Re: [Qemu-devel] How address_space_rw works?

[Kaiyuan]

> That's because we have a fast-path for RAM accesses that directs
> them to the bit of host memory we're using as guest RAM:
>  * for KVM, the guest gets the host memory directly mapped and
>    accesses it without trapping out to userspace
>  * for TCG, our TLB data structure caches the guest-virtual-address
>    to host-virtual-address mapping, and the generated TCG code
>    does a fast inline lookup in this cache; if it hits then it
>    can load or store to the host memory without ever having to
>    come out to a C helper function

Thanks for your explanation about fast path. I am reviewing and debugging code related to TCG.

Where is the code location that I can set breakpoint to observe the fast path for R/W requests to RAM?

Whether dose Qemu provide method to disable fast path so that I can set one breakpoint to catch all requests both MMIO and RAM?

> address_space_rw is one of the functions used in the slow path,
> which is taken for IO accesses, or for other corner cases like
> accessing memory with a debug watchpoint set. Note that not
> all accesses go through it; there are other ways to access the
> address space including the ldl_phys() functions, and TCG
> slow-path accesses go directly to io_mem_read/write because
> they've already dealt with the RAM case.

By debugging Qemu, I see call stack trace that io_writeb/io_readb ->... -> io_mem_read/write ->... -> address_space_rw. Can I catch all MMIO access requests by setting single breakpoint in io_writeeb or io_readb? Thank you very much.


-Kaiyuan Liang