search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add Error **errp for xen_pt_config_init()
[qemu/ar7.git] / exec.c
blobc268c36e5c916a3775fd9e76e3733f743eb46f80
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53 #include "sysemu/replay.h"
54
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
57
58 #include "qemu/range.h"
59 #ifndef _WIN32
60 #include "qemu/mmap-alloc.h"
61 #endif
62
63 //#define DEBUG_SUBPAGE
64
65 #if !defined(CONFIG_USER_ONLY)
66 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
67 * are protected by the ramlist lock.
68 */
69 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
70
71 static MemoryRegion *system_memory;
72 static MemoryRegion *system_io;
73
74 AddressSpace address_space_io;
75 AddressSpace address_space_memory;
76
77 MemoryRegion io_mem_rom, io_mem_notdirty;
78 static MemoryRegion io_mem_unassigned;
79
80 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
81 #define RAM_PREALLOC (1 << 0)
82
83 /* RAM is mmap-ed with MAP_SHARED */
84 #define RAM_SHARED (1 << 1)
85
86 /* Only a portion of RAM (used_length) is actually used, and migrated.
87 * This used_length size can change across reboots.
88 */
89 #define RAM_RESIZEABLE (1 << 2)
90
91 #endif
92
93 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
94 /* current CPU in the current thread. It is only valid inside
95 cpu_exec() */
96 __thread CPUState *current_cpu;
97 /* 0 = Do not count executed instructions.
98 1 = Precise instruction counting.
99 2 = Adaptive rate instruction counting. */
100 int use_icount;
101
102 #if !defined(CONFIG_USER_ONLY)
103
104 typedef struct PhysPageEntry PhysPageEntry;
105
106 struct PhysPageEntry {
107 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
108 uint32_t skip : 6;
109 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
110 uint32_t ptr : 26;
111 };
112
113 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
114
115 /* Size of the L2 (and L3, etc) page tables. */
116 #define ADDR_SPACE_BITS 64
117
118 #define P_L2_BITS 9
119 #define P_L2_SIZE (1 << P_L2_BITS)
120
121 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
122
123 typedef PhysPageEntry Node[P_L2_SIZE];
124
125 typedef struct PhysPageMap {
126 struct rcu_head rcu;
127
128 unsigned sections_nb;
129 unsigned sections_nb_alloc;
130 unsigned nodes_nb;
131 unsigned nodes_nb_alloc;
132 Node *nodes;
133 MemoryRegionSection *sections;
134 } PhysPageMap;
135
136 struct AddressSpaceDispatch {
137 struct rcu_head rcu;
138
139 /* This is a multi-level map on the physical address space.
140 * The bottom level has pointers to MemoryRegionSections.
141 */
142 PhysPageEntry phys_map;
143 PhysPageMap map;
144 AddressSpace *as;
145 };
146
147 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
148 typedef struct subpage_t {
149 MemoryRegion iomem;
150 AddressSpace *as;
151 hwaddr base;
152 uint16_t sub_section[TARGET_PAGE_SIZE];
153 } subpage_t;
154
155 #define PHYS_SECTION_UNASSIGNED 0
156 #define PHYS_SECTION_NOTDIRTY 1
157 #define PHYS_SECTION_ROM 2
158 #define PHYS_SECTION_WATCH 3
159
160 static void io_mem_init(void);
161 static void memory_map_init(void);
162 static void tcg_commit(MemoryListener *listener);
163
164 static MemoryRegion io_mem_watch;
165
166 /**
167 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
168 * @cpu: the CPU whose AddressSpace this is
169 * @as: the AddressSpace itself
170 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
171 * @tcg_as_listener: listener for tracking changes to the AddressSpace
172 */
173 struct CPUAddressSpace {
174 CPUState *cpu;
175 AddressSpace *as;
176 struct AddressSpaceDispatch *memory_dispatch;
177 MemoryListener tcg_as_listener;
178 };
179
180 #endif
181
182 #if !defined(CONFIG_USER_ONLY)
183
184 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
185 {
186 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
187 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
188 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
189 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
190 }
191 }
192
193 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
194 {
195 unsigned i;
196 uint32_t ret;
197 PhysPageEntry e;
198 PhysPageEntry *p;
199
200 ret = map->nodes_nb++;
201 p = map->nodes[ret];
202 assert(ret != PHYS_MAP_NODE_NIL);
203 assert(ret != map->nodes_nb_alloc);
204
205 e.skip = leaf ? 0 : 1;
206 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
207 for (i = 0; i < P_L2_SIZE; ++i) {
208 memcpy(&p[i], &e, sizeof(e));
209 }
210 return ret;
211 }
212
213 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
214 hwaddr *index, hwaddr *nb, uint16_t leaf,
215 int level)
216 {
217 PhysPageEntry *p;
218 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
219
220 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
221 lp->ptr = phys_map_node_alloc(map, level == 0);
222 }
223 p = map->nodes[lp->ptr];
224 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
225
226 while (*nb && lp < &p[P_L2_SIZE]) {
227 if ((*index & (step - 1)) == 0 && *nb >= step) {
228 lp->skip = 0;
229 lp->ptr = leaf;
230 *index += step;
231 *nb -= step;
232 } else {
233 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
234 }
235 ++lp;
236 }
237 }
238
239 static void phys_page_set(AddressSpaceDispatch *d,
240 hwaddr index, hwaddr nb,
241 uint16_t leaf)
242 {
243 /* Wildly overreserve - it doesn't matter much. */
244 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
245
246 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
247 }
248
249 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
250 * and update our entry so we can skip it and go directly to the destination.
251 */
252 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
253 {
254 unsigned valid_ptr = P_L2_SIZE;
255 int valid = 0;
256 PhysPageEntry *p;
257 int i;
258
259 if (lp->ptr == PHYS_MAP_NODE_NIL) {
260 return;
261 }
262
263 p = nodes[lp->ptr];
264 for (i = 0; i < P_L2_SIZE; i++) {
265 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
266 continue;
267 }
268
269 valid_ptr = i;
270 valid++;
271 if (p[i].skip) {
272 phys_page_compact(&p[i], nodes, compacted);
273 }
274 }
275
276 /* We can only compress if there's only one child. */
277 if (valid != 1) {
278 return;
279 }
280
281 assert(valid_ptr < P_L2_SIZE);
282
283 /* Don't compress if it won't fit in the # of bits we have. */
284 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
285 return;
286 }
287
288 lp->ptr = p[valid_ptr].ptr;
289 if (!p[valid_ptr].skip) {
290 /* If our only child is a leaf, make this a leaf. */
291 /* By design, we should have made this node a leaf to begin with so we
292 * should never reach here.
293 * But since it's so simple to handle this, let's do it just in case we
294 * change this rule.
295 */
296 lp->skip = 0;
297 } else {
298 lp->skip += p[valid_ptr].skip;
299 }
300 }
301
302 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
303 {
304 DECLARE_BITMAP(compacted, nodes_nb);
305
306 if (d->phys_map.skip) {
307 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
308 }
309 }
310
311 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
312 Node *nodes, MemoryRegionSection *sections)
313 {
314 PhysPageEntry *p;
315 hwaddr index = addr >> TARGET_PAGE_BITS;
316 int i;
317
318 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
319 if (lp.ptr == PHYS_MAP_NODE_NIL) {
320 return &sections[PHYS_SECTION_UNASSIGNED];
321 }
322 p = nodes[lp.ptr];
323 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
324 }
325
326 if (sections[lp.ptr].size.hi ||
327 range_covers_byte(sections[lp.ptr].offset_within_address_space,
328 sections[lp.ptr].size.lo, addr)) {
329 return &sections[lp.ptr];
330 } else {
331 return &sections[PHYS_SECTION_UNASSIGNED];
332 }
333 }
334
335 bool memory_region_is_unassigned(MemoryRegion *mr)
336 {
337 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
338 && mr != &io_mem_watch;
339 }
340
341 /* Called from RCU critical section */
342 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
343 hwaddr addr,
344 bool resolve_subpage)
345 {
346 MemoryRegionSection *section;
347 subpage_t *subpage;
348
349 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
350 if (resolve_subpage && section->mr->subpage) {
351 subpage = container_of(section->mr, subpage_t, iomem);
352 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
353 }
354 return section;
355 }
356
357 /* Called from RCU critical section */
358 static MemoryRegionSection *
359 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
360 hwaddr *plen, bool resolve_subpage)
361 {
362 MemoryRegionSection *section;
363 MemoryRegion *mr;
364 Int128 diff;
365
366 section = address_space_lookup_region(d, addr, resolve_subpage);
367 /* Compute offset within MemoryRegionSection */
368 addr -= section->offset_within_address_space;
369
370 /* Compute offset within MemoryRegion */
371 *xlat = addr + section->offset_within_region;
372
373 mr = section->mr;
374
375 /* MMIO registers can be expected to perform full-width accesses based only
376 * on their address, without considering adjacent registers that could
377 * decode to completely different MemoryRegions. When such registers
378 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
379 * regions overlap wildly. For this reason we cannot clamp the accesses
380 * here.
381 *
382 * If the length is small (as is the case for address_space_ldl/stl),
383 * everything works fine. If the incoming length is large, however,
384 * the caller really has to do the clamping through memory_access_size.
