search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'qemu/master'
[qemu/ar7.git] / translate-all.c
blobf4336a5de642940d5e307c2ec3a3b429dbbcd6fc
1 /*
2 * Host code generation
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #ifdef _WIN32
20 #include <windows.h>
21 #else
22 #include <sys/mman.h>
23 #endif
24 #include "qemu/osdep.h"
25
26 #include "qemu-common.h"
27 #define NO_CPU_IO_DEFS
28 #include "cpu.h"
29 #include "trace.h"
30 #include "disas/disas.h"
31 #include "tcg.h"
32 #if defined(CONFIG_USER_ONLY)
33 #include "qemu.h"
34 #if defined(TARGET_X86_64)
35 #include "vsyscall.h"
36 #endif
37 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
38 #include <sys/param.h>
39 #if __FreeBSD_version >= 700104
40 #define HAVE_KINFO_GETVMMAP
41 #define sigqueue sigqueue_freebsd /* avoid redefinition */
42 #include <sys/proc.h>
43 #include <machine/profile.h>
44 #define _KERNEL
45 #include <sys/user.h>
46 #undef _KERNEL
47 #undef sigqueue
48 #include <libutil.h>
49 #endif
50 #endif
51 #else
52 #include "exec/address-spaces.h"
53 #endif
54
55 #include "exec/cputlb.h"
56 #include "exec/tb-hash.h"
57 #include "translate-all.h"
58 #include "qemu/bitmap.h"
59 #include "qemu/timer.h"
60 #include "exec/log.h"
61
62 //#define DEBUG_TB_INVALIDATE
63 //#define DEBUG_FLUSH
64 /* make various TB consistency checks */
65 //#define DEBUG_TB_CHECK
66
67 #if !defined(CONFIG_USER_ONLY)
68 /* TB consistency checks only implemented for usermode emulation. */
69 #undef DEBUG_TB_CHECK
70 #endif
71
72 #define SMC_BITMAP_USE_THRESHOLD 10
73
74 typedef struct PageDesc {
75 /* list of TBs intersecting this ram page */
76 TranslationBlock *first_tb;
77 /* in order to optimize self modifying code, we count the number
78 of lookups we do to a given page to use a bitmap */
79 unsigned int code_write_count;
80 unsigned long *code_bitmap;
81 #if defined(CONFIG_USER_ONLY)
82 unsigned long flags;
83 #endif
84 } PageDesc;
85
86 /* In system mode we want L1_MAP to be based on ram offsets,
87 while in user mode we want it to be based on virtual addresses. */
88 #if !defined(CONFIG_USER_ONLY)
89 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
90 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
91 #else
92 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
93 #endif
94 #else
95 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
96 #endif
97
98 /* Size of the L2 (and L3, etc) page tables. */
99 #define V_L2_BITS 10
100 #define V_L2_SIZE (1 << V_L2_BITS)
101
102 /* The bits remaining after N lower levels of page tables. */
103 #define V_L1_BITS_REM \
104 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % V_L2_BITS)
105
106 #if V_L1_BITS_REM < 4
107 #define V_L1_BITS (V_L1_BITS_REM + V_L2_BITS)
108 #else
109 #define V_L1_BITS V_L1_BITS_REM
110 #endif
111
112 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
113
114 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
115
116 uintptr_t qemu_host_page_size;
117 intptr_t qemu_host_page_mask;
118
119 /* The bottom level has pointers to PageDesc */
120 static void *l1_map[V_L1_SIZE];
121
122 /* code generation context */
123 TCGContext tcg_ctx;
124
125 /* translation block context */
126 #ifdef CONFIG_USER_ONLY
127 __thread int have_tb_lock;
128 #endif
129
130 void tb_lock(void)
131 {
132 #ifdef CONFIG_USER_ONLY
133 assert(!have_tb_lock);
134 qemu_mutex_lock(&tcg_ctx.tb_ctx.tb_lock);
135 have_tb_lock++;
136 #endif
137 }
138
139 void tb_unlock(void)
140 {
141 #ifdef CONFIG_USER_ONLY
142 assert(have_tb_lock);
143 have_tb_lock--;
144 qemu_mutex_unlock(&tcg_ctx.tb_ctx.tb_lock);
145 #endif
146 }
147
148 void tb_lock_reset(void)
149 {
150 #ifdef CONFIG_USER_ONLY
151 if (have_tb_lock) {
152 qemu_mutex_unlock(&tcg_ctx.tb_ctx.tb_lock);
153 have_tb_lock = 0;
154 }
155 #endif
156 }
157
158 static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
159 tb_page_addr_t phys_page2);
160 static TranslationBlock *tb_find_pc(uintptr_t tc_ptr);
161
162 void cpu_gen_init(void)
163 {
164 tcg_context_init(&tcg_ctx);
165 }
166
167 /* Encode VAL as a signed leb128 sequence at P.
168 Return P incremented past the encoded value. */
169 static uint8_t *encode_sleb128(uint8_t *p, target_long val)
170 {
171 int more, byte;
172
173 do {
174 byte = val & 0x7f;
175 val >>= 7;
176 more = !((val == 0 && (byte & 0x40) == 0)
177 || (val == -1 && (byte & 0x40) != 0));
178 if (more) {
179 byte |= 0x80;
180 }
181 *p++ = byte;
182 } while (more);
183
184 return p;
185 }
186
187 /* Decode a signed leb128 sequence at *PP; increment *PP past the
188 decoded value. Return the decoded value. */
189 static target_long decode_sleb128(uint8_t **pp)
190 {
191 uint8_t *p = *pp;
192 target_long val = 0;
193 int byte, shift = 0;
194
195 do {
196 byte = *p++;
197 val |= (target_ulong)(byte & 0x7f) << shift;
198 shift += 7;
199 } while (byte & 0x80);
200 if (shift < TARGET_LONG_BITS && (byte & 0x40)) {
201 val |= -(target_ulong)1 << shift;
202 }
203
204 *pp = p;
205 return val;
206 }
207
208 /* Encode the data collected about the instructions while compiling TB.
209 Place the data at BLOCK, and return the number of bytes consumed.
210
211 The logical table consisits of TARGET_INSN_START_WORDS target_ulong's,
212 which come from the target's insn_start data, followed by a uintptr_t
213 which comes from the host pc of the end of the code implementing the insn.
214
215 Each line of the table is encoded as sleb128 deltas from the previous
216 line. The seed for the first line is { tb->pc, 0..., tb->tc_ptr }.
