target-mips里的hepler.c基本上包涵了模拟tlb的全部功能.
cpu_mips_translate_address传入虚地址和env,及rw,返回实地址.如果tlb翻译未成功,则产生一个异常.产生异常通过写env的相关域完成.
rw=1为写,0读
cpu_mips_translate_address函数包裹了get_physical_address
get_physical_address 的参数:
env就是当前运行环境的env结构,大而全
*pyhsical 用于返回真实地址.
*prot 用于返回访问权限.
address是传入的虚拟地址.
rw表示的是要进行的操作是r或w
access_type始终未被使用.
这个函数包裹的真正的getaddress函数,在上面的代码里,如:
r4k_map_address
r4k_map_address
判断各个域,检查asid是否需要匹配,最后给出tlb查询的结果.
static int get_physical_address (CPUState *env, target_phys_addr_t *physical,
int *prot, target_ulong address,
int rw, int access_type)
{
/* User mode can only access useg/xuseg */
int user_mode = (env->hflags & MIPS_HFLAG_MODE) == MIPS_HFLAG_UM;
int supervisor_mode = (env->hflags & MIPS_HFLAG_MODE) == MIPS_HFLAG_SM;
int kernel_mode = !user_mode && !supervisor_mode;
#if defined(TARGET_MIPS64)
int UX = (env->CP0_Status & (1 << CP0St_UX)) != 0;
int SX = (env->CP0_Status & (1 << CP0St_SX)) != 0;
int KX = (env->CP0_Status & (1 << CP0St_KX)) != 0;
#endif
int ret = TLBRET_MATCH;
#if 0
qemu_log("user mode %d h %08x\n", user_mode, env->hflags);
#endif
if (address <= (int32_t)0x7FFFFFFFUL) {
/* useg */
if (env->CP0_Status & (1 << CP0St_ERL)) {
*physical = address & 0xFFFFFFFF;
*prot = PAGE_READ | PAGE_WRITE;
} else {
ret = env->tlb->map_address(env, physical, prot, address, rw, access_type);
}
#if defined(TARGET_MIPS64)
} else if (address < 0x4000000000000000ULL) {
/* xuseg */
if (UX && address <= (0x3FFFFFFFFFFFFFFFULL & env->SEGMask)) {
ret = env->tlb->map_address(env, physical, prot, address, rw, access_type);
} else {
ret = TLBRET_BADADDR;
}
} else if (address < 0x8000000000000000ULL) {
/* xsseg */
if ((supervisor_mode || kernel_mode) &&
SX && address <= (0x7FFFFFFFFFFFFFFFULL & env->SEGMask)) {
ret = env->tlb->map_address(env, physical, prot, address, rw, access_type);
} else {
ret = TLBRET_BADADDR;
}
} else if (address < 0xC000000000000000ULL) {
/* xkphys */
if (kernel_mode && KX &&
(address & 0x07FFFFFFFFFFFFFFULL) <= env->PAMask) {
*physical = address & env->PAMask;
*prot = PAGE_READ | PAGE_WRITE;
} else {
ret = TLBRET_BADADDR;
}
} else if (address < 0xFFFFFFFF80000000ULL) {
/* xkseg */
if (kernel_mode && KX &&
address <= (0xFFFFFFFF7FFFFFFFULL & env->SEGMask)) {
ret = env->tlb->map_address(env, physical, prot, address, rw, access_type);
} else {
ret = TLBRET_BADADDR;
}
#endif
} else if (address < (int32_t)0xA0000000UL) {
/* kseg0 */
if (kernel_mode) {
*physical = address - (int32_t)0x80000000UL;
*prot = PAGE_READ | PAGE_WRITE;
} else {
ret = TLBRET_BADADDR;
}
} else if (address < (int32_t)0xC0000000UL) {
/* kseg1 */
if (kernel_mode) {
*physical = address - (int32_t)0xA0000000UL;
*prot = PAGE_READ | PAGE_WRITE;
} else {
ret = TLBRET_BADADDR;
}
} else if (address < (int32_t)0xE0000000UL) {
/* sseg (kseg2) */
if (supervisor_mode || kernel_mode) {
ret = env->tlb->map_address(env, physical, prot, address, rw, access_type);
} else {
ret = TLBRET_BADADDR;
}
} else {
/* kseg3 */
/* XXX: debug segment is not emulated */
if (kernel_mode) {
ret = env->tlb->map_address(env, physical, prot, address, rw, access_type);
} else {
ret = TLBRET_BADADDR;
}
}
#if 0
qemu_log(TARGET_FMT_lx " %d %d => " TARGET_FMT_lx " %d (%d)\n",
address, rw, access_type, *physical, *prot, ret);
#endif
return ret;
}
#endif
CpuState结构在这里就是CPUMIPSState
其中的tlb项(CPUMIPSTLBContext)保存了指向地址映射的函数指针.
struct CPUMIPSTLBContext {
uint32_t nb_tlb;
uint32_t tlb_in_use;
int (*map_address) (struct CPUMIPSState *env, target_phys_addr_t *physical, int *prot, target_ulong address, int rw, int access_type);
void (*helper_tlbwi) (void);
void (*helper_tlbwr) (void);
void (*helper_tlbp) (void);
void (*helper_tlbr) (void);
union {
struct {
r4k_tlb_t tlb[MIPS_TLB_MAX];
} r4k;
} mmu;
};