On Mon, Apr 16, 2012 at 10:51 PM, 陳韋任 <che...@iis.sinica.edu.tw> wrote: >> what does the inline sequence look like ? what kind of things (other >> than refill tlb) performed in callout but not the inlined sequence ? > > What do you mean by the inline sequence, the host binary? If so, > > --- > ---- 0xe86c8 > mov_i32 tmp2,edi > qemu_ld8u tmp0,tmp2,$0x0 > ext8u_i32 tmp12,tmp0 > movi_i32 tmp13,$0xffffff00 > and_i32 edx,edx,tmp13 > or_i32 edx,edx,tmp12 > > OUT: [size=172] > 0x40000ce0: mov 0x1c(%r14),%ebp > 0x40000ce4: mov %ebp,%esi <--- (a) > 0x40000ce6: mov %ebp,%edi > 0x40000ce8: shr $0x7,%esi > 0x40000ceb: and $0xfffff000,%edi > 0x40000cf1: and $0x1fe0,%esi > 0x40000cf7: lea 0x348(%r14,%rsi,1),%rsi > 0x40000cff: cmp (%rsi),%edi > 0x40000d01: mov %ebp,%edi > 0x40000d03: jne 0x40000d0e > 0x40000d05: add 0x10(%rsi),%rdi > 0x40000d09: movzbl (%rdi),%ebp > 0x40000d0c: jmp 0x40000d18 > 0x40000d0e: xor %esi,%esi > 0x40000d10: callq 0x54cf8e <--- (b) > 0x40000d15: movzbl %al,%ebp > 0x40000d18: movzbl %bpl,%ebp > 0x40000d1c: mov 0x8(%r14),%ebx > --- >
I had anotated the inlined TLB lookup sequence. can you please help me verify whether it is correct ? I am putting this in a paper... must make sure it is correct ... # %ebp is the guest virtual address. 0x40000ce4: mov %ebp,%esi # %ebp is the guest virtual address. 0x40000ce6: mov %ebp,%edi # take the page address of the guest virtual address. # take the bit 12 - 19 of the guest virtual address. 0x40000ce8: shr $0x7,%esi 0x40000ceb: and $0xfffff000,%edi 0x40000cf1: and $0x1fe0,%esi # index into the software tlb using the bit 12 - 19. 0x40000cf7: lea 0x348(%r14,%rsi,1),%rsi # check for a possible match 0x40000cff: cmp (%rsi),%edi 0x40000d01: mov %ebp,%edi 0x40000d03: jne 0x40000d0e # there is a match, calculate the translated address. 0x40000d05: add 0x10(%rsi),%rdi 0x40000d09: movzbl (%rdi),%ebp 0x40000d0c: jmp 0x40000d18 # can not find a match, perform the callout. 0x40000d0e: xor %esi,%esi 0x40000d10: callq callout_TLBLookup # other emulation code 0x40000d18: movzbl %bpl,%ebp 0x40000d1c: mov 0x8(%r14),%ebx > The code between (a) and (b) is (almost) what TLB lookup hit/miss looks like. > If TLB miss, it will call something like __ldb_mmu (b). __ldb_mmu will try to > walk guest page table, then fill TLB entry if page table hit, or raise a guest > page fault exception if page table miss. > > HTH, > chenwj > > -- > Wei-Ren Chen (陳韋任) > Computer Systems Lab, Institute of Information Science, > Academia Sinica, Taiwan (R.O.C.) > Tel:886-2-2788-3799 #1667 > Homepage: http://people.cs.nctu.edu.tw/~chenwj