
 hw/i386/vapic.c             | 4 ++--
 hw/xtensa/sim.c             | 2 +-
 hw/xtensa/xtfpga.c          | 2 +-
 include/hw/core/cpu.h       | 8 ++++----
 monitor/hmp-cmds.c          | 2 +-
 plugins/api.c               | 2 +-
 system/physmem.c            | 2 +-
 target/sparc/mmu_helper.c   | 6 +++---
 target/xtensa/xtensa-semi.c | 2 +-
 10 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/hw/core/cpu-system.c b/hw/core/cpu-system.c
index 93dc861083..05c126ecb6 100644
--- a/hw/core/cpu-system.c
+++ b/hw/core/cpu-system.c
@@ -55,7 +55,7 @@ bool cpu_get_memory_mapping(CPUState *cpu, MemoryMappingList *list,
     return false;
 }
 
-hwaddr cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr,
+hwaddr cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
                                      MemTxAttrs *attrs)
 {
     hwaddr paddr;
@@ -73,11 +73,11 @@ hwaddr cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr,
     return paddr;
 }
 
-hwaddr cpu_get_phys_page_debug(CPUState *cpu, vaddr addr)
+hwaddr cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr)
 {
     MemTxAttrs attrs = {};
 
-    return cpu_get_phys_page_attrs_debug(cpu, addr, &attrs);
+    return cpu_get_phys_addr_attrs_debug(cpu, addr, &attrs);
 }
 
 int cpu_asidx_from_attrs(CPUState *cpu, MemTxAttrs attrs)
diff --git a/hw/i386/vapic.c b/hw/i386/vapic.c
index 41e5ca26df..20183242a7 100644
--- a/hw/i386/vapic.c
+++ b/hw/i386/vapic.c
@@ -173,7 +173,7 @@ static int find_real_tpr_addr(VAPICROMState *s, CPUX86State *env)
      * virtual address space for the APIC mapping.
      */
     for (addr = 0xfffff000; addr >= 0x80000000; addr -= TARGET_PAGE_SIZE) {
-        paddr = cpu_get_phys_page_debug(cs, addr);
+        paddr = cpu_get_phys_addr_debug(cs, addr);
         if (paddr != APIC_DEFAULT_ADDRESS) {
             continue;
         }
@@ -305,7 +305,7 @@ static int update_rom_mapping(VAPICROMState *s, CPUX86State *env, target_ulong i
 
     /* find out virtual address of the ROM */
     rom_state_vaddr = s->rom_state_paddr + (ip & 0xf0000000);
-    paddr = cpu_get_phys_page_debug(cs, rom_state_vaddr);
+    paddr = cpu_get_phys_addr_debug(cs, rom_state_vaddr);
     if (paddr == -1) {
         return -1;
     }
diff --git a/hw/xtensa/sim.c b/hw/xtensa/sim.c
index 994460d041..32eb16442f 100644
--- a/hw/xtensa/sim.c
+++ b/hw/xtensa/sim.c
@@ -41,7 +41,7 @@ static uint64_t translate_phys_addr(void *opaque, uint64_t addr)
 {
     XtensaCPU *cpu = opaque;
 
-    return cpu_get_phys_page_debug(CPU(cpu), addr);
+    return cpu_get_phys_addr_debug(CPU(cpu), addr);
 }
 
 static void sim_reset(void *opaque)
diff --git a/hw/xtensa/xtfpga.c b/hw/xtensa/xtfpga.c
index ed24720f94..0c66dff557 100644
--- a/hw/xtensa/xtfpga.c
+++ b/hw/xtensa/xtfpga.c
@@ -192,7 +192,7 @@ static uint64_t translate_phys_addr(void *opaque, uint64_t addr)
 {
     XtensaCPU *cpu = opaque;
 
-    return cpu_get_phys_page_debug(CPU(cpu), addr);
+    return cpu_get_phys_addr_debug(CPU(cpu), addr);
 }
 
 static void xtfpga_reset(void *opaque)
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 04e1f970ca..6dedad535c 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -745,7 +745,7 @@ enum CPUDumpFlags {
 void cpu_dump_state(CPUState *cpu, FILE *f, int flags);
 
 /**
- * cpu_get_phys_page_attrs_debug:
+ * cpu_get_phys_addr_attrs_debug:
  * @cpu: The CPU to obtain the physical page address for.
  * @addr: The virtual address.
  * @attrs: Updated on return with the memory transaction attributes to use
@@ -757,11 +757,11 @@ void cpu_dump_state(CPUState *cpu, FILE *f, int flags);
  *
  * Returns: Corresponding physical page address or -1 if no page found.
  */
-hwaddr cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr,
+hwaddr cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
                                      MemTxAttrs *attrs);
 
 /**
- * cpu_get_phys_page_debug:
+ * cpu_get_phys_addr_debug:
  * @cpu: The CPU to obtain the physical page address for.
  * @addr: The virtual address.
  *
@@ -770,7 +770,7 @@ hwaddr cpu_get_phys_page_attrs_debug(CPUState *cpu, vaddr addr,
  *
  * Returns: Corresponding physical page address or -1 if no page found.
  */
-hwaddr cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 
 /** cpu_asidx_from_attrs:
  * @cpu: CPU
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
index bc26b39d70..e6d8322bcc 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -720,7 +720,7 @@ void hmp_gva2gpa(Monitor *mon, const QDict *qdict)
         return;
     }
 
-    gpa  = cpu_get_phys_page_debug(cs, addr & TARGET_PAGE_MASK);
+    gpa  = cpu_get_phys_addr_debug(cs, addr & TARGET_PAGE_MASK);
     if (gpa == -1) {
         monitor_printf(mon, "Unmapped\n");
     } else {
diff --git a/plugins/api.c b/plugins/api.c
index 0c348a789b..4b6fad4999 100644
--- a/plugins/api.c
+++ b/plugins/api.c
@@ -619,7 +619,7 @@ bool qemu_plugin_translate_vaddr(uint64_t vaddr, uint64_t *hwaddr)
 #ifdef CONFIG_SOFTMMU
     g_assert(current_cpu);
 
-    uint64_t res = cpu_get_phys_page_debug(current_cpu, vaddr);
+    uint64_t res = cpu_get_phys_addr_debug(current_cpu, vaddr);
 
     if (res == (uint64_t)-1) {
         return false;
diff --git a/system/physmem.c b/system/physmem.c
index 4e26f1a1d4..f2d9a4ff8f 100644
--- a/system/physmem.c
+++ b/system/physmem.c
@@ -4047,7 +4047,7 @@ int cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
         MemTxResult res;
 
         page = addr & TARGET_PAGE_MASK;
-        phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
+        phys_addr = cpu_get_phys_addr_attrs_debug(cpu, page, &attrs);
         asidx = cpu_asidx_from_attrs(cpu, attrs);
         /* if no physical page mapped, return an error */
         if (phys_addr == -1)
diff --git a/target/sparc/mmu_helper.c b/target/sparc/mmu_helper.c
index 34b212a7aa..e1abd520c4 100644
--- a/target/sparc/mmu_helper.c
+++ b/target/sparc/mmu_helper.c
@@ -366,20 +366,20 @@ void dump_mmu(CPUSPARCState *env)
     for (n = 0, va = 0; n < 256; n++, va += 16 * 1024 * 1024) {
         pde = mmu_probe(env, va, 2);
         if (pde) {
-            pa = cpu_get_phys_page_debug(cs, va);
+            pa = cpu_get_phys_addr_debug(cs, va);
             qemu_printf("VA: " TARGET_FMT_lx ", PA: " HWADDR_FMT_plx
                         " PDE: " TARGET_FMT_lx "\n", va, pa, pde);
             for (m = 0, va1 = va; m < 64; m++, va1 += 256 * 1024) {
                 pde = mmu_probe(env, va1, 1);
                 if (pde) {
-                    pa = cpu_get_phys_page_debug(cs, va1);
+                    pa = cpu_get_phys_addr_debug(cs, va1);
                     qemu_printf(" VA: " TARGET_FMT_lx ", PA: "
                                 HWADDR_FMT_plx " PDE: " TARGET_FMT_lx "\n",
                                 va1, pa, pde);
                     for (o = 0, va2 = va1; o < 64; o++, va2 += 4 * 1024) {
                         pde = mmu_probe(env, va2, 0);
                         if (pde) {
-                            pa = cpu_get_phys_page_debug(cs, va2);
+                            pa = cpu_get_phys_addr_debug(cs, va2);
                             qemu_printf("  VA: " TARGET_FMT_lx ", PA: "
                                         HWADDR_FMT_plx " PTE: "
                                         TARGET_FMT_lx "\n",
diff --git a/target/xtensa/xtensa-semi.c b/target/xtensa/xtensa-semi.c
index 28dfb29cbd..9a6a9c8b4e 100644
--- a/target/xtensa/xtensa-semi.c
+++ b/target/xtensa/xtensa-semi.c
@@ -215,7 +215,7 @@ void HELPER(simcall)(CPUXtensaState *env)
             uint32_t len_done = 0;
 
             while (len > 0) {
-                hwaddr paddr = cpu_get_phys_page_debug(cs, vaddr);
+                hwaddr paddr = cpu_get_phys_addr_debug(cs, vaddr);
                 uint32_t page_left =
                     TARGET_PAGE_SIZE - (vaddr & (TARGET_PAGE_SIZE - 1));
                 uint32_t io_sz = page_left < len ? page_left : len;
-- 
2.43.0

