Dear Peter Maydell,<br><br>I am very appreciated for you great help. There is still a question exist:<br><br><blockquote style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">
Note that there are other slow paths for memory access which don&#39;t<br>use the TLB and instead do go via physical addresses at the time<br>they need to do the load/store.</blockquote><br>I want to know how to use these slow paths. Will they will &quot;guest virtual -&gt; guest physical -&gt; host virtual&quot; again and again when we execute load or store instructions. If so, I prefer to use them instead. It will help me to log the memory access.<br>
<br>Any way, I want to thank you again.<br><br>Best Regards,<br>Jerry<br><br><br><div class="gmail_quote">2012/3/15 Peter Maydell <span dir="ltr">&lt;<a href="mailto:peter.maydell@linaro.org">peter.maydell@linaro.org</a>&gt;</span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">2012/3/15 ÖÜ´º»ª &lt;<a href="mailto:uulinux@gmail.com">uulinux@gmail.com</a>&gt;:<br>
<div class="im">&gt; Do you means that the QEMU TLB maps the guest virtual address to host<br>
&gt; virtual address,<br>
<br>
</div>Yes.<br>
<div class="im"><br>
&gt; and the begging and end virtual addresses of the memory<br>
&gt; allocated for RAM device emulating are the RAM physical begging and end<br>
&gt; address from guest view?<br>
<br>
</div>I don&#39;t know what you mean by this. RAM in qemu need not be<br>
contiguous in guest physical address space, and it need not<br>
be contiguous in host physical address space either.<br>
<div class="im"><br>
&gt; If so, it seems hard to monitor the guest physical memory.<br>
<br>
</div>Yes, that&#39;s what I said.<br>
<div class="im"><br>
&gt; However, [exec.c:qemu_get_ram_ptr] seems to get a host virtual address from<br>
&gt; a guest physical address. It confuses me.<br>
<br>
</div>Obviously QEMU knows how to map between guest physical addresses<br>
and host virtual addresses, or it wouldn&#39;t work. This function<br>
is one very small part of a complicated subsystem which caches<br>
the &quot;guest virtual -&gt; guest physical -&gt; host virtual&quot; lookups so<br>
we don&#39;t need to do them again and again when we execute load or<br>
store instructions.<br>
<br>
If you want to follow the code in more detail, when QEMU gets<br>
a &quot;TLB miss&quot; (ie it doesn&#39;t know where the RAM for a guest virtual<br>
address is) it calls target-arm/helper.c:cpu_arm_handle_mmu_fault().<br>
This calls get_phys_addr() to do a page table walk and convert the<br>
guest virtual address to a guest physical address. Assuming that<br>
succeeded, it calls exec.c:tlb_set_page(), passing the guest<br>
virtual and guest physical addresses, to add a TLB entry. This<br>
function calls memory_region_get_ram_ptr() which in turn calls<br>
qemu_get_ram_ptr(), getting the host virtual address. We can then<br>
cache the host virtual address for this guest virtual address in the<br>
TLB entry. Later on when we actually execute a guest load or store<br>
instruction we will pull the TLB entry out of the data structure and<br>
use the host virtual address cached in it. tcg_out_qemu_ld/st<br>
are the functions which generate the native code which gets the<br>
TLB entry and loads via the cached host virtual address.<br>
<br>
Note that there are other slow paths for memory access which don&#39;t<br>
use the TLB and instead do go via physical addresses at the time<br>
they need to do the load/store.<br>
<br>
-- PMM<br>
</blockquote></div><br><br clear="all"><br>-- <br>I love linux!!!<br>