QEMUã®ãªã‹ã¿(QEMU internals) part2
å‰å›ž(part1)rkx1209.hatenablog.com
ã®ç¶šãã§ã™ã€‚
part2ã§ã¯ä»®æƒ³IRQ,ãƒãƒƒãƒ—セット,仮想IO,TCGを見ã¦ã„ãã¾ã™ã€‚
多分part2ã§çµ‚ã‚ã‚Šã§ã™ã€‚(時間ãŒã‚ã‚Œã°ã¾ãŸã„ã¤ã‹part3ã¨ã‹æ›¸ã„ã¦ã¿ãŸã„ã§ã™ã...)
ã§ã¯ã¾ãšä»®æƒ³IRQã‹ã‚‰è¦‹ã¦ã„ãã¾ã™ã€‚
6.仮想IRQ
QEMUã«ãŠã„ã¦IRQã¯IRQStateæ§‹é€ ä½“ã§è¡¨ã•ã‚Œã¾ã™ã€‚
(hw/core/irq.c)
struct IRQState { Object parent_obj; qemu_irq_handler handler; void *opaque; int n; };
nãŒIRQ番å·ã§handlerãŒIRQ#nã«å¯¾å¿œã™ã‚‹ãƒãƒ³ãƒ‰ãƒ©ã§ã™ã€‚ã¾ãŸIRQStateã¯(include/hw/irq.h)ã§qemu_irqã«typedefã•ã‚Œã¦ã„ã‚‹ãŸã‚以é™ã¯qemu_irqã¨å‘¼ã³ã¾ã™ã€‚
ã§ã¯å‰å›žè¦‹ã¦ã„ãŸãƒžã‚·ãƒ³åˆæœŸåŒ–ã®ãƒ¡ã‚¤ãƒ³éƒ¨åˆ†ã§ã‚ã‚‹pc_init1ã®ç¶šãã‹ã‚‰è¦‹ã¦è¡Œãã¾ã—ょã†ã€‚
(hw/i386/pc_piix.c: pc_init1)
static void pc_init1(MachineState *machine, const char *host_type, const char *pci_type) { ... ISABus *isa_bus; ... qemu_irq *gsi; qemu_irq *i8259; qemu_irq smi_irq; GSIState *gsi_state; ... gsi_state = g_malloc0(sizeof(*gsi_state)); [*1] ... else { gsi = qemu_allocate_irqs(gsi_handler, gsi_state, GSI_NUM_PINS); [*2] } isa_bus_irqs(isa_bus, gsi); [*6] ... else { i8259 = i8259_init(isa_bus, pc_allocate_cpu_irq());[*7] } ... for (i = 0; i < ISA_NUM_IRQS; i++) { gsi_state->i8259_irq[i] = i8259[i]; [*8] } ... }
[*1]ã§GSIStateを確ä¿ã—ã¦ã„ã¾ã™ã€‚GSIã¯Global System Interruptsã®ç•¥ã§qemu_irqã‚’ç½®ã„ã¦ãŠãã‚°ãƒãƒ¼ãƒãƒ«ãªã‚³ãƒ³ãƒ†ã‚ストã§ã™ã€‚
[*2]ã§#0 ~ #GSI_NUM_PINSã¾ã§ã®IRQã‚’åˆæœŸåŒ–ã—ã¦ã„ãã¾ã™ã€‚
(hw/core/irq.c)
qemu_irq *qemu_extend_irqs(qemu_irq *old, int n_old, qemu_irq_handler handler, void *opaque, int n) { qemu_irq *s; int i; if (!old) { n_old = 0; } s = old ? g_renew(qemu_irq, old, n + n_old) : g_new(qemu_irq, n); for (i = n_old; i < n + n_old; i++) { s[i] = qemu_allocate_irq(handler, opaque, i); [*3] } return s; } qemu_irq *qemu_allocate_irqs(qemu_irq_handler handler, void *opaque, int n) { return qemu_extend_irqs(NULL, 0, handler, opaque, n); } qemu_irq qemu_allocate_irq(qemu_irq_handler handler, void *opaque, int n) { struct IRQState *irq; irq = IRQ(object_new(TYPE_IRQ)); [*4] irq->handler = handler; irq->opaque = opaque; irq->n = n; return irq; }
[*3]ã§ãã‚Œãžã‚Œã®IRQã‚’åˆæœŸåŒ–ã—ã¦ã„ã¾ã™ã€‚具体的ã«ã¯[*4]ã§TYPE_IRQåž‹ã®ã‚ªãƒ–ジェクトをnewã—ã¦ã„ã¾ã™ã。ã§ã¯qemu_allocate_irqsã«æ¸¡ã•ã‚Œã¦ã„ã‚‹ãƒãƒ³ãƒ‰ãƒ©ã€gsi_handlerを見ã¦ã¿ã¾ã™ã€‚
(hw/i386/pc.c)
void gsi_handler(void *opaque, int n, int level) { GSIState *s = opaque; DPRINTF("pc: %s GSI %d\n", level ? "raising" : "lowering", n); if (n < ISA_NUM_IRQS) { qemu_set_irq(s->i8259_irq[n], level);[*5] } qemu_set_irq(s->ioapic_irq[n], level); }
IRQナンãƒãƒ¼ãŒISAã®ç¯„囲ã§æ‰±ãˆã‚‹ãªã‚‰[*5]ã§å‰²ã‚Šè¾¼ã¿ã‚’発生ã•ã›ã¦ã„ã¾ã™ã€‚扱ãˆãªã„範囲ã¯APICã§å‰²ã‚Šè¾¼ã‚“ã§ã„ã¾ã™ã€‚
(hw/core/irq.c)
void qemu_set_irq(qemu_irq irq, int level) { if (!irq) return; irq->handler(irq->opaque, irq->n, level); }
qemu_set_irqã¯æŒ‡å®šã•ã‚ŒãŸirqã®ãƒãƒ³ãƒ‰ãƒ©ã‚’呼ã³å‡ºã™ã ã‘ã§ã™ã€‚ã“ã‚Œã§å‰²ã‚Šè¾¼ã¿ãŒç™ºç”Ÿã—ã¾ã™ã€‚ç°¡å˜ã§ã™ã。
ã§ã¯pc_init1ã«æˆ»ã‚Šã¾ã—ょã†ã€‚
[*6]ã®isa_bus_irqs(hw/isa/isa-bus.c)ã§ISAãƒã‚¹ã«gsiã‚’è¨å®šã—ã¦ã„ã¾ã™ã€‚PCIãƒã‚¹ã®ã‚ˆã†ã«4ピンã‹ã‚‰ã‚³ãƒ³ãƒ•ã‚£ã‚°ãƒ¬ãƒ¼ã‚·ãƒ§ãƒ³ã‚’通ã—ã¦IRQã«å¯¾å¿œã•ã›ã‚‹å¿…è¦ã¯ç„¡ã„ã®ã§ã“ã®ã‚ˆã†ã«ç´ ç›´ãªä»£å…¥ã§æ¸ˆã‚“ã§ã„ã¾ã™ã€‚[*7]ã§isa_busã«æŽ¥ç¶šã•ã‚Œã‚‹i8259ã‚’åˆæœŸåŒ–ã—ã¦ã„ã¾ã™ã€‚(isa_busã«ã¤ã„ã¦ã¯æ¬¡ã®ç« ã§èª¬æ˜Žã—ã¾ã™)
(hw/intc/i8259.c: i8259_init)
qemu_irq *i8259_init(ISABus *bus, qemu_irq parent_irq)
{
qemu_irq *irq_set;
DeviceState *dev;
ISADevice *isadev;
int i;
irq_set = g_new0(qemu_irq, ISA_NUM_IRQS);
/* Init i8259(master) */
isadev = i8259_init_chip(TYPE_I8259, bus, true); [*9]
dev = DEVICE(isadev);
qdev_connect_gpio_out(dev, 0, parent_irq);
for (i = 0 ; i < 8; i++) {
irq_set[i] = qdev_get_gpio_in(dev, i);
}
isa_pic = dev;
/* Init i8259(slave) */
isadev = i8259_init_chip(TYPE_I8259, bus, false); [*10]
dev = DEVICE(isadev);
qdev_connect_gpio_out(dev, 0, irq_set[2]); [*11]
for (i = 0 ; i < 8; i++) {
irq_set[i + 8] = qdev_get_gpio_in(dev, i);
}
slave_pic = PIC_COMMON(dev);
/* irq_set is GPIO of i8259 */
return irq_set;
}
[*9][*10]ã§ãã‚Œãžã‚Œi8259ã®ãƒžã‚¹ã‚¿ãƒ¼ã€ã‚¹ãƒ¬ãƒ¼ãƒ–ã‚’åˆæœŸåŒ–ã—ã€[*11]ã§ã¯devã®unnamed-gpio-out[0]プãƒãƒ‘ティã€ã™ãªã‚ã¡IRQã®å‡ºåŠ›ã‚’マスターã®irq_set[2]ã«è¨å®šã—ã¦ã„ã¾ã™ã€‚ã“ã‚Œã§ã‚«ã‚¹ã‚±ãƒ¼ãƒ‰æŽ¥ç¶šãŒå®Œäº†ã—ã¾ã—ãŸã€‚ã¾ãŸã“ã“ã§irq_setã«è¨å®šã•ã‚Œã‚‹ãƒãƒ³ãƒ‰ãƒ©ã¯pc_allocate_cpu_irq(hw/i386/pc.c)ã§æŒ‡å®šã•ã‚Œã¦ã„ã‚‹pic_irq_requestã§ã™ã€‚
(hw/i386/pc.c: pic_irq_request)
static void pic_irq_request(void *opaque, int irq, int level) { CPUState *cs = first_cpu; X86CPU *cpu = X86_CPU(cs); DPRINTF("pic_irqs: %s irq %d\n", level? "raise" : "lower", irq); ... else { if (level) { cpu_interrupt(cs, CPU_INTERRUPT_HARD); } else { cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD); } } }
(translate-all.c: cpu_interrupt)
void cpu_interrupt(CPUState *cpu, int mask) { cpu->interrupt_request |= mask; cpu->tcg_exit_req = 1; }
cpu_interruptã¯CPUStateã«ãƒãƒ¼ãƒ‰å‰²ã‚Šè¾¼ã¿ãŒç™ºç”Ÿã—ãŸäº‹ã‚’通知ã—TCGã®å®Ÿè¡Œã‚’ä¸æ¢ã™ã‚‹ã‚ˆã†è¦æ±‚ã—ã¾ã™ã€‚(TCGã«ã¤ã„ã¦ã¯å¾Œã»ã©èª¬æ˜Žã—ã¾ã™)