Re: [PATCH 09/17] target: Rename cpu_get_phys_page_{,attrs_}debug

[Philippe Mathieu-Daudé]

On 17/4/26 19:30, Peter Maydell wrote:
> Rename cpu_phys_page_debug() and cpu_phys_page_attrs_debug() to
> cpu_phys_addr_debug() and cpu_phys_addr_attrs_debug().
> 
> Commit created with:
>   sed -i -e 's/cpu_get_phys_page_debug/cpu_get_phys_addr_debug/g;s/cpu_get_phys_page_attrs_debug/cpu_get_phys_addr_attrs_debug/g' $(git grep -l cpu_get_phys_page)
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   hw/core/cpu-system.c        | 6 +++---
>   hw/i386/vapic.c             | 4 ++--
>   hw/xtensa/sim.c             | 2 +-
>   hw/xtensa/xtfpga.c          | 2 +-
>   include/hw/core/cpu.h       | 8 ++++----
>   monitor/hmp-cmds.c          | 2 +-
>   plugins/api.c               | 2 +-
>   system/physmem.c            | 2 +-
>   target/sparc/mmu_helper.c   | 6 +++---
>   target/xtensa/xtensa-semi.c | 2 +-
>   10 files changed, 18 insertions(+), 18 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Re: [PATCH 09/17] target: Rename cpu_get_phys_page_{,attrs_}debug

[Richard Henderson]

On 4/18/26 03:30, Peter Maydell wrote:
> Rename cpu_phys_page_debug() and cpu_phys_page_attrs_debug() to
> cpu_phys_addr_debug() and cpu_phys_addr_attrs_debug().
> 
> Commit created with:
>   sed -i -e 's/cpu_get_phys_page_debug/cpu_get_phys_addr_debug/g;s/cpu_get_phys_page_attrs_debug/cpu_get_phys_addr_attrs_debug/g' $(git grep -l cpu_get_phys_page)
> 
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
>   hw/core/cpu-system.c        | 6 +++---
>   hw/i386/vapic.c             | 4 ++--
>   hw/xtensa/sim.c             | 2 +-
>   hw/xtensa/xtfpga.c          | 2 +-
>   include/hw/core/cpu.h       | 8 ++++----
>   monitor/hmp-cmds.c          | 2 +-
>   plugins/api.c               | 2 +-
>   system/physmem.c            | 2 +-
>   target/sparc/mmu_helper.c   | 6 +++---
>   target/xtensa/xtensa-semi.c | 2 +-
>   10 files changed, 18 insertions(+), 18 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

[PATCH 10/17] hw/core: Update docs for get_phys_addr_{attrs_,}debug

[Peter Maydell]

Update the documentation for the get_phys_addr_{attrs_,}debug methods
and wrapper functions to state that they can handle non-page aligned
addresses and will return the corresponding exact physaddr for them.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 include/hw/core/cpu.h            | 16 +++++++++++-----
 include/hw/core/sysemu-cpu-ops.h |  4 ++++
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 6dedad535c..0941757c55 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -746,15 +746,18 @@ void cpu_dump_state(CPUState *cpu, FILE *f, int flags);
 
 /**
  * cpu_get_phys_addr_attrs_debug:
- * @cpu: The CPU to obtain the physical page address for.
+ * @cpu: The CPU to use for the virtual-to-physical translation
  * @addr: The virtual address.
  * @attrs: Updated on return with the memory transaction attributes to use
  *         for this access.
  *
- * Obtains the physical page corresponding to a virtual one, together
+ * Obtains the physical address corresponding to a virtual one, together
  * with the corresponding memory transaction attributes to use for the access.
  * Use it only for debugging because no protection checks are done.
  *
+ * The address need not be page-aligned; the returned address will
+ * be the physical address corresponding to that virtual address.
+ *
  * Returns: Corresponding physical page address or -1 if no page found.
  */
 hwaddr cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
@@ -762,13 +765,16 @@ hwaddr cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
 
 /**
  * cpu_get_phys_addr_debug:
- * @cpu: The CPU to obtain the physical page address for.
+ * @cpu: The CPU to use for the virtual-to-physical translation
  * @addr: The virtual address.
  *
- * Obtains the physical page corresponding to a virtual one.
+ * Obtains the physical address corresponding to a virtual one.
  * Use it only for debugging because no protection checks are done.
  *
- * Returns: Corresponding physical page address or -1 if no page found.
+ * The address need not be page-aligned; the returned address will
+ * be the physical address corresponding to that virtual address.
+ *
+ * Returns: Corresponding physical address, or -1 if no page found.
  */
 hwaddr cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 
diff --git a/include/hw/core/sysemu-cpu-ops.h b/include/hw/core/sysemu-cpu-ops.h
index a4fc330bea..a87c55d922 100644
--- a/include/hw/core/sysemu-cpu-ops.h
+++ b/include/hw/core/sysemu-cpu-ops.h
@@ -31,6 +31,8 @@ typedef struct SysemuCPUOps {
     bool (*get_paging_enabled)(const CPUState *cpu);
     /**
      * @get_phys_addr_debug: Callback for obtaining a physical address.
+     * This must be able to handle a non-page-aligned address, and will
+     * return the physical address corresponding to that address.
      */
     hwaddr (*get_phys_addr_debug)(CPUState *cpu, vaddr addr);
     /**
@@ -39,6 +41,8 @@ typedef struct SysemuCPUOps {
      *       access.
      * CPUs which use memory transaction attributes should implement this
      * instead of get_phys_addr_debug.
+     * This must be able to handle a non-page-aligned address, and will
+     * return the physical address corresponding to that address.
      */
     hwaddr (*get_phys_addr_attrs_debug)(CPUState *cpu, vaddr addr,
                                         MemTxAttrs *attrs);
-- 
2.43.0

Re: [PATCH 10/17] hw/core: Update docs for get_phys_addr_{attrs_,}debug

[Philippe Mathieu-Daudé]

On 17/4/26 19:30, Peter Maydell wrote:
> Update the documentation for the get_phys_addr_{attrs_,}debug methods
> and wrapper functions to state that they can handle non-page aligned
> addresses and will return the corresponding exact physaddr for them.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   include/hw/core/cpu.h            | 16 +++++++++++-----
>   include/hw/core/sysemu-cpu-ops.h |  4 ++++
>   2 files changed, 15 insertions(+), 5 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Re: [PATCH 10/17] hw/core: Update docs for get_phys_addr_{attrs_,}debug

[Richard Henderson]

On 4/18/26 03:30, Peter Maydell wrote:
> Update the documentation for the get_phys_addr_{attrs_,}debug methods
> and wrapper functions to state that they can handle non-page aligned
> addresses and will return the corresponding exact physaddr for them.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   include/hw/core/cpu.h            | 16 +++++++++++-----
>   include/hw/core/sysemu-cpu-ops.h |  4 ++++
>   2 files changed, 15 insertions(+), 5 deletions(-)
> 
> diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
> index 6dedad535c..0941757c55 100644
> --- a/include/hw/core/cpu.h
> +++ b/include/hw/core/cpu.h
> @@ -746,15 +746,18 @@ void cpu_dump_state(CPUState *cpu, FILE *f, int flags);
>   
>   /**
>    * cpu_get_phys_addr_attrs_debug:
> - * @cpu: The CPU to obtain the physical page address for.
> + * @cpu: The CPU to use for the virtual-to-physical translation
>    * @addr: The virtual address.
>    * @attrs: Updated on return with the memory transaction attributes to use
>    *         for this access.
>    *
> - * Obtains the physical page corresponding to a virtual one, together
> + * Obtains the physical address corresponding to a virtual one, together
>    * with the corresponding memory transaction attributes to use for the access.
>    * Use it only for debugging because no protection checks are done.
>    *
> + * The address need not be page-aligned; the returned address will
> + * be the physical address corresponding to that virtual address.
> + *
>    * Returns: Corresponding physical page address or -1 if no page found.
>    */
>   hwaddr cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
> @@ -762,13 +765,16 @@ hwaddr cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
>   
>   /**
>    * cpu_get_phys_addr_debug:
> - * @cpu: The CPU to obtain the physical page address for.
> + * @cpu: The CPU to use for the virtual-to-physical translation
>    * @addr: The virtual address.
>    *
> - * Obtains the physical page corresponding to a virtual one.
> + * Obtains the physical address corresponding to a virtual one.
>    * Use it only for debugging because no protection checks are done.
>    *
> - * Returns: Corresponding physical page address or -1 if no page found.
> + * The address need not be page-aligned; the returned address will
> + * be the physical address corresponding to that virtual address.
> + *
> + * Returns: Corresponding physical address, or -1 if no page found.

-1 was useful as an error result when any valid result must have been page aligned.  We 
now need a different method to signal failure.

