[Qemu-devel] TLB collision

From: Michael Rolnik
Subject: [Qemu-devel] TLB collision
Date: Thu, 24 Nov 2011 11:53:10 +0200

Hi all,

I have a question regarding MMU.
I've built a SPARC based small embedded system.
at this system addresses 0x00000000-0x00008000  (32KB) belong to ROM and 0x80000000 - 0x80010000 to RAM. 
the problem is that when a code from first ROM page accesses a memory at the address 0x80000000 there is an infinite loop.

   - cpu_sparc_handle_mmu_fault is called to bring addres 0x00000000
   - cpu_sparc_handle_mmu_fault is called to bring 0x80000000 and flushes 0x00000000
   - cpu_sparc_handle_mmu_fault is called to bring 0x00000000 and flushes 0x80000000

this can be fixed if I set CPU_TLB_BITS to be 20 bits (assuming page size of 4KB).

is there a better solution?

I was thinking about 2-way TLB so two virtual addresses sharing same TLB entry will be resident. 
in order not to degrade performance 
    1. tcg_out_qemu_ld and tcg_out_qemu_st should remain as it, which mean they will always look into way0.
    2. tlb_set_page should copy way0 to way1 and program way0 with new values
    3. all other routines dealing with TLB should search both ways.

what do you think?

Best Regards,
Michael Rolnik

