diff --git a/qemu/cputlb.c b/qemu/cputlb.c
index 805e99f6..424417da 100644
--- a/qemu/cputlb.c
+++ b/qemu/cputlb.c
@@ -289,6 +289,7 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env1, target_ulong addr)
     MemoryRegion *mr;
     ram_addr_t  ram_addr;
     CPUState *cpu = ENV_GET_CPU(env1);
+    CPUIOTLBEntry *iotlbentry;
 
     page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
     mmu_idx = cpu_mmu_index(env1, true);
@@ -300,8 +301,9 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env1, target_ulong addr)
             return -1;
         }
     }
-    pd = env1->iotlb[mmu_idx][page_index].addr & ~TARGET_PAGE_MASK;
-    mr = iotlb_to_region(cpu, pd);
+    iotlbentry = &env1->iotlb[mmu_idx][page_index];
+    pd = iotlbentry->addr & ~TARGET_PAGE_MASK;
+    mr = iotlb_to_region(cpu, pd, iotlbentry->attrs);
     if (memory_region_is_unassigned(cpu->uc, mr)) {
         CPUClass *cc = CPU_GET_CLASS(env1->uc, cpu);
 
diff --git a/qemu/exec.c b/qemu/exec.c
index c35fd31c..48f4f1df 100644
--- a/qemu/exec.c
+++ b/qemu/exec.c
@@ -1592,9 +1592,10 @@ static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
     return phys_section_add(map, &section);
 }
 
-MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
+MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
 {
-    CPUAddressSpace *cpuas = &cpu->cpu_ases[0];
+    int asidx = cpu_asidx_from_attrs(cpu, attrs);
+    CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
     AddressSpaceDispatch *d = cpuas->memory_dispatch;
     MemoryRegionSection *sections = d->map.sections;
 
diff --git a/qemu/include/exec/exec-all.h b/qemu/include/exec/exec-all.h
index 6be6d6e2..c795b877 100644
--- a/qemu/include/exec/exec-all.h
+++ b/qemu/include/exec/exec-all.h
@@ -406,7 +406,7 @@ extern uintptr_t tci_tb_ptr;
 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align));
 
 struct MemoryRegion *iotlb_to_region(CPUState *cpu,
-                                     hwaddr index);
+                                     hwaddr index, MemTxAttrs attrs);
 
 void tlb_fill(CPUState *cpu, target_ulong addr, int is_write, int mmu_idx,
                    uintptr_t retaddr);
diff --git a/qemu/softmmu_template.h b/qemu/softmmu_template.h
index 5532a273..0b70b651 100644
--- a/qemu/softmmu_template.h
+++ b/qemu/softmmu_template.h
@@ -164,7 +164,7 @@ static inline DATA_TYPE glue(io_read, SUFFIX)(CPUArchState *env,
     uint64_t val;
     CPUState *cpu = ENV_GET_CPU(env);
     hwaddr physaddr = iotlbentry->addr;
-    MemoryRegion *mr = iotlb_to_region(cpu, physaddr);
+    MemoryRegion *mr = iotlb_to_region(cpu, physaddr, iotlbentry->attrs);
 
     physaddr = (physaddr & TARGET_PAGE_MASK) + addr;
     cpu->mem_io_pc = retaddr;
@@ -652,7 +652,7 @@ static inline void glue(io_write, SUFFIX)(CPUArchState *env,
 {
     CPUState *cpu = ENV_GET_CPU(env);
     hwaddr physaddr = iotlbentry->addr;
-    MemoryRegion *mr = iotlb_to_region(cpu, physaddr);
+    MemoryRegion *mr = iotlb_to_region(cpu, physaddr, iotlbentry->attrs);
 
     physaddr = (physaddr & TARGET_PAGE_MASK) + addr;
     if (mr != &(cpu->uc->io_mem_rom) && mr != &(cpu->uc->io_mem_notdirty)