I'll grant that it's *unlikely* that (hwaddr)-1 is valid, as hwaddr is uint64_t, and most 
64-bit guests only have 40 to 56-bit physical address busses, but not all.  So 64-bit 
guests are less likely to make use of the last page than 32-bit guests, but we shouldn't 
leave the API broken like this.


r~

[PATCH 11/17] target/arm: Rename arm_cpu_get_phys_page()

[Peter Maydell]

The internal helper function arm_cpu_get_phys_page() is named that
way because of its use in the get_phys_page_attrs_debug method.  Now
we've renamed the method, rename the helper to match, since it can
handle non-page-aligned addresses.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/ptw.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index f5f624c7c3..8be6f243e6 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -3922,7 +3922,7 @@ bool get_phys_addr(CPUARMState *env, vaddr address,
                              memop, result, fi);
 }
 
-static hwaddr arm_cpu_get_phys_page(CPUARMState *env, vaddr addr,
+static hwaddr arm_cpu_get_phys_addr(CPUARMState *env, vaddr addr,
                                     MemTxAttrs *attrs, ARMMMUIdx mmu_idx)
 {
     S1Translate ptw = {
@@ -3950,7 +3950,7 @@ hwaddr arm_cpu_get_phys_addr_attrs_debug(CPUState *cs, vaddr addr,
     CPUARMState *env = &cpu->env;
     ARMMMUIdx mmu_idx = arm_mmu_idx(env);
 
-    hwaddr res = arm_cpu_get_phys_page(env, addr, attrs, mmu_idx);
+    hwaddr res = arm_cpu_get_phys_addr(env, addr, attrs, mmu_idx);
 
     if (res != -1) {
         return res;
@@ -3964,10 +3964,10 @@ hwaddr arm_cpu_get_phys_addr_attrs_debug(CPUState *cs, vaddr addr,
     switch (mmu_idx) {
     case ARMMMUIdx_E10_1:
     case ARMMMUIdx_E10_1_PAN:
-        return arm_cpu_get_phys_page(env, addr, attrs, ARMMMUIdx_E10_0);
+        return arm_cpu_get_phys_addr(env, addr, attrs, ARMMMUIdx_E10_0);
     case ARMMMUIdx_E20_2:
     case ARMMMUIdx_E20_2_PAN:
-        return arm_cpu_get_phys_page(env, addr, attrs, ARMMMUIdx_E20_0);
+        return arm_cpu_get_phys_addr(env, addr, attrs, ARMMMUIdx_E20_0);
     default:
         return -1;
     }
-- 
2.43.0

Re: [PATCH 11/17] target/arm: Rename arm_cpu_get_phys_page()

[Philippe Mathieu-Daudé]

On 17/4/26 19:30, Peter Maydell wrote:
> The internal helper function arm_cpu_get_phys_page() is named that
> way because of its use in the get_phys_page_attrs_debug method.  Now
> we've renamed the method, rename the helper to match, since it can
> handle non-page-aligned addresses.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   target/arm/ptw.c | 8 ++++----
>   1 file changed, 4 insertions(+), 4 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

[PATCH 12/17] monitor: hmp_gva2gpa: Don't page-align cpu_get_phys_addr_debug() arg and return

[Peter Maydell]

In hmp_gva2gpa() we currently have a workaround for not all implementations
of get_phys_addr_debug handling non-page-aligned addresses: we round the
input address from the user down to the target page boundary before the
call and then add the page offset back to the returned value.

Now that we guarantee that all implementations will return the correct
exact physaddr for a virtual address, we can drop this handling.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 monitor/hmp-cmds.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
index e6d8322bcc..f8380bda58 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -720,12 +720,11 @@ void hmp_gva2gpa(Monitor *mon, const QDict *qdict)
         return;
     }
 
-    gpa  = cpu_get_phys_addr_debug(cs, addr & TARGET_PAGE_MASK);
+    gpa  = cpu_get_phys_addr_debug(cs, addr);
     if (gpa == -1) {
         monitor_printf(mon, "Unmapped\n");
     } else {
-        monitor_printf(mon, "gpa: 0x%" HWADDR_PRIx "\n",
-                       gpa + (addr & ~TARGET_PAGE_MASK));
+        monitor_printf(mon, "gpa: 0x%" HWADDR_PRIx "\n", gpa);
     }
 }
 
-- 
2.43.0

Re: [PATCH 12/17] monitor: hmp_gva2gpa: Don't page-align cpu_get_phys_addr_debug() arg and return

[Dr. David Alan Gilbert]

* Peter Maydell (peter.maydell@linaro.org) wrote:
> In hmp_gva2gpa() we currently have a workaround for not all implementations
> of get_phys_addr_debug handling non-page-aligned addresses: we round the
> input address from the user down to the target page boundary before the
> call and then add the page offset back to the returned value.
> 
> Now that we guarantee that all implementations will return the correct
> exact physaddr for a virtual address, we can drop this handling.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>  monitor/hmp-cmds.c | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
> index e6d8322bcc..f8380bda58 100644
> --- a/monitor/hmp-cmds.c
> +++ b/monitor/hmp-cmds.c
> @@ -720,12 +720,11 @@ void hmp_gva2gpa(Monitor *mon, const QDict *qdict)
>          return;
>      }
>  
> -    gpa  = cpu_get_phys_addr_debug(cs, addr & TARGET_PAGE_MASK);
> +    gpa  = cpu_get_phys_addr_debug(cs, addr);
>      if (gpa == -1) {
>          monitor_printf(mon, "Unmapped\n");
>      } else {
> -        monitor_printf(mon, "gpa: 0x%" HWADDR_PRIx "\n",
> -                       gpa + (addr & ~TARGET_PAGE_MASK));
> +        monitor_printf(mon, "gpa: 0x%" HWADDR_PRIx "\n", gpa);

For HMP:

Acked-by: Dr. David Alan Gilbert <dave@treblig.org>

>      }
>  }
>  
> -- 
> 2.43.0
> 
-- 
 -----Open up your eyes, open up your mind, open up your code -------   
/ Dr. David Alan Gilbert    |       Running GNU/Linux       | Happy  \ 
\        dave @ treblig.org |                               | In Hex /
 \ _________________________|_____ http://www.treblig.org   |_______/

Re: [PATCH 12/17] monitor: hmp_gva2gpa: Don't page-align cpu_get_phys_addr_debug() arg and return

[Philippe Mathieu-Daudé]

On 17/4/26 19:31, Peter Maydell wrote:
> In hmp_gva2gpa() we currently have a workaround for not all implementations
> of get_phys_addr_debug handling non-page-aligned addresses: we round the
> input address from the user down to the target page boundary before the
> call and then add the page offset back to the returned value.
> 
> Now that we guarantee that all implementations will return the correct
> exact physaddr for a virtual address, we can drop this handling.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   monitor/hmp-cmds.c | 5 ++---
>   1 file changed, 2 insertions(+), 3 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

[PATCH 13/17] plugins/api.c: Trust cpu_get_phys_addr_debug() return address

[Peter Maydell]

In qemu_plugin_translate_vaddr() we have a workaround for not all
implementations of get_phys_addr_debug returning an exact physaddr
for the input virtual address: we OR back in the page offset to the
return value.

Now that we guarantee that get_phys_addr_debug returns the exact
physaddr for the input virtual address, we can drop this workaround.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 plugins/api.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/api.c b/plugins/api.c
index 4b6fad4999..c97cc68882 100644
--- a/plugins/api.c
+++ b/plugins/api.c
@@ -625,7 +625,7 @@ bool qemu_plugin_translate_vaddr(uint64_t vaddr, uint64_t *hwaddr)
         return false;
     }
 
-    *hwaddr = res | (vaddr & ~TARGET_PAGE_MASK);
+    *hwaddr = res;
 
     return true;
 #else
-- 
2.43.0

Re: [PATCH 13/17] plugins/api.c: Trust cpu_get_phys_addr_debug() return address

[Richard Henderson]

On 4/18/26 03:31, Peter Maydell wrote:
> In qemu_plugin_translate_vaddr() we have a workaround for not all
> implementations of get_phys_addr_debug returning an exact physaddr
> for the input virtual address: we OR back in the page offset to the
> return value.
> 
> Now that we guarantee that get_phys_addr_debug returns the exact
> physaddr for the input virtual address, we can drop this workaround.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   plugins/api.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

[PATCH 14/17] hw/core: Implement new cpu_translate_for_debug()

[Peter Maydell]

In cpu_memory_rw_debug() we need to do a virtual-to-physical address
translation for debug access.  Currently we assume that the
translation is valid for an entire guest page, but this may not be
true if the target implements some protection regions that have
sub-page granularity. (Currently the only such target is the Arm
CPUs when using an MPU, as in R-profile and M-profile.)

For TCG's emulated accesses, we handle sub-page granularity by the
CPU filling in the lg_page_size field of the CPUTLBEntryFull struct
to tell us how large the region covered by the result is.  But we
didn't extend this to the debug-access code path, with the result
that debug accesses might incorrectly fail because they are looking
at the mapping for the address rounded down to a page boundary.

