Am 27.11.2011 15:17, schrieb Avi Kivity: > On 11/27/2011 04:07 PM, Andreas Färber wrote: >> Thanks a lot! You were right, setting TARGET_PAGE_BITS to 8 solves this >> issue. >> >> I'd still like to fix this subpage case for others' benefit. Do you have >> any pointer where I should set breakpoints / review code? > > The subpage code (scheduled for demolition in 1.1) lives in exec.c. See > subpage_init() and subpage_register(). I'd start with enabling > DEBUG_SUBPAGE, fixing all the build errors, and looking at the output of > subpage_readlen() and subpage_writelen().
With these hints I've figured out what's actually happening here: subpage_writelen() is reading a wrong index 2 == IO_MEM_UNASSIGNED from subpage_t and performing an unassigned memory write, confirmed by DEBUG_UNASSIGNED. In subpage_register(), we're taking the (memory & ~TARGET_PAGE_MASK) == IO_MEM_RAM path and setting IO_MEM_UNASSIGNED in subpage_t. Will investigate further tomorrow. Andreas
