> > Where is the code location that I can set breakpoint to observe the fast path for R/W requests to RAM?
>
> Nowhere really, because the fast path is done directly in assembly code
> that TCG generates at run-time.
>
> > Whether dose Qemu provide method to disable fast path so that I can set one breakpoint to catch all requests both MMIO and RAM?
>
> You can modify the backends (e.g. tcg/i386/tcg-target.c) to do this, but
> chances are that there is a better way to do it.
The request address I get from backends is host virtual address. But, only guest physical address is useful to me.
>
> What are you trying to do?
Thanks for your answer. I need to implement a checker that locates logically between bus and memory. This checker will catch all access requests, check if the address of requests are in a table I maintain. If address is in table, checker will forwards request to memory. If address is not in table, request will be discarded. You can think it as a firewall for addresses of R/W access requests.
C code should be simple, a if black can do it. But difficulty for me is to find a location in source where can catch requests and get address of R/W to put code. Could you provide any suggestions? Thank you very much.
-Kaiyuan Liang