Provide a cpu_translate_for_debug() function which reports to the
caller not just the physical address and attributes of the
translation but also the lg_page_size for which it is valid.  The
fallback implementation calls cpu_get_phys_addr_attrs_debug() and
assumes target-page-sized validity.

NB: the "return true on valid access, false on failure" follows
the same convention as TCGCPUOps::tlb_fill_align() (though it
is the opposite of what we use in some other places, e.g.
in target/arm's get_phys_addr_* functions).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/core/cpu-system.c             | 32 ++++++++++++++++++++++++++++++++
 include/hw/core/cpu.h            | 32 ++++++++++++++++++++++++++++++++
 include/hw/core/sysemu-cpu-ops.h | 27 +++++++++++++++++++++++++--
 3 files changed, 89 insertions(+), 2 deletions(-)

diff --git a/hw/core/cpu-system.c b/hw/core/cpu-system.c
index 05c126ecb6..cab65d549a 100644
--- a/hw/core/cpu-system.c
+++ b/hw/core/cpu-system.c
@@ -22,6 +22,7 @@
 #include "qapi/error.h"
 #include "system/address-spaces.h"
 #include "exec/cputlb.h"
+#include "exec/target_page.h"
 #include "system/memory.h"
 #include "qemu/target-info.h"
 #include "hw/core/qdev.h"
@@ -55,6 +56,37 @@ bool cpu_get_memory_mapping(CPUState *cpu, MemoryMappingList *list,
     return false;
 }
 
+bool cpu_translate_for_debug(CPUState *cpu, vaddr addr,
+                             TranslateForDebugResult *result)
+{
+    if (cpu->cc->sysemu_ops->translate_for_debug) {
+        return cpu->cc->sysemu_ops->translate_for_debug(cpu, addr, result);
+    } else {
+        /* Fallbacks for CPUs which don't implement translate_for_debug */
+        if (cpu->cc->sysemu_ops->get_phys_addr_attrs_debug) {
+            result->physaddr =
+                cpu->cc->sysemu_ops->get_phys_addr_attrs_debug(cpu, addr,
+                                                               &result->attrs);
+        } else {
+            result->physaddr
+                = cpu->cc->sysemu_ops->get_phys_addr_debug(cpu, addr);
+            result->attrs = MEMTXATTRS_UNSPECIFIED;
+        }
+        if (result->physaddr == -1) {
+            return false;
+        }
+        /* Indicate that this is a debug access. */
+        result->attrs.debug = 1;
+        /*
+         * Assume memory access permissions are valid for the whole page.
+         * Targets where this isn't true should implement the
+         * translate_for_debug method.
+         */
+        result->lg_page_size = TARGET_PAGE_SIZE;
+        return true;
+    }
+}
+
 hwaddr cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
                                      MemTxAttrs *attrs)
 {
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 0941757c55..084d691e6c 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -778,6 +778,38 @@ hwaddr cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
  */
 hwaddr cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
 
+/**
+ * TranslateForDebugResult: gives result of cpu_translate_for_debug()
+ *
+ * @physaddr: the physical address corresponding to the virtual address
+ * @attrs: the transaction attributes for this access
+ * @lg_page_size: log2 of the size of the aligned block of memory
+ * that this physaddr and attrs are valid for.
+ */
+typedef struct TranslateForDebugResult {
+    hwaddr physaddr;
+    MemTxAttrs attrs;
+    uint8_t lg_page_size;
+} TranslateForDebugResult;
+
+/**
+ * cpu_translate_for_debug:
+ * @cpu: The CPU use for the virtual-to-physical translation
+ * @addr: The virtual address
+ * @result: Struct filled in with results of translation
+ *
+ * Perform a virtual-to-physical address translation for debug accesses.
+ * Use it only for debugging because no protection checks are done.
+ *
+ * The address need not be page-aligned; the returned address in @result
+ * will be the physical address corresponding to that virtual address.
+ *
+ * Returns: false on translation failure; true on successful translation
+ * and fills in the fields of @result.
+ */
+bool cpu_translate_for_debug(CPUState *cpu, vaddr addr,
+                             TranslateForDebugResult *result);
+
 /** cpu_asidx_from_attrs:
  * @cpu: CPU
  * @attrs: memory transaction attributes
diff --git a/include/hw/core/sysemu-cpu-ops.h b/include/hw/core/sysemu-cpu-ops.h
index a87c55d922..8625ebb564 100644
--- a/include/hw/core/sysemu-cpu-ops.h
+++ b/include/hw/core/sysemu-cpu-ops.h
@@ -33,19 +33,42 @@ typedef struct SysemuCPUOps {
      * @get_phys_addr_debug: Callback for obtaining a physical address.
      * This must be able to handle a non-page-aligned address, and will
      * return the physical address corresponding to that address.
+     *
+     * CPUs should prefer to implement translate_for_debug instead of
+     * this (and must do so if their translations are not always valid
+     * for a complete target page or they use memory attributes).
      */
     hwaddr (*get_phys_addr_debug)(CPUState *cpu, vaddr addr);
     /**
      * @get_phys_addr_attrs_debug: Callback for obtaining a physical address
      *       and the associated memory transaction attributes to use for the
      *       access.
-     * CPUs which use memory transaction attributes should implement this
-     * instead of get_phys_addr_debug.
+     *
      * This must be able to handle a non-page-aligned address, and will
      * return the physical address corresponding to that address.
+     *
+     * CPUs should prefer to implement translate_for_debug instead of
+     * this (and must do so if their translations are not always valid
+     * for a complete target page).
      */
     hwaddr (*get_phys_addr_attrs_debug)(CPUState *cpu, vaddr addr,
                                         MemTxAttrs *attrs);
+    /**
+     * @translate_for_debug: Callback for translating a virtual address into
+     * a physical address for debug purposes.
+     * The implementation should fill in @result with the physical address,
+     * transaction attributes, and log2 of the size of the aligned block of
+     * memory that the translation is valid for.
+     * This must be able to handle a non-page-aligned address, and will
+     * return the physical address corresponding to that address.
+     * The attributes must include the debug flag being set.
+     * Returns false on translation failure; on success returns true and
+     * fills in @result.
+     *
+     * This is the preferred method to implement for new CPUs.
+     */
+    bool (*translate_for_debug)(CPUState *cpu, vaddr addr,
+                                TranslateForDebugResult *result);
     /**
      * @asidx_from_attrs: Callback to return the CPU AddressSpace to use for
      *       a memory access with the specified memory transaction attributes.
-- 
2.43.0

Re: [PATCH 14/17] hw/core: Implement new cpu_translate_for_debug()

[Philippe Mathieu-Daudé]

On 17/4/26 19:31, Peter Maydell wrote:
> In cpu_memory_rw_debug() we need to do a virtual-to-physical address
> translation for debug access.  Currently we assume that the
> translation is valid for an entire guest page, but this may not be
> true if the target implements some protection regions that have
> sub-page granularity. (Currently the only such target is the Arm
> CPUs when using an MPU, as in R-profile and M-profile.)
> 
> For TCG's emulated accesses, we handle sub-page granularity by the
> CPU filling in the lg_page_size field of the CPUTLBEntryFull struct
> to tell us how large the region covered by the result is.  But we
> didn't extend this to the debug-access code path, with the result
> that debug accesses might incorrectly fail because they are looking
> at the mapping for the address rounded down to a page boundary.
> 
> Provide a cpu_translate_for_debug() function which reports to the
> caller not just the physical address and attributes of the
> translation but also the lg_page_size for which it is valid.  The
> fallback implementation calls cpu_get_phys_addr_attrs_debug() and
> assumes target-page-sized validity.
> 
> NB: the "return true on valid access, false on failure" follows
> the same convention as TCGCPUOps::tlb_fill_align() (though it
> is the opposite of what we use in some other places, e.g.
> in target/arm's get_phys_addr_* functions).
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   hw/core/cpu-system.c             | 32 ++++++++++++++++++++++++++++++++
>   include/hw/core/cpu.h            | 32 ++++++++++++++++++++++++++++++++
>   include/hw/core/sysemu-cpu-ops.h | 27 +++++++++++++++++++++++++--
>   3 files changed, 89 insertions(+), 2 deletions(-)


> +    /**
> +     * @translate_for_debug: Callback for translating a virtual address into
> +     * a physical address for debug purposes.
> +     * The implementation should fill in @result with the physical address,
> +     * transaction attributes, and log2 of the size of the aligned block of
> +     * memory that the translation is valid for.
> +     * This must be able to handle a non-page-aligned address, and will
> +     * return the physical address corresponding to that address.
> +     * The attributes must include the debug flag being set.
> +     * Returns false on translation failure; on success returns true and
> +     * fills in @result.
> +     *
> +     * This is the preferred method to implement for new CPUs.
> +     */
> +    bool (*translate_for_debug)(CPUState *cpu, vaddr addr,
> +                                TranslateForDebugResult *result);

Since this call shouldn't modify the internal CPU state, could
we use 'const CPUState *cpu'? Maybe not possible due to callees
still taking non-const. Regardless:

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Re: [PATCH 14/17] hw/core: Implement new cpu_translate_for_debug()

[Richard Henderson]

On 4/18/26 03:31, Peter Maydell wrote:
> In cpu_memory_rw_debug() we need to do a virtual-to-physical address
> translation for debug access.  Currently we assume that the
> translation is valid for an entire guest page, but this may not be
> true if the target implements some protection regions that have
> sub-page granularity. (Currently the only such target is the Arm
> CPUs when using an MPU, as in R-profile and M-profile.)

RISC-V has sub-page granularity via Physical Memory Protection (target/riscv/pmp.c).

> +bool cpu_translate_for_debug(CPUState *cpu, vaddr addr,
> +                             TranslateForDebugResult *result)

Whee!  Thanks for the new API to address my comment vs patch 10.

> +{
> +    if (cpu->cc->sysemu_ops->translate_for_debug) {
> +        return cpu->cc->sysemu_ops->translate_for_debug(cpu, addr, result);
> +    } else {
> +        /* Fallbacks for CPUs which don't implement translate_for_debug */
> +        if (cpu->cc->sysemu_ops->get_phys_addr_attrs_debug) {
> +            result->physaddr =
> +                cpu->cc->sysemu_ops->get_phys_addr_attrs_debug(cpu, addr,
> +                                                               &result->attrs);
> +        } else {
> +            result->physaddr
> +                = cpu->cc->sysemu_ops->get_phys_addr_debug(cpu, addr);
> +            result->attrs = MEMTXATTRS_UNSPECIFIED;
> +        }

We should really make a point of getting rid of the fallbacks.

Would it be less churn to drop the get_phys_page_debug to get_phys_addr_debug rename, and 
OR in the page offset here?  That plugs the -1 ambiguity in the short term.

I realize that microblaze must be converted to the new hook, because of its tlb oddity.

With arm and microblaze converted, only x86 still has get_phys_page_attrs_debug, so that's 
an easy hook to eliminate.  We can be slower about converting the others if you prefer.


> +        if (result->physaddr == -1) {
> +            return false;
> +        }
> +        /* Indicate that this is a debug access. */
> +        result->attrs.debug = 1;

Does MEMTXATTRS_UNSPECIFIED.debug make sense?

> +        /*
> +         * Assume memory access permissions are valid for the whole page.
> +         * Targets where this isn't true should implement the
> +         * translate_for_debug method.
> +         */
> +        result->lg_page_size = TARGET_PAGE_SIZE;

TARGET_PAGE_BITS.


r~

Re: [PATCH 14/17] hw/core: Implement new cpu_translate_for_debug()

[Peter Maydell]

On Thu, 23 Apr 2026 at 04:06, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> On 4/18/26 03:31, Peter Maydell wrote:
> > In cpu_memory_rw_debug() we need to do a virtual-to-physical address
> > translation for debug access.  Currently we assume that the
> > translation is valid for an entire guest page, but this may not be
> > true if the target implements some protection regions that have
> > sub-page granularity. (Currently the only such target is the Arm
> > CPUs when using an MPU, as in R-profile and M-profile.)
>
> RISC-V has sub-page granularity via Physical Memory Protection (target/riscv/pmp.c).

If it does, it isn't implementing it properly, because nothing
in target/riscv sets CPUTLBEntryFull::lg_page_size as far as
I can see.

> > +bool cpu_translate_for_debug(CPUState *cpu, vaddr addr,
> > +                             TranslateForDebugResult *result)
>
> Whee!  Thanks for the new API to address my comment vs patch 10.
>
> > +{
> > +    if (cpu->cc->sysemu_ops->translate_for_debug) {
> > +        return cpu->cc->sysemu_ops->translate_for_debug(cpu, addr, result);
> > +    } else {
> > +        /* Fallbacks for CPUs which don't implement translate_for_debug */
> > +        if (cpu->cc->sysemu_ops->get_phys_addr_attrs_debug) {
> > +            result->physaddr =
> > +                cpu->cc->sysemu_ops->get_phys_addr_attrs_debug(cpu, addr,
> > +                                                               &result->attrs);
> > +        } else {
> > +            result->physaddr
> > +                = cpu->cc->sysemu_ops->get_phys_addr_debug(cpu, addr);
> > +            result->attrs = MEMTXATTRS_UNSPECIFIED;
> > +        }
>
> We should really make a point of getting rid of the fallbacks.

Yeah; as I mention in the cover letter I think that would
be a good idea, but I wanted feedback on this API before I
went to the effort of converting other targets to it.

> Would it be less churn to drop the get_phys_page_debug to get_phys_addr_debug rename, and
> OR in the page offset here?  That plugs the -1 ambiguity in the short term.

My preference I think would be to take this series basically
as-is (as you say, -1 isn't actually a valid address for
our current targets) and then update things to use this new API.
A corner-case problem with the old API is less important if we
are going to get rid of it / limit it to targets where we
know -1 isn't valid.

> I realize that microblaze must be converted to the new hook, because of its tlb oddity.
>
> With arm and microblaze converted, only x86 still has get_phys_page_attrs_debug, so that's
> an easy hook to eliminate.  We can be slower about converting the others if you prefer.
>
>
> > +        if (result->physaddr == -1) {
> > +            return false;
> > +        }
> > +        /* Indicate that this is a debug access. */
> > +        result->attrs.debug = 1;
>
> Does MEMTXATTRS_UNSPECIFIED.debug make sense?

It's what cpu_get_phys_page_attrs_debug() already does for the
"CPU only has get_phys_page_debug()" hook; this is just inlining
that existing code so I don't call cpu_get_phys_page_attrs_debug()
directly. It's a bit odd but really the only thing that we use
the .unspecified field for is that the IOMMUs check it to see if
they can look at attrs.requester_id etc. Debug accesses are not
going to be going through an IOMMU.

> > +        /*
> > +         * Assume memory access permissions are valid for the whole page.
> > +         * Targets where this isn't true should implement the
> > +         * translate_for_debug method.
> > +         */
> > +        result->lg_page_size = TARGET_PAGE_SIZE;
>
> TARGET_PAGE_BITS.

Whoops.

-- PMM

[PATCH 15/17] hw/core: Implement cpu_get_phys_addr_attrs_debug() with cpu_translate_for_debug()

[Peter Maydell]

Implement cpu_get_phys_addr_attrs_debug() with
cpu_translate_for_debug(), so that CPUs can implement only the
translate_for_debug method and have all of the wrapper functions
cpu_translate_for_debug(), cpu_get_phys_addr_attrs_debug() and
cpu_get_phys_addr_debug() work.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/core/cpu-system.c | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/hw/core/cpu-system.c b/hw/core/cpu-system.c
index cab65d549a..be5cb48126 100644
--- a/hw/core/cpu-system.c
+++ b/hw/core/cpu-system.c
@@ -90,19 +90,14 @@ bool cpu_translate_for_debug(CPUState *cpu, vaddr addr,
 hwaddr cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
                                      MemTxAttrs *attrs)
 {
-    hwaddr paddr;
+    TranslateForDebugResult result;
 
-    if (cpu->cc->sysemu_ops->get_phys_addr_attrs_debug) {
-        paddr = cpu->cc->sysemu_ops->get_phys_addr_attrs_debug(cpu, addr,
-                                                               attrs);
-    } else {
-        /* Fallback for CPUs which don't implement the _attrs_ hook */
-        *attrs = MEMTXATTRS_UNSPECIFIED;
-        paddr = cpu->cc->sysemu_ops->get_phys_addr_debug(cpu, addr);
+    if (!cpu_translate_for_debug(cpu, addr, &result)) {
+        return -1;
     }
-    /* Indicate that this is a debug access. */
-    attrs->debug = 1;
-    return paddr;
+
+    *attrs = result.attrs;
+    return result.physaddr;
 }
 
 hwaddr cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr)
-- 
2.43.0

Re: [PATCH 15/17] hw/core: Implement cpu_get_phys_addr_attrs_debug() with cpu_translate_for_debug()

[Richard Henderson]

On 4/18/26 03:31, Peter Maydell wrote:
> Implement cpu_get_phys_addr_attrs_debug() with
> cpu_translate_for_debug(), so that CPUs can implement only the
> translate_for_debug method and have all of the wrapper functions
> cpu_translate_for_debug(), cpu_get_phys_addr_attrs_debug() and
> cpu_get_phys_addr_debug() work.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   hw/core/cpu-system.c | 17 ++++++-----------
>   1 file changed, 6 insertions(+), 11 deletions(-)
> 
> diff --git a/hw/core/cpu-system.c b/hw/core/cpu-system.c
> index cab65d549a..be5cb48126 100644
> --- a/hw/core/cpu-system.c
> +++ b/hw/core/cpu-system.c
> @@ -90,19 +90,14 @@ bool cpu_translate_for_debug(CPUState *cpu, vaddr addr,
>   hwaddr cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
>                                        MemTxAttrs *attrs)
>   {
> -    hwaddr paddr;
> +    TranslateForDebugResult result;
>   
> -    if (cpu->cc->sysemu_ops->get_phys_addr_attrs_debug) {
> -        paddr = cpu->cc->sysemu_ops->get_phys_addr_attrs_debug(cpu, addr,
> -                                                               attrs);
> -    } else {
> -        /* Fallback for CPUs which don't implement the _attrs_ hook */
> -        *attrs = MEMTXATTRS_UNSPECIFIED;
> -        paddr = cpu->cc->sysemu_ops->get_phys_addr_debug(cpu, addr);
> +    if (!cpu_translate_for_debug(cpu, addr, &result)) {
> +        return -1;
>       }
> -    /* Indicate that this is a debug access. */
> -    attrs->debug = 1;
> -    return paddr;
> +
> +    *attrs = result.attrs;
> +    return result.physaddr;
>   }
>   
>   hwaddr cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr)

As far as it goes,

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

But I'll note there's exactly one user in system/physmem.c, so it'd be better to drop this 
function entirely.


r~

Re: [PATCH 15/17] hw/core: Implement cpu_get_phys_addr_attrs_debug() with cpu_translate_for_debug()

[Peter Maydell]

On Thu, 23 Apr 2026 at 04:09, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> On 4/18/26 03:31, Peter Maydell wrote:
> > Implement cpu_get_phys_addr_attrs_debug() with
> > cpu_translate_for_debug(), so that CPUs can implement only the
> > translate_for_debug method and have all of the wrapper functions
> > cpu_translate_for_debug(), cpu_get_phys_addr_attrs_debug() and
> > cpu_get_phys_addr_debug() work.
> >
> > Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> > ---
> >   hw/core/cpu-system.c | 17 ++++++-----------
> >   1 file changed, 6 insertions(+), 11 deletions(-)
> >
> > diff --git a/hw/core/cpu-system.c b/hw/core/cpu-system.c
> > index cab65d549a..be5cb48126 100644
> > --- a/hw/core/cpu-system.c
> > +++ b/hw/core/cpu-system.c
> > @@ -90,19 +90,14 @@ bool cpu_translate_for_debug(CPUState *cpu, vaddr addr,
> >   hwaddr cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
> >                                        MemTxAttrs *attrs)
> >   {
> > -    hwaddr paddr;
> > +    TranslateForDebugResult result;
> >
> > -    if (cpu->cc->sysemu_ops->get_phys_addr_attrs_debug) {
> > -        paddr = cpu->cc->sysemu_ops->get_phys_addr_attrs_debug(cpu, addr,
> > -                                                               attrs);
> > -    } else {
> > -        /* Fallback for CPUs which don't implement the _attrs_ hook */
> > -        *attrs = MEMTXATTRS_UNSPECIFIED;
> > -        paddr = cpu->cc->sysemu_ops->get_phys_addr_debug(cpu, addr);
> > +    if (!cpu_translate_for_debug(cpu, addr, &result)) {
> > +        return -1;
> >       }
> > -    /* Indicate that this is a debug access. */
> > -    attrs->debug = 1;
> > -    return paddr;
> > +
> > +    *attrs = result.attrs;
> > +    return result.physaddr;
> >   }
> >
> >   hwaddr cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr)
>
> As far as it goes,
>
> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
>
> But I'll note there's exactly one user in system/physmem.c, so it'd be better to drop this
> function entirely.

Yes; I note this in the cover letter :-)

-- PMM

[PATCH 16/17] target/arm: Implement translate_for_debug

[Peter Maydell]

Implement the translate_for_debug method instead of the
get_phys_addr_attrs_debug one.  This allows us to pass the caller the
lg_page_size from our internal GetPhysAddrResult struct.

Awkwardly, translate_for_debug's "true on success" convention
is the opposite of the one we use internally in ptw.c, so
we have to be careful about the sense of the return values.
This corresponds to the way that arm_cpu_tlb_fill_align()
also has to return true when get_phys_addr() returns false.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.c       |  2 +-
 target/arm/cpu.h       |  3 ---
 target/arm/internals.h |  4 ++++
 target/arm/ptw.c       | 37 ++++++++++++++++++++++---------------
 4 files changed, 27 insertions(+), 19 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index f28c74a94b..c014375cb7 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -2295,7 +2295,7 @@ static vaddr aarch64_untagged_addr(CPUState *cs, vaddr x)
 
 static const struct SysemuCPUOps arm_sysemu_ops = {
     .has_work = arm_cpu_has_work,
-    .get_phys_addr_attrs_debug = arm_cpu_get_phys_addr_attrs_debug,
+    .translate_for_debug = arm_cpu_translate_for_debug,
     .asidx_from_attrs = arm_asidx_from_attrs,
     .write_elf32_note = arm_cpu_write_elf32_note,
     .write_elf64_note = arm_cpu_write_elf64_note,
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 917e4668da..ea3c65ba1a 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1231,9 +1231,6 @@ extern const VMStateDescription vmstate_arm_cpu;
 void arm_cpu_do_interrupt(CPUState *cpu);
 void arm_v7m_cpu_do_interrupt(CPUState *cpu);
 
-hwaddr arm_cpu_get_phys_addr_attrs_debug(CPUState *cpu, vaddr addr,
-                                         MemTxAttrs *attrs);
-
 typedef struct ARMGranuleProtectionConfig {
     /* GPCCR_EL3 */
     uint64_t gpccr;
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 85980f0e69..5527c004db 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1532,6 +1532,10 @@ bool pmsav8_mpu_lookup(CPUARMState *env, uint32_t address,
 
 void arm_log_exception(CPUState *cs);
 
+/* Implementation of SysemuCPUOps::translate_for_debug */
+bool arm_cpu_translate_for_debug(CPUState *cs, vaddr addr,
+                                 TranslateForDebugResult *result);
+
 #endif /* !CONFIG_USER_ONLY */
 
 /*
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index 8be6f243e6..ae4089a14c 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -3922,8 +3922,9 @@ bool get_phys_addr(CPUARMState *env, vaddr address,
                              memop, result, fi);
 }
 
-static hwaddr arm_cpu_get_phys_addr(CPUARMState *env, vaddr addr,
-                                    MemTxAttrs *attrs, ARMMMUIdx mmu_idx)
+static bool arm_cpu_get_phys_addr(CPUARMState *env, vaddr addr,
+                                  TranslateForDebugResult *result,
+                                  ARMMMUIdx mmu_idx)
 {
     S1Translate ptw = {
         .in_mmu_idx = mmu_idx,
@@ -3935,25 +3936,30 @@ static hwaddr arm_cpu_get_phys_addr(CPUARMState *env, vaddr addr,
     GetPhysAddrResult res = {};
     ARMMMUFaultInfo fi = {};
     bool ret = get_phys_addr_gpc(env, &ptw, addr, MMU_DATA_LOAD, 0, &res, &fi);
-    *attrs = res.f.attrs;
 
-    if (ret) {
-        return -1;
+    if (!ret) {
+        /* translation succeeded */
+        result->physaddr = res.f.phys_addr;
+        result->attrs = res.f.attrs;
+        result->lg_page_size = res.f.lg_page_size;
     }
-    return res.f.phys_addr;
+    return ret;
 }
 
-hwaddr arm_cpu_get_phys_addr_attrs_debug(CPUState *cs, vaddr addr,
-                                         MemTxAttrs *attrs)
+bool arm_cpu_translate_for_debug(CPUState *cs, vaddr addr,
+                                 TranslateForDebugResult *result)
 {
     ARMCPU *cpu = ARM_CPU(cs);
     CPUARMState *env = &cpu->env;
     ARMMMUIdx mmu_idx = arm_mmu_idx(env);
 
-    hwaddr res = arm_cpu_get_phys_addr(env, addr, attrs, mmu_idx);
-
-    if (res != -1) {
-        return res;
+    /*
+     * Note that this function returns true on translation success,
+     * but arm_cpu_get_phys_addr() and all the other get_phys_addr
+     * style functions in this file return true on failure.
+     */
+    if (!arm_cpu_get_phys_addr(env, addr, result, mmu_idx)) {
+        return true;
     }
 
     /*
@@ -3964,11 +3970,12 @@ hwaddr arm_cpu_get_phys_addr_attrs_debug(CPUState *cs, vaddr addr,
     switch (mmu_idx) {
     case ARMMMUIdx_E10_1:
     case ARMMMUIdx_E10_1_PAN:
-        return arm_cpu_get_phys_addr(env, addr, attrs, ARMMMUIdx_E10_0);
+        return !arm_cpu_get_phys_addr(env, addr, result, ARMMMUIdx_E10_0);
     case ARMMMUIdx_E20_2:
     case ARMMMUIdx_E20_2_PAN:
-        return arm_cpu_get_phys_addr(env, addr, attrs, ARMMMUIdx_E20_0);
+        return !arm_cpu_get_phys_addr(env, addr, result, ARMMMUIdx_E20_0);
     default:
-        return -1;
+        /* translation failed */
+        return false;
     }
 }
-- 
2.43.0

Re: [PATCH 16/17] target/arm: Implement translate_for_debug

[Philippe Mathieu-Daudé]

On 17/4/26 19:31, Peter Maydell wrote:
> Implement the translate_for_debug method instead of the
> get_phys_addr_attrs_debug one.  This allows us to pass the caller the
> lg_page_size from our internal GetPhysAddrResult struct.
> 
> Awkwardly, translate_for_debug's "true on success" convention
> is the opposite of the one we use internally in ptw.c, so
> we have to be careful about the sense of the return values.
> This corresponds to the way that arm_cpu_tlb_fill_align()
> also has to return true when get_phys_addr() returns false.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   target/arm/cpu.c       |  2 +-
>   target/arm/cpu.h       |  3 ---
>   target/arm/internals.h |  4 ++++
>   target/arm/ptw.c       | 37 ++++++++++++++++++++++---------------
>   4 files changed, 27 insertions(+), 19 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Re: [PATCH 16/17] target/arm: Implement translate_for_debug

[Richard Henderson]

On 4/18/26 03:31, Peter Maydell wrote:
> @@ -3935,25 +3936,30 @@ static hwaddr arm_cpu_get_phys_addr(CPUARMState *env, vaddr addr,
>       GetPhysAddrResult res = {};
>       ARMMMUFaultInfo fi = {};
>       bool ret = get_phys_addr_gpc(env, &ptw, addr, MMU_DATA_LOAD, 0, &res, &fi);
> -    *attrs = res.f.attrs;
>   
> -    if (ret) {
> -        return -1;
> +    if (!ret) {
> +        /* translation succeeded */
> +        result->physaddr = res.f.phys_addr;
> +        result->attrs = res.f.attrs;
> +        result->lg_page_size = res.f.lg_page_size;
>       }
> -    return res.f.phys_addr;
> +    return ret;
>   }

Inverted return value.
This would be obvious with s/ret/fault/.


r~

Re: [PATCH 16/17] target/arm: Implement translate_for_debug

[Peter Maydell]

On Thu, 23 Apr 2026 at 04:12, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> On 4/18/26 03:31, Peter Maydell wrote:
> > @@ -3935,25 +3936,30 @@ static hwaddr arm_cpu_get_phys_addr(CPUARMState *env, vaddr addr,
> >       GetPhysAddrResult res = {};
> >       ARMMMUFaultInfo fi = {};
> >       bool ret = get_phys_addr_gpc(env, &ptw, addr, MMU_DATA_LOAD, 0, &res, &fi);
> > -    *attrs = res.f.attrs;
> >
> > -    if (ret) {
> > -        return -1;
> > +    if (!ret) {
> > +        /* translation succeeded */
> > +        result->physaddr = res.f.phys_addr;
> > +        result->attrs = res.f.attrs;
> > +        result->lg_page_size = res.f.lg_page_size;
> >       }
> > -    return res.f.phys_addr;
> > +    return ret;
> >   }
>
> Inverted return value.
> This would be obvious with s/ret/fault/.

This function returns true on fault, matching the other
get_phys_addr functions in this file, so "return ret" is
what I intended here.

arm_cpu_translate_for_debug() returns true on success, which
is the opposite convention, so it does:

     if (!arm_cpu_get_phys_addr(env, addr, result, mmu_idx)) {
         return true;
     }
so as to return true if arm_cpu_get_phys_addr returns false
(the successful-translation case).

I agree that this is confusing, but that's why I put the comments
in and the commit message. I had a choice of making the
translate_for_debug() function follow the existing
tlb_fill_align() convention or the one we use here in ptw.c,
and I picked the former. That leaves us having to do a
flip-the-sense-of-the-boolean somewhere, unless we want to
redo all of ptw.c to use true-for-success instead.

-- PMM

[PATCH 17/17] system/physmem: Use translate_for_debug() in cpu_memory_rw_debug()

[Peter Maydell]

Currently cpu_memory_rw_debug() assumes page-granularity for translations,
and it works in a loop where each iteration translates for the vaddr
rounded down to a page boundary and then copies up to the end of the
page boundary.

Rewrite it to use the new cpu_translate_for_debug(): we no longer want
to round down the input address, and the boundary we copy up to is now
determined by the lg_page_size it returns rather than being assumed
to be page-sized.

This, together with the implementation of translate_for_debug for
Arm targets, fixes the bug where semihosting would incorrectly
fail to access parameter blocks that were in memory where the
start of the 4K region they were in was inaccessible due to MPU
region settings, even if the parameter block itself was readable.

Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3292
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 system/physmem.c | 38 ++++++++++++++++++++++++--------------
 1 file changed, 24 insertions(+), 14 deletions(-)

diff --git a/system/physmem.c b/system/physmem.c
index f2d9a4ff8f..45c3a926cf 100644
--- a/system/physmem.c
+++ b/system/physmem.c
@@ -4036,28 +4036,38 @@ address_space_write_cached_slow(MemoryRegionCache *cache, hwaddr addr,
 int cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
                         void *ptr, size_t len, bool is_write)
 {
-    hwaddr phys_addr;
-    vaddr l, page;
     uint8_t *buf = ptr;
 
     cpu_synchronize_state(cpu);
     while (len > 0) {
         int asidx;
-        MemTxAttrs attrs;
+        TranslateForDebugResult tres;
         MemTxResult res;
+        hwaddr blk_base, blk_size, l;
 
-        page = addr & TARGET_PAGE_MASK;
-        phys_addr = cpu_get_phys_addr_attrs_debug(cpu, page, &attrs);
-        asidx = cpu_asidx_from_attrs(cpu, attrs);
-        /* if no physical page mapped, return an error */
-        if (phys_addr == -1)
+        if (!cpu_translate_for_debug(cpu, addr, &tres)) {
+            /* Return error if no physical page mapped */
             return -1;
-        l = (page + TARGET_PAGE_SIZE) - addr;
-        if (l > len)
-            l = len;
-        phys_addr += (addr & ~TARGET_PAGE_MASK);
-        res = address_space_rw(cpu->cpu_ases[asidx].as, phys_addr, attrs, buf,
-                               l, is_write);
+        }
+        asidx = cpu_asidx_from_attrs(cpu, tres.attrs);
+        /*
+         * Clamp the amount we read to not go beyond a page even if
+         * the CPU returned a larger lg_page_size, in case this access
+         * is to a memory-mapped IO region.
+         */
+        tres.lg_page_size = MIN(tres.lg_page_size, TARGET_PAGE_BITS);
+        /*
+         * Find the length in bytes from tres.physaddr to the end of the
+         * block whose size is 1 << tres.lg_page_size; we will access
+         * that much in one go.
+         */
+        blk_size = 1ULL << tres.lg_page_size;
+        blk_base = ROUND_DOWN(tres.physaddr, blk_size);
+        l = blk_base + blk_size - tres.physaddr;
+        l = MIN(l, len);
+
+        res = address_space_rw(cpu->cpu_ases[asidx].as, tres.physaddr,
+                               tres.attrs, buf, l, is_write);
         if (res != MEMTX_OK) {
             return -1;
         }
-- 
2.43.0

Re: [PATCH 17/17] system/physmem: Use translate_for_debug() in cpu_memory_rw_debug()

[Philippe Mathieu-Daudé]

(Cc'ing Chris who reported the issue)

On 17/4/26 19:31, Peter Maydell wrote:
> Currently cpu_memory_rw_debug() assumes page-granularity for translations,
> and it works in a loop where each iteration translates for the vaddr
> rounded down to a page boundary and then copies up to the end of the
> page boundary.
> 
> Rewrite it to use the new cpu_translate_for_debug(): we no longer want
> to round down the input address, and the boundary we copy up to is now
> determined by the lg_page_size it returns rather than being assumed
> to be page-sized.
> 
> This, together with the implementation of translate_for_debug for
> Arm targets, fixes the bug where semihosting would incorrectly
> fail to access parameter blocks that were in memory where the
> start of the 4K region they were in was inaccessible due to MPU
> region settings, even if the parameter block itself was readable.
> 
> Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3292
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   system/physmem.c | 38 ++++++++++++++++++++++++--------------
>   1 file changed, 24 insertions(+), 14 deletions(-)
> 
> diff --git a/system/physmem.c b/system/physmem.c
> index f2d9a4ff8f..45c3a926cf 100644
> --- a/system/physmem.c
> +++ b/system/physmem.c
> @@ -4036,28 +4036,38 @@ address_space_write_cached_slow(MemoryRegionCache *cache, hwaddr addr,
>   int cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
>                           void *ptr, size_t len, bool is_write)
>   {
> -    hwaddr phys_addr;
> -    vaddr l, page;
>       uint8_t *buf = ptr;
>   
>       cpu_synchronize_state(cpu);
>       while (len > 0) {
>           int asidx;
> -        MemTxAttrs attrs;
> +        TranslateForDebugResult tres;
>           MemTxResult res;
> +        hwaddr blk_base, blk_size, l;
>   
> -        page = addr & TARGET_PAGE_MASK;
> -        phys_addr = cpu_get_phys_addr_attrs_debug(cpu, page, &attrs);
> -        asidx = cpu_asidx_from_attrs(cpu, attrs);
> -        /* if no physical page mapped, return an error */
> -        if (phys_addr == -1)
> +        if (!cpu_translate_for_debug(cpu, addr, &tres)) {
> +            /* Return error if no physical page mapped */
>               return -1;
> -        l = (page + TARGET_PAGE_SIZE) - addr;
> -        if (l > len)
> -            l = len;
> -        phys_addr += (addr & ~TARGET_PAGE_MASK);
> -        res = address_space_rw(cpu->cpu_ases[asidx].as, phys_addr, attrs, buf,
> -                               l, is_write);
> +        }
> +        asidx = cpu_asidx_from_attrs(cpu, tres.attrs);
> +        /*
> +         * Clamp the amount we read to not go beyond a page even if
> +         * the CPU returned a larger lg_page_size, in case this access
> +         * is to a memory-mapped IO region.
> +         */
> +        tres.lg_page_size = MIN(tres.lg_page_size, TARGET_PAGE_BITS);
> +        /*
> +         * Find the length in bytes from tres.physaddr to the end of the
> +         * block whose size is 1 << tres.lg_page_size; we will access
> +         * that much in one go.
> +         */
> +        blk_size = 1ULL << tres.lg_page_size;
> +        blk_base = ROUND_DOWN(tres.physaddr, blk_size);
> +        l = blk_base + blk_size - tres.physaddr;
> +        l = MIN(l, len);
> +
> +        res = address_space_rw(cpu->cpu_ases[asidx].as, tres.physaddr,
> +                               tres.attrs, buf, l, is_write);
>           if (res != MEMTX_OK) {
>               return -1;
>           }

