search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch '0xabu/raspi'
[qemu/ar7.git] / exec.c
blob56ce255c12fec8d3b96bc76ded2392ba49a826ed
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53 #include "sysemu/replay.h"
54
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
57
58 #include "qemu/range.h"
59 #ifndef _WIN32
60 #include "qemu/mmap-alloc.h"
61 #endif
62
63 //#define DEBUG_SUBPAGE
64
65 #if !defined(CONFIG_USER_ONLY)
66 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
67 * are protected by the ramlist lock.
68 */
69 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
70
71 static MemoryRegion *system_memory;
72 static MemoryRegion *system_io;
73
74 AddressSpace address_space_io;
75 AddressSpace address_space_memory;
76
77 MemoryRegion io_mem_rom, io_mem_notdirty;
78 static MemoryRegion io_mem_unassigned;
79
80 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
81 #define RAM_PREALLOC (1 << 0)
82
83 /* RAM is mmap-ed with MAP_SHARED */
84 #define RAM_SHARED (1 << 1)
85
86 /* Only a portion of RAM (used_length) is actually used, and migrated.
87 * This used_length size can change across reboots.
88 */
89 #define RAM_RESIZEABLE (1 << 2)
90
91 /* RAM is backed by an mmapped file.
92 */
93 #define RAM_FILE (1 << 3)
94 #endif
95
96 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
97 /* current CPU in the current thread. It is only valid inside
98 cpu_exec() */
99 __thread CPUState *current_cpu;
100 /* 0 = Do not count executed instructions.
101 1 = Precise instruction counting.
102 2 = Adaptive rate instruction counting. */
103 int use_icount;
104
105 #if !defined(CONFIG_USER_ONLY)
106
107 typedef struct PhysPageEntry PhysPageEntry;
108
109 struct PhysPageEntry {
110 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
111 uint32_t skip : 6;
112 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
113 uint32_t ptr : 26;
114 };
115
116 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
117
118 /* Size of the L2 (and L3, etc) page tables. */
119 #define ADDR_SPACE_BITS 64
120
121 #define P_L2_BITS 9
122 #define P_L2_SIZE (1 << P_L2_BITS)
123
124 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
125
126 typedef PhysPageEntry Node[P_L2_SIZE];
127
128 typedef struct PhysPageMap {
129 struct rcu_head rcu;
130
131 unsigned sections_nb;
132 unsigned sections_nb_alloc;
133 unsigned nodes_nb;
134 unsigned nodes_nb_alloc;
135 Node *nodes;
136 MemoryRegionSection *sections;
137 } PhysPageMap;
138
139 struct AddressSpaceDispatch {
140 struct rcu_head rcu;
141
142 /* This is a multi-level map on the physical address space.
143 * The bottom level has pointers to MemoryRegionSections.
144 */
145 PhysPageEntry phys_map;
146 PhysPageMap map;
147 AddressSpace *as;
148 };
149
150 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
151 typedef struct subpage_t {
152 MemoryRegion iomem;
153 AddressSpace *as;
154 hwaddr base;
155 uint16_t sub_section[TARGET_PAGE_SIZE];
156 } subpage_t;
157
158 #define PHYS_SECTION_UNASSIGNED 0
159 #define PHYS_SECTION_NOTDIRTY 1
160 #define PHYS_SECTION_ROM 2
161 #define PHYS_SECTION_WATCH 3
162
163 static void io_mem_init(void);
164 static void memory_map_init(void);
165 static void tcg_commit(MemoryListener *listener);
166
167 static MemoryRegion io_mem_watch;
168
169 /**
170 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
171 * @cpu: the CPU whose AddressSpace this is
172 * @as: the AddressSpace itself
173 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
174 * @tcg_as_listener: listener for tracking changes to the AddressSpace
175 */
176 struct CPUAddressSpace {
177 CPUState *cpu;
178 AddressSpace *as;
179 struct AddressSpaceDispatch *memory_dispatch;
180 MemoryListener tcg_as_listener;
181 };
182
183 #endif
184
185 #if !defined(CONFIG_USER_ONLY)
186
187 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
188 {
189 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
190 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
191 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
192 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
193 }
194 }
195
196 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
197 {
198 unsigned i;
199 uint32_t ret;
200 PhysPageEntry e;
201 PhysPageEntry *p;
202
203 ret = map->nodes_nb++;
204 p = map->nodes[ret];
205 assert(ret != PHYS_MAP_NODE_NIL);
206 assert(ret != map->nodes_nb_alloc);
207
208 e.skip = leaf ? 0 : 1;
209 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
210 for (i = 0; i < P_L2_SIZE; ++i) {
211 memcpy(&p[i], &e, sizeof(e));
212 }
213 return ret;
214 }
215
216 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
217 hwaddr *index, hwaddr *nb, uint16_t leaf,
218 int level)
219 {
220 PhysPageEntry *p;
221 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
222
223 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
224 lp->ptr = phys_map_node_alloc(map, level == 0);
225 }
226 p = map->nodes[lp->ptr];
227 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
228
229 while (*nb && lp < &p[P_L2_SIZE]) {
230 if ((*index & (step - 1)) == 0 && *nb >= step) {
231 lp->skip = 0;
232 lp->ptr = leaf;
233 *index += step;
234 *nb -= step;
235 } else {
236 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
237 }
238 ++lp;
239 }
240 }
241
242 static void phys_page_set(AddressSpaceDispatch *d,
243 hwaddr index, hwaddr nb,
244 uint16_t leaf)
245 {
246 /* Wildly overreserve - it doesn't matter much. */
247 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
248
249 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
250 }
251
252 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
253 * and update our entry so we can skip it and go directly to the destination.
254 */
255 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
256 {
257 unsigned valid_ptr = P_L2_SIZE;
258 int valid = 0;
259 PhysPageEntry *p;
260 int i;
261
262 if (lp->ptr == PHYS_MAP_NODE_NIL) {
263 return;
264 }
265
266 p = nodes[lp->ptr];
267 for (i = 0; i < P_L2_SIZE; i++) {
268 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
269 continue;
270 }
271
272 valid_ptr = i;
273 valid++;
274 if (p[i].skip) {
275 phys_page_compact(&p[i], nodes, compacted);
276 }
277 }
278
279 /* We can only compress if there's only one child. */
280 if (valid != 1) {
281 return;
282 }
283
284 assert(valid_ptr < P_L2_SIZE);
285
286 /* Don't compress if it won't fit in the # of bits we have. */
287 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
288 return;
289 }
290
291 lp->ptr = p[valid_ptr].ptr;
292 if (!p[valid_ptr].skip) {
293 /* If our only child is a leaf, make this a leaf. */
294 /* By design, we should have made this node a leaf to begin with so we
295 * should never reach here.
296 * But since it's so simple to handle this, let's do it just in case we
297 * change this rule.
298 */
299 lp->skip = 0;
300 } else {
301 lp->skip += p[valid_ptr].skip;
302 }
303 }
304
305 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
306 {
307 DECLARE_BITMAP(compacted, nodes_nb);
308
309 if (d->phys_map.skip) {
310 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
311 }
312 }
313
314 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
315 Node *nodes, MemoryRegionSection *sections)
316 {
317 PhysPageEntry *p;
318 hwaddr index = addr >> TARGET_PAGE_BITS;
319 int i;
320
321 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
322 if (lp.ptr == PHYS_MAP_NODE_NIL) {
323 return &sections[PHYS_SECTION_UNASSIGNED];
324 }
325 p = nodes[lp.ptr];
326 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
327 }
328
329 if (sections[lp.ptr].size.hi ||
330 range_covers_byte(sections[lp.ptr].offset_within_address_space,
331 sections[lp.ptr].size.lo, addr)) {
332 return &sections[lp.ptr];
333 } else {
334 return &sections[PHYS_SECTION_UNASSIGNED];
335 }
336 }
337
338 bool memory_region_is_unassigned(MemoryRegion *mr)
339 {
340 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
341 && mr != &io_mem_watch;
342 }
343
344 /* Called from RCU critical section */
345 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
346 hwaddr addr,
347 bool resolve_subpage)
348 {
349 MemoryRegionSection *section;
350 subpage_t *subpage;
351
352 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
353 if (resolve_subpage && section->mr->subpage) {
354 subpage = container_of(section->mr, subpage_t, iomem);
355 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
356 }
357 return section;
358 }
359
360 /* Called from RCU critical section */
361 static MemoryRegionSection *
362 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
363 hwaddr *plen, bool resolve_subpage)
364 {
365 MemoryRegionSection *section;
366 MemoryRegion *mr;
367 Int128 diff;
368
369 section = address_space_lookup_region(d, addr, resolve_subpage);
370 /* Compute offset within MemoryRegionSection */
371 addr -= section->offset_within_address_space;
372
373 /* Compute offset within MemoryRegion */
374 *xlat = addr + section->offset_within_region;
375
376 mr = section->mr;
377
378 /* MMIO registers can be expected to perform full-width accesses based only
379 * on their address, without considering adjacent registers that could
380 * decode to completely different MemoryRegions. When such registers
381 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
382 * regions overlap wildly. For this reason we cannot clamp the accesses
383 * here.
384 *
385 * If the length is small (as is the case for address_space_ldl/stl),
386 * everything works fine. If the incoming length is large, however,
387 * the caller really has to do the clamping through memory_access_size.
