>> Doesn't a tb spanning guest pages have above problem? I mean what if the >> guest page 2 is changed? In this case, the execution flow jump from tb.a to >> tb.b. It seems it may have the same problem as above to me. > > I agree. I see that only i386 and m68k TBs may cross page boundary. > Maybe it is due to the fact that these CPUs can normally have instructions > crossing page boundary due to the variable opcode length. > > My best guess is that QEMU behavior in such corner cases differs from > the real CPU behavior, e.g. there'd be no exception in the TB crossing > page boundary from the present to non-present page. I'll try to make a > small testcase to prove (or disprove) it.
I've made a test from the grub multiboot sample, you may find it here: http://jcmvbkbc.spb.ru/git/?p=dumb/qemu-test-kernel.git;a=summary With it I see that an attempt to execute a TB that spans two pages causes an exception when the second page is unmapped. It happens because both tlb_flush and tlb_flush_page invalidate relevant tb_jmp_cache entries: the former flushes all of them, the latter flushes them for two adjacent pages around the given address. Later tb_find_fast fails to find a TB in the tb_jmp_cache and has to call tb_find_slow which retranslates TB, triggering a pagefault. -- Thanks. -- Max