最後ã«[*8]ã«ã¦gsi_stateã®qemu_irqã«ä¸Šã§è¨å®šã—ãŸç‰©ã‚’代入ã—ã¦ã„ãã¾ã™ã€‚ã“ã‚Œã§qemu_set_irqãŒå®Ÿè¡Œã•ã‚ŒãŸå ´åˆã€gsi_stateを通ã—ã¦pic_irq_requestãŒå‘¼ã³å‡ºã•ã‚Œã‚‹äº‹ã«ãªã‚Šã¾ã™ã€‚
7.仮想ãƒãƒƒãƒ—セット
ã•ã¦æ¬¡ã¯ä»®æƒ³ãƒãƒƒãƒ—セットã§ã™ã€‚念ã®ç‚ºãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã®å…¨ä½“åƒpart1ã¨ã¯é•ã†ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§è¼‰ã›ã¦ãŠãã¾ã™ã€‚
INTEL 440FX PCISET 82441FX PCI AND MEMORY CONTROLLER (PMC) AND 82442FX DATA BUS
ACCELERATOR (DBX)より
http://download.intel.com/design/chipsets/datashts/29054901.pdf
ã§ã¯pc_init1ã«æˆ»ã£ã¦ä»Šåº¦ã¯i440fxã‚’åˆæœŸåŒ–ã—ã¦ã„る部分を見ã¦è¡Œãã¾ã—ょã†ã€‚
(hw/i386/pc_piix.c: pc_init1)
if (pci_enabled) { /* hosttype: TYPE_I440FX_PCI_HOST_BRIDGE "i440FX-pcihost" pci_type: TYPE_I440FX_PCI_DEVICE "i440FX" gsi: IRQ system_memory: main memory */ pci_bus = i440fx_init(host_type, pci_type, &i440fx_state, &piix3_devfn, &isa_bus, gsi, system_memory, system_io, machine->ram_size, pcms->below_4g_mem_size, pcms->above_4g_mem_size, pci_memory, ram_memory);[*1] }
host_typeã¨ã„ã†ã®ã¯ä¸Šå›³ã«ã‚‚ã‚るよã†ã«CPUã®ãƒã‚¹ã¨PCIãƒã‚¹ã‚’ã¤ãªããŸã‚ã®PCI Host Bridgeを表ã—ã¦ã„ã¾ã™ã€‚ã¾ãŸpci_typeã¯ã¤ãªãå…ˆã®PCIを表ã—ã¦ã„ã¾ã™ã€‚
(hw/pci-host/piix.c)
PCIBus *i440fx_init(const char *host_type, const char *pci_type, PCII440FXState **pi440fx_state, int *piix3_devfn, ISABus **isa_bus, qemu_irq *pic, MemoryRegion *address_space_mem, MemoryRegion *address_space_io, ram_addr_t ram_size, ram_addr_t below_4g_mem_size, ram_addr_t above_4g_mem_size, MemoryRegion *pci_address_space, MemoryRegion *ram_memory) { DeviceState *dev; PCIBus *b; PCIDevice *d; PCIHostState *s; PIIX3State *piix3; PCII440FXState *f; unsigned i; I440FXState *i440fx; dev = qdev_create(NULL, host_type); [*2] s = PCI_HOST_BRIDGE(dev);[*3] b = pci_bus_new(dev, NULL, pci_address_space, address_space_io, 0, TYPE_PCI_BUS); [*4] s->bus = b; [*5] object_property_add_child(qdev_get_machine(), "i440fx", OBJECT(dev), NULL); [*6] qdev_init_nofail(dev); [*7] d = pci_create_simple(b, 0, pci_type); [*8] *pi440fx_state = I440FX_PCI_DEVICE(d); f = *pi440fx_state; f->system_memory = address_space_mem; f->pci_address_space = pci_address_space; f->ram_memory = ram_memory; i440fx = I440FX_PCI_HOST_BRIDGE(dev); i440fx->pci_info.w32.begin = below_4g_mem_size; /* setup pci memory mapping */ pc_pci_as_mapping_init(OBJECT(f), f->system_memory, f->pci_address_space); [*9] ... else { PCIDevice *pci_dev = pci_create_simple_multifunction(b, -1, true, "PIIX3"); [*10] piix3 = PIIX3_PCI_DEVICE(pci_dev); pci_bus_irqs(b, piix3_set_irq, pci_slot_get_pirq, piix3, PIIX_NUM_PIRQS); [*11] pci_bus_set_route_irq_fn(b, piix3_route_intx_pin_to_irq); [*12] } piix3->pic = pic; [*13] *isa_bus = ISA_BUS(qdev_get_child_bus(DEVICE(piix3), "isa.0")); [*14] *piix3_devfn = piix3->dev.devfn; ... return b; }
[*2]qdev_createã§ã¯æ–°ã—ã„DeviceStateを確ä¿ã—ã¾ã™ã€‚DeviceStateã¯è‡ªåˆ†ãŒæŽ¥ç¶šã•ã‚Œã¦ã„ã‚‹ãƒã‚¹ã®æƒ…å ±ã‚’parentã¨ã—ã¦æŒã¡ã¾ã™ã€‚第1引数ã«ã¯ãã®parentã«æŒ‡å®šã™ã‚‹BusStateを渡ã—ã¾ã™ãŒã“ã®å ´åˆNULLãªã®ã§ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã®ãƒ«ãƒ¼ãƒˆãƒã‚¹ãŒparentã«ãªã‚Šã¾ã™ã€‚
ã¾ãŸç¬¬2引数ã«ã¯ä½œæˆã™ã‚‹Qdevã®ã‚¿ã‚¤ãƒ—åを指定ã—ã¾ã™ã€‚(ã“ã“ã§ã¯i440FX-pcihost)
[*3]ã§PCIHostBridgeClassã®ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã§ã‚ã‚‹PCIHostStateã«è§£é‡ˆã—ã¦ã„ã¾ã™ã€‚(part1ã§èª¬æ˜Žã—ãŸQOMã®ãƒãƒªãƒ¢ãƒ¼ãƒ•ã‚£ã‚ºãƒ ã§ã™) PCIHostBridgeClass(include/hw/pci/pci_host.h)ã¯SysBusDeviceClass(include/hw/sysbus.h)を継承ã—ã¦ã„ã¾ã™ã€‚
[*4]ã®pci_bus_newã§PCIBusClass(include/hw/pci/pci_bus.h)ã®ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã§ã‚ã‚‹PCIBusã‚’åˆæœŸåŒ–ã—ã¦ã„ã¾ã™ã€‚
PCIBus *pci_bus_new(DeviceState *parent, const char *name, MemoryRegion *address_space_mem, MemoryRegion *address_space_io, uint8_t devfn_min, const char *typename) { PCIBus *bus; bus = PCI_BUS(qbus_create(typename, parent, name)); pci_bus_init(bus, parent, name, address_space_mem, address_space_io, devfn_min); return bus; }
parentã¯ãƒã‚¹ãŒç”Ÿãˆã¦ã„る親デãƒã‚¤ã‚¹(DeviceState)ã§ã™ã€‚BusStateã¯è¦ªã«DeviceStateã‚’æŒã¡ã€DeviceStateも親ã«BusStateã‚’æŒã£ã¦ã„ã¾ã™ã€‚ã¤ã¾ã‚Šã“れらã¯äº¤äº’ã«ã¤ãªãŒã£ã¦ã„ãè¨è¨ˆã«ãªã£ã¦ã„ã¾ã™ã€‚(ã¾ã‚ボードã®å›žè·¯å›³ã‚’考ãˆã‚Œã°ãã†ãªã‚‹ã®ãŒè‡ªç„¶ã§ã™ã)
[*5]ã§ãƒ›ã‚¹ãƒˆãƒ–リッジã«PCIBusã‚’ã¤ãªã„ã§ã„ã¾ã™ã€‚
[*6]ã§ã¯object_property_add_childã§"i440fx"プãƒãƒ‘ãƒ†ã‚£ã‚’è¿½åŠ ã—コンテナã«ã¤ãªã„ã§ã„ã¾ã™ã€‚
ãã†ã„ãˆã°part1ã®2ç« QOMã®æ‰€ã§ã‚³ãƒ³ãƒ†ãƒŠã®èª¬æ˜Žã‚’ã—ã¦ã„ãªã‹ã£ãŸã®ã§ã“ã‚Œã«ã¤ã„ã¦ã¯å°‘ã—詳ã—ã見ã¦è¡Œãã¾ã—ょã†
(qom/object.c)
void object_property_add_child(Object *obj, const char *name, Object *child, Error **errp) { Error *local_err = NULL; gchar *type; ObjectProperty *op; ... type = g_strdup_printf("child<%s>", object_get_typename(OBJECT(child))); op = object_property_add(obj, name, type, object_get_child_property, NULL, object_finalize_child_property, child, &local_err); ... child->parent = obj; out: g_free(type); }