388 */
389 if (memory_region_is_ram(mr)) {
390 diff = int128_sub(section->size, int128_make64(addr));
391 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
392 }
393 return section;
394 }
395
396 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
397 {
398 if (memory_region_is_ram(mr)) {
399 return !(is_write && mr->readonly);
400 }
401 if (memory_region_is_romd(mr)) {
402 return !is_write;
403 }
404
405 return false;
406 }
407
408 /* Called from RCU critical section */
409 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
410 hwaddr *xlat, hwaddr *plen,
411 bool is_write)
412 {
413 IOMMUTLBEntry iotlb;
414 MemoryRegionSection *section;
415 MemoryRegion *mr;
416
417 for (;;) {
418 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
419 section = address_space_translate_internal(d, addr, &addr, plen, true);
420 mr = section->mr;
421
422 if (!mr->iommu_ops) {
423 break;
424 }
425
426 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
427 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
428 | (addr & iotlb.addr_mask));
429 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
430 if (!(iotlb.perm & (1 << is_write))) {
431 mr = &io_mem_unassigned;
432 break;
433 }
434
435 as = iotlb.target_as;
436 }
437
438 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
439 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
440 *plen = MIN(page, *plen);
441 }
442
443 *xlat = addr;
444 return mr;
445 }
446
447 /* Called from RCU critical section */
448 MemoryRegionSection *
449 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
450 hwaddr *xlat, hwaddr *plen)
451 {
452 MemoryRegionSection *section;
453 section = address_space_translate_internal(cpu->cpu_ases[0].memory_dispatch,
454 addr, xlat, plen, false);
455
456 assert(!section->mr->iommu_ops);
457 return section;
458 }
459 #endif
460
461 #if !defined(CONFIG_USER_ONLY)
462
463 static int cpu_common_post_load(void *opaque, int version_id)
464 {
465 CPUState *cpu = opaque;
466
467 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
468 version_id is increased. */
469 cpu->interrupt_request &= ~0x01;
470 tlb_flush(cpu, 1);
471
472 return 0;
473 }
474
475 static int cpu_common_pre_load(void *opaque)
476 {
477 CPUState *cpu = opaque;
478
479 cpu->exception_index = -1;
480
481 return 0;
482 }
483
484 static bool cpu_common_exception_index_needed(void *opaque)
485 {
486 CPUState *cpu = opaque;
487
488 return tcg_enabled() && cpu->exception_index != -1;
489 }
490
491 static const VMStateDescription vmstate_cpu_common_exception_index = {
492 .name = "cpu_common/exception_index",
493 .version_id = 1,
494 .minimum_version_id = 1,
495 .needed = cpu_common_exception_index_needed,
496 .fields = (VMStateField[]) {
497 VMSTATE_INT32(exception_index, CPUState),
498 VMSTATE_END_OF_LIST()
499 }
500 };
501
502 static bool cpu_common_crash_occurred_needed(void *opaque)
503 {
504 CPUState *cpu = opaque;
505
506 return cpu->crash_occurred;
507 }
508
509 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
510 .name = "cpu_common/crash_occurred",
511 .version_id = 1,
512 .minimum_version_id = 1,
513 .needed = cpu_common_crash_occurred_needed,
514 .fields = (VMStateField[]) {
515 VMSTATE_BOOL(crash_occurred, CPUState),
516 VMSTATE_END_OF_LIST()
517 }
518 };
519
520 const VMStateDescription vmstate_cpu_common = {
521 .name = "cpu_common",
522 .version_id = 1,
523 .minimum_version_id = 1,
524 .pre_load = cpu_common_pre_load,
525 .post_load = cpu_common_post_load,
526 .fields = (VMStateField[]) {
527 VMSTATE_UINT32(halted, CPUState),
528 VMSTATE_UINT32(interrupt_request, CPUState),
529 VMSTATE_END_OF_LIST()
530 },
531 .subsections = (const VMStateDescription*[]) {
532 &vmstate_cpu_common_exception_index,
533 &vmstate_cpu_common_crash_occurred,
534 NULL
535 }
536 };
537
538 #endif
539
540 CPUState *qemu_get_cpu(int index)
541 {
542 CPUState *cpu;
543
544 CPU_FOREACH(cpu) {
545 if (cpu->cpu_index == index) {
546 return cpu;
547 }
548 }
549
550 return NULL;
551 }
552
553 #if !defined(CONFIG_USER_ONLY)
554 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
555 {
556 /* We only support one address space per cpu at the moment. */
557 assert(cpu->as == as);
558
559 if (cpu->cpu_ases) {
560 /* We've already registered the listener for our only AS */
561 return;
562 }
563
564 cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
565 cpu->cpu_ases[0].cpu = cpu;
566 cpu->cpu_ases[0].as = as;
567 cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
568 memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as);
569 }
570 #endif
571
572 #ifndef CONFIG_USER_ONLY
573 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
574
575 static int cpu_get_free_index(Error **errp)
576 {
577 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
578
579 if (cpu >= MAX_CPUMASK_BITS) {
580 error_setg(errp, "Trying to use more CPUs than max of %d",
581 MAX_CPUMASK_BITS);
582 return -1;
583 }
584
585 bitmap_set(cpu_index_map, cpu, 1);
586 return cpu;
587 }
588
589 void cpu_exec_exit(CPUState *cpu)
590 {
591 if (cpu->cpu_index == -1) {
592 /* cpu_index was never allocated by this @cpu or was already freed. */
593 return;
594 }
595
596 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
597 cpu->cpu_index = -1;
598 }
599 #else
600
601 static int cpu_get_free_index(Error **errp)
602 {
603 CPUState *some_cpu;
604 int cpu_index = 0;
605
606 CPU_FOREACH(some_cpu) {
607 cpu_index++;
608 }
609 return cpu_index;
610 }
611
612 void cpu_exec_exit(CPUState *cpu)
613 {
614 }
615 #endif
616
617 void cpu_exec_init(CPUState *cpu, Error **errp)
618 {
619 CPUClass *cc = CPU_GET_CLASS(cpu);
620 int cpu_index;
621 Error *local_err = NULL;
622
623 #ifdef TARGET_WORDS_BIGENDIAN
624 cpu->bigendian = true;
625 #else
626 cpu->bigendian = false;
627 #endif
628
629 #ifndef CONFIG_USER_ONLY
630 cpu->as = &address_space_memory;
631 cpu->thread_id = qemu_get_thread_id();
632 #endif
633
634 #if defined(CONFIG_USER_ONLY)
635 cpu_list_lock();
636 #endif
637 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
638 if (local_err) {
639 error_propagate(errp, local_err);
640 #if defined(CONFIG_USER_ONLY)
641 cpu_list_unlock();
642 #endif
643 return;
644 }
645 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
646 #if defined(CONFIG_USER_ONLY)
647 cpu_list_unlock();
648 #endif
649 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
650 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
651 }
652 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
653 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
654 cpu_save, cpu_load, cpu->env_ptr);
655 assert(cc->vmsd == NULL);
656 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
657 #endif
658 if (cc->vmsd != NULL) {
659 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
660 }
661 }
662
663 #if defined(CONFIG_USER_ONLY)
664 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
665 {
666 tb_invalidate_phys_page_range(pc, pc + 1, 0);
667 }
668 #else
669 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
670 {
671 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
672 if (phys != -1) {
673 tb_invalidate_phys_addr(cpu->as,
674 phys | (pc & ~TARGET_PAGE_MASK));
675 }
676 }
677 #endif
678
679 #if defined(CONFIG_USER_ONLY)
680 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
681
682 {
683 }
684
685 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
686 int flags)
687 {
688 return -ENOSYS;
689 }
690
691 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
692 {
693 }
694
695 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
696 int flags, CPUWatchpoint **watchpoint)
697 {
698 return -ENOSYS;
699 }
700 #else
701 /* Add a watchpoint. */
702 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
703 int flags, CPUWatchpoint **watchpoint)
704 {
705 CPUWatchpoint *wp;
706
707 /* forbid ranges which are empty or run off the end of the address space */
708 if (len == 0 || (addr + len - 1) < addr) {
709 error_report("tried to set invalid watchpoint at %"
710 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
711 return -EINVAL;
712 }
713 wp = g_malloc(sizeof(*wp));
714
715 wp->vaddr = addr;
716 wp->len = len;
717 wp->flags = flags;
718
719 /* keep all GDB-injected watchpoints in front */
720 if (flags & BP_GDB) {
721 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
722 } else {
723 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
724 }
725
726 tlb_flush_page(cpu, addr);
727
728 if (watchpoint)
729 *watchpoint = wp;
730 return 0;
731 }
732
733 /* Remove a specific watchpoint. */
734 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
735 int flags)
736 {
737 CPUWatchpoint *wp;
738
739 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
740 if (addr == wp->vaddr && len == wp->len
741 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
742 cpu_watchpoint_remove_by_ref(cpu, wp);
743 return 0;
744 }
745 }
746 return -ENOENT;
747 }
748
749 /* Remove a specific watchpoint by reference. */
750 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
751 {
752 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
753
754 tlb_flush_page(cpu, watchpoint->vaddr);
755
756 g_free(watchpoint);
757 }
758
759 /* Remove all matching watchpoints. */
760 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
761 {
762 CPUWatchpoint *wp, *next;
763
764 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
765 if (wp->flags & mask) {
766 cpu_watchpoint_remove_by_ref(cpu, wp);
767 }
768 }
769 }
770
771 /* Return true if this watchpoint address matches the specified
772 * access (ie the address range covered by the watchpoint overlaps
773 * partially or completely with the address range covered by the
774 * access).
775 */
776 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
777 vaddr addr,
778 vaddr len)
779 {
780 /* We know the lengths are non-zero, but a little caution is
781 * required to avoid errors in the case where the range ends
782 * exactly at the top of the address space and so addr + len
783 * wraps round to zero.
784 */
785 vaddr wpend = wp->vaddr + wp->len - 1;
786 vaddr addrend = addr + len - 1;
787
788 return !(addr > wpend || wp->vaddr > addrend);
789 }
790
791 #endif
792
793 /* Add a breakpoint. */
794 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
795 CPUBreakpoint **breakpoint)
796 {
797 CPUBreakpoint *bp;
798
799 bp = g_malloc(sizeof(*bp));
800
801 bp->pc = pc;
802 bp->flags = flags;
803
804 /* keep all GDB-injected breakpoints in front */
805 if (flags & BP_GDB) {
806 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
807 } else {
808 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
809 }
810
811 breakpoint_invalidate(cpu, pc);
812
813 if (breakpoint) {
814 *breakpoint = bp;
815 }
816 return 0;
817 }
818
819 /* Remove a specific breakpoint. */
820 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
821 {
822 CPUBreakpoint *bp;
823
824 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
825 if (bp->pc == pc && bp->flags == flags) {
826 cpu_breakpoint_remove_by_ref(cpu, bp);
827 return 0;
828 }
829 }
830 return -ENOENT;
831 }
832
833 /* Remove a specific breakpoint by reference. */
834 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
835 {
836 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
837
838 breakpoint_invalidate(cpu, breakpoint->pc);
839
840 g_free(breakpoint);
841 }
842
843 /* Remove all matching breakpoints. */
844 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
845 {
846 CPUBreakpoint *bp, *next;
847
848 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
849 if (bp->flags & mask) {
850 cpu_breakpoint_remove_by_ref(cpu, bp);
851 }
852 }
853 }
854
855 /* enable or disable single step mode. EXCP_DEBUG is returned by the
856 CPU loop after each instruction */
857 void cpu_single_step(CPUState *cpu, int enabled)
858 {
859 if (cpu->singlestep_enabled != enabled) {
860 cpu->singlestep_enabled = enabled;
861 if (kvm_enabled()) {
862 kvm_update_guest_debug(cpu, 0);
863 } else {
864 /* must flush all the translated code to avoid inconsistencies */
865 /* XXX: only flush what is necessary */
866 tb_flush(cpu);
867 }
868 }
869 }
870
871 void QEMU_NORETURN cpu_abort(CPUState *cpu, const char *fmt, ...)
872 {
873 va_list ap;
874 va_list ap2;
875
876 va_start(ap, fmt);
877 va_copy(ap2, ap);
878 fprintf(stderr, "qemu: fatal: ");
879 vfprintf(stderr, fmt, ap);
880 fprintf(stderr, "\n");
881 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
882 if (qemu_log_enabled()) {
883 qemu_log("qemu: fatal: ");
884 qemu_log_vprintf(fmt, ap2);
885 qemu_log("\n");
886 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
887 qemu_log_flush();
888 qemu_log_close();
889 }
890 va_end(ap2);
891 va_end(ap);
892 replay_finish();
893 #if defined(CONFIG_USER_ONLY)
894 {
895 struct sigaction act;
896 sigfillset(&act.sa_mask);
897 act.sa_handler = SIG_DFL;
898 sigaction(SIGABRT, &act, NULL);
899 }
900 #endif
901 abort();
902 }
903
904 #if !defined(CONFIG_USER_ONLY)
905 /* Called from RCU critical section */
906 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
907 {
908 RAMBlock *block;
909
910 block = atomic_rcu_read(&ram_list.mru_block);
911 if (block && addr - block->offset < block->max_length) {
912 return block;
913 }
914 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
915 if (addr - block->offset < block->max_length) {
916 goto found;
917 }
918 }
919
920 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
921 abort();
922
923 found:
924 /* It is safe to write mru_block outside the iothread lock. This
925 * is what happens:
926 *
927 * mru_block = xxx
928 * rcu_read_unlock()
929 * xxx removed from list
930 * rcu_read_lock()
931 * read mru_block
932 * mru_block = NULL;
933 * call_rcu(reclaim_ramblock, xxx);
934 * rcu_read_unlock()
935 *
936 * atomic_rcu_set is not needed here. The block was already published
937 * when it was placed into the list. Here we're just making an extra
938 * copy of the pointer.
