[Question] How To Log QEMU Memory Access

周春华 uulinux at gmail.com
Thu Mar 15 13:25:26 UTC 2012


Dear Peter Maydell,

I am very appreciated for you great help. There is still a question exist:

Note that there are other slow paths for memory access which don't
> use the TLB and instead do go via physical addresses at the time
> they need to do the load/store.


I want to know how to use these slow paths. Will they will "guest virtual
-> guest physical -> host virtual" again and again when we execute load or
store instructions. If so, I prefer to use them instead. It will help me to
log the memory access.

Any way, I want to thank you again.

Best Regards,
Jerry


2012/3/15 Peter Maydell <peter.maydell at linaro.org>

> 2012/3/15 周春华 <uulinux at gmail.com>:
> > Do you means that the QEMU TLB maps the guest virtual address to host
> > virtual address,
>
> Yes.
>
> > and the begging and end virtual addresses of the memory
> > allocated for RAM device emulating are the RAM physical begging and end
> > address from guest view?
>
> I don't know what you mean by this. RAM in qemu need not be
> contiguous in guest physical address space, and it need not
> be contiguous in host physical address space either.
>
> > If so, it seems hard to monitor the guest physical memory.
>
> Yes, that's what I said.
>
> > However, [exec.c:qemu_get_ram_ptr] seems to get a host virtual address
> from
> > a guest physical address. It confuses me.
>
> Obviously QEMU knows how to map between guest physical addresses
> and host virtual addresses, or it wouldn't work. This function
> is one very small part of a complicated subsystem which caches
> the "guest virtual -> guest physical -> host virtual" lookups so
> we don't need to do them again and again when we execute load or
> store instructions.
>
> If you want to follow the code in more detail, when QEMU gets
> a "TLB miss" (ie it doesn't know where the RAM for a guest virtual
> address is) it calls target-arm/helper.c:cpu_arm_handle_mmu_fault().
> This calls get_phys_addr() to do a page table walk and convert the
> guest virtual address to a guest physical address. Assuming that
> succeeded, it calls exec.c:tlb_set_page(), passing the guest
> virtual and guest physical addresses, to add a TLB entry. This
> function calls memory_region_get_ram_ptr() which in turn calls
> qemu_get_ram_ptr(), getting the host virtual address. We can then
> cache the host virtual address for this guest virtual address in the
> TLB entry. Later on when we actually execute a guest load or store
> instruction we will pull the TLB entry out of the data structure and
> use the host virtual address cached in it. tcg_out_qemu_ld/st
> are the functions which generate the native code which gets the
> TLB entry and loads via the cached host virtual address.
>
> Note that there are other slow paths for memory access which don't
> use the TLB and instead do go via physical addresses at the time
> they need to do the load/store.
>
> -- PMM
>



-- 
I love linux!!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linaro.org/pipermail/linaro-dev/attachments/20120315/1ce48159/attachment.html>


More information about the linaro-dev mailing list