ã¾ã‚ã»ã¨ã‚“ã©object_property_addã®wrapperãªã®ã§ã™ãŒã€æœ€å¾Œã«childã‚’objã®åã¨ã—ã¦ç¹‹ãŽç›´ã—ã¦ã„ã¾ã™ã€‚
ãˆã€Objectã£ã¦è¦ªå関係ãªã‚“ã¦ã‚ã£ãŸã‘ã¨ãªã‚‹ã¨æ€ã„ã¾ã™ãŒã€ã“ã‚Œã¯QOMã®ã‚³ãƒ³ãƒ†ãƒŠ(ã¨å‘¼ã‚“ã§è‰¯ã„ã®ã‹ãª)ã§ä½¿ç”¨ã™ã‚‹æ™‚ã®ã¿ä½¿ã‚れる関係ã§ã™ã€‚コンテナã¯é‡è¦ãªã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã‚’æœ¨æ§‹é€ ã§ã¤ãªã„ã§ãŠãã‚‚ã®ã§ãƒ«ãƒ¼ãƒˆã¯object_get_root()ã§å–å¾—ã§ãã¾ã™ã€‚
qdev_get_machineを見ã¦ã¿ã‚‹ã¨åˆ†ã‹ã‚Šã¾ã™ã€‚
(hw/core/qdev.c)
Object *qdev_get_machine(void) { static Object *dev; if (dev == NULL) { dev = container_get(object_get_root(), "/machine"); } return dev; }
コンテナã®æœ¨æ§‹é€ ã¯ãƒ•ã‚¡ã‚¤ãƒ«ãƒ‘スã®ã‚ˆã†ã«ã‚¢ã‚¯ã‚»ã‚¹ã—ã¾ã™ã€‚ã“ã“ã§ã¯root/machineオブジェクトをå–å¾—ã—ã¦ã„る訳ã§ã™ã€‚
ã¤ã¾ã‚Š[*6]ã¯root/machineオブジェクト(-machineã§æŒ‡å®šã—ãŸMachineClassã§ã™)ã®"i440fx"プãƒãƒ‘ティã«devオブジェクトをã¤ãªãŽroot/machine/i440fxを作æˆã—ã¦ã„ã¾ã™ã€‚
ã•ã¦[*7]ã®qdev_init_nofail(hw/core/qdev.c)ã§devã®realizedプãƒãƒ‘ティをtrueã«è¨å®šã—ã¦ã„ã¾ã™ã€‚realizedプãƒãƒ‘ティã¯part1ã§ã‚‚説明ã—ã¾ã—ãŸãŒãƒ‡ãƒã‚¤ã‚¹ãŒèµ·å‹•ã•ã‚Œã‚‹éš›trueã«è¨å®šã•ã‚Œã¾ã™ã€‚
ã¡ãªã¿ã«initã®ã‚ˆã†ãªåå‰ã§ãªãreazliedã¨ã„ã†åå‰ãŒã¤ã„ã¦ã„ã‚‹ã®ã¯æらãQMP(QEMU Machine Protocol)ãªã©ã‚’利用ã—ãŸãƒ‡ãƒã‚¤ã‚¹ã®ãƒ›ãƒƒãƒˆãƒ—ラグ時ã«å‘¼ã³å‡ºã•ã‚Œã‚‹ã‹ã‚‰ã ã¨æ€ã‚ã‚Œã¾ã™ã€‚(プラグã«æ°—付ãã¨ã„ã†æ„味åˆã„ã§ã—ょã†ã‹ã)
i440fxブリッジã®realizedコールãƒãƒƒã‚¯é–¢æ•°ã«ã¤ã„ã¦ã¯å¾Œã§è¦‹ã¦ã„ãã¾ã™ã€‚
[*8]ã§ã¯i440fxãƒãƒƒãƒ—本体ã®åˆæœŸåŒ–ã‚’è¡Œã£ã¦ã„ã¾ã™ã€‚ã¾ãŸ[*9]ã®pc_pci_as_mapping_init(hw/i386/pc.c)ã§ã¯pci_address_spaceã‚’system_memoryã®åã¨ã—ã¦ã¤ãªã„ã§ã„ã¾ã™ã€‚(part1ã®ä»®æƒ³ãƒ¡ãƒ¢ãƒªã®èª¬æ˜Žã‚’見ã¦ãã ã•ã„)
[*10]ã§ã¯PIIX3Stateã‚’åˆæœŸåŒ–ã—ã¦ã„ã¾ã™ã€‚上図ã§ã¯piix4ã¨ãªã£ã¦ã„ã¾ã™ãŒæ£ç¢ºã«ã¯piix3ã«è¿‘ãコードä¸ã§ã¯3ã®æ‰±ã„ã«ãªã£ã¦ã„ã¾ã™ã€‚
[*11]ã®pci_bus_irqs(hw/pci/pci.c)ã§PCIBusã®set_irqã«piix3_set_irqã‚’è¨å®šã—ã¦ã„ã¾ã™ã€‚PICã¯PCIBusを通ã˜ã¦CPUã¸ã¨ã¤ãªãŒã£ã¦ã„ã‚‹ãŸã‚ãƒã‚¹ã¸å‰²ã‚Šè¾¼ã¿ãƒãƒ³ãƒ‰ãƒ©ã‚’è¨å®šã—ã¦ã„ã‚‹ã®ã ã¨æ€ã‚ã‚Œã¾ã™ã€‚
[*12]ã§ã¯ãƒã‚¹ã«piix3_route_intx_pin_to_irqã¨ã„ã†é–¢æ•°ã‚’è¨å®šã—ã¦ã„ã¾ã™ãŒã€ã“ã‚Œã¯ä¸€ä½“何ãªã®ã§ã—ょã†ã‹ã€‚
(hw/pci-host/piix.c: piix3_route_intx_pin_to_irq)
static PCIINTxRoute piix3_route_intx_pin_to_irq(void *opaque, int pin) { PIIX3State *piix3 = opaque; int irq = piix3->dev.config[PIIX_PIRQC + pin]; PCIINTxRoute route; if (irq < PIIX_NUM_PIC_IRQS) { route.mode = PCI_INTX_ENABLED; route.irq = irq; } else { route.mode = PCI_INTX_DISABLED; route.irq = -1; } return route; }
piix3->dev.configã¯å„PCIデãƒã‚¤ã‚¹ã®PCIコンフィグレーション空間ã§ã™ã€‚念ã®ç‚ºä»•æ§˜å›³ã‚’載ã›ã¦ãŠãã¾ã™ã€‚
Wikipedia:PCI configuration spaceより
https://en.wikipedia.org/wiki/PCI_configuration_space
config[PIIX_PIRQC + pin]ã«ã‚ˆã‚Šä¸Šå›³ã®Interrupt Lineã‹ã‚‰å¯¾å¿œã™ã‚‹IRQ番å·ã‚’å–り出ã—ã¦ã„ã‚‹ã‚ã‘ã§ã™ã€‚
[*13]ã§ã¯6ç« ã§gsi_handlerã‚’è¨å®šã—ãŸqemu_irqã®é…列をè¨å®šã—ã€[*14]ã§ISAãƒã‚¹ã‚’åˆæœŸåŒ–ã—ã¦ã„ã¾ã™ã€‚ISAãƒã‚¹ã¯piix3ã®childãƒã‚¹ã¨ãªã£ã¦ã„ã¾ã™ã€‚
8.仮想IO
ã§ã¯æ¬¡ã«ä»®æƒ³IOã«ã¤ã„ã¦è¦‹ã¦ã„ãã¾ã™ã€‚ã“ã“ã§ã¯ä»®æƒ³ãƒ‡ãƒã‚¤ã‚¹ã¨ã—ã¦ãƒ•ãƒãƒƒãƒ”ーディスクドライãƒã‚’見ã¦ã„ãã¾ã™ã€‚(VENOM脆弱性ã§æœ‰åã«ãªã£ãŸã‚ã‚Œã§ã™)
(hw/block/fdc.c)
static const MemoryRegionOps fdctrl_mem_ops = { .read = fdctrl_read_mem, [*3] .write = fdctrl_write_mem, .endianness = DEVICE_NATIVE_ENDIAN, }; static void sysbus_fdc_initfn(Object *obj) { SysBusDevice *sbd = SYS_BUS_DEVICE(obj); FDCtrlSysBus *sys = SYSBUS_FDC(obj); FDCtrl *fdctrl = &sys->state; memory_region_init_io(&fdctrl->iomem, obj, &fdctrl_mem_ops, fdctrl, "fdc", 0x08); [*2] sysbus_init_mmio(sbd, &fdctrl->iomem); } ... static const TypeInfo sysbus_fdc_info = { .name = "sysbus-fdc", .parent = TYPE_SYSBUS_FDC, .instance_init = sysbus_fdc_initfn, [*1] .class_init = sysbus_fdc_class_init, }; static void fdc_register_types(void) { ... type_register_static(&sysbus_fdc_info); ... } type_init(fdc_register_types)
ã„ã¤ã‚‚ã®type_initãŒã‚ã‚Šã“ã‚Œã§ãƒ•ãƒãƒƒãƒ”ークラスをåˆæœŸåŒ–ã—ã¦ã„ã¾ã™ã€‚[*1]ã§ã‚³ãƒ³ã‚¹ãƒˆãƒ©ã‚¯ã‚¿ã¨ã—ã¦sysbus_fdc_initfnã‚’è¨å®šã—ã¦ã„ã¾ã™ã€‚コンストラクタ内ã§ã¯[*2]ã«ãŠã„ã¦MMIOã‚’åˆæœŸåŒ–ã—ã¦ã„ã¾ã™ã€‚MMIOã¯AddressSpaceã¨ã—ã¦address_space_io(exec.c)ã‚’æŒã¡ãã®ä¸‹ã«ãƒãƒ¼ãƒˆç•ªå·ã‚’アドレスã¨ã—ãŸMemoryRegionãŒã¤ãªãŒã£ã¦ã„ãã¾ã™ã€‚(ã“ã®è¾ºã‚Šã®ãƒ‡ãƒ¼ã‚¿æ§‹é€ ã¯part1ã®5.SoftMMUã‚’ã‚‚ã†ä¸€åº¦è¦‹ãªãŠã—ã¦ãã ã•ã„)
ã•ã¦ã“ã®MemoryRegionãŒMMIOã§ã‚ã‚‹å ´åˆã€readãŠã‚ˆã³writeã®ãƒ•ãƒƒã‚¯é–¢æ•°ãŒå‘¼ã³å‡ºã•ã‚Œã¾ã™ã€‚
part1ã§ã¿ãŸaddress_space_lduw_internalã‚’ã‚‚ã†ä¸€åº¦è¦‹ã¦ã¿ã¾ã—ょã†ã€‚
å‰å›žã¯çœç•¥ã—ã¦ã„ã¾ã—ãŸãŒMMIOを処ç†ã™ã‚‹éƒ¨åˆ†ãŒã‚ã‚Šã¾ã™ã€‚
(exec.c: address_space_lduw_internal)
static inline uint32_t address_space_lduw_internal(AddressSpace *as, hwaddr addr, MemTxAttrs attrs, MemTxResult *result, enum device_endian endian) { uint8_t *ptr; uint64_t val; MemoryRegion *mr; hwaddr l = 2; hwaddr addr1; MemTxResult r; bool release_lock = false; rcu_read_lock(); mr = address_space_translate(as, addr, &addr1, &l, false); if (l < 2 || !memory_access_is_direct(mr, false)) { .... /* I/O case */ r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs); [*4] .... } }
MMIOã®å ´åˆ[*4]ã§ãƒ•ãƒƒã‚¯é–¢æ•°ã‚’呼ã³å‡ºã—ã¦ã„ã¾ã™ã€‚