385 */
386 if (memory_region_is_ram(mr)) {
387 diff = int128_sub(section->size, int128_make64(addr));
388 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
389 }
390 return section;
391 }
392
393 /* Called from RCU critical section */
394 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
395 hwaddr *xlat, hwaddr *plen,
396 bool is_write)
397 {
398 IOMMUTLBEntry iotlb;
399 MemoryRegionSection *section;
400 MemoryRegion *mr;
401
402 for (;;) {
403 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
404 section = address_space_translate_internal(d, addr, &addr, plen, true);
405 mr = section->mr;
406
407 if (!mr->iommu_ops) {
408 break;
409 }
410
411 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
412 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
413 | (addr & iotlb.addr_mask));
414 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
415 if (!(iotlb.perm & (1 << is_write))) {
416 mr = &io_mem_unassigned;
417 break;
418 }
419
420 as = iotlb.target_as;
421 }
422
423 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
424 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
425 *plen = MIN(page, *plen);
426 }
427
428 *xlat = addr;
429 return mr;
430 }
431
432 /* Called from RCU critical section */
433 MemoryRegionSection *
434 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
435 hwaddr *xlat, hwaddr *plen)
436 {
437 MemoryRegionSection *section;
438 section = address_space_translate_internal(cpu->cpu_ases[0].memory_dispatch,
439 addr, xlat, plen, false);
440
441 assert(!section->mr->iommu_ops);
442 return section;
443 }
444 #endif
445
446 #if !defined(CONFIG_USER_ONLY)
447
448 static int cpu_common_post_load(void *opaque, int version_id)
449 {
450 CPUState *cpu = opaque;
451
452 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
453 version_id is increased. */
454 cpu->interrupt_request &= ~0x01;
455 tlb_flush(cpu, 1);
456
457 return 0;
458 }
459
460 static int cpu_common_pre_load(void *opaque)
461 {
462 CPUState *cpu = opaque;
463
464 cpu->exception_index = -1;
465
466 return 0;
467 }
468
469 static bool cpu_common_exception_index_needed(void *opaque)
470 {
471 CPUState *cpu = opaque;
472
473 return tcg_enabled() && cpu->exception_index != -1;
474 }
475
476 static const VMStateDescription vmstate_cpu_common_exception_index = {
477 .name = "cpu_common/exception_index",
478 .version_id = 1,
479 .minimum_version_id = 1,
480 .needed = cpu_common_exception_index_needed,
481 .fields = (VMStateField[]) {
482 VMSTATE_INT32(exception_index, CPUState),
483 VMSTATE_END_OF_LIST()
484 }
485 };
486
487 static bool cpu_common_crash_occurred_needed(void *opaque)
488 {
489 CPUState *cpu = opaque;
490
491 return cpu->crash_occurred;
492 }
493
494 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
495 .name = "cpu_common/crash_occurred",
496 .version_id = 1,
497 .minimum_version_id = 1,
498 .needed = cpu_common_crash_occurred_needed,
499 .fields = (VMStateField[]) {
500 VMSTATE_BOOL(crash_occurred, CPUState),
501 VMSTATE_END_OF_LIST()
502 }
503 };
504
505 const VMStateDescription vmstate_cpu_common = {
506 .name = "cpu_common",
507 .version_id = 1,
508 .minimum_version_id = 1,
509 .pre_load = cpu_common_pre_load,
510 .post_load = cpu_common_post_load,
511 .fields = (VMStateField[]) {
512 VMSTATE_UINT32(halted, CPUState),
513 VMSTATE_UINT32(interrupt_request, CPUState),
514 VMSTATE_END_OF_LIST()
515 },
516 .subsections = (const VMStateDescription*[]) {
517 &vmstate_cpu_common_exception_index,
518 &vmstate_cpu_common_crash_occurred,
519 NULL
520 }
521 };
522
523 #endif
524
525 CPUState *qemu_get_cpu(int index)
526 {
527 CPUState *cpu;
528
529 CPU_FOREACH(cpu) {
530 if (cpu->cpu_index == index) {
531 return cpu;
532 }
533 }
534
535 return NULL;
536 }
537
538 #if !defined(CONFIG_USER_ONLY)
539 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
540 {
541 /* We only support one address space per cpu at the moment. */
542 assert(cpu->as == as);
543
544 if (cpu->cpu_ases) {
545 /* We've already registered the listener for our only AS */
546 return;
547 }
548
549 cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
550 cpu->cpu_ases[0].cpu = cpu;
551 cpu->cpu_ases[0].as = as;
552 cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
553 memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as);
554 }
555 #endif
556
557 #ifndef CONFIG_USER_ONLY
558 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
559
560 static int cpu_get_free_index(Error **errp)
561 {
562 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
563
564 if (cpu >= MAX_CPUMASK_BITS) {
565 error_setg(errp, "Trying to use more CPUs than max of %d",
566 MAX_CPUMASK_BITS);
567 return -1;
568 }
569
570 bitmap_set(cpu_index_map, cpu, 1);
571 return cpu;
572 }
573
574 void cpu_exec_exit(CPUState *cpu)
575 {
576 if (cpu->cpu_index == -1) {
577 /* cpu_index was never allocated by this @cpu or was already freed. */
578 return;
579 }
580
581 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
582 cpu->cpu_index = -1;
583 }
584 #else
585
586 static int cpu_get_free_index(Error **errp)
587 {
588 CPUState *some_cpu;
589 int cpu_index = 0;
590
591 CPU_FOREACH(some_cpu) {
592 cpu_index++;
593 }
594 return cpu_index;
595 }
596
597 void cpu_exec_exit(CPUState *cpu)
598 {
599 }
600 #endif
601
602 void cpu_exec_init(CPUState *cpu, Error **errp)
603 {
604 CPUClass *cc = CPU_GET_CLASS(cpu);
605 int cpu_index;
606 Error *local_err = NULL;
607
608 #ifndef CONFIG_USER_ONLY
609 cpu->as = &address_space_memory;
610 cpu->thread_id = qemu_get_thread_id();
611 #endif
612
613 #if defined(CONFIG_USER_ONLY)
614 cpu_list_lock();
615 #endif
616 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
617 if (local_err) {
618 error_propagate(errp, local_err);
619 #if defined(CONFIG_USER_ONLY)
620 cpu_list_unlock();
621 #endif
622 return;
623 }
624 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
625 #if defined(CONFIG_USER_ONLY)
626 cpu_list_unlock();
627 #endif
628 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
629 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
630 }
631 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
632 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
633 cpu_save, cpu_load, cpu->env_ptr);
634 assert(cc->vmsd == NULL);
635 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
636 #endif
637 if (cc->vmsd != NULL) {
638 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
639 }
640 }
641
642 #if defined(CONFIG_USER_ONLY)
643 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
644 {
645 tb_invalidate_phys_page_range(pc, pc + 1, 0);
646 }
647 #else
648 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
649 {
650 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
651 if (phys != -1) {
652 tb_invalidate_phys_addr(cpu->as,
653 phys | (pc & ~TARGET_PAGE_MASK));
654 }
655 }
656 #endif
657
658 #if defined(CONFIG_USER_ONLY)
659 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
660
661 {
662 }
663
664 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
665 int flags)
666 {
667 return -ENOSYS;
668 }
669
670 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
671 {
672 }
673
674 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
675 int flags, CPUWatchpoint **watchpoint)
676 {
677 return -ENOSYS;
678 }
679 #else
680 /* Add a watchpoint. */
681 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
682 int flags, CPUWatchpoint **watchpoint)
683 {
684 CPUWatchpoint *wp;
685
686 /* forbid ranges which are empty or run off the end of the address space */
687 if (len == 0 || (addr + len - 1) < addr) {
688 error_report("tried to set invalid watchpoint at %"
689 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
690 return -EINVAL;
691 }
692 wp = g_malloc(sizeof(*wp));
693
694 wp->vaddr = addr;
695 wp->len = len;
696 wp->flags = flags;
697
698 /* keep all GDB-injected watchpoints in front */
699 if (flags & BP_GDB) {
700 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
701 } else {
702 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
703 }
704
705 tlb_flush_page(cpu, addr);
706
707 if (watchpoint)
708 *watchpoint = wp;
709 return 0;
710 }
711
712 /* Remove a specific watchpoint. */
713 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
714 int flags)
715 {
716 CPUWatchpoint *wp;
717
718 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
719 if (addr == wp->vaddr && len == wp->len
720 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
721 cpu_watchpoint_remove_by_ref(cpu, wp);
722 return 0;
723 }
724 }
725 return -ENOENT;
726 }
727
728 /* Remove a specific watchpoint by reference. */
729 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
730 {
731 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
732
733 tlb_flush_page(cpu, watchpoint->vaddr);
734
735 g_free(watchpoint);
736 }
737
738 /* Remove all matching watchpoints. */
739 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
740 {
741 CPUWatchpoint *wp, *next;
742
743 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
744 if (wp->flags & mask) {
745 cpu_watchpoint_remove_by_ref(cpu, wp);
746 }
747 }
748 }
749
750 /* Return true if this watchpoint address matches the specified
751 * access (ie the address range covered by the watchpoint overlaps
752 * partially or completely with the address range covered by the
753 * access).
754 */
755 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
756 vaddr addr,
757 vaddr len)
758 {
759 /* We know the lengths are non-zero, but a little caution is
760 * required to avoid errors in the case where the range ends
761 * exactly at the top of the address space and so addr + len
762 * wraps round to zero.
763 */
764 vaddr wpend = wp->vaddr + wp->len - 1;
765 vaddr addrend = addr + len - 1;
766
767 return !(addr > wpend || wp->vaddr > addrend);
768 }
769
770 #endif
771
772 /* Add a breakpoint. */
773 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
774 CPUBreakpoint **breakpoint)
775 {
776 CPUBreakpoint *bp;
777
778 bp = g_malloc(sizeof(*bp));
779
780 bp->pc = pc;
781 bp->flags = flags;
782
783 /* keep all GDB-injected breakpoints in front */
784 if (flags & BP_GDB) {
785 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
786 } else {
787 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
788 }
789
790 breakpoint_invalidate(cpu, pc);
791
792 if (breakpoint) {
793 *breakpoint = bp;
794 }
795 return 0;
796 }
797
798 /* Remove a specific breakpoint. */
799 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
800 {
801 CPUBreakpoint *bp;
802
803 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
804 if (bp->pc == pc && bp->flags == flags) {
805 cpu_breakpoint_remove_by_ref(cpu, bp);
806 return 0;
807 }
808 }
809 return -ENOENT;
810 }
811
812 /* Remove a specific breakpoint by reference. */
813 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
814 {
815 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
816
817 breakpoint_invalidate(cpu, breakpoint->pc);
818
819 g_free(breakpoint);
820 }
821
822 /* Remove all matching breakpoints. */
823 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
824 {
825 CPUBreakpoint *bp, *next;
826
827 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
828 if (bp->flags & mask) {
829 cpu_breakpoint_remove_by_ref(cpu, bp);
830 }
831 }
832 }
833
834 /* enable or disable single step mode. EXCP_DEBUG is returned by the
835 CPU loop after each instruction */
836 void cpu_single_step(CPUState *cpu, int enabled)
837 {
838 if (cpu->singlestep_enabled != enabled) {
839 cpu->singlestep_enabled = enabled;
840 if (kvm_enabled()) {
841 kvm_update_guest_debug(cpu, 0);
842 } else {
843 /* must flush all the translated code to avoid inconsistencies */
844 /* XXX: only flush what is necessary */
845 tb_flush(cpu);
846 }
847 }
848 }
849
850 void cpu_abort(CPUState *cpu, const char *fmt, ...)
851 {
852 va_list ap;
853 va_list ap2;
854
855 va_start(ap, fmt);
856 va_copy(ap2, ap);
857 fprintf(stderr, "qemu: fatal: ");
858 vfprintf(stderr, fmt, ap);
859 fprintf(stderr, "\n");
860 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
861 if (qemu_log_separate()) {
862 qemu_log("qemu: fatal: ");
863 qemu_log_vprintf(fmt, ap2);
864 qemu_log("\n");
865 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
866 qemu_log_flush();
867 qemu_log_close();
868 }
869 va_end(ap2);
870 va_end(ap);
871 replay_finish();
872 #if defined(CONFIG_USER_ONLY)
873 {
874 struct sigaction act;
875 sigfillset(&act.sa_mask);
876 act.sa_handler = SIG_DFL;
877 sigaction(SIGABRT, &act, NULL);
878 }
879 #endif
880 abort();
881 }
882
883 #if !defined(CONFIG_USER_ONLY)
884 /* Called from RCU critical section */
885 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
886 {
887 RAMBlock *block;
888
889 block = atomic_rcu_read(&ram_list.mru_block);
890 if (block && addr - block->offset < block->max_length) {
891 return block;
892 }
893 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
894 if (addr - block->offset < block->max_length) {
895 goto found;
896 }
897 }
898
899 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
900 abort();
901
902 found:
903 /* It is safe to write mru_block outside the iothread lock. This
904 * is what happens:
905 *
906 * mru_block = xxx
907 * rcu_read_unlock()
908 * xxx removed from list
909 * rcu_read_lock()
910 * read mru_block
911 * mru_block = NULL;
912 * call_rcu(reclaim_ramblock, xxx);
913 * rcu_read_unlock()
914 *
915 * atomic_rcu_set is not needed here. The block was already published
916 * when it was placed into the list. Here we're just making an extra
917 * copy of the pointer.
918 */
919 ram_list.mru_block = block;
920 return block;
921 }
922
923 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
924 {
925 CPUState *cpu;
926 ram_addr_t start1;
927 RAMBlock *block;
928 ram_addr_t end;
929
930 end = TARGET_PAGE_ALIGN(start + length);
931 start &= TARGET_PAGE_MASK;
932
933 rcu_read_lock();
934 block = qemu_get_ram_block(start);
935 assert(block == qemu_get_ram_block(end - 1));
936 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
937 CPU_FOREACH(cpu) {
938 tlb_reset_dirty(cpu, start1, length);
939 }
940 rcu_read_unlock();
941 }
942
943 /* Note: start and end must be within the same ram block. */
944 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
945 ram_addr_t length,
946 unsigned client)
947 {
948 unsigned long end, page;
949 bool dirty;
950
951 if (length == 0) {
952 return false;
953 }
954
955 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
956 page = start >> TARGET_PAGE_BITS;
957 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
958 page, end - page);
959
960 if (dirty && tcg_enabled()) {
961 tlb_reset_dirty_range_all(start, length);
962 }
963
964 return dirty;
965 }
966
967 /* Called from RCU critical section */
968 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
969 MemoryRegionSection *section,
970 target_ulong vaddr,
971 hwaddr paddr, hwaddr xlat,
972 int prot,
973 target_ulong *address)
974 {
975 hwaddr iotlb;
976 CPUWatchpoint *wp;
977
978 if (memory_region_is_ram(section->mr)) {
979 /* Normal RAM. */
980 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
981 + xlat;
982 if (!section->readonly) {
983 iotlb |= PHYS_SECTION_NOTDIRTY;
984 } else {
985 iotlb |= PHYS_SECTION_ROM;
986 }
987 } else {
988 AddressSpaceDispatch *d;
989
990 d = atomic_rcu_read(&section->address_space->dispatch);
991 iotlb = section - d->map.sections;
992 iotlb += xlat;
993 }
994
995 /* Make accesses to pages with watchpoints go via the
996 watchpoint trap routines. */
997 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
998 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
999 /* Avoid trapping reads of pages with a write breakpoint. */
1000 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1001 iotlb = PHYS_SECTION_WATCH + paddr;
1002 *address |= TLB_MMIO;
1003 break;
1004 }
1005 }
1006 }
1007
1008 return iotlb;
1009 }
1010 #endif /* defined(CONFIG_USER_ONLY) */
1011
1012 #if !defined(CONFIG_USER_ONLY)
1013
1014 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1015 uint16_t section);
1016 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1017
1018 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1019 qemu_anon_ram_alloc;
1020
1021 /*
1022 * Set a custom physical guest memory alloator.