217 That is, the first column is seeded with the guest pc, the last column
218 with the host pc, and the middle columns with zeros. */
219
220 static int encode_search(TranslationBlock *tb, uint8_t *block)
221 {
222 uint8_t *highwater = tcg_ctx.code_gen_highwater;
223 uint8_t *p = block;
224 int i, j, n;
225
226 tb->tc_search = block;
227
228 for (i = 0, n = tb->icount; i < n; ++i) {
229 target_ulong prev;
230
231 for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
232 if (i == 0) {
233 prev = (j == 0 ? tb->pc : 0);
234 } else {
235 prev = tcg_ctx.gen_insn_data[i - 1][j];
236 }
237 p = encode_sleb128(p, tcg_ctx.gen_insn_data[i][j] - prev);
238 }
239 prev = (i == 0 ? 0 : tcg_ctx.gen_insn_end_off[i - 1]);
240 p = encode_sleb128(p, tcg_ctx.gen_insn_end_off[i] - prev);
241
242 /* Test for (pending) buffer overflow. The assumption is that any
243 one row beginning below the high water mark cannot overrun
244 the buffer completely. Thus we can test for overflow after
245 encoding a row without having to check during encoding. */
246 if (unlikely(p > highwater)) {
247 return -1;
248 }
249 }
250
251 return p - block;
252 }
253
254 /* The cpu state corresponding to 'searched_pc' is restored. */
255 static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
256 uintptr_t searched_pc)
257 {
258 target_ulong data[TARGET_INSN_START_WORDS] = { tb->pc };
259 uintptr_t host_pc = (uintptr_t)tb->tc_ptr;
260 CPUArchState *env = cpu->env_ptr;
261 uint8_t *p = tb->tc_search;
262 int i, j, num_insns = tb->icount;
263 #ifdef CONFIG_PROFILER
264 int64_t ti = profile_getclock();
265 #endif
266
267 if (searched_pc < host_pc) {
268 return -1;
269 }
270
271 /* Reconstruct the stored insn data while looking for the point at
272 which the end of the insn exceeds the searched_pc. */
273 for (i = 0; i < num_insns; ++i) {
274 for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
275 data[j] += decode_sleb128(&p);
276 }
277 host_pc += decode_sleb128(&p);
278 if (host_pc > searched_pc) {
279 goto found;
280 }
281 }
282 return -1;
283
284 found:
285 if (tb->cflags & CF_USE_ICOUNT) {
286 assert(use_icount);
287 /* Reset the cycle counter to the start of the block. */
288 cpu->icount_decr.u16.low += num_insns;
289 /* Clear the IO flag. */
290 cpu->can_do_io = 0;
291 }
292 cpu->icount_decr.u16.low -= i;
293 restore_state_to_opc(env, tb, data);
294
295 #ifdef CONFIG_PROFILER
296 tcg_ctx.restore_time += profile_getclock() - ti;
297 tcg_ctx.restore_count++;
298 #endif
299 return 0;
300 }
301
302 bool cpu_restore_state(CPUState *cpu, uintptr_t retaddr)
303 {
304 TranslationBlock *tb;
305
306 tb = tb_find_pc(retaddr);
307 if (tb) {
308 cpu_restore_state_from_tb(cpu, tb, retaddr);
309 if (tb->cflags & CF_NOCACHE) {
310 /* one-shot translation, invalidate it immediately */
311 cpu->current_tb = NULL;
312 tb_phys_invalidate(tb, -1);
313 tb_free(tb);
314 }
315 return true;
316 }
317 return false;
318 }
319
320 void page_size_init(void)
321 {
322 /* NOTE: we can always suppose that qemu_host_page_size >=
323 TARGET_PAGE_SIZE */
324 qemu_real_host_page_size = getpagesize();
325 qemu_real_host_page_mask = -(intptr_t)qemu_real_host_page_size;
326 if (qemu_host_page_size == 0) {
327 qemu_host_page_size = qemu_real_host_page_size;
328 }
329 if (qemu_host_page_size < TARGET_PAGE_SIZE) {
330 qemu_host_page_size = TARGET_PAGE_SIZE;
331 }
332 qemu_host_page_mask = -(intptr_t)qemu_host_page_size;
333 }
334
335 static void page_init(void)
336 {
337 page_size_init();
338 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
339 {
340 #ifdef HAVE_KINFO_GETVMMAP
341 struct kinfo_vmentry *freep;
342 int i, cnt;
343
344 freep = kinfo_getvmmap(getpid(), &cnt);
345 if (freep) {
346 mmap_lock();
347 for (i = 0; i < cnt; i++) {
348 unsigned long startaddr, endaddr;
349
350 startaddr = freep[i].kve_start;
351 endaddr = freep[i].kve_end;
352 if (h2g_valid(startaddr)) {
353 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
354
355 if (h2g_valid(endaddr)) {
356 endaddr = h2g(endaddr);
357 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
358 } else {
359 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
360 endaddr = ~0ul;
361 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
362 #endif
363 }
364 }
365 }
366 free(freep);
367 mmap_unlock();
368 }
369 #else
370 FILE *f;
371
372 last_brk = (unsigned long)sbrk(0);
373
374 f = fopen("/compat/linux/proc/self/maps", "r");
375 if (f) {
376 mmap_lock();
377
378 do {
379 unsigned long startaddr, endaddr;
380 int n;
381
382 n = fscanf(f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
383
384 if (n == 2 && h2g_valid(startaddr)) {
385 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
386
387 if (h2g_valid(endaddr)) {
388 endaddr = h2g(endaddr);
389 } else {
390 endaddr = ~0ul;
391 }
392 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
393 }
394 } while (!feof(f));
395
396 fclose(f);
397 mmap_unlock();
398 }
399 #endif
400 }
401 #endif
402 }
403
404 /* If alloc=1:
405 * Called with mmap_lock held for user-mode emulation.
406 */
407 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
408 {
409 PageDesc *pd;
410 void **lp;
411 int i;
412
413 /* Level 1. Always allocated. */
414 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
415
416 /* Level 2..N-1. */
417 for (i = V_L1_SHIFT / V_L2_BITS - 1; i > 0; i--) {
418 void **p = atomic_rcu_read(lp);
419
420 if (p == NULL) {
421 if (!alloc) {
422 return NULL;
423 }
424 p = g_new0(void *, V_L2_SIZE);
425 atomic_rcu_set(lp, p);
426 }
427
428 lp = p + ((index >> (i * V_L2_BITS)) & (V_L2_SIZE - 1));
429 }
430
431 pd = atomic_rcu_read(lp);
432 if (pd == NULL) {
433 if (!alloc) {
434 return NULL;
435 }
436 pd = g_new0(PageDesc, V_L2_SIZE);
437 atomic_rcu_set(lp, pd);
438 }
439
440 return pd + (index & (V_L2_SIZE - 1));
441 }
442
443 static inline PageDesc *page_find(tb_page_addr_t index)
444 {
445 return page_find_alloc(index, 0);
446 }
447
448 #if defined(CONFIG_USER_ONLY)
449 /* Currently it is not recommended to allocate big chunks of data in
450 user mode. It will change when a dedicated libc will be used. */
451 /* ??? 64-bit hosts ought to have no problem mmaping data outside the
452 region in which the guest needs to run. Revisit this. */
453 #define USE_STATIC_CODE_GEN_BUFFER
454 #endif
455
456 /* Minimum size of the code gen buffer. This number is randomly chosen,
457 but not so small that we can't have a fair number of TB's live. */
458 #define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
459
460 /* Maximum size of the code gen buffer we'd like to use. Unless otherwise
461 indicated, this is constrained by the range of direct branches on the
462 host cpu, as used by the TCG implementation of goto_tb. */
463 #if defined(__x86_64__)
464 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
465 #elif defined(__sparc__)
466 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
467 #elif defined(__powerpc64__)
468 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
469 #elif defined(__aarch64__)
470 # define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
471 #elif defined(__arm__)
472 # define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024)
473 #elif defined(__s390x__)
474 /* We have a +- 4GB range on the branches; leave some slop. */
475 # define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
476 #elif defined(__mips__)
477 /* We have a 256MB branch region, but leave room to make sure the
478 main executable is also within that region. */
479 # define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
480 #else
481 # define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
482 #endif
483
484 #define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
485
486 #define DEFAULT_CODE_GEN_BUFFER_SIZE \
487 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
488 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
489
490 static inline size_t size_code_gen_buffer(size_t tb_size)
491 {
492 /* Size the buffer. */
493 if (tb_size == 0) {
494 #ifdef USE_STATIC_CODE_GEN_BUFFER
495 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
496 #else
497 /* ??? Needs adjustments. */
498 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
499 static buffer, we could size this on RESERVED_VA, on the text
500 segment size of the executable, or continue to use the default. */
501 tb_size = (unsigned long)(ram_size / 4);
502 #endif
503 }
504 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
505 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
506 }
507 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
508 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
509 }
510 tcg_ctx.code_gen_buffer_size = tb_size;
511 return tb_size;
512 }
513
514 #ifdef __mips__
515 /* In order to use J and JAL within the code_gen_buffer, we require
516 that the buffer not cross a 256MB boundary. */
517 static inline bool cross_256mb(void *addr, size_t size)
518 {
519 return ((uintptr_t)addr ^ ((uintptr_t)addr + size)) & 0xf0000000;
520 }
521
522 /* We weren't able to allocate a buffer without crossing that boundary,
523 so make do with the larger portion of the buffer that doesn't cross.
