Hi, Jan > You can find the answer yourself: Load qemu into gdb, set a breakpoint > on that function and let it run. If you want to catch only the retaddr > == NULL case, make the breakpoint conditional.
Thanks for your tip. I see when retaddr != NULL, then the calling sequence of tlb_fill might be something like (take i386 guest for example): - __stl_mmu/__ldl_mmu -> tlb_fill - helper_ljmp_protected -> load_segment -> ldl_kernel -> __ldl_mmu I am not sure when/where __stl_mmu/__ldl_mmu are used. I do set breakpoint on __stl_mmu/__ldl_mmu, but the backtrace can only show something like, #0 __stl_mmu (addr=196608, val=0, mmu_idx=0) at /tmp/chenwj/temp/qemu-0.13.0/softmmu_template.h:228 #1 0x00000000400028e1 in ?? () #2 0x00000000000000b4 in ?? () #3 0xecc68ff412fa4137 in ?? () #4 0x0000000000000000 in ?? () When retaddr == NULL, then the calling sequence of tlb_fill is, tb_find_slow -> get_page_addr_code -> ldub_code -> __ldb_cmmu I can only guest the b in __ldb_cmmu means load byte, but I can't figure out what's the difference between _cmmu and _mmu. Could you give me some hint? Thanks! Regards, chenwj -- Wei-Ren Chen (陳韋任) Computer Systems Lab, Institute of Information Science, Academia Sinica, Taiwan (R.O.C.) Tel:886-2-2788-3799 #1667
