qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] Memory mapping on MIPS


From: Igor R
Subject: [Qemu-devel] Memory mapping on MIPS
Date: Mon, 22 Feb 2016 08:56:23 +0200

I have some issues when accessing guest Linux kernel memory above
0xC0000000 by means of cpu_memory_rw_debug (x86_64 host, MIPS guest),
and I'm trying to debug it.

Here is an excerpt from r4k_map_address(), related to addresses >= 0x80000000.
Actually, it maps 0x80000010 and 0xA0000010 to the same physical
address. What's the idea behind that?
What should happen if I map KSEG2 directly as a continuation of KSEG1,
i.e. substitute TLB lookup with "address - (int32_t)KSEG1_BASE"? Guest
Linux seems to work correctly (but maybe it's just a matter of luck?).

Thanks!

#define KSEG0_BASE 0x80000000UL
#define KSEG1_BASE 0xA0000000UL
#define KSEG2_BASE 0xC0000000UL
#define KSEG3_BASE 0xE0000000UL
//..............
if (address < (int32_t)KSEG1_BASE) {
  /* kseg0 */
  if (kernel_mode) {
    *physical = address - (int32_t)KSEG0_BASE;
    *prot = PAGE_READ | PAGE_WRITE;
  } else {
    ret = TLBRET_BADADDR;
  }
} else if (address < (int32_t)KSEG2_BASE) {
  /* kseg1 */
  if (kernel_mode) {
    *physical = address - (int32_t)KSEG1_BASE;
    *prot = PAGE_READ | PAGE_WRITE;
  } else {
    ret = TLBRET_BADADDR;
  }
} else if (address < (int32_t)KSEG3_BASE) {
    /* sseg (kseg2) */
    if (supervisor_mode || kernel_mode) {
      ret = env->tlb->map_address(env, physical, prot, real_address,
rw, access_type);
    } else {
      ret = TLBRET_BADADDR;
  }



reply via email to

[Prev in Thread] Current Thread [Next in Thread]