2012/3/15 周春华 uulinux@gmail.com:
Do you means that the QEMU TLB maps the guest virtual address to host virtual address,
Yes.
and the begging and end virtual addresses of the memory allocated for RAM device emulating are the RAM physical begging and end address from guest view?
I don't know what you mean by this. RAM in qemu need not be contiguous in guest physical address space, and it need not be contiguous in host physical address space either.
If so, it seems hard to monitor the guest physical memory.
Yes, that's what I said.
However, [exec.c:qemu_get_ram_ptr] seems to get a host virtual address from a guest physical address. It confuses me.
Obviously QEMU knows how to map between guest physical addresses and host virtual addresses, or it wouldn't work. This function is one very small part of a complicated subsystem which caches the "guest virtual -> guest physical -> host virtual" lookups so we don't need to do them again and again when we execute load or store instructions.
If you want to follow the code in more detail, when QEMU gets a "TLB miss" (ie it doesn't know where the RAM for a guest virtual address is) it calls target-arm/helper.c:cpu_arm_handle_mmu_fault(). This calls get_phys_addr() to do a page table walk and convert the guest virtual address to a guest physical address. Assuming that succeeded, it calls exec.c:tlb_set_page(), passing the guest virtual and guest physical addresses, to add a TLB entry. This function calls memory_region_get_ram_ptr() which in turn calls qemu_get_ram_ptr(), getting the host virtual address. We can then cache the host virtual address for this guest virtual address in the TLB entry. Later on when we actually execute a guest load or store instruction we will pull the TLB entry out of the data structure and use the host virtual address cached in it. tcg_out_qemu_ld/st are the functions which generate the native code which gets the TLB entry and loads via the cached host virtual address.
Note that there are other slow paths for memory access which don't use the TLB and instead do go via physical addresses at the time they need to do the load/store.
-- PMM