On 3 February 2014 15:18, Xin Tong <[email protected]> wrote:
> This patch adds a victim TLB to the QEMU system mode TLB.
> @@ -264,8 +286,15 @@ void tlb_set_page(CPUArchState *env, target_ulong vaddr,
> prot, &address);
>
> index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
> - env->iotlb[mmu_idx][index] = iotlb - vaddr;
> te = &env->tlb_table[mmu_idx][index];
> +
> + /* do not discard the translation in te, evict it into a victim tlb */
> + unsigned vidx = env->vtlb_index++ % CPU_VTLB_SIZE;
Variable declarations should go at the start of a block.
> +/* macro to check the victim tlb */
> +#define VICTIM_TLB_HIT(ty)
> \
> +({
> \
> + /* we are about to do a page table walk. our last hope is the
> \
> + * victim tlb. try to refill from the victim tlb before walking the
> \
> + * page table. */
> \
> + int vidx;
> \
> + hwaddr tmpiotlb;
> \
> + CPUTLBEntry tmptlb;
> \
> + for (vidx = CPU_VTLB_SIZE; vidx >= 0; --vidx) {
> \
> + if (env->tlb_v_table[mmu_idx][vidx].ty == (addr & TARGET_PAGE_MASK))
> {\
> + /* found entry in victim tlb, swap tlb and iotlb */
> \
> + tmptlb = env->tlb_table[mmu_idx][index];
> \
> + env->tlb_table[mmu_idx][index] =
> env->tlb_v_table[mmu_idx][vidx]; \
> + env->tlb_v_table[mmu_idx][vidx] = tmptlb;
> \
> + tmpiotlb = env->iotlb[mmu_idx][index];
> \
> + env->iotlb[mmu_idx][index] = env->iotlb_v[mmu_idx][vidx];
> \
> + env->iotlb_v[mmu_idx][vidx] = tmpiotlb;
> \
> + break;
> \
> + }
> \
> + }
> \
This loop indexes off the end of the [vidx] arrays on its
first iteration, doesn't it?
thanks
-- PMM
