From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Gurv2-0004GZ-4G for qemu-devel@nongnu.org; Thu, 14 Dec 2006 09:50:44 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Guruz-0004De-Nb for qemu-devel@nongnu.org; Thu, 14 Dec 2006 09:50:43 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Guruz-0004D7-5P for qemu-devel@nongnu.org; Thu, 14 Dec 2006 09:50:41 -0500 Received: from [209.198.128.91] (helo=smtp.prismnet.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1Guruy-0004Eh-MV for qemu-devel@nongnu.org; Thu, 14 Dec 2006 09:50:40 -0500 Received: from [10.0.1.201] (206-224-83-176-dialup.io.com [206.224.83.176]) by smtp.prismnet.com (8.13.4/8.13.4) with ESMTP id kBEEoKIX006950 for ; Thu, 14 Dec 2006 08:50:21 -0600 (CST) (envelope-from tim@io.com) Mime-Version: 1.0 (Apple Message framework v624) In-Reply-To: <45802498.6020808@tidetamerboatlifts.com> References: <10541fa50612130009s798a1587n4a3d2b8b51baa334@mail.gmail.com> <56d259a00612130526u214987e6kfbe926d8bba018f0@mail.gmail.com> <9cfca86c3aa677137448f7a0a85e3ccb@io.com> <45802498.6020808@tidetamerboatlifts.com> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <799dfe3574a1e50e5a9a0da483b58db6@io.com> Content-Transfer-Encoding: 7bit From: Tim Olson Subject: Re: [Qemu-devel] qemu-system-* using mmap? Date: Thu, 14 Dec 2006 08:50:25 -0600 Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org On Dec 13, 2006, at 10:04 AM, Joseph Miller wrote: > > Can someone elaborate on this a little? What is the difference > between the SOFTMMU and the mmap()? Should I be using the > --enable-system or the --disable-system for win32 guest on i386 debian > host? Can someone give a little more insight on this technicality? For full system emulation, qemu needs to support the emulated processor's ability to perform virtual->physical address translation for every memory reference (including data loads/stores and non-pc-relative branches). Using the SOFTMMU method, this is done at basic-block translation time by inlining a software TLB lookup routine for each memory reference. This expands a simple target load instruction into a sequence of ~20 host processor instructions (for x86 target, ppc host I see about 25 instructions for TLB lookup). The other way to handle this would be to use the host's MMU to do the translation directly, via an mmap() system call which sets up the translation. Then the translated basic block would contain memory references using the target system's virtual address values, and the translation would occur in the host's hardware MMU during execution (fast), rather than having to execute a software TLB lookup. However, there are a number of restrictions to using mmap() translation (host and target address spaces cannot overlap, etc.) It appears that this feature has been removed from current versions of qemu, so the only way to do full system emulation is via the SOFTMMU method. -- tim