1023 * Accelerators with unusual needs may need this. Hopefully, we can
1024 * get rid of it eventually.
1025 */
1026 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1027 {
1028 phys_mem_alloc = alloc;
1029 }
1030
1031 static uint16_t phys_section_add(PhysPageMap *map,
1032 MemoryRegionSection *section)
1033 {
1034 /* The physical section number is ORed with a page-aligned
1035 * pointer to produce the iotlb entries. Thus it should
1036 * never overflow into the page-aligned value.
1037 */
1038 assert(map->sections_nb < TARGET_PAGE_SIZE);
1039
1040 if (map->sections_nb == map->sections_nb_alloc) {
1041 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1042 map->sections = g_renew(MemoryRegionSection, map->sections,
1043 map->sections_nb_alloc);
1044 }
1045 map->sections[map->sections_nb] = *section;
1046 memory_region_ref(section->mr);
1047 return map->sections_nb++;
1048 }
1049
1050 static void phys_section_destroy(MemoryRegion *mr)
1051 {
1052 bool have_sub_page = mr->subpage;
1053
1054 memory_region_unref(mr);
1055
1056 if (have_sub_page) {
1057 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1058 object_unref(OBJECT(&subpage->iomem));
1059 g_free(subpage);
1060 }
1061 }
1062
1063 static void phys_sections_free(PhysPageMap *map)
1064 {
1065 while (map->sections_nb > 0) {
1066 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1067 phys_section_destroy(section->mr);
1068 }
1069 g_free(map->sections);
1070 g_free(map->nodes);
1071 }
1072
1073 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1074 {
1075 subpage_t *subpage;
1076 hwaddr base = section->offset_within_address_space
1077 & TARGET_PAGE_MASK;
1078 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1079 d->map.nodes, d->map.sections);
1080 MemoryRegionSection subsection = {
1081 .offset_within_address_space = base,
1082 .size = int128_make64(TARGET_PAGE_SIZE),
1083 };
1084 hwaddr start, end;
1085
1086 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1087
1088 if (!(existing->mr->subpage)) {
1089 subpage = subpage_init(d->as, base);
1090 subsection.address_space = d->as;
1091 subsection.mr = &subpage->iomem;
1092 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1093 phys_section_add(&d->map, &subsection));
1094 } else {
1095 subpage = container_of(existing->mr, subpage_t, iomem);
1096 }
1097 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1098 end = start + int128_get64(section->size) - 1;
1099 subpage_register(subpage, start, end,
1100 phys_section_add(&d->map, section));
1101 }
1102
1103
1104 static void register_multipage(AddressSpaceDispatch *d,
1105 MemoryRegionSection *section)
1106 {
1107 hwaddr start_addr = section->offset_within_address_space;
1108 uint16_t section_index = phys_section_add(&d->map, section);
1109 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1110 TARGET_PAGE_BITS));
1111
1112 assert(num_pages);
1113 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1114 }
1115
1116 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1117 {
1118 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1119 AddressSpaceDispatch *d = as->next_dispatch;
1120 MemoryRegionSection now = *section, remain = *section;
1121 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1122
1123 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1124 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1125 - now.offset_within_address_space;
1126
1127 now.size = int128_min(int128_make64(left), now.size);
1128 register_subpage(d, &now);
1129 } else {
1130 now.size = int128_zero();
1131 }
1132 while (int128_ne(remain.size, now.size)) {
1133 remain.size = int128_sub(remain.size, now.size);
1134 remain.offset_within_address_space += int128_get64(now.size);
1135 remain.offset_within_region += int128_get64(now.size);
1136 now = remain;
1137 if (int128_lt(remain.size, page_size)) {
1138 register_subpage(d, &now);
1139 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1140 now.size = page_size;
1141 register_subpage(d, &now);
1142 } else {
1143 now.size = int128_and(now.size, int128_neg(page_size));
1144 register_multipage(d, &now);
1145 }
1146 }
1147 }
1148
1149 void qemu_flush_coalesced_mmio_buffer(void)
1150 {
1151 if (kvm_enabled())
1152 kvm_flush_coalesced_mmio_buffer();
1153 }
1154
1155 void qemu_mutex_lock_ramlist(void)
1156 {
1157 qemu_mutex_lock(&ram_list.mutex);
1158 }
1159
1160 void qemu_mutex_unlock_ramlist(void)
1161 {
1162 qemu_mutex_unlock(&ram_list.mutex);
1163 }
1164
1165 #ifdef __linux__
1166
1167 #include <sys/vfs.h>
1168
1169 #define HUGETLBFS_MAGIC 0x958458f6
1170
1171 static long gethugepagesize(const char *path, Error **errp)
1172 {
1173 struct statfs fs;
1174 int ret;
1175
1176 do {
1177 ret = statfs(path, &fs);
1178 } while (ret != 0 && errno == EINTR);
1179
1180 if (ret != 0) {
1181 error_setg_errno(errp, errno, "failed to get page size of file %s",
1182 path);
1183 return 0;
1184 }
1185
1186 return fs.f_bsize;
1187 }
1188
1189 static void *file_ram_alloc(RAMBlock *block,
1190 ram_addr_t memory,
1191 const char *path,
1192 Error **errp)
1193 {
1194 struct stat st;
1195 char *filename;
1196 char *sanitized_name;
1197 char *c;
1198 void *area;
1199 int fd;
1200 uint64_t hpagesize;
1201 Error *local_err = NULL;
1202
1203 hpagesize = gethugepagesize(path, &local_err);
1204 if (local_err) {
1205 error_propagate(errp, local_err);
1206 goto error;
1207 }
1208 block->mr->align = hpagesize;
1209
1210 if (memory < hpagesize) {
1211 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1212 "or larger than huge page size 0x%" PRIx64,
1213 memory, hpagesize);
1214 goto error;
1215 }
1216
1217 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1218 error_setg(errp,
1219 "host lacks kvm mmu notifiers, -mem-path unsupported");
1220 goto error;
1221 }
1222
1223 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1224 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1225 sanitized_name = g_strdup(memory_region_name(block->mr));
1226 for (c = sanitized_name; *c != '\0'; c++) {
1227 if (*c == '/') {
1228 *c = '_';
1229 }
1230 }
1231
1232 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1233 sanitized_name);
1234 g_free(sanitized_name);
1235
1236 fd = mkstemp(filename);
1237 if (fd >= 0) {
1238 unlink(filename);
1239 }
1240 g_free(filename);
1241 } else {
1242 fd = open(path, O_RDWR | O_CREAT, 0644);
1243 }
1244
1245 if (fd < 0) {
1246 error_setg_errno(errp, errno,
1247 "unable to create backing store for hugepages");
1248 goto error;
1249 }
1250
1251 memory = ROUND_UP(memory, hpagesize);
1252
1253 /*
1254 * ftruncate is not supported by hugetlbfs in older
1255 * hosts, so don't bother bailing out on errors.
1256 * If anything goes wrong with it under other filesystems,
1257 * mmap will fail.
1258 */
1259 if (ftruncate(fd, memory)) {
1260 perror("ftruncate");
1261 }
1262
1263 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
1264 if (area == MAP_FAILED) {
1265 error_setg_errno(errp, errno,
1266 "unable to map backing store for hugepages");
1267 close(fd);
1268 goto error;
1269 }
1270
1271 if (mem_prealloc) {
1272 os_mem_prealloc(fd, area, memory);
1273 }
1274
1275 block->fd = fd;
1276 return area;
1277
1278 error:
1279 return NULL;
1280 }
1281 #endif
1282
1283 /* Called with the ramlist lock held. */
1284 static ram_addr_t find_ram_offset(ram_addr_t size)
1285 {
1286 RAMBlock *block, *next_block;
1287 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1288
1289 assert(size != 0); /* it would hand out same offset multiple times */
1290
1291 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1292 return 0;
1293 }
1294
1295 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1296 ram_addr_t end, next = RAM_ADDR_MAX;
1297
1298 end = block->offset + block->max_length;
1299
1300 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1301 if (next_block->offset >= end) {
1302 next = MIN(next, next_block->offset);
1303 }
1304 }
1305 if (next - end >= size && next - end < mingap) {
1306 offset = end;
1307 mingap = next - end;
1308 }
1309 }
1310
1311 if (offset == RAM_ADDR_MAX) {
1312 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1313 (uint64_t)size);
1314 abort();
1315 }
1316
1317 return offset;
1318 }
1319
1320 ram_addr_t last_ram_offset(void)
1321 {
1322 RAMBlock *block;
1323 ram_addr_t last = 0;
1324
1325 rcu_read_lock();
1326 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1327 last = MAX(last, block->offset + block->max_length);
1328 }
1329 rcu_read_unlock();
1330 return last;
1331 }
1332
1333 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1334 {
1335 int ret;
1336
1337 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1338 if (!machine_dump_guest_core(current_machine)) {
1339 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1340 if (ret) {
1341 perror("qemu_madvise");
1342 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1343 "but dump_guest_core=off specified\n");
1344 }
1345 }
1346 }
1347
1348 /* Called within an RCU critical section, or while the ramlist lock
1349 * is held.
1350 */
1351 static RAMBlock *find_ram_block(ram_addr_t addr)
1352 {
1353 RAMBlock *block;
1354
1355 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1356 if (block->offset == addr) {
1357 return block;
1358 }
1359 }
1360
1361 return NULL;
1362 }
1363
1364 const char *qemu_ram_get_idstr(RAMBlock *rb)
1365 {
1366 return rb->idstr;
1367 }
1368
1369 /* Called with iothread lock held. */
1370 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1371 {
1372 RAMBlock *new_block, *block;
1373
1374 rcu_read_lock();
1375 new_block = find_ram_block(addr);
1376 assert(new_block);
1377 assert(!new_block->idstr[0]);
1378
1379 if (dev) {
1380 char *id = qdev_get_dev_path(dev);
1381 if (id) {
1382 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1383 g_free(id);
1384 }
1385 }
1386 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1387
1388 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1389 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1390 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1391 new_block->idstr);
1392 abort();
1393 }
1394 }
1395 rcu_read_unlock();
1396 }
1397
1398 /* Called with iothread lock held. */
1399 void qemu_ram_unset_idstr(ram_addr_t addr)
1400 {
1401 RAMBlock *block;
1402
1403 /* FIXME: arch_init.c assumes that this is not called throughout
1404 * migration. Ignore the problem since hot-unplug during migration
1405 * does not work anyway.
1406 */
1407
1408 rcu_read_lock();
1409 block = find_ram_block(addr);
1410 if (block) {
1411 memset(block->idstr, 0, sizeof(block->idstr));
1412 }
1413 rcu_read_unlock();
1414 }
1415
1416 static int memory_try_enable_merging(void *addr, size_t len)
1417 {
1418 if (!machine_mem_merge(current_machine)) {
1419 /* disabled by the user */
1420 return 0;
1421 }
1422
1423 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1424 }
1425
1426 /* Only legal before guest might have detected the memory size: e.g. on
1427 * incoming migration, or right after reset.