939 */
940 ram_list.mru_block = block;
941 return block;
942 }
943
944 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
945 {
946 CPUState *cpu;
947 ram_addr_t start1;
948 RAMBlock *block;
949 ram_addr_t end;
950
951 end = TARGET_PAGE_ALIGN(start + length);
952 start &= TARGET_PAGE_MASK;
953
954 rcu_read_lock();
955 block = qemu_get_ram_block(start);
956 assert(block == qemu_get_ram_block(end - 1));
957 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
958 CPU_FOREACH(cpu) {
959 tlb_reset_dirty(cpu, start1, length);
960 }
961 rcu_read_unlock();
962 }
963
964 /* Note: start and end must be within the same ram block. */
965 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
966 ram_addr_t length,
967 unsigned client)
968 {
969 unsigned long end, page;
970 bool dirty;
971
972 if (length == 0) {
973 return false;
974 }
975
976 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
977 page = start >> TARGET_PAGE_BITS;
978 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
979 page, end - page);
980
981 if (dirty && tcg_enabled()) {
982 tlb_reset_dirty_range_all(start, length);
983 }
984
985 return dirty;
986 }
987
988 /* Called from RCU critical section */
989 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
990 MemoryRegionSection *section,
991 target_ulong vaddr,
992 hwaddr paddr, hwaddr xlat,
993 int prot,
994 target_ulong *address)
995 {
996 hwaddr iotlb;
997 CPUWatchpoint *wp;
998
999 if (memory_region_is_ram(section->mr)) {
1000 /* Normal RAM. */
1001 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1002 + xlat;
1003 if (!section->readonly) {
1004 iotlb |= PHYS_SECTION_NOTDIRTY;
1005 } else {
1006 iotlb |= PHYS_SECTION_ROM;
1007 }
1008 } else {
1009 AddressSpaceDispatch *d;
1010
1011 d = atomic_rcu_read(&section->address_space->dispatch);
1012 iotlb = section - d->map.sections;
1013 iotlb += xlat;
1014 }
1015
1016 /* Make accesses to pages with watchpoints go via the
1017 watchpoint trap routines. */
1018 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1019 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1020 /* Avoid trapping reads of pages with a write breakpoint. */
1021 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1022 iotlb = PHYS_SECTION_WATCH + paddr;
1023 *address |= TLB_MMIO;
1024 break;
1025 }
1026 }
1027 }
1028
1029 return iotlb;
1030 }
1031 #endif /* defined(CONFIG_USER_ONLY) */
1032
1033 #if !defined(CONFIG_USER_ONLY)
1034
1035 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1036 uint16_t section);
1037 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1038
1039 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1040 qemu_anon_ram_alloc;
1041
1042 /*
1043 * Set a custom physical guest memory alloator.
1044 * Accelerators with unusual needs may need this. Hopefully, we can
1045 * get rid of it eventually.
1046 */
1047 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1048 {
1049 phys_mem_alloc = alloc;
1050 }
1051
1052 static uint16_t phys_section_add(PhysPageMap *map,
1053 MemoryRegionSection *section)
1054 {
1055 /* The physical section number is ORed with a page-aligned
1056 * pointer to produce the iotlb entries. Thus it should
1057 * never overflow into the page-aligned value.
1058 */
1059 assert(map->sections_nb < TARGET_PAGE_SIZE);
1060
1061 if (map->sections_nb == map->sections_nb_alloc) {
1062 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1063 map->sections = g_renew(MemoryRegionSection, map->sections,
1064 map->sections_nb_alloc);
1065 }
1066 map->sections[map->sections_nb] = *section;
1067 memory_region_ref(section->mr);
1068 return map->sections_nb++;
1069 }
1070
1071 static void phys_section_destroy(MemoryRegion *mr)
1072 {
1073 bool have_sub_page = mr->subpage;
1074
1075 memory_region_unref(mr);
1076
1077 if (have_sub_page) {
1078 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1079 object_unref(OBJECT(&subpage->iomem));
1080 g_free(subpage);
1081 }
1082 }
1083
1084 static void phys_sections_free(PhysPageMap *map)
1085 {
1086 while (map->sections_nb > 0) {
1087 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1088 phys_section_destroy(section->mr);
1089 }
1090 g_free(map->sections);
1091 g_free(map->nodes);
1092 }
1093
1094 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1095 {
1096 subpage_t *subpage;
1097 hwaddr base = section->offset_within_address_space
1098 & TARGET_PAGE_MASK;
1099 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1100 d->map.nodes, d->map.sections);
1101 MemoryRegionSection subsection = {
1102 .offset_within_address_space = base,
1103 .size = int128_make64(TARGET_PAGE_SIZE),
1104 };
1105 hwaddr start, end;
1106
1107 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1108
1109 if (!(existing->mr->subpage)) {
1110 subpage = subpage_init(d->as, base);
1111 subsection.address_space = d->as;
1112 subsection.mr = &subpage->iomem;
1113 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1114 phys_section_add(&d->map, &subsection));
1115 } else {
1116 subpage = container_of(existing->mr, subpage_t, iomem);
1117 }
1118 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1119 end = start + int128_get64(section->size) - 1;
1120 subpage_register(subpage, start, end,
1121 phys_section_add(&d->map, section));
1122 }
1123
1124
1125 static void register_multipage(AddressSpaceDispatch *d,
1126 MemoryRegionSection *section)
1127 {
1128 hwaddr start_addr = section->offset_within_address_space;
1129 uint16_t section_index = phys_section_add(&d->map, section);
1130 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1131 TARGET_PAGE_BITS));
1132
1133 assert(num_pages);
1134 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1135 }
1136
1137 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1138 {
1139 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1140 AddressSpaceDispatch *d = as->next_dispatch;
1141 MemoryRegionSection now = *section, remain = *section;
1142 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1143
1144 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1145 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1146 - now.offset_within_address_space;
1147
1148 now.size = int128_min(int128_make64(left), now.size);
1149 register_subpage(d, &now);
1150 } else {
1151 now.size = int128_zero();
1152 }
1153 while (int128_ne(remain.size, now.size)) {
1154 remain.size = int128_sub(remain.size, now.size);
1155 remain.offset_within_address_space += int128_get64(now.size);
1156 remain.offset_within_region += int128_get64(now.size);
1157 now = remain;
1158 if (int128_lt(remain.size, page_size)) {
1159 register_subpage(d, &now);
1160 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1161 now.size = page_size;
1162 register_subpage(d, &now);
1163 } else {
1164 now.size = int128_and(now.size, int128_neg(page_size));
1165 register_multipage(d, &now);
1166 }
1167 }
1168 }
1169
1170 void qemu_flush_coalesced_mmio_buffer(void)
1171 {
1172 if (kvm_enabled())
1173 kvm_flush_coalesced_mmio_buffer();
1174 }
1175
1176 void qemu_mutex_lock_ramlist(void)
1177 {
1178 qemu_mutex_lock(&ram_list.mutex);
1179 }
1180
1181 void qemu_mutex_unlock_ramlist(void)
1182 {
1183 qemu_mutex_unlock(&ram_list.mutex);
1184 }
1185
1186 #ifdef __linux__
1187
1188 #include <sys/vfs.h>
1189
1190 #define HUGETLBFS_MAGIC 0x958458f6
1191
1192 static long gethugepagesize(const char *path, Error **errp)
1193 {
1194 struct statfs fs;
1195 int ret;
1196
1197 do {
1198 ret = statfs(path, &fs);
1199 } while (ret != 0 && errno == EINTR);
1200
1201 if (ret != 0) {
1202 error_setg_errno(errp, errno, "failed to get page size of file %s",
1203 path);
1204 return 0;
1205 }
1206
1207 return fs.f_bsize;
1208 }
1209
1210 static void *file_ram_alloc(RAMBlock *block,
1211 ram_addr_t memory,
1212 const char *path,
1213 Error **errp)
1214 {
1215 struct stat st;
1216 char *filename;
1217 char *sanitized_name;
1218 char *c;
1219 void * volatile area = NULL;
1220 int fd;
1221 uint64_t hpagesize;
1222 Error *local_err = NULL;
1223
1224 hpagesize = gethugepagesize(path, &local_err);
1225 if (local_err) {
1226 error_propagate(errp, local_err);
1227 goto error;
1228 }
1229 block->mr->align = hpagesize;
1230
1231 if (memory < hpagesize) {
1232 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1233 "or larger than huge page size 0x%" PRIx64,
1234 memory, hpagesize);
1235 goto error;
1236 }
1237
1238 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1239 error_setg(errp,
1240 "host lacks kvm mmu notifiers, -mem-path unsupported");
1241 goto error;
1242 }
1243
1244 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1245 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1246 sanitized_name = g_strdup(memory_region_name(block->mr));
1247 for (c = sanitized_name; *c != '\0'; c++) {
1248 if (*c == '/') {
1249 *c = '_';
1250 }
1251 }
1252
1253 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1254 sanitized_name);
1255 g_free(sanitized_name);
1256
1257 fd = mkstemp(filename);
1258 if (fd >= 0) {
1259 unlink(filename);
1260 }
1261 g_free(filename);
1262 } else {
1263 fd = open(path, O_RDWR | O_CREAT, 0644);
1264 }
1265
1266 if (fd < 0) {
1267 error_setg_errno(errp, errno,
1268 "unable to create backing store for hugepages");
1269 goto error;
1270 }
1271
1272 memory = ROUND_UP(memory, hpagesize);
1273
1274 /*
1275 * ftruncate is not supported by hugetlbfs in older
1276 * hosts, so don't bother bailing out on errors.
1277 * If anything goes wrong with it under other filesystems,
1278 * mmap will fail.
1279 */
1280 if (ftruncate(fd, memory)) {
1281 perror("ftruncate");
1282 }
1283
1284 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
1285 if (area == MAP_FAILED) {
1286 error_setg_errno(errp, errno,
1287 "unable to map backing store for hugepages");
1288 close(fd);
1289 goto error;
1290 }
1291
1292 if (mem_prealloc) {
1293 os_mem_prealloc(fd, area, memory);
1294 }
1295
1296 block->fd = fd;
1297 return area;
1298
1299 error:
1300 return NULL;
1301 }
1302 #endif
1303
1304 /* Called with the ramlist lock held. */
1305 static ram_addr_t find_ram_offset(ram_addr_t size)
1306 {
1307 RAMBlock *block, *next_block;
1308 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1309
1310 assert(size != 0); /* it would hand out same offset multiple times */
1311
1312 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1313 return 0;
1314 }
1315
1316 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1317 ram_addr_t end, next = RAM_ADDR_MAX;
1318
1319 end = block->offset + block->max_length;
1320
1321 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1322 if (next_block->offset >= end) {
1323 next = MIN(next, next_block->offset);
1324 }
1325 }
1326 if (next - end >= size && next - end < mingap) {
1327 offset = end;
1328 mingap = next - end;
1329 }
1330 }
1331
1332 if (offset == RAM_ADDR_MAX) {
1333 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1334 (uint64_t)size);
1335 abort();
1336 }
1337
1338 return offset;
1339 }
1340
1341 ram_addr_t last_ram_offset(void)
1342 {
1343 RAMBlock *block;
1344 ram_addr_t last = 0;
1345
1346 rcu_read_lock();
1347 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1348 last = MAX(last, block->offset + block->max_length);
1349 }
1350 rcu_read_unlock();
1351 return last;
1352 }
1353
1354 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1355 {
1356 int ret;
1357
1358 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1359 if (!machine_dump_guest_core(current_machine)) {
1360 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1361 if (ret) {
1362 perror("qemu_madvise");
1363 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1364 "but dump_guest_core=off specified\n");
1365 }
1366 }
1367 }
1368
1369 /* Called within an RCU critical section, or while the ramlist lock
1370 * is held.
1371 */
1372 static RAMBlock *find_ram_block(ram_addr_t addr)
1373 {
1374 RAMBlock *block;
1375
1376 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1377 if (block->offset == addr) {
1378 return block;
1379 }
1380 }
1381
1382 return NULL;
1383 }
1384
1385 const char *qemu_ram_get_idstr(RAMBlock *rb)
1386 {
1387 return rb->idstr;
1388 }
1389
1390 /* Called with iothread lock held. */
1391 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1392 {
1393 RAMBlock *new_block, *block;
1394
1395 rcu_read_lock();
1396 new_block = find_ram_block(addr);
1397 assert(new_block);
1398 assert(!new_block->idstr[0]);
1399
1400 if (dev) {
1401 char *id = qdev_get_dev_path(dev);
1402 if (id) {
1403 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1404 g_free(id);
1405 }
1406 }
1407 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1408
1409 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1410 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1411 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1412 new_block->idstr);
1413 abort();
1414 }
1415 }
1416 rcu_read_unlock();
1417 }
1418
1419 /* Called with iothread lock held. */
1420 void qemu_ram_unset_idstr(ram_addr_t addr)
1421 {
1422 RAMBlock *block;
1423
1424 /* FIXME: arch_init.c assumes that this is not called throughout
1425 * migration. Ignore the problem since hot-unplug during migration
1426 * does not work anyway.
