Why do you think this is wrong? The ARM ARM says that the physical address of the first level page table descriptor is (ignoring TTBCR.N) the concatenation of bits [31..14] of the TTBR with bits [31..20] of the MVA and two zero bits. In this code 'table' is initially the [31..14] bits of the TTBR, and we move bits 31..20 of 'address' into bits [13..2] with the shift by 18 and mask. If we weren't correctly calculating the first level page table descriptor address then I don't think anything that used the MMU would work...
(We do seem to not quite be getting the effect of TTBCR.N right, though: if N > 0 then although we correctly take more bits from TTBR0 (by adjusting c2_base_mask) we aren't masking out the high bits [31..32-N] of the MVA. But that's a different problem.) -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/749522 Title: qemu-system-arm reads wrong entry in L1 page table for cortex-a8 Status in QEMU: New Bug description: target-arm/helper.c:920 [current] table |= (address >> 18) & 0x3ffc [fix] table |= (address >> 20) & 0xfff
