> what does the inline sequence look like ? what kind of things (other > than refill tlb) performed in callout but not the inlined sequence ?
What do you mean by the inline sequence, the host binary? If so, --- ---- 0xe86c8 mov_i32 tmp2,edi qemu_ld8u tmp0,tmp2,$0x0 ext8u_i32 tmp12,tmp0 movi_i32 tmp13,$0xffffff00 and_i32 edx,edx,tmp13 or_i32 edx,edx,tmp12 OUT: [size=172] 0x40000ce0: mov 0x1c(%r14),%ebp 0x40000ce4: mov %ebp,%esi <--- (a) 0x40000ce6: mov %ebp,%edi 0x40000ce8: shr $0x7,%esi 0x40000ceb: and $0xfffff000,%edi 0x40000cf1: and $0x1fe0,%esi 0x40000cf7: lea 0x348(%r14,%rsi,1),%rsi 0x40000cff: cmp (%rsi),%edi 0x40000d01: mov %ebp,%edi 0x40000d03: jne 0x40000d0e 0x40000d05: add 0x10(%rsi),%rdi 0x40000d09: movzbl (%rdi),%ebp 0x40000d0c: jmp 0x40000d18 0x40000d0e: xor %esi,%esi 0x40000d10: callq 0x54cf8e <--- (b) 0x40000d15: movzbl %al,%ebp 0x40000d18: movzbl %bpl,%ebp 0x40000d1c: mov 0x8(%r14),%ebx --- The code between (a) and (b) is (almost) what TLB lookup hit/miss looks like. If TLB miss, it will call something like __ldb_mmu (b). __ldb_mmu will try to walk guest page table, then fill TLB entry if page table hit, or raise a guest page fault exception if page table miss. HTH, chenwj -- Wei-Ren Chen (陳韋任) Computer Systems Lab, Institute of Information Science, Academia Sinica, Taiwan (R.O.C.) Tel:886-2-2788-3799 #1667 Homepage: http://people.cs.nctu.edu.tw/~chenwj