On 9 April 2015 at 09:34, Kaiyuan <kaiyu...@tju.edu.cn> wrote: > Hello, guys > > In my understanding, function exec.c:address_space_rw is used to handle read > and write access requests to address space. In order to check my opinion, I > write guest code and debug Qemu to see the path of code execution. > > If I read or write with address of MMIO like UART, it will hit function > address_space_rw. > > *UART_ADDR = 'c'; //hit address_space_rw > > However, if I read from or write to RAM address, it does NOT hit > address_space_rw.
That's because we have a fast-path for RAM accesses that directs them to the bit of host memory we're using as guest RAM: * for KVM, the guest gets the host memory directly mapped and accesses it without trapping out to userspace * for TCG, our TLB data structure caches the guest-virtual-address to host-virtual-address mapping, and the generated TCG code does a fast inline lookup in this cache; if it hits then it can load or store to the host memory without ever having to come out to a C helper function address_space_rw is one of the functions used in the slow path, which is taken for IO accesses, or for other corner cases like accessing memory with a debug watchpoint set. Note that not all accesses go through it; there are other ways to access the address space including the ldl_phys() functions, and TCG slow-path accesses go directly to io_mem_read/write because they've already dealt with the RAM case. -- PMM
