I have some issues when accessing guest Linux kernel memory above
0xC0000000 by means of cpu_memory_rw_debug (x86_64 host, MIPS guest),
and I'm trying to debug it.
Here is an excerpt from r4k_map_address(), related to addresses >= 0x80000000.
Actually, it maps 0x80000010 and 0xA0000010 to the same physical
address. What's the idea behind that?
What should happen if I map KSEG2 directly as a continuation of KSEG1,
i.e. substitute TLB lookup with "address - (int32_t)KSEG1_BASE"? Guest
Linux seems to work correctly (but maybe it's just a matter of luck?).
Thanks!
#define KSEG0_BASE 0x80000000UL
#define KSEG1_BASE 0xA0000000UL
#define KSEG2_BASE 0xC0000000UL
#define KSEG3_BASE 0xE0000000UL
//..............
if (address < (int32_t)KSEG1_BASE) {
/* kseg0 */
if (kernel_mode) {
*physical = address - (int32_t)KSEG0_BASE;
*prot = PAGE_READ | PAGE_WRITE;
} else {
ret = TLBRET_BADADDR;
}
} else if (address < (int32_t)KSEG2_BASE) {
/* kseg1 */
if (kernel_mode) {
*physical = address - (int32_t)KSEG1_BASE;
*prot = PAGE_READ | PAGE_WRITE;
} else {
ret = TLBRET_BADADDR;
}
} else if (address < (int32_t)KSEG3_BASE) {
/* sseg (kseg2) */
if (supervisor_mode || kernel_mode) {
ret = env->tlb->map_address(env, physical, prot, real_address,
rw, access_type);
} else {
ret = TLBRET_BADADDR;
}