524 Returns the new base of the buffer, and adjusts code_gen_buffer_size. */
525 static inline void *split_cross_256mb(void *buf1, size_t size1)
526 {
527 void *buf2 = (void *)(((uintptr_t)buf1 + size1) & 0xf0000000);
528 size_t size2 = buf1 + size1 - buf2;
529
530 size1 = buf2 - buf1;
531 if (size1 < size2) {
532 size1 = size2;
533 buf1 = buf2;
534 }
535
536 tcg_ctx.code_gen_buffer_size = size1;
537 return buf1;
538 }
539 #endif
540
541 #ifdef USE_STATIC_CODE_GEN_BUFFER
542 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
543 __attribute__((aligned(CODE_GEN_ALIGN)));
544
545 # ifdef _WIN32
546 static inline void do_protect(void *addr, long size, int prot)
547 {
548 DWORD old_protect;
549 VirtualProtect(addr, size, prot, &old_protect);
550 }
551
552 static inline void map_exec(void *addr, long size)
553 {
554 do_protect(addr, size, PAGE_EXECUTE_READWRITE);
555 }
556
557 static inline void map_none(void *addr, long size)
558 {
559 do_protect(addr, size, PAGE_NOACCESS);
560 }
561 # else
562 static inline void do_protect(void *addr, long size, int prot)
563 {
564 uintptr_t start, end;
565
566 start = (uintptr_t)addr;
567 start &= qemu_real_host_page_mask;
568
569 end = (uintptr_t)addr + size;
570 end = ROUND_UP(end, qemu_real_host_page_size);
571
572 mprotect((void *)start, end - start, prot);
573 }
574
575 static inline void map_exec(void *addr, long size)
576 {
577 do_protect(addr, size, PROT_READ | PROT_WRITE | PROT_EXEC);
578 }
579
580 static inline void map_none(void *addr, long size)
581 {
582 do_protect(addr, size, PROT_NONE);
583 }
584 # endif /* WIN32 */
585
586 static inline void *alloc_code_gen_buffer(void)
587 {
588 void *buf = static_code_gen_buffer;
589 size_t full_size, size;
590
591 /* The size of the buffer, rounded down to end on a page boundary. */
592 full_size = (((uintptr_t)buf + sizeof(static_code_gen_buffer))
593 & qemu_real_host_page_mask) - (uintptr_t)buf;
594
595 /* Reserve a guard page. */
596 size = full_size - qemu_real_host_page_size;
597
598 /* Honor a command-line option limiting the size of the buffer. */
599 if (size > tcg_ctx.code_gen_buffer_size) {
600 size = (((uintptr_t)buf + tcg_ctx.code_gen_buffer_size)
601 & qemu_real_host_page_mask) - (uintptr_t)buf;
602 }
603 tcg_ctx.code_gen_buffer_size = size;
604
605 #ifdef __mips__
606 if (cross_256mb(buf, size)) {
607 buf = split_cross_256mb(buf, size);
608 size = tcg_ctx.code_gen_buffer_size;
609 }
610 #endif
611
612 map_exec(buf, size);
613 map_none(buf + size, qemu_real_host_page_size);
614 qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE);
615
616 return buf;
617 }
618 #elif defined(_WIN32)
619 static inline void *alloc_code_gen_buffer(void)
620 {
621 size_t size = tcg_ctx.code_gen_buffer_size;
622 void *buf1, *buf2;
623
624 /* Perform the allocation in two steps, so that the guard page
625 is reserved but uncommitted. */
626 buf1 = VirtualAlloc(NULL, size + qemu_real_host_page_size,
627 MEM_RESERVE, PAGE_NOACCESS);
628 if (buf1 != NULL) {
629 buf2 = VirtualAlloc(buf1, size, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
630 assert(buf1 == buf2);
631 }
632
633 return buf1;
634 }
635 #else
636 static inline void *alloc_code_gen_buffer(void)
637 {
638 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
639 uintptr_t start = 0;
640 size_t size = tcg_ctx.code_gen_buffer_size;
641 void *buf;
642
643 /* Constrain the position of the buffer based on the host cpu.
644 Note that these addresses are chosen in concert with the
645 addresses assigned in the relevant linker script file. */
646 # if defined(__PIE__) || defined(__PIC__)
647 /* Don't bother setting a preferred location if we're building
648 a position-independent executable. We're more likely to get
649 an address near the main executable if we let the kernel
650 choose the address. */
651 # elif defined(__x86_64__) && defined(MAP_32BIT)
652 /* Force the memory down into low memory with the executable.
653 Leave the choice of exact location with the kernel. */
654 flags |= MAP_32BIT;
655 /* Cannot expect to map more than 800MB in low memory. */
656 if (size > 800u * 1024 * 1024) {
657 tcg_ctx.code_gen_buffer_size = size = 800u * 1024 * 1024;
658 }
659 # elif defined(__sparc__)
660 start = 0x40000000ul;
661 # elif defined(__s390x__)
662 start = 0x90000000ul;
663 # elif defined(__mips__)
664 # if _MIPS_SIM == _ABI64
665 start = 0x128000000ul;
666 # else
667 start = 0x08000000ul;
668 # endif
669 # endif
670
671 buf = mmap((void *)start, size + qemu_real_host_page_size,
672 PROT_NONE, flags, -1, 0);
673 if (buf == MAP_FAILED) {
674 return NULL;
675 }
676
677 #ifdef __mips__
678 if (cross_256mb(buf, size)) {
679 /* Try again, with the original still mapped, to avoid re-acquiring
680 that 256mb crossing. This time don't specify an address. */
681 size_t size2;
682 void *buf2 = mmap(NULL, size + qemu_real_host_page_size,
683 PROT_NONE, flags, -1, 0);
684 switch (buf2 != MAP_FAILED) {
685 case 1:
686 if (!cross_256mb(buf2, size)) {
687 /* Success! Use the new buffer. */
688 munmap(buf, size);
689 break;
690 }
691 /* Failure. Work with what we had. */
692 munmap(buf2, size);
693 /* fallthru */
694 default:
695 /* Split the original buffer. Free the smaller half. */
696 buf2 = split_cross_256mb(buf, size);
697 size2 = tcg_ctx.code_gen_buffer_size;
698 if (buf == buf2) {
699 munmap(buf + size2 + qemu_real_host_page_size, size - size2);
700 } else {
701 munmap(buf, size - size2);
702 }
703 size = size2;
704 break;
705 }
706 buf = buf2;
707 }
708 #endif
709
710 /* Make the final buffer accessible. The guard page at the end
711 will remain inaccessible with PROT_NONE. */
712 mprotect(buf, size, PROT_WRITE | PROT_READ | PROT_EXEC);
713
714 /* Request large pages for the buffer. */
715 qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE);
716
717 return buf;
718 }
719 #endif /* USE_STATIC_CODE_GEN_BUFFER, WIN32, POSIX */
720
721 static inline void code_gen_alloc(size_t tb_size)
722 {
723 tcg_ctx.code_gen_buffer_size = size_code_gen_buffer(tb_size);
724 tcg_ctx.code_gen_buffer = alloc_code_gen_buffer();
725 if (tcg_ctx.code_gen_buffer == NULL) {
726 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
727 exit(1);
728 }
729
730 /* Estimate a good size for the number of TBs we can support. We
731 still haven't deducted the prologue from the buffer size here,
732 but that's minimal and won't affect the estimate much. */
733 tcg_ctx.code_gen_max_blocks
734 = tcg_ctx.code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
735 tcg_ctx.tb_ctx.tbs = g_new(TranslationBlock, tcg_ctx.code_gen_max_blocks);
736
737 qemu_mutex_init(&tcg_ctx.tb_ctx.tb_lock);
738 }
739
740 /* Must be called before using the QEMU cpus. 'tb_size' is the size
741 (in bytes) allocated to the translation buffer. Zero means default
742 size. */
743 void tcg_exec_init(uintptr_t tb_size)
744 {
745 cpu_gen_init();
746 page_init();
747 code_gen_alloc(tb_size);
748 #if defined(CONFIG_SOFTMMU)
749 /* There's no guest base to take into account, so go ahead and
750 initialize the prologue now. */
751 tcg_prologue_init(&tcg_ctx);
752 #endif
753 }
754
755 bool tcg_enabled(void)
756 {
757 return tcg_ctx.code_gen_buffer != NULL;
758 }
759
760 /* Allocate a new translation block. Flush the translation buffer if
761 too many translation blocks or too much generated code. */
762 static TranslationBlock *tb_alloc(target_ulong pc)
763 {
764 TranslationBlock *tb;
765
766 if (tcg_ctx.tb_ctx.nb_tbs >= tcg_ctx.code_gen_max_blocks) {
767 return NULL;
768 }
769 tb = &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs++];
770 tb->pc = pc;
771 tb->cflags = 0;
772 return tb;
773 }
774
775 void tb_free(TranslationBlock *tb)
776 {
777 /* In practice this is mostly used for single use temporary TB
778 Ignore the hard cases and just back up if this TB happens to
779 be the last one generated. */
780 if (tcg_ctx.tb_ctx.nb_tbs > 0 &&
781 tb == &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs - 1]) {
782 tcg_ctx.code_gen_ptr = tb->tc_ptr;
783 tcg_ctx.tb_ctx.nb_tbs--;
784 }
785 }
786
787 static inline void invalidate_page_bitmap(PageDesc *p)
788 {
789 g_free(p->code_bitmap);
790 p->code_bitmap = NULL;
791 p->code_write_count = 0;
792 }
793
794 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
795 static void page_flush_tb_1(int level, void **lp)
796 {
797 int i;
798
799 if (*lp == NULL) {
800 return;
801 }
802 if (level == 0) {
803 PageDesc *pd = *lp;
804
805 for (i = 0; i < V_L2_SIZE; ++i) {
806 pd[i].first_tb = NULL;
807 invalidate_page_bitmap(pd + i);
808 }
809 } else {
810 void **pp = *lp;
811
812 for (i = 0; i < V_L2_SIZE; ++i) {
813 page_flush_tb_1(level - 1, pp + i);
814 }
815 }
816 }
817
818 static void page_flush_tb(void)
819 {
820 int i;
821
822 for (i = 0; i < V_L1_SIZE; i++) {
823 page_flush_tb_1(V_L1_SHIFT / V_L2_BITS - 1, l1_map + i);
824 }
825 }
826
827 /* flush all the translation blocks */
828 /* XXX: tb_flush is currently not thread safe */
829 void tb_flush(CPUState *cpu)
830 {
831 #if defined(DEBUG_FLUSH)
832 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
833 (unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer),
834 tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.tb_ctx.nb_tbs > 0 ?
