search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
qed: Consistency check support
[qemu-kvm/stefanha.git] / exec.c
blob2ea87c10a37d93dd39c21157b1d3685e6b1f1157
1 /*
2 * virtual page mapping and translated block handling
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifdef _WIN32
21 #include <windows.h>
22 #else
23 #include <sys/types.h>
24 #include <sys/mman.h>
25 #endif
26
27 #include "qemu-common.h"
28 #include "cpu.h"
29 #include "exec-all.h"
30 #include "cache-utils.h"
31
32 #if !defined(TARGET_IA64)
33 #include "tcg.h"
34 #endif
35 #include "qemu-kvm.h"
36
37 #include "hw/hw.h"
38 #include "hw/qdev.h"
39 #include "osdep.h"
40 #include "kvm.h"
41 #include "qemu-timer.h"
42 #if defined(CONFIG_USER_ONLY)
43 #include <qemu.h>
44 #include <signal.h>
45 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
46 #include <sys/param.h>
47 #if __FreeBSD_version >= 700104
48 #define HAVE_KINFO_GETVMMAP
49 #define sigqueue sigqueue_freebsd /* avoid redefinition */
50 #include <sys/time.h>
51 #include <sys/proc.h>
52 #include <machine/profile.h>
53 #define _KERNEL
54 #include <sys/user.h>
55 #undef _KERNEL
56 #undef sigqueue
57 #include <libutil.h>
58 #endif
59 #endif
60 #endif
61
62 //#define DEBUG_TB_INVALIDATE
63 //#define DEBUG_FLUSH
64 //#define DEBUG_TLB
65 //#define DEBUG_UNASSIGNED
66
67 /* make various TB consistency checks */
68 //#define DEBUG_TB_CHECK
69 //#define DEBUG_TLB_CHECK
70
71 //#define DEBUG_IOPORT
72 //#define DEBUG_SUBPAGE
73
74 #if !defined(CONFIG_USER_ONLY)
75 /* TB consistency checks only implemented for usermode emulation. */
76 #undef DEBUG_TB_CHECK
77 #endif
78
79 #define SMC_BITMAP_USE_THRESHOLD 10
80
81 static TranslationBlock *tbs;
82 static int code_gen_max_blocks;
83 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
84 static int nb_tbs;
85 /* any access to the tbs or the page table must use this lock */
86 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
87
88 #if defined(__arm__) || defined(__sparc_v9__)
89 /* The prologue must be reachable with a direct jump. ARM and Sparc64
90 have limited branch ranges (possibly also PPC) so place it in a
91 section close to code segment. */
92 #define code_gen_section \
93 __attribute__((__section__(".gen_code"))) \
94 __attribute__((aligned (32)))
95 #elif defined(_WIN32)
96 /* Maximum alignment for Win32 is 16. */
97 #define code_gen_section \
98 __attribute__((aligned (16)))
99 #else
100 #define code_gen_section \
101 __attribute__((aligned (32)))
102 #endif
103
104 uint8_t code_gen_prologue[1024] code_gen_section;
105 static uint8_t *code_gen_buffer;
106 static unsigned long code_gen_buffer_size;
107 /* threshold to flush the translated code buffer */
108 static unsigned long code_gen_buffer_max_size;
109 static uint8_t *code_gen_ptr;
110
111 #if !defined(CONFIG_USER_ONLY)
112 int phys_ram_fd;
113 static int in_migration;
114
115 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list) };
116 #endif
117
118 CPUState *first_cpu;
119 /* current CPU in the current thread. It is only valid inside
120 cpu_exec() */
121 CPUState *cpu_single_env;
122 /* 0 = Do not count executed instructions.
123 1 = Precise instruction counting.
124 2 = Adaptive rate instruction counting. */
125 int use_icount = 0;
126 /* Current instruction counter. While executing translated code this may
127 include some instructions that have not yet been executed. */
128 int64_t qemu_icount;
129
130 typedef struct PageDesc {
131 /* list of TBs intersecting this ram page */
132 TranslationBlock *first_tb;
133 /* in order to optimize self modifying code, we count the number
134 of lookups we do to a given page to use a bitmap */
135 unsigned int code_write_count;
136 uint8_t *code_bitmap;
137 #if defined(CONFIG_USER_ONLY)
138 unsigned long flags;
139 #endif
140 } PageDesc;
141
142 /* In system mode we want L1_MAP to be based on ram offsets,
143 while in user mode we want it to be based on virtual addresses. */
144 #if !defined(CONFIG_USER_ONLY)
145 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
146 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
147 #else
148 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
149 #endif
150 #else
151 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
152 #endif
153
154 /* Size of the L2 (and L3, etc) page tables. */
155 #define L2_BITS 10
156 #define L2_SIZE (1 << L2_BITS)
157
158 /* The bits remaining after N lower levels of page tables. */
159 #define P_L1_BITS_REM \
160 ((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
161 #define V_L1_BITS_REM \
162 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
163
164 /* Size of the L1 page table. Avoid silly small sizes. */
165 #if P_L1_BITS_REM < 4
166 #define P_L1_BITS (P_L1_BITS_REM + L2_BITS)
167 #else
168 #define P_L1_BITS P_L1_BITS_REM
169 #endif
170
171 #if V_L1_BITS_REM < 4
172 #define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
173 #else
174 #define V_L1_BITS V_L1_BITS_REM
175 #endif
176
177 #define P_L1_SIZE ((target_phys_addr_t)1 << P_L1_BITS)
178 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
179
180 #define P_L1_SHIFT (TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - P_L1_BITS)
181 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
182
183 unsigned long qemu_real_host_page_size;
184 unsigned long qemu_host_page_bits;
185 unsigned long qemu_host_page_size;
186 unsigned long qemu_host_page_mask;
187
188 /* This is a multi-level map on the virtual address space.
189 The bottom level has pointers to PageDesc. */
190 static void *l1_map[V_L1_SIZE];
191
192 #if !defined(CONFIG_USER_ONLY)
193 typedef struct PhysPageDesc {
194 /* offset in host memory of the page + io_index in the low bits */
195 ram_addr_t phys_offset;
196 ram_addr_t region_offset;
197 } PhysPageDesc;
198
199 /* This is a multi-level map on the physical address space.
200 The bottom level has pointers to PhysPageDesc. */
201 static void *l1_phys_map[P_L1_SIZE];
202
203 static void io_mem_init(void);
204
205 /* io memory support */
206 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
207 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
208 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
209 static char io_mem_used[IO_MEM_NB_ENTRIES];
210 static int io_mem_watch;
211 #endif
212
213 /* log support */
214 #ifdef WIN32
215 static const char *logfilename = "qemu.log";
216 #else
217 static const char *logfilename = "/tmp/qemu.log";
218 #endif
219 FILE *logfile;
220 int loglevel;
221 static int log_append = 0;
222
223 /* statistics */
224 #if !defined(CONFIG_USER_ONLY)
225 static int tlb_flush_count;
226 #endif
227 static int tb_flush_count;
228 static int tb_phys_invalidate_count;
229
230 #ifdef _WIN32
231 static void map_exec(void *addr, long size)
232 {
233 DWORD old_protect;
234 VirtualProtect(addr, size,
235 PAGE_EXECUTE_READWRITE, &old_protect);
236
237 }
238 #else
239 static void map_exec(void *addr, long size)
240 {
241 unsigned long start, end, page_size;
242
243 page_size = getpagesize();
244 start = (unsigned long)addr;
245 start &= ~(page_size - 1);
246
247 end = (unsigned long)addr + size;
248 end += page_size - 1;
249 end &= ~(page_size - 1);
250
251 mprotect((void *)start, end - start,
252 PROT_READ | PROT_WRITE | PROT_EXEC);
253 }
254 #endif
255
256 static void page_init(void)
257 {
258 /* NOTE: we can always suppose that qemu_host_page_size >=
259 TARGET_PAGE_SIZE */
260 #ifdef _WIN32
261 {
262 SYSTEM_INFO system_info;
263
264 GetSystemInfo(&system_info);
265 qemu_real_host_page_size = system_info.dwPageSize;
266 }
267 #else
268 qemu_real_host_page_size = getpagesize();
269 #endif
270 if (qemu_host_page_size == 0)
271 qemu_host_page_size = qemu_real_host_page_size;
272 if (qemu_host_page_size < TARGET_PAGE_SIZE)
273 qemu_host_page_size = TARGET_PAGE_SIZE;
274 qemu_host_page_bits = 0;
275 while ((1 << qemu_host_page_bits) < qemu_host_page_size)
276 qemu_host_page_bits++;
277 qemu_host_page_mask = ~(qemu_host_page_size - 1);
278
279 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
280 {
281 #ifdef HAVE_KINFO_GETVMMAP
282 struct kinfo_vmentry *freep;
283 int i, cnt;
284
285 freep = kinfo_getvmmap(getpid(), &cnt);
286 if (freep) {
287 mmap_lock();
288 for (i = 0; i < cnt; i++) {
289 unsigned long startaddr, endaddr;
290
291 startaddr = freep[i].kve_start;
292 endaddr = freep[i].kve_end;
293 if (h2g_valid(startaddr)) {
294 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
295
296 if (h2g_valid(endaddr)) {
297 endaddr = h2g(endaddr);
298 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
299 } else {
300 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
301 endaddr = ~0ul;
302 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
303 #endif
304 }
305 }
306 }
307 free(freep);
308 mmap_unlock();
309 }
310 #else
311 FILE *f;
312
313 last_brk = (unsigned long)sbrk(0);
314
315 f = fopen("/compat/linux/proc/self/maps", "r");
316 if (f) {
317 mmap_lock();
318
319 do {
320 unsigned long startaddr, endaddr;
321 int n;
322
323 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
324
325 if (n == 2 && h2g_valid(startaddr)) {
326 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
327
328 if (h2g_valid(endaddr)) {
329 endaddr = h2g(endaddr);
330 } else {
331 endaddr = ~0ul;
332 }
333 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
334 }
335 } while (!feof(f));
336
337 fclose(f);
338 mmap_unlock();
339 }
340 #endif
341 }
342 #endif
343 }
344
345 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
346 {
347 PageDesc *pd;
348 void **lp;
349 int i;
350
351 #if defined(CONFIG_USER_ONLY)
352 /* We can't use qemu_malloc because it may recurse into a locked mutex. */
353 # define ALLOC(P, SIZE) \
354 do { \
355 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
356 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
357 } while (0)
358 #else
359 # define ALLOC(P, SIZE) \
360 do { P = qemu_mallocz(SIZE); } while (0)
361 #endif
362
363 /* Level 1. Always allocated. */
364 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
365
366 /* Level 2..N-1. */
367 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
368 void **p = *lp;
369
370 if (p == NULL) {
371 if (!alloc) {
372 return NULL;
373 }
374 ALLOC(p, sizeof(void *) * L2_SIZE);
375 *lp = p;
376 }
377
378 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
379 }
380
381 pd = *lp;
382 if (pd == NULL) {
383 if (!alloc) {
384 return NULL;
385 }
386 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
387 *lp = pd;
388 }
389
390 #undef ALLOC
391
392 return pd + (index & (L2_SIZE - 1));
393 }
394
395 static inline PageDesc *page_find(tb_page_addr_t index)
396 {
397 return page_find_alloc(index, 0);
398 }
399
400 #if !defined(CONFIG_USER_ONLY)
401 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
402 {
403 PhysPageDesc *pd;
404 void **lp;
405 int i;
406
407 /* Level 1. Always allocated. */
408 lp = l1_phys_map + ((index >> P_L1_SHIFT) & (P_L1_SIZE - 1));
409
410 /* Level 2..N-1. */
411 for (i = P_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
412 void **p = *lp;
413 if (p == NULL) {
414 if (!alloc) {
415 return NULL;
416 }
417 *lp = p = qemu_mallocz(sizeof(void *) * L2_SIZE);
418 }
419 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
420 }
421
422 pd = *lp;
423 if (pd == NULL) {
424 int i;
425
426 if (!alloc) {
427 return NULL;
428 }
429
430 *lp = pd = qemu_malloc(sizeof(PhysPageDesc) * L2_SIZE);
431
432 for (i = 0; i < L2_SIZE; i++) {
433 pd[i].phys_offset = IO_MEM_UNASSIGNED;
434 pd[i].region_offset = (index + i) << TARGET_PAGE_BITS;
435 }
436 }
437
438 return pd + (index & (L2_SIZE - 1));
439 }
440
441 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
442 {
443 return phys_page_find_alloc(index, 0);
444 }
445
446 static void tlb_protect_code(ram_addr_t ram_addr);
447 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
448 target_ulong vaddr);
449 #define mmap_lock() do { } while(0)
450 #define mmap_unlock() do { } while(0)
451 #endif
452
453 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
454
455 #if defined(CONFIG_USER_ONLY)
456 /* Currently it is not recommended to allocate big chunks of data in
457 user mode. It will change when a dedicated libc will be used */
458 #define USE_STATIC_CODE_GEN_BUFFER
459 #endif
460
461 #ifdef USE_STATIC_CODE_GEN_BUFFER
462 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
463 __attribute__((aligned (CODE_GEN_ALIGN)));
464 #endif
465
466 static void code_gen_alloc(unsigned long tb_size)
467 {
468 if (kvm_enabled())
469 return;
470
471 #ifdef USE_STATIC_CODE_GEN_BUFFER
472 code_gen_buffer = static_code_gen_buffer;
473 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
474 map_exec(code_gen_buffer, code_gen_buffer_size);
475 #else
476 code_gen_buffer_size = tb_size;
477 if (code_gen_buffer_size == 0) {
478 #if defined(CONFIG_USER_ONLY)
479 /* in user mode, phys_ram_size is not meaningful */
480 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
481 #else
482 /* XXX: needs adjustments */
483 code_gen_buffer_size = (unsigned long)(ram_size / 4);
484 #endif
485 }
486 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
487 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
488 /* The code gen buffer location may have constraints depending on
489 the host cpu and OS */
490 #if defined(__linux__)
491 {
492 int flags;
493 void *start = NULL;
494
495 flags = MAP_PRIVATE | MAP_ANONYMOUS;
496 #if defined(__x86_64__)
497 flags |= MAP_32BIT;
498 /* Cannot map more than that */
499 if (code_gen_buffer_size > (800 * 1024 * 1024))
500 code_gen_buffer_size = (800 * 1024 * 1024);
501 #elif defined(__sparc_v9__)
502 // Map the buffer below 2G, so we can use direct calls and branches
503 flags |= MAP_FIXED;
504 start = (void *) 0x60000000UL;
505 if (code_gen_buffer_size > (512 * 1024 * 1024))
506 code_gen_buffer_size = (512 * 1024 * 1024);
507 #elif defined(__arm__)
508 /* Map the buffer below 32M, so we can use direct calls and branches */
509 flags |= MAP_FIXED;
510 start = (void *) 0x01000000UL;
511 if (code_gen_buffer_size > 16 * 1024 * 1024)
512 code_gen_buffer_size = 16 * 1024 * 1024;
513 #elif defined(__s390x__)
514 /* Map the buffer so that we can use direct calls and branches. */
515 /* We have a +- 4GB range on the branches; leave some slop. */
516 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
517 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
518 }
519 start = (void *)0x90000000UL;
520 #endif
521 code_gen_buffer = mmap(start, code_gen_buffer_size,
522 PROT_WRITE | PROT_READ | PROT_EXEC,
523 flags, -1, 0);
524 if (code_gen_buffer == MAP_FAILED) {
525 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
526 exit(1);
527 }
528 }
529 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__)
530 {
531 int flags;
532 void *addr = NULL;
533 flags = MAP_PRIVATE | MAP_ANONYMOUS;
534 #if defined(__x86_64__)
535 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
536 * 0x40000000 is free */
537 flags |= MAP_FIXED;
538 addr = (void *)0x40000000;
539 /* Cannot map more than that */
540 if (code_gen_buffer_size > (800 * 1024 * 1024))
541 code_gen_buffer_size = (800 * 1024 * 1024);
542 #endif
543 code_gen_buffer = mmap(addr, code_gen_buffer_size,
544 PROT_WRITE | PROT_READ | PROT_EXEC,
545 flags, -1, 0);
546 if (code_gen_buffer == MAP_FAILED) {