1428 *
1429 * As memory core doesn't know how is memory accessed, it is up to
1430 * resize callback to update device state and/or add assertions to detect
1431 * misuse, if necessary.
1432 */
1433 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1434 {
1435 RAMBlock *block = find_ram_block(base);
1436
1437 assert(block);
1438
1439 newsize = HOST_PAGE_ALIGN(newsize);
1440
1441 if (block->used_length == newsize) {
1442 return 0;
1443 }
1444
1445 if (!(block->flags & RAM_RESIZEABLE)) {
1446 error_setg_errno(errp, EINVAL,
1447 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1448 " in != 0x" RAM_ADDR_FMT, block->idstr,
1449 newsize, block->used_length);
1450 return -EINVAL;
1451 }
1452
1453 if (block->max_length < newsize) {
1454 error_setg_errno(errp, EINVAL,
1455 "Length too large: %s: 0x" RAM_ADDR_FMT
1456 " > 0x" RAM_ADDR_FMT, block->idstr,
1457 newsize, block->max_length);
1458 return -EINVAL;
1459 }
1460
1461 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1462 block->used_length = newsize;
1463 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1464 DIRTY_CLIENTS_ALL);
1465 memory_region_set_size(block->mr, newsize);
1466 if (block->resized) {
1467 block->resized(block->idstr, newsize, block->host);
1468 }
1469 return 0;
1470 }
1471
1472 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1473 {
1474 RAMBlock *block;
1475 RAMBlock *last_block = NULL;
1476 ram_addr_t old_ram_size, new_ram_size;
1477 Error *err = NULL;
1478
1479 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1480
1481 qemu_mutex_lock_ramlist();
1482 new_block->offset = find_ram_offset(new_block->max_length);
1483
1484 if (!new_block->host) {
1485 if (xen_enabled()) {
1486 xen_ram_alloc(new_block->offset, new_block->max_length,
1487 new_block->mr, &err);
1488 if (err) {
1489 error_propagate(errp, err);
1490 qemu_mutex_unlock_ramlist();
1491 return -1;
1492 }
1493 } else {
1494 new_block->host = phys_mem_alloc(new_block->max_length,
1495 &new_block->mr->align);
1496 if (!new_block->host) {
1497 error_setg_errno(errp, errno,
1498 "cannot set up guest memory '%s'",
1499 memory_region_name(new_block->mr));
1500 qemu_mutex_unlock_ramlist();
1501 return -1;
1502 }
1503 memory_try_enable_merging(new_block->host, new_block->max_length);
1504 }
1505 }
1506
1507 new_ram_size = MAX(old_ram_size,
1508 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1509 if (new_ram_size > old_ram_size) {
1510 migration_bitmap_extend(old_ram_size, new_ram_size);
1511 }
1512 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1513 * QLIST (which has an RCU-friendly variant) does not have insertion at
1514 * tail, so save the last element in last_block.
1515 */
1516 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1517 last_block = block;
1518 if (block->max_length < new_block->max_length) {
1519 break;
1520 }
1521 }
1522 if (block) {
1523 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1524 } else if (last_block) {
1525 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1526 } else { /* list is empty */
1527 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1528 }
1529 ram_list.mru_block = NULL;
1530
1531 /* Write list before version */
1532 smp_wmb();
1533 ram_list.version++;
1534 qemu_mutex_unlock_ramlist();
1535
1536 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1537
1538 if (new_ram_size > old_ram_size) {
1539 int i;
1540
1541 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1542 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1543 ram_list.dirty_memory[i] =
1544 bitmap_zero_extend(ram_list.dirty_memory[i],
1545 old_ram_size, new_ram_size);
1546 }
1547 }
1548 cpu_physical_memory_set_dirty_range(new_block->offset,
1549 new_block->used_length,
1550 DIRTY_CLIENTS_ALL);
1551
1552 if (new_block->host) {
1553 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1554 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1555 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1556 if (kvm_enabled()) {
1557 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1558 }
1559 }
1560
1561 return new_block->offset;
1562 }
1563
1564 #ifdef __linux__
1565 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1566 bool share, const char *mem_path,
1567 Error **errp)
1568 {
1569 RAMBlock *new_block;
1570 ram_addr_t addr;
1571 Error *local_err = NULL;
1572
1573 if (xen_enabled()) {
1574 error_setg(errp, "-mem-path not supported with Xen");
1575 return -1;
1576 }
1577
1578 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1579 /*
1580 * file_ram_alloc() needs to allocate just like
1581 * phys_mem_alloc, but we haven't bothered to provide
1582 * a hook there.
1583 */
1584 error_setg(errp,
1585 "-mem-path not supported with this accelerator");
1586 return -1;
1587 }
1588
1589 size = HOST_PAGE_ALIGN(size);
1590 new_block = g_malloc0(sizeof(*new_block));
1591 new_block->mr = mr;
1592 new_block->used_length = size;
1593 new_block->max_length = size;
1594 new_block->flags = share ? RAM_SHARED : 0;
1595 new_block->host = file_ram_alloc(new_block, size,
1596 mem_path, errp);
1597 if (!new_block->host) {
1598 g_free(new_block);
1599 return -1;
1600 }
1601
1602 addr = ram_block_add(new_block, &local_err);
1603 if (local_err) {
1604 g_free(new_block);
1605 error_propagate(errp, local_err);
1606 return -1;
1607 }
1608 return addr;
1609 }
1610 #endif
1611
1612 static
1613 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1614 void (*resized)(const char*,
1615 uint64_t length,
1616 void *host),
1617 void *host, bool resizeable,
1618 MemoryRegion *mr, Error **errp)
1619 {
1620 RAMBlock *new_block;
1621 ram_addr_t addr;
1622 Error *local_err = NULL;
1623
1624 size = HOST_PAGE_ALIGN(size);
1625 max_size = HOST_PAGE_ALIGN(max_size);
1626 new_block = g_malloc0(sizeof(*new_block));
1627 new_block->mr = mr;
1628 new_block->resized = resized;
1629 new_block->used_length = size;
1630 new_block->max_length = max_size;
1631 assert(max_size >= size);
1632 new_block->fd = -1;
1633 new_block->host = host;
1634 if (host) {
1635 new_block->flags |= RAM_PREALLOC;
1636 }
1637 if (resizeable) {
1638 new_block->flags |= RAM_RESIZEABLE;
1639 }
1640 addr = ram_block_add(new_block, &local_err);
1641 if (local_err) {
1642 g_free(new_block);
1643 error_propagate(errp, local_err);
1644 return -1;
1645 }
1646 return addr;
1647 }
1648
1649 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1650 MemoryRegion *mr, Error **errp)
1651 {
1652 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1653 }
1654
1655 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1656 {
1657 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1658 }
1659
1660 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1661 void (*resized)(const char*,
1662 uint64_t length,
1663 void *host),
1664 MemoryRegion *mr, Error **errp)
1665 {
1666 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1667 }
1668
1669 static void reclaim_ramblock(RAMBlock *block)
1670 {
1671 if (block->flags & RAM_PREALLOC) {
1672 ;
1673 } else if (xen_enabled()) {
1674 xen_invalidate_map_cache_entry(block->host);
1675 #ifndef _WIN32
1676 } else if (block->fd >= 0) {
1677 qemu_ram_munmap(block->host, block->max_length);
1678 close(block->fd);
1679 #endif
1680 } else {
1681 qemu_anon_ram_free(block->host, block->max_length);
1682 }
1683 g_free(block);
1684 }
1685
1686 void qemu_ram_free(ram_addr_t addr)
1687 {
1688 RAMBlock *block;
1689
1690 qemu_mutex_lock_ramlist();
1691 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1692 if (addr == block->offset) {
1693 QLIST_REMOVE_RCU(block, next);
1694 ram_list.mru_block = NULL;
1695 /* Write list before version */
1696 smp_wmb();
1697 ram_list.version++;
1698 call_rcu(block, reclaim_ramblock, rcu);
1699 break;
1700 }
1701 }
1702 qemu_mutex_unlock_ramlist();
1703 }
1704
1705 #ifndef _WIN32
1706 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1707 {
1708 RAMBlock *block;
1709 ram_addr_t offset;
1710 int flags;
1711 void *area, *vaddr;
1712
1713 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1714 offset = addr - block->offset;
1715 if (offset < block->max_length) {
1716 vaddr = ramblock_ptr(block, offset);
1717 if (block->flags & RAM_PREALLOC) {
1718 ;
1719 } else if (xen_enabled()) {
1720 abort();
1721 } else {
1722 flags = MAP_FIXED;
1723 if (block->fd >= 0) {
1724 flags |= (block->flags & RAM_SHARED ?
1725 MAP_SHARED : MAP_PRIVATE);
1726 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1727 flags, block->fd, offset);
1728 } else {
1729 /*
1730 * Remap needs to match alloc. Accelerators that
1731 * set phys_mem_alloc never remap. If they did,
1732 * we'd need a remap hook here.
1733 */
1734 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1735
1736 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1737 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1738 flags, -1, 0);
1739 }
1740 if (area != vaddr) {
1741 fprintf(stderr, "Could not remap addr: "
1742 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1743 length, addr);
1744 exit(1);
1745 }
1746 memory_try_enable_merging(vaddr, length);
1747 qemu_ram_setup_dump(vaddr, length);
1748 }
1749 }
1750 }
1751 }
1752 #endif /* !_WIN32 */
1753
1754 int qemu_get_ram_fd(ram_addr_t addr)
1755 {
1756 RAMBlock *block;
1757 int fd;
1758
1759 rcu_read_lock();
1760 block = qemu_get_ram_block(addr);
1761 fd = block->fd;
1762 rcu_read_unlock();
1763 return fd;
1764 }
1765
1766 void qemu_set_ram_fd(ram_addr_t addr, int fd)
1767 {
1768 RAMBlock *block;
1769
1770 rcu_read_lock();
1771 block = qemu_get_ram_block(addr);
1772 block->fd = fd;
1773 rcu_read_unlock();
1774 }
1775
1776 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1777 {
1778 RAMBlock *block;
1779 void *ptr;
1780
1781 rcu_read_lock();
1782 block = qemu_get_ram_block(addr);
1783 ptr = ramblock_ptr(block, 0);
1784 rcu_read_unlock();
1785 return ptr;
1786 }
1787
1788 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1789 * This should not be used for general purpose DMA. Use address_space_map
1790 * or address_space_rw instead. For local memory (e.g. video ram) that the
1791 * device owns, use memory_region_get_ram_ptr.
1792 *
1793 * Called within RCU critical section.
1794 */
1795 void *qemu_get_ram_ptr(ram_addr_t addr)
1796 {
1797 RAMBlock *block = qemu_get_ram_block(addr);
1798
1799 if (xen_enabled() && block->host == NULL) {
1800 /* We need to check if the requested address is in the RAM
1801 * because we don't want to map the entire memory in QEMU.
1802 * In that case just map until the end of the page.
1803 */
1804 if (block->offset == 0) {
1805 return xen_map_cache(addr, 0, 0);
1806 }
1807
1808 block->host = xen_map_cache(block->offset, block->max_length, 1);
1809 }
1810 return ramblock_ptr(block, addr - block->offset);
1811 }
1812
1813 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1814 * but takes a size argument.
1815 *
1816 * Called within RCU critical section.
1817 */
1818 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1819 {
1820 RAMBlock *block;
1821 ram_addr_t offset_inside_block;
1822 if (*size == 0) {
1823 return NULL;
1824 }
1825
1826 block = qemu_get_ram_block(addr);
1827 offset_inside_block = addr - block->offset;
1828 *size = MIN(*size, block->max_length - offset_inside_block);
1829
1830 if (xen_enabled() && block->host == NULL) {
1831 /* We need to check if the requested address is in the RAM
1832 * because we don't want to map the entire memory in QEMU.