1427 */
1428
1429 rcu_read_lock();
1430 block = find_ram_block(addr);
1431 if (block) {
1432 memset(block->idstr, 0, sizeof(block->idstr));
1433 }
1434 rcu_read_unlock();
1435 }
1436
1437 static int memory_try_enable_merging(void *addr, size_t len)
1438 {
1439 if (!machine_mem_merge(current_machine)) {
1440 /* disabled by the user */
1441 return 0;
1442 }
1443
1444 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1445 }
1446
1447 /* Only legal before guest might have detected the memory size: e.g. on
1448 * incoming migration, or right after reset.
1449 *
1450 * As memory core doesn't know how is memory accessed, it is up to
1451 * resize callback to update device state and/or add assertions to detect
1452 * misuse, if necessary.
1453 */
1454 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1455 {
1456 RAMBlock *block = find_ram_block(base);
1457
1458 assert(block);
1459
1460 newsize = HOST_PAGE_ALIGN(newsize);
1461
1462 if (block->used_length == newsize) {
1463 return 0;
1464 }
1465
1466 if (!(block->flags & RAM_RESIZEABLE)) {
1467 error_setg_errno(errp, EINVAL,
1468 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1469 " in != 0x" RAM_ADDR_FMT, block->idstr,
1470 newsize, block->used_length);
1471 return -EINVAL;
1472 }
1473
1474 if (block->max_length < newsize) {
1475 error_setg_errno(errp, EINVAL,
1476 "Length too large: %s: 0x" RAM_ADDR_FMT
1477 " > 0x" RAM_ADDR_FMT, block->idstr,
1478 newsize, block->max_length);
1479 return -EINVAL;
1480 }
1481
1482 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1483 block->used_length = newsize;
1484 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1485 DIRTY_CLIENTS_ALL);
1486 memory_region_set_size(block->mr, newsize);
1487 if (block->resized) {
1488 block->resized(block->idstr, newsize, block->host);
1489 }
1490 return 0;
1491 }
1492
1493 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1494 {
1495 RAMBlock *block;
1496 RAMBlock *last_block = NULL;
1497 ram_addr_t old_ram_size, new_ram_size;
1498
1499 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1500
1501 qemu_mutex_lock_ramlist();
1502 new_block->offset = find_ram_offset(new_block->max_length);
1503
1504 if (!new_block->host) {
1505 if (xen_enabled()) {
1506 xen_ram_alloc(new_block->offset, new_block->max_length,
1507 new_block->mr);
1508 } else {
1509 new_block->host = phys_mem_alloc(new_block->max_length,
1510 &new_block->mr->align);
1511 if (!new_block->host) {
1512 error_setg_errno(errp, errno,
1513 "cannot set up guest memory '%s'",
1514 memory_region_name(new_block->mr));
1515 qemu_mutex_unlock_ramlist();
1516 return -1;
1517 }
1518 memory_try_enable_merging(new_block->host, new_block->max_length);
1519 }
1520 }
1521
1522 new_ram_size = MAX(old_ram_size,
1523 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1524 if (new_ram_size > old_ram_size) {
1525 migration_bitmap_extend(old_ram_size, new_ram_size);
1526 }
1527 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1528 * QLIST (which has an RCU-friendly variant) does not have insertion at
1529 * tail, so save the last element in last_block.
1530 */
1531 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1532 last_block = block;
1533 if (block->max_length < new_block->max_length) {
1534 break;
1535 }
1536 }
1537 if (block) {
1538 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1539 } else if (last_block) {
1540 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1541 } else { /* list is empty */
1542 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1543 }
1544 ram_list.mru_block = NULL;
1545
1546 /* Write list before version */
1547 smp_wmb();
1548 ram_list.version++;
1549 qemu_mutex_unlock_ramlist();
1550
1551 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1552
1553 if (new_ram_size > old_ram_size) {
1554 int i;
1555
1556 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1557 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1558 ram_list.dirty_memory[i] =
1559 bitmap_zero_extend(ram_list.dirty_memory[i],
1560 old_ram_size, new_ram_size);
1561 }
1562 }
1563 cpu_physical_memory_set_dirty_range(new_block->offset,
1564 new_block->used_length,
1565 DIRTY_CLIENTS_ALL);
1566
1567 if (new_block->host) {
1568 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1569 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1570 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1571 if (kvm_enabled()) {
1572 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1573 }
1574 }
1575
1576 return new_block->offset;
1577 }
1578
1579 #ifdef __linux__
1580 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1581 bool share, const char *mem_path,
1582 Error **errp)
1583 {
1584 RAMBlock *new_block;
1585 ram_addr_t addr;
1586 Error *local_err = NULL;
1587
1588 if (xen_enabled()) {
1589 error_setg(errp, "-mem-path not supported with Xen");
1590 return -1;
1591 }
1592
1593 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1594 /*
1595 * file_ram_alloc() needs to allocate just like
1596 * phys_mem_alloc, but we haven't bothered to provide
1597 * a hook there.
1598 */
1599 error_setg(errp,
1600 "-mem-path not supported with this accelerator");
1601 return -1;
1602 }
1603
1604 size = HOST_PAGE_ALIGN(size);
1605 new_block = g_malloc0(sizeof(*new_block));
1606 new_block->mr = mr;
1607 new_block->used_length = size;
1608 new_block->max_length = size;
1609 new_block->flags = share ? RAM_SHARED : 0;
1610 new_block->flags |= RAM_FILE;
1611 new_block->host = file_ram_alloc(new_block, size,
1612 mem_path, errp);
1613 if (!new_block->host) {
1614 g_free(new_block);
1615 return -1;
1616 }
1617
1618 addr = ram_block_add(new_block, &local_err);
1619 if (local_err) {
1620 g_free(new_block);
1621 error_propagate(errp, local_err);
1622 return -1;
1623 }
1624 return addr;
1625 }
1626 #endif
1627
1628 static
1629 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1630 void (*resized)(const char*,
1631 uint64_t length,
1632 void *host),
1633 void *host, bool resizeable,
1634 MemoryRegion *mr, Error **errp)
1635 {
1636 RAMBlock *new_block;
1637 ram_addr_t addr;
1638 Error *local_err = NULL;
1639
1640 size = HOST_PAGE_ALIGN(size);
1641 max_size = HOST_PAGE_ALIGN(max_size);
1642 new_block = g_malloc0(sizeof(*new_block));
1643 new_block->mr = mr;
1644 new_block->resized = resized;
1645 new_block->used_length = size;
1646 new_block->max_length = max_size;
1647 assert(max_size >= size);
1648 new_block->fd = -1;
1649 new_block->host = host;
1650 if (host) {
1651 new_block->flags |= RAM_PREALLOC;
1652 }
1653 if (resizeable) {
1654 new_block->flags |= RAM_RESIZEABLE;
1655 }
1656 addr = ram_block_add(new_block, &local_err);
1657 if (local_err) {
1658 g_free(new_block);
1659 error_propagate(errp, local_err);
1660 return -1;
1661 }
1662 return addr;
1663 }
1664
1665 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1666 MemoryRegion *mr, Error **errp)
1667 {
1668 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1669 }
1670
1671 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1672 {
1673 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1674 }
1675
1676 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1677 void (*resized)(const char*,
1678 uint64_t length,
1679 void *host),
1680 MemoryRegion *mr, Error **errp)
1681 {
1682 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1683 }
1684
1685 void qemu_ram_free_from_ptr(ram_addr_t addr)
1686 {
1687 RAMBlock *block;
1688
1689 qemu_mutex_lock_ramlist();
1690 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1691 if (addr == block->offset) {
1692 QLIST_REMOVE_RCU(block, next);
1693 ram_list.mru_block = NULL;
1694 /* Write list before version */
1695 smp_wmb();
1696 ram_list.version++;
1697 g_free_rcu(block, rcu);
1698 break;
1699 }
1700 }
1701 qemu_mutex_unlock_ramlist();
1702 }
1703
1704 static void reclaim_ramblock(RAMBlock *block)
1705 {
1706 if (block->flags & RAM_PREALLOC) {
1707 ;
1708 } else if (xen_enabled()) {
1709 xen_invalidate_map_cache_entry(block->host);
1710 #ifndef _WIN32
1711 } else if (block->fd >= 0) {
1712 if (block->flags & RAM_FILE) {
1713 qemu_ram_munmap(block->host, block->max_length);
1714 } else {
1715 munmap(block->host, block->max_length);
1716 }
1717 close(block->fd);
1718 #endif
1719 } else {
1720 qemu_anon_ram_free(block->host, block->max_length);
1721 }
1722 g_free(block);
1723 }
1724
1725 void qemu_ram_free(ram_addr_t addr)
1726 {
1727 RAMBlock *block;
1728
1729 qemu_mutex_lock_ramlist();
1730 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1731 if (addr == block->offset) {
1732 QLIST_REMOVE_RCU(block, next);
1733 ram_list.mru_block = NULL;
1734 /* Write list before version */
1735 smp_wmb();
1736 ram_list.version++;
1737 call_rcu(block, reclaim_ramblock, rcu);
1738 break;
1739 }
1740 }
1741 qemu_mutex_unlock_ramlist();
1742 }
1743
1744 #ifndef _WIN32
1745 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1746 {
1747 RAMBlock *block;
1748 ram_addr_t offset;
1749 int flags;
1750 void *area, *vaddr;
1751
1752 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1753 offset = addr - block->offset;
1754 if (offset < block->max_length) {
1755 vaddr = ramblock_ptr(block, offset);
1756 if (block->flags & RAM_PREALLOC) {
1757 ;
1758 } else if (xen_enabled()) {
1759 abort();
1760 } else {
1761 flags = MAP_FIXED;
1762 if (block->fd >= 0) {
1763 flags |= (block->flags & RAM_SHARED ?
1764 MAP_SHARED : MAP_PRIVATE);
1765 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1766 flags, block->fd, offset);
1767 } else {
1768 /*
1769 * Remap needs to match alloc. Accelerators that
1770 * set phys_mem_alloc never remap. If they did,
1771 * we'd need a remap hook here.
1772 */
1773 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1774
1775 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1776 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1777 flags, -1, 0);
1778 }
1779 if (area != vaddr) {
1780 fprintf(stderr, "Could not remap addr: "
1781 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1782 length, addr);
1783 exit(1);
1784 }
1785 memory_try_enable_merging(vaddr, length);
1786 qemu_ram_setup_dump(vaddr, length);
1787 }
1788 }
1789 }
1790 }
1791 #endif /* !_WIN32 */
1792
1793 int qemu_get_ram_fd(ram_addr_t addr)
1794 {
1795 RAMBlock *block;
1796 int fd;
1797
1798 rcu_read_lock();
1799 block = qemu_get_ram_block(addr);
1800 fd = block->fd;
1801 rcu_read_unlock();
1802 return fd;
1803 }
1804
1805 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1806 {
1807 RAMBlock *block;
1808 void *ptr;
1809
1810 rcu_read_lock();
1811 block = qemu_get_ram_block(addr);
1812 ptr = ramblock_ptr(block, 0);
1813 rcu_read_unlock();
1814 return ptr;
1815 }
1816
1817 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1818 * This should not be used for general purpose DMA. Use address_space_map
1819 * or address_space_rw instead. For local memory (e.g. video ram) that the
1820 * device owns, use memory_region_get_ram_ptr.
1821 *
1822 * By the time this function returns, the returned pointer is not protected
1823 * by RCU anymore. If the caller is not within an RCU critical section and
1824 * does not hold the iothread lock, it must have other means of protecting the
1825 * pointer, such as a reference to the region that includes the incoming
1826 * ram_addr_t.
1827 */
1828 void *qemu_get_ram_ptr(ram_addr_t addr)
1829 {
1830 RAMBlock *block;
1831 void *ptr;
1832
1833 rcu_read_lock();
1834 block = qemu_get_ram_block(addr);
1835
1836 if (xen_enabled() && block->host == NULL) {
1837 /* We need to check if the requested address is in the RAM
1838 * because we don't want to map the entire memory in QEMU.
1839 * In that case just map until the end of the page.
1840 */
1841 if (block->offset == 0) {
1842 ptr = xen_map_cache(addr, 0, 0);
1843 goto unlock;
1844 }
1845
1846 block->host = xen_map_cache(block->offset, block->max_length, 1);
1847 }
1848 ptr = ramblock_ptr(block, addr - block->offset);
1849
1850 unlock:
1851 rcu_read_unlock();
1852 return ptr;
1853 }
1854
1855 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1856 * but takes a size argument.
