search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
linux-user: Use h2g_valid in qemu_vmalloc.
[qemu/aliguori-queue.git] / exec.c
blob431f5b2976d0e67544715e2e54a00813eef3a30a
1 /*
2 * virtual page mapping and translated block handling
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifdef _WIN32
21 #include <windows.h>
22 #else
23 #include <sys/types.h>
24 #include <sys/mman.h>
25 #endif
26 #include <stdlib.h>
27 #include <stdio.h>
28 #include <stdarg.h>
29 #include <string.h>
30 #include <errno.h>
31 #include <unistd.h>
32 #include <inttypes.h>
33
34 #include "cpu.h"
35 #include "exec-all.h"
36 #include "qemu-common.h"
37 #include "tcg.h"
38 #include "hw/hw.h"
39 #include "osdep.h"
40 #include "kvm.h"
41 #if defined(CONFIG_USER_ONLY)
42 #include <qemu.h>
43 #include <signal.h>
44 #endif
45
46 //#define DEBUG_TB_INVALIDATE
47 //#define DEBUG_FLUSH
48 //#define DEBUG_TLB
49 //#define DEBUG_UNASSIGNED
50
51 /* make various TB consistency checks */
52 //#define DEBUG_TB_CHECK
53 //#define DEBUG_TLB_CHECK
54
55 //#define DEBUG_IOPORT
56 //#define DEBUG_SUBPAGE
57
58 #if !defined(CONFIG_USER_ONLY)
59 /* TB consistency checks only implemented for usermode emulation. */
60 #undef DEBUG_TB_CHECK
61 #endif
62
63 #define SMC_BITMAP_USE_THRESHOLD 10
64
65 static TranslationBlock *tbs;
66 int code_gen_max_blocks;
67 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
68 static int nb_tbs;
69 /* any access to the tbs or the page table must use this lock */
70 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
71
72 #if defined(__arm__) || defined(__sparc_v9__)
73 /* The prologue must be reachable with a direct jump. ARM and Sparc64
74 have limited branch ranges (possibly also PPC) so place it in a
75 section close to code segment. */
76 #define code_gen_section \
77 __attribute__((__section__(".gen_code"))) \
78 __attribute__((aligned (32)))
79 #elif defined(_WIN32)
80 /* Maximum alignment for Win32 is 16. */
81 #define code_gen_section \
82 __attribute__((aligned (16)))
83 #else
84 #define code_gen_section \
85 __attribute__((aligned (32)))
86 #endif
87
88 uint8_t code_gen_prologue[1024] code_gen_section;
89 static uint8_t *code_gen_buffer;
90 static unsigned long code_gen_buffer_size;
91 /* threshold to flush the translated code buffer */
92 static unsigned long code_gen_buffer_max_size;
93 uint8_t *code_gen_ptr;
94
95 #if !defined(CONFIG_USER_ONLY)
96 int phys_ram_fd;
97 uint8_t *phys_ram_dirty;
98 static int in_migration;
99
100 typedef struct RAMBlock {
101 uint8_t *host;
102 ram_addr_t offset;
103 ram_addr_t length;
104 struct RAMBlock *next;
105 } RAMBlock;
106
107 static RAMBlock *ram_blocks;
108 /* TODO: When we implement (and use) ram deallocation (e.g. for hotplug)
109 then we can no longer assume contiguous ram offsets, and external uses
110 of this variable will break. */
111 ram_addr_t last_ram_offset;
112 #endif
113
114 CPUState *first_cpu;
115 /* current CPU in the current thread. It is only valid inside
116 cpu_exec() */
117 CPUState *cpu_single_env;
118 /* 0 = Do not count executed instructions.
119 1 = Precise instruction counting.
120 2 = Adaptive rate instruction counting. */
121 int use_icount = 0;
122 /* Current instruction counter. While executing translated code this may
123 include some instructions that have not yet been executed. */
124 int64_t qemu_icount;
125
126 typedef struct PageDesc {
127 /* list of TBs intersecting this ram page */
128 TranslationBlock *first_tb;
129 /* in order to optimize self modifying code, we count the number
130 of lookups we do to a given page to use a bitmap */
131 unsigned int code_write_count;
132 uint8_t *code_bitmap;
133 #if defined(CONFIG_USER_ONLY)
134 unsigned long flags;
135 #endif
136 } PageDesc;
137
138 typedef struct PhysPageDesc {
139 /* offset in host memory of the page + io_index in the low bits */
140 ram_addr_t phys_offset;
141 ram_addr_t region_offset;
142 } PhysPageDesc;
143
144 #define L2_BITS 10
145 #if defined(CONFIG_USER_ONLY) && defined(TARGET_VIRT_ADDR_SPACE_BITS)
146 /* XXX: this is a temporary hack for alpha target.
147 * In the future, this is to be replaced by a multi-level table
148 * to actually be able to handle the complete 64 bits address space.
149 */
150 #define L1_BITS (TARGET_VIRT_ADDR_SPACE_BITS - L2_BITS - TARGET_PAGE_BITS)
151 #else
152 #define L1_BITS (32 - L2_BITS - TARGET_PAGE_BITS)
153 #endif
154
155 #define L1_SIZE (1 << L1_BITS)
156 #define L2_SIZE (1 << L2_BITS)
157
158 unsigned long qemu_real_host_page_size;
159 unsigned long qemu_host_page_bits;
160 unsigned long qemu_host_page_size;
161 unsigned long qemu_host_page_mask;
162
163 /* XXX: for system emulation, it could just be an array */
164 static PageDesc *l1_map[L1_SIZE];
165
166 #if !defined(CONFIG_USER_ONLY)
167 static PhysPageDesc **l1_phys_map;
168
169 static void io_mem_init(void);
170
171 /* io memory support */
172 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
173 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
174 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
175 static char io_mem_used[IO_MEM_NB_ENTRIES];
176 static int io_mem_watch;
177 #endif
178
179 /* log support */
180 #ifdef WIN32
181 static const char *logfilename = "qemu.log";
182 #else
183 static const char *logfilename = "/tmp/qemu.log";
184 #endif
185 FILE *logfile;
186 int loglevel;
187 static int log_append = 0;
188
189 /* statistics */
190 static int tlb_flush_count;
191 static int tb_flush_count;
192 static int tb_phys_invalidate_count;
193
194 #ifdef _WIN32
195 static void map_exec(void *addr, long size)
196 {
197 DWORD old_protect;
198 VirtualProtect(addr, size,
199 PAGE_EXECUTE_READWRITE, &old_protect);
200
201 }
202 #else
203 static void map_exec(void *addr, long size)
204 {
205 unsigned long start, end, page_size;
206
207 page_size = getpagesize();
208 start = (unsigned long)addr;
209 start &= ~(page_size - 1);
210
211 end = (unsigned long)addr + size;
212 end += page_size - 1;
213 end &= ~(page_size - 1);
214
215 mprotect((void *)start, end - start,
216 PROT_READ | PROT_WRITE | PROT_EXEC);
217 }
218 #endif
219
220 static void page_init(void)
221 {
222 /* NOTE: we can always suppose that qemu_host_page_size >=
223 TARGET_PAGE_SIZE */
224 #ifdef _WIN32
225 {
226 SYSTEM_INFO system_info;
227
228 GetSystemInfo(&system_info);
229 qemu_real_host_page_size = system_info.dwPageSize;
230 }
231 #else
232 qemu_real_host_page_size = getpagesize();
233 #endif
234 if (qemu_host_page_size == 0)
235 qemu_host_page_size = qemu_real_host_page_size;
236 if (qemu_host_page_size < TARGET_PAGE_SIZE)
237 qemu_host_page_size = TARGET_PAGE_SIZE;
238 qemu_host_page_bits = 0;
239 while ((1 << qemu_host_page_bits) < qemu_host_page_size)
240 qemu_host_page_bits++;
241 qemu_host_page_mask = ~(qemu_host_page_size - 1);
242 #if !defined(CONFIG_USER_ONLY)
243 l1_phys_map = qemu_vmalloc(L1_SIZE * sizeof(void *));
244 memset(l1_phys_map, 0, L1_SIZE * sizeof(void *));
245 #endif
246
247 #if !defined(_WIN32) && defined(CONFIG_USER_ONLY)
248 {
249 long long startaddr, endaddr;
250 FILE *f;
251 int n;
252
253 mmap_lock();
254 last_brk = (unsigned long)sbrk(0);
255 f = fopen("/proc/self/maps", "r");
256 if (f) {
257 do {
258 n = fscanf (f, "%llx-%llx %*[^\n]\n", &startaddr, &endaddr);
259 if (n == 2) {
260 startaddr = MIN(startaddr,
261 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
262 endaddr = MIN(endaddr,
263 (1ULL << TARGET_PHYS_ADDR_SPACE_BITS) - 1);
264 page_set_flags(startaddr & TARGET_PAGE_MASK,
265 TARGET_PAGE_ALIGN(endaddr),
266 PAGE_RESERVED);
267 }
268 } while (!feof(f));
269 fclose(f);
270 }
271 mmap_unlock();
272 }
273 #endif
274 }
275
276 static inline PageDesc **page_l1_map(target_ulong index)
277 {
278 #if TARGET_LONG_BITS > 32
279 /* Host memory outside guest VM. For 32-bit targets we have already
280 excluded high addresses. */
281 if (index > ((target_ulong)L2_SIZE * L1_SIZE))
282 return NULL;
283 #endif
284 return &l1_map[index >> L2_BITS];
285 }
286
287 static inline PageDesc *page_find_alloc(target_ulong index)
288 {
289 PageDesc **lp, *p;
290 lp = page_l1_map(index);
291 if (!lp)
292 return NULL;
293
294 p = *lp;
295 if (!p) {
296 /* allocate if not found */
297 #if defined(CONFIG_USER_ONLY)
298 size_t len = sizeof(PageDesc) * L2_SIZE;
299 /* Don't use qemu_malloc because it may recurse. */
300 p = mmap(NULL, len, PROT_READ | PROT_WRITE,
301 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
302 *lp = p;
303 if (h2g_valid(p)) {
304 unsigned long addr = h2g(p);
305 page_set_flags(addr & TARGET_PAGE_MASK,
306 TARGET_PAGE_ALIGN(addr + len),
307 PAGE_RESERVED);
308 }
309 #else
310 p = qemu_mallocz(sizeof(PageDesc) * L2_SIZE);
311 *lp = p;
312 #endif
313 }
314 return p + (index & (L2_SIZE - 1));
315 }
316
317 static inline PageDesc *page_find(target_ulong index)
318 {
319 PageDesc **lp, *p;
320 lp = page_l1_map(index);
321 if (!lp)
322 return NULL;
323
324 p = *lp;
325 if (!p) {
326 return NULL;
327 }
328 return p + (index & (L2_SIZE - 1));
329 }
330
331 #if !defined(CONFIG_USER_ONLY)
332 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
333 {
334 void **lp, **p;
335 PhysPageDesc *pd;
336
337 p = (void **)l1_phys_map;
338 #if TARGET_PHYS_ADDR_SPACE_BITS > 32
339
340 #if TARGET_PHYS_ADDR_SPACE_BITS > (32 + L1_BITS)
341 #error unsupported TARGET_PHYS_ADDR_SPACE_BITS
342 #endif
343 lp = p + ((index >> (L1_BITS + L2_BITS)) & (L1_SIZE - 1));
344 p = *lp;
345 if (!p) {
346 /* allocate if not found */
347 if (!alloc)
348 return NULL;
349 p = qemu_vmalloc(sizeof(void *) * L1_SIZE);
350 memset(p, 0, sizeof(void *) * L1_SIZE);
351 *lp = p;
352 }
353 #endif
354 lp = p + ((index >> L2_BITS) & (L1_SIZE - 1));
355 pd = *lp;
356 if (!pd) {
357 int i;
358 /* allocate if not found */
359 if (!alloc)
360 return NULL;
361 pd = qemu_vmalloc(sizeof(PhysPageDesc) * L2_SIZE);
362 *lp = pd;
363 for (i = 0; i < L2_SIZE; i++) {
364 pd[i].phys_offset = IO_MEM_UNASSIGNED;
365 pd[i].region_offset = (index + i) << TARGET_PAGE_BITS;
366 }
367 }
368 return ((PhysPageDesc *)pd) + (index & (L2_SIZE - 1));
369 }
370
371 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
372 {
373 return phys_page_find_alloc(index, 0);
374 }
375
376 static void tlb_protect_code(ram_addr_t ram_addr);
377 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
378 target_ulong vaddr);
379 #define mmap_lock() do { } while(0)
380 #define mmap_unlock() do { } while(0)
381 #endif
382
383 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
384
385 #if defined(CONFIG_USER_ONLY)
386 /* Currently it is not recommended to allocate big chunks of data in
387 user mode. It will change when a dedicated libc will be used */
388 #define USE_STATIC_CODE_GEN_BUFFER
389 #endif
390
391 #ifdef USE_STATIC_CODE_GEN_BUFFER
392 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE];
393 #endif
394
395 static void code_gen_alloc(unsigned long tb_size)
396 {
397 #ifdef USE_STATIC_CODE_GEN_BUFFER
398 code_gen_buffer = static_code_gen_buffer;
399 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
400 map_exec(code_gen_buffer, code_gen_buffer_size);
401 #else
402 code_gen_buffer_size = tb_size;
403 if (code_gen_buffer_size == 0) {
404 #if defined(CONFIG_USER_ONLY)
405 /* in user mode, phys_ram_size is not meaningful */
406 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
407 #else
408 /* XXX: needs adjustments */
409 code_gen_buffer_size = (unsigned long)(ram_size / 4);
410 #endif
411 }
412 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
413 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
414 /* The code gen buffer location may have constraints depending on
415 the host cpu and OS */
416 #if defined(__linux__)
417 {
418 int flags;
419 void *start = NULL;
420
421 flags = MAP_PRIVATE | MAP_ANONYMOUS;
422 #if defined(__x86_64__)
423 flags |= MAP_32BIT;
424 /* Cannot map more than that */
425 if (code_gen_buffer_size > (800 * 1024 * 1024))
426 code_gen_buffer_size = (800 * 1024 * 1024);
427 #elif defined(__sparc_v9__)
428 // Map the buffer below 2G, so we can use direct calls and branches
429 flags |= MAP_FIXED;
430 start = (void *) 0x60000000UL;
431 if (code_gen_buffer_size > (512 * 1024 * 1024))
432 code_gen_buffer_size = (512 * 1024 * 1024);
433 #elif defined(__arm__)
434 /* Map the buffer below 32M, so we can use direct calls and branches */
435 flags |= MAP_FIXED;
436 start = (void *) 0x01000000UL;
437 if (code_gen_buffer_size > 16 * 1024 * 1024)
438 code_gen_buffer_size = 16 * 1024 * 1024;
439 #endif
440 code_gen_buffer = mmap(start, code_gen_buffer_size,
441 PROT_WRITE | PROT_READ | PROT_EXEC,
442 flags, -1, 0);
443 if (code_gen_buffer == MAP_FAILED) {
444 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
445 exit(1);
446 }
447 }
448 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__)
449 {
450 int flags;
451 void *addr = NULL;
452 flags = MAP_PRIVATE | MAP_ANONYMOUS;
453 #if defined(__x86_64__)
454 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
455 * 0x40000000 is free */
456 flags |= MAP_FIXED;
457 addr = (void *)0x40000000;
458 /* Cannot map more than that */
459 if (code_gen_buffer_size > (800 * 1024 * 1024))
460 code_gen_buffer_size = (800 * 1024 * 1024);
461 #endif
462 code_gen_buffer = mmap(addr, code_gen_buffer_size,
463 PROT_WRITE | PROT_READ | PROT_EXEC,
464 flags, -1, 0);
465 if (code_gen_buffer == MAP_FAILED) {
466 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
467 exit(1);
468 }
469 }
470 #else
471 code_gen_buffer = qemu_malloc(code_gen_buffer_size);
472 map_exec(code_gen_buffer, code_gen_buffer_size);
473 #endif
474 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
475 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
476 code_gen_buffer_max_size = code_gen_buffer_size -
477 code_gen_max_block_size();
478 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
479 tbs = qemu_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
480 }
481
482 /* Must be called before using the QEMU cpus. 'tb_size' is the size
483 (in bytes) allocated to the translation buffer. Zero means default
484 size. */
485 void cpu_exec_init_all(unsigned long tb_size)
486 {
487 cpu_gen_init();
488 code_gen_alloc(tb_size);
489 code_gen_ptr = code_gen_buffer;
490 page_init();
491 #if !defined(CONFIG_USER_ONLY)
492 io_mem_init();
493 #endif
494 }
495
496 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
497
498 static int cpu_common_post_load(void *opaque, int version_id)
499 {