1833 * In that case just map the requested area.
1834 */
1835 if (block->offset == 0) {
1836 return xen_map_cache(addr, *size, 1);
1837 }
1838
1839 block->host = xen_map_cache(block->offset, block->max_length, 1);
1840 }
1841
1842 return ramblock_ptr(block, offset_inside_block);
1843 }
1844
1845 /*
1846 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1847 * in that RAMBlock.
1848 *
1849 * ptr: Host pointer to look up
1850 * round_offset: If true round the result offset down to a page boundary
1851 * *ram_addr: set to result ram_addr
1852 * *offset: set to result offset within the RAMBlock
1853 *
1854 * Returns: RAMBlock (or NULL if not found)
1855 *
1856 * By the time this function returns, the returned pointer is not protected
1857 * by RCU anymore. If the caller is not within an RCU critical section and
1858 * does not hold the iothread lock, it must have other means of protecting the
1859 * pointer, such as a reference to the region that includes the incoming
1860 * ram_addr_t.
1861 */
1862 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1863 ram_addr_t *ram_addr,
1864 ram_addr_t *offset)
1865 {
1866 RAMBlock *block;
1867 uint8_t *host = ptr;
1868
1869 if (xen_enabled()) {
1870 rcu_read_lock();
1871 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1872 block = qemu_get_ram_block(*ram_addr);
1873 if (block) {
1874 *offset = (host - block->host);
1875 }
1876 rcu_read_unlock();
1877 return block;
1878 }
1879
1880 rcu_read_lock();
1881 block = atomic_rcu_read(&ram_list.mru_block);
1882 if (block && block->host && host - block->host < block->max_length) {
1883 goto found;
1884 }
1885
1886 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1887 /* This case append when the block is not mapped. */
1888 if (block->host == NULL) {
1889 continue;
1890 }
1891 if (host - block->host < block->max_length) {
1892 goto found;
1893 }
1894 }
1895
1896 rcu_read_unlock();
1897 return NULL;
1898
1899 found:
1900 *offset = (host - block->host);
1901 if (round_offset) {
1902 *offset &= TARGET_PAGE_MASK;
1903 }
1904 *ram_addr = block->offset + *offset;
1905 rcu_read_unlock();
1906 return block;
1907 }
1908
1909 /*
1910 * Finds the named RAMBlock
1911 *
1912 * name: The name of RAMBlock to find
1913 *
1914 * Returns: RAMBlock (or NULL if not found)
1915 */
1916 RAMBlock *qemu_ram_block_by_name(const char *name)
1917 {
1918 RAMBlock *block;
1919
1920 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1921 if (!strcmp(name, block->idstr)) {
1922 return block;
1923 }
1924 }
1925
1926 return NULL;
1927 }
1928
1929 /* Some of the softmmu routines need to translate from a host pointer
1930 (typically a TLB entry) back to a ram offset. */
1931 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1932 {
1933 RAMBlock *block;
1934 ram_addr_t offset; /* Not used */
1935
1936 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
1937
1938 if (!block) {
1939 return NULL;
1940 }
1941
1942 return block->mr;
1943 }
1944
1945 /* Called within RCU critical section. */
1946 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1947 uint64_t val, unsigned size)
1948 {
1949 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1950 tb_invalidate_phys_page_fast(ram_addr, size);
1951 }
1952 switch (size) {
1953 case 1:
1954 stb_p(qemu_get_ram_ptr(ram_addr), val);
1955 break;
1956 case 2:
1957 stw_p(qemu_get_ram_ptr(ram_addr), val);
1958 break;
1959 case 4:
1960 stl_p(qemu_get_ram_ptr(ram_addr), val);
1961 break;
1962 default:
1963 abort();
1964 }
1965 /* Set both VGA and migration bits for simplicity and to remove
1966 * the notdirty callback faster.
1967 */
1968 cpu_physical_memory_set_dirty_range(ram_addr, size,
1969 DIRTY_CLIENTS_NOCODE);
1970 /* we remove the notdirty callback only if the code has been
1971 flushed */
1972 if (!cpu_physical_memory_is_clean(ram_addr)) {
1973 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1974 }
1975 }
1976
1977 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1978 unsigned size, bool is_write)
1979 {
1980 return is_write;
1981 }
1982
1983 static const MemoryRegionOps notdirty_mem_ops = {
1984 .write = notdirty_mem_write,
1985 .valid.accepts = notdirty_mem_accepts,
1986 .endianness = DEVICE_NATIVE_ENDIAN,
1987 };
1988
1989 /* Generate a debug exception if a watchpoint has been hit. */
1990 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1991 {
1992 CPUState *cpu = current_cpu;
1993 CPUArchState *env = cpu->env_ptr;
1994 target_ulong pc, cs_base;
1995 target_ulong vaddr;
1996 CPUWatchpoint *wp;
1997 int cpu_flags;
1998
1999 if (cpu->watchpoint_hit) {
2000 /* We re-entered the check after replacing the TB. Now raise
2001 * the debug interrupt so that is will trigger after the
2002 * current instruction. */
2003 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2004 return;
2005 }
2006 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2007 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2008 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2009 && (wp->flags & flags)) {
2010 if (flags == BP_MEM_READ) {
2011 wp->flags |= BP_WATCHPOINT_HIT_READ;
2012 } else {
2013 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2014 }
2015 wp->hitaddr = vaddr;
2016 wp->hitattrs = attrs;
2017 if (!cpu->watchpoint_hit) {
2018 cpu->watchpoint_hit = wp;
2019 tb_check_watchpoint(cpu);
2020 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2021 cpu->exception_index = EXCP_DEBUG;
2022 cpu_loop_exit(cpu);
2023 } else {
2024 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2025 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2026 cpu_resume_from_signal(cpu, NULL);
2027 }
2028 }
2029 } else {
2030 wp->flags &= ~BP_WATCHPOINT_HIT;
2031 }
2032 }
2033 }
2034
2035 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2036 so these check for a hit then pass through to the normal out-of-line
2037 phys routines. */
2038 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2039 unsigned size, MemTxAttrs attrs)
2040 {
2041 MemTxResult res;
2042 uint64_t data;
2043
2044 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2045 switch (size) {
2046 case 1:
2047 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2048 break;
2049 case 2:
2050 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2051 break;
2052 case 4:
2053 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2054 break;
2055 default: abort();
2056 }
2057 *pdata = data;
2058 return res;
2059 }
2060
2061 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2062 uint64_t val, unsigned size,
2063 MemTxAttrs attrs)
2064 {
2065 MemTxResult res;
2066
2067 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2068 switch (size) {
2069 case 1:
2070 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2071 break;
2072 case 2:
2073 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2074 break;
2075 case 4:
2076 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2077 break;
2078 default: abort();
2079 }
2080 return res;
2081 }
2082
2083 static const MemoryRegionOps watch_mem_ops = {
2084 .read_with_attrs = watch_mem_read,
2085 .write_with_attrs = watch_mem_write,
2086 .endianness = DEVICE_NATIVE_ENDIAN,
2087 };
2088
2089 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2090 unsigned len, MemTxAttrs attrs)
2091 {
2092 subpage_t *subpage = opaque;
2093 uint8_t buf[8];
2094 MemTxResult res;
2095
2096 #if defined(DEBUG_SUBPAGE)
2097 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2098 subpage, len, addr);
2099 #endif
2100 res = address_space_read(subpage->as, addr + subpage->base,
2101 attrs, buf, len);
2102 if (res) {
2103 return res;
2104 }
2105 switch (len) {
2106 case 1:
2107 *data = ldub_p(buf);
2108 return MEMTX_OK;
2109 case 2:
2110 *data = lduw_p(buf);
2111 return MEMTX_OK;
2112 case 4:
2113 *data = ldl_p(buf);
2114 return MEMTX_OK;
2115 case 8:
2116 *data = ldq_p(buf);
2117 return MEMTX_OK;
2118 default:
2119 abort();
2120 }
2121 }
2122
2123 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2124 uint64_t value, unsigned len, MemTxAttrs attrs)
2125 {
2126 subpage_t *subpage = opaque;
2127 uint8_t buf[8];
2128
2129 #if defined(DEBUG_SUBPAGE)
2130 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2131 " value %"PRIx64"\n",
2132 __func__, subpage, len, addr, value);
2133 #endif
2134 switch (len) {
2135 case 1:
2136 stb_p(buf, value);
2137 break;
2138 case 2:
2139 stw_p(buf, value);
2140 break;
2141 case 4:
2142 stl_p(buf, value);
2143 break;
2144 case 8:
2145 stq_p(buf, value);
2146 break;
2147 default:
2148 abort();
2149 }
2150 return address_space_write(subpage->as, addr + subpage->base,
2151 attrs, buf, len);
2152 }
2153
2154 static bool subpage_accepts(void *opaque, hwaddr addr,
2155 unsigned len, bool is_write)
2156 {
2157 subpage_t *subpage = opaque;
2158 #if defined(DEBUG_SUBPAGE)
2159 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2160 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2161 #endif
2162
2163 return address_space_access_valid(subpage->as, addr + subpage->base,
2164 len, is_write);
2165 }
2166
2167 static const MemoryRegionOps subpage_ops = {
2168 .read_with_attrs = subpage_read,
2169 .write_with_attrs = subpage_write,
2170 .impl.min_access_size = 1,
2171 .impl.max_access_size = 8,
2172 .valid.min_access_size = 1,
2173 .valid.max_access_size = 8,
2174 .valid.accepts = subpage_accepts,
2175 .endianness = DEVICE_NATIVE_ENDIAN,
2176 };
2177
2178 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2179 uint16_t section)
2180 {
2181 int idx, eidx;
2182
2183 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2184 return -1;
2185 idx = SUBPAGE_IDX(start);
2186 eidx = SUBPAGE_IDX(end);
2187 #if defined(DEBUG_SUBPAGE)
2188 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2189 __func__, mmio, start, end, idx, eidx, section);
2190 #endif
2191 for (; idx <= eidx; idx++) {
2192 mmio->sub_section[idx] = section;
2193 }
2194
2195 return 0;
2196 }
2197
2198 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2199 {
2200 subpage_t *mmio;
2201
2202 mmio = g_malloc0(sizeof(subpage_t));
2203
2204 mmio->as = as;
2205 mmio->base = base;
2206 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2207 NULL, TARGET_PAGE_SIZE);
2208 mmio->iomem.subpage = true;
2209 #if defined(DEBUG_SUBPAGE)
2210 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2211 mmio, base, TARGET_PAGE_SIZE);
2212 #endif
2213 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2214
2215 return mmio;
2216 }
2217
2218 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2219 MemoryRegion *mr)
2220 {
2221 assert(as);
2222 MemoryRegionSection section = {
2223 .address_space = as,
2224 .mr = mr,
2225 .offset_within_address_space = 0,
2226 .offset_within_region = 0,
2227 .size = int128_2_64(),
2228 };
2229
2230 return phys_section_add(map, &section);
2231 }
2232
2233 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2234 {
2235 CPUAddressSpace *cpuas = &cpu->cpu_ases[0];
2236 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2237 MemoryRegionSection *sections = d->map.sections;
2238
2239 return sections[index & ~TARGET_PAGE_MASK].mr;
2240 }
2241
2242 static void io_mem_init(void)
2243 {
2244 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2245 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2246 NULL, UINT64_MAX);
2247 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2248 NULL, UINT64_MAX);
2249 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2250 NULL, UINT64_MAX);
2251 }
2252
2253 static void mem_begin(MemoryListener *listener)
2254 {
2255 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2256 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2257 uint16_t n;
2258
2259 n = dummy_section(&d->map, as, &io_mem_unassigned);
2260 assert(n == PHYS_SECTION_UNASSIGNED);
2261 n = dummy_section(&d->map, as, &io_mem_notdirty);
2262 assert(n == PHYS_SECTION_NOTDIRTY);
2263 n = dummy_section(&d->map, as, &io_mem_rom);
2264 assert(n == PHYS_SECTION_ROM);
2265 n = dummy_section(&d->map, as, &io_mem_watch);
2266 assert(n == PHYS_SECTION_WATCH);
2267
2268 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2269 d->as = as;
2270 as->next_dispatch = d;
2271 }
2272
2273 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2274 {
2275 phys_sections_free(&d->map);
2276 g_free(d);
2277 }
2278
2279 static void mem_commit(MemoryListener *listener)
2280 {
2281 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2282 AddressSpaceDispatch *cur = as->dispatch;
2283 AddressSpaceDispatch *next = as->next_dispatch;
2284
2285 phys_page_compact_all(next, next->map.nodes_nb);
2286
2287 atomic_rcu_set(&as->dispatch, next);
2288 if (cur) {
2289 call_rcu(cur, address_space_dispatch_free, rcu);
2290 }
2291 }
2292
2293 static void tcg_commit(MemoryListener *listener)
2294 {
2295 CPUAddressSpace *cpuas;
2296 AddressSpaceDispatch *d;
2297
2298 /* since each CPU stores ram addresses in its TLB cache, we must
2299 reset the modified entries */
2300 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2301 cpu_reloading_memory_map();
2302 /* The CPU and TLB are protected by the iothread lock.
