[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] How address_space_rw works?
From: |
Kaiyuan |
Subject: |
Re: [Qemu-devel] How address_space_rw works? |
Date: |
Fri, 10 Apr 2015 12:47:12 +0800 (GMT+08:00) |
> That's because we have a fast-path for RAM accesses that directs
> them to the bit of host memory we're using as guest RAM:
> * for KVM, the guest gets the host memory directly mapped and
> accesses it without trapping out to userspace
> * for TCG, our TLB data structure caches the guest-virtual-address
> to host-virtual-address mapping, and the generated TCG code
> does a fast inline lookup in this cache; if it hits then it
> can load or store to the host memory without ever having to
> come out to a C helper function
Thanks for your explanation about fast path. I am reviewing and debugging code related to TCG.
Where is the code location that I can set breakpoint to observe the fast path for R/W requests to RAM?
Whether dose Qemu provide method to disable fast path so that I can set one breakpoint to catch all requests both MMIO and RAM?
> address_space_rw is one of the functions used in the slow path,
> which is taken for IO accesses, or for other corner cases like
> accessing memory with a debug watchpoint set. Note that not
> all accesses go through it; there are other ways to access the
> address space including the ldl_phys() functions, and TCG
> slow-path accesses go directly to io_mem_read/write because
> they've already dealt with the RAM case.
By debugging Qemu, I see call stack trace that io_writeb/io_readb ->... -> io_mem_read/write ->... -> address_space_rw. Can I catch all MMIO access requests by setting single breakpoint in io_writeeb or io_readb? Thank you very much.
-Kaiyuan Liang