547 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
548 exit(1);
549 }
550 }
551 #else
552 code_gen_buffer = qemu_malloc(code_gen_buffer_size);
553 map_exec(code_gen_buffer, code_gen_buffer_size);
554 #endif
555 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
556 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
557 code_gen_buffer_max_size = code_gen_buffer_size -
558 (TCG_MAX_OP_SIZE * OPC_MAX_SIZE);
559 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
560 tbs = qemu_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
561 }
562
563 /* Must be called before using the QEMU cpus. 'tb_size' is the size
564 (in bytes) allocated to the translation buffer. Zero means default
565 size. */
566 void cpu_exec_init_all(unsigned long tb_size)
567 {
568 cpu_gen_init();
569 code_gen_alloc(tb_size);
570 code_gen_ptr = code_gen_buffer;
571 page_init();
572 #if !defined(CONFIG_USER_ONLY)
573 io_mem_init();
574 #endif
575 #if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
576 /* There's no guest base to take into account, so go ahead and
577 initialize the prologue now. */
578 tcg_prologue_init(&tcg_ctx);
579 #endif
580 }
581
582 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
583
584 static int cpu_common_post_load(void *opaque, int version_id)
585 {
586 CPUState *env = opaque;
587
588 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
589 version_id is increased. */
590 env->interrupt_request &= ~0x01;
591 tlb_flush(env, 1);
592
593 return 0;
594 }
595
596 static const VMStateDescription vmstate_cpu_common = {
597 .name = "cpu_common",
598 .version_id = 1,
599 .minimum_version_id = 1,
600 .minimum_version_id_old = 1,
601 .post_load = cpu_common_post_load,
602 .fields = (VMStateField []) {
603 VMSTATE_UINT32(halted, CPUState),
604 VMSTATE_UINT32(interrupt_request, CPUState),
605 VMSTATE_END_OF_LIST()
606 }
607 };
608 #endif
609
610 CPUState *qemu_get_cpu(int cpu)
611 {
612 CPUState *env = first_cpu;
613
614 while (env) {
615 if (env->cpu_index == cpu)
616 break;
617 env = env->next_cpu;
618 }
619
620 return env;
621 }
622
623 void cpu_exec_init(CPUState *env)
624 {
625 CPUState **penv;
626 int cpu_index;
627
628 #if defined(CONFIG_USER_ONLY)
629 cpu_list_lock();
630 #endif
631 env->next_cpu = NULL;
632 penv = &first_cpu;
633 cpu_index = 0;
634 while (*penv != NULL) {
635 penv = &(*penv)->next_cpu;
636 cpu_index++;
637 }
638 env->cpu_index = cpu_index;
639 env->numa_node = 0;
640 QTAILQ_INIT(&env->breakpoints);
641 QTAILQ_INIT(&env->watchpoints);
642 #ifdef __WIN32
643 env->thread_id = GetCurrentProcessId();
644 #else
645 env->thread_id = getpid();
646 #endif
647 *penv = env;
648 #if defined(CONFIG_USER_ONLY)
649 cpu_list_unlock();
650 #endif
651 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
652 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
653 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
654 cpu_save, cpu_load, env);
655 #endif
656 }
657
658 static inline void invalidate_page_bitmap(PageDesc *p)
659 {
660 if (p->code_bitmap) {
661 qemu_free(p->code_bitmap);
662 p->code_bitmap = NULL;
663 }
664 p->code_write_count = 0;
665 }
666
667 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
668
669 static void page_flush_tb_1 (int level, void **lp)
670 {
671 int i;
672
673 if (*lp == NULL) {
674 return;
675 }
676 if (level == 0) {
677 PageDesc *pd = *lp;
678 for (i = 0; i < L2_SIZE; ++i) {
679 pd[i].first_tb = NULL;
680 invalidate_page_bitmap(pd + i);
681 }
682 } else {
683 void **pp = *lp;
684 for (i = 0; i < L2_SIZE; ++i) {
685 page_flush_tb_1 (level - 1, pp + i);
686 }
687 }
688 }
689
690 static void page_flush_tb(void)
691 {
692 int i;
693 for (i = 0; i < V_L1_SIZE; i++) {
694 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
695 }
696 }
697
698 /* flush all the translation blocks */
699 /* XXX: tb_flush is currently not thread safe */
700 void tb_flush(CPUState *env1)
701 {
702 CPUState *env;
703 #if defined(DEBUG_FLUSH)
704 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
705 (unsigned long)(code_gen_ptr - code_gen_buffer),
706 nb_tbs, nb_tbs > 0 ?
707 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
708 #endif
709 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
710 cpu_abort(env1, "Internal error: code buffer overflow\n");
711
712 nb_tbs = 0;
713
714 for(env = first_cpu; env != NULL; env = env->next_cpu) {
715 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
716 }
717
718 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
719 page_flush_tb();
720
721 code_gen_ptr = code_gen_buffer;
722 /* XXX: flush processor icache at this point if cache flush is
723 expensive */
724 tb_flush_count++;
725 }
726
727 #ifdef DEBUG_TB_CHECK
728
729 static void tb_invalidate_check(target_ulong address)
730 {
731 TranslationBlock *tb;
732 int i;
733 address &= TARGET_PAGE_MASK;
734 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
735 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
736 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
737 address >= tb->pc + tb->size)) {
738 printf("ERROR invalidate: address=" TARGET_FMT_lx
739 " PC=%08lx size=%04x\n",
740 address, (long)tb->pc, tb->size);
741 }
742 }
743 }
744 }
745
746 /* verify that all the pages have correct rights for code */
747 static void tb_page_check(void)
748 {
749 TranslationBlock *tb;
750 int i, flags1, flags2;
751
752 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
753 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
754 flags1 = page_get_flags(tb->pc);
755 flags2 = page_get_flags(tb->pc + tb->size - 1);
756 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
757 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
758 (long)tb->pc, tb->size, flags1, flags2);
759 }
760 }
761 }
762 }
763
764 #endif
765
766 /* invalidate one TB */
767 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
768 int next_offset)
769 {
770 TranslationBlock *tb1;
771 for(;;) {
772 tb1 = *ptb;
773 if (tb1 == tb) {
774 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
775 break;
776 }
777 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
778 }
779 }
780
781 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
782 {
783 TranslationBlock *tb1;
784 unsigned int n1;
785
786 for(;;) {
787 tb1 = *ptb;
788 n1 = (long)tb1 & 3;
789 tb1 = (TranslationBlock *)((long)tb1 & ~3);
790 if (tb1 == tb) {
791 *ptb = tb1->page_next[n1];
792 break;
793 }
794 ptb = &tb1->page_next[n1];
795 }
796 }
797
798 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
799 {
800 TranslationBlock *tb1, **ptb;
801 unsigned int n1;
802
803 ptb = &tb->jmp_next[n];
804 tb1 = *ptb;
805 if (tb1) {
806 /* find tb(n) in circular list */
807 for(;;) {
808 tb1 = *ptb;
809 n1 = (long)tb1 & 3;
810 tb1 = (TranslationBlock *)((long)tb1 & ~3);
811 if (n1 == n && tb1 == tb)
812 break;
813 if (n1 == 2) {
814 ptb = &tb1->jmp_first;
815 } else {
816 ptb = &tb1->jmp_next[n1];
817 }
818 }
819 /* now we can suppress tb(n) from the list */
820 *ptb = tb->jmp_next[n];
821
822 tb->jmp_next[n] = NULL;
823 }
824 }
825
826 /* reset the jump entry 'n' of a TB so that it is not chained to
827 another TB */
828 static inline void tb_reset_jump(TranslationBlock *tb, int n)
829 {
830 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
831 }
832
833 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
834 {
835 CPUState *env;
836 PageDesc *p;
837 unsigned int h, n1;
838 tb_page_addr_t phys_pc;
839 TranslationBlock *tb1, *tb2;
840
841 /* remove the TB from the hash list */
842 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
843 h = tb_phys_hash_func(phys_pc);
844 tb_remove(&tb_phys_hash[h], tb,
845 offsetof(TranslationBlock, phys_hash_next));
846
847 /* remove the TB from the page list */
848 if (tb->page_addr[0] != page_addr) {
849 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
850 tb_page_remove(&p->first_tb, tb);
851 invalidate_page_bitmap(p);
852 }
853 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
854 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
855 tb_page_remove(&p->first_tb, tb);
856 invalidate_page_bitmap(p);
857 }
858
859 tb_invalidated_flag = 1;
860
861 /* remove the TB from the hash list */
862 h = tb_jmp_cache_hash_func(tb->pc);
863 for(env = first_cpu; env != NULL; env = env->next_cpu) {
864 if (env->tb_jmp_cache[h] == tb)
865 env->tb_jmp_cache[h] = NULL;
866 }
867
868 /* suppress this TB from the two jump lists */
869 tb_jmp_remove(tb, 0);
870 tb_jmp_remove(tb, 1);
871
872 /* suppress any remaining jumps to this TB */
873 tb1 = tb->jmp_first;
874 for(;;) {
875 n1 = (long)tb1 & 3;
876 if (n1 == 2)
877 break;
878 tb1 = (TranslationBlock *)((long)tb1 & ~3);
879 tb2 = tb1->jmp_next[n1];
880 tb_reset_jump(tb1, n1);
881 tb1->jmp_next[n1] = NULL;
882 tb1 = tb2;
883 }
884 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
885
886 tb_phys_invalidate_count++;
887 }
888
889 static inline void set_bits(uint8_t *tab, int start, int len)
890 {
891 int end, mask, end1;
892
893 end = start + len;
894 tab += start >> 3;
895 mask = 0xff << (start & 7);
896 if ((start & ~7) == (end & ~7)) {
897 if (start < end) {
898 mask &= ~(0xff << (end & 7));
899 *tab |= mask;
900 }
901 } else {
902 *tab++ |= mask;
903 start = (start + 8) & ~7;
904 end1 = end & ~7;
905 while (start < end1) {
906 *tab++ = 0xff;
907 start += 8;
908 }
909 if (start < end) {
910 mask = ~(0xff << (end & 7));
911 *tab |= mask;
912 }
913 }
914 }
915
916 static void build_page_bitmap(PageDesc *p)
917 {
918 int n, tb_start, tb_end;
919 TranslationBlock *tb;
920
921 p->code_bitmap = qemu_mallocz(TARGET_PAGE_SIZE / 8);
922
923 tb = p->first_tb;
924 while (tb != NULL) {
925 n = (long)tb & 3;
926 tb = (TranslationBlock *)((long)tb & ~3);
927 /* NOTE: this is subtle as a TB may span two physical pages */
928 if (n == 0) {
929 /* NOTE: tb_end may be after the end of the page, but
930 it is not a problem */
931 tb_start = tb->pc & ~TARGET_PAGE_MASK;
932 tb_end = tb_start + tb->size;
933 if (tb_end > TARGET_PAGE_SIZE)
934 tb_end = TARGET_PAGE_SIZE;
935 } else {
936 tb_start = 0;
937 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
938 }
939 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
940 tb = tb->page_next[n];
941 }
942 }
943
944 TranslationBlock *tb_gen_code(CPUState *env,
945 target_ulong pc, target_ulong cs_base,
946 int flags, int cflags)
947 {
948 TranslationBlock *tb;
949 uint8_t *tc_ptr;
950 tb_page_addr_t phys_pc, phys_page2;
951 target_ulong virt_page2;
952 int code_gen_size;
953
954 phys_pc = get_page_addr_code(env, pc);
955 tb = tb_alloc(pc);
956 if (!tb) {
957 /* flush must be done */
958 tb_flush(env);
959 /* cannot fail at this point */
960 tb = tb_alloc(pc);
961 /* Don't forget to invalidate previous TB info. */
962 tb_invalidated_flag = 1;
963 }
964 tc_ptr = code_gen_ptr;
965 tb->tc_ptr = tc_ptr;
966 tb->cs_base = cs_base;
967 tb->flags = flags;
968 tb->cflags = cflags;
969 cpu_gen_code(env, tb, &code_gen_size);
970 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
971
972 /* check next page if needed */
973 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
974 phys_page2 = -1;
975 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
976 phys_page2 = get_page_addr_code(env, virt_page2);
977 }
978 tb_link_page(tb, phys_pc, phys_page2);
979 return tb;
980 }
981
982 /* invalidate all TBs which intersect with the target physical page
983 starting in range [start;end[. NOTE: start and end must refer to
984 the same physical page. 'is_cpu_write_access' should be true if called
985 from a real cpu write access: the virtual CPU will exit the current
986 TB if code is modified inside this TB. */
987 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
988 int is_cpu_write_access)
989 {
990 TranslationBlock *tb, *tb_next, *saved_tb;
991 CPUState *env = cpu_single_env;
992 tb_page_addr_t tb_start, tb_end;
993 PageDesc *p;
994 int n;
995 #ifdef TARGET_HAS_PRECISE_SMC
996 int current_tb_not_found = is_cpu_write_access;
997 TranslationBlock *current_tb = NULL;
998 int current_tb_modified = 0;
999 target_ulong current_pc = 0;
1000 target_ulong current_cs_base = 0;
1001 int current_flags = 0;
1002 #endif /* TARGET_HAS_PRECISE_SMC */
1003
1004 p = page_find(start >> TARGET_PAGE_BITS);
1005 if (!p)
1006 return;
1007 if (!p->code_bitmap &&
1008 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1009 is_cpu_write_access) {
1010 /* build code bitmap */
1011 build_page_bitmap(p);
1012 }
1013
1014 /* we remove all the TBs in the range [start, end[ */
1015 /* XXX: see if in some cases it could be faster to invalidate all the code */
1016 tb = p->first_tb;
1017 while (tb != NULL) {
1018 n = (long)tb & 3;
1019 tb = (TranslationBlock *)((long)tb & ~3);
1020 tb_next = tb->page_next[n];
1021 /* NOTE: this is subtle as a TB may span two physical pages */
1022 if (n == 0) {
1023 /* NOTE: tb_end may be after the end of the page, but
1024 it is not a problem */
1025 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1026 tb_end = tb_start + tb->size;
1027 } else {
1028 tb_start = tb->page_addr[1];
1029 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1030 }
1031 if (!(tb_end <= start || tb_start >= end)) {
1032 #ifdef TARGET_HAS_PRECISE_SMC
1033 if (current_tb_not_found) {
1034 current_tb_not_found = 0;
1035 current_tb = NULL;
1036 if (env->mem_io_pc) {
1037 /* now we have a real cpu fault */
1038 current_tb = tb_find_pc(env->mem_io_pc);
1039 }
1040 }
1041 if (current_tb == tb &&
1042 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1043 /* If we are modifying the current TB, we must stop
1044 its execution. We could be more precise by checking
1045 that the modification is after the current PC, but it
1046 would require a specialized function to partially
1047 restore the CPU state */
1048
1049 current_tb_modified = 1;
1050 cpu_restore_state(current_tb, env,
1051 env->mem_io_pc, NULL);
1052 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1053 &current_flags);
1054 }
1055 #endif /* TARGET_HAS_PRECISE_SMC */
1056 /* we need to do that to handle the case where a signal
1057 occurs while doing tb_phys_invalidate() */
1058 saved_tb = NULL;
1059 if (env) {
1060 saved_tb = env->current_tb;
1061 env->current_tb = NULL;
1062 }
1063 tb_phys_invalidate(tb, -1);
1064 if (env) {
1065 env->current_tb = saved_tb;
1066 if (env->interrupt_request && env->current_tb)
1067 cpu_interrupt(env, env->interrupt_request);
1068 }
1069 }
1070 tb = tb_next;
1071 }
1072 #if !defined(CONFIG_USER_ONLY)
1073 /* if no code remaining, no need to continue to use slow writes */
1074 if (!p->first_tb) {
1075 invalidate_page_bitmap(p);
1076 if (is_cpu_write_access) {
1077 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1078 }
1079 }
1080 #endif
1081 #ifdef TARGET_HAS_PRECISE_SMC
1082 if (current_tb_modified) {
1083 /* we generate a block containing just the instruction
1084 modifying the memory. It will ensure that it cannot modify
1085 itself */
1086 env->current_tb = NULL;
1087 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1088 cpu_resume_from_signal(env, NULL);
1089 }
1090 #endif
1091 }
1092
1093 /* len must be <= 8 and start must be a multiple of len */
1094 static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1095 {
1096 PageDesc *p;
1097 int offset, b;
1098 #if 0
1099 if (1) {
1100 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1101 cpu_single_env->mem_io_vaddr, len,
1102 cpu_single_env->eip,
1103 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
1104 }
1105 #endif
1106 p = page_find(start >> TARGET_PAGE_BITS);
1107 if (!p)
1108 return;
1109 if (p->code_bitmap) {
1110 offset = start & ~TARGET_PAGE_MASK;
1111 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1112 if (b & ((1 << len) - 1))
1113 goto do_invalidate;
1114 } else {
1115 do_invalidate:
1116 tb_invalidate_phys_page_range(start, start + len, 1);
1117 }
1118 }
1119
1120 #if !defined(CONFIG_SOFTMMU)
1121 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1122 unsigned long pc, void *puc)
1123 {
1124 TranslationBlock *tb;
1125 PageDesc *p;
1126 int n;
1127 #ifdef TARGET_HAS_PRECISE_SMC
1128 TranslationBlock *current_tb = NULL;
1129 CPUState *env = cpu_single_env;
1130 int current_tb_modified = 0;
1131 target_ulong current_pc = 0;
1132 target_ulong current_cs_base = 0;
1133 int current_flags = 0;
1134 #endif
1135
1136 addr &= TARGET_PAGE_MASK;
1137 p = page_find(addr >> TARGET_PAGE_BITS);
1138 if (!p)
1139 return;
1140 tb = p->first_tb;
1141 #ifdef TARGET_HAS_PRECISE_SMC
1142 if (tb && pc != 0) {
1143 current_tb = tb_find_pc(pc);
1144 }
1145 #endif
1146 while (tb != NULL) {
1147 n = (long)tb & 3;
1148 tb = (TranslationBlock *)((long)tb & ~3);
1149 #ifdef TARGET_HAS_PRECISE_SMC
1150 if (current_tb == tb &&
1151 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1152 /* If we are modifying the current TB, we must stop
1153 its execution. We could be more precise by checking
1154 that the modification is after the current PC, but it
1155 would require a specialized function to partially
1156 restore the CPU state */
1157
1158 current_tb_modified = 1;
1159 cpu_restore_state(current_tb, env, pc, puc);
1160 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1161 &current_flags);
1162 }
1163 #endif /* TARGET_HAS_PRECISE_SMC */
1164 tb_phys_invalidate(tb, addr);
1165 tb = tb->page_next[n];
1166 }
1167 p->first_tb = NULL;
1168 #ifdef TARGET_HAS_PRECISE_SMC
1169 if (current_tb_modified) {
1170 /* we generate a block containing just the instruction
1171 modifying the memory. It will ensure that it cannot modify
1172 itself */
1173 env->current_tb = NULL;
1174 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1175 cpu_resume_from_signal(env, puc);
1176 }
1177 #endif
1178 }
1179 #endif
1180
1181 /* add the tb in the target page and protect it if necessary */
1182 static inline void tb_alloc_page(TranslationBlock *tb,
1183 unsigned int n, tb_page_addr_t page_addr)
1184 {
1185 PageDesc *p;
1186 TranslationBlock *last_first_tb;
1187
1188 tb->page_addr[n] = page_addr;
1189 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1190 tb->page_next[n] = p->first_tb;
1191 last_first_tb = p->first_tb;
1192 p->first_tb = (TranslationBlock *)((long)tb | n);
1193 invalidate_page_bitmap(p);
1194
1195 #if defined(TARGET_HAS_SMC) || 1
1196
1197 #if defined(CONFIG_USER_ONLY)
1198 if (p->flags & PAGE_WRITE) {
1199 target_ulong addr;
1200 PageDesc *p2;
1201 int prot;
1202
1203 /* force the host page as non writable (writes will have a
1204 page fault + mprotect overhead) */
1205 page_addr &= qemu_host_page_mask;
1206 prot = 0;
1207 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1208 addr += TARGET_PAGE_SIZE) {
1209
1210 p2 = page_find (addr >> TARGET_PAGE_BITS);
1211 if (!p2)
1212 continue;
1213 prot |= p2->flags;
1214 p2->flags &= ~PAGE_WRITE;
1215 }
1216 mprotect(g2h(page_addr), qemu_host_page_size,
1217 (prot & PAGE_BITS) & ~PAGE_WRITE);
1218 #ifdef DEBUG_TB_INVALIDATE
1219 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1220 page_addr);
1221 #endif
1222 }
1223 #else
1224 /* if some code is already present, then the pages are already
1225 protected. So we handle the case where only the first TB is
1226 allocated in a physical page */
1227 if (!last_first_tb) {
1228 tlb_protect_code(page_addr);
1229 }
1230 #endif
1231
1232 #endif /* TARGET_HAS_SMC */
1233 }
1234
1235 /* Allocate a new translation block. Flush the translation buffer if
1236 too many translation blocks or too much generated code. */
1237 TranslationBlock *tb_alloc(target_ulong pc)
1238 {
1239 TranslationBlock *tb;
1240
1241 if (nb_tbs >= code_gen_max_blocks ||
1242 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
1243 return NULL;
1244 tb = &tbs[nb_tbs++];
1245 tb->pc = pc;
1246 tb->cflags = 0;
1247 return tb;
1248 }
1249
1250 void tb_free(TranslationBlock *tb)
1251 {
1252 /* In practice this is mostly used for single use temporary TB
1253 Ignore the hard cases and just back up if this TB happens to
1254 be the last one generated. */
1255 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
1256 code_gen_ptr = tb->tc_ptr;
1257 nb_tbs--;
1258 }
1259 }
1260
1261 /* add a new TB and link it to the physical page tables. phys_page2 is
1262 (-1) to indicate that only one page contains the TB. */
1263 void tb_link_page(TranslationBlock *tb,
1264 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
1265 {
1266 unsigned int h;
1267 TranslationBlock **ptb;
1268
1269 /* Grab the mmap lock to stop another thread invalidating this TB
1270 before we are done. */
1271 mmap_lock();
1272 /* add in the physical hash table */
1273 h = tb_phys_hash_func(phys_pc);
1274 ptb = &tb_phys_hash[h];
1275 tb->phys_hash_next = *ptb;
1276 *ptb = tb;
1277
1278 /* add in the page list */
1279 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1280 if (phys_page2 != -1)
1281 tb_alloc_page(tb, 1, phys_page2);
1282 else
1283 tb->page_addr[1] = -1;
1284
1285 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1286 tb->jmp_next[0] = NULL;
1287 tb->jmp_next[1] = NULL;
1288
1289 /* init original jump addresses */
1290 if (tb->tb_next_offset[0] != 0xffff)
1291 tb_reset_jump(tb, 0);
1292 if (tb->tb_next_offset[1] != 0xffff)
1293 tb_reset_jump(tb, 1);
1294
1295 #ifdef DEBUG_TB_CHECK
1296 tb_page_check();
1297 #endif
1298 mmap_unlock();
1299 }
1300
1301 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1302 tb[1].tc_ptr. Return NULL if not found */
1303 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1304 {
1305 int m_min, m_max, m;
1306 unsigned long v;
1307 TranslationBlock *tb;
1308
1309 if (nb_tbs <= 0)
1310 return NULL;
1311 if (tc_ptr < (unsigned long)code_gen_buffer ||
1312 tc_ptr >= (unsigned long)code_gen_ptr)
1313 return NULL;
1314 /* binary search (cf Knuth) */
1315 m_min = 0;
1316 m_max = nb_tbs - 1;
1317 while (m_min <= m_max) {
1318 m = (m_min + m_max) >> 1;
1319 tb = &tbs[m];
1320 v = (unsigned long)tb->tc_ptr;
1321 if (v == tc_ptr)
1322 return tb;
1323 else if (tc_ptr < v) {
1324 m_max = m - 1;
1325 } else {
1326 m_min = m + 1;
1327 }
1328 }
1329 return &tbs[m_max];
1330 }
1331
1332 static void tb_reset_jump_recursive(TranslationBlock *tb);
1333
1334 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1335 {
1336 TranslationBlock *tb1, *tb_next, **ptb;
1337 unsigned int n1;
1338
1339 tb1 = tb->jmp_next[n];
1340 if (tb1 != NULL) {
1341 /* find head of list */
1342 for(;;) {
1343 n1 = (long)tb1 & 3;
1344 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1345 if (n1 == 2)
1346 break;
1347 tb1 = tb1->jmp_next[n1];
1348 }
1349 /* we are now sure now that tb jumps to tb1 */
1350 tb_next = tb1;
1351
1352 /* remove tb from the jmp_first list */
1353 ptb = &tb_next->jmp_first;
1354 for(;;) {
1355 tb1 = *ptb;
1356 n1 = (long)tb1 & 3;
1357 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1358 if (n1 == n && tb1 == tb)
1359 break;
1360 ptb = &tb1->jmp_next[n1];
1361 }
1362 *ptb = tb->jmp_next[n];
1363 tb->jmp_next[n] = NULL;
1364
1365 /* suppress the jump to next tb in generated code */
1366 tb_reset_jump(tb, n);
1367
1368 /* suppress jumps in the tb on which we could have jumped */
1369 tb_reset_jump_recursive(tb_next);
1370 }
1371 }
1372
1373 static void tb_reset_jump_recursive(TranslationBlock *tb)
1374 {
1375 tb_reset_jump_recursive2(tb, 0);
1376 tb_reset_jump_recursive2(tb, 1);
1377 }
1378
1379 #if defined(TARGET_HAS_ICE)
1380 #if defined(CONFIG_USER_ONLY)
1381 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1382 {
1383 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1384 }
1385 #else
1386 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1387 {
1388 target_phys_addr_t addr;
1389 target_ulong pd;
1390 ram_addr_t ram_addr;
1391 PhysPageDesc *p;
1392
1393 addr = cpu_get_phys_page_debug(env, pc);
1394 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1395 if (!p) {
1396 pd = IO_MEM_UNASSIGNED;
1397 } else {
1398 pd = p->phys_offset;
1399 }
1400 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1401 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1402 }
1403 #endif
1404 #endif /* TARGET_HAS_ICE */
1405
1406 #if defined(CONFIG_USER_ONLY)
1407 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1408
1409 {
1410 }
1411
1412 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1413 int flags, CPUWatchpoint **watchpoint)
1414 {
1415 return -ENOSYS;
1416 }
1417 #else
1418 /* Add a watchpoint. */
1419 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1420 int flags, CPUWatchpoint **watchpoint)
1421 {
1422 target_ulong len_mask = ~(len - 1);
1423 CPUWatchpoint *wp;
1424
1425 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1426 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1427 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1428 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1429 return -EINVAL;
1430 }
1431 wp = qemu_malloc(sizeof(*wp));
1432
1433 wp->vaddr = addr;
1434 wp->len_mask = len_mask;
1435 wp->flags = flags;
1436
1437 /* keep all GDB-injected watchpoints in front */
1438 if (flags & BP_GDB)
1439 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1440 else
1441 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1442
1443 tlb_flush_page(env, addr);
1444
1445 if (watchpoint)
1446 *watchpoint = wp;
1447 return 0;
1448 }
1449
1450 /* Remove a specific watchpoint. */
1451 int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1452 int flags)
1453 {
1454 target_ulong len_mask = ~(len - 1);
1455 CPUWatchpoint *wp;
1456
1457 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1458 if (addr == wp->vaddr && len_mask == wp->len_mask
1459 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1460 cpu_watchpoint_remove_by_ref(env, wp);
1461 return 0;
1462 }
1463 }
1464 return -ENOENT;
1465 }
1466
1467 /* Remove a specific watchpoint by reference. */
1468 void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1469 {
1470 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1471
1472 tlb_flush_page(env, watchpoint->vaddr);
1473
1474 qemu_free(watchpoint);
1475 }
1476
1477 /* Remove all matching watchpoints. */
1478 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1479 {
1480 CPUWatchpoint *wp, *next;
1481
1482 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1483 if (wp->flags & mask)
1484 cpu_watchpoint_remove_by_ref(env, wp);
1485 }
1486 }
1487 #endif
1488
1489 /* Add a breakpoint. */
1490 int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1491 CPUBreakpoint **breakpoint)
1492 {
1493 #if defined(TARGET_HAS_ICE)
1494 CPUBreakpoint *bp;
1495
1496 bp = qemu_malloc(sizeof(*bp));
1497
1498 bp->pc = pc;
1499 bp->flags = flags;
1500
1501 /* keep all GDB-injected breakpoints in front */
1502 if (flags & BP_GDB)
1503 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1504 else
1505 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1506
1507 breakpoint_invalidate(env, pc);
1508
1509 if (breakpoint)
1510 *breakpoint = bp;
1511 return 0;
1512 #else
1513 return -ENOSYS;
1514 #endif
1515 }
1516
1517 /* Remove a specific breakpoint. */
1518 int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1519 {
1520 #if defined(TARGET_HAS_ICE)
1521 CPUBreakpoint *bp;
1522
1523 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1524 if (bp->pc == pc && bp->flags == flags) {
1525 cpu_breakpoint_remove_by_ref(env, bp);
1526 return 0;
1527 }
1528 }
1529 return -ENOENT;
1530 #else
1531 return -ENOSYS;
1532 #endif
1533 }
1534
1535 /* Remove a specific breakpoint by reference. */
1536 void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
1537 {
1538 #if defined(TARGET_HAS_ICE)
1539 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1540
1541 breakpoint_invalidate(env, breakpoint->pc);
1542
1543 qemu_free(breakpoint);
1544 #endif
1545 }
1546
1547 /* Remove all matching breakpoints. */
1548 void cpu_breakpoint_remove_all(CPUState *env, int mask)
1549 {
1550 #if defined(TARGET_HAS_ICE)
1551 CPUBreakpoint *bp, *next;
1552
1553 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1554 if (bp->flags & mask)
1555 cpu_breakpoint_remove_by_ref(env, bp);
1556 }
1557 #endif
1558 }
1559
1560 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1561 CPU loop after each instruction */
1562 void cpu_single_step(CPUState *env, int enabled)
1563 {
1564 #if defined(TARGET_HAS_ICE)
1565 if (env->singlestep_enabled != enabled) {
1566 env->singlestep_enabled = enabled;
1567 if (kvm_enabled())
1568 kvm_update_guest_debug(env, 0);
1569 else {
1570 /* must flush all the translated code to avoid inconsistencies */
1571 /* XXX: only flush what is necessary */
1572 tb_flush(env);
1573 }
1574 }
1575 #endif
1576 }
1577
1578 /* enable or disable low levels log */
1579 void cpu_set_log(int log_flags)
1580 {
1581 loglevel = log_flags;
1582 if (loglevel && !logfile) {
1583 logfile = fopen(logfilename, log_append ? "a" : "w");
1584 if (!logfile) {
1585 perror(logfilename);
1586 _exit(1);
1587 }
1588 #if !defined(CONFIG_SOFTMMU)
1589 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1590 {
1591 static char logfile_buf[4096];
1592 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1593 }
1594 #elif !defined(_WIN32)
1595 /* Win32 doesn't support line-buffering and requires size >= 2 */
1596 setvbuf(logfile, NULL, _IOLBF, 0);
1597 #endif
1598 log_append = 1;
1599 }
1600 if (!loglevel && logfile) {
1601 fclose(logfile);
1602 logfile = NULL;
1603 }
1604 }
1605
1606 void cpu_set_log_filename(const char *filename)
1607 {
1608 logfilename = strdup(filename);
1609 if (logfile) {
1610 fclose(logfile);
1611 logfile = NULL;
1612 }
1613 cpu_set_log(loglevel);
1614 }
1615
1616 static void cpu_unlink_tb(CPUState *env)
1617 {
1618 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1619 problem and hope the cpu will stop of its own accord. For userspace
1620 emulation this often isn't actually as bad as it sounds. Often
1621 signals are used primarily to interrupt blocking syscalls. */
1622 TranslationBlock *tb;
1623 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1624
1625 spin_lock(&interrupt_lock);
1626 tb = env->current_tb;
1627 /* if the cpu is currently executing code, we must unlink it and
1628 all the potentially executing TB */
1629 if (tb) {
1630 env->current_tb = NULL;
1631 tb_reset_jump_recursive(tb);
1632 }
1633 spin_unlock(&interrupt_lock);
1634 }
1635
1636 /* mask must never be zero, except for A20 change call */
1637 void cpu_interrupt(CPUState *env, int mask)
1638 {
1639 int old_mask;
1640
1641 old_mask = env->interrupt_request;
1642 env->interrupt_request |= mask;
1643 if (kvm_enabled() && !kvm_irqchip_in_kernel())
1644 kvm_update_interrupt_request(env);
1645
1646 #ifndef CONFIG_USER_ONLY
1647 /*
1648 * If called from iothread context, wake the target cpu in
1649 * case its halted.
1650 */
1651 if (!qemu_cpu_self(env)) {
1652 qemu_cpu_kick(env);
1653 return;
1654 }
1655 #endif
1656
1657 if (use_icount) {
1658 env->icount_decr.u16.high = 0xffff;
1659 #ifndef CONFIG_USER_ONLY
1660 if (!can_do_io(env)
1661 && (mask & ~old_mask) != 0) {
1662 cpu_abort(env, "Raised interrupt while not in I/O function");
1663 }
1664 #endif
1665 } else {
1666 cpu_unlink_tb(env);
1667 }
1668 }
1669
1670 void cpu_reset_interrupt(CPUState *env, int mask)
1671 {
1672 env->interrupt_request &= ~mask;
1673 }
1674
1675 void cpu_exit(CPUState *env)
1676 {
1677 env->exit_request = 1;
1678 cpu_unlink_tb(env);
1679 }
1680
1681 const CPULogItem cpu_log_items[] = {
1682 { CPU_LOG_TB_OUT_ASM, "out_asm",
1683 "show generated host assembly code for each compiled TB" },
1684 { CPU_LOG_TB_IN_ASM, "in_asm",
1685 "show target assembly code for each compiled TB" },
1686 { CPU_LOG_TB_OP, "op",
1687 "show micro ops for each compiled TB" },
1688 { CPU_LOG_TB_OP_OPT, "op_opt",
1689 "show micro ops "
1690 #ifdef TARGET_I386
1691 "before eflags optimization and "
1692 #endif
1693 "after liveness analysis" },
1694 { CPU_LOG_INT, "int",
1695 "show interrupts/exceptions in short format" },
1696 { CPU_LOG_EXEC, "exec",
1697 "show trace before each executed TB (lots of logs)" },
1698 { CPU_LOG_TB_CPU, "cpu",
1699 "show CPU state before block translation" },
1700 #ifdef TARGET_I386
1701 { CPU_LOG_PCALL, "pcall",
1702 "show protected mode far calls/returns/exceptions" },
1703 { CPU_LOG_RESET, "cpu_reset",
1704 "show CPU state before CPU resets" },
1705 #endif
1706 #ifdef DEBUG_IOPORT
1707 { CPU_LOG_IOPORT, "ioport",
1708 "show all i/o ports accesses" },
1709 #endif
1710 { 0, NULL, NULL },
1711 };
1712
1713 #ifndef CONFIG_USER_ONLY
1714 static QLIST_HEAD(memory_client_list, CPUPhysMemoryClient) memory_client_list
1715 = QLIST_HEAD_INITIALIZER(memory_client_list);
1716
1717 static void cpu_notify_set_memory(target_phys_addr_t start_addr,
1718 ram_addr_t size,
1719 ram_addr_t phys_offset)
1720 {
1721 CPUPhysMemoryClient *client;
1722 QLIST_FOREACH(client, &memory_client_list, list) {
1723 client->set_memory(client, start_addr, size, phys_offset);
1724 }
1725 }
1726
1727 static int cpu_notify_sync_dirty_bitmap(target_phys_addr_t start,
1728 target_phys_addr_t end)
1729 {
1730 CPUPhysMemoryClient *client;
1731 QLIST_FOREACH(client, &memory_client_list, list) {
1732 int r = client->sync_dirty_bitmap(client, start, end);
1733 if (r < 0)
1734 return r;
1735 }
1736 return 0;
1737 }
1738
1739 static int cpu_notify_migration_log(int enable)
1740 {
1741 CPUPhysMemoryClient *client;
1742 QLIST_FOREACH(client, &memory_client_list, list) {
1743 int r = client->migration_log(client, enable);
1744 if (r < 0)
1745 return r;
1746 }
1747 return 0;
1748 }
1749
1750 static void phys_page_for_each_1(CPUPhysMemoryClient *client,
1751 int level, void **lp)
1752 {
1753 int i;
1754
1755 if (*lp == NULL) {
1756 return;
1757 }
1758 if (level == 0) {
1759 PhysPageDesc *pd = *lp;
1760 for (i = 0; i < L2_SIZE; ++i) {
1761 if (pd[i].phys_offset != IO_MEM_UNASSIGNED) {
1762 client->set_memory(client, pd[i].region_offset,
1763 TARGET_PAGE_SIZE, pd[i].phys_offset);
1764 }
1765 }
1766 } else {
1767 void **pp = *lp;
1768 for (i = 0; i < L2_SIZE; ++i) {
1769 phys_page_for_each_1(client, level - 1, pp + i);
1770 }
1771 }
1772 }
1773
1774 static void phys_page_for_each(CPUPhysMemoryClient *client)
1775 {
1776 int i;
1777 for (i = 0; i < P_L1_SIZE; ++i) {
1778 phys_page_for_each_1(client, P_L1_SHIFT / L2_BITS - 1,
1779 l1_phys_map + 1);
1780 }
1781 }
1782
1783 void cpu_register_phys_memory_client(CPUPhysMemoryClient *client)
1784 {
1785 QLIST_INSERT_HEAD(&memory_client_list, client, list);
1786 phys_page_for_each(client);
1787 }
1788
1789 void cpu_unregister_phys_memory_client(CPUPhysMemoryClient *client)
1790 {
1791 QLIST_REMOVE(client, list);
1792 }
1793 #endif
1794
1795 static int cmp1(const char *s1, int n, const char *s2)
1796 {
1797 if (strlen(s2) != n)
1798 return 0;
1799 return memcmp(s1, s2, n) == 0;
1800 }
1801
1802 /* takes a comma separated list of log masks. Return 0 if error. */
1803 int cpu_str_to_log_mask(const char *str)
1804 {
1805 const CPULogItem *item;
1806 int mask;
1807 const char *p, *p1;
1808
1809 p = str;
1810 mask = 0;
1811 for(;;) {
1812 p1 = strchr(p, ',');
1813 if (!p1)
1814 p1 = p + strlen(p);
1815 if(cmp1(p,p1-p,"all")) {
1816 for(item = cpu_log_items; item->mask != 0; item++) {
1817 mask |= item->mask;
1818 }
1819 } else {
1820 for(item = cpu_log_items; item->mask != 0; item++) {
1821 if (cmp1(p, p1 - p, item->name))
1822 goto found;
1823 }
1824 return 0;
1825 }
1826 found:
1827 mask |= item->mask;
1828 if (*p1 != ',')
1829 break;
1830 p = p1 + 1;
1831 }
1832 return mask;
1833 }
1834
1835 void cpu_abort(CPUState *env, const char *fmt, ...)
1836 {
1837 va_list ap;
1838 va_list ap2;
1839
1840 va_start(ap, fmt);
1841 va_copy(ap2, ap);
1842 fprintf(stderr, "qemu: fatal: ");
1843 vfprintf(stderr, fmt, ap);
1844 fprintf(stderr, "\n");
1845 #ifdef TARGET_I386
1846 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1847 #else
1848 cpu_dump_state(env, stderr, fprintf, 0);
1849 #endif
1850 if (qemu_log_enabled()) {
1851 qemu_log("qemu: fatal: ");
1852 qemu_log_vprintf(fmt, ap2);
1853 qemu_log("\n");
1854 #ifdef TARGET_I386
1855 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
1856 #else
1857 log_cpu_state(env, 0);
1858 #endif
1859 qemu_log_flush();
1860 qemu_log_close();
1861 }
1862 va_end(ap2);
1863 va_end(ap);
1864 #if defined(CONFIG_USER_ONLY)
1865 {
1866 struct sigaction act;
1867 sigfillset(&act.sa_mask);
1868 act.sa_handler = SIG_DFL;
1869 sigaction(SIGABRT, &act, NULL);
1870 }
1871 #endif
1872 abort();
1873 }
1874
1875 CPUState *cpu_copy(CPUState *env)
1876 {
1877 CPUState *new_env = cpu_init(env->cpu_model_str);
1878 CPUState *next_cpu = new_env->next_cpu;
1879 int cpu_index = new_env->cpu_index;
1880 #if defined(TARGET_HAS_ICE)
1881 CPUBreakpoint *bp;
1882 CPUWatchpoint *wp;
1883 #endif
1884
1885 memcpy(new_env, env, sizeof(CPUState));
1886
1887 /* Preserve chaining and index. */
1888 new_env->next_cpu = next_cpu;
1889 new_env->cpu_index = cpu_index;
1890
1891 /* Clone all break/watchpoints.
1892 Note: Once we support ptrace with hw-debug register access, make sure
1893 BP_CPU break/watchpoints are handled correctly on clone. */
1894 QTAILQ_INIT(&env->breakpoints);
1895 QTAILQ_INIT(&env->watchpoints);
1896 #if defined(TARGET_HAS_ICE)
1897 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1898 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1899 }
1900 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1901 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1902 wp->flags, NULL);
1903 }
1904 #endif
1905
1906 return new_env;
1907 }
1908
1909 #if !defined(CONFIG_USER_ONLY)
1910
1911 static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1912 {
1913 unsigned int i;
1914
1915 /* Discard jump cache entries for any tb which might potentially
1916 overlap the flushed page. */
1917 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1918 memset (&env->tb_jmp_cache[i], 0,
1919 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1920
1921 i = tb_jmp_cache_hash_page(addr);
1922 memset (&env->tb_jmp_cache[i], 0,
1923 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1924 }
1925
1926 static CPUTLBEntry s_cputlb_empty_entry = {
1927 .addr_read = -1,
1928 .addr_write = -1,
1929 .addr_code = -1,
1930 .addend = -1,
1931 };
1932
1933 /* NOTE: if flush_global is true, also flush global entries (not
1934 implemented yet) */
1935 void tlb_flush(CPUState *env, int flush_global)
1936 {
1937 int i;
1938
1939 #if defined(DEBUG_TLB)
1940 printf("tlb_flush:\n");
1941 #endif
1942 /* must reset current TB so that interrupts cannot modify the
1943 links while we are modifying them */
1944 env->current_tb = NULL;
1945
1946 for(i = 0; i < CPU_TLB_SIZE; i++) {
1947 int mmu_idx;
1948 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1949 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
1950 }
1951 }
1952
1953 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1954
1955 env->tlb_flush_addr = -1;
1956 env->tlb_flush_mask = 0;
1957 tlb_flush_count++;
1958 }
1959
1960 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1961 {
1962 if (addr == (tlb_entry->addr_read &
1963 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1964 addr == (tlb_entry->addr_write &
1965 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1966 addr == (tlb_entry->addr_code &
1967 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1968 *tlb_entry = s_cputlb_empty_entry;
1969 }
1970 }
1971
1972 void tlb_flush_page(CPUState *env, target_ulong addr)
1973 {
1974 int i;
1975 int mmu_idx;
1976
1977 #if defined(DEBUG_TLB)
1978 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1979 #endif
1980 /* Check if we need to flush due to large pages. */
1981 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
1982 #if defined(DEBUG_TLB)
1983 printf("tlb_flush_page: forced full flush ("
1984 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
1985 env->tlb_flush_addr, env->tlb_flush_mask);
1986 #endif
1987 tlb_flush(env, 1);
1988 return;
1989 }
1990 /* must reset current TB so that interrupts cannot modify the
1991 links while we are modifying them */
1992 env->current_tb = NULL;
1993
1994 addr &= TARGET_PAGE_MASK;
1995 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1996 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
1997 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
1998
1999 tlb_flush_jmp_cache(env, addr);
2000 }
2001
2002 /* update the TLBs so that writes to code in the virtual page 'addr'
2003 can be detected */
2004 static void tlb_protect_code(ram_addr_t ram_addr)
2005 {
2006 cpu_physical_memory_reset_dirty(ram_addr,
2007 ram_addr + TARGET_PAGE_SIZE,
2008 CODE_DIRTY_FLAG);
2009 }
2010
2011 /* update the TLB so that writes in physical page 'phys_addr' are no longer
2012 tested for self modifying code */
2013 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
2014 target_ulong vaddr)
2015 {
2016 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
2017 }
2018
2019 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
2020 unsigned long start, unsigned long length)
2021 {
2022 unsigned long addr;
2023 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
2024 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
2025 if ((addr - start) < length) {
2026 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
2027 }
2028 }
2029 }
2030
2031 /* Note: start and end must be within the same ram block. */
2032 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
2033 int dirty_flags)
2034 {
2035 CPUState *env;
2036 unsigned long length, start1;
2037 int i;
2038
2039 start &= TARGET_PAGE_MASK;
2040 end = TARGET_PAGE_ALIGN(end);
2041
2042 length = end - start;
2043 if (length == 0)
2044 return;
2045 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
2046
2047 /* we modify the TLB cache so that the dirty bit will be set again
2048 when accessing the range */
2049 start1 = (unsigned long)qemu_get_ram_ptr(start);
2050 /* Chek that we don't span multiple blocks - this breaks the
2051 address comparisons below. */
2052 if ((unsigned long)qemu_get_ram_ptr(end - 1) - start1
2053 != (end - 1) - start) {
2054 abort();
2055 }
2056
2057 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2058 int mmu_idx;
2059 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2060 for(i = 0; i < CPU_TLB_SIZE; i++)
2061 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2062 start1, length);
2063 }
2064 }
2065 }
2066
2067 int cpu_physical_memory_set_dirty_tracking(int enable)
2068 {
2069 int ret = 0;
2070 in_migration = enable;
2071 ret = cpu_notify_migration_log(!!enable);
2072 return ret;
2073 }
2074
2075 int cpu_physical_memory_get_dirty_tracking(void)
2076 {
2077 return in_migration;
2078 }
2079
2080 int cpu_physical_sync_dirty_bitmap(target_phys_addr_t start_addr,
2081 target_phys_addr_t end_addr)
2082 {
2083 int ret;
2084
2085 ret = cpu_notify_sync_dirty_bitmap(start_addr, end_addr);
2086 return ret;
2087 }
2088
2089 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2090 {
2091 ram_addr_t ram_addr;
2092 void *p;
2093
2094 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
2095 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2096 + tlb_entry->addend);
2097 ram_addr = qemu_ram_addr_from_host_nofail(p);
2098 if (!cpu_physical_memory_is_dirty(ram_addr)) {
2099 tlb_entry->addr_write |= TLB_NOTDIRTY;
2100 }
2101 }
2102 }
2103
2104 /* update the TLB according to the current state of the dirty bits */
2105 void cpu_tlb_update_dirty(CPUState *env)
2106 {
2107 int i;
2108 int mmu_idx;
2109 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2110 for(i = 0; i < CPU_TLB_SIZE; i++)
2111 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2112 }
2113 }
2114
2115 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
2116 {
2117 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2118 tlb_entry->addr_write = vaddr;
2119 }
2120
2121 /* update the TLB corresponding to virtual page vaddr
2122 so that it is no longer dirty */
2123 static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
2124 {
2125 int i;
2126 int mmu_idx;
2127
2128 vaddr &= TARGET_PAGE_MASK;
2129 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2130 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2131 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
2132 }
2133
2134 /* Our TLB does not support large pages, so remember the area covered by
2135 large pages and trigger a full TLB flush if these are invalidated. */
2136 static void tlb_add_large_page(CPUState *env, target_ulong vaddr,
2137 target_ulong size)
2138 {
2139 target_ulong mask = ~(size - 1);
2140
2141 if (env->tlb_flush_addr == (target_ulong)-1) {
2142 env->tlb_flush_addr = vaddr & mask;
2143 env->tlb_flush_mask = mask;
2144 return;
2145 }
2146 /* Extend the existing region to include the new page.
