Commit c094ec71 authored by RILLING Louis's avatar RILLING Louis
Browse files


parent fb605ef6
Pipeline #154540 passed with stages
in 4 minutes and 37 seconds
......@@ -59,18 +59,28 @@
- But now we have special ld/st instruction when memory is accessed.
this code is specific to the host arch. For i386: [[]]
for ld/st instruction -- [[]]
opcode are macro generated by: [[]]
opcode are macro generated by: [[]]
- For load/store opcode, qemu relies on a tlb to do guest to host address translation and proceed with the operations
+ e.g for ld instruction: [[]]
+ the host address from the TLB are generated: [[]]
+ if a cache miss occurs (at the execution time (not now)) qemu generate a conditional jump: [[]]
- When all the TCG instructions are generated, Qemu generates all the slow path blocks (needed in cas of cache miss)
+ to handle cache misses (at the execution time (not now)) qemu generates a conditional jump: [[]]
- After all the TCG instructions of the Tb are translated, Qemu generates all the slow path blocks (needed in case of cache miss)
+ here -- [[]]
+ for i386/ld op: [[]]
+ and here ... is the magic ... it generate a call to a c helper function: [[]]
- ld/store helper calls ~io_readx~/~io_writex~ if the ~tlb_addr~ is flagged as an MMIO region: e.g [[]]
- TODO who's flagging the ~tlb_addr~ as MMIO ?
+ Now the final magic principle: load/store from/to MMIO regions always lead to a TLB cache miss. How?
- The TLB is initially empty.
- In the load/store slow path, ~load_helper~ / ~store_helper~ insert an
entry in the TLB: [[]]
+ [~tlb_fill~]( (generic) calls [~x86_cpu_tlb_fill~]( which calls [~handle_mmu_fault~]( (x86-specific)
+ ~handle_mmu_fault~ first finds the physical address associated to the virtual address of the memory access while checking access rights at the same time, then calls [~tlb_set_page_with_attrs~]( (generic), which:
+ finds the memory region backing the physical address: [[]]
+ for an MMIO region, tags with ~TLB_MMIO~ the virtual address which will figure in the TLB entry: [[]]
+ after applying some cache replacement strategy, sets the TLB entry: [[]]
- So this TLB entry is filled with the ~TLB_MMIO~ flag set on the relevant address(es) field(s) (~addr_read~ or ~addr_write~ depending on the memory region properties and the MMU protections set)
+ Note that in ~load_helper~ / ~store_helper~, ~tlb_addr~ is the ~addr_read~ / ~addr_write~ field of the TLB entry (~addr_code~ is only used for instruction fetches)
- On a TLB lookup, the generated code checks flags in the relevant virtual address field of the entry (~addr_read~ or ~addr_write~) and produces a miss (that is jumps to the slow path) if any flag (eg ~TLB_MMIO~) is set: [[]]
* Host to Guest network communication: interruptions
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment