other: 0.221 permissions: 0.133 semantic: 0.130 graphic: 0.096 device: 0.067 debug: 0.065 vnc: 0.053 performance: 0.050 PID: 0.039 boot: 0.039 socket: 0.031 network: 0.031 files: 0.025 KVM: 0.020 permissions: 0.405 debug: 0.118 other: 0.074 files: 0.071 device: 0.066 PID: 0.063 semantic: 0.046 boot: 0.032 vnc: 0.027 socket: 0.025 graphic: 0.024 performance: 0.021 KVM: 0.014 network: 0.014 Qemu 3.1 Aarch64 TLBI VAE1, x0 Hello, In my code I'm trying to remove some permissions to a 4KiB MMU descriptor. After that I invalidate the MMU with TLBI VAE1, x0 where x0 is the start of the address of the 4 KiB page. In Qemu 2.12 this did not work, but I worked around it with: /* invalidate the address */ TLBI VAE1, x0 /*****************************************************************/ /*****************************************************************/ /* NOTE: THIS IS A TRICK FOR QEMU!!!!!!!!!!!! */ /* Apparently we have to change the TTBR0_EL1 when we change a descriptor (especially to remove permissions) */ /* Otherwise qemu (2.12) will continue with the same descriptor with permissions! **/ /*****************************************************************/ /*****************************************************************/ /* do a trick (in qemu) */ mrs x1 , TTBR0_EL1 ldr x2 , =kernelTable0Table msr TTBR0_EL1 , x2 isb msr TTBR0_EL1 , x1 /* return from function */ ret That is, I just replaced the TTBR0_EL1 with a temporary value, and then restored it. (guess qemu 2.12 just needed to reload the values again). However, even this procedure is not working with qemu 3.1. (I just tested again with qemu 2.12 and the code works fine, with qemu 3.1 it does not). Thanks, Pharos team Could you provide a test binary (and the QEMU command line to run it) that demonstrates the bug, please? Marking bug as incomplete -- we can't investigate without a test case. [Expired for QEMU because there has been no activity for 60 days.]