2147 This is a compromise between unnecessary flushes and the cost
2148 of maintaining a full variable size TLB. */
2149 mask &= env->tlb_flush_mask;
2150 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2151 mask <<= 1;
2152 }
2153 env->tlb_flush_addr &= mask;
2154 env->tlb_flush_mask = mask;
2155 }
2156
2157 /* Add a new TLB entry. At most one entry for a given virtual address
2158 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2159 supplied size is only used by tlb_flush_page. */
2160 void tlb_set_page(CPUState *env, target_ulong vaddr,
2161 target_phys_addr_t paddr, int prot,
2162 int mmu_idx, target_ulong size)
2163 {
2164 PhysPageDesc *p;
2165 unsigned long pd;
2166 unsigned int index;
2167 target_ulong address;
2168 target_ulong code_address;
2169 unsigned long addend;
2170 CPUTLBEntry *te;
2171 CPUWatchpoint *wp;
2172 target_phys_addr_t iotlb;
2173
2174 assert(size >= TARGET_PAGE_SIZE);
2175 if (size != TARGET_PAGE_SIZE) {
2176 tlb_add_large_page(env, vaddr, size);
2177 }
2178 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
2179 if (!p) {
2180 pd = IO_MEM_UNASSIGNED;
2181 } else {
2182 pd = p->phys_offset;
2183 }
2184 #if defined(DEBUG_TLB)
2185 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
2186 " prot=%x idx=%d pd=0x%08lx\n",
2187 vaddr, paddr, prot, mmu_idx, pd);
2188 #endif
2189
2190 address = vaddr;
2191 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
2192 /* IO memory case (romd handled later) */
2193 address |= TLB_MMIO;
2194 }
2195 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
2196 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
2197 /* Normal RAM. */
2198 iotlb = pd & TARGET_PAGE_MASK;
2199 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
2200 iotlb |= IO_MEM_NOTDIRTY;
2201 else
2202 iotlb |= IO_MEM_ROM;
2203 } else {
2204 /* IO handlers are currently passed a physical address.
2205 It would be nice to pass an offset from the base address
2206 of that region. This would avoid having to special case RAM,
2207 and avoid full address decoding in every device.
2208 We can't use the high bits of pd for this because
2209 IO_MEM_ROMD uses these as a ram address. */
2210 iotlb = (pd & ~TARGET_PAGE_MASK);
2211 if (p) {
2212 iotlb += p->region_offset;
2213 } else {
2214 iotlb += paddr;
2215 }
2216 }
2217
2218 code_address = address;
2219 /* Make accesses to pages with watchpoints go via the
2220 watchpoint trap routines. */
2221 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2222 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2223 /* Avoid trapping reads of pages with a write breakpoint. */
2224 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
2225 iotlb = io_mem_watch + paddr;
2226 address |= TLB_MMIO;
2227 break;
2228 }
2229 }
2230 }
2231
2232 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2233 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2234 te = &env->tlb_table[mmu_idx][index];
2235 te->addend = addend - vaddr;
2236 if (prot & PAGE_READ) {
2237 te->addr_read = address;
2238 } else {
2239 te->addr_read = -1;
2240 }
2241
2242 if (prot & PAGE_EXEC) {
2243 te->addr_code = code_address;
2244 } else {
2245 te->addr_code = -1;
2246 }
2247 if (prot & PAGE_WRITE) {
2248 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
2249 (pd & IO_MEM_ROMD)) {
2250 /* Write access calls the I/O callback. */
2251 te->addr_write = address | TLB_MMIO;
2252 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
2253 !cpu_physical_memory_is_dirty(pd)) {
2254 te->addr_write = address | TLB_NOTDIRTY;
2255 } else {
2256 te->addr_write = address;
2257 }
2258 } else {
2259 te->addr_write = -1;
2260 }
2261 }
2262
2263 #else
2264
2265 void tlb_flush(CPUState *env, int flush_global)
2266 {
2267 }
2268
2269 void tlb_flush_page(CPUState *env, target_ulong addr)
2270 {
2271 }
2272
2273 /*
2274 * Walks guest process memory "regions" one by one
2275 * and calls callback function 'fn' for each region.
2276 */
2277
2278 struct walk_memory_regions_data
2279 {
2280 walk_memory_regions_fn fn;
2281 void *priv;
2282 unsigned long start;
2283 int prot;
2284 };
2285
2286 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
2287 abi_ulong end, int new_prot)
2288 {
2289 if (data->start != -1ul) {
2290 int rc = data->fn(data->priv, data->start, end, data->prot);
2291 if (rc != 0) {
2292 return rc;
2293 }
2294 }
2295
2296 data->start = (new_prot ? end : -1ul);
2297 data->prot = new_prot;
2298
2299 return 0;
2300 }
2301
2302 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
2303 abi_ulong base, int level, void **lp)
2304 {
2305 abi_ulong pa;
2306 int i, rc;
2307
2308 if (*lp == NULL) {
2309 return walk_memory_regions_end(data, base, 0);
2310 }
2311
2312 if (level == 0) {
2313 PageDesc *pd = *lp;
2314 for (i = 0; i < L2_SIZE; ++i) {
2315 int prot = pd[i].flags;
2316
2317 pa = base | (i << TARGET_PAGE_BITS);
2318 if (prot != data->prot) {
2319 rc = walk_memory_regions_end(data, pa, prot);
2320 if (rc != 0) {
2321 return rc;
2322 }
2323 }
2324 }
2325 } else {
2326 void **pp = *lp;
2327 for (i = 0; i < L2_SIZE; ++i) {
2328 pa = base | ((abi_ulong)i <<
2329 (TARGET_PAGE_BITS + L2_BITS * level));
2330 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2331 if (rc != 0) {
2332 return rc;
2333 }
2334 }
2335 }
2336
2337 return 0;
2338 }
2339
2340 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2341 {
2342 struct walk_memory_regions_data data;
2343 unsigned long i;
2344
2345 data.fn = fn;
2346 data.priv = priv;
2347 data.start = -1ul;
2348 data.prot = 0;
2349
2350 for (i = 0; i < V_L1_SIZE; i++) {
2351 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
2352 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2353 if (rc != 0) {
2354 return rc;
2355 }
2356 }
2357
2358 return walk_memory_regions_end(&data, 0, 0);
2359 }
2360
2361 static int dump_region(void *priv, abi_ulong start,
2362 abi_ulong end, unsigned long prot)
2363 {
2364 FILE *f = (FILE *)priv;
2365
2366 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2367 " "TARGET_ABI_FMT_lx" %c%c%c\n",
2368 start, end, end - start,
2369 ((prot & PAGE_READ) ? 'r' : '-'),
2370 ((prot & PAGE_WRITE) ? 'w' : '-'),
2371 ((prot & PAGE_EXEC) ? 'x' : '-'));
2372
2373 return (0);
2374 }
2375
2376 /* dump memory mappings */
2377 void page_dump(FILE *f)
2378 {
2379 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2380 "start", "end", "size", "prot");
2381 walk_memory_regions(f, dump_region);
2382 }
2383
2384 int page_get_flags(target_ulong address)
2385 {
2386 PageDesc *p;
2387
2388 p = page_find(address >> TARGET_PAGE_BITS);
2389 if (!p)
2390 return 0;
2391 return p->flags;
2392 }
2393
2394 /* Modify the flags of a page and invalidate the code if necessary.
2395 The flag PAGE_WRITE_ORG is positioned automatically depending
2396 on PAGE_WRITE. The mmap_lock should already be held. */
2397 void page_set_flags(target_ulong start, target_ulong end, int flags)
2398 {
2399 target_ulong addr, len;
2400
2401 /* This function should never be called with addresses outside the
2402 guest address space. If this assert fires, it probably indicates
2403 a missing call to h2g_valid. */
2404 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2405 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2406 #endif
2407 assert(start < end);
2408
2409 start = start & TARGET_PAGE_MASK;
2410 end = TARGET_PAGE_ALIGN(end);
2411
2412 if (flags & PAGE_WRITE) {
2413 flags |= PAGE_WRITE_ORG;
2414 }
2415
2416 for (addr = start, len = end - start;
2417 len != 0;
2418 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2419 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2420
2421 /* If the write protection bit is set, then we invalidate
2422 the code inside. */
2423 if (!(p->flags & PAGE_WRITE) &&
2424 (flags & PAGE_WRITE) &&
2425 p->first_tb) {
2426 tb_invalidate_phys_page(addr, 0, NULL);
2427 }
2428 p->flags = flags;
2429 }
2430 }
2431
2432 int page_check_range(target_ulong start, target_ulong len, int flags)
2433 {
2434 PageDesc *p;
2435 target_ulong end;
2436 target_ulong addr;
2437
2438 /* This function should never be called with addresses outside the
2439 guest address space. If this assert fires, it probably indicates
2440 a missing call to h2g_valid. */
2441 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2442 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2443 #endif
2444
2445 if (len == 0) {
2446 return 0;
2447 }
2448 if (start + len - 1 < start) {
2449 /* We've wrapped around. */
2450 return -1;
2451 }
2452
2453 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2454 start = start & TARGET_PAGE_MASK;
2455
2456 for (addr = start, len = end - start;
2457 len != 0;
2458 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2459 p = page_find(addr >> TARGET_PAGE_BITS);
2460 if( !p )
2461 return -1;
2462 if( !(p->flags & PAGE_VALID) )
2463 return -1;
2464
2465 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2466 return -1;
2467 if (flags & PAGE_WRITE) {
2468 if (!(p->flags & PAGE_WRITE_ORG))
2469 return -1;
2470 /* unprotect the page if it was put read-only because it
2471 contains translated code */
2472 if (!(p->flags & PAGE_WRITE)) {
2473 if (!page_unprotect(addr, 0, NULL))
2474 return -1;
2475 }
2476 return 0;
2477 }
2478 }
2479 return 0;
2480 }
2481
2482 /* called from signal handler: invalidate the code and unprotect the
2483 page. Return TRUE if the fault was successfully handled. */
2484 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2485 {
2486 unsigned int prot;
2487 PageDesc *p;
2488 target_ulong host_start, host_end, addr;
2489
2490 /* Technically this isn't safe inside a signal handler. However we
2491 know this only ever happens in a synchronous SEGV handler, so in
2492 practice it seems to be ok. */
2493 mmap_lock();
2494
2495 p = page_find(address >> TARGET_PAGE_BITS);
2496 if (!p) {
2497 mmap_unlock();
2498 return 0;
2499 }
2500
2501 /* if the page was really writable, then we change its
2502 protection back to writable */
2503 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2504 host_start = address & qemu_host_page_mask;
2505 host_end = host_start + qemu_host_page_size;
2506
2507 prot = 0;
2508 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2509 p = page_find(addr >> TARGET_PAGE_BITS);
2510 p->flags |= PAGE_WRITE;
2511 prot |= p->flags;
2512
2513 /* and since the content will be modified, we must invalidate
2514 the corresponding translated code. */
2515 tb_invalidate_phys_page(addr, pc, puc);
2516 #ifdef DEBUG_TB_CHECK
2517 tb_invalidate_check(addr);
2518 #endif
2519 }
2520 mprotect((void *)g2h(host_start), qemu_host_page_size,
2521 prot & PAGE_BITS);
2522
2523 mmap_unlock();
2524 return 1;
2525 }
2526 mmap_unlock();
2527 return 0;
2528 }
2529
2530 static inline void tlb_set_dirty(CPUState *env,
2531 unsigned long addr, target_ulong vaddr)
2532 {
2533 }
2534 #endif /* defined(CONFIG_USER_ONLY) */
2535
2536 #if !defined(CONFIG_USER_ONLY)
2537
2538 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2539 typedef struct subpage_t {
2540 target_phys_addr_t base;
2541 ram_addr_t sub_io_index[TARGET_PAGE_SIZE];
2542 ram_addr_t region_offset[TARGET_PAGE_SIZE];
2543 } subpage_t;
2544
2545 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2546 ram_addr_t memory, ram_addr_t region_offset);
2547 static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2548 ram_addr_t orig_memory,
2549 ram_addr_t region_offset);
2550 #define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2551 need_subpage) \
2552 do { \
2553 if (addr > start_addr) \
2554 start_addr2 = 0; \
2555 else { \
2556 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2557 if (start_addr2 > 0) \
2558 need_subpage = 1; \
2559 } \
2560 \
2561 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2562 end_addr2 = TARGET_PAGE_SIZE - 1; \
2563 else { \
2564 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2565 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2566 need_subpage = 1; \
2567 } \
2568 } while (0)
2569
2570 /* register physical memory.