835 ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)) /
836 tcg_ctx.tb_ctx.nb_tbs : 0);
837 #endif
838 if ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)
839 > tcg_ctx.code_gen_buffer_size) {
840 cpu_abort(cpu, "Internal error: code buffer overflow\n");
841 }
842 tcg_ctx.tb_ctx.nb_tbs = 0;
843
844 CPU_FOREACH(cpu) {
845 memset(cpu->tb_jmp_cache, 0, sizeof(cpu->tb_jmp_cache));
846 }
847
848 memset(tcg_ctx.tb_ctx.tb_phys_hash, 0, sizeof(tcg_ctx.tb_ctx.tb_phys_hash));
849 page_flush_tb();
850
851 tcg_ctx.code_gen_ptr = tcg_ctx.code_gen_buffer;
852 /* XXX: flush processor icache at this point if cache flush is
853 expensive */
854 tcg_ctx.tb_ctx.tb_flush_count++;
855 }
856
857 #ifdef DEBUG_TB_CHECK
858
859 static void tb_invalidate_check(target_ulong address)
860 {
861 TranslationBlock *tb;
862 int i;
863
864 address &= TARGET_PAGE_MASK;
865 for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) {
866 for (tb = tb_ctx.tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
867 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
868 address >= tb->pc + tb->size)) {
869 printf("ERROR invalidate: address=" TARGET_FMT_lx
870 " PC=%08lx size=%04x\n",
871 address, (long)tb->pc, tb->size);
872 }
873 }
874 }
875 }
876
877 /* verify that all the pages have correct rights for code */
878 static void tb_page_check(void)
879 {
880 TranslationBlock *tb;
881 int i, flags1, flags2;
882
883 for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) {
884 for (tb = tcg_ctx.tb_ctx.tb_phys_hash[i]; tb != NULL;
885 tb = tb->phys_hash_next) {
886 flags1 = page_get_flags(tb->pc);
887 flags2 = page_get_flags(tb->pc + tb->size - 1);
888 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
889 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
890 (long)tb->pc, tb->size, flags1, flags2);
891 }
892 }
893 }
894 }
895
896 #endif
897
898 static inline void tb_hash_remove(TranslationBlock **ptb, TranslationBlock *tb)
899 {
900 TranslationBlock *tb1;
901
902 for (;;) {
903 tb1 = *ptb;
904 if (tb1 == tb) {
905 *ptb = tb1->phys_hash_next;
906 break;
907 }
908 ptb = &tb1->phys_hash_next;
909 }
910 }
911
912 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
913 {
914 TranslationBlock *tb1;
915 unsigned int n1;
916
917 for (;;) {
918 tb1 = *ptb;
919 n1 = (uintptr_t)tb1 & 3;
920 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
921 if (tb1 == tb) {
922 *ptb = tb1->page_next[n1];
923 break;
924 }
925 ptb = &tb1->page_next[n1];
926 }
927 }
928
929 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
930 {
931 TranslationBlock *tb1, **ptb;
932 unsigned int n1;
933
934 ptb = &tb->jmp_next[n];
935 tb1 = *ptb;
936 if (tb1) {
937 /* find tb(n) in circular list */
938 for (;;) {
939 tb1 = *ptb;
940 n1 = (uintptr_t)tb1 & 3;
941 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
942 if (n1 == n && tb1 == tb) {
943 break;
944 }
945 if (n1 == 2) {
946 ptb = &tb1->jmp_first;
947 } else {
948 ptb = &tb1->jmp_next[n1];
949 }
950 }
951 /* now we can suppress tb(n) from the list */
952 *ptb = tb->jmp_next[n];
953
954 tb->jmp_next[n] = NULL;
955 }
956 }
957
958 /* reset the jump entry 'n' of a TB so that it is not chained to
959 another TB */
960 static inline void tb_reset_jump(TranslationBlock *tb, int n)
961 {
962 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
963 }
964
965 /* invalidate one TB */
966 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
967 {
968 CPUState *cpu;
969 PageDesc *p;
970 unsigned int h, n1;
971 tb_page_addr_t phys_pc;
972 TranslationBlock *tb1, *tb2;
973
974 /* remove the TB from the hash list */
975 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
976 h = tb_phys_hash_func(phys_pc);
977 tb_hash_remove(&tcg_ctx.tb_ctx.tb_phys_hash[h], tb);
978
979 /* remove the TB from the page list */
980 if (tb->page_addr[0] != page_addr) {
981 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
982 tb_page_remove(&p->first_tb, tb);
983 invalidate_page_bitmap(p);
984 }
985 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
986 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
987 tb_page_remove(&p->first_tb, tb);
988 invalidate_page_bitmap(p);
989 }
990
991 tcg_ctx.tb_ctx.tb_invalidated_flag = 1;
992
993 /* remove the TB from the hash list */
994 h = tb_jmp_cache_hash_func(tb->pc);
995 CPU_FOREACH(cpu) {
996 if (cpu->tb_jmp_cache[h] == tb) {
997 cpu->tb_jmp_cache[h] = NULL;
998 }
999 }
1000
1001 /* suppress this TB from the two jump lists */
1002 tb_jmp_remove(tb, 0);
1003 tb_jmp_remove(tb, 1);
1004
1005 /* suppress any remaining jumps to this TB */
1006 tb1 = tb->jmp_first;
1007 for (;;) {
1008 n1 = (uintptr_t)tb1 & 3;
1009 if (n1 == 2) {
1010 break;
1011 }
1012 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
1013 tb2 = tb1->jmp_next[n1];
1014 tb_reset_jump(tb1, n1);
1015 tb1->jmp_next[n1] = NULL;
1016 tb1 = tb2;
1017 }
1018 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
1019
1020 tcg_ctx.tb_ctx.tb_phys_invalidate_count++;
1021 }
1022
1023 static void build_page_bitmap(PageDesc *p)
1024 {
1025 int n, tb_start, tb_end;
1026 TranslationBlock *tb;
1027
1028 p->code_bitmap = bitmap_new(TARGET_PAGE_SIZE);
1029
1030 tb = p->first_tb;
1031 while (tb != NULL) {
1032 n = (uintptr_t)tb & 3;
1033 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1034 /* NOTE: this is subtle as a TB may span two physical pages */
1035 if (n == 0) {
1036 /* NOTE: tb_end may be after the end of the page, but
1037 it is not a problem */
1038 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1039 tb_end = tb_start + tb->size;
1040 if (tb_end > TARGET_PAGE_SIZE) {
1041 tb_end = TARGET_PAGE_SIZE;
1042 }
1043 } else {
1044 tb_start = 0;
1045 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1046 }
1047 bitmap_set(p->code_bitmap, tb_start, tb_end - tb_start);
1048 tb = tb->page_next[n];
1049 }
1050 }
1051
1052 /* Called with mmap_lock held for user mode emulation. */
1053 TranslationBlock *tb_gen_code(CPUState *cpu,
1054 target_ulong pc, target_ulong cs_base,
1055 int flags, int cflags)
1056 {
1057 CPUArchState *env = cpu->env_ptr;
1058 TranslationBlock *tb;
1059 tb_page_addr_t phys_pc, phys_page2;
1060 target_ulong virt_page2;
1061 tcg_insn_unit *gen_code_buf;
1062 int gen_code_size, search_size;
1063 #ifdef CONFIG_PROFILER
1064 int64_t ti;
1065 #endif
1066
1067 phys_pc = get_page_addr_code(env, pc);
1068 if (use_icount && !(cflags & CF_IGNORE_ICOUNT)) {
1069 cflags |= CF_USE_ICOUNT;
1070 }
1071
1072 tb = tb_alloc(pc);
1073 if (unlikely(!tb)) {
1074 buffer_overflow:
1075 /* flush must be done */
1076 tb_flush(cpu);
1077 /* cannot fail at this point */
1078 tb = tb_alloc(pc);
1079 assert(tb != NULL);
1080 /* Don't forget to invalidate previous TB info. */
1081 tcg_ctx.tb_ctx.tb_invalidated_flag = 1;
1082 }
1083
1084 gen_code_buf = tcg_ctx.code_gen_ptr;
1085 tb->tc_ptr = gen_code_buf;
1086 tb->cs_base = cs_base;
1087 tb->flags = flags;
1088 tb->cflags = cflags;
1089
1090 #ifdef CONFIG_PROFILER
1091 tcg_ctx.tb_count1++; /* includes aborted translations because of
1092 exceptions */
1093 ti = profile_getclock();
1094 #endif
1095
1096 tcg_func_start(&tcg_ctx);
1097
1098 gen_intermediate_code(env, tb);
1099
1100 trace_translate_block(tb, tb->pc, tb->tc_ptr);
1101
1102 /* generate machine code */
1103 tb->tb_next_offset[0] = 0xffff;
1104 tb->tb_next_offset[1] = 0xffff;
1105 tcg_ctx.tb_next_offset = tb->tb_next_offset;
1106 #ifdef USE_DIRECT_JUMP
1107 tcg_ctx.tb_jmp_offset = tb->tb_jmp_offset;
1108 tcg_ctx.tb_next = NULL;
1109 #else
1110 tcg_ctx.tb_jmp_offset = NULL;
1111 tcg_ctx.tb_next = tb->tb_next;
1112 #endif
1113
1114 #ifdef CONFIG_PROFILER
1115 tcg_ctx.tb_count++;
1116 tcg_ctx.interm_time += profile_getclock() - ti;
1117 tcg_ctx.code_time -= profile_getclock();
1118 #endif
1119
1120 /* ??? Overflow could be handled better here. In particular, we
1121 don't need to re-do gen_intermediate_code, nor should we re-do
1122 the tcg optimization currently hidden inside tcg_gen_code. All
1123 that should be required is to flush the TBs, allocate a new TB,
1124 re-initialize it per above, and re-do the actual code generation. */
1125 gen_code_size = tcg_gen_code(&tcg_ctx, gen_code_buf);
1126 if (unlikely(gen_code_size < 0)) {
1127 goto buffer_overflow;
1128 }
1129 search_size = encode_search(tb, (void *)gen_code_buf + gen_code_size);
1130 if (unlikely(search_size < 0)) {
1131 goto buffer_overflow;
1132 }
1133
1134 #ifdef CONFIG_PROFILER
1135 tcg_ctx.code_time += profile_getclock();
1136 tcg_ctx.code_in_len += tb->size;
1137 tcg_ctx.code_out_len += gen_code_size;
1138 tcg_ctx.search_out_len += search_size;
1139 #endif
1140
1141 #ifdef DEBUG_DISAS
1142 if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM)) {
1143 qemu_log("OUT: [size=%d]\n", gen_code_size);
1144 log_disas(tb->tc_ptr, gen_code_size);
1145 qemu_log("\n");
1146 qemu_log_flush();
1147 }
1148 #endif
1149
1150 tcg_ctx.code_gen_ptr = (void *)
1151 ROUND_UP((uintptr_t)gen_code_buf + gen_code_size + search_size,
1152 CODE_GEN_ALIGN);
1153
1154 #if defined(CONFIG_USER_ONLY) && defined(TARGET_X86_64)
1155 /* if we are doing vsyscall don't link the page as it lies in high memory
1156 and tb_alloc_page will abort due to page_l1_map returning NULL */
1157 if (unlikely(phys_pc >= TARGET_VSYSCALL_START
1158 && phys_pc < TARGET_VSYSCALL_END))
1159 return tb;
1160 #endif
1161
1162 /* check next page if needed */
1163 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
1164 phys_page2 = -1;
1165 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
1166 phys_page2 = get_page_addr_code(env, virt_page2);
1167 }
1168 tb_link_page(tb, phys_pc, phys_page2);
1169 return tb;
1170 }
1171
1172 /*
1173 * Invalidate all TBs which intersect with the target physical address range
1174 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1175 * 'is_cpu_write_access' should be true if called from a real cpu write
1176 * access: the virtual CPU will exit the current TB if code is modified inside
1177 * this TB.
1178 *
1179 * Called with mmap_lock held for user-mode emulation
1180 */
1181 void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end)
1182 {
1183 while (start < end) {
1184 tb_invalidate_phys_page_range(start, end, 0);
1185 start &= TARGET_PAGE_MASK;
1186 start += TARGET_PAGE_SIZE;
1187 }
1188 }
1189
1190 /*
1191 * Invalidate all TBs which intersect with the target physical address range
1192 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1193 * 'is_cpu_write_access' should be true if called from a real cpu write
1194 * access: the virtual CPU will exit the current TB if code is modified inside
1195 * this TB.
1196 *
1197 * Called with mmap_lock held for user-mode emulation
1198 */
1199 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
1200 int is_cpu_write_access)
1201 {
1202 TranslationBlock *tb, *tb_next, *saved_tb;
1203 CPUState *cpu = current_cpu;
1204 #if defined(TARGET_HAS_PRECISE_SMC)
1205 CPUArchState *env = NULL;
1206 #endif
1207 tb_page_addr_t tb_start, tb_end;
1208 PageDesc *p;
1209 int n;
1210 #ifdef TARGET_HAS_PRECISE_SMC
1211 int current_tb_not_found = is_cpu_write_access;
1212 TranslationBlock *current_tb = NULL;
1213 int current_tb_modified = 0;
1214 target_ulong current_pc = 0;
1215 target_ulong current_cs_base = 0;
1216 int current_flags = 0;
1217 #endif /* TARGET_HAS_PRECISE_SMC */
1218
1219 p = page_find(start >> TARGET_PAGE_BITS);
1220 if (!p) {
1221 return;
1222 }
1223 #if defined(TARGET_HAS_PRECISE_SMC)
1224 if (cpu != NULL) {
1225 env = cpu->env_ptr;
1226 }
1227 #endif
1228
1229 /* we remove all the TBs in the range [start, end[ */
1230 /* XXX: see if in some cases it could be faster to invalidate all
1231 the code */
1232 tb = p->first_tb;
1233 while (tb != NULL) {
1234 n = (uintptr_t)tb & 3;
1235 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1236 tb_next = tb->page_next[n];
1237 /* NOTE: this is subtle as a TB may span two physical pages */
1238 if (n == 0) {
1239 /* NOTE: tb_end may be after the end of the page, but
1240 it is not a problem */
1241 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1242 tb_end = tb_start + tb->size;
1243 } else {
1244 tb_start = tb->page_addr[1];
1245 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1246 }
1247 if (!(tb_end <= start || tb_start >= end)) {
1248 #ifdef TARGET_HAS_PRECISE_SMC
1249 if (current_tb_not_found) {
1250 current_tb_not_found = 0;
1251 current_tb = NULL;
1252 if (cpu->mem_io_pc) {
1253 /* now we have a real cpu fault */
1254 current_tb = tb_find_pc(cpu->mem_io_pc);
1255 }
1256 }
1257 if (current_tb == tb &&
1258 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1259 /* If we are modifying the current TB, we must stop
1260 its execution. We could be more precise by checking
1261 that the modification is after the current PC, but it