1857 *
1858 * By the time this function returns, the returned pointer is not protected
1859 * by RCU anymore. If the caller is not within an RCU critical section and
1860 * does not hold the iothread lock, it must have other means of protecting the
1861 * pointer, such as a reference to the region that includes the incoming
1862 * ram_addr_t.
1863 */
1864 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1865 {
1866 void *ptr;
1867 if (*size == 0) {
1868 return NULL;
1869 }
1870 if (xen_enabled()) {
1871 return xen_map_cache(addr, *size, 1);
1872 } else {
1873 RAMBlock *block;
1874 rcu_read_lock();
1875 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1876 if (addr - block->offset < block->max_length) {
1877 if (addr - block->offset + *size > block->max_length)
1878 *size = block->max_length - addr + block->offset;
1879 ptr = ramblock_ptr(block, addr - block->offset);
1880 rcu_read_unlock();
1881 return ptr;
1882 }
1883 }
1884
1885 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1886 abort();
1887 }
1888 }
1889
1890 /*
1891 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1892 * in that RAMBlock.
1893 *
1894 * ptr: Host pointer to look up
1895 * round_offset: If true round the result offset down to a page boundary
1896 * *ram_addr: set to result ram_addr
1897 * *offset: set to result offset within the RAMBlock
1898 *
1899 * Returns: RAMBlock (or NULL if not found)
1900 *
1901 * By the time this function returns, the returned pointer is not protected
1902 * by RCU anymore. If the caller is not within an RCU critical section and
1903 * does not hold the iothread lock, it must have other means of protecting the
1904 * pointer, such as a reference to the region that includes the incoming
1905 * ram_addr_t.
1906 */
1907 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1908 ram_addr_t *ram_addr,
1909 ram_addr_t *offset)
1910 {
1911 RAMBlock *block;
1912 uint8_t *host = ptr;
1913
1914 if (xen_enabled()) {
1915 rcu_read_lock();
1916 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1917 block = qemu_get_ram_block(*ram_addr);
1918 if (block) {
1919 *offset = (host - block->host);
1920 }
1921 rcu_read_unlock();
1922 return block;
1923 }
1924
1925 rcu_read_lock();
1926 block = atomic_rcu_read(&ram_list.mru_block);
1927 if (block && block->host && host - block->host < block->max_length) {
1928 goto found;
1929 }
1930
1931 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1932 /* This case append when the block is not mapped. */
1933 if (block->host == NULL) {
1934 continue;
1935 }
1936 if (host - block->host < block->max_length) {
1937 goto found;
1938 }
1939 }
1940
1941 rcu_read_unlock();
1942 return NULL;
1943
1944 found:
1945 *offset = (host - block->host);
1946 if (round_offset) {
1947 *offset &= TARGET_PAGE_MASK;
1948 }
1949 *ram_addr = block->offset + *offset;
1950 rcu_read_unlock();
1951 return block;
1952 }
1953
1954 /*
1955 * Finds the named RAMBlock
1956 *
1957 * name: The name of RAMBlock to find
1958 *
1959 * Returns: RAMBlock (or NULL if not found)
1960 */
1961 RAMBlock *qemu_ram_block_by_name(const char *name)
1962 {
1963 RAMBlock *block;
1964
1965 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1966 if (!strcmp(name, block->idstr)) {
1967 return block;
1968 }
1969 }
1970
1971 return NULL;
1972 }
1973
1974 /* Some of the softmmu routines need to translate from a host pointer
1975 (typically a TLB entry) back to a ram offset. */
1976 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1977 {
1978 RAMBlock *block;
1979 ram_addr_t offset; /* Not used */
1980
1981 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
1982
1983 if (!block) {
1984 return NULL;
1985 }
1986
1987 return block->mr;
1988 }
1989
1990 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1991 uint64_t val, unsigned size)
1992 {
1993 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1994 tb_invalidate_phys_page_fast(ram_addr, size);
1995 }
1996 switch (size) {
1997 case 1:
1998 stb_p(qemu_get_ram_ptr(ram_addr), val);
1999 break;
2000 case 2:
2001 stw_p(qemu_get_ram_ptr(ram_addr), val);
2002 break;
2003 case 4:
2004 stl_p(qemu_get_ram_ptr(ram_addr), val);
2005 break;
2006 default:
2007 abort();
2008 }
2009 /* Set both VGA and migration bits for simplicity and to remove
2010 * the notdirty callback faster.
2011 */
2012 cpu_physical_memory_set_dirty_range(ram_addr, size,
2013 DIRTY_CLIENTS_NOCODE);
2014 /* we remove the notdirty callback only if the code has been
2015 flushed */
2016 if (!cpu_physical_memory_is_clean(ram_addr)) {
2017 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
2018 }
2019 }
2020
2021 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2022 unsigned size, bool is_write)
2023 {
2024 return is_write;
2025 }
2026
2027 static const MemoryRegionOps notdirty_mem_ops = {
2028 .write = notdirty_mem_write,
2029 .valid.accepts = notdirty_mem_accepts,
2030 .endianness = DEVICE_NATIVE_ENDIAN,
2031 };
2032
2033 /* Generate a debug exception if a watchpoint has been hit. */
2034 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
2035 {
2036 CPUState *cpu = current_cpu;
2037 CPUArchState *env = cpu->env_ptr;
2038 target_ulong pc, cs_base;
2039 target_ulong vaddr;
2040 CPUWatchpoint *wp;
2041 int cpu_flags;
2042
2043 if (cpu->watchpoint_hit) {
2044 /* We re-entered the check after replacing the TB. Now raise
2045 * the debug interrupt so that is will trigger after the
2046 * current instruction. */
2047 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2048 return;
2049 }
2050 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2051 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2052 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2053 && (wp->flags & flags)) {
2054 if (flags == BP_MEM_READ) {
2055 wp->flags |= BP_WATCHPOINT_HIT_READ;
2056 } else {
2057 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2058 }
2059 wp->hitaddr = vaddr;
2060 wp->hitattrs = attrs;
2061 if (!cpu->watchpoint_hit) {
2062 cpu->watchpoint_hit = wp;
2063 tb_check_watchpoint(cpu);
2064 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2065 cpu->exception_index = EXCP_DEBUG;
2066 cpu_loop_exit(cpu);
2067 } else {
2068 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2069 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2070 cpu_resume_from_signal(cpu, NULL);
2071 }
2072 }
2073 } else {
2074 wp->flags &= ~BP_WATCHPOINT_HIT;
2075 }
2076 }
2077 }
2078
2079 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2080 so these check for a hit then pass through to the normal out-of-line
2081 phys routines. */
2082 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2083 unsigned size, MemTxAttrs attrs)
2084 {
2085 MemTxResult res;
2086 uint64_t data;
2087
2088 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2089 switch (size) {
2090 case 1:
2091 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2092 break;
2093 case 2:
2094 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2095 break;
2096 case 4:
2097 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2098 break;
2099 default: abort();
2100 }
2101 *pdata = data;
2102 return res;
2103 }
2104
2105 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2106 uint64_t val, unsigned size,
2107 MemTxAttrs attrs)
2108 {
2109 MemTxResult res;
2110
2111 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2112 switch (size) {
2113 case 1:
2114 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2115 break;
2116 case 2:
2117 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2118 break;
2119 case 4:
2120 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2121 break;
2122 default: abort();
2123 }
2124 return res;
2125 }
2126
2127 static const MemoryRegionOps watch_mem_ops = {
2128 .read_with_attrs = watch_mem_read,
2129 .write_with_attrs = watch_mem_write,
2130 .endianness = DEVICE_NATIVE_ENDIAN,
2131 };
2132
2133 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2134 unsigned len, MemTxAttrs attrs)
2135 {
2136 subpage_t *subpage = opaque;
2137 uint8_t buf[8];
2138 MemTxResult res;
2139
2140 #if defined(DEBUG_SUBPAGE)
2141 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2142 subpage, len, addr);
2143 #endif
2144 res = address_space_read(subpage->as, addr + subpage->base,
2145 attrs, buf, len);
2146 if (res) {
2147 return res;
2148 }
2149 switch (len) {
2150 case 1:
2151 *data = ldub_p(buf);
2152 return MEMTX_OK;
2153 case 2:
2154 *data = lduw_p(buf);
2155 return MEMTX_OK;
2156 case 4:
2157 *data = ldl_p(buf);
2158 return MEMTX_OK;
2159 case 8:
2160 *data = ldq_p(buf);
2161 return MEMTX_OK;
2162 default:
2163 abort();
2164 }
2165 }
2166
2167 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2168 uint64_t value, unsigned len, MemTxAttrs attrs)
2169 {
2170 subpage_t *subpage = opaque;
2171 uint8_t buf[8];
2172
2173 #if defined(DEBUG_SUBPAGE)
2174 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2175 " value %"PRIx64"\n",
2176 __func__, subpage, len, addr, value);
2177 #endif
2178 switch (len) {
2179 case 1:
2180 stb_p(buf, value);
2181 break;
2182 case 2:
2183 stw_p(buf, value);
2184 break;
2185 case 4:
2186 stl_p(buf, value);
2187 break;
2188 case 8:
2189 stq_p(buf, value);
2190 break;
2191 default:
2192 abort();
2193 }
2194 return address_space_write(subpage->as, addr + subpage->base,
2195 attrs, buf, len);
2196 }
2197
2198 static bool subpage_accepts(void *opaque, hwaddr addr,
2199 unsigned len, bool is_write)
2200 {
2201 subpage_t *subpage = opaque;
2202 #if defined(DEBUG_SUBPAGE)
2203 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2204 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2205 #endif
2206
2207 return address_space_access_valid(subpage->as, addr + subpage->base,
2208 len, is_write);
2209 }
2210
2211 static const MemoryRegionOps subpage_ops = {
2212 .read_with_attrs = subpage_read,
2213 .write_with_attrs = subpage_write,
2214 .impl.min_access_size = 1,
2215 .impl.max_access_size = 8,
2216 .valid.min_access_size = 1,
2217 .valid.max_access_size = 8,
2218 .valid.accepts = subpage_accepts,
2219 .endianness = DEVICE_NATIVE_ENDIAN,
2220 };
2221
2222 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2223 uint16_t section)
2224 {
2225 int idx, eidx;
2226
2227 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2228 return -1;
2229 idx = SUBPAGE_IDX(start);
2230 eidx = SUBPAGE_IDX(end);
2231 #if defined(DEBUG_SUBPAGE)
2232 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2233 __func__, mmio, start, end, idx, eidx, section);
2234 #endif
2235 for (; idx <= eidx; idx++) {
2236 mmio->sub_section[idx] = section;
2237 }
2238
2239 return 0;
2240 }
2241
2242 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2243 {
2244 subpage_t *mmio;
2245
2246 mmio = g_malloc0(sizeof(subpage_t));
2247
2248 mmio->as = as;
2249 mmio->base = base;
2250 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2251 NULL, TARGET_PAGE_SIZE);
2252 mmio->iomem.subpage = true;
2253 #if defined(DEBUG_SUBPAGE)
2254 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2255 mmio, base, TARGET_PAGE_SIZE);
2256 #endif
2257 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2258
2259 return mmio;
2260 }
2261
2262 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2263 MemoryRegion *mr)
2264 {
2265 assert(as);
2266 MemoryRegionSection section = {
2267 .address_space = as,
2268 .mr = mr,
2269 .offset_within_address_space = 0,
2270 .offset_within_region = 0,
2271 .size = int128_2_64(),
2272 };
2273
2274 return phys_section_add(map, &section);
2275 }
2276
2277 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2278 {
2279 CPUAddressSpace *cpuas = &cpu->cpu_ases[0];
2280 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2281 MemoryRegionSection *sections = d->map.sections;
2282
2283 return sections[index & ~TARGET_PAGE_MASK].mr;
2284 }
2285
2286 static void io_mem_init(void)
2287 {
2288 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2289 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2290 NULL, UINT64_MAX);
2291 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2292 NULL, UINT64_MAX);
2293 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2294 NULL, UINT64_MAX);
2295 }
2296
2297 static void mem_begin(MemoryListener *listener)
2298 {
2299 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2300 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2301 uint16_t n;
2302
2303 n = dummy_section(&d->map, as, &io_mem_unassigned);
2304 assert(n == PHYS_SECTION_UNASSIGNED);
2305 n = dummy_section(&d->map, as, &io_mem_notdirty);
2306 assert(n == PHYS_SECTION_NOTDIRTY);
2307 n = dummy_section(&d->map, as, &io_mem_rom);
2308 assert(n == PHYS_SECTION_ROM);
2309 n = dummy_section(&d->map, as, &io_mem_watch);
2310 assert(n == PHYS_SECTION_WATCH);
2311
2312 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2313 d->as = as;
2314 as->next_dispatch = d;
2315 }
2316
2317 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2318 {
2319 phys_sections_free(&d->map);
2320 g_free(d);
2321 }
2322
2323 static void mem_commit(MemoryListener *listener)
2324 {
2325 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2326 AddressSpaceDispatch *cur = as->dispatch;
2327 AddressSpaceDispatch *next = as->next_dispatch;
2328
2329 phys_page_compact_all(next, next->map.nodes_nb);
2330
2331 atomic_rcu_set(&as->dispatch, next);
2332 if (cur) {
2333 call_rcu(cur, address_space_dispatch_free, rcu);
2334 }
2335 }
2336
2337 static void tcg_commit(MemoryListener *listener)
2338 {
2339 CPUAddressSpace *cpuas;
2340 AddressSpaceDispatch *d;
2341
2342 /* since each CPU stores ram addresses in its TLB cache, we must
2343 reset the modified entries */
2344 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2345 cpu_reloading_memory_map();
2346 /* The CPU and TLB are protected by the iothread lock.