フãƒãƒƒãƒ”ーディスクã®å ´åˆã“ã®ãƒ•ãƒƒã‚¯é–¢æ•°readã¯[*3]ã®fdctrl_read_memã«ãªã‚Šã¾ã™ã€‚
(hw/block/fdc.c)
static uint32_t fdctrl_read (void *opaque, uint32_t reg) { FDCtrl *fdctrl = opaque; uint32_t retval; reg &= 7; switch (reg) { ... case FD_REG_FIFO: retval = fdctrl_read_data(fdctrl); [*5] break; } return retval; } static uint64_t fdctrl_read_mem (void *opaque, hwaddr reg, unsigned ize) { return fdctrl_read(opaque, (uint32_t)reg); }
[*5]ã§ãƒ‡ãƒ¼ã‚¿ãƒ¬ã‚¸ã‚¹ã‚¿ã‹ã‚‰ãƒ‡ãƒ¼ã‚¿ã‚’èªã¿è¾¼ã‚“ã§ã„ã¾ã™ã€‚
(フãƒãƒƒãƒ”ーディスクコントãƒãƒ¼ãƒ©ã®ä»•æ§˜ã¯wikiãªã©ã‚’å‚ç…§ã—ã¦ãã ã•ã„。)
(hw/block/fdc.c)
static uint32_t fdctrl_read_data(FDCtrl *fdctrl) { FDrive *cur_drv; uint32_t retval = 0; uint32_t pos; ... pos = fdctrl->data_pos; pos %= FD_SECTOR_LEN; switch (fdctrl->phase) { case FD_PHASE_EXECUTION: if (pos == 0) { ... if (blk_read(cur_drv->blk, fd_sector(cur_drv), fdctrl->fifo, 1) < 0) { [*6] FLOPPY_DPRINTF("error getting sector %d\n", fd_sector(cur_drv)); /* Sure, image size is too small... */ memset(fdctrl->fifo, 0, FD_SECTOR_LEN); } } } retval = fdctrl->fifo[pos]; FLOPPY_DPRINTF("data register: 0x%02x\n", retval); return retval; }
[*6]ã§ã‚»ã‚¯ã‚¿ç•ªå·ãŠã‚ˆã³BlockBackendを指定ã—ã¦ãƒ–ãƒãƒƒã‚¯èªã¿è¾¼ã¿ã‚’è¡Œã£ã¦ã„ã¾ã™ã€‚
ã“ã“ã‹ã‚‰ã¯ãƒ•ãƒãƒƒãƒ”ーã®ãƒ‡ãƒ¼ã‚¿è»¢é€éƒ¨åˆ†ã‚’扱ã†ãƒ–ãƒãƒƒã‚¯ãƒ‡ãƒã‚¤ã‚¹ãƒ‰ãƒ©ã‚¤ãƒã®å‡¦ç†ã‚’見ã¦ã„ãã¾ã™ã€‚
(block/block-backend.c: blk_read)
int blk_read(BlockBackend *blk, int64_t sector_num, uint8_t *buf, int nb_sectors) { ... return bdrv_read(blk->bs, sector_num, buf, nb_sectors); }
(block/io.c)
static int bdrv_rw_co(BlockDriverState *bs, int64_t sector_num, uint8_t *buf, int nb_sectors, bool is_write, BdrvRequestFlags flags) { QEMUIOVector qiov; struct iovec iov = { .iov_base = (void *)buf, .iov_len = nb_sectors * BDRV_SECTOR_SIZE, }; if (nb_sectors < 0 || nb_sectors > BDRV_REQUEST_MAX_SECTORS) { return -EINVAL; } qemu_iovec_init_external(&qiov, &iov, 1); return bdrv_prwv_co(bs, sector_num << BDRV_SECTOR_BITS, &qiov, is_write, flags); [*7] } int bdrv_read(BlockDriverState *bs, int64_t sector_num, uint8_t *buf, int nb_sectors) { return bdrv_rw_co(bs, sector_num, buf, nb_sectors, false, 0); }
QEMUIOVectorã«IOリクエストをè¨å®šã—ã€[*7]ã§bdrv_prwv_coを呼ã³å‡ºã—ã¦ã„ã¾ã™ã€‚
(block/io.c)
static int bdrv_prwv_co(BlockDriverState *bs, int64_t offset, QEMUIOVector *qiov, bool is_write, BdrvRequestFlags flags) { Coroutine *co; RwCo rwco = { .bs = bs, .offset = offset, .qiov = qiov, .is_write = is_write, .ret = NOT_DONE, .flags = flags, }; ... else { AioContext *aio_context = bdrv_get_aio_context(bs); co = qemu_coroutine_create(bdrv_rw_co_entry); [*8] qemu_coroutine_enter(co, &rwco); [*9] while (rwco.ret == NOT_DONE) { aio_poll(aio_context, true); } } return rwco.ret; }
[*8]ã§ã‚³ãƒ«ãƒ¼ãƒãƒ³ã‚’作æˆã—ã¦ã„ã¾ã™ã€‚QEMUã¯callback hellを回é¿ã™ã‚‹ãŸã‚ã«ç‹¬è‡ªã«ã‚³ãƒ«ãƒ¼ãƒãƒ³ã‚’実装ã—ã¦ãŠã‚Šã€[*9]ã®enterã§bdrv_rw_co_entryコルーãƒãƒ³ã«é£›ã³ã€yieldãŒå‘¼ã°ã‚Œã‚‹ã¨æˆ»ã£ã¦ãã¾ã™ã€‚
(block/io.c)
static void coroutine_fn bdrv_rw_co_entry(void *opaque) { RwCo *rwco = opaque; if (!rwco->is_write) { rwco->ret = bdrv_co_do_preadv(rwco->bs, rwco->offset, rwco->qiov->size, rwco->qiov, rwco->flags); } ... } ... static int coroutine_fn bdrv_co_do_preadv(BlockDriverState *bs, int64_t offset, unsigned int bytes, QEMUIOVector *qiov, BdrvRequestFlags flags) { BlockDriver *drv = bs->drv; BdrvTrackedRequest req; ... ret = bdrv_aligned_preadv(bs, &req, offset, bytes, align, use_local_qiov ? &local_qiov : qiov, flags); [*10] ... return ret; }
bdrv_co_do_preadvã¯ä¸Žãˆã‚ŒãŸãƒ–ãƒãƒƒã‚¯IOè¦æ±‚ã®ã‚¢ãƒ‰ãƒ¬ã‚¹ã®ã‚¢ãƒ©ã‚¤ãƒ¡ãƒ³ãƒˆã‚’調整ã—ãŸå¾Œ[*10]ã®bdrv_aligned_preadvを呼ã³å‡ºã™ã ã‘ã§ã™ã€‚
static int coroutine_fn bdrv_aligned_preadv(BlockDriverState *bs, BdrvTrackedRequest *req, int64_t offset, unsigned int bytes, int64_t align, QEMUIOVector *qiov, int flags) { BlockDriver *drv = bs->drv; int ret; int64_t sector_num = offset >> BDRV_SECTOR_BITS; unsigned int nb_sectors = bytes >> BDRV_SECTOR_BITS; ... /* Forward the request to the BlockDriver */ if (!bs->zero_beyond_eof) { ret = drv->bdrv_co_readv(bs, sector_num, nb_sectors, qiov); } else { /* Read zeros after EOF */ int64_t total_sectors, max_nb_sectors; total_sectors = bdrv_nb_sectors(bs); if (total_sectors < 0) { ret = total_sectors; goto out; } max_nb_sectors = ROUND_UP(MAX(0, total_sectors - sector_num), align >> BDRV_SECTOR_BITS); ... else if (max_nb_sectors > 0) { ret = drv->bdrv_co_readv(bs, sector_num, max_nb_sectors, &local_qiov); [*11] } ... } }
[*11]ã®BlockDriver->bdrv_co_readvã«ã¯-driverオプションã§æŒ‡å®šã—ãŸqemuã®imgå½¢å¼ã«ã‚ˆã£ã¦æŒ‡å®šã•ã‚Œã‚‹é–¢æ•°ãŒé•ã„ã¾ã™ã€‚例ãˆã°qcow2(block/qcow2.c)ã§ã¯qcow2_co_readvãªã©ãŒæŒ‡å®šã•ã‚Œã¦ã„ã¾ã™ã€‚qcow2ã®ç´°ã‹ã„仕様ã«é–¢ã—ã¦ã¯çœç•¥ã—ã¾ã™ã€‚
9.TCG
ã§ã¯ã„よã„よQEMUã®ä¸å¿ƒå‡¦ç†ã§ã‚ã‚‹TCG(Tiny Code Generator)ã®å‡¦ç†ã‚’見ã¦ã„ãã¾ã™ã€‚å‰å›žã®4.仮想CPUã®[*15]を見ã¦ãã ã•ã„。ã“ã®tcg_exec_all()ã¨ã„ã†ã®ãŒTCGã®å®Ÿè¡Œé–‹å§‹é–¢æ•°ã§ã™ã€‚ã§ã¯ã“ã®tcg_exec_all関数ã‹ã‚‰è¦‹ã¦è¡Œãã¾ã—ょã†ã€‚
