Hi, > I tried to trace the quest memory access for the load instructions. > However, it seems that the softmmu of qemu only works when qemu > fetches the guest code, like ldub_code? > Is there any place that will call the softmmu for quest memory access, > like ldub_data? Thanks.
You can take a look on qemu_ld/qemu_st, they are TCG IR for guest memory access. For example, take a look on tcg_out_qemu_ld (tcg/i386/tcg-target.c). I only give you a brief introduction on what tcg_out_qemu_ld does here, you can search in the mailing list archieve for more information. Basically, you need to distinguish the following terms: - GVA (Guest Virtual Address) - GPA (Guest Physical Address) - HVA (Host Virtual Address) QEMU will allocate it's virtual memory to the guest virtual machine running upon it, so what guest OS thought as its (guest) physical memory actually is QEMU's virtual memory. When guest application access the guest memory, it'll use GVA. Then guest OS will turn GVA into GPA by using (guest) page tables. Finally, QEMU will turn GPA into HVA (it knows the mapping since it allocates to the guest virtual machine), and use HVA for usual memory access. In order to speedup the address translation (GVA -> GPA -> HVA), QEMU has a software TLB (`grep tlb_table`) which stores GVA -> HVA mapping. For each guest memory access, it'll look for software TLB first (now I am describing what tcg_out_qemu_ld does). If TLB hit, then you have corresponding HVA ready to use; otherwise, it'll call qemu_ld_helpers which are actually functions synthesized by macro in files softmmu_*.h. Note that what I am describing above is for QEMU system mode. Good luck! HTH, chenwj -- Wei-Ren Chen (陳韋任) Computer Systems Lab, Institute of Information Science, Academia Sinica, Taiwan (R.O.C.) Tel:886-2-2788-3799 #1667 Homepage: http://people.cs.nctu.edu.tw/~chenwj