2347 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2348 * may have split the RCU critical section.
2349 */
2350 d = atomic_rcu_read(&cpuas->as->dispatch);
2351 cpuas->memory_dispatch = d;
2352 tlb_flush(cpuas->cpu, 1);
2353 }
2354
2355 void address_space_init_dispatch(AddressSpace *as)
2356 {
2357 as->dispatch = NULL;
2358 as->dispatch_listener = (MemoryListener) {
2359 .begin = mem_begin,
2360 .commit = mem_commit,
2361 .region_add = mem_add,
2362 .region_nop = mem_add,
2363 .priority = 0,
2364 };
2365 memory_listener_register(&as->dispatch_listener, as);
2366 }
2367
2368 void address_space_unregister(AddressSpace *as)
2369 {
2370 memory_listener_unregister(&as->dispatch_listener);
2371 }
2372
2373 void address_space_destroy_dispatch(AddressSpace *as)
2374 {
2375 AddressSpaceDispatch *d = as->dispatch;
2376
2377 atomic_rcu_set(&as->dispatch, NULL);
2378 if (d) {
2379 call_rcu(d, address_space_dispatch_free, rcu);
2380 }
2381 }
2382
2383 static void memory_map_init(void)
2384 {
2385 system_memory = g_malloc(sizeof(*system_memory));
2386
2387 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2388 address_space_init(&address_space_memory, system_memory, "memory");
2389
2390 system_io = g_malloc(sizeof(*system_io));
2391 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2392 65536);
2393 address_space_init(&address_space_io, system_io, "I/O");
2394 }
2395
2396 MemoryRegion *get_system_memory(void)
2397 {
2398 return system_memory;
2399 }
2400
2401 MemoryRegion *get_system_io(void)
2402 {
2403 return system_io;
2404 }
2405
2406 #endif /* !defined(CONFIG_USER_ONLY) */
2407
2408 /* physical memory access (slow version, mainly for debug) */
2409 #if defined(CONFIG_USER_ONLY)
2410 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2411 uint8_t *buf, int len, int is_write)
2412 {
2413 int l, flags;
2414 target_ulong page;
2415 void * p;
2416
2417 while (len > 0) {
2418 page = addr & TARGET_PAGE_MASK;
2419 l = (page + TARGET_PAGE_SIZE) - addr;
2420 if (l > len)
2421 l = len;
2422 flags = page_get_flags(page);
2423 if (!(flags & PAGE_VALID))
2424 return -1;
2425 if (is_write) {
2426 if (!(flags & PAGE_WRITE))
2427 return -1;
2428 /* XXX: this code should not depend on lock_user */
2429 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2430 return -1;
2431 memcpy(p, buf, l);
2432 unlock_user(p, addr, l);
2433 } else {
2434 if (!(flags & PAGE_READ))
2435 return -1;
2436 /* XXX: this code should not depend on lock_user */
2437 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2438 return -1;
2439 memcpy(buf, p, l);
2440 unlock_user(p, addr, 0);
2441 }
2442 len -= l;
2443 buf += l;
2444 addr += l;
2445 }
2446 return 0;
2447 }
2448
2449 #else
2450
2451 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2452 hwaddr length)
2453 {
2454 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2455 /* No early return if dirty_log_mask is or becomes 0, because
2456 * cpu_physical_memory_set_dirty_range will still call
2457 * xen_modified_memory.
2458 */
2459 if (dirty_log_mask) {
2460 dirty_log_mask =
2461 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2462 }
2463 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2464 tb_invalidate_phys_range(addr, addr + length);
2465 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2466 }
2467 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2468 }
2469
2470 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2471 {
2472 unsigned access_size_max = mr->ops->valid.max_access_size;
2473
2474 /* Regions are assumed to support 1-4 byte accesses unless
2475 otherwise specified. */
2476 if (access_size_max == 0) {
2477 access_size_max = 4;
2478 }
2479
2480 /* Bound the maximum access by the alignment of the address. */
2481 if (!mr->ops->impl.unaligned) {
2482 unsigned align_size_max = addr & -addr;
2483 if (align_size_max != 0 && align_size_max < access_size_max) {
2484 access_size_max = align_size_max;
2485 }
2486 }
2487
2488 /* Don't attempt accesses larger than the maximum. */
2489 if (l > access_size_max) {
2490 l = access_size_max;
2491 }
2492 l = pow2floor(l);
2493
2494 return l;
2495 }
2496
2497 static bool prepare_mmio_access(MemoryRegion *mr)
2498 {
2499 bool unlocked = !qemu_mutex_iothread_locked();
2500 bool release_lock = false;
2501
2502 if (unlocked && mr->global_locking) {
2503 qemu_mutex_lock_iothread();
2504 unlocked = false;
2505 release_lock = true;
2506 }
2507 if (mr->flush_coalesced_mmio) {
2508 if (unlocked) {
2509 qemu_mutex_lock_iothread();
2510 }
2511 qemu_flush_coalesced_mmio_buffer();
2512 if (unlocked) {
2513 qemu_mutex_unlock_iothread();
2514 }
2515 }
2516
2517 return release_lock;
2518 }
2519
2520 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2521 uint8_t *buf, int len, bool is_write)
2522 {
2523 hwaddr l;
2524 uint8_t *ptr;
2525 uint64_t val;
2526 hwaddr addr1;
2527 MemoryRegion *mr;
2528 MemTxResult result = MEMTX_OK;
2529 bool release_lock = false;
2530
2531 rcu_read_lock();
2532 while (len > 0) {
2533 l = len;
2534 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2535
2536 if (is_write) {
2537 if (!memory_access_is_direct(mr, is_write)) {
2538 release_lock |= prepare_mmio_access(mr);
2539 l = memory_access_size(mr, l, addr1);
2540 /* XXX: could force current_cpu to NULL to avoid
2541 potential bugs */
2542 switch (l) {
2543 case 8:
2544 /* 64 bit write access */
2545 val = ldq_p(buf);
2546 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2547 attrs);
2548 break;
2549 case 4:
2550 /* 32 bit write access */
2551 val = ldl_p(buf);
2552 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2553 attrs);
2554 break;
2555 case 2:
2556 /* 16 bit write access */
2557 val = lduw_p(buf);
2558 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2559 attrs);
2560 break;
2561 case 1:
2562 /* 8 bit write access */
2563 val = ldub_p(buf);
2564 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2565 attrs);
2566 break;
2567 default:
2568 abort();
2569 }
2570 } else {
2571 addr1 += memory_region_get_ram_addr(mr);
2572 /* RAM case */
2573 ptr = qemu_get_ram_ptr(addr1);
2574 memcpy(ptr, buf, l);
2575 invalidate_and_set_dirty(mr, addr1, l);
2576 }
2577 } else {
2578 if (!memory_access_is_direct(mr, is_write)) {
2579 /* I/O case */
2580 release_lock |= prepare_mmio_access(mr);
2581 l = memory_access_size(mr, l, addr1);
2582 switch (l) {
2583 case 8:
2584 /* 64 bit read access */
2585 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2586 attrs);
2587 stq_p(buf, val);
2588 break;
2589 case 4:
2590 /* 32 bit read access */
2591 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2592 attrs);
2593 stl_p(buf, val);
2594 break;
2595 case 2:
2596 /* 16 bit read access */
2597 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2598 attrs);
2599 stw_p(buf, val);
2600 break;
2601 case 1:
2602 /* 8 bit read access */
2603 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2604 attrs);
2605 stb_p(buf, val);
2606 break;
2607 default:
2608 abort();
2609 }
2610 } else {
2611 /* RAM case */
2612 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2613 memcpy(buf, ptr, l);
2614 }
2615 }
2616
2617 if (release_lock) {
2618 qemu_mutex_unlock_iothread();
2619 release_lock = false;
2620 }
2621
2622 len -= l;
2623 buf += l;
2624 addr += l;
2625 }
2626 rcu_read_unlock();
2627
2628 return result;
2629 }
2630
2631 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2632 const uint8_t *buf, int len)
2633 {
2634 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2635 }
2636
2637 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2638 uint8_t *buf, int len)
2639 {
2640 return address_space_rw(as, addr, attrs, buf, len, false);
2641 }
2642
2643
2644 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2645 int len, int is_write)
2646 {
2647 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2648 buf, len, is_write);
2649 }
2650
2651 enum write_rom_type {
2652 WRITE_DATA,
2653 FLUSH_CACHE,
2654 };
2655
2656 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2657 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2658 {
2659 hwaddr l;
2660 uint8_t *ptr;
2661 hwaddr addr1;
2662 MemoryRegion *mr;
2663
2664 rcu_read_lock();
2665 while (len > 0) {
2666 l = len;
2667 mr = address_space_translate(as, addr, &addr1, &l, true);
2668
2669 if (!(memory_region_is_ram(mr) ||
2670 memory_region_is_romd(mr))) {
2671 l = memory_access_size(mr, l, addr1);
2672 } else {
2673 addr1 += memory_region_get_ram_addr(mr);
2674 /* ROM/RAM case */
2675 ptr = qemu_get_ram_ptr(addr1);
2676 switch (type) {
2677 case WRITE_DATA:
2678 memcpy(ptr, buf, l);
2679 invalidate_and_set_dirty(mr, addr1, l);
2680 break;
2681 case FLUSH_CACHE:
2682 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2683 break;
2684 }
2685 }
2686 len -= l;
2687 buf += l;
2688 addr += l;
2689 }
2690 rcu_read_unlock();
2691 }
2692
2693 /* used for ROM loading : can write in RAM and ROM */
2694 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2695 const uint8_t *buf, int len)
2696 {
2697 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2698 }
2699
2700 void cpu_flush_icache_range(hwaddr start, int len)
2701 {
2702 /*
2703 * This function should do the same thing as an icache flush that was
2704 * triggered from within the guest. For TCG we are always cache coherent,
2705 * so there is no need to flush anything. For KVM / Xen we need to flush
2706 * the host's instruction cache at least.
