diff --git a/qemu/cpu-exec.c b/qemu/cpu-exec.c
index 7c926013..dd62c03f 100644
--- a/qemu/cpu-exec.c
+++ b/qemu/cpu-exec.c
@@ -214,7 +214,7 @@ static inline TranslationBlock *tb_find_fast(CPUState *cpu,
         /* Check if translation buffer has been flushed */
         if (cpu->tb_flushed) {
             cpu->tb_flushed = false;
-        } else {
+        } else if (!tb->invalid) {
             tb_add_jump(last_tb, tb_exit, tb);
         }
     }
diff --git a/qemu/include/exec/exec-all.h b/qemu/include/exec/exec-all.h
index cb1732b0..2eb3aab3 100644
--- a/qemu/include/exec/exec-all.h
+++ b/qemu/include/exec/exec-all.h
@@ -224,6 +224,9 @@ struct TranslationBlock {
 #define CF_LAST_IO     0x8000 /* Last insn may be an IO access.  */
 #define CF_NOCACHE     0x10000 /* To be freed after execution */
 #define CF_USE_ICOUNT  0x20000
+#define CF_IGNORE_ICOUNT 0x40000 /* Do not generate icount code */
+
+    uint16_t invalid;
 
     void *tc_ptr;    /* pointer to the translated code */
     uint8_t *tc_search;  /* pointer to search data */
diff --git a/qemu/translate-all.c b/qemu/translate-all.c
index a66bd105..8ab59501 100644
--- a/qemu/translate-all.c
+++ b/qemu/translate-all.c
@@ -836,6 +836,7 @@ static TranslationBlock *tb_alloc(struct uc_struct *uc, target_ulong pc)
     tb = &tcg_ctx->tb_ctx.tbs[tcg_ctx->tb_ctx.nb_tbs++];
     tb->pc = pc;
     tb->cflags = 0;
+    tb->invalid = false;
     return tb;
 }
 
@@ -1076,6 +1077,8 @@ void tb_phys_invalidate(struct uc_struct *uc,
     uint32_t h;
     tb_page_addr_t phys_pc;
 
+    atomic_set(&tb->invalid, true);
+
     /* remove the TB from the hash list */
     phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
     h = tb_hash_func(phys_pc, tb->pc, tb->flags);