500 CPUState *env = opaque;
501
502 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
503 version_id is increased. */
504 env->interrupt_request &= ~0x01;
505 tlb_flush(env, 1);
506
507 return 0;
508 }
509
510 static const VMStateDescription vmstate_cpu_common = {
511 .name = "cpu_common",
512 .version_id = 1,
513 .minimum_version_id = 1,
514 .minimum_version_id_old = 1,
515 .post_load = cpu_common_post_load,
516 .fields = (VMStateField []) {
517 VMSTATE_UINT32(halted, CPUState),
518 VMSTATE_UINT32(interrupt_request, CPUState),
519 VMSTATE_END_OF_LIST()
520 }
521 };
522 #endif
523
524 CPUState *qemu_get_cpu(int cpu)
525 {
526 CPUState *env = first_cpu;
527
528 while (env) {
529 if (env->cpu_index == cpu)
530 break;
531 env = env->next_cpu;
532 }
533
534 return env;
535 }
536
537 void cpu_exec_init(CPUState *env)
538 {
539 CPUState **penv;
540 int cpu_index;
541
542 #if defined(CONFIG_USER_ONLY)
543 cpu_list_lock();
544 #endif
545 env->next_cpu = NULL;
546 penv = &first_cpu;
547 cpu_index = 0;
548 while (*penv != NULL) {
549 penv = &(*penv)->next_cpu;
550 cpu_index++;
551 }
552 env->cpu_index = cpu_index;
553 env->numa_node = 0;
554 QTAILQ_INIT(&env->breakpoints);
555 QTAILQ_INIT(&env->watchpoints);
556 *penv = env;
557 #if defined(CONFIG_USER_ONLY)
558 cpu_list_unlock();
559 #endif
560 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
561 vmstate_register(cpu_index, &vmstate_cpu_common, env);
562 register_savevm("cpu", cpu_index, CPU_SAVE_VERSION,
563 cpu_save, cpu_load, env);
564 #endif
565 }
566
567 static inline void invalidate_page_bitmap(PageDesc *p)
568 {
569 if (p->code_bitmap) {
570 qemu_free(p->code_bitmap);
571 p->code_bitmap = NULL;
572 }
573 p->code_write_count = 0;
574 }
575
576 /* set to NULL all the 'first_tb' fields in all PageDescs */
577 static void page_flush_tb(void)
578 {
579 int i, j;
580 PageDesc *p;
581
582 for(i = 0; i < L1_SIZE; i++) {
583 p = l1_map[i];
584 if (p) {
585 for(j = 0; j < L2_SIZE; j++) {
586 p->first_tb = NULL;
587 invalidate_page_bitmap(p);
588 p++;
589 }
590 }
591 }
592 }
593
594 /* flush all the translation blocks */
595 /* XXX: tb_flush is currently not thread safe */
596 void tb_flush(CPUState *env1)
597 {
598 CPUState *env;
599 #if defined(DEBUG_FLUSH)
600 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
601 (unsigned long)(code_gen_ptr - code_gen_buffer),
602 nb_tbs, nb_tbs > 0 ?
603 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
604 #endif
605 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
606 cpu_abort(env1, "Internal error: code buffer overflow\n");
607
608 nb_tbs = 0;
609
610 for(env = first_cpu; env != NULL; env = env->next_cpu) {
611 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
612 }
613
614 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
615 page_flush_tb();
616
617 code_gen_ptr = code_gen_buffer;
618 /* XXX: flush processor icache at this point if cache flush is
619 expensive */
620 tb_flush_count++;
621 }
622
623 #ifdef DEBUG_TB_CHECK
624
625 static void tb_invalidate_check(target_ulong address)
626 {
627 TranslationBlock *tb;
628 int i;
629 address &= TARGET_PAGE_MASK;
630 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
631 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
632 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
633 address >= tb->pc + tb->size)) {
634 printf("ERROR invalidate: address=" TARGET_FMT_lx
635 " PC=%08lx size=%04x\n",
636 address, (long)tb->pc, tb->size);
637 }
638 }
639 }
640 }
641
642 /* verify that all the pages have correct rights for code */
643 static void tb_page_check(void)
644 {
645 TranslationBlock *tb;
646 int i, flags1, flags2;
647
648 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
649 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
650 flags1 = page_get_flags(tb->pc);
651 flags2 = page_get_flags(tb->pc + tb->size - 1);
652 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
653 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
654 (long)tb->pc, tb->size, flags1, flags2);
655 }
656 }
657 }
658 }
659
660 #endif
661
662 /* invalidate one TB */
663 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
664 int next_offset)
665 {
666 TranslationBlock *tb1;
667 for(;;) {
668 tb1 = *ptb;
669 if (tb1 == tb) {
670 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
671 break;
672 }
673 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
674 }
675 }
676
677 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
678 {
679 TranslationBlock *tb1;
680 unsigned int n1;
681
682 for(;;) {
683 tb1 = *ptb;
684 n1 = (long)tb1 & 3;
685 tb1 = (TranslationBlock *)((long)tb1 & ~3);
686 if (tb1 == tb) {
687 *ptb = tb1->page_next[n1];
688 break;
689 }
690 ptb = &tb1->page_next[n1];
691 }
692 }
693
694 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
695 {
696 TranslationBlock *tb1, **ptb;
697 unsigned int n1;
698
699 ptb = &tb->jmp_next[n];
700 tb1 = *ptb;
701 if (tb1) {
702 /* find tb(n) in circular list */
703 for(;;) {
704 tb1 = *ptb;
705 n1 = (long)tb1 & 3;
706 tb1 = (TranslationBlock *)((long)tb1 & ~3);
707 if (n1 == n && tb1 == tb)
708 break;
709 if (n1 == 2) {
710 ptb = &tb1->jmp_first;
711 } else {
712 ptb = &tb1->jmp_next[n1];
713 }
714 }
715 /* now we can suppress tb(n) from the list */
716 *ptb = tb->jmp_next[n];
717
718 tb->jmp_next[n] = NULL;
719 }
720 }
721
722 /* reset the jump entry 'n' of a TB so that it is not chained to
723 another TB */
724 static inline void tb_reset_jump(TranslationBlock *tb, int n)
725 {
726 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
727 }
728
729 void tb_phys_invalidate(TranslationBlock *tb, target_ulong page_addr)
730 {
731 CPUState *env;
732 PageDesc *p;
733 unsigned int h, n1;
734 target_phys_addr_t phys_pc;
735 TranslationBlock *tb1, *tb2;
736
737 /* remove the TB from the hash list */
738 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
739 h = tb_phys_hash_func(phys_pc);
740 tb_remove(&tb_phys_hash[h], tb,
741 offsetof(TranslationBlock, phys_hash_next));
742
743 /* remove the TB from the page list */
744 if (tb->page_addr[0] != page_addr) {
745 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
746 tb_page_remove(&p->first_tb, tb);
747 invalidate_page_bitmap(p);
748 }
749 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
750 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
751 tb_page_remove(&p->first_tb, tb);
752 invalidate_page_bitmap(p);
753 }
754
755 tb_invalidated_flag = 1;
756
757 /* remove the TB from the hash list */
758 h = tb_jmp_cache_hash_func(tb->pc);
759 for(env = first_cpu; env != NULL; env = env->next_cpu) {
760 if (env->tb_jmp_cache[h] == tb)
761 env->tb_jmp_cache[h] = NULL;
762 }
763
764 /* suppress this TB from the two jump lists */
765 tb_jmp_remove(tb, 0);
766 tb_jmp_remove(tb, 1);
767
768 /* suppress any remaining jumps to this TB */
769 tb1 = tb->jmp_first;
770 for(;;) {
771 n1 = (long)tb1 & 3;
772 if (n1 == 2)
773 break;
774 tb1 = (TranslationBlock *)((long)tb1 & ~3);
775 tb2 = tb1->jmp_next[n1];
776 tb_reset_jump(tb1, n1);
777 tb1->jmp_next[n1] = NULL;
778 tb1 = tb2;
779 }
780 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
781
782 tb_phys_invalidate_count++;
783 }
784
785 static inline void set_bits(uint8_t *tab, int start, int len)
786 {
787 int end, mask, end1;
788
789 end = start + len;
790 tab += start >> 3;
791 mask = 0xff << (start & 7);
792 if ((start & ~7) == (end & ~7)) {
793 if (start < end) {
794 mask &= ~(0xff << (end & 7));
795 *tab |= mask;
796 }
797 } else {
798 *tab++ |= mask;
799 start = (start + 8) & ~7;
800 end1 = end & ~7;
801 while (start < end1) {
802 *tab++ = 0xff;
803 start += 8;
804 }
805 if (start < end) {
806 mask = ~(0xff << (end & 7));
807 *tab |= mask;
808 }
809 }
810 }
811
812 static void build_page_bitmap(PageDesc *p)
813 {
814 int n, tb_start, tb_end;
815 TranslationBlock *tb;
816
817 p->code_bitmap = qemu_mallocz(TARGET_PAGE_SIZE / 8);
818
819 tb = p->first_tb;
820 while (tb != NULL) {
821 n = (long)tb & 3;
822 tb = (TranslationBlock *)((long)tb & ~3);
823 /* NOTE: this is subtle as a TB may span two physical pages */
824 if (n == 0) {
825 /* NOTE: tb_end may be after the end of the page, but
826 it is not a problem */
827 tb_start = tb->pc & ~TARGET_PAGE_MASK;
828 tb_end = tb_start + tb->size;
829 if (tb_end > TARGET_PAGE_SIZE)
830 tb_end = TARGET_PAGE_SIZE;
831 } else {
832 tb_start = 0;
833 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
834 }
835 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
836 tb = tb->page_next[n];
837 }
838 }
839
840 TranslationBlock *tb_gen_code(CPUState *env,
841 target_ulong pc, target_ulong cs_base,
842 int flags, int cflags)
843 {
844 TranslationBlock *tb;
845 uint8_t *tc_ptr;
846 target_ulong phys_pc, phys_page2, virt_page2;
847 int code_gen_size;
848
849 phys_pc = get_phys_addr_code(env, pc);
850 tb = tb_alloc(pc);
851 if (!tb) {
852 /* flush must be done */
853 tb_flush(env);
854 /* cannot fail at this point */
855 tb = tb_alloc(pc);
856 /* Don't forget to invalidate previous TB info. */
857 tb_invalidated_flag = 1;
858 }
859 tc_ptr = code_gen_ptr;
860 tb->tc_ptr = tc_ptr;
861 tb->cs_base = cs_base;
862 tb->flags = flags;
863 tb->cflags = cflags;
864 cpu_gen_code(env, tb, &code_gen_size);
865 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
866
867 /* check next page if needed */
868 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
869 phys_page2 = -1;
870 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
871 phys_page2 = get_phys_addr_code(env, virt_page2);
872 }
873 tb_link_phys(tb, phys_pc, phys_page2);
874 return tb;
875 }
876
877 /* invalidate all TBs which intersect with the target physical page
878 starting in range [start;end[. NOTE: start and end must refer to
879 the same physical page. 'is_cpu_write_access' should be true if called
880 from a real cpu write access: the virtual CPU will exit the current
881 TB if code is modified inside this TB. */
882 void tb_invalidate_phys_page_range(target_phys_addr_t start, target_phys_addr_t end,
883 int is_cpu_write_access)
884 {
885 TranslationBlock *tb, *tb_next, *saved_tb;
886 CPUState *env = cpu_single_env;
887 target_ulong tb_start, tb_end;
888 PageDesc *p;
889 int n;
890 #ifdef TARGET_HAS_PRECISE_SMC
891 int current_tb_not_found = is_cpu_write_access;
892 TranslationBlock *current_tb = NULL;
893 int current_tb_modified = 0;
894 target_ulong current_pc = 0;
895 target_ulong current_cs_base = 0;
896 int current_flags = 0;
897 #endif /* TARGET_HAS_PRECISE_SMC */
898
899 p = page_find(start >> TARGET_PAGE_BITS);
900 if (!p)
901 return;
902 if (!p->code_bitmap &&
903 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
904 is_cpu_write_access) {
905 /* build code bitmap */
906 build_page_bitmap(p);
907 }
908
909 /* we remove all the TBs in the range [start, end[ */
910 /* XXX: see if in some cases it could be faster to invalidate all the code */
911 tb = p->first_tb;
912 while (tb != NULL) {
913 n = (long)tb & 3;
914 tb = (TranslationBlock *)((long)tb & ~3);
915 tb_next = tb->page_next[n];
916 /* NOTE: this is subtle as a TB may span two physical pages */
917 if (n == 0) {
918 /* NOTE: tb_end may be after the end of the page, but
919 it is not a problem */
920 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
921 tb_end = tb_start + tb->size;
922 } else {
923 tb_start = tb->page_addr[1];
924 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
925 }
926 if (!(tb_end <= start || tb_start >= end)) {
927 #ifdef TARGET_HAS_PRECISE_SMC
928 if (current_tb_not_found) {
929 current_tb_not_found = 0;
930 current_tb = NULL;
931 if (env->mem_io_pc) {
932 /* now we have a real cpu fault */
933 current_tb = tb_find_pc(env->mem_io_pc);
934 }
935 }
936 if (current_tb == tb &&
937 (current_tb->cflags & CF_COUNT_MASK) != 1) {
938 /* If we are modifying the current TB, we must stop
939 its execution. We could be more precise by checking
940 that the modification is after the current PC, but it
941 would require a specialized function to partially
942 restore the CPU state */
943
944 current_tb_modified = 1;
945 cpu_restore_state(current_tb, env,
946 env->mem_io_pc, NULL);
947 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
948 &current_flags);
949 }
950 #endif /* TARGET_HAS_PRECISE_SMC */
951 /* we need to do that to handle the case where a signal
952 occurs while doing tb_phys_invalidate() */
953 saved_tb = NULL;
954 if (env) {
955 saved_tb = env->current_tb;
956 env->current_tb = NULL;
957 }
958 tb_phys_invalidate(tb, -1);
959 if (env) {
960 env->current_tb = saved_tb;
961 if (env->interrupt_request && env->current_tb)
962 cpu_interrupt(env, env->interrupt_request);
963 }
964 }
965 tb = tb_next;
966 }
967 #if !defined(CONFIG_USER_ONLY)
968 /* if no code remaining, no need to continue to use slow writes */
969 if (!p->first_tb) {
970 invalidate_page_bitmap(p);
971 if (is_cpu_write_access) {
972 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
973 }
974 }
975 #endif
976 #ifdef TARGET_HAS_PRECISE_SMC
977 if (current_tb_modified) {
978 /* we generate a block containing just the instruction
979 modifying the memory. It will ensure that it cannot modify
980 itself */
981 env->current_tb = NULL;
982 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
983 cpu_resume_from_signal(env, NULL);
984 }
985 #endif
986 }
987
988 /* len must be <= 8 and start must be a multiple of len */
989 static inline void tb_invalidate_phys_page_fast(target_phys_addr_t start, int len)
990 {
991 PageDesc *p;
992 int offset, b;
993 #if 0
994 if (1) {
995 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
996 cpu_single_env->mem_io_vaddr, len,
997 cpu_single_env->eip,
998 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
999 }
1000 #endif
1001 p = page_find(start >> TARGET_PAGE_BITS);
1002 if (!p)
1003 return;
1004 if (p->code_bitmap) {
1005 offset = start & ~TARGET_PAGE_MASK;
1006 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1007 if (b & ((1 << len) - 1))
1008 goto do_invalidate;
1009 } else {
1010 do_invalidate:
1011 tb_invalidate_phys_page_range(start, start + len, 1);
1012 }
1013 }
1014
1015 #if !defined(CONFIG_SOFTMMU)
1016 static void tb_invalidate_phys_page(target_phys_addr_t addr,
1017 unsigned long pc, void *puc)
1018 {
1019 TranslationBlock *tb;
1020 PageDesc *p;
1021 int n;
1022 #ifdef TARGET_HAS_PRECISE_SMC
1023 TranslationBlock *current_tb = NULL;
1024 CPUState *env = cpu_single_env;