2707 */
2708 if (tcg_enabled()) {
2709 return;
2710 }
2711
2712 cpu_physical_memory_write_rom_internal(&address_space_memory,
2713 start, NULL, len, FLUSH_CACHE);
2714 }
2715
2716 typedef struct {
2717 MemoryRegion *mr;
2718 void *buffer;
2719 hwaddr addr;
2720 hwaddr len;
2721 bool in_use;
2722 } BounceBuffer;
2723
2724 static BounceBuffer bounce;
2725
2726 typedef struct MapClient {
2727 QEMUBH *bh;
2728 QLIST_ENTRY(MapClient) link;
2729 } MapClient;
2730
2731 QemuMutex map_client_list_lock;
2732 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2733 = QLIST_HEAD_INITIALIZER(map_client_list);
2734
2735 static void cpu_unregister_map_client_do(MapClient *client)
2736 {
2737 QLIST_REMOVE(client, link);
2738 g_free(client);
2739 }
2740
2741 static void cpu_notify_map_clients_locked(void)
2742 {
2743 MapClient *client;
2744
2745 while (!QLIST_EMPTY(&map_client_list)) {
2746 client = QLIST_FIRST(&map_client_list);
2747 qemu_bh_schedule(client->bh);
2748 cpu_unregister_map_client_do(client);
2749 }
2750 }
2751
2752 void cpu_register_map_client(QEMUBH *bh)
2753 {
2754 MapClient *client = g_malloc(sizeof(*client));
2755
2756 qemu_mutex_lock(&map_client_list_lock);
2757 client->bh = bh;
2758 QLIST_INSERT_HEAD(&map_client_list, client, link);
2759 if (!atomic_read(&bounce.in_use)) {
2760 cpu_notify_map_clients_locked();
2761 }
2762 qemu_mutex_unlock(&map_client_list_lock);
2763 }
2764
2765 void cpu_exec_init_all(void)
2766 {
2767 qemu_mutex_init(&ram_list.mutex);
2768 io_mem_init();
2769 memory_map_init();
2770 qemu_mutex_init(&map_client_list_lock);
2771 }
2772
2773 void cpu_unregister_map_client(QEMUBH *bh)
2774 {
2775 MapClient *client;
2776
2777 qemu_mutex_lock(&map_client_list_lock);
2778 QLIST_FOREACH(client, &map_client_list, link) {
2779 if (client->bh == bh) {
2780 cpu_unregister_map_client_do(client);
2781 break;
2782 }
2783 }
2784 qemu_mutex_unlock(&map_client_list_lock);
2785 }
2786
2787 static void cpu_notify_map_clients(void)
2788 {
2789 qemu_mutex_lock(&map_client_list_lock);
2790 cpu_notify_map_clients_locked();
2791 qemu_mutex_unlock(&map_client_list_lock);
2792 }
2793
2794 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2795 {
2796 MemoryRegion *mr;
2797 hwaddr l, xlat;
2798
2799 rcu_read_lock();
2800 while (len > 0) {
2801 l = len;
2802 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2803 if (!memory_access_is_direct(mr, is_write)) {
2804 l = memory_access_size(mr, l, addr);
2805 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2806 return false;
2807 }
2808 }
2809
2810 len -= l;
2811 addr += l;
2812 }
2813 rcu_read_unlock();
2814 return true;
2815 }
2816
2817 /* Map a physical memory region into a host virtual address.
2818 * May map a subset of the requested range, given by and returned in *plen.
2819 * May return NULL if resources needed to perform the mapping are exhausted.
2820 * Use only for reads OR writes - not for read-modify-write operations.
2821 * Use cpu_register_map_client() to know when retrying the map operation is
2822 * likely to succeed.
2823 */
2824 void *address_space_map(AddressSpace *as,
2825 hwaddr addr,
2826 hwaddr *plen,
2827 bool is_write)
2828 {
2829 hwaddr len = *plen;
2830 hwaddr done = 0;
2831 hwaddr l, xlat, base;
2832 MemoryRegion *mr, *this_mr;
2833 ram_addr_t raddr;
2834
2835 if (len == 0) {
2836 return NULL;
2837 }
2838
2839 l = len;
2840 rcu_read_lock();
2841 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2842
2843 if (!memory_access_is_direct(mr, is_write)) {
2844 if (atomic_xchg(&bounce.in_use, true)) {
2845 rcu_read_unlock();
2846 return NULL;
2847 }
2848 /* Avoid unbounded allocations */
2849 l = MIN(l, TARGET_PAGE_SIZE);
2850 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2851 bounce.addr = addr;
2852 bounce.len = l;
2853
2854 memory_region_ref(mr);
2855 bounce.mr = mr;
2856 if (!is_write) {
2857 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2858 bounce.buffer, l);
2859 }
2860
2861 rcu_read_unlock();
2862 *plen = l;
2863 return bounce.buffer;
2864 }
2865
2866 base = xlat;
2867 raddr = memory_region_get_ram_addr(mr);
2868
2869 for (;;) {
2870 len -= l;
2871 addr += l;
2872 done += l;
2873 if (len == 0) {
2874 break;
2875 }
2876
2877 l = len;
2878 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2879 if (this_mr != mr || xlat != base + done) {
2880 break;
2881 }
2882 }
2883
2884 memory_region_ref(mr);
2885 rcu_read_unlock();
2886 *plen = done;
2887 return qemu_ram_ptr_length(raddr + base, plen);
2888 }
2889
2890 /* Unmaps a memory region previously mapped by address_space_map().
2891 * Will also mark the memory as dirty if is_write == 1. access_len gives
2892 * the amount of memory that was actually read or written by the caller.
2893 */
2894 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2895 int is_write, hwaddr access_len)
2896 {
2897 if (buffer != bounce.buffer) {
2898 MemoryRegion *mr;
2899 ram_addr_t addr1;
2900
2901 mr = qemu_ram_addr_from_host(buffer, &addr1);
2902 assert(mr != NULL);
2903 if (is_write) {
2904 invalidate_and_set_dirty(mr, addr1, access_len);
2905 }
2906 if (xen_enabled()) {
2907 xen_invalidate_map_cache_entry(buffer);
2908 }
2909 memory_region_unref(mr);
2910 return;
2911 }
2912 if (is_write) {
2913 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2914 bounce.buffer, access_len);
2915 }
2916 qemu_vfree(bounce.buffer);
2917 bounce.buffer = NULL;
2918 memory_region_unref(bounce.mr);
2919 atomic_mb_set(&bounce.in_use, false);
2920 cpu_notify_map_clients();
2921 }
2922
2923 void *cpu_physical_memory_map(hwaddr addr,
2924 hwaddr *plen,
2925 int is_write)
2926 {
2927 return address_space_map(&address_space_memory, addr, plen, is_write);
2928 }
2929
2930 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2931 int is_write, hwaddr access_len)
2932 {
2933 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2934 }
2935
2936 /* warning: addr must be aligned */
2937 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2938 MemTxAttrs attrs,
2939 MemTxResult *result,
2940 enum device_endian endian)
2941 {
2942 uint8_t *ptr;
2943 uint64_t val;
2944 MemoryRegion *mr;
2945 hwaddr l = 4;
2946 hwaddr addr1;
2947 MemTxResult r;
2948 bool release_lock = false;
2949
2950 rcu_read_lock();
2951 mr = address_space_translate(as, addr, &addr1, &l, false);
2952 if (l < 4 || !memory_access_is_direct(mr, false)) {
2953 release_lock |= prepare_mmio_access(mr);
2954
2955 /* I/O case */
2956 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2957 #if defined(TARGET_WORDS_BIGENDIAN)
2958 if (endian == DEVICE_LITTLE_ENDIAN) {
2959 val = bswap32(val);
2960 }
2961 #else
2962 if (endian == DEVICE_BIG_ENDIAN) {
2963 val = bswap32(val);
2964 }
2965 #endif
2966 } else {
2967 /* RAM case */
2968 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2969 & TARGET_PAGE_MASK)
2970 + addr1);
2971 switch (endian) {
2972 case DEVICE_LITTLE_ENDIAN:
2973 val = ldl_le_p(ptr);
2974 break;
2975 case DEVICE_BIG_ENDIAN:
2976 val = ldl_be_p(ptr);
2977 break;
2978 default:
2979 val = ldl_p(ptr);
2980 break;
2981 }
2982 r = MEMTX_OK;
2983 }
2984 if (result) {
2985 *result = r;
2986 }
2987 if (release_lock) {
2988 qemu_mutex_unlock_iothread();
2989 }
2990 rcu_read_unlock();
2991 return val;
2992 }
2993
2994 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2995 MemTxAttrs attrs, MemTxResult *result)
2996 {
2997 return address_space_ldl_internal(as, addr, attrs, result,
2998 DEVICE_NATIVE_ENDIAN);
2999 }
3000
3001 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3002 MemTxAttrs attrs, MemTxResult *result)
3003 {
3004 return address_space_ldl_internal(as, addr, attrs, result,
3005 DEVICE_LITTLE_ENDIAN);
3006 }
3007
3008 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3009 MemTxAttrs attrs, MemTxResult *result)
3010 {
3011 return address_space_ldl_internal(as, addr, attrs, result,
3012 DEVICE_BIG_ENDIAN);
3013 }
3014
3015 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
3016 {
3017 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3018 }
3019
3020 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
3021 {
3022 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3023 }
3024
3025 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
3026 {
3027 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3028 }
3029
3030 /* warning: addr must be aligned */
3031 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3032 MemTxAttrs attrs,
3033 MemTxResult *result,
3034 enum device_endian endian)
3035 {
3036 uint8_t *ptr;
3037 uint64_t val;
3038 MemoryRegion *mr;
3039 hwaddr l = 8;
3040 hwaddr addr1;
3041 MemTxResult r;
3042 bool release_lock = false;
3043
3044 rcu_read_lock();
3045 mr = address_space_translate(as, addr, &addr1, &l,
3046 false);
3047 if (l < 8 || !memory_access_is_direct(mr, false)) {
3048 release_lock |= prepare_mmio_access(mr);
3049
3050 /* I/O case */
3051 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3052 #if defined(TARGET_WORDS_BIGENDIAN)
3053 if (endian == DEVICE_LITTLE_ENDIAN) {
3054 val = bswap64(val);
3055 }
3056 #else
3057 if (endian == DEVICE_BIG_ENDIAN) {
3058 val = bswap64(val);
3059 }
3060 #endif
3061 } else {
3062 /* RAM case */
3063 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3064 & TARGET_PAGE_MASK)
3065 + addr1);
3066 switch (endian) {
3067 case DEVICE_LITTLE_ENDIAN:
3068 val = ldq_le_p(ptr);
3069 break;
3070 case DEVICE_BIG_ENDIAN:
3071 val = ldq_be_p(ptr);
3072 break;
3073 default:
3074 val = ldq_p(ptr);
3075 break;
3076 }
3077 r = MEMTX_OK;
3078 }
3079 if (result) {
3080 *result = r;
3081 }
3082 if (release_lock) {
3083 qemu_mutex_unlock_iothread();
3084 }
3085 rcu_read_unlock();
3086 return val;
3087 }
3088
3089 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3090 MemTxAttrs attrs, MemTxResult *result)
3091 {
3092 return address_space_ldq_internal(as, addr, attrs, result,
3093 DEVICE_NATIVE_ENDIAN);
3094 }
3095
3096 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3097 MemTxAttrs attrs, MemTxResult *result)
3098 {
3099 return address_space_ldq_internal(as, addr, attrs, result,
3100 DEVICE_LITTLE_ENDIAN);
3101 }
3102
3103 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3104 MemTxAttrs attrs, MemTxResult *result)
3105 {
3106 return address_space_ldq_internal(as, addr, attrs, result,
3107 DEVICE_BIG_ENDIAN);
3108 }
3109
3110 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3111 {
3112 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3113 }
3114
3115 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3116 {
3117 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3118 }
3119
3120 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3121 {
3122 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3123 }
3124
3125 /* XXX: optimize */
3126 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3127 MemTxAttrs attrs, MemTxResult *result)
3128 {
3129 uint8_t val;
3130 MemTxResult r;
3131
3132 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3133 if (result) {
3134 *result = r;
3135 }
3136 return val;
3137 }
3138
3139 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3140 {
3141 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3142 }
3143
3144 /* warning: addr must be aligned */
3145 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3146 hwaddr addr,
3147 MemTxAttrs attrs,
3148 MemTxResult *result,
3149 enum device_endian endian)
3150 {
3151 uint8_t *ptr;
3152 uint64_t val;
3153 MemoryRegion *mr;
3154 hwaddr l = 2;
3155 hwaddr addr1;
3156 MemTxResult r;
3157 bool release_lock = false;
3158
3159 rcu_read_lock();
3160 mr = address_space_translate(as, addr, &addr1, &l,
3161 false);
3162 if (l < 2 || !memory_access_is_direct(mr, false)) {
3163 release_lock |= prepare_mmio_access(mr);
3164
3165 /* I/O case */
3166 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3167 #if defined(TARGET_WORDS_BIGENDIAN)
3168 if (endian == DEVICE_LITTLE_ENDIAN) {