2303 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2304 * may have split the RCU critical section.
2305 */
2306 d = atomic_rcu_read(&cpuas->as->dispatch);
2307 cpuas->memory_dispatch = d;
2308 tlb_flush(cpuas->cpu, 1);
2309 }
2310
2311 void address_space_init_dispatch(AddressSpace *as)
2312 {
2313 as->dispatch = NULL;
2314 as->dispatch_listener = (MemoryListener) {
2315 .begin = mem_begin,
2316 .commit = mem_commit,
2317 .region_add = mem_add,
2318 .region_nop = mem_add,
2319 .priority = 0,
2320 };
2321 memory_listener_register(&as->dispatch_listener, as);
2322 }
2323
2324 void address_space_unregister(AddressSpace *as)
2325 {
2326 memory_listener_unregister(&as->dispatch_listener);
2327 }
2328
2329 void address_space_destroy_dispatch(AddressSpace *as)
2330 {
2331 AddressSpaceDispatch *d = as->dispatch;
2332
2333 atomic_rcu_set(&as->dispatch, NULL);
2334 if (d) {
2335 call_rcu(d, address_space_dispatch_free, rcu);
2336 }
2337 }
2338
2339 static void memory_map_init(void)
2340 {
2341 system_memory = g_malloc(sizeof(*system_memory));
2342
2343 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2344 address_space_init(&address_space_memory, system_memory, "memory");
2345
2346 system_io = g_malloc(sizeof(*system_io));
2347 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2348 65536);
2349 address_space_init(&address_space_io, system_io, "I/O");
2350 }
2351
2352 MemoryRegion *get_system_memory(void)
2353 {
2354 return system_memory;
2355 }
2356
2357 MemoryRegion *get_system_io(void)
2358 {
2359 return system_io;
2360 }
2361
2362 #endif /* !defined(CONFIG_USER_ONLY) */
2363
2364 /* physical memory access (slow version, mainly for debug) */
2365 #if defined(CONFIG_USER_ONLY)
2366 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2367 uint8_t *buf, int len, int is_write)
2368 {
2369 int l, flags;
2370 target_ulong page;
2371 void * p;
2372
2373 while (len > 0) {
2374 page = addr & TARGET_PAGE_MASK;
2375 l = (page + TARGET_PAGE_SIZE) - addr;
2376 if (l > len)
2377 l = len;
2378 flags = page_get_flags(page);
2379 if (!(flags & PAGE_VALID))
2380 return -1;
2381 if (is_write) {
2382 if (!(flags & PAGE_WRITE))
2383 return -1;
2384 /* XXX: this code should not depend on lock_user */
2385 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2386 return -1;
2387 memcpy(p, buf, l);
2388 unlock_user(p, addr, l);
2389 } else {
2390 if (!(flags & PAGE_READ))
2391 return -1;
2392 /* XXX: this code should not depend on lock_user */
2393 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2394 return -1;
2395 memcpy(buf, p, l);
2396 unlock_user(p, addr, 0);
2397 }
2398 len -= l;
2399 buf += l;
2400 addr += l;
2401 }
2402 return 0;
2403 }
2404
2405 #else
2406
2407 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2408 hwaddr length)
2409 {
2410 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2411 /* No early return if dirty_log_mask is or becomes 0, because
2412 * cpu_physical_memory_set_dirty_range will still call
2413 * xen_modified_memory.
2414 */
2415 if (dirty_log_mask) {
2416 dirty_log_mask =
2417 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2418 }
2419 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2420 tb_invalidate_phys_range(addr, addr + length);
2421 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2422 }
2423 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2424 }
2425
2426 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2427 {
2428 unsigned access_size_max = mr->ops->valid.max_access_size;
2429
2430 /* Regions are assumed to support 1-4 byte accesses unless
2431 otherwise specified. */
2432 if (access_size_max == 0) {
2433 access_size_max = 4;
2434 }
2435
2436 /* Bound the maximum access by the alignment of the address. */
2437 if (!mr->ops->impl.unaligned) {
2438 unsigned align_size_max = addr & -addr;
2439 if (align_size_max != 0 && align_size_max < access_size_max) {
2440 access_size_max = align_size_max;
2441 }
2442 }
2443
2444 /* Don't attempt accesses larger than the maximum. */
2445 if (l > access_size_max) {
2446 l = access_size_max;
2447 }
2448 l = pow2floor(l);
2449
2450 return l;
2451 }
2452
2453 static bool prepare_mmio_access(MemoryRegion *mr)
2454 {
2455 bool unlocked = !qemu_mutex_iothread_locked();
2456 bool release_lock = false;
2457
2458 if (unlocked && mr->global_locking) {
2459 qemu_mutex_lock_iothread();
2460 unlocked = false;
2461 release_lock = true;
2462 }
2463 if (mr->flush_coalesced_mmio) {
2464 if (unlocked) {
2465 qemu_mutex_lock_iothread();
2466 }
2467 qemu_flush_coalesced_mmio_buffer();
2468 if (unlocked) {
2469 qemu_mutex_unlock_iothread();
2470 }
2471 }
2472
2473 return release_lock;
2474 }
2475
2476 /* Called within RCU critical section. */
2477 static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2478 MemTxAttrs attrs,
2479 const uint8_t *buf,
2480 int len, hwaddr addr1,
2481 hwaddr l, MemoryRegion *mr)
2482 {
2483 uint8_t *ptr;
2484 uint64_t val;
2485 MemTxResult result = MEMTX_OK;
2486 bool release_lock = false;
2487
2488 for (;;) {
2489 if (!memory_access_is_direct(mr, true)) {
2490 release_lock |= prepare_mmio_access(mr);
2491 l = memory_access_size(mr, l, addr1);
2492 /* XXX: could force current_cpu to NULL to avoid
2493 potential bugs */
2494 switch (l) {
2495 case 8:
2496 /* 64 bit write access */
2497 val = ldq_p(buf);
2498 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2499 attrs);
2500 break;
2501 case 4:
2502 /* 32 bit write access */
2503 val = ldl_p(buf);
2504 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2505 attrs);
2506 break;
2507 case 2:
2508 /* 16 bit write access */
2509 val = lduw_p(buf);
2510 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2511 attrs);
2512 break;
2513 case 1:
2514 /* 8 bit write access */
2515 val = ldub_p(buf);
2516 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2517 attrs);
2518 break;
2519 default:
2520 abort();
2521 }
2522 } else {
2523 addr1 += memory_region_get_ram_addr(mr);
2524 /* RAM case */
2525 ptr = qemu_get_ram_ptr(addr1);
2526 memcpy(ptr, buf, l);
2527 invalidate_and_set_dirty(mr, addr1, l);
2528 }
2529
2530 if (release_lock) {
2531 qemu_mutex_unlock_iothread();
2532 release_lock = false;
2533 }
2534
2535 len -= l;
2536 buf += l;
2537 addr += l;
2538
2539 if (!len) {
2540 break;
2541 }
2542
2543 l = len;
2544 mr = address_space_translate(as, addr, &addr1, &l, true);
2545 }
2546
2547 return result;
2548 }
2549
2550 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2551 const uint8_t *buf, int len)
2552 {
2553 hwaddr l;
2554 hwaddr addr1;
2555 MemoryRegion *mr;
2556 MemTxResult result = MEMTX_OK;
2557
2558 if (len > 0) {
2559 rcu_read_lock();
2560 l = len;
2561 mr = address_space_translate(as, addr, &addr1, &l, true);
2562 result = address_space_write_continue(as, addr, attrs, buf, len,
2563 addr1, l, mr);
2564 rcu_read_unlock();
2565 }
2566
2567 return result;
2568 }
2569
2570 /* Called within RCU critical section. */
2571 MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2572 MemTxAttrs attrs, uint8_t *buf,
2573 int len, hwaddr addr1, hwaddr l,
2574 MemoryRegion *mr)
2575 {
2576 uint8_t *ptr;
2577 uint64_t val;
2578 MemTxResult result = MEMTX_OK;
2579 bool release_lock = false;
2580
2581 for (;;) {
2582 if (!memory_access_is_direct(mr, false)) {
2583 /* I/O case */
2584 release_lock |= prepare_mmio_access(mr);
2585 l = memory_access_size(mr, l, addr1);
2586 switch (l) {
2587 case 8:
2588 /* 64 bit read access */
2589 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2590 attrs);
2591 stq_p(buf, val);
2592 break;
2593 case 4:
2594 /* 32 bit read access */
2595 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2596 attrs);
2597 stl_p(buf, val);
2598 break;
2599 case 2:
2600 /* 16 bit read access */
2601 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2602 attrs);
2603 stw_p(buf, val);
2604 break;
2605 case 1:
2606 /* 8 bit read access */
2607 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2608 attrs);
2609 stb_p(buf, val);
2610 break;
2611 default:
2612 abort();
2613 }
2614 } else {
2615 /* RAM case */
2616 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2617 memcpy(buf, ptr, l);
2618 }
2619
2620 if (release_lock) {
2621 qemu_mutex_unlock_iothread();
2622 release_lock = false;
2623 }
2624
2625 len -= l;
2626 buf += l;
2627 addr += l;
2628
2629 if (!len) {
2630 break;
2631 }
2632
2633 l = len;
2634 mr = address_space_translate(as, addr, &addr1, &l, false);
2635 }
2636
2637 return result;
2638 }
2639
2640 MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2641 MemTxAttrs attrs, uint8_t *buf, int len)
2642 {
2643 hwaddr l;
2644 hwaddr addr1;
2645 MemoryRegion *mr;
2646 MemTxResult result = MEMTX_OK;
2647
2648 if (len > 0) {
2649 rcu_read_lock();
2650 l = len;
2651 mr = address_space_translate(as, addr, &addr1, &l, false);
2652 result = address_space_read_continue(as, addr, attrs, buf, len,
2653 addr1, l, mr);
2654 rcu_read_unlock();
2655 }
2656
2657 return result;
2658 }
2659
2660 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2661 uint8_t *buf, int len, bool is_write)
2662 {
2663 if (is_write) {
2664 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2665 } else {
2666 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2667 }
2668 }
2669
2670 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2671 int len, int is_write)
2672 {
2673 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2674 buf, len, is_write);
2675 }
2676
2677 enum write_rom_type {
2678 WRITE_DATA,
2679 FLUSH_CACHE,
2680 };
2681
2682 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2683 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2684 {
2685 hwaddr l;
2686 uint8_t *ptr;
2687 hwaddr addr1;
2688 MemoryRegion *mr;
2689
2690 rcu_read_lock();
2691 while (len > 0) {
2692 l = len;
2693 mr = address_space_translate(as, addr, &addr1, &l, true);
2694
2695 if (!(memory_region_is_ram(mr) ||
2696 memory_region_is_romd(mr))) {
2697 l = memory_access_size(mr, l, addr1);
2698 } else {
2699 addr1 += memory_region_get_ram_addr(mr);
2700 /* ROM/RAM case */
2701 ptr = qemu_get_ram_ptr(addr1);
2702 switch (type) {
2703 case WRITE_DATA:
2704 memcpy(ptr, buf, l);
2705 invalidate_and_set_dirty(mr, addr1, l);
2706 break;
2707 case FLUSH_CACHE:
2708 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2709 break;
2710 }
2711 }
2712 len -= l;
2713 buf += l;
2714 addr += l;
2715 }
2716 rcu_read_unlock();
2717 }
2718
2719 /* used for ROM loading : can write in RAM and ROM */
2720 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2721 const uint8_t *buf, int len)
2722 {
2723 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2724 }
2725
2726 void cpu_flush_icache_range(hwaddr start, int len)
2727 {
2728 /*
2729 * This function should do the same thing as an icache flush that was
2730 * triggered from within the guest. For TCG we are always cache coherent,
2731 * so there is no need to flush anything. For KVM / Xen we need to flush
2732 * the host's instruction cache at least.