1025 int current_tb_modified = 0;
1026 target_ulong current_pc = 0;
1027 target_ulong current_cs_base = 0;
1028 int current_flags = 0;
1029 #endif
1030
1031 addr &= TARGET_PAGE_MASK;
1032 p = page_find(addr >> TARGET_PAGE_BITS);
1033 if (!p)
1034 return;
1035 tb = p->first_tb;
1036 #ifdef TARGET_HAS_PRECISE_SMC
1037 if (tb && pc != 0) {
1038 current_tb = tb_find_pc(pc);
1039 }
1040 #endif
1041 while (tb != NULL) {
1042 n = (long)tb & 3;
1043 tb = (TranslationBlock *)((long)tb & ~3);
1044 #ifdef TARGET_HAS_PRECISE_SMC
1045 if (current_tb == tb &&
1046 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1047 /* If we are modifying the current TB, we must stop
1048 its execution. We could be more precise by checking
1049 that the modification is after the current PC, but it
1050 would require a specialized function to partially
1051 restore the CPU state */
1052
1053 current_tb_modified = 1;
1054 cpu_restore_state(current_tb, env, pc, puc);
1055 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1056 &current_flags);
1057 }
1058 #endif /* TARGET_HAS_PRECISE_SMC */
1059 tb_phys_invalidate(tb, addr);
1060 tb = tb->page_next[n];
1061 }
1062 p->first_tb = NULL;
1063 #ifdef TARGET_HAS_PRECISE_SMC
1064 if (current_tb_modified) {
1065 /* we generate a block containing just the instruction
1066 modifying the memory. It will ensure that it cannot modify
1067 itself */
1068 env->current_tb = NULL;
1069 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1070 cpu_resume_from_signal(env, puc);
1071 }
1072 #endif
1073 }
1074 #endif
1075
1076 /* add the tb in the target page and protect it if necessary */
1077 static inline void tb_alloc_page(TranslationBlock *tb,
1078 unsigned int n, target_ulong page_addr)
1079 {
1080 PageDesc *p;
1081 TranslationBlock *last_first_tb;
1082
1083 tb->page_addr[n] = page_addr;
1084 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS);
1085 tb->page_next[n] = p->first_tb;
1086 last_first_tb = p->first_tb;
1087 p->first_tb = (TranslationBlock *)((long)tb | n);
1088 invalidate_page_bitmap(p);
1089
1090 #if defined(TARGET_HAS_SMC) || 1
1091
1092 #if defined(CONFIG_USER_ONLY)
1093 if (p->flags & PAGE_WRITE) {
1094 target_ulong addr;
1095 PageDesc *p2;
1096 int prot;
1097
1098 /* force the host page as non writable (writes will have a
1099 page fault + mprotect overhead) */
1100 page_addr &= qemu_host_page_mask;
1101 prot = 0;
1102 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1103 addr += TARGET_PAGE_SIZE) {
1104
1105 p2 = page_find (addr >> TARGET_PAGE_BITS);
1106 if (!p2)
1107 continue;
1108 prot |= p2->flags;
1109 p2->flags &= ~PAGE_WRITE;
1110 page_get_flags(addr);
1111 }
1112 mprotect(g2h(page_addr), qemu_host_page_size,
1113 (prot & PAGE_BITS) & ~PAGE_WRITE);
1114 #ifdef DEBUG_TB_INVALIDATE
1115 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1116 page_addr);
1117 #endif
1118 }
1119 #else
1120 /* if some code is already present, then the pages are already
1121 protected. So we handle the case where only the first TB is
1122 allocated in a physical page */
1123 if (!last_first_tb) {
1124 tlb_protect_code(page_addr);
1125 }
1126 #endif
1127
1128 #endif /* TARGET_HAS_SMC */
1129 }
1130
1131 /* Allocate a new translation block. Flush the translation buffer if
1132 too many translation blocks or too much generated code. */
1133 TranslationBlock *tb_alloc(target_ulong pc)
1134 {
1135 TranslationBlock *tb;
1136
1137 if (nb_tbs >= code_gen_max_blocks ||
1138 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
1139 return NULL;
1140 tb = &tbs[nb_tbs++];
1141 tb->pc = pc;
1142 tb->cflags = 0;
1143 return tb;
1144 }
1145
1146 void tb_free(TranslationBlock *tb)
1147 {
1148 /* In practice this is mostly used for single use temporary TB
1149 Ignore the hard cases and just back up if this TB happens to
1150 be the last one generated. */
1151 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
1152 code_gen_ptr = tb->tc_ptr;
1153 nb_tbs--;
1154 }
1155 }
1156
1157 /* add a new TB and link it to the physical page tables. phys_page2 is
1158 (-1) to indicate that only one page contains the TB. */
1159 void tb_link_phys(TranslationBlock *tb,
1160 target_ulong phys_pc, target_ulong phys_page2)
1161 {
1162 unsigned int h;
1163 TranslationBlock **ptb;
1164
1165 /* Grab the mmap lock to stop another thread invalidating this TB
1166 before we are done. */
1167 mmap_lock();
1168 /* add in the physical hash table */
1169 h = tb_phys_hash_func(phys_pc);
1170 ptb = &tb_phys_hash[h];
1171 tb->phys_hash_next = *ptb;
1172 *ptb = tb;
1173
1174 /* add in the page list */
1175 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1176 if (phys_page2 != -1)
1177 tb_alloc_page(tb, 1, phys_page2);
1178 else
1179 tb->page_addr[1] = -1;
1180
1181 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1182 tb->jmp_next[0] = NULL;
1183 tb->jmp_next[1] = NULL;
1184
1185 /* init original jump addresses */
1186 if (tb->tb_next_offset[0] != 0xffff)
1187 tb_reset_jump(tb, 0);
1188 if (tb->tb_next_offset[1] != 0xffff)
1189 tb_reset_jump(tb, 1);
1190
1191 #ifdef DEBUG_TB_CHECK
1192 tb_page_check();
1193 #endif
1194 mmap_unlock();
1195 }
1196
1197 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1198 tb[1].tc_ptr. Return NULL if not found */
1199 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1200 {
1201 int m_min, m_max, m;
1202 unsigned long v;
1203 TranslationBlock *tb;
1204
1205 if (nb_tbs <= 0)
1206 return NULL;
1207 if (tc_ptr < (unsigned long)code_gen_buffer ||
1208 tc_ptr >= (unsigned long)code_gen_ptr)
1209 return NULL;
1210 /* binary search (cf Knuth) */
1211 m_min = 0;
1212 m_max = nb_tbs - 1;
1213 while (m_min <= m_max) {
1214 m = (m_min + m_max) >> 1;
1215 tb = &tbs[m];
1216 v = (unsigned long)tb->tc_ptr;
1217 if (v == tc_ptr)
1218 return tb;
1219 else if (tc_ptr < v) {
1220 m_max = m - 1;
1221 } else {
1222 m_min = m + 1;
1223 }
1224 }
1225 return &tbs[m_max];
1226 }
1227
1228 static void tb_reset_jump_recursive(TranslationBlock *tb);
1229
1230 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1231 {
1232 TranslationBlock *tb1, *tb_next, **ptb;
1233 unsigned int n1;
1234
1235 tb1 = tb->jmp_next[n];
1236 if (tb1 != NULL) {
1237 /* find head of list */
1238 for(;;) {
1239 n1 = (long)tb1 & 3;
1240 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1241 if (n1 == 2)
1242 break;
1243 tb1 = tb1->jmp_next[n1];
1244 }
1245 /* we are now sure now that tb jumps to tb1 */
1246 tb_next = tb1;
1247
1248 /* remove tb from the jmp_first list */
1249 ptb = &tb_next->jmp_first;
1250 for(;;) {
1251 tb1 = *ptb;
1252 n1 = (long)tb1 & 3;
1253 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1254 if (n1 == n && tb1 == tb)
1255 break;
1256 ptb = &tb1->jmp_next[n1];
1257 }
1258 *ptb = tb->jmp_next[n];
1259 tb->jmp_next[n] = NULL;
1260
1261 /* suppress the jump to next tb in generated code */
1262 tb_reset_jump(tb, n);
1263
1264 /* suppress jumps in the tb on which we could have jumped */
1265 tb_reset_jump_recursive(tb_next);
1266 }
1267 }
1268
1269 static void tb_reset_jump_recursive(TranslationBlock *tb)
1270 {
1271 tb_reset_jump_recursive2(tb, 0);
1272 tb_reset_jump_recursive2(tb, 1);
1273 }
1274
1275 #if defined(TARGET_HAS_ICE)
1276 #if defined(CONFIG_USER_ONLY)
1277 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1278 {
1279 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1280 }
1281 #else
1282 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1283 {
1284 target_phys_addr_t addr;
1285 target_ulong pd;
1286 ram_addr_t ram_addr;
1287 PhysPageDesc *p;
1288
1289 addr = cpu_get_phys_page_debug(env, pc);
1290 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1291 if (!p) {
1292 pd = IO_MEM_UNASSIGNED;
1293 } else {
1294 pd = p->phys_offset;
1295 }
1296 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1297 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1298 }
1299 #endif
1300 #endif /* TARGET_HAS_ICE */
1301
1302 #if defined(CONFIG_USER_ONLY)
1303 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1304
1305 {
1306 }
1307
1308 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1309 int flags, CPUWatchpoint **watchpoint)
1310 {
1311 return -ENOSYS;
1312 }
1313 #else
1314 /* Add a watchpoint. */
1315 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1316 int flags, CPUWatchpoint **watchpoint)
1317 {
1318 target_ulong len_mask = ~(len - 1);
1319 CPUWatchpoint *wp;
1320
1321 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1322 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1323 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1324 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1325 return -EINVAL;
1326 }
1327 wp = qemu_malloc(sizeof(*wp));
1328
1329 wp->vaddr = addr;
1330 wp->len_mask = len_mask;
1331 wp->flags = flags;
1332
1333 /* keep all GDB-injected watchpoints in front */
1334 if (flags & BP_GDB)
1335 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1336 else
1337 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1338
1339 tlb_flush_page(env, addr);
1340
1341 if (watchpoint)
1342 *watchpoint = wp;
1343 return 0;
1344 }
1345
1346 /* Remove a specific watchpoint. */
1347 int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1348 int flags)
1349 {
1350 target_ulong len_mask = ~(len - 1);
1351 CPUWatchpoint *wp;
1352
1353 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1354 if (addr == wp->vaddr && len_mask == wp->len_mask
1355 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1356 cpu_watchpoint_remove_by_ref(env, wp);
1357 return 0;
1358 }
1359 }
1360 return -ENOENT;
1361 }
1362
1363 /* Remove a specific watchpoint by reference. */
1364 void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1365 {
1366 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1367
1368 tlb_flush_page(env, watchpoint->vaddr);
1369
1370 qemu_free(watchpoint);
1371 }
1372
1373 /* Remove all matching watchpoints. */
1374 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1375 {
1376 CPUWatchpoint *wp, *next;
1377
1378 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1379 if (wp->flags & mask)
1380 cpu_watchpoint_remove_by_ref(env, wp);
1381 }
1382 }
1383 #endif
1384
1385 /* Add a breakpoint. */
1386 int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1387 CPUBreakpoint **breakpoint)
1388 {
1389 #if defined(TARGET_HAS_ICE)
1390 CPUBreakpoint *bp;
1391
1392 bp = qemu_malloc(sizeof(*bp));
1393
1394 bp->pc = pc;
1395 bp->flags = flags;
1396
1397 /* keep all GDB-injected breakpoints in front */
1398 if (flags & BP_GDB)
1399 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1400 else
1401 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1402
1403 breakpoint_invalidate(env, pc);
1404
1405 if (breakpoint)
1406 *breakpoint = bp;
1407 return 0;
1408 #else
1409 return -ENOSYS;
1410 #endif
1411 }
1412
1413 /* Remove a specific breakpoint. */
1414 int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1415 {
1416 #if defined(TARGET_HAS_ICE)
1417 CPUBreakpoint *bp;
1418
1419 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1420 if (bp->pc == pc && bp->flags == flags) {
1421 cpu_breakpoint_remove_by_ref(env, bp);
1422 return 0;
1423 }
1424 }
1425 return -ENOENT;
1426 #else
1427 return -ENOSYS;
1428 #endif
1429 }
1430
1431 /* Remove a specific breakpoint by reference. */
1432 void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
1433 {
1434 #if defined(TARGET_HAS_ICE)
1435 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1436
1437 breakpoint_invalidate(env, breakpoint->pc);
1438
1439 qemu_free(breakpoint);
1440 #endif
1441 }
1442
1443 /* Remove all matching breakpoints. */
1444 void cpu_breakpoint_remove_all(CPUState *env, int mask)
1445 {
1446 #if defined(TARGET_HAS_ICE)
1447 CPUBreakpoint *bp, *next;
1448
1449 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1450 if (bp->flags & mask)
1451 cpu_breakpoint_remove_by_ref(env, bp);
1452 }
1453 #endif
1454 }
1455
1456 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1457 CPU loop after each instruction */
1458 void cpu_single_step(CPUState *env, int enabled)
1459 {
1460 #if defined(TARGET_HAS_ICE)
1461 if (env->singlestep_enabled != enabled) {
1462 env->singlestep_enabled = enabled;
1463 if (kvm_enabled())
1464 kvm_update_guest_debug(env, 0);
1465 else {
1466 /* must flush all the translated code to avoid inconsistencies */
1467 /* XXX: only flush what is necessary */
1468 tb_flush(env);
1469 }
1470 }
1471 #endif
1472 }
1473
1474 /* enable or disable low levels log */
1475 void cpu_set_log(int log_flags)
1476 {
1477 loglevel = log_flags;
1478 if (loglevel && !logfile) {
1479 logfile = fopen(logfilename, log_append ? "a" : "w");
1480 if (!logfile) {
1481 perror(logfilename);
1482 _exit(1);
1483 }
1484 #if !defined(CONFIG_SOFTMMU)
1485 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1486 {
1487 static char logfile_buf[4096];
1488 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1489 }
1490 #elif !defined(_WIN32)
1491 /* Win32 doesn't support line-buffering and requires size >= 2 */
1492 setvbuf(logfile, NULL, _IOLBF, 0);
1493 #endif
1494 log_append = 1;
1495 }
1496 if (!loglevel && logfile) {
1497 fclose(logfile);
1498 logfile = NULL;
1499 }
1500 }
1501
1502 void cpu_set_log_filename(const char *filename)
1503 {
1504 logfilename = strdup(filename);
1505 if (logfile) {
1506 fclose(logfile);
1507 logfile = NULL;
1508 }
1509 cpu_set_log(loglevel);
1510 }
1511
1512 static void cpu_unlink_tb(CPUState *env)
1513 {
1514 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1515 problem and hope the cpu will stop of its own accord. For userspace
1516 emulation this often isn't actually as bad as it sounds. Often
1517 signals are used primarily to interrupt blocking syscalls. */
1518 TranslationBlock *tb;
1519 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1520
1521 spin_lock(&interrupt_lock);
1522 tb = env->current_tb;
1523 /* if the cpu is currently executing code, we must unlink it and
1524 all the potentially executing TB */
1525 if (tb) {
1526 env->current_tb = NULL;
1527 tb_reset_jump_recursive(tb);
1528 }
1529 spin_unlock(&interrupt_lock);
1530 }
1531
1532 /* mask must never be zero, except for A20 change call */
1533 void cpu_interrupt(CPUState *env, int mask)
1534 {
1535 int old_mask;
1536
1537 old_mask = env->interrupt_request;
1538 env->interrupt_request |= mask;
1539
1540 #ifndef CONFIG_USER_ONLY
1541 /*
1542 * If called from iothread context, wake the target cpu in
1543 * case its halted.
