Commit c094ec71 authored by RILLING Louis's avatar RILLING Louis
Browse files

Update qemu.org

parent fb605ef6
Pipeline #154540 passed with stages
in 4 minutes and 37 seconds
......@@ -59,18 +59,28 @@
- But now we have special ld/st instruction when memory is accessed.
this code is specific to the host arch. For i386: [[https://github.com/qemu/qemu/blob/v4.2.0/tcg/i386/tcg-target.inc.c#L2255]]
for ld/st instruction -- [[https://github.com/qemu/qemu/blob/v4.2.0/tcg/i386/tcg-target.inc.c#L2527-L2538]]
opcode are macro generated by: [[https://github.com/qemu/qemu/blob/v4.2.0/tcg/tcg-opc.h#L52-L59]]
opcode are macro generated by: [[https://github.com/qemu/qemu/blob/v4.2.0/tcg/tcg-opc.h#L204-L211]]
- For load/store opcode, qemu relies on a tlb to do guest to host address translation and proceed with the operations
+ e.g for ld instruction: [[https://github.com/qemu/qemu/blob/v4.2.0/tcg/i386/tcg-target.inc.c#L2122-L2130]]
+ the host address from the TLB are generated: [[https://github.com/qemu/qemu/blob/v4.2.0/tcg/i386/tcg-target.inc.c#L1699]]
+ if a cache miss occurs (at the execution time (not now)) qemu generate a conditional jump: [[https://github.com/qemu/qemu/blob/v4.2.0/tcg/i386/tcg-target.inc.c#L1759-L1761]]
- When all the TCG instructions are generated, Qemu generates all the slow path blocks (needed in cas of cache miss)
+ to handle cache misses (at the execution time (not now)) qemu generates a conditional jump: [[https://github.com/qemu/qemu/blob/v4.2.0/tcg/i386/tcg-target.inc.c#L1759-L1761]]
- After all the TCG instructions of the Tb are translated, Qemu generates all the slow path blocks (needed in case of cache miss)
+ here -- [[https://github.com/qemu/qemu/blob/v4.2.0/tcg/tcg.c#L4209]]
+ for i386/ld op: [[https://github.com/qemu/qemu/blob/v4.2.0/tcg/i386/tcg-target.inc.c#L1810]]
+ and here ... is the magic ... it generate a call to a c helper function: [[https://github.com/qemu/qemu/blob/v4.2.0/tcg/i386/tcg-target.inc.c#L1850]]
- ld/store helper calls ~io_readx~/~io_writex~ if the ~tlb_addr~ is flagged as an MMIO region: e.g [[https://github.com/qemu/qemu/blob/v4.2.0/accel/tcg/cputlb.c#L1715-L1718]]
- TODO who's flagging the ~tlb_addr~ as MMIO ?
+ Now the final magic principle: load/store from/to MMIO regions always lead to a TLB cache miss. How?
- The TLB is initially empty.
- In the load/store slow path, ~load_helper~ / ~store_helper~ insert an
entry in the TLB: [[https://github.com/qemu/qemu/blob/v4.2.0/accel/tcg/cputlb.c#L1682-L1691]]
+ [~tlb_fill~](https://github.com/qemu/qemu/blob/v4.2.0/accel/tcg/cputlb.c#L895-L912) (generic) calls [~x86_cpu_tlb_fill~](https://github.com/qemu/qemu/blob/v4.2.0/target/i386/excp_helper.c#L676-L702) which calls [~handle_mmu_fault~](https://github.com/qemu/qemu/blob/v4.2.0/target/i386/excp_helper.c#L349-L673) (x86-specific)
+ ~handle_mmu_fault~ first finds the physical address associated to the virtual address of the memory access while checking access rights at the same time, then calls [~tlb_set_page_with_attrs~](https://github.com/qemu/qemu/blob/v4.2.0/accel/tcg/cputlb.c#L695-L870) (generic), which:
+ finds the memory region backing the physical address: [[https://github.com/qemu/qemu/blob/v4.2.0/accel/tcg/cputlb.c#L732-L733]]
+ for an MMIO region, tags with ~TLB_MMIO~ the virtual address which will figure in the TLB entry: [[https://github.com/qemu/qemu/blob/v4.2.0/accel/tcg/cputlb.c#L782-L785]]
+ after applying some cache replacement strategy, sets the TLB entry: [[https://github.com/qemu/qemu/blob/v4.2.0/accel/tcg/cputlb.c#L867-L868]]
- So this TLB entry is filled with the ~TLB_MMIO~ flag set on the relevant address(es) field(s) (~addr_read~ or ~addr_write~ depending on the memory region properties and the MMU protections set)
+ Note that in ~load_helper~ / ~store_helper~, ~tlb_addr~ is the ~addr_read~ / ~addr_write~ field of the TLB entry (~addr_code~ is only used for instruction fetches)
- On a TLB lookup, the generated code checks flags in the relevant virtual address field of the entry (~addr_read~ or ~addr_write~) and produces a miss (that is jumps to the slow path) if any flag (eg ~TLB_MMIO~) is set: [[https://github.com/qemu/qemu/blob/v4.2.0/tcg/i386/tcg-target.inc.c#L1748-L1759]]
* Host to Guest network communication: interruptions
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment