0

How does qemu intercept only those addresses in the address space that belong to memory mapped devices?

Can someone please explain the full path of, let's say, a read? How does the read from an address X get intercepted (and directed to a device back-end)? And then how is the read completed?

Ziffusion
  • 8,779
  • 4
  • 29
  • 57
  • 1
    The second half of this answer is basically what you're after for the full-path bit: https://stackoverflow.com/questions/47151936/what-role-do-qemu-and-kvm-play-in-virtual-machine-i-o/47267994#47267994 . For "how is it intercepted" the answer is "KVM controls the stage 2 page tables and doesn't map anything at the intermediate physical addresses where MMIO devices are". – Peter Maydell Mar 04 '22 at 22:45
  • That answers a part of my question. But I am still fuzzy on how the load instruction is completed in the guest. How does it return the value that the device back-end ostensibly returned / setup? Trying to understand the specific mechanism that makes it possible. – Ziffusion Mar 04 '22 at 22:59
  • 1
    When the fault traps to the hypervisor it has full control of what happens to the guest. In particular it can do "update guest register x3 or whatever to the value that the load should be and move guest program counter forward 4", which effectively simulates the effect of the load instruction without the CPU actually executing it. – Peter Maydell Mar 04 '22 at 23:13
  • Thanks! I was kind of drifting towards this myself. So the hypervisor has to figure out which instruction is being executed, figure out the target register and set it up. Makes sense. If you post this as an answer, I'll accept it. – Ziffusion Mar 04 '22 at 23:16
  • 1
    I'm having this conversation in comments because I think it overlaps a lot with that other answer, and I'm too lazy to write it all up properly :-) – Peter Maydell Mar 05 '22 at 10:55
  • 1
    Depending on the host architecture, the CPU might give assistance in the "figure out the instruction and register" part, by the way -- for instance on Arm there's a system register that has fields that tell you "this was a load, of 32 bits, to register X3", so you don't need to actually look at the instruction itself and figure out what it was doing (emulate it), the way you need to on x86. – Peter Maydell Mar 05 '22 at 11:51
  • Oh cool. Thanks! – Ziffusion Mar 06 '22 at 05:02
  • BTW - I would appreciate some input on: https://stackoverflow.com/questions/71358858/how-does-linux-schedule-vcpus-equitably-without-any-real-insight-into-the-worklo – Ziffusion Mar 06 '22 at 05:05

0 Answers0