1544 */
1545 if (!qemu_cpu_self(env)) {
1546 qemu_cpu_kick(env);
1547 return;
1548 }
1549 #endif
1550
1551 if (use_icount) {
1552 env->icount_decr.u16.high = 0xffff;
1553 #ifndef CONFIG_USER_ONLY
1554 if (!can_do_io(env)
1555 && (mask & ~old_mask) != 0) {
1556 cpu_abort(env, "Raised interrupt while not in I/O function");
1557 }
1558 #endif
1559 } else {
1560 cpu_unlink_tb(env);
1561 }
1562 }
1563
1564 void cpu_reset_interrupt(CPUState *env, int mask)
1565 {
1566 env->interrupt_request &= ~mask;
1567 }
1568
1569 void cpu_exit(CPUState *env)
1570 {
1571 env->exit_request = 1;
1572 cpu_unlink_tb(env);
1573 }
1574
1575 const CPULogItem cpu_log_items[] = {
1576 { CPU_LOG_TB_OUT_ASM, "out_asm",
1577 "show generated host assembly code for each compiled TB" },
1578 { CPU_LOG_TB_IN_ASM, "in_asm",
1579 "show target assembly code for each compiled TB" },
1580 { CPU_LOG_TB_OP, "op",
1581 "show micro ops for each compiled TB" },
1582 { CPU_LOG_TB_OP_OPT, "op_opt",
1583 "show micro ops "
1584 #ifdef TARGET_I386
1585 "before eflags optimization and "
1586 #endif
1587 "after liveness analysis" },
1588 { CPU_LOG_INT, "int",
1589 "show interrupts/exceptions in short format" },
1590 { CPU_LOG_EXEC, "exec",
1591 "show trace before each executed TB (lots of logs)" },
1592 { CPU_LOG_TB_CPU, "cpu",
1593 "show CPU state before block translation" },
1594 #ifdef TARGET_I386
1595 { CPU_LOG_PCALL, "pcall",
1596 "show protected mode far calls/returns/exceptions" },
1597 { CPU_LOG_RESET, "cpu_reset",
1598 "show CPU state before CPU resets" },
1599 #endif
1600 #ifdef DEBUG_IOPORT
1601 { CPU_LOG_IOPORT, "ioport",
1602 "show all i/o ports accesses" },
1603 #endif
1604 { 0, NULL, NULL },
1605 };
1606
1607 #ifndef CONFIG_USER_ONLY
1608 static QLIST_HEAD(memory_client_list, CPUPhysMemoryClient) memory_client_list
1609 = QLIST_HEAD_INITIALIZER(memory_client_list);
1610
1611 static void cpu_notify_set_memory(target_phys_addr_t start_addr,
1612 ram_addr_t size,
1613 ram_addr_t phys_offset)
1614 {
1615 CPUPhysMemoryClient *client;
1616 QLIST_FOREACH(client, &memory_client_list, list) {
1617 client->set_memory(client, start_addr, size, phys_offset);
1618 }
1619 }
1620
1621 static int cpu_notify_sync_dirty_bitmap(target_phys_addr_t start,
1622 target_phys_addr_t end)
1623 {
1624 CPUPhysMemoryClient *client;
1625 QLIST_FOREACH(client, &memory_client_list, list) {
1626 int r = client->sync_dirty_bitmap(client, start, end);
1627 if (r < 0)
1628 return r;
1629 }
1630 return 0;
1631 }
1632
1633 static int cpu_notify_migration_log(int enable)
1634 {
1635 CPUPhysMemoryClient *client;
1636 QLIST_FOREACH(client, &memory_client_list, list) {
1637 int r = client->migration_log(client, enable);
1638 if (r < 0)
1639 return r;
1640 }
1641 return 0;
1642 }
1643
1644 static void phys_page_for_each_in_l1_map(PhysPageDesc **phys_map,
1645 CPUPhysMemoryClient *client)
1646 {
1647 PhysPageDesc *pd;
1648 int l1, l2;
1649
1650 for (l1 = 0; l1 < L1_SIZE; ++l1) {
1651 pd = phys_map[l1];
1652 if (!pd) {
1653 continue;
1654 }
1655 for (l2 = 0; l2 < L2_SIZE; ++l2) {
1656 if (pd[l2].phys_offset == IO_MEM_UNASSIGNED) {
1657 continue;
1658 }
1659 client->set_memory(client, pd[l2].region_offset,
1660 TARGET_PAGE_SIZE, pd[l2].phys_offset);
1661 }
1662 }
1663 }
1664
1665 static void phys_page_for_each(CPUPhysMemoryClient *client)
1666 {
1667 #if TARGET_PHYS_ADDR_SPACE_BITS > 32
1668
1669 #if TARGET_PHYS_ADDR_SPACE_BITS > (32 + L1_BITS)
1670 #error unsupported TARGET_PHYS_ADDR_SPACE_BITS
1671 #endif
1672 void **phys_map = (void **)l1_phys_map;
1673 int l1;
1674 if (!l1_phys_map) {
1675 return;
1676 }
1677 for (l1 = 0; l1 < L1_SIZE; ++l1) {
1678 if (phys_map[l1]) {
1679 phys_page_for_each_in_l1_map(phys_map[l1], client);
1680 }
1681 }
1682 #else
1683 if (!l1_phys_map) {
1684 return;
1685 }
1686 phys_page_for_each_in_l1_map(l1_phys_map, client);
1687 #endif
1688 }
1689
1690 void cpu_register_phys_memory_client(CPUPhysMemoryClient *client)
1691 {
1692 QLIST_INSERT_HEAD(&memory_client_list, client, list);
1693 phys_page_for_each(client);
1694 }
1695
1696 void cpu_unregister_phys_memory_client(CPUPhysMemoryClient *client)
1697 {
1698 QLIST_REMOVE(client, list);
1699 }
1700 #endif
1701
1702 static int cmp1(const char *s1, int n, const char *s2)
1703 {
1704 if (strlen(s2) != n)
1705 return 0;
1706 return memcmp(s1, s2, n) == 0;
1707 }
1708
1709 /* takes a comma separated list of log masks. Return 0 if error. */
1710 int cpu_str_to_log_mask(const char *str)
1711 {
1712 const CPULogItem *item;
1713 int mask;
1714 const char *p, *p1;
1715
1716 p = str;
1717 mask = 0;
1718 for(;;) {
1719 p1 = strchr(p, ',');
1720 if (!p1)
1721 p1 = p + strlen(p);
1722 if(cmp1(p,p1-p,"all")) {
1723 for(item = cpu_log_items; item->mask != 0; item++) {
1724 mask |= item->mask;
1725 }
1726 } else {
1727 for(item = cpu_log_items; item->mask != 0; item++) {
1728 if (cmp1(p, p1 - p, item->name))
1729 goto found;
1730 }
1731 return 0;
1732 }
1733 found:
1734 mask |= item->mask;
1735 if (*p1 != ',')
1736 break;
1737 p = p1 + 1;
1738 }
1739 return mask;
1740 }
1741
1742 void cpu_abort(CPUState *env, const char *fmt, ...)
1743 {
1744 va_list ap;
1745 va_list ap2;
1746
1747 va_start(ap, fmt);
1748 va_copy(ap2, ap);
1749 fprintf(stderr, "qemu: fatal: ");
1750 vfprintf(stderr, fmt, ap);
1751 fprintf(stderr, "\n");
1752 #ifdef TARGET_I386
1753 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1754 #else
1755 cpu_dump_state(env, stderr, fprintf, 0);
1756 #endif
1757 if (qemu_log_enabled()) {
1758 qemu_log("qemu: fatal: ");
1759 qemu_log_vprintf(fmt, ap2);
1760 qemu_log("\n");
1761 #ifdef TARGET_I386
1762 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
1763 #else
1764 log_cpu_state(env, 0);
1765 #endif
1766 qemu_log_flush();
1767 qemu_log_close();
1768 }
1769 va_end(ap2);
1770 va_end(ap);
1771 #if defined(CONFIG_USER_ONLY)
1772 {
1773 struct sigaction act;
1774 sigfillset(&act.sa_mask);
1775 act.sa_handler = SIG_DFL;
1776 sigaction(SIGABRT, &act, NULL);
1777 }
1778 #endif
1779 abort();
1780 }
1781
1782 CPUState *cpu_copy(CPUState *env)
1783 {
1784 CPUState *new_env = cpu_init(env->cpu_model_str);
1785 CPUState *next_cpu = new_env->next_cpu;
1786 int cpu_index = new_env->cpu_index;
1787 #if defined(TARGET_HAS_ICE)
1788 CPUBreakpoint *bp;
1789 CPUWatchpoint *wp;
1790 #endif
1791
1792 memcpy(new_env, env, sizeof(CPUState));
1793
1794 /* Preserve chaining and index. */
1795 new_env->next_cpu = next_cpu;
1796 new_env->cpu_index = cpu_index;
1797
1798 /* Clone all break/watchpoints.
1799 Note: Once we support ptrace with hw-debug register access, make sure
1800 BP_CPU break/watchpoints are handled correctly on clone. */
1801 QTAILQ_INIT(&env->breakpoints);
1802 QTAILQ_INIT(&env->watchpoints);
1803 #if defined(TARGET_HAS_ICE)
1804 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1805 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1806 }
1807 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1808 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1809 wp->flags, NULL);
1810 }
1811 #endif
1812
1813 return new_env;
1814 }
1815
1816 #if !defined(CONFIG_USER_ONLY)
1817
1818 static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1819 {
1820 unsigned int i;
1821
1822 /* Discard jump cache entries for any tb which might potentially
1823 overlap the flushed page. */
1824 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1825 memset (&env->tb_jmp_cache[i], 0,
1826 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1827
1828 i = tb_jmp_cache_hash_page(addr);
1829 memset (&env->tb_jmp_cache[i], 0,
1830 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1831 }
1832
1833 static CPUTLBEntry s_cputlb_empty_entry = {
1834 .addr_read = -1,
1835 .addr_write = -1,
1836 .addr_code = -1,
1837 .addend = -1,
1838 };
1839
1840 /* NOTE: if flush_global is true, also flush global entries (not
1841 implemented yet) */
1842 void tlb_flush(CPUState *env, int flush_global)
1843 {
1844 int i;
1845
1846 #if defined(DEBUG_TLB)
1847 printf("tlb_flush:\n");
1848 #endif
1849 /* must reset current TB so that interrupts cannot modify the
1850 links while we are modifying them */
1851 env->current_tb = NULL;
1852
1853 for(i = 0; i < CPU_TLB_SIZE; i++) {
1854 int mmu_idx;
1855 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1856 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
1857 }
1858 }
1859
1860 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1861
1862 tlb_flush_count++;
1863 }
1864
1865 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1866 {
1867 if (addr == (tlb_entry->addr_read &
1868 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1869 addr == (tlb_entry->addr_write &
1870 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1871 addr == (tlb_entry->addr_code &
1872 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1873 *tlb_entry = s_cputlb_empty_entry;
1874 }
1875 }
1876
1877 void tlb_flush_page(CPUState *env, target_ulong addr)
1878 {
1879 int i;
1880 int mmu_idx;
1881
1882 #if defined(DEBUG_TLB)
1883 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1884 #endif
1885 /* must reset current TB so that interrupts cannot modify the
1886 links while we are modifying them */
1887 env->current_tb = NULL;
1888
1889 addr &= TARGET_PAGE_MASK;
1890 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1891 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
1892 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
1893
1894 tlb_flush_jmp_cache(env, addr);
1895 }
1896
1897 /* update the TLBs so that writes to code in the virtual page 'addr'
1898 can be detected */
1899 static void tlb_protect_code(ram_addr_t ram_addr)
1900 {
1901 cpu_physical_memory_reset_dirty(ram_addr,
1902 ram_addr + TARGET_PAGE_SIZE,
1903 CODE_DIRTY_FLAG);
1904 }
1905
1906 /* update the TLB so that writes in physical page 'phys_addr' are no longer
1907 tested for self modifying code */
1908 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
1909 target_ulong vaddr)
1910 {
1911 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] |= CODE_DIRTY_FLAG;
1912 }
1913
1914 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1915 unsigned long start, unsigned long length)
1916 {
1917 unsigned long addr;
1918 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1919 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1920 if ((addr - start) < length) {
1921 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1922 }
1923 }
1924 }
1925
1926 /* Note: start and end must be within the same ram block. */
1927 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
1928 int dirty_flags)
1929 {
1930 CPUState *env;
1931 unsigned long length, start1;
1932 int i, mask, len;
1933 uint8_t *p;
1934
1935 start &= TARGET_PAGE_MASK;
1936 end = TARGET_PAGE_ALIGN(end);
1937
1938 length = end - start;
1939 if (length == 0)
1940 return;
1941 len = length >> TARGET_PAGE_BITS;
1942 mask = ~dirty_flags;
1943 p = phys_ram_dirty + (start >> TARGET_PAGE_BITS);
1944 for(i = 0; i < len; i++)
1945 p[i] &= mask;
1946
1947 /* we modify the TLB cache so that the dirty bit will be set again
1948 when accessing the range */
1949 start1 = (unsigned long)qemu_get_ram_ptr(start);
1950 /* Chek that we don't span multiple blocks - this breaks the
1951 address comparisons below. */
1952 if ((unsigned long)qemu_get_ram_ptr(end - 1) - start1
1953 != (end - 1) - start) {
1954 abort();
1955 }
1956
1957 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1958 int mmu_idx;
1959 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1960 for(i = 0; i < CPU_TLB_SIZE; i++)
1961 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
1962 start1, length);
1963 }
1964 }
1965 }
1966
1967 int cpu_physical_memory_set_dirty_tracking(int enable)
1968 {
1969 int ret = 0;
1970 in_migration = enable;
1971 ret = cpu_notify_migration_log(!!enable);
1972 return ret;
1973 }
1974
1975 int cpu_physical_memory_get_dirty_tracking(void)
1976 {
1977 return in_migration;
1978 }
1979
1980 int cpu_physical_sync_dirty_bitmap(target_phys_addr_t start_addr,
1981 target_phys_addr_t end_addr)
1982 {
1983 int ret;
1984
1985 ret = cpu_notify_sync_dirty_bitmap(start_addr, end_addr);
1986 return ret;
1987 }
1988
1989 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
1990 {
1991 ram_addr_t ram_addr;
1992 void *p;
1993
1994 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1995 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
1996 + tlb_entry->addend);
1997 ram_addr = qemu_ram_addr_from_host(p);
1998 if (!cpu_physical_memory_is_dirty(ram_addr)) {
1999 tlb_entry->addr_write |= TLB_NOTDIRTY;
2000 }
2001 }
2002 }
2003
2004 /* update the TLB according to the current state of the dirty bits */
2005 void cpu_tlb_update_dirty(CPUState *env)
2006 {
2007 int i;
2008 int mmu_idx;
2009 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2010 for(i = 0; i < CPU_TLB_SIZE; i++)
2011 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2012 }
2013 }
2014
2015 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
2016 {
2017 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2018 tlb_entry->addr_write = vaddr;
2019 }
2020
2021 /* update the TLB corresponding to virtual page vaddr
2022 so that it is no longer dirty */
2023 static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
2024 {
2025 int i;
2026 int mmu_idx;
2027
2028 vaddr &= TARGET_PAGE_MASK;
2029 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2030 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2031 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
2032 }
2033
2034 /* add a new TLB entry. At most one entry for a given virtual address
2035 is permitted. Return 0 if OK or 2 if the page could not be mapped
2036 (can only happen in non SOFTMMU mode for I/O pages or pages
2037 conflicting with the host address space). */
2038 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
2039 target_phys_addr_t paddr, int prot,
2040 int mmu_idx, int is_softmmu)
2041 {
2042 PhysPageDesc *p;
2043 unsigned long pd;
2044 unsigned int index;
2045 target_ulong address;
2046 target_ulong code_address;
2047 target_phys_addr_t addend;
2048 int ret;
2049 CPUTLBEntry *te;
2050 CPUWatchpoint *wp;
2051 target_phys_addr_t iotlb;
2052
2053 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
2054 if (!p) {
2055 pd = IO_MEM_UNASSIGNED;
2056 } else {
2057 pd = p->phys_offset;
2058 }
2059 #if defined(DEBUG_TLB)
2060 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x%08x prot=%x idx=%d smmu=%d pd=0x%08lx\n",
2061 vaddr, (int)paddr, prot, mmu_idx, is_softmmu, pd);
2062 #endif
2063
2064 ret = 0;
2065 address = vaddr;
2066 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
2067 /* IO memory case (romd handled later) */
2068 address |= TLB_MMIO;
2069 }
2070 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
2071 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
2072 /* Normal RAM. */
2073 iotlb = pd & TARGET_PAGE_MASK;
2074 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
2075 iotlb |= IO_MEM_NOTDIRTY;
2076 else
2077 iotlb |= IO_MEM_ROM;
2078 } else {
2079 /* IO handlers are currently passed a physical address.
2080 It would be nice to pass an offset from the base address
2081 of that region. This would avoid having to special case RAM,
2082 and avoid full address decoding in every device.
2083 We can't use the high bits of pd for this because
2084 IO_MEM_ROMD uses these as a ram address. */
2085 iotlb = (pd & ~TARGET_PAGE_MASK);
2086 if (p) {
2087 iotlb += p->region_offset;
2088 } else {
2089 iotlb += paddr;
2090 }
2091 }
2092
2093 code_address = address;
2094 /* Make accesses to pages with watchpoints go via the
2095 watchpoint trap routines. */
2096 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2097 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2098 iotlb = io_mem_watch + paddr;
2099 /* TODO: The memory case can be optimized by not trapping
2100 reads of pages with a write breakpoint. */
2101 address |= TLB_MMIO;
2102 }
2103 }
2104
2105 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2106 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2107 te = &env->tlb_table[mmu_idx][index];
2108 te->addend = addend - vaddr;
2109 if (prot & PAGE_READ) {
2110 te->addr_read = address;
2111 } else {
2112 te->addr_read = -1;
2113 }
2114
2115 if (prot & PAGE_EXEC) {
2116 te->addr_code = code_address;
2117 } else {
2118 te->addr_code = -1;
2119 }
2120 if (prot & PAGE_WRITE) {
2121 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
2122 (pd & IO_MEM_ROMD)) {
2123 /* Write access calls the I/O callback. */
2124 te->addr_write = address | TLB_MMIO;
2125 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
2126 !cpu_physical_memory_is_dirty(pd)) {
2127 te->addr_write = address | TLB_NOTDIRTY;
2128 } else {
2129 te->addr_write = address;
2130 }
2131 } else {
2132 te->addr_write = -1;
2133 }
2134 return ret;
2135 }
2136
2137 #else
2138
2139 void tlb_flush(CPUState *env, int flush_global)
2140 {
2141 }
2142
2143 void tlb_flush_page(CPUState *env, target_ulong addr)
2144 {
2145 }
2146
2147 /*
2148 * Walks guest process memory "regions" one by one
2149 * and calls callback function 'fn' for each region.
2150 */
2151 int walk_memory_regions(void *priv,
2152 int (*fn)(void *, unsigned long, unsigned long, unsigned long))
2153 {
2154 unsigned long start, end;
2155 PageDesc *p = NULL;
2156 int i, j, prot, prot1;
2157 int rc = 0;
2158
2159 start = end = -1;
2160 prot = 0;
2161
2162 for (i = 0; i <= L1_SIZE; i++) {
2163 p = (i < L1_SIZE) ? l1_map[i] : NULL;
2164 for (j = 0; j < L2_SIZE; j++) {
2165 prot1 = (p == NULL) ? 0 : p[j].flags;
2166 /*
2167 * "region" is one continuous chunk of memory
2168 * that has same protection flags set.
2169 */
2170 if (prot1 != prot) {
2171 end = (i << (32 - L1_BITS)) | (j << TARGET_PAGE_BITS);
2172 if (start != -1) {
2173 rc = (*fn)(priv, start, end, prot);
2174 /* callback can stop iteration by returning != 0 */
2175 if (rc != 0)
2176 return (rc);
2177 }
2178 if (prot1 != 0)
2179 start = end;
2180 else
2181 start = -1;
2182 prot = prot1;
2183 }
2184 if (p == NULL)
2185 break;
2186 }
2187 }
2188 return (rc);
2189 }
2190
2191 static int dump_region(void *priv, unsigned long start,
2192 unsigned long end, unsigned long prot)
2193 {
2194 FILE *f = (FILE *)priv;
2195
2196 (void) fprintf(f, "%08lx-%08lx %08lx %c%c%c\n",
2197 start, end, end - start,
2198 ((prot & PAGE_READ) ? 'r' : '-'),
2199 ((prot & PAGE_WRITE) ? 'w' : '-'),
2200 ((prot & PAGE_EXEC) ? 'x' : '-'));
2201
2202 return (0);
2203 }
2204
2205 /* dump memory mappings */
2206 void page_dump(FILE *f)
2207 {
2208 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2209 "start", "end", "size", "prot");
2210 walk_memory_regions(f, dump_region);
2211 }
2212
2213 int page_get_flags(target_ulong address)
2214 {
2215 PageDesc *p;
2216
2217 p = page_find(address >> TARGET_PAGE_BITS);
2218 if (!p)
2219 return 0;
2220 return p->flags;
2221 }
2222
2223 /* modify the flags of a page and invalidate the code if
2224 necessary. The flag PAGE_WRITE_ORG is positioned automatically
2225 depending on PAGE_WRITE */
2226 void page_set_flags(target_ulong start, target_ulong end, int flags)
2227 {
2228 PageDesc *p;
2229 target_ulong addr;
2230
2231 /* mmap_lock should already be held. */
2232 start = start & TARGET_PAGE_MASK;
2233 end = TARGET_PAGE_ALIGN(end);
2234 if (flags & PAGE_WRITE)
2235 flags |= PAGE_WRITE_ORG;
2236 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
2237 p = page_find_alloc(addr >> TARGET_PAGE_BITS);
2238 /* We may be called for host regions that are outside guest
2239 address space. */
2240 if (!p)
2241 return;
2242 /* if the write protection is set, then we invalidate the code
2243 inside */
2244 if (!(p->flags & PAGE_WRITE) &&
2245 (flags & PAGE_WRITE) &&
2246 p->first_tb) {
2247 tb_invalidate_phys_page(addr, 0, NULL);
2248 }
2249 p->flags = flags;
2250 }
2251 }
2252
2253 int page_check_range(target_ulong start, target_ulong len, int flags)
2254 {
2255 PageDesc *p;
2256 target_ulong end;
2257 target_ulong addr;
2258
2259 if (start + len < start)
2260 /* we've wrapped around */
2261 return -1;
2262
2263 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2264 start = start & TARGET_PAGE_MASK;
2265
2266 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
2267 p = page_find(addr >> TARGET_PAGE_BITS);
2268 if( !p )
2269 return -1;
2270 if( !(p->flags & PAGE_VALID) )
2271 return -1;
2272
2273 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2274 return -1;
2275 if (flags & PAGE_WRITE) {
2276 if (!(p->flags & PAGE_WRITE_ORG))
2277 return -1;
2278 /* unprotect the page if it was put read-only because it
2279 contains translated code */
2280 if (!(p->flags & PAGE_WRITE)) {
2281 if (!page_unprotect(addr, 0, NULL))
2282 return -1;
2283 }
2284 return 0;
2285 }
2286 }
2287 return 0;
2288 }
2289
2290 /* called from signal handler: invalidate the code and unprotect the
2291 page. Return TRUE if the fault was successfully handled. */
2292 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2293 {
2294 unsigned int page_index, prot, pindex;
2295 PageDesc *p, *p1;
2296 target_ulong host_start, host_end, addr;
2297
2298 /* Technically this isn't safe inside a signal handler. However we
2299 know this only ever happens in a synchronous SEGV handler, so in
2300 practice it seems to be ok. */
2301 mmap_lock();
2302
2303 host_start = address & qemu_host_page_mask;
2304 page_index = host_start >> TARGET_PAGE_BITS;
2305 p1 = page_find(page_index);
2306 if (!p1) {
2307 mmap_unlock();
2308 return 0;
2309 }
2310 host_end = host_start + qemu_host_page_size;
2311 p = p1;
2312 prot = 0;
2313 for(addr = host_start;addr < host_end; addr += TARGET_PAGE_SIZE) {
2314 prot |= p->flags;
2315 p++;
2316 }
2317 /* if the page was really writable, then we change its
2318 protection back to writable */
2319 if (prot & PAGE_WRITE_ORG) {
2320 pindex = (address - host_start) >> TARGET_PAGE_BITS;
2321 if (!(p1[pindex].flags & PAGE_WRITE)) {
2322 mprotect((void *)g2h(host_start), qemu_host_page_size,
2323 (prot & PAGE_BITS) | PAGE_WRITE);
2324 p1[pindex].flags |= PAGE_WRITE;
2325 /* and since the content will be modified, we must invalidate
2326 the corresponding translated code. */
2327 tb_invalidate_phys_page(address, pc, puc);
2328 #ifdef DEBUG_TB_CHECK
2329 tb_invalidate_check(address);
2330 #endif
2331 mmap_unlock();
2332 return 1;
2333 }
2334 }
2335 mmap_unlock();
2336 return 0;
2337 }
2338
2339 static inline void tlb_set_dirty(CPUState *env,
2340 unsigned long addr, target_ulong vaddr)
2341 {
2342 }
2343 #endif /* defined(CONFIG_USER_ONLY) */
2344
2345 #if !defined(CONFIG_USER_ONLY)
2346
2347 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2348 typedef struct subpage_t {
2349 target_phys_addr_t base;
2350 CPUReadMemoryFunc * const *mem_read[TARGET_PAGE_SIZE][4];
2351 CPUWriteMemoryFunc * const *mem_write[TARGET_PAGE_SIZE][4];
2352 void *opaque[TARGET_PAGE_SIZE][2][4];
2353 ram_addr_t region_offset[TARGET_PAGE_SIZE][2][4];
2354 } subpage_t;
2355
2356 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2357 ram_addr_t memory, ram_addr_t region_offset);
2358 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2359 ram_addr_t orig_memory, ram_addr_t region_offset);
2360 #define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2361 need_subpage) \
2362 do { \
2363 if (addr > start_addr) \
2364 start_addr2 = 0; \
2365 else { \
2366 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2367 if (start_addr2 > 0) \
2368 need_subpage = 1; \
2369 } \
2370 \
2371 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2372 end_addr2 = TARGET_PAGE_SIZE - 1; \
2373 else { \
2374 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2375 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2376 need_subpage = 1; \
2377 } \
2378 } while (0)
2379
2380 /* register physical memory.