2571 For RAM, 'size' must be a multiple of the target page size.
2572 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2573 io memory page. The address used when calling the IO function is
2574 the offset from the start of the region, plus region_offset. Both
2575 start_addr and region_offset are rounded down to a page boundary
2576 before calculating this offset. This should not be a problem unless
2577 the low bits of start_addr and region_offset differ. */
2578 void cpu_register_physical_memory_offset(target_phys_addr_t start_addr,
2579 ram_addr_t size,
2580 ram_addr_t phys_offset,
2581 ram_addr_t region_offset)
2582 {
2583 target_phys_addr_t addr, end_addr;
2584 PhysPageDesc *p;
2585 CPUState *env;
2586 ram_addr_t orig_size = size;
2587 subpage_t *subpage;
2588
2589 cpu_notify_set_memory(start_addr, size, phys_offset);
2590
2591 if (phys_offset == IO_MEM_UNASSIGNED) {
2592 region_offset = start_addr;
2593 }
2594 region_offset &= TARGET_PAGE_MASK;
2595 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2596 end_addr = start_addr + (target_phys_addr_t)size;
2597 for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
2598 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2599 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2600 ram_addr_t orig_memory = p->phys_offset;
2601 target_phys_addr_t start_addr2, end_addr2;
2602 int need_subpage = 0;
2603
2604 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2605 need_subpage);
2606 if (need_subpage) {
2607 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2608 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2609 &p->phys_offset, orig_memory,
2610 p->region_offset);
2611 } else {
2612 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2613 >> IO_MEM_SHIFT];
2614 }
2615 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2616 region_offset);
2617 p->region_offset = 0;
2618 } else {
2619 p->phys_offset = phys_offset;
2620 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2621 (phys_offset & IO_MEM_ROMD))
2622 phys_offset += TARGET_PAGE_SIZE;
2623 }
2624 } else {
2625 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2626 p->phys_offset = phys_offset;
2627 p->region_offset = region_offset;
2628 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2629 (phys_offset & IO_MEM_ROMD)) {
2630 phys_offset += TARGET_PAGE_SIZE;
2631 } else {
2632 target_phys_addr_t start_addr2, end_addr2;
2633 int need_subpage = 0;
2634
2635 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2636 end_addr2, need_subpage);
2637
2638 if (need_subpage) {
2639 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2640 &p->phys_offset, IO_MEM_UNASSIGNED,
2641 addr & TARGET_PAGE_MASK);
2642 subpage_register(subpage, start_addr2, end_addr2,
2643 phys_offset, region_offset);
2644 p->region_offset = 0;
2645 }
2646 }
2647 }
2648 region_offset += TARGET_PAGE_SIZE;
2649 }
2650
2651 /* since each CPU stores ram addresses in its TLB cache, we must
2652 reset the modified entries */
2653 /* XXX: slow ! */
2654 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2655 tlb_flush(env, 1);
2656 }
2657 }
2658
2659 /* XXX: temporary until new memory mapping API */
2660 ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
2661 {
2662 PhysPageDesc *p;
2663
2664 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2665 if (!p)
2666 return IO_MEM_UNASSIGNED;
2667 return p->phys_offset;
2668 }
2669
2670 void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2671 {
2672 if (kvm_enabled())
2673 kvm_coalesce_mmio_region(addr, size);
2674 }
2675
2676 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2677 {
2678 if (kvm_enabled())
2679 kvm_uncoalesce_mmio_region(addr, size);
2680 }
2681
2682 void qemu_flush_coalesced_mmio_buffer(void)
2683 {
2684 if (kvm_enabled())
2685 kvm_flush_coalesced_mmio_buffer();
2686 }
2687
2688 #if defined(__linux__) && !defined(TARGET_S390X)
2689
2690 #include <sys/vfs.h>
2691
2692 #define HUGETLBFS_MAGIC 0x958458f6
2693
2694 static long gethugepagesize(const char *path)
2695 {
2696 struct statfs fs;
2697 int ret;
2698
2699 do {
2700 ret = statfs(path, &fs);
2701 } while (ret != 0 && errno == EINTR);
2702
2703 if (ret != 0) {
2704 perror(path);
2705 return 0;
2706 }
2707
2708 if (fs.f_type != HUGETLBFS_MAGIC)
2709 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
2710
2711 return fs.f_bsize;
2712 }
2713
2714 static void *file_ram_alloc(RAMBlock *block,
2715 ram_addr_t memory,
2716 const char *path)
2717 {
2718 char *filename;
2719 void *area;
2720 int fd;
2721 #ifdef MAP_POPULATE
2722 int flags;
2723 #endif
2724 unsigned long hpagesize;
2725
2726 hpagesize = gethugepagesize(path);
2727 if (!hpagesize) {
2728 return NULL;
2729 }
2730
2731 if (memory < hpagesize) {
2732 return NULL;
2733 }
2734
2735 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2736 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2737 return NULL;
2738 }
2739
2740 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
2741 return NULL;
2742 }
2743
2744 fd = mkstemp(filename);
2745 if (fd < 0) {
2746 perror("unable to create backing store for hugepages");
2747 free(filename);
2748 return NULL;
2749 }
2750 unlink(filename);
2751 free(filename);
2752
2753 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2754
2755 /*
2756 * ftruncate is not supported by hugetlbfs in older
2757 * hosts, so don't bother bailing out on errors.
2758 * If anything goes wrong with it under other filesystems,
2759 * mmap will fail.
2760 */
2761 if (ftruncate(fd, memory))
2762 perror("ftruncate");
2763
2764 #ifdef MAP_POPULATE
2765 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2766 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2767 * to sidestep this quirk.
2768 */
2769 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2770 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2771 #else
2772 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2773 #endif
2774 if (area == MAP_FAILED) {
2775 perror("file_ram_alloc: can't mmap RAM pages");
2776 close(fd);
2777 return (NULL);
2778 }
2779 block->fd = fd;
2780 return area;
2781 }
2782 #endif
2783
2784 static ram_addr_t find_ram_offset(ram_addr_t size)
2785 {
2786 RAMBlock *block, *next_block;
2787 ram_addr_t offset = 0, mingap = ULONG_MAX;
2788
2789 if (QLIST_EMPTY(&ram_list.blocks))
2790 return 0;
2791
2792 QLIST_FOREACH(block, &ram_list.blocks, next) {
2793 ram_addr_t end, next = ULONG_MAX;
2794
2795 end = block->offset + block->length;
2796
2797 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2798 if (next_block->offset >= end) {
2799 next = MIN(next, next_block->offset);
2800 }
2801 }
2802 if (next - end >= size && next - end < mingap) {
2803 offset = end;
2804 mingap = next - end;
2805 }
2806 }
2807 return offset;
2808 }
2809
2810 static ram_addr_t last_ram_offset(void)
2811 {
2812 RAMBlock *block;
2813 ram_addr_t last = 0;
2814
2815 QLIST_FOREACH(block, &ram_list.blocks, next)
2816 last = MAX(last, block->offset + block->length);
2817
2818 return last;
2819 }
2820
2821 ram_addr_t qemu_ram_alloc_from_ptr(DeviceState *dev, const char *name,
2822 ram_addr_t size, void *host)
2823 {
2824 RAMBlock *new_block, *block;
2825
2826 size = TARGET_PAGE_ALIGN(size);
2827 new_block = qemu_mallocz(sizeof(*new_block));
2828
2829 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2830 char *id = dev->parent_bus->info->get_dev_path(dev);
2831 if (id) {
2832 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
2833 qemu_free(id);
2834 }
2835 }
2836 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2837
2838 QLIST_FOREACH(block, &ram_list.blocks, next) {
2839 if (!strcmp(block->idstr, new_block->idstr)) {
2840 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2841 new_block->idstr);
2842 abort();
2843 }
2844 }
2845
2846 if (host) {
2847 new_block->host = host;
2848 } else {
2849 if (mem_path) {
2850 #if defined (__linux__) && !defined(TARGET_S390X)
2851 new_block->host = file_ram_alloc(new_block, size, mem_path);
2852 if (!new_block->host) {
2853 new_block->host = qemu_vmalloc(size);
2854 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
2855 }
2856 #else
2857 fprintf(stderr, "-mem-path option unsupported\n");
2858 exit(1);
2859 #endif
2860 } else {
2861 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2862 /* XXX S390 KVM requires the topmost vma of the RAM to be < 256GB */
2863 new_block->host = mmap((void*)0x1000000, size,
2864 PROT_EXEC|PROT_READ|PROT_WRITE,
2865 MAP_SHARED | MAP_ANONYMOUS, -1, 0);
2866 #else
2867 new_block->host = qemu_vmalloc(size);
2868 #endif
2869 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
2870 }
2871 }
2872
2873 new_block->offset = find_ram_offset(size);
2874 new_block->length = size;
2875
2876 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
2877
2878 ram_list.phys_dirty = qemu_realloc(ram_list.phys_dirty,
2879 last_ram_offset() >> TARGET_PAGE_BITS);
2880 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2881 0xff, size >> TARGET_PAGE_BITS);
2882
2883 if (kvm_enabled())
2884 kvm_setup_guest_memory(new_block->host, size);
2885
2886 return new_block->offset;
2887 }
2888
2889 void qemu_ram_unmap(ram_addr_t addr)
2890 {
2891 RAMBlock *block;
2892
2893 QLIST_FOREACH(block, &ram_list.blocks, next) {
2894 if (addr == block->offset) {
2895 QLIST_REMOVE(block, next);
2896 qemu_free(block);
2897 return;
2898 }
2899 }
2900 }
2901
2902 ram_addr_t qemu_ram_alloc(DeviceState *dev, const char *name, ram_addr_t size)
2903 {
2904 return qemu_ram_alloc_from_ptr(dev, name, size, NULL);
2905 }
2906
2907 void qemu_ram_free(ram_addr_t addr)
2908 {
2909 RAMBlock *block;
2910
2911 QLIST_FOREACH(block, &ram_list.blocks, next) {
2912 if (addr == block->offset) {
2913 QLIST_REMOVE(block, next);
2914 if (mem_path) {
2915 #if defined (__linux__) && !defined(TARGET_S390X)
2916 if (block->fd) {
2917 munmap(block->host, block->length);
2918 close(block->fd);
2919 } else {
2920 qemu_vfree(block->host);
2921 }
2922 #endif
2923 } else {
2924 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2925 munmap(block->host, block->length);
2926 #else
2927 qemu_vfree(block->host);
2928 #endif
2929 }
2930 qemu_free(block);
2931 return;
2932 }
2933 }
2934
2935 }
2936
2937 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2938 With the exception of the softmmu code in this file, this should
2939 only be used for local memory (e.g. video ram) that the device owns,
2940 and knows it isn't going to access beyond the end of the block.
2941
2942 It should not be used for general purpose DMA.
2943 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2944 */
2945 void *qemu_get_ram_ptr(ram_addr_t addr)
2946 {
2947 RAMBlock *block;
2948
2949 QLIST_FOREACH(block, &ram_list.blocks, next) {
2950 if (addr - block->offset < block->length) {
2951 QLIST_REMOVE(block, next);
2952 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2953 return block->host + (addr - block->offset);
2954 }
2955 }
2956
2957 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2958 abort();
2959
2960 return NULL;
2961 }
2962
2963 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
2964 {
2965 RAMBlock *block;
2966 uint8_t *host = ptr;
2967
2968 QLIST_FOREACH(block, &ram_list.blocks, next) {
2969 if (host - block->host < block->length) {
2970 *ram_addr = block->offset + (host - block->host);
2971 return 0;
2972 }
2973 }
2974 return -1;
2975 }
2976
2977 /* Some of the softmmu routines need to translate from a host pointer
2978 (typically a TLB entry) back to a ram offset. */
2979 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
2980 {
2981 ram_addr_t ram_addr;
2982
2983 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
2984 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2985 abort();
2986 }
2987 return ram_addr;
2988 }
2989
2990 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
2991 {
2992 #ifdef DEBUG_UNASSIGNED
2993 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2994 #endif
2995 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2996 do_unassigned_access(addr, 0, 0, 0, 1);
2997 #endif
2998 return 0;
2999 }
3000
3001 static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
3002 {
3003 #ifdef DEBUG_UNASSIGNED
3004 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3005 #endif
3006 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3007 do_unassigned_access(addr, 0, 0, 0, 2);
3008 #endif
3009 return 0;
3010 }
3011
3012 static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
3013 {
3014 #ifdef DEBUG_UNASSIGNED
3015 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3016 #endif
3017 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3018 do_unassigned_access(addr, 0, 0, 0, 4);
3019 #endif
3020 return 0;
3021 }
3022
3023 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
3024 {
3025 #ifdef DEBUG_UNASSIGNED
3026 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3027 #endif
3028 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3029 do_unassigned_access(addr, 1, 0, 0, 1);
3030 #endif
3031 }
3032
3033 static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
3034 {
3035 #ifdef DEBUG_UNASSIGNED
3036 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3037 #endif
3038 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3039 do_unassigned_access(addr, 1, 0, 0, 2);
3040 #endif
3041 }
3042
3043 static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
3044 {
3045 #ifdef DEBUG_UNASSIGNED
3046 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3047 #endif
3048 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3049 do_unassigned_access(addr, 1, 0, 0, 4);
3050 #endif
3051 }
3052
3053 static CPUReadMemoryFunc * const unassigned_mem_read[3] = {
3054 unassigned_mem_readb,
3055 unassigned_mem_readw,
3056 unassigned_mem_readl,
3057 };
3058
3059 static CPUWriteMemoryFunc * const unassigned_mem_write[3] = {
3060 unassigned_mem_writeb,
3061 unassigned_mem_writew,
3062 unassigned_mem_writel,
3063 };
3064
3065 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
3066 uint32_t val)
3067 {
3068 int dirty_flags;
3069 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3070 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3071 #if !defined(CONFIG_USER_ONLY)
3072 tb_invalidate_phys_page_fast(ram_addr, 1);
3073 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3074 #endif
3075 }
3076 stb_p(qemu_get_ram_ptr(ram_addr), val);
3077 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3078 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3079 /* we remove the notdirty callback only if the code has been
3080 flushed */
3081 if (dirty_flags == 0xff)
3082 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3083 }
3084
3085 static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
3086 uint32_t val)
3087 {
3088 int dirty_flags;
3089 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3090 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3091 #if !defined(CONFIG_USER_ONLY)
3092 tb_invalidate_phys_page_fast(ram_addr, 2);
3093 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3094 #endif
3095 }
3096 stw_p(qemu_get_ram_ptr(ram_addr), val);
3097 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3098 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3099 /* we remove the notdirty callback only if the code has been
3100 flushed */
3101 if (dirty_flags == 0xff)
3102 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3103 }
3104
3105 static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
3106 uint32_t val)
3107 {
3108 int dirty_flags;
3109 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3110 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3111 #if !defined(CONFIG_USER_ONLY)
3112 tb_invalidate_phys_page_fast(ram_addr, 4);
3113 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3114 #endif
3115 }
3116 stl_p(qemu_get_ram_ptr(ram_addr), val);
3117 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3118 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3119 /* we remove the notdirty callback only if the code has been