1262 would require a specialized function to partially
1263 restore the CPU state */
1264
1265 current_tb_modified = 1;
1266 cpu_restore_state_from_tb(cpu, current_tb, cpu->mem_io_pc);
1267 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1268 &current_flags);
1269 }
1270 #endif /* TARGET_HAS_PRECISE_SMC */
1271 /* we need to do that to handle the case where a signal
1272 occurs while doing tb_phys_invalidate() */
1273 saved_tb = NULL;
1274 if (cpu != NULL) {
1275 saved_tb = cpu->current_tb;
1276 cpu->current_tb = NULL;
1277 }
1278 tb_phys_invalidate(tb, -1);
1279 if (cpu != NULL) {
1280 cpu->current_tb = saved_tb;
1281 if (cpu->interrupt_request && cpu->current_tb) {
1282 cpu_interrupt(cpu, cpu->interrupt_request);
1283 }
1284 }
1285 }
1286 tb = tb_next;
1287 }
1288 #if !defined(CONFIG_USER_ONLY)
1289 /* if no code remaining, no need to continue to use slow writes */
1290 if (!p->first_tb) {
1291 invalidate_page_bitmap(p);
1292 tlb_unprotect_code(start);
1293 }
1294 #endif
1295 #ifdef TARGET_HAS_PRECISE_SMC
1296 if (current_tb_modified) {
1297 /* we generate a block containing just the instruction
1298 modifying the memory. It will ensure that it cannot modify
1299 itself */
1300 cpu->current_tb = NULL;
1301 tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1);
1302 cpu_resume_from_signal(cpu, NULL);
1303 }
1304 #endif
1305 }
1306
1307 /* len must be <= 8 and start must be a multiple of len */
1308 void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1309 {
1310 PageDesc *p;
1311
1312 #if 0
1313 if (1) {
1314 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1315 cpu_single_env->mem_io_vaddr, len,
1316 cpu_single_env->eip,
1317 cpu_single_env->eip +
1318 (intptr_t)cpu_single_env->segs[R_CS].base);
1319 }
1320 #endif
1321 p = page_find(start >> TARGET_PAGE_BITS);
1322 if (!p) {
1323 return;
1324 }
1325 if (!p->code_bitmap &&
1326 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD) {
1327 /* build code bitmap */
1328 build_page_bitmap(p);
1329 }
1330 if (p->code_bitmap) {
1331 unsigned int nr;
1332 unsigned long b;
1333
1334 nr = start & ~TARGET_PAGE_MASK;
1335 b = p->code_bitmap[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG - 1));
1336 if (b & ((1 << len) - 1)) {
1337 goto do_invalidate;
1338 }
1339 } else {
1340 do_invalidate:
1341 tb_invalidate_phys_page_range(start, start + len, 1);
1342 }
1343 }
1344
1345 #if !defined(CONFIG_SOFTMMU)
1346 /* Called with mmap_lock held. */
1347 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1348 uintptr_t pc, void *puc,
1349 bool locked)
1350 {
1351 TranslationBlock *tb;
1352 PageDesc *p;
1353 int n;
1354 #ifdef TARGET_HAS_PRECISE_SMC
1355 TranslationBlock *current_tb = NULL;
1356 CPUState *cpu = current_cpu;
1357 CPUArchState *env = NULL;
1358 int current_tb_modified = 0;
1359 target_ulong current_pc = 0;
1360 target_ulong current_cs_base = 0;
1361 int current_flags = 0;
1362 #endif
1363
1364 addr &= TARGET_PAGE_MASK;
1365 p = page_find(addr >> TARGET_PAGE_BITS);
1366 if (!p) {
1367 return;
1368 }
1369 tb = p->first_tb;
1370 #ifdef TARGET_HAS_PRECISE_SMC
1371 if (tb && pc != 0) {
1372 current_tb = tb_find_pc(pc);
1373 }
1374 if (cpu != NULL) {
1375 env = cpu->env_ptr;
1376 }
1377 #endif
1378 while (tb != NULL) {
1379 n = (uintptr_t)tb & 3;
1380 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1381 #ifdef TARGET_HAS_PRECISE_SMC
1382 if (current_tb == tb &&
1383 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1384 /* If we are modifying the current TB, we must stop
1385 its execution. We could be more precise by checking
1386 that the modification is after the current PC, but it
1387 would require a specialized function to partially
1388 restore the CPU state */
1389
1390 current_tb_modified = 1;
1391 cpu_restore_state_from_tb(cpu, current_tb, pc);
1392 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1393 &current_flags);
1394 }
1395 #endif /* TARGET_HAS_PRECISE_SMC */
1396 tb_phys_invalidate(tb, addr);
1397 tb = tb->page_next[n];
1398 }
1399 p->first_tb = NULL;
1400 #ifdef TARGET_HAS_PRECISE_SMC
1401 if (current_tb_modified) {
1402 /* we generate a block containing just the instruction
1403 modifying the memory. It will ensure that it cannot modify
1404 itself */
1405 cpu->current_tb = NULL;
1406 tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1);
1407 if (locked) {
1408 mmap_unlock();
1409 }
1410 cpu_resume_from_signal(cpu, puc);
1411 }
1412 #endif
1413 }
1414 #endif
1415
1416 /* add the tb in the target page and protect it if necessary
1417 *
1418 * Called with mmap_lock held for user-mode emulation.
1419 */
1420 static inline void tb_alloc_page(TranslationBlock *tb,
1421 unsigned int n, tb_page_addr_t page_addr)
1422 {
1423 PageDesc *p;
1424 #ifndef CONFIG_USER_ONLY
1425 bool page_already_protected;
1426 #endif
1427
1428 tb->page_addr[n] = page_addr;
1429 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1430 tb->page_next[n] = p->first_tb;
1431 #ifndef CONFIG_USER_ONLY
1432 page_already_protected = p->first_tb != NULL;
1433 #endif
1434 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
1435 invalidate_page_bitmap(p);
1436
1437 #if defined(CONFIG_USER_ONLY)
1438 if (p->flags & PAGE_WRITE) {
1439 target_ulong addr;
1440 PageDesc *p2;
1441 int prot;
1442
1443 /* force the host page as non writable (writes will have a
1444 page fault + mprotect overhead) */
1445 page_addr &= qemu_host_page_mask;
1446 prot = 0;
1447 for (addr = page_addr; addr < page_addr + qemu_host_page_size;
1448 addr += TARGET_PAGE_SIZE) {
1449
1450 p2 = page_find(addr >> TARGET_PAGE_BITS);
1451 if (!p2) {
1452 continue;
1453 }
1454 prot |= p2->flags;
1455 p2->flags &= ~PAGE_WRITE;
1456 }
1457 mprotect(g2h(page_addr), qemu_host_page_size,
1458 (prot & PAGE_BITS) & ~PAGE_WRITE);
1459 #ifdef DEBUG_TB_INVALIDATE
1460 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1461 page_addr);
1462 #endif
1463 }
1464 #else
1465 /* if some code is already present, then the pages are already
1466 protected. So we handle the case where only the first TB is
1467 allocated in a physical page */
1468 if (!page_already_protected) {
1469 tlb_protect_code(page_addr);
1470 }
1471 #endif
1472 }
1473
1474 /* add a new TB and link it to the physical page tables. phys_page2 is
1475 * (-1) to indicate that only one page contains the TB.
1476 *
1477 * Called with mmap_lock held for user-mode emulation.