2381 For RAM, 'size' must be a multiple of the target page size.
2382 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2383 io memory page. The address used when calling the IO function is
2384 the offset from the start of the region, plus region_offset. Both
2385 start_addr and region_offset are rounded down to a page boundary
2386 before calculating this offset. This should not be a problem unless
2387 the low bits of start_addr and region_offset differ. */
2388 void cpu_register_physical_memory_offset(target_phys_addr_t start_addr,
2389 ram_addr_t size,
2390 ram_addr_t phys_offset,
2391 ram_addr_t region_offset)
2392 {
2393 target_phys_addr_t addr, end_addr;
2394 PhysPageDesc *p;
2395 CPUState *env;
2396 ram_addr_t orig_size = size;
2397 void *subpage;
2398
2399 cpu_notify_set_memory(start_addr, size, phys_offset);
2400
2401 if (phys_offset == IO_MEM_UNASSIGNED) {
2402 region_offset = start_addr;
2403 }
2404 region_offset &= TARGET_PAGE_MASK;
2405 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2406 end_addr = start_addr + (target_phys_addr_t)size;
2407 for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
2408 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2409 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2410 ram_addr_t orig_memory = p->phys_offset;
2411 target_phys_addr_t start_addr2, end_addr2;
2412 int need_subpage = 0;
2413
2414 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2415 need_subpage);
2416 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2417 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2418 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2419 &p->phys_offset, orig_memory,
2420 p->region_offset);
2421 } else {
2422 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2423 >> IO_MEM_SHIFT];
2424 }
2425 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2426 region_offset);
2427 p->region_offset = 0;
2428 } else {
2429 p->phys_offset = phys_offset;
2430 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2431 (phys_offset & IO_MEM_ROMD))
2432 phys_offset += TARGET_PAGE_SIZE;
2433 }
2434 } else {
2435 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2436 p->phys_offset = phys_offset;
2437 p->region_offset = region_offset;
2438 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2439 (phys_offset & IO_MEM_ROMD)) {
2440 phys_offset += TARGET_PAGE_SIZE;
2441 } else {
2442 target_phys_addr_t start_addr2, end_addr2;
2443 int need_subpage = 0;
2444
2445 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2446 end_addr2, need_subpage);
2447
2448 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2449 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2450 &p->phys_offset, IO_MEM_UNASSIGNED,
2451 addr & TARGET_PAGE_MASK);
2452 subpage_register(subpage, start_addr2, end_addr2,
2453 phys_offset, region_offset);
2454 p->region_offset = 0;
2455 }
2456 }
2457 }
2458 region_offset += TARGET_PAGE_SIZE;
2459 }
2460
2461 /* since each CPU stores ram addresses in its TLB cache, we must
2462 reset the modified entries */
2463 /* XXX: slow ! */
2464 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2465 tlb_flush(env, 1);
2466 }
2467 }
2468
2469 /* XXX: temporary until new memory mapping API */
2470 ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
2471 {
2472 PhysPageDesc *p;
2473
2474 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2475 if (!p)
2476 return IO_MEM_UNASSIGNED;
2477 return p->phys_offset;
2478 }
2479
2480 void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2481 {
2482 if (kvm_enabled())
2483 kvm_coalesce_mmio_region(addr, size);
2484 }
2485
2486 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2487 {
2488 if (kvm_enabled())
2489 kvm_uncoalesce_mmio_region(addr, size);
2490 }
2491
2492 void qemu_flush_coalesced_mmio_buffer(void)
2493 {
2494 if (kvm_enabled())
2495 kvm_flush_coalesced_mmio_buffer();
2496 }
2497
2498 #if defined(__linux__) && !defined(TARGET_S390X)
2499
2500 #include <sys/vfs.h>
2501
2502 #define HUGETLBFS_MAGIC 0x958458f6
2503
2504 static long gethugepagesize(const char *path)
2505 {
2506 struct statfs fs;
2507 int ret;
2508
2509 do {
2510 ret = statfs(path, &fs);
2511 } while (ret != 0 && errno == EINTR);
2512
2513 if (ret != 0) {
2514 perror("statfs");
2515 return 0;
2516 }
2517
2518 if (fs.f_type != HUGETLBFS_MAGIC)
2519 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
2520
2521 return fs.f_bsize;
2522 }
2523
2524 static void *file_ram_alloc(ram_addr_t memory, const char *path)
2525 {
2526 char *filename;
2527 void *area;
2528 int fd;
2529 #ifdef MAP_POPULATE
2530 int flags;
2531 #endif
2532 unsigned long hpagesize;
2533
2534 hpagesize = gethugepagesize(path);
2535 if (!hpagesize) {
2536 return NULL;
2537 }
2538
2539 if (memory < hpagesize) {
2540 return NULL;
2541 }
2542
2543 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2544 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2545 return NULL;
2546 }
2547
2548 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
2549 return NULL;
2550 }
2551
2552 fd = mkstemp(filename);
2553 if (fd < 0) {
2554 perror("mkstemp");
2555 free(filename);
2556 return NULL;
2557 }
2558 unlink(filename);
2559 free(filename);
2560
2561 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2562
2563 /*
2564 * ftruncate is not supported by hugetlbfs in older
2565 * hosts, so don't bother bailing out on errors.
2566 * If anything goes wrong with it under other filesystems,
2567 * mmap will fail.
2568 */
2569 if (ftruncate(fd, memory))
2570 perror("ftruncate");
2571
2572 #ifdef MAP_POPULATE
2573 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2574 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2575 * to sidestep this quirk.
2576 */
2577 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2578 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2579 #else
2580 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2581 #endif
2582 if (area == MAP_FAILED) {
2583 perror("file_ram_alloc: can't mmap RAM pages");
2584 close(fd);
2585 return (NULL);
2586 }
2587 return area;
2588 }
2589 #endif
2590
2591 ram_addr_t qemu_ram_alloc(ram_addr_t size)
2592 {
2593 RAMBlock *new_block;
2594
2595 size = TARGET_PAGE_ALIGN(size);
2596 new_block = qemu_malloc(sizeof(*new_block));
2597
2598 if (mem_path) {
2599 #if defined (__linux__) && !defined(TARGET_S390X)
2600 new_block->host = file_ram_alloc(size, mem_path);
2601 if (!new_block->host)
2602 exit(1);
2603 #else
2604 fprintf(stderr, "-mem-path option unsupported\n");
2605 exit(1);
2606 #endif
2607 } else {
2608 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2609 /* XXX S390 KVM requires the topmost vma of the RAM to be < 256GB */
2610 new_block->host = mmap((void*)0x1000000, size,
2611 PROT_EXEC|PROT_READ|PROT_WRITE,
2612 MAP_SHARED | MAP_ANONYMOUS, -1, 0);
2613 #else
2614 new_block->host = qemu_vmalloc(size);
2615 #endif
2616 #ifdef MADV_MERGEABLE
2617 madvise(new_block->host, size, MADV_MERGEABLE);
2618 #endif
2619 }
2620 new_block->offset = last_ram_offset;
2621 new_block->length = size;
2622
2623 new_block->next = ram_blocks;
2624 ram_blocks = new_block;
2625
2626 phys_ram_dirty = qemu_realloc(phys_ram_dirty,
2627 (last_ram_offset + size) >> TARGET_PAGE_BITS);
2628 memset(phys_ram_dirty + (last_ram_offset >> TARGET_PAGE_BITS),
2629 0xff, size >> TARGET_PAGE_BITS);
2630
2631 last_ram_offset += size;
2632
2633 if (kvm_enabled())
2634 kvm_setup_guest_memory(new_block->host, size);
2635
2636 return new_block->offset;
2637 }
2638
2639 void qemu_ram_free(ram_addr_t addr)
2640 {
2641 /* TODO: implement this. */
2642 }
2643
2644 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2645 With the exception of the softmmu code in this file, this should
2646 only be used for local memory (e.g. video ram) that the device owns,
2647 and knows it isn't going to access beyond the end of the block.
2648
2649 It should not be used for general purpose DMA.
2650 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2651 */
2652 void *qemu_get_ram_ptr(ram_addr_t addr)
2653 {
2654 RAMBlock *prev;
2655 RAMBlock **prevp;
2656 RAMBlock *block;
2657
2658 prev = NULL;
2659 prevp = &ram_blocks;
2660 block = ram_blocks;
2661 while (block && (block->offset > addr
2662 || block->offset + block->length <= addr)) {
2663 if (prev)
2664 prevp = &prev->next;
2665 prev = block;
2666 block = block->next;
2667 }
2668 if (!block) {
2669 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2670 abort();
2671 }
2672 /* Move this entry to to start of the list. */
2673 if (prev) {
2674 prev->next = block->next;
2675 block->next = *prevp;
2676 *prevp = block;
2677 }
2678 return block->host + (addr - block->offset);
2679 }
2680
2681 /* Some of the softmmu routines need to translate from a host pointer
2682 (typically a TLB entry) back to a ram offset. */
2683 ram_addr_t qemu_ram_addr_from_host(void *ptr)
2684 {
2685 RAMBlock *prev;
2686 RAMBlock *block;
2687 uint8_t *host = ptr;
2688
2689 prev = NULL;
2690 block = ram_blocks;
2691 while (block && (block->host > host
2692 || block->host + block->length <= host)) {
2693 prev = block;
2694 block = block->next;
2695 }
2696 if (!block) {
2697 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2698 abort();
2699 }
2700 return block->offset + (host - block->host);
2701 }
2702
2703 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
2704 {
2705 #ifdef DEBUG_UNASSIGNED
2706 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2707 #endif
2708 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2709 do_unassigned_access(addr, 0, 0, 0, 1);
2710 #endif
2711 return 0;
2712 }
2713
2714 static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
2715 {
2716 #ifdef DEBUG_UNASSIGNED
2717 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2718 #endif
2719 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2720 do_unassigned_access(addr, 0, 0, 0, 2);
2721 #endif
2722 return 0;
2723 }
2724
2725 static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
2726 {
2727 #ifdef DEBUG_UNASSIGNED
2728 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2729 #endif
2730 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2731 do_unassigned_access(addr, 0, 0, 0, 4);
2732 #endif
2733 return 0;
2734 }
2735
2736 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
2737 {
2738 #ifdef DEBUG_UNASSIGNED
2739 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2740 #endif
2741 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2742 do_unassigned_access(addr, 1, 0, 0, 1);
2743 #endif
2744 }
2745
2746 static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
2747 {
2748 #ifdef DEBUG_UNASSIGNED
2749 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2750 #endif
2751 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2752 do_unassigned_access(addr, 1, 0, 0, 2);
2753 #endif
2754 }
2755
2756 static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
2757 {
2758 #ifdef DEBUG_UNASSIGNED
2759 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2760 #endif
2761 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2762 do_unassigned_access(addr, 1, 0, 0, 4);
2763 #endif
2764 }
2765
2766 static CPUReadMemoryFunc * const unassigned_mem_read[3] = {
2767 unassigned_mem_readb,
2768 unassigned_mem_readw,
2769 unassigned_mem_readl,
2770 };
2771
2772 static CPUWriteMemoryFunc * const unassigned_mem_write[3] = {
2773 unassigned_mem_writeb,
2774 unassigned_mem_writew,
2775 unassigned_mem_writel,
2776 };
2777
2778 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
2779 uint32_t val)
2780 {
2781 int dirty_flags;
2782 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2783 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2784 #if !defined(CONFIG_USER_ONLY)
2785 tb_invalidate_phys_page_fast(ram_addr, 1);
2786 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2787 #endif
2788 }
2789 stb_p(qemu_get_ram_ptr(ram_addr), val);
2790 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2791 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2792 /* we remove the notdirty callback only if the code has been
2793 flushed */
2794 if (dirty_flags == 0xff)
2795 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2796 }
2797
2798 static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
2799 uint32_t val)
2800 {
2801 int dirty_flags;
2802 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2803 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2804 #if !defined(CONFIG_USER_ONLY)
2805 tb_invalidate_phys_page_fast(ram_addr, 2);
2806 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2807 #endif
2808 }
2809 stw_p(qemu_get_ram_ptr(ram_addr), val);
2810 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2811 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2812 /* we remove the notdirty callback only if the code has been
2813 flushed */
2814 if (dirty_flags == 0xff)
2815 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2816 }
2817
2818 static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
2819 uint32_t val)
2820 {
2821 int dirty_flags;
2822 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2823 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2824 #if !defined(CONFIG_USER_ONLY)
2825 tb_invalidate_phys_page_fast(ram_addr, 4);
2826 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2827 #endif
2828 }
2829 stl_p(qemu_get_ram_ptr(ram_addr), val);
2830 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2831 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2832 /* we remove the notdirty callback only if the code has been
2833 flushed */
2834 if (dirty_flags == 0xff)
2835 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2836 }
2837
2838 static CPUReadMemoryFunc * const error_mem_read[3] = {
2839 NULL, /* never used */
2840 NULL, /* never used */
2841 NULL, /* never used */
2842 };
2843
2844 static CPUWriteMemoryFunc * const notdirty_mem_write[3] = {
2845 notdirty_mem_writeb,
2846 notdirty_mem_writew,
2847 notdirty_mem_writel,
2848 };
2849
2850 /* Generate a debug exception if a watchpoint has been hit. */
2851 static void check_watchpoint(int offset, int len_mask, int flags)
2852 {
2853 CPUState *env = cpu_single_env;
2854 target_ulong pc, cs_base;
2855 TranslationBlock *tb;
2856 target_ulong vaddr;
2857 CPUWatchpoint *wp;
2858 int cpu_flags;
2859
2860 if (env->watchpoint_hit) {
2861 /* We re-entered the check after replacing the TB. Now raise
2862 * the debug interrupt so that is will trigger after the
2863 * current instruction. */
2864 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2865 return;
2866 }
2867 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2868 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2869 if ((vaddr == (wp->vaddr & len_mask) ||
2870 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
2871 wp->flags |= BP_WATCHPOINT_HIT;
2872 if (!env->watchpoint_hit) {
2873 env->watchpoint_hit = wp;
2874 tb = tb_find_pc(env->mem_io_pc);
2875 if (!tb) {
2876 cpu_abort(env, "check_watchpoint: could not find TB for "
2877 "pc=%p", (void *)env->mem_io_pc);
2878 }
2879 cpu_restore_state(tb, env, env->mem_io_pc, NULL);