Re: [PATCH 17/17] system/physmem: Use translate_for_debug() in cpu_memory_rw_debug()

[Richard Henderson]

On 4/18/26 03:31, Peter Maydell wrote:
> Currently cpu_memory_rw_debug() assumes page-granularity for translations,
> and it works in a loop where each iteration translates for the vaddr
> rounded down to a page boundary and then copies up to the end of the
> page boundary.
> 
> Rewrite it to use the new cpu_translate_for_debug(): we no longer want
> to round down the input address, and the boundary we copy up to is now
> determined by the lg_page_size it returns rather than being assumed
> to be page-sized.
> 
> This, together with the implementation of translate_for_debug for
> Arm targets, fixes the bug where semihosting would incorrectly
> fail to access parameter blocks that were in memory where the
> start of the 4K region they were in was inaccessible due to MPU
> region settings, even if the parameter block itself was readable.
> 
> Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3292
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   system/physmem.c | 38 ++++++++++++++++++++++++--------------
>   1 file changed, 24 insertions(+), 14 deletions(-)
> 
> diff --git a/system/physmem.c b/system/physmem.c
> index f2d9a4ff8f..45c3a926cf 100644
> --- a/system/physmem.c
> +++ b/system/physmem.c
> @@ -4036,28 +4036,38 @@ address_space_write_cached_slow(MemoryRegionCache *cache, hwaddr addr,
>   int cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
>                           void *ptr, size_t len, bool is_write)
>   {
> -    hwaddr phys_addr;
> -    vaddr l, page;
>       uint8_t *buf = ptr;
>   
>       cpu_synchronize_state(cpu);
>       while (len > 0) {
>           int asidx;
> -        MemTxAttrs attrs;
> +        TranslateForDebugResult tres;
>           MemTxResult res;
> +        hwaddr blk_base, blk_size, l;
>   
> -        page = addr & TARGET_PAGE_MASK;
> -        phys_addr = cpu_get_phys_addr_attrs_debug(cpu, page, &attrs);
> -        asidx = cpu_asidx_from_attrs(cpu, attrs);
> -        /* if no physical page mapped, return an error */
> -        if (phys_addr == -1)
> +        if (!cpu_translate_for_debug(cpu, addr, &tres)) {
> +            /* Return error if no physical page mapped */
>               return -1;
> -        l = (page + TARGET_PAGE_SIZE) - addr;
> -        if (l > len)
> -            l = len;
> -        phys_addr += (addr & ~TARGET_PAGE_MASK);
> -        res = address_space_rw(cpu->cpu_ases[asidx].as, phys_addr, attrs, buf,
> -                               l, is_write);
> +        }
> +        asidx = cpu_asidx_from_attrs(cpu, tres.attrs);
> +        /*
> +         * Clamp the amount we read to not go beyond a page even if
> +         * the CPU returned a larger lg_page_size, in case this access
> +         * is to a memory-mapped IO region.
> +         */
> +        tres.lg_page_size = MIN(tres.lg_page_size, TARGET_PAGE_BITS);
> +        /*
> +         * Find the length in bytes from tres.physaddr to the end of the
> +         * block whose size is 1 << tres.lg_page_size; we will access
> +         * that much in one go.
> +         */
> +        blk_size = 1ULL << tres.lg_page_size;
> +        blk_base = ROUND_DOWN(tres.physaddr, blk_size);
> +        l = blk_base + blk_size - tres.physaddr;
> +        l = MIN(l, len);
> +
> +        res = address_space_rw(cpu->cpu_ases[asidx].as, tres.physaddr,
> +                               tres.attrs, buf, l, is_write);

Doesn't address_space_rw handle both MMIO and RAM?

Seems to me the only thing you should be worried about here are the virtual address 
translation boundary.  So there should be no need to clamp lg_page_size to TARGET_PAGE_BITS.


r~

Re: [PATCH 17/17] system/physmem: Use translate_for_debug() in cpu_memory_rw_debug()

[Peter Maydell]

On Thu, 23 Apr 2026 at 04:17, Richard Henderson
<richard.henderson@linaro.org> wrote:
>
> On 4/18/26 03:31, Peter Maydell wrote:
> > Currently cpu_memory_rw_debug() assumes page-granularity for translations,
> > and it works in a loop where each iteration translates for the vaddr
> > rounded down to a page boundary and then copies up to the end of the
> > page boundary.
> >
> > Rewrite it to use the new cpu_translate_for_debug(): we no longer want
> > to round down the input address, and the boundary we copy up to is now
> > determined by the lg_page_size it returns rather than being assumed
> > to be page-sized.
> >
> > This, together with the implementation of translate_for_debug for
> > Arm targets, fixes the bug where semihosting would incorrectly
> > fail to access parameter blocks that were in memory where the
> > start of the 4K region they were in was inaccessible due to MPU
> > region settings, even if the parameter block itself was readable.
> >
> > Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3292
> > Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> > ---
> >   system/physmem.c | 38 ++++++++++++++++++++++++--------------
> >   1 file changed, 24 insertions(+), 14 deletions(-)
> >
> > diff --git a/system/physmem.c b/system/physmem.c
> > index f2d9a4ff8f..45c3a926cf 100644
> > --- a/system/physmem.c
> > +++ b/system/physmem.c
> > @@ -4036,28 +4036,38 @@ address_space_write_cached_slow(MemoryRegionCache *cache, hwaddr addr,
> >   int cpu_memory_rw_debug(CPUState *cpu, vaddr addr,
> >                           void *ptr, size_t len, bool is_write)
> >   {
> > -    hwaddr phys_addr;
> > -    vaddr l, page;
> >       uint8_t *buf = ptr;
> >
> >       cpu_synchronize_state(cpu);
> >       while (len > 0) {
> >           int asidx;
> > -        MemTxAttrs attrs;
> > +        TranslateForDebugResult tres;
> >           MemTxResult res;
> > +        hwaddr blk_base, blk_size, l;
> >
> > -        page = addr & TARGET_PAGE_MASK;
> > -        phys_addr = cpu_get_phys_addr_attrs_debug(cpu, page, &attrs);
> > -        asidx = cpu_asidx_from_attrs(cpu, attrs);
> > -        /* if no physical page mapped, return an error */
> > -        if (phys_addr == -1)
> > +        if (!cpu_translate_for_debug(cpu, addr, &tres)) {
> > +            /* Return error if no physical page mapped */
> >               return -1;
> > -        l = (page + TARGET_PAGE_SIZE) - addr;
> > -        if (l > len)
> > -            l = len;
> > -        phys_addr += (addr & ~TARGET_PAGE_MASK);
> > -        res = address_space_rw(cpu->cpu_ases[asidx].as, phys_addr, attrs, buf,
> > -                               l, is_write);
> > +        }
> > +        asidx = cpu_asidx_from_attrs(cpu, tres.attrs);
> > +        /*
> > +         * Clamp the amount we read to not go beyond a page even if
> > +         * the CPU returned a larger lg_page_size, in case this access
> > +         * is to a memory-mapped IO region.
> > +         */
> > +        tres.lg_page_size = MIN(tres.lg_page_size, TARGET_PAGE_BITS);
> > +        /*
> > +         * Find the length in bytes from tres.physaddr to the end of the
> > +         * block whose size is 1 << tres.lg_page_size; we will access
> > +         * that much in one go.
> > +         */
> > +        blk_size = 1ULL << tres.lg_page_size;
> > +        blk_base = ROUND_DOWN(tres.physaddr, blk_size);
> > +        l = blk_base + blk_size - tres.physaddr;
> > +        l = MIN(l, len);
> > +
> > +        res = address_space_rw(cpu->cpu_ases[asidx].as, tres.physaddr,
> > +                               tres.attrs, buf, l, is_write);
>
> Doesn't address_space_rw handle both MMIO and RAM?

Yes, but it doesn't handle accesses that cross boundaries
between MemoryRegions. (flatview_read() and flatview_write()
look up the MemoryRegion once for the first address and then
use that for all the data transfer.)

-- PMM