3120 flushed */
3121 if (dirty_flags == 0xff)
3122 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3123 }
3124
3125 static CPUReadMemoryFunc * const error_mem_read[3] = {
3126 NULL, /* never used */
3127 NULL, /* never used */
3128 NULL, /* never used */
3129 };
3130
3131 static CPUWriteMemoryFunc * const notdirty_mem_write[3] = {
3132 notdirty_mem_writeb,
3133 notdirty_mem_writew,
3134 notdirty_mem_writel,
3135 };
3136
3137 /* Generate a debug exception if a watchpoint has been hit. */
3138 static void check_watchpoint(int offset, int len_mask, int flags)
3139 {
3140 CPUState *env = cpu_single_env;
3141 target_ulong pc, cs_base;
3142 TranslationBlock *tb;
3143 target_ulong vaddr;
3144 CPUWatchpoint *wp;
3145 int cpu_flags;
3146
3147 if (env->watchpoint_hit) {
3148 /* We re-entered the check after replacing the TB. Now raise
3149 * the debug interrupt so that is will trigger after the
3150 * current instruction. */
3151 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3152 return;
3153 }
3154 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
3155 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
3156 if ((vaddr == (wp->vaddr & len_mask) ||
3157 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
3158 wp->flags |= BP_WATCHPOINT_HIT;
3159 if (!env->watchpoint_hit) {
3160 env->watchpoint_hit = wp;
3161 tb = tb_find_pc(env->mem_io_pc);
3162 if (!tb) {
3163 cpu_abort(env, "check_watchpoint: could not find TB for "
3164 "pc=%p", (void *)env->mem_io_pc);
3165 }
3166 cpu_restore_state(tb, env, env->mem_io_pc, NULL);
3167 tb_phys_invalidate(tb, -1);
3168 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3169 env->exception_index = EXCP_DEBUG;
3170 } else {
3171 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3172 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3173 }
3174 cpu_resume_from_signal(env, NULL);
3175 }
3176 } else {
3177 wp->flags &= ~BP_WATCHPOINT_HIT;
3178 }
3179 }
3180 }
3181
3182 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3183 so these check for a hit then pass through to the normal out-of-line
3184 phys routines. */
3185 static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
3186 {
3187 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_READ);
3188 return ldub_phys(addr);
3189 }
3190
3191 static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
3192 {
3193 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_READ);
3194 return lduw_phys(addr);
3195 }
3196
3197 static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
3198 {
3199 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_READ);
3200 return ldl_phys(addr);
3201 }
3202
3203 static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
3204 uint32_t val)
3205 {
3206 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_WRITE);
3207 stb_phys(addr, val);
3208 }
3209
3210 static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
3211 uint32_t val)
3212 {
3213 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_WRITE);
3214 stw_phys(addr, val);
3215 }
3216
3217 static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
3218 uint32_t val)
3219 {
3220 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_WRITE);
3221 stl_phys(addr, val);
3222 }
3223
3224 static CPUReadMemoryFunc * const watch_mem_read[3] = {
3225 watch_mem_readb,
3226 watch_mem_readw,
3227 watch_mem_readl,
3228 };
3229
3230 static CPUWriteMemoryFunc * const watch_mem_write[3] = {
3231 watch_mem_writeb,
3232 watch_mem_writew,
3233 watch_mem_writel,
3234 };
3235
3236 static inline uint32_t subpage_readlen (subpage_t *mmio,
3237 target_phys_addr_t addr,
3238 unsigned int len)
3239 {
3240 unsigned int idx = SUBPAGE_IDX(addr);
3241 #if defined(DEBUG_SUBPAGE)
3242 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3243 mmio, len, addr, idx);
3244 #endif
3245
3246 addr += mmio->region_offset[idx];
3247 idx = mmio->sub_io_index[idx];
3248 return io_mem_read[idx][len](io_mem_opaque[idx], addr);
3249 }
3250
3251 static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
3252 uint32_t value, unsigned int len)
3253 {
3254 unsigned int idx = SUBPAGE_IDX(addr);
3255 #if defined(DEBUG_SUBPAGE)
3256 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n",
3257 __func__, mmio, len, addr, idx, value);
3258 #endif
3259
3260 addr += mmio->region_offset[idx];
3261 idx = mmio->sub_io_index[idx];
3262 io_mem_write[idx][len](io_mem_opaque[idx], addr, value);
3263 }
3264
3265 static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
3266 {
3267 return subpage_readlen(opaque, addr, 0);
3268 }
3269
3270 static void subpage_writeb (void *opaque, target_phys_addr_t addr,
3271 uint32_t value)
3272 {
3273 subpage_writelen(opaque, addr, value, 0);
3274 }
3275
3276 static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
3277 {
3278 return subpage_readlen(opaque, addr, 1);
3279 }
3280
3281 static void subpage_writew (void *opaque, target_phys_addr_t addr,
3282 uint32_t value)
3283 {
3284 subpage_writelen(opaque, addr, value, 1);
3285 }
3286
3287 static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
3288 {
3289 return subpage_readlen(opaque, addr, 2);
3290 }
3291
3292 static void subpage_writel (void *opaque, target_phys_addr_t addr,
3293 uint32_t value)
3294 {
3295 subpage_writelen(opaque, addr, value, 2);
3296 }
3297
3298 static CPUReadMemoryFunc * const subpage_read[] = {
3299 &subpage_readb,
3300 &subpage_readw,
3301 &subpage_readl,
3302 };
3303
3304 static CPUWriteMemoryFunc * const subpage_write[] = {
3305 &subpage_writeb,
3306 &subpage_writew,
3307 &subpage_writel,
3308 };
3309
3310 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3311 ram_addr_t memory, ram_addr_t region_offset)
3312 {
3313 int idx, eidx;
3314
3315 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3316 return -1;
3317 idx = SUBPAGE_IDX(start);
3318 eidx = SUBPAGE_IDX(end);
3319 #if defined(DEBUG_SUBPAGE)
3320 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
3321 mmio, start, end, idx, eidx, memory);
3322 #endif
3323 if ((memory & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
3324 memory = IO_MEM_UNASSIGNED;
3325 memory = (memory >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3326 for (; idx <= eidx; idx++) {
3327 mmio->sub_io_index[idx] = memory;
3328 mmio->region_offset[idx] = region_offset;
3329 }
3330
3331 return 0;
3332 }
3333
3334 static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
3335 ram_addr_t orig_memory,
3336 ram_addr_t region_offset)
3337 {
3338 subpage_t *mmio;
3339 int subpage_memory;
3340
3341 mmio = qemu_mallocz(sizeof(subpage_t));
3342
3343 mmio->base = base;
3344 subpage_memory = cpu_register_io_memory(subpage_read, subpage_write, mmio);
3345 #if defined(DEBUG_SUBPAGE)
3346 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3347 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
3348 #endif
3349 *phys = subpage_memory | IO_MEM_SUBPAGE;
3350 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, orig_memory, region_offset);
3351
3352 return mmio;
3353 }
3354
3355 static int get_free_io_mem_idx(void)
3356 {
3357 int i;
3358
3359 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3360 if (!io_mem_used[i]) {
3361 io_mem_used[i] = 1;
3362 return i;
3363 }
3364 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
3365 return -1;
3366 }
3367
3368 /* mem_read and mem_write are arrays of functions containing the
3369 function to access byte (index 0), word (index 1) and dword (index
3370 2). Functions can be omitted with a NULL function pointer.
3371 If io_index is non zero, the corresponding io zone is
3372 modified. If it is zero, a new io zone is allocated. The return
3373 value can be used with cpu_register_physical_memory(). (-1) is
3374 returned if error. */
3375 static int cpu_register_io_memory_fixed(int io_index,
3376 CPUReadMemoryFunc * const *mem_read,
3377 CPUWriteMemoryFunc * const *mem_write,
3378 void *opaque)
3379 {
3380 int i;
3381
3382 if (io_index <= 0) {
3383 io_index = get_free_io_mem_idx();
3384 if (io_index == -1)
3385 return io_index;
3386 } else {
3387 io_index >>= IO_MEM_SHIFT;
3388 if (io_index >= IO_MEM_NB_ENTRIES)
3389 return -1;
3390 }
3391
3392 for (i = 0; i < 3; ++i) {
3393 io_mem_read[io_index][i]
3394 = (mem_read[i] ? mem_read[i] : unassigned_mem_read[i]);
3395 }
3396 for (i = 0; i < 3; ++i) {
3397 io_mem_write[io_index][i]
3398 = (mem_write[i] ? mem_write[i] : unassigned_mem_write[i]);
3399 }
3400 io_mem_opaque[io_index] = opaque;
3401
3402 return (io_index << IO_MEM_SHIFT);
3403 }
3404
3405 int cpu_register_io_memory(CPUReadMemoryFunc * const *mem_read,
3406 CPUWriteMemoryFunc * const *mem_write,
3407 void *opaque)
3408 {
3409 return cpu_register_io_memory_fixed(0, mem_read, mem_write, opaque);
3410 }
3411
3412 void cpu_unregister_io_memory(int io_table_address)
3413 {
3414 int i;
3415 int io_index = io_table_address >> IO_MEM_SHIFT;
3416
3417 for (i=0;i < 3; i++) {
3418 io_mem_read[io_index][i] = unassigned_mem_read[i];
3419 io_mem_write[io_index][i] = unassigned_mem_write[i];
3420 }
3421 io_mem_opaque[io_index] = NULL;
3422 io_mem_used[io_index] = 0;
3423 }
3424
3425 static void io_mem_init(void)
3426 {
3427 int i;
3428
3429 cpu_register_io_memory_fixed(IO_MEM_ROM, error_mem_read, unassigned_mem_write, NULL);
3430 cpu_register_io_memory_fixed(IO_MEM_UNASSIGNED, unassigned_mem_read, unassigned_mem_write, NULL);
3431 cpu_register_io_memory_fixed(IO_MEM_NOTDIRTY, error_mem_read, notdirty_mem_write, NULL);
3432 for (i=0; i<5; i++)
3433 io_mem_used[i] = 1;
3434
3435 io_mem_watch = cpu_register_io_memory(watch_mem_read,
3436 watch_mem_write, NULL);
3437 }
3438
3439 #endif /* !defined(CONFIG_USER_ONLY) */
3440
3441 /* physical memory access (slow version, mainly for debug) */
3442 #if defined(CONFIG_USER_ONLY)
3443 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3444 uint8_t *buf, int len, int is_write)
3445 {
3446 int l, flags;
3447 target_ulong page;
3448 void * p;
3449
3450 while (len > 0) {
3451 page = addr & TARGET_PAGE_MASK;
3452 l = (page + TARGET_PAGE_SIZE) - addr;
3453 if (l > len)
3454 l = len;
3455 flags = page_get_flags(page);
3456 if (!(flags & PAGE_VALID))
3457 return -1;
3458 if (is_write) {
3459 if (!(flags & PAGE_WRITE))
3460 return -1;
3461 /* XXX: this code should not depend on lock_user */
3462 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3463 return -1;
3464 memcpy(p, buf, l);
3465 unlock_user(p, addr, l);
3466 } else {
3467 if (!(flags & PAGE_READ))
3468 return -1;
3469 /* XXX: this code should not depend on lock_user */
3470 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3471 return -1;
3472 memcpy(buf, p, l);
3473 unlock_user(p, addr, 0);
3474 }
3475 len -= l;
3476 buf += l;
3477 addr += l;
3478 }
3479 return 0;
3480 }
3481
3482 #else
3483 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3484 int len, int is_write)
3485 {
3486 int l, io_index;
3487 uint8_t *ptr;
3488 uint32_t val;
3489 target_phys_addr_t page;
3490 unsigned long pd;
3491 PhysPageDesc *p;
3492
3493 while (len > 0) {
3494 page = addr & TARGET_PAGE_MASK;
3495 l = (page + TARGET_PAGE_SIZE) - addr;
3496 if (l > len)
3497 l = len;
3498 p = phys_page_find(page >> TARGET_PAGE_BITS);
3499 if (!p) {
3500 pd = IO_MEM_UNASSIGNED;
3501 } else {
3502 pd = p->phys_offset;
3503 }
3504
3505 if (is_write) {
3506 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3507 target_phys_addr_t addr1 = addr;
3508 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3509 if (p)
3510 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3511 /* XXX: could force cpu_single_env to NULL to avoid
3512 potential bugs */
3513 if (l >= 4 && ((addr1 & 3) == 0)) {
3514 /* 32 bit write access */
3515 val = ldl_p(buf);
3516 io_mem_write[io_index][2](io_mem_opaque[io_index], addr1, val);
3517 l = 4;
3518 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3519 /* 16 bit write access */
3520 val = lduw_p(buf);
3521 io_mem_write[io_index][1](io_mem_opaque[io_index], addr1, val);
3522 l = 2;
3523 } else {
3524 /* 8 bit write access */
3525 val = ldub_p(buf);
3526 io_mem_write[io_index][0](io_mem_opaque[io_index], addr1, val);
3527 l = 1;
3528 }
3529 } else {
3530 unsigned long addr1;
3531 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3532 /* RAM case */
3533 ptr = qemu_get_ram_ptr(addr1);
3534 memcpy(ptr, buf, l);
3535 if (!cpu_physical_memory_is_dirty(addr1)) {
3536 /* invalidate code */
3537 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3538 /* set dirty bit */
3539 cpu_physical_memory_set_dirty_flags(
3540 addr1, (0xff & ~CODE_DIRTY_FLAG));
3541 }
3542 /* qemu doesn't execute guest code directly, but kvm does
3543 therefore flush instruction caches */
3544 if (kvm_enabled())
3545 flush_icache_range((unsigned long)ptr,
3546 ((unsigned long)ptr)+l);
3547 }
3548 } else {
3549 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3550 !(pd & IO_MEM_ROMD)) {
3551 target_phys_addr_t addr1 = addr;
3552 /* I/O case */
3553 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3554 if (p)
3555 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3556 if (l >= 4 && ((addr1 & 3) == 0)) {
3557 /* 32 bit read access */
3558 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr1);
3559 stl_p(buf, val);
3560 l = 4;
3561 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3562 /* 16 bit read access */
3563 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr1);
3564 stw_p(buf, val);
3565 l = 2;
3566 } else {
3567 /* 8 bit read access */
3568 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr1);
3569 stb_p(buf, val);
3570 l = 1;
3571 }
3572 } else {
3573 /* RAM case */
3574 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3575 (addr & ~TARGET_PAGE_MASK);
3576 memcpy(buf, ptr, l);
3577 }
3578 }
3579 len -= l;
3580 buf += l;
3581 addr += l;
3582 }
3583 }
3584
3585 /* used for ROM loading : can write in RAM and ROM */
3586 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
3587 const uint8_t *buf, int len)
3588 {
3589 int l;
3590 uint8_t *ptr;
3591 target_phys_addr_t page;
3592 unsigned long pd;
3593 PhysPageDesc *p;
3594
3595 while (len > 0) {
3596 page = addr & TARGET_PAGE_MASK;
3597 l = (page + TARGET_PAGE_SIZE) - addr;
3598 if (l > len)
3599 l = len;
3600 p = phys_page_find(page >> TARGET_PAGE_BITS);
3601 if (!p) {
3602 pd = IO_MEM_UNASSIGNED;
3603 } else {
3604 pd = p->phys_offset;
3605 }
3606
3607 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
3608 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
3609 !(pd & IO_MEM_ROMD)) {
3610 /* do nothing */
3611 } else {
3612 unsigned long addr1;
3613 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3614 /* ROM/RAM case */
3615 ptr = qemu_get_ram_ptr(addr1);
3616 memcpy(ptr, buf, l);
3617 }
3618 len -= l;
3619 buf += l;
3620 addr += l;
3621 }
3622 }
3623
3624 typedef struct {
3625 void *buffer;
3626 target_phys_addr_t addr;
3627 target_phys_addr_t len;
3628 } BounceBuffer;
3629
3630 static BounceBuffer bounce;
3631
3632 typedef struct MapClient {
3633 void *opaque;
3634 void (*callback)(void *opaque);
3635 QLIST_ENTRY(MapClient) link;
3636 } MapClient;
3637
3638 static QLIST_HEAD(map_client_list, MapClient) map_client_list
3639 = QLIST_HEAD_INITIALIZER(map_client_list);
3640
3641 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3642 {
3643 MapClient *client = qemu_malloc(sizeof(*client));
3644
3645 client->opaque = opaque;
3646 client->callback = callback;
3647 QLIST_INSERT_HEAD(&map_client_list, client, link);
3648 return client;
3649 }
3650
3651 void cpu_unregister_map_client(void *_client)
3652 {
3653 MapClient *client = (MapClient *)_client;
3654
3655 QLIST_REMOVE(client, link);
3656 qemu_free(client);
3657 }
3658
3659 static void cpu_notify_map_clients(void)
3660 {
3661 MapClient *client;
3662
3663 while (!QLIST_EMPTY(&map_client_list)) {
3664 client = QLIST_FIRST(&map_client_list);
3665 client->callback(client->opaque);
3666 cpu_unregister_map_client(client);
3667 }
3668 }
3669
3670 /* Map a physical memory region into a host virtual address.