2880 tb_phys_invalidate(tb, -1);
2881 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2882 env->exception_index = EXCP_DEBUG;
2883 } else {
2884 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2885 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
2886 }
2887 cpu_resume_from_signal(env, NULL);
2888 }
2889 } else {
2890 wp->flags &= ~BP_WATCHPOINT_HIT;
2891 }
2892 }
2893 }
2894
2895 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2896 so these check for a hit then pass through to the normal out-of-line
2897 phys routines. */
2898 static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
2899 {
2900 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_READ);
2901 return ldub_phys(addr);
2902 }
2903
2904 static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
2905 {
2906 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_READ);
2907 return lduw_phys(addr);
2908 }
2909
2910 static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
2911 {
2912 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_READ);
2913 return ldl_phys(addr);
2914 }
2915
2916 static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
2917 uint32_t val)
2918 {
2919 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_WRITE);
2920 stb_phys(addr, val);
2921 }
2922
2923 static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
2924 uint32_t val)
2925 {
2926 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_WRITE);
2927 stw_phys(addr, val);
2928 }
2929
2930 static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
2931 uint32_t val)
2932 {
2933 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_WRITE);
2934 stl_phys(addr, val);
2935 }
2936
2937 static CPUReadMemoryFunc * const watch_mem_read[3] = {
2938 watch_mem_readb,
2939 watch_mem_readw,
2940 watch_mem_readl,
2941 };
2942
2943 static CPUWriteMemoryFunc * const watch_mem_write[3] = {
2944 watch_mem_writeb,
2945 watch_mem_writew,
2946 watch_mem_writel,
2947 };
2948
2949 static inline uint32_t subpage_readlen (subpage_t *mmio, target_phys_addr_t addr,
2950 unsigned int len)
2951 {
2952 uint32_t ret;
2953 unsigned int idx;
2954
2955 idx = SUBPAGE_IDX(addr);
2956 #if defined(DEBUG_SUBPAGE)
2957 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
2958 mmio, len, addr, idx);
2959 #endif
2960 ret = (**mmio->mem_read[idx][len])(mmio->opaque[idx][0][len],
2961 addr + mmio->region_offset[idx][0][len]);
2962
2963 return ret;
2964 }
2965
2966 static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
2967 uint32_t value, unsigned int len)
2968 {
2969 unsigned int idx;
2970
2971 idx = SUBPAGE_IDX(addr);
2972 #if defined(DEBUG_SUBPAGE)
2973 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n", __func__,
2974 mmio, len, addr, idx, value);
2975 #endif
2976 (**mmio->mem_write[idx][len])(mmio->opaque[idx][1][len],
2977 addr + mmio->region_offset[idx][1][len],
2978 value);
2979 }
2980
2981 static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
2982 {
2983 #if defined(DEBUG_SUBPAGE)
2984 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
2985 #endif
2986
2987 return subpage_readlen(opaque, addr, 0);
2988 }
2989
2990 static void subpage_writeb (void *opaque, target_phys_addr_t addr,
2991 uint32_t value)
2992 {
2993 #if defined(DEBUG_SUBPAGE)
2994 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
2995 #endif
2996 subpage_writelen(opaque, addr, value, 0);
2997 }
2998
2999 static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
3000 {
3001 #if defined(DEBUG_SUBPAGE)
3002 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
3003 #endif
3004
3005 return subpage_readlen(opaque, addr, 1);
3006 }
3007
3008 static void subpage_writew (void *opaque, target_phys_addr_t addr,
3009 uint32_t value)
3010 {
3011 #if defined(DEBUG_SUBPAGE)
3012 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
3013 #endif
3014 subpage_writelen(opaque, addr, value, 1);
3015 }
3016
3017 static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
3018 {
3019 #if defined(DEBUG_SUBPAGE)
3020 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
3021 #endif
3022
3023 return subpage_readlen(opaque, addr, 2);
3024 }
3025
3026 static void subpage_writel (void *opaque,
3027 target_phys_addr_t addr, uint32_t value)
3028 {
3029 #if defined(DEBUG_SUBPAGE)
3030 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
3031 #endif
3032 subpage_writelen(opaque, addr, value, 2);
3033 }
3034
3035 static CPUReadMemoryFunc * const subpage_read[] = {
3036 &subpage_readb,
3037 &subpage_readw,
3038 &subpage_readl,
3039 };
3040
3041 static CPUWriteMemoryFunc * const subpage_write[] = {
3042 &subpage_writeb,
3043 &subpage_writew,
3044 &subpage_writel,
3045 };
3046
3047 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3048 ram_addr_t memory, ram_addr_t region_offset)
3049 {
3050 int idx, eidx;
3051 unsigned int i;
3052
3053 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3054 return -1;
3055 idx = SUBPAGE_IDX(start);
3056 eidx = SUBPAGE_IDX(end);
3057 #if defined(DEBUG_SUBPAGE)
3058 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
3059 mmio, start, end, idx, eidx, memory);
3060 #endif
3061 memory >>= IO_MEM_SHIFT;
3062 for (; idx <= eidx; idx++) {
3063 for (i = 0; i < 4; i++) {
3064 if (io_mem_read[memory][i]) {
3065 mmio->mem_read[idx][i] = &io_mem_read[memory][i];
3066 mmio->opaque[idx][0][i] = io_mem_opaque[memory];
3067 mmio->region_offset[idx][0][i] = region_offset;
3068 }
3069 if (io_mem_write[memory][i]) {
3070 mmio->mem_write[idx][i] = &io_mem_write[memory][i];
3071 mmio->opaque[idx][1][i] = io_mem_opaque[memory];
3072 mmio->region_offset[idx][1][i] = region_offset;
3073 }
3074 }
3075 }
3076
3077 return 0;
3078 }
3079
3080 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
3081 ram_addr_t orig_memory, ram_addr_t region_offset)
3082 {
3083 subpage_t *mmio;
3084 int subpage_memory;
3085
3086 mmio = qemu_mallocz(sizeof(subpage_t));
3087
3088 mmio->base = base;
3089 subpage_memory = cpu_register_io_memory(subpage_read, subpage_write, mmio);
3090 #if defined(DEBUG_SUBPAGE)
3091 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3092 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
3093 #endif
3094 *phys = subpage_memory | IO_MEM_SUBPAGE;
3095 subpage_register(mmio, 0, TARGET_PAGE_SIZE - 1, orig_memory,
3096 region_offset);
3097
3098 return mmio;
3099 }
3100
3101 static int get_free_io_mem_idx(void)
3102 {
3103 int i;
3104
3105 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3106 if (!io_mem_used[i]) {
3107 io_mem_used[i] = 1;
3108 return i;
3109 }
3110 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
3111 return -1;
3112 }
3113
3114 /* mem_read and mem_write are arrays of functions containing the
3115 function to access byte (index 0), word (index 1) and dword (index
3116 2). Functions can be omitted with a NULL function pointer.
3117 If io_index is non zero, the corresponding io zone is
3118 modified. If it is zero, a new io zone is allocated. The return
3119 value can be used with cpu_register_physical_memory(). (-1) is
3120 returned if error. */
3121 static int cpu_register_io_memory_fixed(int io_index,
3122 CPUReadMemoryFunc * const *mem_read,
3123 CPUWriteMemoryFunc * const *mem_write,
3124 void *opaque)
3125 {
3126 int i, subwidth = 0;
3127
3128 if (io_index <= 0) {
3129 io_index = get_free_io_mem_idx();
3130 if (io_index == -1)
3131 return io_index;
3132 } else {
3133 io_index >>= IO_MEM_SHIFT;
3134 if (io_index >= IO_MEM_NB_ENTRIES)
3135 return -1;
3136 }
3137
3138 for(i = 0;i < 3; i++) {
3139 if (!mem_read[i] || !mem_write[i])
3140 subwidth = IO_MEM_SUBWIDTH;
3141 io_mem_read[io_index][i] = mem_read[i];
3142 io_mem_write[io_index][i] = mem_write[i];
3143 }
3144 io_mem_opaque[io_index] = opaque;
3145 return (io_index << IO_MEM_SHIFT) | subwidth;
3146 }
3147
3148 int cpu_register_io_memory(CPUReadMemoryFunc * const *mem_read,
3149 CPUWriteMemoryFunc * const *mem_write,
3150 void *opaque)
3151 {
3152 return cpu_register_io_memory_fixed(0, mem_read, mem_write, opaque);
3153 }
3154
3155 void cpu_unregister_io_memory(int io_table_address)
3156 {
3157 int i;
3158 int io_index = io_table_address >> IO_MEM_SHIFT;
3159
3160 for (i=0;i < 3; i++) {
3161 io_mem_read[io_index][i] = unassigned_mem_read[i];
3162 io_mem_write[io_index][i] = unassigned_mem_write[i];
3163 }
3164 io_mem_opaque[io_index] = NULL;
3165 io_mem_used[io_index] = 0;
3166 }
3167
3168 static void io_mem_init(void)
3169 {
3170 int i;
3171
3172 cpu_register_io_memory_fixed(IO_MEM_ROM, error_mem_read, unassigned_mem_write, NULL);
3173 cpu_register_io_memory_fixed(IO_MEM_UNASSIGNED, unassigned_mem_read, unassigned_mem_write, NULL);
3174 cpu_register_io_memory_fixed(IO_MEM_NOTDIRTY, error_mem_read, notdirty_mem_write, NULL);
3175 for (i=0; i<5; i++)
3176 io_mem_used[i] = 1;
3177
3178 io_mem_watch = cpu_register_io_memory(watch_mem_read,
3179 watch_mem_write, NULL);
3180 }
3181
3182 #endif /* !defined(CONFIG_USER_ONLY) */
3183
3184 /* physical memory access (slow version, mainly for debug) */
3185 #if defined(CONFIG_USER_ONLY)
3186 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3187 uint8_t *buf, int len, int is_write)
3188 {
3189 int l, flags;
3190 target_ulong page;
3191 void * p;
3192
3193 while (len > 0) {
3194 page = addr & TARGET_PAGE_MASK;
3195 l = (page + TARGET_PAGE_SIZE) - addr;
3196 if (l > len)
3197 l = len;
3198 flags = page_get_flags(page);
3199 if (!(flags & PAGE_VALID))
3200 return -1;
3201 if (is_write) {
3202 if (!(flags & PAGE_WRITE))
3203 return -1;
3204 /* XXX: this code should not depend on lock_user */
3205 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3206 return -1;
3207 memcpy(p, buf, l);
3208 unlock_user(p, addr, l);
3209 } else {
3210 if (!(flags & PAGE_READ))
3211 return -1;
3212 /* XXX: this code should not depend on lock_user */
3213 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3214 return -1;
3215 memcpy(buf, p, l);
3216 unlock_user(p, addr, 0);
3217 }
3218 len -= l;
3219 buf += l;
3220 addr += l;
3221 }
3222 return 0;
3223 }
3224
3225 #else
3226 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3227 int len, int is_write)
3228 {
3229 int l, io_index;
3230 uint8_t *ptr;
3231 uint32_t val;
3232 target_phys_addr_t page;
3233 unsigned long pd;
3234 PhysPageDesc *p;
3235
3236 while (len > 0) {
3237 page = addr & TARGET_PAGE_MASK;
3238 l = (page + TARGET_PAGE_SIZE) - addr;
3239 if (l > len)
3240 l = len;
3241 p = phys_page_find(page >> TARGET_PAGE_BITS);
3242 if (!p) {
3243 pd = IO_MEM_UNASSIGNED;
3244 } else {
3245 pd = p->phys_offset;
3246 }
3247
3248 if (is_write) {
3249 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3250 target_phys_addr_t addr1 = addr;
3251 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3252 if (p)
3253 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3254 /* XXX: could force cpu_single_env to NULL to avoid
3255 potential bugs */
3256 if (l >= 4 && ((addr1 & 3) == 0)) {
3257 /* 32 bit write access */
3258 val = ldl_p(buf);
3259 io_mem_write[io_index][2](io_mem_opaque[io_index], addr1, val);
3260 l = 4;
3261 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3262 /* 16 bit write access */
3263 val = lduw_p(buf);
3264 io_mem_write[io_index][1](io_mem_opaque[io_index], addr1, val);
3265 l = 2;
3266 } else {
3267 /* 8 bit write access */
3268 val = ldub_p(buf);
3269 io_mem_write[io_index][0](io_mem_opaque[io_index], addr1, val);
3270 l = 1;
3271 }
3272 } else {
3273 unsigned long addr1;
3274 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3275 /* RAM case */
3276 ptr = qemu_get_ram_ptr(addr1);
3277 memcpy(ptr, buf, l);
3278 if (!cpu_physical_memory_is_dirty(addr1)) {
3279 /* invalidate code */
3280 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3281 /* set dirty bit */
3282 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3283 (0xff & ~CODE_DIRTY_FLAG);
3284 }
3285 }
3286 } else {
3287 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3288 !(pd & IO_MEM_ROMD)) {
3289 target_phys_addr_t addr1 = addr;
3290 /* I/O case */
3291 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3292 if (p)
3293 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3294 if (l >= 4 && ((addr1 & 3) == 0)) {
3295 /* 32 bit read access */
3296 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr1);
3297 stl_p(buf, val);
3298 l = 4;
3299 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3300 /* 16 bit read access */
3301 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr1);
3302 stw_p(buf, val);
3303 l = 2;
3304 } else {
3305 /* 8 bit read access */
3306 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr1);
3307 stb_p(buf, val);
3308 l = 1;
3309 }
3310 } else {
3311 /* RAM case */
3312 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3313 (addr & ~TARGET_PAGE_MASK);
3314 memcpy(buf, ptr, l);
3315 }
3316 }
3317 len -= l;
3318 buf += l;
3319 addr += l;
3320 }
3321 }
3322
3323 /* used for ROM loading : can write in RAM and ROM */
3324 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
3325 const uint8_t *buf, int len)
3326 {
3327 int l;
3328 uint8_t *ptr;
3329 target_phys_addr_t page;
3330 unsigned long pd;
3331 PhysPageDesc *p;
3332
3333 while (len > 0) {
3334 page = addr & TARGET_PAGE_MASK;
3335 l = (page + TARGET_PAGE_SIZE) - addr;
3336 if (l > len)
3337 l = len;
3338 p = phys_page_find(page >> TARGET_PAGE_BITS);
3339 if (!p) {
3340 pd = IO_MEM_UNASSIGNED;
3341 } else {
3342 pd = p->phys_offset;
3343 }
3344
3345 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
3346 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
3347 !(pd & IO_MEM_ROMD)) {
3348 /* do nothing */
3349 } else {
3350 unsigned long addr1;
3351 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3352 /* ROM/RAM case */
3353 ptr = qemu_get_ram_ptr(addr1);
3354 memcpy(ptr, buf, l);
3355 }
3356 len -= l;
3357 buf += l;
3358 addr += l;
3359 }
3360 }
3361
3362 typedef struct {
3363 void *buffer;
3364 target_phys_addr_t addr;
3365 target_phys_addr_t len;
3366 } BounceBuffer;
3367
3368 static BounceBuffer bounce;
3369
3370 typedef struct MapClient {
3371 void *opaque;
3372 void (*callback)(void *opaque);
3373 QLIST_ENTRY(MapClient) link;
3374 } MapClient;
3375
3376 static QLIST_HEAD(map_client_list, MapClient) map_client_list
3377 = QLIST_HEAD_INITIALIZER(map_client_list);
3378
3379 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3380 {
3381 MapClient *client = qemu_malloc(sizeof(*client));
3382
3383 client->opaque = opaque;
3384 client->callback = callback;
3385 QLIST_INSERT_HEAD(&map_client_list, client, link);
3386 return client;
3387 }
3388
3389 void cpu_unregister_map_client(void *_client)
3390 {
3391 MapClient *client = (MapClient *)_client;
3392
3393 QLIST_REMOVE(client, link);
3394 qemu_free(client);
3395 }
3396
3397 static void cpu_notify_map_clients(void)
3398 {
3399 MapClient *client;
3400
3401 while (!QLIST_EMPTY(&map_client_list)) {
3402 client = QLIST_FIRST(&map_client_list);
3403 client->callback(client->opaque);
3404 cpu_unregister_map_client(client);
3405 }
3406 }
3407
3408 /* Map a physical memory region into a host virtual address.