1478 */
1479 static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
1480 tb_page_addr_t phys_page2)
1481 {
1482 unsigned int h;
1483 TranslationBlock **ptb;
1484
1485 /* add in the physical hash table */
1486 h = tb_phys_hash_func(phys_pc);
1487 ptb = &tcg_ctx.tb_ctx.tb_phys_hash[h];
1488 tb->phys_hash_next = *ptb;
1489 *ptb = tb;
1490
1491 /* add in the page list */
1492 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1493 if (phys_page2 != -1) {
1494 tb_alloc_page(tb, 1, phys_page2);
1495 } else {
1496 tb->page_addr[1] = -1;
1497 }
1498
1499 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
1500 tb->jmp_next[0] = NULL;
1501 tb->jmp_next[1] = NULL;
1502
1503 /* init original jump addresses */
1504 if (tb->tb_next_offset[0] != 0xffff) {
1505 tb_reset_jump(tb, 0);
1506 }
1507 if (tb->tb_next_offset[1] != 0xffff) {
1508 tb_reset_jump(tb, 1);
1509 }
1510
1511 #ifdef DEBUG_TB_CHECK
1512 tb_page_check();
1513 #endif
1514 }
1515
1516 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1517 tb[1].tc_ptr. Return NULL if not found */
1518 static TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
1519 {
1520 int m_min, m_max, m;
1521 uintptr_t v;
1522 TranslationBlock *tb;
1523
1524 if (tcg_ctx.tb_ctx.nb_tbs <= 0) {
1525 return NULL;
1526 }
1527 if (tc_ptr < (uintptr_t)tcg_ctx.code_gen_buffer ||
1528 tc_ptr >= (uintptr_t)tcg_ctx.code_gen_ptr) {
1529 return NULL;
1530 }
1531 /* binary search (cf Knuth) */
1532 m_min = 0;
1533 m_max = tcg_ctx.tb_ctx.nb_tbs - 1;
1534 while (m_min <= m_max) {
1535 m = (m_min + m_max) >> 1;
1536 tb = &tcg_ctx.tb_ctx.tbs[m];
1537 v = (uintptr_t)tb->tc_ptr;
1538 if (v == tc_ptr) {
1539 return tb;
1540 } else if (tc_ptr < v) {
1541 m_max = m - 1;
1542 } else {
1543 m_min = m + 1;
1544 }
1545 }
1546 return &tcg_ctx.tb_ctx.tbs[m_max];
1547 }
1548
1549 #if !defined(CONFIG_USER_ONLY)
1550 void tb_invalidate_phys_addr(AddressSpace *as, hwaddr addr)
1551 {
1552 ram_addr_t ram_addr;
1553 MemoryRegion *mr;
1554 hwaddr l = 1;
1555
1556 rcu_read_lock();
1557 mr = address_space_translate(as, addr, &addr, &l, false);
1558 if (!(memory_region_is_ram(mr)
1559 || memory_region_is_romd(mr))) {
1560 rcu_read_unlock();
1561 return;
1562 }
1563 ram_addr = (memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK)
1564 + addr;
1565 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1566 rcu_read_unlock();
1567 }
1568 #endif /* !defined(CONFIG_USER_ONLY) */
1569
1570 void tb_check_watchpoint(CPUState *cpu)
1571 {
1572 TranslationBlock *tb;
1573
1574 tb = tb_find_pc(cpu->mem_io_pc);
1575 if (tb) {
1576 /* We can use retranslation to find the PC. */
1577 cpu_restore_state_from_tb(cpu, tb, cpu->mem_io_pc);
1578 tb_phys_invalidate(tb, -1);
1579 } else {
1580 /* The exception probably happened in a helper. The CPU state should
1581 have been saved before calling it. Fetch the PC from there. */
1582 CPUArchState *env = cpu->env_ptr;
1583 target_ulong pc, cs_base;
1584 tb_page_addr_t addr;
1585 int flags;
1586
1587 cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
1588 addr = get_page_addr_code(env, pc);
1589 tb_invalidate_phys_range(addr, addr + 1);
1590 }
1591 }
1592
1593 #ifndef CONFIG_USER_ONLY
1594 /* in deterministic execution mode, instructions doing device I/Os
1595 must be at the end of the TB */
1596 void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
1597 {
1598 #if defined(TARGET_MIPS) || defined(TARGET_SH4)
1599 CPUArchState *env = cpu->env_ptr;
1600 #endif
1601 TranslationBlock *tb;
1602 uint32_t n, cflags;
1603 target_ulong pc, cs_base;
1604 uint64_t flags;
1605
1606 tb = tb_find_pc(retaddr);
1607 if (!tb) {
1608 cpu_abort(cpu, "cpu_io_recompile: could not find TB for pc=%p",
1609 (void *)retaddr);
1610 }
1611 n = cpu->icount_decr.u16.low + tb->icount;
1612 cpu_restore_state_from_tb(cpu, tb, retaddr);
1613 /* Calculate how many instructions had been executed before the fault
1614 occurred. */
1615 n = n - cpu->icount_decr.u16.low;
1616 /* Generate a new TB ending on the I/O insn. */
1617 n++;
1618 /* On MIPS and SH, delay slot instructions can only be restarted if
1619 they were already the first instruction in the TB. If this is not
1620 the first instruction in a TB then re-execute the preceding
1621 branch. */
1622 #if defined(TARGET_MIPS)
1623 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
1624 env->active_tc.PC -= (env->hflags & MIPS_HFLAG_B16 ? 2 : 4);
1625 cpu->icount_decr.u16.low++;
1626 env->hflags &= ~MIPS_HFLAG_BMASK;
1627 }
1628 #elif defined(TARGET_SH4)
1629 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
1630 && n > 1) {
1631 env->pc -= 2;
1632 cpu->icount_decr.u16.low++;
1633 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
1634 }
1635 #endif
1636 /* This should never happen. */
1637 if (n > CF_COUNT_MASK) {
1638 cpu_abort(cpu, "TB too big during recompile");
1639 }
1640
1641 cflags = n | CF_LAST_IO;
1642 pc = tb->pc;
1643 cs_base = tb->cs_base;
1644 flags = tb->flags;
1645 tb_phys_invalidate(tb, -1);
1646 if (tb->cflags & CF_NOCACHE) {
1647 if (tb->orig_tb) {
1648 /* Invalidate original TB if this TB was generated in
1649 * cpu_exec_nocache() */
1650 tb_phys_invalidate(tb->orig_tb, -1);
1651 }
1652 tb_free(tb);
1653 }
1654 /* FIXME: In theory this could raise an exception. In practice
1655 we have already translated the block once so it's probably ok. */
1656 tb_gen_code(cpu, pc, cs_base, flags, cflags);
1657 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
1658 the first in the TB) then we end up generating a whole new TB and
1659 repeating the fault, which is horribly inefficient.
1660 Better would be to execute just this insn uncached, or generate a
1661 second new TB. */
1662 cpu_resume_from_signal(cpu, NULL);
1663 }
1664
1665 void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr)
1666 {
1667 unsigned int i;
1668
1669 /* Discard jump cache entries for any tb which might potentially
1670 overlap the flushed page. */
1671 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1672 memset(&cpu->tb_jmp_cache[i], 0,
1673 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1674
1675 i = tb_jmp_cache_hash_page(addr);
1676 memset(&cpu->tb_jmp_cache[i], 0,
1677 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1678 }
1679
1680 void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
1681 {
1682 int i, target_code_size, max_target_code_size;
1683 int direct_jmp_count, direct_jmp2_count, cross_page;
1684 TranslationBlock *tb;
1685
1686 target_code_size = 0;
1687 max_target_code_size = 0;
1688 cross_page = 0;
1689 direct_jmp_count = 0;
1690 direct_jmp2_count = 0;
1691 for (i = 0; i < tcg_ctx.tb_ctx.nb_tbs; i++) {
1692 tb = &tcg_ctx.tb_ctx.tbs[i];
1693 target_code_size += tb->size;
1694 if (tb->size > max_target_code_size) {
1695 max_target_code_size = tb->size;
1696 }
1697 if (tb->page_addr[1] != -1) {
1698 cross_page++;
1699 }
1700 if (tb->tb_next_offset[0] != 0xffff) {
1701 direct_jmp_count++;
1702 if (tb->tb_next_offset[1] != 0xffff) {
1703 direct_jmp2_count++;
1704 }
1705 }
1706 }
1707 /* XXX: avoid using doubles ? */
1708 cpu_fprintf(f, "Translation buffer state:\n");
1709 cpu_fprintf(f, "gen code size %td/%zd\n",
1710 tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer,
1711 tcg_ctx.code_gen_highwater - tcg_ctx.code_gen_buffer);
1712 cpu_fprintf(f, "TB count %d/%d\n",
1713 tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.code_gen_max_blocks);
1714 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
1715 tcg_ctx.tb_ctx.nb_tbs ? target_code_size /
1716 tcg_ctx.tb_ctx.nb_tbs : 0,
1717 max_target_code_size);
1718 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
1719 tcg_ctx.tb_ctx.nb_tbs ? (tcg_ctx.code_gen_ptr -
1720 tcg_ctx.code_gen_buffer) /
1721 tcg_ctx.tb_ctx.nb_tbs : 0,
1722 target_code_size ? (double) (tcg_ctx.code_gen_ptr -
1723 tcg_ctx.code_gen_buffer) /
1724 target_code_size : 0);
1725 cpu_fprintf(f, "cross page TB count %d (%d%%)\n", cross_page,
1726 tcg_ctx.tb_ctx.nb_tbs ? (cross_page * 100) /
1727 tcg_ctx.tb_ctx.nb_tbs : 0);
1728 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
1729 direct_jmp_count,
1730 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp_count * 100) /
1731 tcg_ctx.tb_ctx.nb_tbs : 0,
1732 direct_jmp2_count,
1733 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp2_count * 100) /
1734 tcg_ctx.tb_ctx.nb_tbs : 0);
1735 cpu_fprintf(f, "\nStatistics:\n");
1736 cpu_fprintf(f, "TB flush count %d\n", tcg_ctx.tb_ctx.tb_flush_count);
1737 cpu_fprintf(f, "TB invalidate count %d\n",
1738 tcg_ctx.tb_ctx.tb_phys_invalidate_count);
1739 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
1740 tcg_dump_info(f, cpu_fprintf);
1741 }
1742
1743 void dump_opcount_info(FILE *f, fprintf_function cpu_fprintf)
1744 {
1745 tcg_dump_op_count(f, cpu_fprintf);
1746 }
1747
1748 #else /* CONFIG_USER_ONLY */
1749
1750 void cpu_interrupt(CPUState *cpu, int mask)
1751 {
1752 cpu->interrupt_request |= mask;
1753 cpu->tcg_exit_req = 1;
1754 }
1755
1756 /*
1757 * Walks guest process memory "regions" one by one
1758 * and calls callback function 'fn' for each region.