2733 */
2734 if (tcg_enabled()) {
2735 return;
2736 }
2737
2738 cpu_physical_memory_write_rom_internal(&address_space_memory,
2739 start, NULL, len, FLUSH_CACHE);
2740 }
2741
2742 typedef struct {
2743 MemoryRegion *mr;
2744 void *buffer;
2745 hwaddr addr;
2746 hwaddr len;
2747 bool in_use;
2748 } BounceBuffer;
2749
2750 static BounceBuffer bounce;
2751
2752 typedef struct MapClient {
2753 QEMUBH *bh;
2754 QLIST_ENTRY(MapClient) link;
2755 } MapClient;
2756
2757 QemuMutex map_client_list_lock;
2758 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2759 = QLIST_HEAD_INITIALIZER(map_client_list);
2760
2761 static void cpu_unregister_map_client_do(MapClient *client)
2762 {
2763 QLIST_REMOVE(client, link);
2764 g_free(client);
2765 }
2766
2767 static void cpu_notify_map_clients_locked(void)
2768 {
2769 MapClient *client;
2770
2771 while (!QLIST_EMPTY(&map_client_list)) {
2772 client = QLIST_FIRST(&map_client_list);
2773 qemu_bh_schedule(client->bh);
2774 cpu_unregister_map_client_do(client);
2775 }
2776 }
2777
2778 void cpu_register_map_client(QEMUBH *bh)
2779 {
2780 MapClient *client = g_malloc(sizeof(*client));
2781
2782 qemu_mutex_lock(&map_client_list_lock);
2783 client->bh = bh;
2784 QLIST_INSERT_HEAD(&map_client_list, client, link);
2785 if (!atomic_read(&bounce.in_use)) {
2786 cpu_notify_map_clients_locked();
2787 }
2788 qemu_mutex_unlock(&map_client_list_lock);
2789 }
2790
2791 void cpu_exec_init_all(void)
2792 {
2793 qemu_mutex_init(&ram_list.mutex);
2794 io_mem_init();
2795 memory_map_init();
2796 qemu_mutex_init(&map_client_list_lock);
2797 }
2798
2799 void cpu_unregister_map_client(QEMUBH *bh)
2800 {
2801 MapClient *client;
2802
2803 qemu_mutex_lock(&map_client_list_lock);
2804 QLIST_FOREACH(client, &map_client_list, link) {
2805 if (client->bh == bh) {
2806 cpu_unregister_map_client_do(client);
2807 break;
2808 }
2809 }
2810 qemu_mutex_unlock(&map_client_list_lock);
2811 }
2812
2813 static void cpu_notify_map_clients(void)
2814 {
2815 qemu_mutex_lock(&map_client_list_lock);
2816 cpu_notify_map_clients_locked();
2817 qemu_mutex_unlock(&map_client_list_lock);
2818 }
2819
2820 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2821 {
2822 MemoryRegion *mr;
2823 hwaddr l, xlat;
2824
2825 rcu_read_lock();
2826 while (len > 0) {
2827 l = len;
2828 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2829 if (!memory_access_is_direct(mr, is_write)) {
2830 l = memory_access_size(mr, l, addr);
2831 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2832 return false;
2833 }
2834 }
2835
2836 len -= l;
2837 addr += l;
2838 }
2839 rcu_read_unlock();
2840 return true;
2841 }
2842
2843 /* Map a physical memory region into a host virtual address.
2844 * May map a subset of the requested range, given by and returned in *plen.
2845 * May return NULL if resources needed to perform the mapping are exhausted.
2846 * Use only for reads OR writes - not for read-modify-write operations.
2847 * Use cpu_register_map_client() to know when retrying the map operation is
2848 * likely to succeed.
2849 */
2850 void *address_space_map(AddressSpace *as,
2851 hwaddr addr,
2852 hwaddr *plen,
2853 bool is_write)
2854 {
2855 hwaddr len = *plen;
2856 hwaddr done = 0;
2857 hwaddr l, xlat, base;
2858 MemoryRegion *mr, *this_mr;
2859 ram_addr_t raddr;
2860 void *ptr;
2861
2862 if (len == 0) {
2863 return NULL;
2864 }
2865
2866 l = len;
2867 rcu_read_lock();
2868 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2869
2870 if (!memory_access_is_direct(mr, is_write)) {
2871 if (atomic_xchg(&bounce.in_use, true)) {
2872 rcu_read_unlock();
2873 return NULL;
2874 }
2875 /* Avoid unbounded allocations */
2876 l = MIN(l, TARGET_PAGE_SIZE);
2877 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2878 bounce.addr = addr;
2879 bounce.len = l;
2880
2881 memory_region_ref(mr);
2882 bounce.mr = mr;
2883 if (!is_write) {
2884 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2885 bounce.buffer, l);
2886 }
2887
2888 rcu_read_unlock();
2889 *plen = l;
2890 return bounce.buffer;
2891 }
2892
2893 base = xlat;
2894 raddr = memory_region_get_ram_addr(mr);
2895
2896 for (;;) {
2897 len -= l;
2898 addr += l;
2899 done += l;
2900 if (len == 0) {
2901 break;
2902 }
2903
2904 l = len;
2905 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2906 if (this_mr != mr || xlat != base + done) {
2907 break;
2908 }
2909 }
2910
2911 memory_region_ref(mr);
2912 *plen = done;
2913 ptr = qemu_ram_ptr_length(raddr + base, plen);
2914 rcu_read_unlock();
2915
2916 return ptr;
2917 }
2918
2919 /* Unmaps a memory region previously mapped by address_space_map().
2920 * Will also mark the memory as dirty if is_write == 1. access_len gives
2921 * the amount of memory that was actually read or written by the caller.
2922 */
2923 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2924 int is_write, hwaddr access_len)
2925 {
2926 if (buffer != bounce.buffer) {
2927 MemoryRegion *mr;
2928 ram_addr_t addr1;
2929
2930 mr = qemu_ram_addr_from_host(buffer, &addr1);
2931 assert(mr != NULL);
2932 if (is_write) {
2933 invalidate_and_set_dirty(mr, addr1, access_len);
2934 }
2935 if (xen_enabled()) {
2936 xen_invalidate_map_cache_entry(buffer);
2937 }
2938 memory_region_unref(mr);
2939 return;
2940 }
2941 if (is_write) {
2942 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2943 bounce.buffer, access_len);
2944 }
2945 qemu_vfree(bounce.buffer);
2946 bounce.buffer = NULL;
2947 memory_region_unref(bounce.mr);
2948 atomic_mb_set(&bounce.in_use, false);
2949 cpu_notify_map_clients();
2950 }
2951
2952 void *cpu_physical_memory_map(hwaddr addr,
2953 hwaddr *plen,
2954 int is_write)
2955 {
2956 return address_space_map(&address_space_memory, addr, plen, is_write);
2957 }
2958
2959 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2960 int is_write, hwaddr access_len)
2961 {
2962 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2963 }
2964
2965 /* warning: addr must be aligned */
2966 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2967 MemTxAttrs attrs,
2968 MemTxResult *result,
2969 enum device_endian endian)
2970 {
2971 uint8_t *ptr;
2972 uint64_t val;
2973 MemoryRegion *mr;
2974 hwaddr l = 4;
2975 hwaddr addr1;
2976 MemTxResult r;
2977 bool release_lock = false;
2978
2979 rcu_read_lock();
2980 mr = address_space_translate(as, addr, &addr1, &l, false);
2981 if (l < 4 || !memory_access_is_direct(mr, false)) {
2982 release_lock |= prepare_mmio_access(mr);
2983
2984 /* I/O case */
2985 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2986 #if defined(TARGET_WORDS_BIGENDIAN)
2987 if (endian == DEVICE_LITTLE_ENDIAN) {
2988 val = bswap32(val);
2989 }
2990 #else
2991 if (endian == DEVICE_BIG_ENDIAN) {
2992 val = bswap32(val);
2993 }
2994 #endif
2995 } else {
2996 /* RAM case */
2997 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2998 & TARGET_PAGE_MASK)
2999 + addr1);
3000 switch (endian) {
3001 case DEVICE_LITTLE_ENDIAN:
3002 val = ldl_le_p(ptr);
3003 break;
3004 case DEVICE_BIG_ENDIAN:
3005 val = ldl_be_p(ptr);
3006 break;
3007 default:
3008 val = ldl_p(ptr);
3009 break;
3010 }
3011 r = MEMTX_OK;
3012 }
3013 if (result) {
3014 *result = r;
3015 }
3016 if (release_lock) {
3017 qemu_mutex_unlock_iothread();
3018 }
3019 rcu_read_unlock();
3020 return val;
3021 }
3022
3023 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3024 MemTxAttrs attrs, MemTxResult *result)
3025 {
3026 return address_space_ldl_internal(as, addr, attrs, result,
3027 DEVICE_NATIVE_ENDIAN);
3028 }
3029
3030 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3031 MemTxAttrs attrs, MemTxResult *result)
3032 {
3033 return address_space_ldl_internal(as, addr, attrs, result,
3034 DEVICE_LITTLE_ENDIAN);
3035 }
3036
3037 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3038 MemTxAttrs attrs, MemTxResult *result)
3039 {
3040 return address_space_ldl_internal(as, addr, attrs, result,
3041 DEVICE_BIG_ENDIAN);
3042 }
3043
3044 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
3045 {
3046 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3047 }
3048
3049 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
3050 {
3051 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3052 }
3053
3054 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
3055 {
3056 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3057 }
3058
3059 /* warning: addr must be aligned */
3060 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3061 MemTxAttrs attrs,
3062 MemTxResult *result,
3063 enum device_endian endian)
3064 {
3065 uint8_t *ptr;
3066 uint64_t val;
3067 MemoryRegion *mr;
3068 hwaddr l = 8;
3069 hwaddr addr1;
3070 MemTxResult r;
3071 bool release_lock = false;
3072
3073 rcu_read_lock();
3074 mr = address_space_translate(as, addr, &addr1, &l,
3075 false);
3076 if (l < 8 || !memory_access_is_direct(mr, false)) {
3077 release_lock |= prepare_mmio_access(mr);
3078
3079 /* I/O case */
3080 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3081 #if defined(TARGET_WORDS_BIGENDIAN)
3082 if (endian == DEVICE_LITTLE_ENDIAN) {
3083 val = bswap64(val);
3084 }
3085 #else
3086 if (endian == DEVICE_BIG_ENDIAN) {
3087 val = bswap64(val);
3088 }
3089 #endif
3090 } else {
3091 /* RAM case */
3092 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3093 & TARGET_PAGE_MASK)
3094 + addr1);
3095 switch (endian) {
3096 case DEVICE_LITTLE_ENDIAN:
3097 val = ldq_le_p(ptr);
3098 break;
3099 case DEVICE_BIG_ENDIAN:
3100 val = ldq_be_p(ptr);
3101 break;
3102 default:
3103 val = ldq_p(ptr);
3104 break;
3105 }
3106 r = MEMTX_OK;
3107 }
3108 if (result) {
3109 *result = r;
3110 }
3111 if (release_lock) {
3112 qemu_mutex_unlock_iothread();
3113 }
3114 rcu_read_unlock();
3115 return val;
3116 }
3117
3118 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3119 MemTxAttrs attrs, MemTxResult *result)
3120 {
3121 return address_space_ldq_internal(as, addr, attrs, result,
3122 DEVICE_NATIVE_ENDIAN);
3123 }
3124
3125 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3126 MemTxAttrs attrs, MemTxResult *result)
3127 {
3128 return address_space_ldq_internal(as, addr, attrs, result,
3129 DEVICE_LITTLE_ENDIAN);
3130 }
3131
3132 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3133 MemTxAttrs attrs, MemTxResult *result)
3134 {
3135 return address_space_ldq_internal(as, addr, attrs, result,
3136 DEVICE_BIG_ENDIAN);
3137 }
3138
3139 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3140 {
3141 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3142 }
3143
3144 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3145 {
3146 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3147 }
3148
3149 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3150 {
3151 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3152 }
3153
3154 /* XXX: optimize */
3155 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3156 MemTxAttrs attrs, MemTxResult *result)
3157 {
3158 uint8_t val;
3159 MemTxResult r;