3409 * May map a subset of the requested range, given by and returned in *plen.
3410 * May return NULL if resources needed to perform the mapping are exhausted.
3411 * Use only for reads OR writes - not for read-modify-write operations.
3412 * Use cpu_register_map_client() to know when retrying the map operation is
3413 * likely to succeed.
3414 */
3415 void *cpu_physical_memory_map(target_phys_addr_t addr,
3416 target_phys_addr_t *plen,
3417 int is_write)
3418 {
3419 target_phys_addr_t len = *plen;
3420 target_phys_addr_t done = 0;
3421 int l;
3422 uint8_t *ret = NULL;
3423 uint8_t *ptr;
3424 target_phys_addr_t page;
3425 unsigned long pd;
3426 PhysPageDesc *p;
3427 unsigned long addr1;
3428
3429 while (len > 0) {
3430 page = addr & TARGET_PAGE_MASK;
3431 l = (page + TARGET_PAGE_SIZE) - addr;
3432 if (l > len)
3433 l = len;
3434 p = phys_page_find(page >> TARGET_PAGE_BITS);
3435 if (!p) {
3436 pd = IO_MEM_UNASSIGNED;
3437 } else {
3438 pd = p->phys_offset;
3439 }
3440
3441 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3442 if (done || bounce.buffer) {
3443 break;
3444 }
3445 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3446 bounce.addr = addr;
3447 bounce.len = l;
3448 if (!is_write) {
3449 cpu_physical_memory_rw(addr, bounce.buffer, l, 0);
3450 }
3451 ptr = bounce.buffer;
3452 } else {
3453 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3454 ptr = qemu_get_ram_ptr(addr1);
3455 }
3456 if (!done) {
3457 ret = ptr;
3458 } else if (ret + done != ptr) {
3459 break;
3460 }
3461
3462 len -= l;
3463 addr += l;
3464 done += l;
3465 }
3466 *plen = done;
3467 return ret;
3468 }
3469
3470 /* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3471 * Will also mark the memory as dirty if is_write == 1. access_len gives
3472 * the amount of memory that was actually read or written by the caller.
3473 */
3474 void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3475 int is_write, target_phys_addr_t access_len)
3476 {
3477 if (buffer != bounce.buffer) {
3478 if (is_write) {
3479 ram_addr_t addr1 = qemu_ram_addr_from_host(buffer);
3480 while (access_len) {
3481 unsigned l;
3482 l = TARGET_PAGE_SIZE;
3483 if (l > access_len)
3484 l = access_len;
3485 if (!cpu_physical_memory_is_dirty(addr1)) {
3486 /* invalidate code */
3487 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3488 /* set dirty bit */
3489 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3490 (0xff & ~CODE_DIRTY_FLAG);
3491 }
3492 addr1 += l;
3493 access_len -= l;
3494 }
3495 }
3496 return;
3497 }
3498 if (is_write) {
3499 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3500 }
3501 qemu_vfree(bounce.buffer);
3502 bounce.buffer = NULL;
3503 cpu_notify_map_clients();
3504 }
3505
3506 /* warning: addr must be aligned */
3507 uint32_t ldl_phys(target_phys_addr_t addr)
3508 {
3509 int io_index;
3510 uint8_t *ptr;
3511 uint32_t val;
3512 unsigned long pd;
3513 PhysPageDesc *p;
3514
3515 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3516 if (!p) {
3517 pd = IO_MEM_UNASSIGNED;
3518 } else {
3519 pd = p->phys_offset;
3520 }
3521
3522 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3523 !(pd & IO_MEM_ROMD)) {
3524 /* I/O case */
3525 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3526 if (p)
3527 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3528 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3529 } else {
3530 /* RAM case */
3531 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3532 (addr & ~TARGET_PAGE_MASK);
3533 val = ldl_p(ptr);
3534 }
3535 return val;
3536 }
3537
3538 /* warning: addr must be aligned */
3539 uint64_t ldq_phys(target_phys_addr_t addr)
3540 {
3541 int io_index;
3542 uint8_t *ptr;
3543 uint64_t val;
3544 unsigned long pd;
3545 PhysPageDesc *p;
3546
3547 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3548 if (!p) {
3549 pd = IO_MEM_UNASSIGNED;
3550 } else {
3551 pd = p->phys_offset;
3552 }
3553
3554 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3555 !(pd & IO_MEM_ROMD)) {
3556 /* I/O case */
3557 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3558 if (p)
3559 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3560 #ifdef TARGET_WORDS_BIGENDIAN
3561 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
3562 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
3563 #else
3564 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3565 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
3566 #endif
3567 } else {
3568 /* RAM case */
3569 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3570 (addr & ~TARGET_PAGE_MASK);
3571 val = ldq_p(ptr);
3572 }
3573 return val;
3574 }
3575
3576 /* XXX: optimize */
3577 uint32_t ldub_phys(target_phys_addr_t addr)
3578 {
3579 uint8_t val;
3580 cpu_physical_memory_read(addr, &val, 1);
3581 return val;
3582 }
3583
3584 /* XXX: optimize */
3585 uint32_t lduw_phys(target_phys_addr_t addr)
3586 {
3587 uint16_t val;
3588 cpu_physical_memory_read(addr, (uint8_t *)&val, 2);
3589 return tswap16(val);
3590 }
3591
3592 /* warning: addr must be aligned. The ram page is not masked as dirty
3593 and the code inside is not invalidated. It is useful if the dirty
3594 bits are used to track modified PTEs */
3595 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
3596 {
3597 int io_index;
3598 uint8_t *ptr;
3599 unsigned long pd;
3600 PhysPageDesc *p;
3601
3602 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3603 if (!p) {
3604 pd = IO_MEM_UNASSIGNED;
3605 } else {
3606 pd = p->phys_offset;
3607 }
3608
3609 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3610 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3611 if (p)
3612 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3613 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3614 } else {
3615 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3616 ptr = qemu_get_ram_ptr(addr1);
3617 stl_p(ptr, val);
3618
3619 if (unlikely(in_migration)) {
3620 if (!cpu_physical_memory_is_dirty(addr1)) {
3621 /* invalidate code */
3622 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3623 /* set dirty bit */
3624 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3625 (0xff & ~CODE_DIRTY_FLAG);
3626 }
3627 }
3628 }
3629 }
3630
3631 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
3632 {
3633 int io_index;
3634 uint8_t *ptr;
3635 unsigned long pd;
3636 PhysPageDesc *p;
3637
3638 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3639 if (!p) {
3640 pd = IO_MEM_UNASSIGNED;
3641 } else {
3642 pd = p->phys_offset;
3643 }
3644
3645 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3646 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3647 if (p)
3648 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3649 #ifdef TARGET_WORDS_BIGENDIAN
3650 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
3651 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
3652 #else
3653 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3654 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
3655 #endif
3656 } else {
3657 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3658 (addr & ~TARGET_PAGE_MASK);
3659 stq_p(ptr, val);
3660 }
3661 }
3662
3663 /* warning: addr must be aligned */
3664 void stl_phys(target_phys_addr_t addr, uint32_t val)
3665 {
3666 int io_index;
3667 uint8_t *ptr;
3668 unsigned long pd;
3669 PhysPageDesc *p;
3670
3671 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3672 if (!p) {
3673 pd = IO_MEM_UNASSIGNED;
3674 } else {
3675 pd = p->phys_offset;
3676 }
3677
3678 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3679 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3680 if (p)
3681 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3682 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3683 } else {
3684 unsigned long addr1;
3685 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3686 /* RAM case */
3687 ptr = qemu_get_ram_ptr(addr1);
3688 stl_p(ptr, val);
3689 if (!cpu_physical_memory_is_dirty(addr1)) {
3690 /* invalidate code */
3691 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3692 /* set dirty bit */
3693 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3694 (0xff & ~CODE_DIRTY_FLAG);
3695 }
3696 }
3697 }
3698
3699 /* XXX: optimize */
3700 void stb_phys(target_phys_addr_t addr, uint32_t val)
3701 {
3702 uint8_t v = val;
3703 cpu_physical_memory_write(addr, &v, 1);
3704 }
3705
3706 /* XXX: optimize */
3707 void stw_phys(target_phys_addr_t addr, uint32_t val)
3708 {
3709 uint16_t v = tswap16(val);
3710 cpu_physical_memory_write(addr, (const uint8_t *)&v, 2);
3711 }
3712
3713 /* XXX: optimize */
3714 void stq_phys(target_phys_addr_t addr, uint64_t val)
3715 {
3716 val = tswap64(val);
3717 cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
3718 }
3719
3720 /* virtual memory access for debug (includes writing to ROM) */
3721 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3722 uint8_t *buf, int len, int is_write)
3723 {
3724 int l;
3725 target_phys_addr_t phys_addr;
3726 target_ulong page;
3727
3728 while (len > 0) {
3729 page = addr & TARGET_PAGE_MASK;
3730 phys_addr = cpu_get_phys_page_debug(env, page);
3731 /* if no physical page mapped, return an error */
3732 if (phys_addr == -1)
3733 return -1;
3734 l = (page + TARGET_PAGE_SIZE) - addr;
3735 if (l > len)
3736 l = len;
3737 phys_addr += (addr & ~TARGET_PAGE_MASK);
3738 if (is_write)
3739 cpu_physical_memory_write_rom(phys_addr, buf, l);
3740 else
3741 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
3742 len -= l;
3743 buf += l;
3744 addr += l;
3745 }
3746 return 0;
3747 }
3748 #endif
3749
3750 /* in deterministic execution mode, instructions doing device I/Os
3751 must be at the end of the TB */
3752 void cpu_io_recompile(CPUState *env, void *retaddr)
3753 {
3754 TranslationBlock *tb;
3755 uint32_t n, cflags;
3756 target_ulong pc, cs_base;
3757 uint64_t flags;
3758
3759 tb = tb_find_pc((unsigned long)retaddr);
3760 if (!tb) {
3761 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
3762 retaddr);
3763 }
3764 n = env->icount_decr.u16.low + tb->icount;
3765 cpu_restore_state(tb, env, (unsigned long)retaddr, NULL);
3766 /* Calculate how many instructions had been executed before the fault
3767 occurred. */
3768 n = n - env->icount_decr.u16.low;
3769 /* Generate a new TB ending on the I/O insn. */
3770 n++;
3771 /* On MIPS and SH, delay slot instructions can only be restarted if
3772 they were already the first instruction in the TB. If this is not
3773 the first instruction in a TB then re-execute the preceding
3774 branch. */
3775 #if defined(TARGET_MIPS)
3776 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
3777 env->active_tc.PC -= 4;
3778 env->icount_decr.u16.low++;
3779 env->hflags &= ~MIPS_HFLAG_BMASK;
3780 }
3781 #elif defined(TARGET_SH4)
3782 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
3783 && n > 1) {
3784 env->pc -= 2;
3785 env->icount_decr.u16.low++;
3786 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
3787 }
3788 #endif
3789 /* This should never happen. */
3790 if (n > CF_COUNT_MASK)
3791 cpu_abort(env, "TB too big during recompile");
3792
3793 cflags = n | CF_LAST_IO;
3794 pc = tb->pc;
3795 cs_base = tb->cs_base;
3796 flags = tb->flags;
3797 tb_phys_invalidate(tb, -1);
3798 /* FIXME: In theory this could raise an exception. In practice
3799 we have already translated the block once so it's probably ok. */
3800 tb_gen_code(env, pc, cs_base, flags, cflags);
3801 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
3802 the first in the TB) then we end up generating a whole new TB and
3803 repeating the fault, which is horribly inefficient.
3804 Better would be to execute just this insn uncached, or generate a
3805 second new TB. */
3806 cpu_resume_from_signal(env, NULL);
3807 }
3808
3809 void dump_exec_info(FILE *f,
3810 int (*cpu_fprintf)(FILE *f, const char *fmt, ...))
3811 {
3812 int i, target_code_size, max_target_code_size;
3813 int direct_jmp_count, direct_jmp2_count, cross_page;
3814 TranslationBlock *tb;
3815
3816 target_code_size = 0;
3817 max_target_code_size = 0;
3818 cross_page = 0;
3819 direct_jmp_count = 0;
3820 direct_jmp2_count = 0;
3821 for(i = 0; i < nb_tbs; i++) {
3822 tb = &tbs[i];
3823 target_code_size += tb->size;
3824 if (tb->size > max_target_code_size)
3825 max_target_code_size = tb->size;
3826 if (tb->page_addr[1] != -1)
3827 cross_page++;
3828 if (tb->tb_next_offset[0] != 0xffff) {
3829 direct_jmp_count++;
3830 if (tb->tb_next_offset[1] != 0xffff) {
3831 direct_jmp2_count++;
3832 }
3833 }
3834 }
3835 /* XXX: avoid using doubles ? */
3836 cpu_fprintf(f, "Translation buffer state:\n");
3837 cpu_fprintf(f, "gen code size %ld/%ld\n",
3838 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
3839 cpu_fprintf(f, "TB count %d/%d\n",
3840 nb_tbs, code_gen_max_blocks);
3841 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
3842 nb_tbs ? target_code_size / nb_tbs : 0,
3843 max_target_code_size);
3844 cpu_fprintf(f, "TB avg host size %d bytes (expansion ratio: %0.1f)\n",
3845 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
3846 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
3847 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
3848 cross_page,
3849 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
3850 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
3851 direct_jmp_count,
3852 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
3853 direct_jmp2_count,
3854 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
3855 cpu_fprintf(f, "\nStatistics:\n");
3856 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
3857 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
3858 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
3859 tcg_dump_info(f, cpu_fprintf);
3860 }
3861
3862 #if !defined(CONFIG_USER_ONLY)
3863
3864 #define MMUSUFFIX _cmmu
3865 #define GETPC() NULL
3866 #define env cpu_single_env
3867 #define SOFTMMU_CODE_ACCESS
3868
3869 #define SHIFT 0
3870 #include "softmmu_template.h"
3871
3872 #define SHIFT 1
3873 #include "softmmu_template.h"
3874
3875 #define SHIFT 2
3876 #include "softmmu_template.h"
3877
3878 #define SHIFT 3
3879 #include "softmmu_template.h"
3880
3881 #undef env
3882
3883 #endif
Anthony Liguori's QEMU queue