[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] How address_space_rw works?
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] How address_space_rw works? |
Date: |
Thu, 9 Apr 2015 09:57:33 +0100 |
On 9 April 2015 at 09:34, Kaiyuan <address@hidden> wrote:
> Hello, guys
>
> In my understanding, function exec.c:address_space_rw is used to handle read
> and write access requests to address space. In order to check my opinion, I
> write guest code and debug Qemu to see the path of code execution.
>
> If I read or write with address of MMIO like UART, it will hit function
> address_space_rw.
>
> *UART_ADDR = 'c'; //hit address_space_rw
>
> However, if I read from or write to RAM address, it does NOT hit
> address_space_rw.
That's because we have a fast-path for RAM accesses that directs
them to the bit of host memory we're using as guest RAM:
* for KVM, the guest gets the host memory directly mapped and
accesses it without trapping out to userspace
* for TCG, our TLB data structure caches the guest-virtual-address
to host-virtual-address mapping, and the generated TCG code
does a fast inline lookup in this cache; if it hits then it
can load or store to the host memory without ever having to
come out to a C helper function
address_space_rw is one of the functions used in the slow path,
which is taken for IO accesses, or for other corner cases like
accessing memory with a debug watchpoint set. Note that not
all accesses go through it; there are other ways to access the
address space including the ldl_phys() functions, and TCG
slow-path accesses go directly to io_mem_read/write because
they've already dealt with the RAM case.
-- PMM