(cpus.c)
static int tcg_cpu_exec(CPUState *cpu) { ... ret = cpu_exec(cpu);[*2] ... return ret; } static void tcg_exec_all(void) { ... for (; next_cpu != NULL && !exit_request; next_cpu = CPU_NEXT(next_cpu)) { CPUState *cpu = next_cpu; qemu_clock_enable(QEMU_CLOCK_VIRTUAL, (cpu->singlestep_enabled & SSTEP_NOTIMER) == 0); if (cpu_can_run(cpu)) { r = tcg_cpu_exec(cpu); [*1] ... } else if (cpu->stop || cpu->stopped) { break; } } }
[*1]ã§å„vcpuã”ã¨ã«tcg_cpu_execを実行ã—ã¦ã„ã¾ã™ã€‚tcg_cpu_execã§ã¯[*2]ã§cpu_execãŒå‘¼ã³å‡ºã•ã‚Œã¦ãŠã‚Šã€ã“ã“ã‹ã‚‰ãŒãƒ¡ã‚¤ãƒ³ã®å‡¦ç†ã¨ãªã‚Šã¾ã™ã€‚
(cpu-exec.c)
int cpu_exec(CPUState *cpu) { CPUClass *cc = CPU_GET_CLASS(cpu); #ifdef TARGET_I386 X86CPU *x86_cpu = X86_CPU(cpu); CPUArchState *env = &x86_cpu->env; #endif int ret, interrupt_request; TranslationBlock *tb; uint8_t *tc_ptr; uintptr_t next_tb; SyncClocks sc; ... current_cpu = cpu; ... for(;;) { if (sigsetjmp(cpu->jmp_env, 0) == 0) { ... next_tb = 0; for(;;) { interrupt_request = cpu->interrupt_request; if (unlikely(interrupt_request)) { if (cc->cpu_exec_interrupt(cpu, interrupt_request)) { [*3] next_tb = 0; } ... } ... tb_lock(); tb = tb_find_fast(cpu); [*4] ... if (next_tb != 0 && tb->page_addr[1] == -1) { tb_add_jump((TranslationBlock *)(next_tb & ~TB_EXIT_MASK), next_tb & TB_EXIT_MASK, tb); [*5] } tb_unlock(); if (likely(!cpu->exit_request)) { trace_exec_tb(tb, tb->pc); tc_ptr = tb->tc_ptr; cpu->current_tb = tb; next_tb = cpu_tb_exec(cpu, tc_ptr); [*6] cpu->current_tb = NULL; ... } /* for(;;) */ ... } } /* for(;;) */ return ret; } ||< [*3]ã§å‰²ã‚Šè¾¼ã¿ãƒªã‚¯ã‚¨ã‚¹ãƒˆãŒæ¥ã¦ã„ã‚‹å ´åˆcpu_exec_interruptを実行ã—ã¾ã™ã€‚ゲストãŒx86ã®å ´åˆã“ã‚Œã¯(target-i386/cpu.c)ã®type_initを通ã—ã¦x86_cpu_exec_interruptãŒè¨å®šã•ã‚Œã¦ã„ã¾ã™ã€‚ (target-i386/seg_helper.c: x86_cpu_exec_interrupt) >|c| bool x86_cpu_exec_interrupt(CPUState *cs, int interrupt_request) { X86CPU *cpu = X86_CPU(cs); CPUX86State *env = &cpu->env; bool ret = false; ... else if ((interrupt_request & CPU_INTERRUPT_HARD) && (((env->hflags2 & HF2_VINTR_MASK) && (env->hflags2 & HF2_HIF_MASK)) || (!(env->hflags2 & HF2_VINTR_MASK) && (env->eflags & IF_MASK && !(env->hflags & HF_INHIBIT_IRQ_MASK))))) { int intno; ... intno = cpu_get_pic_interrupt(env); [*7] ... do_interrupt_x86_hardirq(env, intno, 1); [*8] /* ensure that no TB jump will be modified as the program flow was changed */ ret = true; } ... } return ret; }
[*7]ã§PICCommonState(include/hw/isa/i8259_internal.h)ã®irq_baseを使ã£ã¦IRQ番å·ã‹ã‚‰INT番å·ã¸å¤‰æ›ã—ã¦ã„ã¾ã™ã€‚[*8]ã§å®Ÿéš›ã«å‰²ã‚Šè¾¼ã¿ã‚’実行ã—ã¾ã™ã€‚
(target-i386/seg_helper.c)
static void do_interrupt_all(X86CPU *cpu, int intno, int is_int, int error_code, target_ulong next_eip, int is_hw) { CPUX86State *env = &cpu->env; if (env->cr[0] & CR0_PE_MASK) { { do_interrupt_protected(env, intno, is_int, error_code, next_eip, is_hw); [*9] } } ... } .. void do_interrupt_x86_hardirq(CPUX86State *env, int intno, int is_hw) { do_interrupt_all(x86_env_get_cpu(env), intno, 0, 0, 0, is_hw); }
プãƒãƒ†ã‚¯ãƒˆãƒ¢ãƒ¼ãƒ‰ãŒæœ‰åŠ¹ãªå ´åˆ[*9]ã§do_interrupt_protectedを呼ã³å‡ºã—ã¾ã™ã€‚
(target-i386/seg_helper.c: do_interrupt_protected)
static void do_interrupt_protected(CPUX86State *env, int intno, int is_int, int error_code, unsigned int next_eip, int is_hw) { SegmentCache *dt; target_ulong ptr, ssp; int type, dpl, selector, ss_dpl, cpl; int has_error_code, new_stack, shift; uint32_t e1, e2, offset, ss = 0, esp, ss_e1 = 0, ss_e2 = 0; uint32_t old_eip, sp_mask; int vm86 = env->eflags & VM_MASK; ... dt = &env->idt; ptr = dt->base + intno * 8; e1 = cpu_ldl_kernel(env, ptr); [*10] e2 = cpu_ldl_kernel(env, ptr + 4); /* check gate type */ type = (e2 >> DESC_TYPE_SHIFT) & 0x1f; ... dpl = (e2 >> DESC_DPL_SHIFT) & 3; [*11] cpl = env->hflags & HF_CPL_MASK; ... selector = e1 >> 16; offset = (e2 & 0xffff0000) | (e1 & 0x0000ffff); ... if (!(e2 & DESC_C_MASK) && dpl < cpl) { /* to inner privilege */ get_ss_esp_from_tss(env, &ss, &esp, dpl, 0); [*12] ... new_stack = 1; sp_mask = get_sp_mask(ss_e2); ssp = get_seg_base(ss_e1, ss_e2); } ... shift = type >> 3; else { PUSHW(ssp, esp, sp_mask, cpu_compute_eflags(env)); [*13] PUSHW(ssp, esp, sp_mask, env->segs[R_CS].selector); PUSHW(ssp, esp, sp_mask, old_eip); if (has_error_code) { PUSHW(ssp, esp, sp_mask, error_code); } } ... if (new_stack) { ... ss = (ss & ~3) | dpl; cpu_x86_load_seg_cache(env, R_SS, ss, ssp, get_seg_limit(ss_e1, ss_e2), ss_e2); } SET_ESP(esp, sp_mask); selector = (selector & ~3) | dpl; cpu_x86_load_seg_cache(env, R_CS, selector, get_seg_base(e1, e2), get_seg_limit(e1, e2), e2); [*16] env->eip = offset; [*17] }
[*10]ã§IDTã®ç¤ºã™ã‚²ãƒ¼ãƒˆãƒ‡ã‚£ã‚¹ã‚¯ãƒªãƒ—ã‚¿ã®ä¸Šä½4byteãŠã‚ˆã³ä¸‹ä½4byteã‚’èªã¿è¾¼ã‚“ã§ã„ã¾ã™ã€‚[*11]ã§ã¯ãƒ‡ã‚£ã‚¹ã‚¯ãƒªãƒ—ã‚¿ã§ç¤ºã•ã‚Œã‚‹DPL(Descriptor Privilege Level)ãŠã‚ˆã³ç¾ç‰¹æ¨©ãƒ¬ãƒ™ãƒ«ã®CPL(Current Privilege Level)ã‚’è¨å®šã—ã€DPL < CPLãªå ´åˆã€ã¤ã¾ã‚Šå‰²ã‚Šè¾¼ã¿ã«ã‚ˆã£ã¦æ¨©é™ãŒä¸ŠãŒã‚‹å ´åˆ[*12]ã§TSSã‹ã‚‰æ–°ã—ã„スタックã®æƒ…å ±ã‚’èªã¿ã ã—ã¦ã„ã¾ã™ã€‚ãã—ã¦[*13]ã§ç¾åœ¨ã®eflags,cs,eipを退é¿ã—割り込ã¿ã®æº–å‚™ãŒå®Œäº†ã—ã¾ã™ã€‚