3169 val = bswap16(val);
3170 }
3171 #else
3172 if (endian == DEVICE_BIG_ENDIAN) {
3173 val = bswap16(val);
3174 }
3175 #endif
3176 } else {
3177 /* RAM case */
3178 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3179 & TARGET_PAGE_MASK)
3180 + addr1);
3181 switch (endian) {
3182 case DEVICE_LITTLE_ENDIAN:
3183 val = lduw_le_p(ptr);
3184 break;
3185 case DEVICE_BIG_ENDIAN:
3186 val = lduw_be_p(ptr);
3187 break;
3188 default:
3189 val = lduw_p(ptr);
3190 break;
3191 }
3192 r = MEMTX_OK;
3193 }
3194 if (result) {
3195 *result = r;
3196 }
3197 if (release_lock) {
3198 qemu_mutex_unlock_iothread();
3199 }
3200 rcu_read_unlock();
3201 return val;
3202 }
3203
3204 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3205 MemTxAttrs attrs, MemTxResult *result)
3206 {
3207 return address_space_lduw_internal(as, addr, attrs, result,
3208 DEVICE_NATIVE_ENDIAN);
3209 }
3210
3211 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3212 MemTxAttrs attrs, MemTxResult *result)
3213 {
3214 return address_space_lduw_internal(as, addr, attrs, result,
3215 DEVICE_LITTLE_ENDIAN);
3216 }
3217
3218 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3219 MemTxAttrs attrs, MemTxResult *result)
3220 {
3221 return address_space_lduw_internal(as, addr, attrs, result,
3222 DEVICE_BIG_ENDIAN);
3223 }
3224
3225 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3226 {
3227 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3228 }
3229
3230 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3231 {
3232 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3233 }
3234
3235 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3236 {
3237 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3238 }
3239
3240 /* warning: addr must be aligned. The ram page is not masked as dirty
3241 and the code inside is not invalidated. It is useful if the dirty
3242 bits are used to track modified PTEs */
3243 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3244 MemTxAttrs attrs, MemTxResult *result)
3245 {
3246 uint8_t *ptr;
3247 MemoryRegion *mr;
3248 hwaddr l = 4;
3249 hwaddr addr1;
3250 MemTxResult r;
3251 uint8_t dirty_log_mask;
3252 bool release_lock = false;
3253
3254 rcu_read_lock();
3255 mr = address_space_translate(as, addr, &addr1, &l,
3256 true);
3257 if (l < 4 || !memory_access_is_direct(mr, true)) {
3258 release_lock |= prepare_mmio_access(mr);
3259
3260 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3261 } else {
3262 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3263 ptr = qemu_get_ram_ptr(addr1);
3264 stl_p(ptr, val);
3265
3266 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3267 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3268 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3269 r = MEMTX_OK;
3270 }
3271 if (result) {
3272 *result = r;
3273 }
3274 if (release_lock) {
3275 qemu_mutex_unlock_iothread();
3276 }
3277 rcu_read_unlock();
3278 }
3279
3280 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3281 {
3282 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3283 }
3284
3285 /* warning: addr must be aligned */
3286 static inline void address_space_stl_internal(AddressSpace *as,
3287 hwaddr addr, uint32_t val,
3288 MemTxAttrs attrs,
3289 MemTxResult *result,
3290 enum device_endian endian)
3291 {
3292 uint8_t *ptr;
3293 MemoryRegion *mr;
3294 hwaddr l = 4;
3295 hwaddr addr1;
3296 MemTxResult r;
3297 bool release_lock = false;
3298
3299 rcu_read_lock();
3300 mr = address_space_translate(as, addr, &addr1, &l,
3301 true);
3302 if (l < 4 || !memory_access_is_direct(mr, true)) {
3303 release_lock |= prepare_mmio_access(mr);
3304
3305 #if defined(TARGET_WORDS_BIGENDIAN)
3306 if (endian == DEVICE_LITTLE_ENDIAN) {
3307 val = bswap32(val);
3308 }
3309 #else
3310 if (endian == DEVICE_BIG_ENDIAN) {
3311 val = bswap32(val);
3312 }
3313 #endif
3314 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3315 } else {
3316 /* RAM case */
3317 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3318 ptr = qemu_get_ram_ptr(addr1);
3319 switch (endian) {
3320 case DEVICE_LITTLE_ENDIAN:
3321 stl_le_p(ptr, val);
3322 break;
3323 case DEVICE_BIG_ENDIAN:
3324 stl_be_p(ptr, val);
3325 break;
3326 default:
3327 stl_p(ptr, val);
3328 break;
3329 }
3330 invalidate_and_set_dirty(mr, addr1, 4);
3331 r = MEMTX_OK;
3332 }
3333 if (result) {
3334 *result = r;
3335 }
3336 if (release_lock) {
3337 qemu_mutex_unlock_iothread();
3338 }
3339 rcu_read_unlock();
3340 }
3341
3342 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3343 MemTxAttrs attrs, MemTxResult *result)
3344 {
3345 address_space_stl_internal(as, addr, val, attrs, result,
3346 DEVICE_NATIVE_ENDIAN);
3347 }
3348
3349 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3350 MemTxAttrs attrs, MemTxResult *result)
3351 {
3352 address_space_stl_internal(as, addr, val, attrs, result,
3353 DEVICE_LITTLE_ENDIAN);
3354 }
3355
3356 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3357 MemTxAttrs attrs, MemTxResult *result)
3358 {
3359 address_space_stl_internal(as, addr, val, attrs, result,
3360 DEVICE_BIG_ENDIAN);
3361 }
3362
3363 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3364 {
3365 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3366 }
3367
3368 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3369 {
3370 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3371 }
3372
3373 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3374 {
3375 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3376 }
3377
3378 /* XXX: optimize */
3379 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3380 MemTxAttrs attrs, MemTxResult *result)
3381 {
3382 uint8_t v = val;
3383 MemTxResult r;
3384
3385 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3386 if (result) {
3387 *result = r;
3388 }
3389 }
3390
3391 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3392 {
3393 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3394 }
3395
3396 /* warning: addr must be aligned */
3397 static inline void address_space_stw_internal(AddressSpace *as,
3398 hwaddr addr, uint32_t val,
3399 MemTxAttrs attrs,
3400 MemTxResult *result,
3401 enum device_endian endian)
3402 {
3403 uint8_t *ptr;
3404 MemoryRegion *mr;
3405 hwaddr l = 2;
3406 hwaddr addr1;
3407 MemTxResult r;
3408 bool release_lock = false;
3409
3410 rcu_read_lock();
3411 mr = address_space_translate(as, addr, &addr1, &l, true);
3412 if (l < 2 || !memory_access_is_direct(mr, true)) {
3413 release_lock |= prepare_mmio_access(mr);
3414
3415 #if defined(TARGET_WORDS_BIGENDIAN)
3416 if (endian == DEVICE_LITTLE_ENDIAN) {
3417 val = bswap16(val);
3418 }
3419 #else
3420 if (endian == DEVICE_BIG_ENDIAN) {
3421 val = bswap16(val);
3422 }
3423 #endif
3424 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3425 } else {
3426 /* RAM case */
3427 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3428 ptr = qemu_get_ram_ptr(addr1);
3429 switch (endian) {
3430 case DEVICE_LITTLE_ENDIAN:
3431 stw_le_p(ptr, val);
3432 break;
3433 case DEVICE_BIG_ENDIAN:
3434 stw_be_p(ptr, val);
3435 break;
3436 default:
3437 stw_p(ptr, val);
3438 break;
3439 }
3440 invalidate_and_set_dirty(mr, addr1, 2);
3441 r = MEMTX_OK;
3442 }
3443 if (result) {
3444 *result = r;
3445 }
3446 if (release_lock) {
3447 qemu_mutex_unlock_iothread();
3448 }
3449 rcu_read_unlock();
3450 }
3451
3452 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3453 MemTxAttrs attrs, MemTxResult *result)
3454 {
3455 address_space_stw_internal(as, addr, val, attrs, result,
3456 DEVICE_NATIVE_ENDIAN);
3457 }
3458
3459 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3460 MemTxAttrs attrs, MemTxResult *result)
3461 {
3462 address_space_stw_internal(as, addr, val, attrs, result,
3463 DEVICE_LITTLE_ENDIAN);
3464 }
3465
3466 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3467 MemTxAttrs attrs, MemTxResult *result)
3468 {
3469 address_space_stw_internal(as, addr, val, attrs, result,
3470 DEVICE_BIG_ENDIAN);
3471 }
3472
3473 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3474 {
3475 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3476 }
3477
3478 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3479 {
3480 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3481 }
3482
3483 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3484 {
3485 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3486 }
3487
3488 /* XXX: optimize */
3489 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3490 MemTxAttrs attrs, MemTxResult *result)
3491 {
3492 MemTxResult r;
3493 val = tswap64(val);
3494 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3495 if (result) {
3496 *result = r;
3497 }
3498 }
3499
3500 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3501 MemTxAttrs attrs, MemTxResult *result)
3502 {
3503 MemTxResult r;
3504 val = cpu_to_le64(val);
3505 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3506 if (result) {
3507 *result = r;
3508 }
3509 }
3510 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3511 MemTxAttrs attrs, MemTxResult *result)
3512 {
3513 MemTxResult r;
3514 val = cpu_to_be64(val);
3515 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3516 if (result) {
3517 *result = r;
3518 }
3519 }
3520
3521 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3522 {
3523 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3524 }
3525
3526 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3527 {
3528 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3529 }
3530
3531 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3532 {
3533 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3534 }
3535
3536 /* virtual memory access for debug (includes writing to ROM) */
3537 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3538 uint8_t *buf, int len, int is_write)
3539 {
3540 int l;
3541 hwaddr phys_addr;
3542 target_ulong page;
3543
3544 while (len > 0) {
3545 page = addr & TARGET_PAGE_MASK;
3546 phys_addr = cpu_get_phys_page_debug(cpu, page);
3547 /* if no physical page mapped, return an error */
3548 if (phys_addr == -1)
3549 return -1;
3550 l = (page + TARGET_PAGE_SIZE) - addr;
3551 if (l > len)
3552 l = len;
3553 phys_addr += (addr & ~TARGET_PAGE_MASK);
3554 if (is_write) {
3555 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3556 } else {
3557 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3558 buf, l, 0);
3559 }
3560 len -= l;
3561 buf += l;
3562 addr += l;
3563 }
3564 return 0;
3565 }
3566
3567 /*
3568 * Allows code that needs to deal with migration bitmaps etc to still be built
3569 * target independent.
3570 */
3571 size_t qemu_target_page_bits(void)
3572 {
3573 return TARGET_PAGE_BITS;
3574 }
3575
3576 #endif
3577
3578 /*
3579 * A helper function for the _utterly broken_ virtio device model to find out if
3580 * it's running on a big endian machine. Don't do this at home kids!
3581 */
3582 bool target_words_bigendian(void);
3583 bool target_words_bigendian(void)
3584 {
3585 #if defined(TARGET_WORDS_BIGENDIAN)
3586 return true;
3587 #else
3588 return false;
3589 #endif
3590 }
3591
3592 #ifndef CONFIG_USER_ONLY
3593 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3594 {
3595 MemoryRegion*mr;
3596 hwaddr l = 1;
3597 bool res;
3598
3599 rcu_read_lock();
3600 mr = address_space_translate(&address_space_memory,
3601 phys_addr, &phys_addr, &l, false);
3602
3603 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3604 rcu_read_unlock();
3605 return res;
3606 }
3607
3608 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3609 {
3610 RAMBlock *block;
3611 int ret = 0;
3612
3613 rcu_read_lock();
3614 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3615 ret = func(block->idstr, block->host, block->offset,
3616 block->used_length, opaque);
3617 if (ret) {
3618 break;
3619 }
3620 }
3621 rcu_read_unlock();
3622 return ret;
3623 }
3624 #endif
AR7 emulation for QEMU