Commit 3835a61341 for qemu.org
commit 3835a6134131f2557ef891bcbd5ee751c83d8cc2
Author: Helge Deller <deller@gmx.de>
Date: Sun Mar 15 19:16:02 2026 +0100
hw/hppa: Fix crash of 64-bit HP-UX 11 while flushing caches
HP-UX 11 64-bit reads at bootup a word from address CPU_HPA + 0x500
while flushing the the cache of a T600.
Add a memory handler to avoid crashing while reading this word.
Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Anton Johansson <anjo@rev.ng>
diff --git a/hw/hppa/machine.c b/hw/hppa/machine.c
index e72dda2a68..318ebfeee4 100644
--- a/hw/hppa/machine.c
+++ b/hw/hppa/machine.c
@@ -306,6 +306,8 @@ static TranslateFn *machine_HP_common_init_cpus(MachineState *machine)
for (unsigned int i = 0; i < smp_cpus; i++) {
g_autofree char *name = g_strdup_printf("cpu%u-io-eir", i);
+ g_autofree char *cflush_name = NULL;
+ MemoryRegion *cflush;
cpu_region = g_new(MemoryRegion, 1);
memory_region_init_io(cpu_region, OBJECT(cpu[i]), &hppa_io_eir_ops,
@@ -313,6 +315,24 @@ static TranslateFn *machine_HP_common_init_cpus(MachineState *machine)
memory_region_add_subregion(addr_space,
translate(NULL, CPU_HPA + i * 0x1000),
cpu_region);
+
+ if (!hppa_is_pa20(&cpu[0]->env)) {
+ continue;
+ }
+
+ /*
+ * HP-UX 11 64-bit reads a word from address CPU_HPA + 0x500
+ * while flushing the cache of a T600, which was the first
+ * server with a 64-bit PA-RISC 2.0 CPU.
+ * We return 0, since the value isn't used anyway.
+ */
+ cflush_name = g_strdup_printf("cpu%u-T600-cacheflush", i);
+ cflush = g_new(MemoryRegion, 1);
+ memory_region_init_io(cflush, NULL, &hppa_pci_ignore_ops,
+ NULL, cflush_name, 4);
+ memory_region_add_subregion(addr_space,
+ translate(NULL, CPU_HPA + i * 0x1000 + 0x500),
+ cflush);
}
/* RTC and DebugOutputPort on CPU #0 */