(ã“ã®è¾ºã‚Šã®ä»•æ§˜ã¯intelã®SDMã‚’èªã‚€ã‹ã€è©³è§£linuxカーãƒãƒ«ã‚’æŒã£ã¦ã„ã‚‹æ–¹ã¯p.152ã‚ãŸã‚Šã«è¼‰ã£ã¦ã„ã¾ã™ã®ã§é©æ™‚å‚ç…§ã—ã¦ãã ã•ã„)
[*13]ã®PUSHWã‚’å°‘ã—詳ã—ã見ã¦ã¿ã¾ã—ょã†ã€‚
(target-i386/seg_helper.c)
#define PUSHW_RA(ssp, sp, sp_mask, val, ra) \ { \ sp -= 2; \ cpu_stw_kernel_ra(env, (ssp) + (sp & (sp_mask)), (val), ra); \ } #define PUSHW(ssp, sp, sp_mask, val) PUSHW_RA(ssp, sp, sp_mask, val, 0)
実質的ãªå‡¦ç†ã¯cpu_stw_kernel_raã§ã™ã€‚ã¯ã„ã€ã™ã”ãä¸ç©ãªåå‰ã®é–¢æ•°ã§ã™ã。定義ã¯ã“ã¡ã‚‰ã«ãªã‚Šã¾ã™ã€‚
(include/exec/cpu_ldst_template.h)
static inline void glue(glue(glue(cpu_st, SUFFIX), MEMSUFFIX), _ra)(CPUArchState *env, target_ulong ptr, RES_TYPE v, uintptr_t retaddr) { int page_index; target_ulong addr; int mmu_idx; TCGMemOpIdx oi; addr = ptr; page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1); mmu_idx = CPU_MMU_INDEX; if (unlikely(env->tlb_table[mmu_idx][page_index].addr_write != (addr & (TARGET_PAGE_MASK | (DATA_SIZE - 1))))) { oi = make_memop_idx(SHIFT, mmu_idx); glue(glue(helper_ret_st, SUFFIX), MMUSUFFIX)(env, addr, v, oi, retaddr); [*14] } else { uintptr_t hostaddr = addr + env->tlb_table[mmu_idx][page_index].addend; glue(glue(st, SUFFIX), _p)((uint8_t *)hostaddr, v); [*15] } }
[*14]ã§ã¯tlb_tableã«ã‚ャッシュãŒç„¡ã„å ´åˆhelper_be_st_name(softmmu_tmeplate.h)を利用ã—ã¦HVAã«å¤‰æ›ã—ã€å€¤ã‚’書ã込んã§ã„ã¾ã™ã€‚(ã“ã‚Œã¯part1ã®SoftMMUã®æ‰€ã§è¦‹ã¾ã—ãŸ)
ã‚‚ã—ã™ã§ã«ã‚ャッシュãŒã‚ã‚‹å ´åˆã¯addendを使ã£ã¦HVAã«å¤‰æ›ã—ãŸå¾Œã€[*15]ã®stw_pを呼ã³å‡ºã—ã¾ã™ã€‚stw_pã¯(include/exec/cpu-all.h)ã«ãŠã„ã¦stw_le_pã®åˆ¥åã¨ãªã£ã¦ã„ã¾ã™ã€‚
(stw_le_pã¨ã„ã†ã®ã¯store word little endian pointerã®ç•¥ã‚’æ„図ã—ã¦ã„ã‚‹ã¨æ€ã‚ã‚Œã¾ã™)
(include/qemu/bswap.h)
static inline void stw_he_p(void *ptr, uint16_t v) { memcpy(ptr, &v, sizeof(v)); } static inline void stw_le_p(void *ptr, uint16_t v) { stw_he_p(ptr, le_bswap(v, 16)); }
çµå±€memcpyã§ã™ã。ã“ã‚Œã§HVAã«å€¤ã‚’書ã込んã§ã„ã¾ã™ã€‚
do_interrupt_protectedã«æˆ»ã‚Š[*16]ã®cpu_x86_load_seg_cache(target-i386/cpu.h)ã§ã¯CSレジスタ(ã“ã‚Œã¯SegmentCacheã§è¡¨ã•ã‚Œã¾ã™)ã‚’æ›´æ–°ã—ã¦ã„ã¾ã™ã€‚ãã—ã¦[*17]ã§eipをセグメントレジスタ内ã®ã‚ªãƒ•ã‚»ãƒƒãƒˆã«æ›´æ–°ã—割り込ã¿ã¯çµ‚了ã§ã™ã€‚ã“ã‚Œã§å‰²ã‚Šè¾¼ã¿ãƒãƒ³ãƒ‰ãƒ©ã«åˆ¶å¾¡ãŒç§»ã‚Šã¾ã™ã€‚
ã•ã¦å‰²ã‚Šè¾¼ã¿å‡¦ç†ãŒçµ‚ã‚ã£ãŸã®ã§TCGã«æˆ»ã‚Šã¾ã—ょã†ã€‚[*4]ã®tb_find_fastã¯TranslationBlockã‚’ã‚ャッシュã‹ã‚‰æŽ¢ã—ã€ãªã„å ´åˆã¯ã•ã‚‰ã«tb_find_slowを呼ã³å‡ºã—ã¾ã™ã€‚
(cpu-exec.c)
static inline TranslationBlock *tb_find_fast(CPUState *cpu) { CPUArchState *env = (CPUArchState *)cpu->env_ptr; TranslationBlock *tb; target_ulong cs_base, pc; int flags; cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags); tb = cpu->tb_jmp_cache[tb_jmp_cache_hash_func(pc)]; if (unlikely(!tb || tb->pc != pc || tb->cs_base != cs_base || tb->flags != flags)) { tb = tb_find_slow(cpu, pc, cs_base, flags); } return tb; }
ãã‚‚ãã‚‚TranslationBlockã¨ã¯ã‚²ã‚¹ãƒˆã®å‘½ä»¤åˆ—ã‚’TCGを通ã—ã¦ãƒ›ã‚¹ãƒˆã®å‘½ä»¤åˆ—ã«å¤‰æ›ã—ãŸéš›ã€ã“れらを分å²å‘½ä»¤ã”ã¨ã«åˆ†ã‘ãŸç‰©ã§ã€å‘½ä»¤åˆ—ã®åŸºæœ¬å˜ä½ãƒ–ãƒãƒƒã‚¯ã®ã‚ˆã†ãªç‰©ã§ã™ã€‚
ã“れらブãƒãƒƒã‚¯ã¯ãã‚Œãžã‚Œãƒ—ãƒãƒãƒ¼ã‚°ãŠã‚ˆã³ã‚¨ãƒ”ãƒãƒ¼ã‚°ã§æŒŸã¾ã‚ŒãŸå½¢ã§å®Ÿè¡Œã•ã‚Œã¾ã™ãŒã€åˆ†å²å‘½ä»¤ã‚’実行ã—ã¦ã„ããŸã³ã«ã€å®Ÿè¡Œãƒ‘スã«ãã£ã¦æŽ¥ç¶šã•ã‚Œã¦ã„ãã¾ã™ã€‚ã“れをBlock Chainingã¨è¨€ã„ã¾ã™ã€‚
QEMU: Architecture and Internals Lecture for the Embedded Systems Course CSD, University of Creteより
http://www.csd.uoc.gr/~hy428/reading/qemu-internals-slides-may6-2014.pdf
ã•ã¦ã§ã¯tb_find_slowã®å®Ÿè£…を見ã¦è¡Œãã¾ã—ょã†ã€‚
(cpu-exec.c)
static TranslationBlock *tb_find_slow(CPUState *cpu, target_ulong pc, target_ulong cs_base, uint64_t flags) { TranslationBlock *tb; ... /* if no translated code available, then translate it now */ tb = tb_gen_code(cpu, pc, cs_base, flags, 0); [*18] /* we add the TB in the virtual pc hash table */ cpu->tb_jmp_cache[tb_jmp_cache_hash_func(pc)] = tb; [*19] return tb; }
[*18]ã§TranslationBlock(以下TBã¨å‘¼ã³ã¾ã™)を作æˆã—ã€[*19]ã§ã‚ャッシュã«ãŸã‚ã¾ã™ã€‚ã§ã¯ã“ã®tb_gen_codeを見ã¦ã¿ã¾ã™ã€‚
(translate-all.c)
TranslationBlock *tb_gen_code(CPUState *cpu,
target_ulong pc, target_ulong cs_base,
int flags, int cflags)
{
CPUArchState *env = cpu->env_ptr;
TranslationBlock *tb;
tb_page_addr_t phys_pc, phys_page2;
target_ulong virt_page2;
tcg_insn_unit *gen_code_buf;
int gen_code_size, search_size;
...
phys_pc = get_page_addr_code(env, pc);[*20]
if (use_icount) {
cflags |= CF_USE_ICOUNT;
}
tb = tb_alloc(pc); [*21]
...
gen_code_buf = tcg_ctx.code_gen_ptr;
tb->tc_ptr = gen_code_buf;
tb->cs_base = cs_base;
tb->flags = flags;
tb->cflags = cflags;
gen_intermediate_code(env, tb); [*22]
...
tcg_ctx.tb_jmp_offset = NULL;
tcg_ctx.tb_next = tb->tb_next;
...
tcg_ctx.code_gen_ptr = (void *)
ROUND_UP((uintptr_t)gen_code_buf + gen_code_size + search_size,
CODE_GEN_ALIGN);
...
gen_code_size = tcg_gen_code(&tcg_ctx, gen_code_buf); [*34]
....