1759 */
1760 struct walk_memory_regions_data {
1761 walk_memory_regions_fn fn;
1762 void *priv;
1763 target_ulong start;
1764 int prot;
1765 };
1766
1767 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
1768 target_ulong end, int new_prot)
1769 {
1770 if (data->start != -1u) {
1771 int rc = data->fn(data->priv, data->start, end, data->prot);
1772 if (rc != 0) {
1773 return rc;
1774 }
1775 }
1776
1777 data->start = (new_prot ? end : -1u);
1778 data->prot = new_prot;
1779
1780 return 0;
1781 }
1782
1783 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
1784 target_ulong base, int level, void **lp)
1785 {
1786 target_ulong pa;
1787 int i, rc;
1788
1789 if (*lp == NULL) {
1790 return walk_memory_regions_end(data, base, 0);
1791 }
1792
1793 if (level == 0) {
1794 PageDesc *pd = *lp;
1795
1796 for (i = 0; i < V_L2_SIZE; ++i) {
1797 int prot = pd[i].flags;
1798
1799 pa = base | (i << TARGET_PAGE_BITS);
1800 if (prot != data->prot) {
1801 rc = walk_memory_regions_end(data, pa, prot);
1802 if (rc != 0) {
1803 return rc;
1804 }
1805 }
1806 }
1807 } else {
1808 void **pp = *lp;
1809
1810 for (i = 0; i < V_L2_SIZE; ++i) {
1811 pa = base | ((target_ulong)i <<
1812 (TARGET_PAGE_BITS + V_L2_BITS * level));
1813 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
1814 if (rc != 0) {
1815 return rc;
1816 }
1817 }
1818 }
1819
1820 return 0;
1821 }
1822
1823 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
1824 {
1825 struct walk_memory_regions_data data;
1826 uintptr_t i;
1827
1828 data.fn = fn;
1829 data.priv = priv;
1830 data.start = -1u;
1831 data.prot = 0;
1832
1833 for (i = 0; i < V_L1_SIZE; i++) {
1834 int rc = walk_memory_regions_1(&data, (target_ulong)i << (V_L1_SHIFT + TARGET_PAGE_BITS),
1835 V_L1_SHIFT / V_L2_BITS - 1, l1_map + i);
1836 if (rc != 0) {
1837 return rc;
1838 }
1839 }
1840
1841 return walk_memory_regions_end(&data, 0, 0);
1842 }
1843
1844 static int dump_region(void *priv, target_ulong start,
1845 target_ulong end, abi_ulong prot)
1846 {
1847 FILE *f = (FILE *)priv;
1848
1849 (void) fprintf(f, TARGET_FMT_lx"-"TARGET_FMT_lx
1850 " "TARGET_FMT_lx" %c%c%c\n",
1851 start, end, end - start,
1852 ((prot & PAGE_READ) ? 'r' : '-'),
1853 ((prot & PAGE_WRITE) ? 'w' : '-'),
1854 ((prot & PAGE_EXEC) ? 'x' : '-'));
1855
1856 return 0;
1857 }
1858
1859 /* dump memory mappings */
1860 void page_dump(FILE *f)
1861 {
1862 const int length = sizeof(target_ulong) * 2;
1863 (void) fprintf(f, "%-*s %-*s %-*s %s\n",
1864 length, "start", length, "end", length, "size", "prot");
1865 walk_memory_regions(f, dump_region);
1866 }
1867
1868 int page_get_flags(target_ulong address)
1869 {
1870 PageDesc *p;
1871
1872 p = page_find(address >> TARGET_PAGE_BITS);
1873 if (!p) {
1874 return 0;
1875 }
1876 return p->flags;
1877 }
1878
1879 /* Modify the flags of a page and invalidate the code if necessary.
1880 The flag PAGE_WRITE_ORG is positioned automatically depending
1881 on PAGE_WRITE. The mmap_lock should already be held. */
1882 void page_set_flags(target_ulong start, target_ulong end, int flags)
1883 {
1884 target_ulong addr, len;
1885
1886 /* This function should never be called with addresses outside the
1887 guest address space. If this assert fires, it probably indicates
1888 a missing call to h2g_valid. */
1889 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
1890 assert(end < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
1891 #endif
1892 assert(start < end);
1893
1894 start = start & TARGET_PAGE_MASK;
1895 end = TARGET_PAGE_ALIGN(end);
1896
1897 if (flags & PAGE_WRITE) {
1898 flags |= PAGE_WRITE_ORG;
1899 }
1900
1901 for (addr = start, len = end - start;
1902 len != 0;
1903 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
1904 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
1905
1906 /* If the write protection bit is set, then we invalidate
1907 the code inside. */
1908 if (!(p->flags & PAGE_WRITE) &&
1909 (flags & PAGE_WRITE) &&
1910 p->first_tb) {
1911 tb_invalidate_phys_page(addr, 0, NULL, false);
1912 }
1913 p->flags = flags;
1914 }
1915 }
1916
1917 int page_check_range(target_ulong start, target_ulong len, int flags)
1918 {
1919 PageDesc *p;
1920 target_ulong end;
1921 target_ulong addr;
1922
1923 /* This function should never be called with addresses outside the
1924 guest address space. If this assert fires, it probably indicates
1925 a missing call to h2g_valid. */
1926 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
1927 assert(start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
1928 #endif
1929
1930 if (len == 0) {
1931 return 0;
1932 }
1933 if (start + len - 1 < start) {
1934 /* We've wrapped around. */
1935 return -1;
1936 }
1937
1938 /* must do before we loose bits in the next step */
1939 end = TARGET_PAGE_ALIGN(start + len);
1940 start = start & TARGET_PAGE_MASK;
1941
1942 for (addr = start, len = end - start;
1943 len != 0;
1944 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
1945 p = page_find(addr >> TARGET_PAGE_BITS);
1946 if (!p) {
1947 return -1;
1948 }
1949 if (!(p->flags & PAGE_VALID)) {
1950 return -1;
1951 }
1952
1953 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ)) {
1954 return -1;
1955 }
1956 if (flags & PAGE_WRITE) {
1957 if (!(p->flags & PAGE_WRITE_ORG)) {
1958 return -1;
1959 }
1960 /* unprotect the page if it was put read-only because it
1961 contains translated code */
1962 if (!(p->flags & PAGE_WRITE)) {
1963 if (!page_unprotect(addr, 0, NULL)) {
1964 return -1;
1965 }
1966 }
1967 }
1968 }
1969 return 0;
1970 }
1971
1972 /* called from signal handler: invalidate the code and unprotect the
1973 page. Return TRUE if the fault was successfully handled. */
1974 int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
1975 {
1976 unsigned int prot;
1977 PageDesc *p;
1978 target_ulong host_start, host_end, addr;
1979
1980 /* Technically this isn't safe inside a signal handler. However we
1981 know this only ever happens in a synchronous SEGV handler, so in
1982 practice it seems to be ok. */
1983 mmap_lock();
1984
1985 p = page_find(address >> TARGET_PAGE_BITS);
1986 if (!p) {
1987 mmap_unlock();
1988 return 0;
1989 }
1990
1991 /* if the page was really writable, then we change its
1992 protection back to writable */
1993 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
1994 host_start = address & qemu_host_page_mask;
1995 host_end = host_start + qemu_host_page_size;
1996
1997 prot = 0;
1998 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
1999 p = page_find(addr >> TARGET_PAGE_BITS);
2000 p->flags |= PAGE_WRITE;
2001 prot |= p->flags;
2002
2003 /* and since the content will be modified, we must invalidate
2004 the corresponding translated code. */
2005 tb_invalidate_phys_page(addr, pc, puc, true);
2006 #ifdef DEBUG_TB_CHECK
2007 tb_invalidate_check(addr);
2008 #endif
2009 }
2010 mprotect((void *)g2h(host_start), qemu_host_page_size,
2011 prot & PAGE_BITS);
2012
2013 mmap_unlock();
2014 return 1;
2015 }
2016 mmap_unlock();
2017 return 0;
2018 }
2019 #endif /* CONFIG_USER_ONLY */
AR7 emulation for QEMU