3671 * May map a subset of the requested range, given by and returned in *plen.
3672 * May return NULL if resources needed to perform the mapping are exhausted.
3673 * Use only for reads OR writes - not for read-modify-write operations.
3674 * Use cpu_register_map_client() to know when retrying the map operation is
3675 * likely to succeed.
3676 */
3677 void *cpu_physical_memory_map(target_phys_addr_t addr,
3678 target_phys_addr_t *plen,
3679 int is_write)
3680 {
3681 target_phys_addr_t len = *plen;
3682 target_phys_addr_t done = 0;
3683 int l;
3684 uint8_t *ret = NULL;
3685 uint8_t *ptr;
3686 target_phys_addr_t page;
3687 unsigned long pd;
3688 PhysPageDesc *p;
3689 unsigned long addr1;
3690
3691 while (len > 0) {
3692 page = addr & TARGET_PAGE_MASK;
3693 l = (page + TARGET_PAGE_SIZE) - addr;
3694 if (l > len)
3695 l = len;
3696 p = phys_page_find(page >> TARGET_PAGE_BITS);
3697 if (!p) {
3698 pd = IO_MEM_UNASSIGNED;
3699 } else {
3700 pd = p->phys_offset;
3701 }
3702
3703 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3704 if (done || bounce.buffer) {
3705 break;
3706 }
3707 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3708 bounce.addr = addr;
3709 bounce.len = l;
3710 if (!is_write) {
3711 cpu_physical_memory_rw(addr, bounce.buffer, l, 0);
3712 }
3713 ptr = bounce.buffer;
3714 } else {
3715 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3716 ptr = qemu_get_ram_ptr(addr1);
3717 }
3718 if (!done) {
3719 ret = ptr;
3720 } else if (ret + done != ptr) {
3721 break;
3722 }
3723
3724 len -= l;
3725 addr += l;
3726 done += l;
3727 }
3728 *plen = done;
3729 return ret;
3730 }
3731
3732 /* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3733 * Will also mark the memory as dirty if is_write == 1. access_len gives
3734 * the amount of memory that was actually read or written by the caller.
3735 */
3736 void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3737 int is_write, target_phys_addr_t access_len)
3738 {
3739 unsigned long flush_len = (unsigned long)access_len;
3740
3741 if (buffer != bounce.buffer) {
3742 if (is_write) {
3743 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
3744 while (access_len) {
3745 unsigned l;
3746 l = TARGET_PAGE_SIZE;
3747 if (l > access_len)
3748 l = access_len;
3749 if (!cpu_physical_memory_is_dirty(addr1)) {
3750 /* invalidate code */
3751 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3752 /* set dirty bit */
3753 cpu_physical_memory_set_dirty_flags(
3754 addr1, (0xff & ~CODE_DIRTY_FLAG));
3755 }
3756 addr1 += l;
3757 access_len -= l;
3758 }
3759 dma_flush_range((unsigned long)buffer,
3760 (unsigned long)buffer + flush_len);
3761 }
3762 return;
3763 }
3764 if (is_write) {
3765 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3766 }
3767 qemu_vfree(bounce.buffer);
3768 bounce.buffer = NULL;
3769 cpu_notify_map_clients();
3770 }
3771
3772 /* warning: addr must be aligned */
3773 uint32_t ldl_phys(target_phys_addr_t addr)
3774 {
3775 int io_index;
3776 uint8_t *ptr;
3777 uint32_t val;
3778 unsigned long pd;
3779 PhysPageDesc *p;
3780
3781 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3782 if (!p) {
3783 pd = IO_MEM_UNASSIGNED;
3784 } else {
3785 pd = p->phys_offset;
3786 }
3787
3788 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3789 !(pd & IO_MEM_ROMD)) {
3790 /* I/O case */
3791 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3792 if (p)
3793 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3794 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3795 } else {
3796 /* RAM case */
3797 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3798 (addr & ~TARGET_PAGE_MASK);
3799 val = ldl_p(ptr);
3800 }
3801 return val;
3802 }
3803
3804 /* warning: addr must be aligned */
3805 uint64_t ldq_phys(target_phys_addr_t addr)
3806 {
3807 int io_index;
3808 uint8_t *ptr;
3809 uint64_t val;
3810 unsigned long pd;
3811 PhysPageDesc *p;
3812
3813 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3814 if (!p) {
3815 pd = IO_MEM_UNASSIGNED;
3816 } else {
3817 pd = p->phys_offset;
3818 }
3819
3820 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3821 !(pd & IO_MEM_ROMD)) {
3822 /* I/O case */
3823 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3824 if (p)
3825 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3826 #ifdef TARGET_WORDS_BIGENDIAN
3827 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
3828 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
3829 #else
3830 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3831 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
3832 #endif
3833 } else {
3834 /* RAM case */
3835 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3836 (addr & ~TARGET_PAGE_MASK);
3837 val = ldq_p(ptr);
3838 }
3839 return val;
3840 }
3841
3842 /* XXX: optimize */
3843 uint32_t ldub_phys(target_phys_addr_t addr)
3844 {
3845 uint8_t val;
3846 cpu_physical_memory_read(addr, &val, 1);
3847 return val;
3848 }
3849
3850 /* warning: addr must be aligned */
3851 uint32_t lduw_phys(target_phys_addr_t addr)
3852 {
3853 int io_index;
3854 uint8_t *ptr;
3855 uint64_t val;
3856 unsigned long pd;
3857 PhysPageDesc *p;
3858
3859 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3860 if (!p) {
3861 pd = IO_MEM_UNASSIGNED;
3862 } else {
3863 pd = p->phys_offset;
3864 }
3865
3866 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3867 !(pd & IO_MEM_ROMD)) {
3868 /* I/O case */
3869 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3870 if (p)
3871 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3872 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr);
3873 } else {
3874 /* RAM case */
3875 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3876 (addr & ~TARGET_PAGE_MASK);
3877 val = lduw_p(ptr);
3878 }
3879 return val;
3880 }
3881
3882 /* warning: addr must be aligned. The ram page is not masked as dirty
3883 and the code inside is not invalidated. It is useful if the dirty
3884 bits are used to track modified PTEs */
3885 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
3886 {
3887 int io_index;
3888 uint8_t *ptr;
3889 unsigned long pd;
3890 PhysPageDesc *p;
3891
3892 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3893 if (!p) {
3894 pd = IO_MEM_UNASSIGNED;
3895 } else {
3896 pd = p->phys_offset;
3897 }
3898
3899 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3900 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3901 if (p)
3902 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3903 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3904 } else {
3905 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3906 ptr = qemu_get_ram_ptr(addr1);
3907 stl_p(ptr, val);
3908
3909 if (unlikely(in_migration)) {
3910 if (!cpu_physical_memory_is_dirty(addr1)) {
3911 /* invalidate code */
3912 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3913 /* set dirty bit */
3914 cpu_physical_memory_set_dirty_flags(
3915 addr1, (0xff & ~CODE_DIRTY_FLAG));
3916 }
3917 }
3918 }
3919 }
3920
3921 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
3922 {
3923 int io_index;
3924 uint8_t *ptr;
3925 unsigned long pd;
3926 PhysPageDesc *p;
3927
3928 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3929 if (!p) {
3930 pd = IO_MEM_UNASSIGNED;
3931 } else {
3932 pd = p->phys_offset;
3933 }
3934
3935 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3936 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3937 if (p)
3938 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3939 #ifdef TARGET_WORDS_BIGENDIAN
3940 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
3941 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
3942 #else
3943 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3944 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
3945 #endif
3946 } else {
3947 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3948 (addr & ~TARGET_PAGE_MASK);
3949 stq_p(ptr, val);
3950 }
3951 }
3952
3953 /* warning: addr must be aligned */
3954 void stl_phys(target_phys_addr_t addr, uint32_t val)
3955 {
3956 int io_index;
3957 uint8_t *ptr;
3958 unsigned long pd;
3959 PhysPageDesc *p;
3960
3961 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3962 if (!p) {
3963 pd = IO_MEM_UNASSIGNED;
3964 } else {
3965 pd = p->phys_offset;
3966 }
3967
3968 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3969 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3970 if (p)
3971 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3972 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3973 } else {
3974 unsigned long addr1;
3975 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3976 /* RAM case */
3977 ptr = qemu_get_ram_ptr(addr1);
3978 stl_p(ptr, val);
3979 if (!cpu_physical_memory_is_dirty(addr1)) {
3980 /* invalidate code */
3981 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3982 /* set dirty bit */
3983 cpu_physical_memory_set_dirty_flags(addr1,
3984 (0xff & ~CODE_DIRTY_FLAG));
3985 }
3986 }
3987 }
3988
3989 /* XXX: optimize */
3990 void stb_phys(target_phys_addr_t addr, uint32_t val)
3991 {
3992 uint8_t v = val;
3993 cpu_physical_memory_write(addr, &v, 1);
3994 }
3995
3996 /* warning: addr must be aligned */
3997 void stw_phys(target_phys_addr_t addr, uint32_t val)
3998 {
3999 int io_index;
4000 uint8_t *ptr;
4001 unsigned long pd;
4002 PhysPageDesc *p;
4003
4004 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4005 if (!p) {
4006 pd = IO_MEM_UNASSIGNED;
4007 } else {
4008 pd = p->phys_offset;
4009 }
4010
4011 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4012 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4013 if (p)
4014 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4015 io_mem_write[io_index][1](io_mem_opaque[io_index], addr, val);
4016 } else {
4017 unsigned long addr1;
4018 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4019 /* RAM case */
4020 ptr = qemu_get_ram_ptr(addr1);
4021 stw_p(ptr, val);
4022 if (!cpu_physical_memory_is_dirty(addr1)) {
4023 /* invalidate code */
4024 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4025 /* set dirty bit */
4026 cpu_physical_memory_set_dirty_flags(addr1,
4027 (0xff & ~CODE_DIRTY_FLAG));
4028 }
4029 }
4030 }
4031
4032 /* XXX: optimize */
4033 void stq_phys(target_phys_addr_t addr, uint64_t val)
4034 {
4035 val = tswap64(val);
4036 cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
4037 }
4038
4039 /* virtual memory access for debug (includes writing to ROM) */
4040 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
4041 uint8_t *buf, int len, int is_write)
4042 {
4043 int l;
4044 target_phys_addr_t phys_addr;
4045 target_ulong page;
4046
4047 while (len > 0) {
4048 page = addr & TARGET_PAGE_MASK;
4049 phys_addr = cpu_get_phys_page_debug(env, page);
4050 /* if no physical page mapped, return an error */
4051 if (phys_addr == -1)
4052 return -1;
4053 l = (page + TARGET_PAGE_SIZE) - addr;
4054 if (l > len)
4055 l = len;
4056 phys_addr += (addr & ~TARGET_PAGE_MASK);
4057 if (is_write)
4058 cpu_physical_memory_write_rom(phys_addr, buf, l);
4059 else
4060 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
4061 len -= l;
4062 buf += l;
4063 addr += l;
4064 }
4065 return 0;
4066 }
4067 #endif
4068
4069 /* in deterministic execution mode, instructions doing device I/Os
4070 must be at the end of the TB */
4071 void cpu_io_recompile(CPUState *env, void *retaddr)
4072 {
4073 TranslationBlock *tb;
4074 uint32_t n, cflags;
4075 target_ulong pc, cs_base;
4076 uint64_t flags;
4077
4078 tb = tb_find_pc((unsigned long)retaddr);
4079 if (!tb) {
4080 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4081 retaddr);
4082 }
4083 n = env->icount_decr.u16.low + tb->icount;
4084 cpu_restore_state(tb, env, (unsigned long)retaddr, NULL);
4085 /* Calculate how many instructions had been executed before the fault
4086 occurred. */
4087 n = n - env->icount_decr.u16.low;
4088 /* Generate a new TB ending on the I/O insn. */
4089 n++;
4090 /* On MIPS and SH, delay slot instructions can only be restarted if
4091 they were already the first instruction in the TB. If this is not
4092 the first instruction in a TB then re-execute the preceding
4093 branch. */
4094 #if defined(TARGET_MIPS)
4095 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4096 env->active_tc.PC -= 4;
4097 env->icount_decr.u16.low++;
4098 env->hflags &= ~MIPS_HFLAG_BMASK;
4099 }
4100 #elif defined(TARGET_SH4)
4101 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4102 && n > 1) {
4103 env->pc -= 2;
4104 env->icount_decr.u16.low++;
4105 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4106 }
4107 #endif
4108 /* This should never happen. */
4109 if (n > CF_COUNT_MASK)
4110 cpu_abort(env, "TB too big during recompile");
4111
4112 cflags = n | CF_LAST_IO;
4113 pc = tb->pc;
4114 cs_base = tb->cs_base;
4115 flags = tb->flags;
4116 tb_phys_invalidate(tb, -1);
4117 /* FIXME: In theory this could raise an exception. In practice
4118 we have already translated the block once so it's probably ok. */
4119 tb_gen_code(env, pc, cs_base, flags, cflags);
4120 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
4121 the first in the TB) then we end up generating a whole new TB and
4122 repeating the fault, which is horribly inefficient.
4123 Better would be to execute just this insn uncached, or generate a
4124 second new TB. */
4125 cpu_resume_from_signal(env, NULL);
4126 }
4127
4128 #if !defined(CONFIG_USER_ONLY)
4129
4130 void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
4131 {
4132 int i, target_code_size, max_target_code_size;
4133 int direct_jmp_count, direct_jmp2_count, cross_page;
4134 TranslationBlock *tb;
4135
4136 target_code_size = 0;
4137 max_target_code_size = 0;
4138 cross_page = 0;
4139 direct_jmp_count = 0;
4140 direct_jmp2_count = 0;
4141 for(i = 0; i < nb_tbs; i++) {
4142 tb = &tbs[i];
4143 target_code_size += tb->size;
4144 if (tb->size > max_target_code_size)
4145 max_target_code_size = tb->size;
4146 if (tb->page_addr[1] != -1)
4147 cross_page++;
4148 if (tb->tb_next_offset[0] != 0xffff) {
4149 direct_jmp_count++;
4150 if (tb->tb_next_offset[1] != 0xffff) {
4151 direct_jmp2_count++;
4152 }
4153 }
4154 }
4155 /* XXX: avoid using doubles ? */
4156 cpu_fprintf(f, "Translation buffer state:\n");
4157 cpu_fprintf(f, "gen code size %td/%ld\n",
4158 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4159 cpu_fprintf(f, "TB count %d/%d\n",
4160 nb_tbs, code_gen_max_blocks);
4161 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
4162 nb_tbs ? target_code_size / nb_tbs : 0,
4163 max_target_code_size);
4164 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
4165 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4166 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
4167 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4168 cross_page,
4169 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4170 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
4171 direct_jmp_count,
4172 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4173 direct_jmp2_count,
4174 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
4175 cpu_fprintf(f, "\nStatistics:\n");
4176 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4177 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4178 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
4179 #ifdef CONFIG_PROFILER
4180 tcg_dump_info(f, cpu_fprintf);
4181 #endif
4182 }
4183
4184 #define MMUSUFFIX _cmmu
4185 #define GETPC() NULL
4186 #define env cpu_single_env
4187 #define SOFTMMU_CODE_ACCESS
4188
4189 #define SHIFT 0
4190 #include "softmmu_template.h"
4191
4192 #define SHIFT 1
4193 #include "softmmu_template.h"
4194
4195 #define SHIFT 2
4196 #include "softmmu_template.h"
4197
4198 #define SHIFT 3
4199 #include "softmmu_template.h"
4200
4201 #undef env
4202
4203 #endif
Stefan Hajnoczi's qemu-kvm.git repo