/* check next page if needed */
virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
phys_page2 = -1;
if ((pc & TARGET_PAGE_MASK) != virt_page2) {
phys_page2 = get_page_addr_code(env, virt_page2);
}
tb_link_page(tb, phys_pc, phys_page2);
return tb;
}
[*20]ã§ã¯å‰å›žã®SoftMMUã§è¦‹ãŸget_page_addr_codeを使ã£ã¦pcã‚’HVAã«å¤‰æ›ã—ã¦ã„ã¾ã™ã€‚
[*21]ã§æ–°ã—ã„TBを確ä¿ã—ãŸå¾Œã€[*22]ã®gen_intermediate_codeã§å®Ÿéš›ã«ãƒžã‚¤ã‚¯ãƒã‚³ãƒ¼ãƒ‰ã‚’作æˆã—ã¦TBã«æ ¼ç´ã—ã¦ã„ã¾ã™ã€‚
(target-i386/translate.c: gen_intermediate_code)
void gen_intermediate_code(CPUX86State *env, TranslationBlock *tb) { X86CPU *cpu = x86_env_get_cpu(env); CPUState *cs = CPU(cpu); DisasContext dc1, *dc = &dc1; target_ulong pc_ptr; uint64_t flags; target_ulong pc_start; target_ulong cs_base; int num_insns; int max_insns; ... cpu_T[0] = tcg_temp_new(); [*23] cpu_T[1] = tcg_temp_new(); cpu_A0 = tcg_temp_new(); ... for(;;) { pc_ptr = disas_insn(env, dc, pc_ptr); [*24] /* stop translation if indicated */ if (dc->is_jmp) break; ... } }
[*23]ã§ã¯ãƒžã‚¤ã‚¯ãƒã‚³ãƒ¼ãƒ‰ä¸ã§ä½¿ç”¨ã™ã‚‹TCG用ã®æ±Žç”¨ãƒ¬ã‚¸ã‚¹ã‚¿ã‚’二ã¤ã€ã‚¢ãƒ‰ãƒ¬ã‚¹æ ¼ç´ç”¨ã®ãƒ¬ã‚¸ã‚¹ã‚¿ã‚’一ã¤ä½œæˆã—ã¦ã„ã¾ã™ã€‚
[*24]ã§ã„よã„よpc_ptr番地ã‹ã‚‰å§‹ã¾ã‚‹ã‚²ã‚¹ãƒˆã®ãƒžã‚·ãƒ³èªžã‚’マイクãƒã‚³ãƒ¼ãƒ‰ã«å¤‰æ›ã—ã¦ã„ãã¾ã™ã€‚
(target-i386/translate.c: disas_insn)
/* convert one instruction. s->is_jmp is set if the translation must be stopped. Return the next pc value */ static target_ulong disas_insn(CPUX86State *env, DisasContext *s, target_ulong pc_start) { int b, prefixes; int shift; TCGMemOp ot, aflag, dflag; int modrm, reg, rm, mod, op, opreg, val; target_ulong next_eip, tval; int rex_w, rex_r; s->pc = pc_start; ... b = cpu_ldub_code(env, s->pc); s->pc++; /* now check op code */ reswitch: switch(b) { ... case 0x8b: /* mov Ev, Gv */ ot = mo_b_d(b, dflag); modrm = cpu_ldub_code(env, s->pc++); [*25] reg = ((modrm >> 3) & 7) | rex_r; gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0); [*26] gen_op_mov_reg_v(ot, reg, cpu_T[0]); [*31] break; ... /* port I/O */ case 0xe4: case 0xe5: ot = mo_b_d32(b, dflag); val = cpu_ldub_code(env, s->pc++); tcg_gen_movi_tl(cpu_T[0], val); gen_check_io(s, ot, pc_start - s->cs_base, SVM_IOIO_TYPE_MASK | svm_is_rep(prefixes)); tcg_gen_movi_i32(cpu_tmp2_i32, val); [*32] gen_helper_in_func(ot, cpu_T[1], cpu_tmp2_i32); [*33] gen_op_mov_reg_v(ot, R_EAX, cpu_T[1]); [*34] break; ... } return s->pc; }
エミュレータã‚ã‚‹ã‚ã‚‹ã®ã¨ã¦ã¤ã‚‚ãªãé•·ã„switchæ–‡ã§ã™ã€‚ã‚ã¾ã‚Šã«ã‚‚é•·ã„ã®ã§MOV命令ã¨portI/Oã§ä½¿ç”¨ã™ã‚‹IN命令ã®ã¿ãƒ”ックアップã—ã¾ã™ã€‚
ã¾ãšMOV r16/32 r/m16/32命令ã‹ã‚‰è¦‹ã¦ã„ãã¾ã—ょã†ã€‚[*25]ã§ModR/Mãƒã‚¤ãƒˆã‚’å–り出ã—ã¦ã„ã¾ã™ã€‚ã“ã“ã«ã‚ªãƒšãƒ©ãƒ³ãƒ‰ã®æƒ…å ±ãŒå…¥ã£ã¦ã„ã¾ã™ã€‚(ãƒã‚¤ãƒŠãƒªã‚¢ãƒ³ãªäººãªã‚‰æ—¥å¸¸çš„ã«è¦‹ã¦ã„ã‚‹ã‹ã‚‚ã—ã‚Œã¾ã›ã‚“ã)
次ã«[*26]ã«ãŠã„ã¦tcgã®load命令を作æˆã—ã¦ã„ã¾ã™ã€‚
(target-i386/translate.c: gen_ldst_modrm)
static void gen_ldst_modrm(CPUX86State *env, DisasContext *s, int modrm, TCGMemOp ot, int reg, int is_store) { int mod, rm; mod = (modrm >> 6) & 3; rm = (modrm & 7) | REX_B(s); ... else { gen_lea_modrm(env, s, modrm); [*27] ... else { gen_op_ld_v(s, ot, cpu_T[0], cpu_A0); ... } } }
is_storeã¯falseã§ã‚ã‚‹ãŸã‚[*27]ã§cpu_A0ã«ãƒ‡ã‚£ã‚¹ãƒ—レースメントãªã©ã‚’計算ã—ãŸãƒ¡ãƒ¢ãƒªã®ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’è¨å®šã—ã€gen_op_ld_vãŒå‘¼ã³å‡ºã•ã‚Œã¾ã™ã€‚
(target-i386/translate.c: gen_op_ld_v)
static inline void gen_op_ld_v(DisasContext *s, int idx, TCGv t0, TCGv a0) { tcg_gen_qemu_ld_tl(t0, a0, s->mem_index, idx | MO_LE); }
ã¾ãŸtcg_gen_qemu_ld_tlã¯(tcg/tcg-op.h)ã«ãŠã„ã¦tcg_gen_qemu_ld_i32ã®åˆ¥åã¨ã—ã¦defineã•ã‚Œã¦ã„ã¾ã™ã€‚
static void gen_ldst_i32(TCGOpcode opc, TCGv_i32 val, TCGv addr, TCGMemOp memop, TCGArg idx) { TCGMemOpIdx oi = make_memop_idx(memop, idx); ... if (TCG_TARGET_REG_BITS == 32) { tcg_gen_op4i_i32(opc, val, TCGV_LOW(addr), TCGV_HIGH(addr), oi); } else { tcg_gen_op3(&tcg_ctx, opc, GET_TCGV_I32(val), GET_TCGV_I64(addr), oi); } #endif } ... void tcg_gen_qemu_ld_i32(TCGv_i32 val, TCGv addr, TCGArg idx, TCGMemOp memop) { memop = tcg_canonicalize_memop(memop, 0, 0); gen_ldst_i32(INDEX_op_qemu_ld_i32, val, addr, memop, idx); }
tcg_gen_op4i_i32ã¯(tcg/tcg-op.h)ã§tcg_genop4を呼ã³å‡ºã—ã¦ã„ã¾ã™ã€‚
static inline void tcg_gen_op4_i32(TCGOpcode opc, TCGv_i32 a1, TCGv_i32 a2, TCGv_i32 a3, TCGv_i32 a4) { tcg_gen_op4(&tcg_ctx, opc, GET_TCGV_I32(a1), GET_TCGV_I32(a2), GET_TCGV_I32(a3), GET_TCGV_I32(a4)); }
void tcg_gen_op4(TCGContext *ctx, TCGOpcode opc, TCGArg a1, TCGArg a2, TCGArg a3, TCGArg a4) { int pi = ctx->gen_next_parm_idx; tcg_debug_assert(pi + 4 <= OPPARAM_BUF_SIZE); ctx->gen_next_parm_idx = pi + 4; ctx->gen_opparam_buf[pi + 0] = a1; [*28] ctx->gen_opparam_buf[pi + 1] = a2; ctx->gen_opparam_buf[pi + 2] = a3; ctx->gen_opparam_buf[pi + 3] = a4; tcg_emit_op(ctx, opc, pi); [*29] }
[*28]ã§4ã¤ã®å¼•æ•°ã‚’TCGContextã«æ ¼ç´ã—ãŸå¾Œ[*29]ã§tcg_emit_opを呼ã³å‡ºã—gen_op_bufã«TCGOpã¨ã—ã¦è¿½åŠ ã—ã¦ã„ã¾ã™ã€‚[*30]
static void tcg_emit_op(TCGContext *ctx, TCGOpcode opc, int args) { int oi = ctx->gen_next_op_idx; int ni = oi + 1; int pi = oi - 1; ctx->gen_last_op_idx = oi; ctx->gen_next_op_idx = ni; ctx->gen_op_buf[oi] = (TCGOp){ [*30] .opc = opc, .args = args, .prev = pi, .next = ni }; }
è¿½åŠ ã•ã‚ŒãŸTCGOpãŒã©ã®ã‚ˆã†ã«ãƒ›ã‚¹ãƒˆã®ã‚³ãƒ¼ãƒ‰ã«å¤‰æ›ã•ã‚Œã‚‹ã‹ã«ã¤ã„ã¦ã¯å¾Œã»ã©è¦‹ã¦ã„ãã¾ã™ã€‚ã§ã¯disas_insnã¾ã§æˆ»ã‚Šã€[*31]ã®gen_op_mov_reg_vã§ã¯cpu_T[0]を宛先ã®regã«movã™ã‚‹å‘½ä»¤ã‚’生æˆã—ã¦ã„ã¾ã™ã€‚ã“れも先程ã¨åŒã˜ã‚ˆã†ã«å†…部ã§tcg_emit_opを使ã„命令ãƒãƒƒãƒ•ã‚¡ã«ãŸã‚ã¦ã„ã¾ã™ã€‚
ã•ã¦ã§ã¯æ¬¡ã«port IOã®IN命令を見ã¦è¡Œãã¾ã—ょã†ã€‚
