[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] ARM PC-relative Loads, and TBs in soft MMU
|
From: |
Peter Maydell |
|
Subject: |
Re: [Qemu-devel] ARM PC-relative Loads, and TBs in soft MMU |
|
Date: |
Sat, 23 Apr 2016 13:21:41 +0100 |
On 22 April 2016 at 16:06, Tom Spink <address@hidden> wrote:
> So, my question is, how can a TB for a particular block containing a
> constant folded *virtual* PC work, if the MMU mappings change and a
> different virtual address is used to access the same physical address?
>
> E.g. assume we have an instruction such as: ldr r0, [pc, #8]
>
> If this is compiled in a block that begins at virtual address 0x10000, then
> the load will be emitted as a constant load from address 0x10008 (and will
> be subject to the usual TLB lookup code). But, if the MMU mappings change,
> and the block is entered from virtual address 0x20000 (because 0x20000 now
> points to the same physical page), then the load will be incorrect, as it
> would still be accessing address 0x10000, but should actually be accessing
> address 0x20008.
TBs are looked up by (virtual) PC + flags + physical address, so if
the same lump of code is mapped at two different virtual addresses
we'll translate it twice. (More precisely, tb_find_fast() checks
only the virtual address, but it does so in a cache which is
invalidated when the guest does a TLB invalidate operation; if
the cache misses we fall back to tb_find_slow() which also checks
physical address.)
thanks
-- PMM