[*32]ã§cpu_T[0]ã«ãƒãƒ¼ãƒˆç•ªå·ã‚’movã—ã¦ã„ã¾ã™ã€‚ãã—ã¦[*33]ã®gen_helper_in_funcã‹ã‚‰gen_helper_inlを呼ã³å‡ºã—ã¦ã„ã¾ã™ã€‚
static void gen_helper_in_func(TCGMemOp ot, TCGv v, TCGv_i32 n) { switch (ot) { case MO_8: gen_helper_inb(v, cpu_env, n); break; case MO_16: gen_helper_inw(v, cpu_env, n); break; case MO_32: gen_helper_inl(v, cpu_env, n); break; default: tcg_abort(); } }
ã“ã®gen_helper_inlã¯DEF_HELPER_2(include/exec/helper-head.h)ã«ã‚ˆã£ã¦DEF_HELPER_2(inl, tl, env, i32);(target-i386/helper.h)ã¨å®šç¾©ã•ã‚Œã¦ã„ã¾ã™ã€‚
DEF_HELPER_2ã¯å®Ÿè³ªçš„ã«ã¯(include/exec/helper-gen.h)ã®DEF_HELPER_FLAGS_2ã§ã‚ã‚Šã€tcg_gen_callNを呼ã³å‡ºã—ã¦ã„ã¾ã™ã€‚
(include/exec/helper-gen.h: DEF_HELPER_FLAGS_2)
#define DEF_HELPER_FLAGS_2(name, flags, ret, t1, t2) \ static inline void glue(gen_helper_, name)(dh_retvar_decl(ret) \ dh_arg_decl(t1, 1), dh_arg_decl(t2, 2)) \ { \ TCGArg args[2] = { dh_arg(t1, 1), dh_arg(t2, 2) }; \ tcg_gen_callN(&tcg_ctx, HELPER(name), dh_retvar(ret), 2, args); \ }
ã“ã®tcg_gen_callN(tcg/tcg.c)ã¯è©³ç´°ã¯çœãã¾ã™ãŒç¬¬äºŒå¼•æ•°ã§ä¸Žãˆã‚‰ã‚ŒãŸé–¢æ•°ã‚’callã™ã‚‹ãƒžã‚¤ã‚¯ãƒã‚³ãƒ¼ãƒ‰ã‚’生æˆã—ã¾ã™ã€‚ã“ã“ã§ã¯HELPERマクãƒ(include/exec/helper-head.h)を用ã„ãŸHELPER(name)ã™ãªã‚ã¡helper_inl関数ã«ãªã‚Šã¾ã™ã€‚ã§ã¯ã“ã®helper_inl関数ã¯ä½•ã‚’ã—ã¦ã„ã‚‹ã‹ã¨ã„ã†ã¨
(target-i386/misc_helper.c: helper_inl)
target_ulong helper_inl(CPUX86State *env, uint32_t port) { ... return address_space_ldl(&address_space_io, port, cpu_get_mem_attrs(env), NULL); }
address_space_ioã®port番地ã®å€¤ã‚’èªã¿ã ã—ã¦ã„ã¾ã™ã€‚ã“ã‚Œã¯8ç« ã®ä»®æƒ³IOã§ã‚‚説明ã—ãŸã‚ˆã†ã«Memory Mapped IOを使ã£ã¦å¤–部デãƒã‚¤ã‚¹ã‹ã‚‰ã®ãƒ‡ãƒ¼ã‚¿ã‚’èªã‚“ã§ã„ã‚‹ã‚ã‘ã§ã™ã€‚x86ã«ãŠã‘ã‚‹in/out命令ã¯å†…部的ã«MMIOã¨ã—ã¦æ‰±ã‚ã‚Œã¦ã„ã‚‹ã®ã§ã™ã€‚
ã•ã¦ã§ã¯tb_code_genã«æˆ»ã£ã¦[*34]ã®tcg_gen_codeを見ã¦è¡Œãã¾ã—ょã†ã€‚ã“ã®é–¢æ•°ãŒä¸Šã§ä½œæˆã—ãŸãƒžã‚¤ã‚¯ãƒã‚³ãƒ¼ãƒ‰ã‚’実際ã®ãƒ›ã‚¹ãƒˆã®ãƒžã‚·ãƒ³èªžã«å¤‰æ›ã—ã¾ã™ã€‚
int tcg_gen_code(TCGContext *s, tcg_insn_unit *gen_code_buf) { ... for (oi = s->gen_first_op_idx; oi >= 0; oi = oi_next) { TCGOp * const op = &s->gen_op_buf[oi]; TCGArg * const args = &s->gen_opparam_buf[op->args]; TCGOpcode opc = op->opc; /* tcg_op_defs is defition of TCG operations(see tcg/tcg-opc.h) */ const TCGOpDef *def = &tcg_op_defs[opc]; uint16_t dead_args = s->op_dead_args[oi]; uint8_t sync_args = s->op_sync_args[oi]; switch (opc) { case INDEX_op_mov_i32: case INDEX_op_mov_i64: tcg_reg_alloc_mov(s, def, args, dead_args, sync_args); break; case INDEX_op_movi_i32: case INDEX_op_movi_i64: tcg_reg_alloc_movi(s, args, dead_args, sync_args); break; ... default: tcg_reg_alloc_op(s, def, opc, args, dead_args, sync_args); [*35] break; } ... } return tcg_current_code_size(s); }
[*35]ã§TCGã®ã‚ªãƒšã‚³ãƒ¼ãƒ‰ã‹ã‚‰å®Ÿéš›ã®ãƒ›ã‚¹ãƒˆã®å‘½ä»¤åˆ—を生æˆã—ã¦ã„ã¾ã™ã€‚
static void tcg_reg_alloc_op(TCGContext *s, const TCGOpDef *def, TCGOpcode opc, const TCGArg *args, uint16_t dead_args, uint8_t sync_args) { for(k = 0; k < nb_iargs; k++) { i = def->sorted_args[nb_oargs + k]; arg = args[i]; arg_ct = &def->args_ct[i]; ts = &s->temps[arg]; ... else if (ts->val_type == TEMP_VAL_CONST) { else { reg = tcg_reg_alloc(s, arg_ct->u.regs, allocated_regs); tcg_out_movi(s, ts->type, reg, ts->val); [*36] ts->val_type = TEMP_VAL_REG; ts->reg = reg; ts->mem_coherent = 0; s->reg_to_temp[reg] = arg; } } } }
[*36]ã®tcg_out_moviã§å„ホストã”ã¨ã®mov命令をtcg_out関数(tcg/tcg.c)を使ã£ã¦æ›¸ã出ã—ã¦ã„ã¾ã™ã€‚(tcg/i386/tcg-targe.c)
static __attribute__((unused)) inline void tcg_out32(TCGContext *s, uint32_t v) { if (TCG_TARGET_INSN_UNIT_SIZE == 4) { *s->code_ptr++ = v; } else { tcg_insn_unit *p = s->code_ptr; memcpy(p, &v, sizeof(v)); s->code_ptr = p + (4 / TCG_TARGET_INSN_UNIT_SIZE); } }
ã“れら書ãã ã—ãŸãƒ›ã‚¹ãƒˆå‘½ä»¤åˆ—ã¯[*6]ã®cpu_tb_execã«ã‚ˆã£ã¦å®Ÿè¡ŒãŒé–‹å§‹ã•ã‚Œã¾ã™ã€‚
cpu_tb_exec(cpu-exec.c)ã¯tcg_qemu_tb_exec(tcg/tcg.h)を呼ã³å‡ºã—ã¾ã™ã€‚
# define tcg_qemu_tb_exec(env, tb_ptr) \ ((uintptr_t (*)(void *, void *))tcg_ctx.code_gen_prologue)(env, tb_ptr)
ã“ã‚Œã¯TCGContextã®code_gen_prologueを関数ãƒã‚¤ãƒ³ã‚¿ã¨è§£é‡ˆã—呼ã³å‡ºã—ã¦ã„ã¾ã™ã€‚
ã“ã®code_gen_prologueã¯TCGã«ãŠã‘るプãƒãƒãƒ¼ã‚°ã‚’表ã—ã¦ãŠã‚Šã€(accel.c)ã®tcg_initã«ã‚ˆã£ã¦åˆæœŸåŒ–ã•ã‚Œã¦ã„ã¾ã™ã€‚tcg_initã¯tcg_exec_initを呼ã³å‡ºã—ã¾ã™ã€‚
(translate-all.c: tcg_exec_init)
void tcg_exec_init(unsigned long tb_size) { cpu_gen_init(); page_init(); code_gen_alloc(tb_size); #if defined(CONFIG_SOFTMMU) tcg_prologue_init(&tcg_ctx); [*37] #endif }
[*37]ãŒcode_gen_prologueã®åˆæœŸåŒ–関数ã§ã™ã€‚
void tcg_prologue_init(TCGContext *s) { size_t prologue_size, total_size; void *buf0, *buf1; /* Put the prologue at the beginning of code_gen_buffer. */ buf0 = s->code_gen_buffer; s->code_ptr = buf0; [*38] s->code_buf = buf0; s->code_gen_prologue = buf0; /* Generate the prologue. */ tcg_target_qemu_prologue(s); [*39] ... }
[*38]ã§code_ptrã™ãªã‚ã¡ç¾åœ¨å‡¦ç†ä¸ã®å‘½ä»¤åˆ—ã®ãƒã‚¤ãƒ³ã‚¿ã‚’プãƒãƒãƒ¼ã‚°ã«è¨å®šã—ã¦ã„ã¾ã™ã€‚
[*39]ã®tcg_target_qemu_prologue(s)(tcg/tcg.c)ã§ãƒ—ãƒãƒãƒ¼ã‚°,call TB,エピãƒãƒ¼ã‚°ã‚’code_gen_prologueã«æ›¸ã込んã§ãŠã‚Šã€ã“ã‚Œã§TBã«ã‚¸ãƒ£ãƒ³ãƒ—ã™ã‚‹å‘½ä»¤ãŒã§ãã¾ã—ãŸã€‚
ã“ã‚Œã§ã‚¨ãƒŸãƒ¥ãƒ¬ãƒ¼ã‚·ãƒ§ãƒ³ã«ãŠã‘る基本的ãªè¦ç´ ã¯æ®†ã©å…¨ã¦èª¬æ˜Žã—ã¾ã—ãŸã€‚
10.ãŠã‚ã‚Šã«
part1ã‹ã‚‰ç¶šãTCG,SoftMMU,IO,IRQ,QOMã¨è¦‹ã¦ãã¾ã—ãŸã€‚
ã”å˜çŸ¥ã®æ–¹ã¯å¤šã„ã¨æ€ã„ã¾ã™ãŒã€QEMUã«ã¯ä»–ã«ã‚‚QEMUTimer,BH,vfio,ライブマイグレーション,virtio,QMP,TCI,JITコンパイラãªã©ã¾ã ã¾ã æ•°ãˆãã‚Œãªã„程ã®æ©Ÿèƒ½ãŒã‚ã‚Šã¾ã™ã€‚
ã§ã™ãŒæœ¬è¨˜äº‹ã§è¦‹ã¦ããŸåŸºæœ¬çš„ãªæ‰€ã‚’抑ãˆã¦ãŠã‘ã°ãã®è¾ºã‚Šã‚’èªã‚€ã®ã‚‚難ã—ãã¯ãªã„ã¨æ€ã„ã¾ã™ã€‚興味ã®ã‚ã‚‹æ–¹ã¯ã©ã‚“ã©ã‚“hackã—ã¦ã¿ã¦ãã ã•ã„。
QEMU-internalã¯ã“ã“ã¾ã§ã§ã™(多分)
èªã‚“ã§ãã ã•ã£ã¦æœ‰é›£ã†ã”ã–ã„ã¾ã—ãŸï¼