3160
3161 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3162 if (result) {
3163 *result = r;
3164 }
3165 return val;
3166 }
3167
3168 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3169 {
3170 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3171 }
3172
3173 /* warning: addr must be aligned */
3174 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3175 hwaddr addr,
3176 MemTxAttrs attrs,
3177 MemTxResult *result,
3178 enum device_endian endian)
3179 {
3180 uint8_t *ptr;
3181 uint64_t val;
3182 MemoryRegion *mr;
3183 hwaddr l = 2;
3184 hwaddr addr1;
3185 MemTxResult r;
3186 bool release_lock = false;
3187
3188 rcu_read_lock();
3189 mr = address_space_translate(as, addr, &addr1, &l,
3190 false);
3191 if (l < 2 || !memory_access_is_direct(mr, false)) {
3192 release_lock |= prepare_mmio_access(mr);
3193
3194 /* I/O case */
3195 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3196 #if defined(TARGET_WORDS_BIGENDIAN)
3197 if (endian == DEVICE_LITTLE_ENDIAN) {
3198 val = bswap16(val);
3199 }
3200 #else
3201 if (endian == DEVICE_BIG_ENDIAN) {
3202 val = bswap16(val);
3203 }
3204 #endif
3205 } else {
3206 /* RAM case */
3207 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3208 & TARGET_PAGE_MASK)
3209 + addr1);
3210 switch (endian) {
3211 case DEVICE_LITTLE_ENDIAN:
3212 val = lduw_le_p(ptr);
3213 break;
3214 case DEVICE_BIG_ENDIAN:
3215 val = lduw_be_p(ptr);
3216 break;
3217 default:
3218 val = lduw_p(ptr);
3219 break;
3220 }
3221 r = MEMTX_OK;
3222 }
3223 if (result) {
3224 *result = r;
3225 }
3226 if (release_lock) {
3227 qemu_mutex_unlock_iothread();
3228 }
3229 rcu_read_unlock();
3230 return val;
3231 }
3232
3233 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3234 MemTxAttrs attrs, MemTxResult *result)
3235 {
3236 return address_space_lduw_internal(as, addr, attrs, result,
3237 DEVICE_NATIVE_ENDIAN);
3238 }
3239
3240 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3241 MemTxAttrs attrs, MemTxResult *result)
3242 {
3243 return address_space_lduw_internal(as, addr, attrs, result,
3244 DEVICE_LITTLE_ENDIAN);
3245 }
3246
3247 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3248 MemTxAttrs attrs, MemTxResult *result)
3249 {
3250 return address_space_lduw_internal(as, addr, attrs, result,
3251 DEVICE_BIG_ENDIAN);
3252 }
3253
3254 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3255 {
3256 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3257 }
3258
3259 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3260 {
3261 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3262 }
3263
3264 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3265 {
3266 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3267 }
3268
3269 /* warning: addr must be aligned. The ram page is not masked as dirty
3270 and the code inside is not invalidated. It is useful if the dirty
3271 bits are used to track modified PTEs */
3272 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3273 MemTxAttrs attrs, MemTxResult *result)
3274 {
3275 uint8_t *ptr;
3276 MemoryRegion *mr;
3277 hwaddr l = 4;
3278 hwaddr addr1;
3279 MemTxResult r;
3280 uint8_t dirty_log_mask;
3281 bool release_lock = false;
3282
3283 rcu_read_lock();
3284 mr = address_space_translate(as, addr, &addr1, &l,
3285 true);
3286 if (l < 4 || !memory_access_is_direct(mr, true)) {
3287 release_lock |= prepare_mmio_access(mr);
3288
3289 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3290 } else {
3291 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3292 ptr = qemu_get_ram_ptr(addr1);
3293 stl_p(ptr, val);
3294
3295 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3296 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3297 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3298 r = MEMTX_OK;
3299 }
3300 if (result) {
3301 *result = r;
3302 }
3303 if (release_lock) {
3304 qemu_mutex_unlock_iothread();
3305 }
3306 rcu_read_unlock();
3307 }
3308
3309 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3310 {
3311 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3312 }
3313
3314 /* warning: addr must be aligned */
3315 static inline void address_space_stl_internal(AddressSpace *as,
3316 hwaddr addr, uint32_t val,
3317 MemTxAttrs attrs,
3318 MemTxResult *result,
3319 enum device_endian endian)
3320 {
3321 uint8_t *ptr;
3322 MemoryRegion *mr;
3323 hwaddr l = 4;
3324 hwaddr addr1;
3325 MemTxResult r;
3326 bool release_lock = false;
3327
3328 rcu_read_lock();
3329 mr = address_space_translate(as, addr, &addr1, &l,
3330 true);
3331 if (l < 4 || !memory_access_is_direct(mr, true)) {
3332 release_lock |= prepare_mmio_access(mr);
3333
3334 #if defined(TARGET_WORDS_BIGENDIAN)
3335 if (endian == DEVICE_LITTLE_ENDIAN) {
3336 val = bswap32(val);
3337 }
3338 #else
3339 if (endian == DEVICE_BIG_ENDIAN) {
3340 val = bswap32(val);
3341 }
3342 #endif
3343 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3344 } else {
3345 /* RAM case */
3346 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3347 ptr = qemu_get_ram_ptr(addr1);
3348 switch (endian) {
3349 case DEVICE_LITTLE_ENDIAN:
3350 stl_le_p(ptr, val);
3351 break;
3352 case DEVICE_BIG_ENDIAN:
3353 stl_be_p(ptr, val);
3354 break;
3355 default:
3356 stl_p(ptr, val);
3357 break;
3358 }
3359 invalidate_and_set_dirty(mr, addr1, 4);
3360 r = MEMTX_OK;
3361 }
3362 if (result) {
3363 *result = r;
3364 }
3365 if (release_lock) {
3366 qemu_mutex_unlock_iothread();
3367 }
3368 rcu_read_unlock();
3369 }
3370
3371 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3372 MemTxAttrs attrs, MemTxResult *result)
3373 {
3374 address_space_stl_internal(as, addr, val, attrs, result,
3375 DEVICE_NATIVE_ENDIAN);
3376 }
3377
3378 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3379 MemTxAttrs attrs, MemTxResult *result)
3380 {
3381 address_space_stl_internal(as, addr, val, attrs, result,
3382 DEVICE_LITTLE_ENDIAN);
3383 }
3384
3385 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3386 MemTxAttrs attrs, MemTxResult *result)
3387 {
3388 address_space_stl_internal(as, addr, val, attrs, result,
3389 DEVICE_BIG_ENDIAN);
3390 }
3391
3392 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3393 {
3394 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3395 }
3396
3397 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3398 {
3399 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3400 }
3401
3402 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3403 {
3404 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3405 }
3406
3407 /* XXX: optimize */
3408 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3409 MemTxAttrs attrs, MemTxResult *result)
3410 {
3411 uint8_t v = val;
3412 MemTxResult r;
3413
3414 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3415 if (result) {
3416 *result = r;
3417 }
3418 }
3419
3420 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3421 {
3422 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3423 }
3424
3425 /* warning: addr must be aligned */
3426 static inline void address_space_stw_internal(AddressSpace *as,
3427 hwaddr addr, uint32_t val,
3428 MemTxAttrs attrs,
3429 MemTxResult *result,
3430 enum device_endian endian)
3431 {
3432 uint8_t *ptr;
3433 MemoryRegion *mr;
3434 hwaddr l = 2;
3435 hwaddr addr1;
3436 MemTxResult r;
3437 bool release_lock = false;
3438
3439 rcu_read_lock();
3440 mr = address_space_translate(as, addr, &addr1, &l, true);
3441 if (l < 2 || !memory_access_is_direct(mr, true)) {
3442 release_lock |= prepare_mmio_access(mr);
3443
3444 #if defined(TARGET_WORDS_BIGENDIAN)
3445 if (endian == DEVICE_LITTLE_ENDIAN) {
3446 val = bswap16(val);
3447 }
3448 #else
3449 if (endian == DEVICE_BIG_ENDIAN) {
3450 val = bswap16(val);
3451 }
3452 #endif
3453 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3454 } else {
3455 /* RAM case */
3456 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3457 ptr = qemu_get_ram_ptr(addr1);
3458 switch (endian) {
3459 case DEVICE_LITTLE_ENDIAN:
3460 stw_le_p(ptr, val);
3461 break;
3462 case DEVICE_BIG_ENDIAN:
3463 stw_be_p(ptr, val);
3464 break;
3465 default:
3466 stw_p(ptr, val);
3467 break;
3468 }
3469 invalidate_and_set_dirty(mr, addr1, 2);
3470 r = MEMTX_OK;
3471 }
3472 if (result) {
3473 *result = r;
3474 }
3475 if (release_lock) {
3476 qemu_mutex_unlock_iothread();
3477 }
3478 rcu_read_unlock();
3479 }
3480
3481 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3482 MemTxAttrs attrs, MemTxResult *result)
3483 {
3484 address_space_stw_internal(as, addr, val, attrs, result,
3485 DEVICE_NATIVE_ENDIAN);
3486 }
3487
3488 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3489 MemTxAttrs attrs, MemTxResult *result)
3490 {
3491 address_space_stw_internal(as, addr, val, attrs, result,
3492 DEVICE_LITTLE_ENDIAN);
3493 }
3494
3495 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3496 MemTxAttrs attrs, MemTxResult *result)
3497 {
3498 address_space_stw_internal(as, addr, val, attrs, result,
3499 DEVICE_BIG_ENDIAN);
3500 }
3501
3502 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3503 {
3504 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3505 }
3506
3507 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3508 {
3509 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3510 }
3511
3512 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3513 {
3514 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3515 }
3516
3517 /* XXX: optimize */
3518 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3519 MemTxAttrs attrs, MemTxResult *result)
3520 {
3521 MemTxResult r;
3522 val = tswap64(val);
3523 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3524 if (result) {
3525 *result = r;
3526 }
3527 }
3528
3529 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3530 MemTxAttrs attrs, MemTxResult *result)
3531 {
3532 MemTxResult r;
3533 val = cpu_to_le64(val);
3534 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3535 if (result) {
3536 *result = r;
3537 }
3538 }
3539 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3540 MemTxAttrs attrs, MemTxResult *result)
3541 {
3542 MemTxResult r;
3543 val = cpu_to_be64(val);
3544 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3545 if (result) {
3546 *result = r;
3547 }
3548 }
3549
3550 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3551 {
3552 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3553 }
3554
3555 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3556 {
3557 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3558 }
3559
3560 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3561 {
3562 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3563 }
3564
3565 /* virtual memory access for debug (includes writing to ROM) */
3566 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3567 uint8_t *buf, int len, int is_write)
3568 {
3569 int l;
3570 hwaddr phys_addr;
3571 target_ulong page;
3572
3573 while (len > 0) {
3574 page = addr & TARGET_PAGE_MASK;
3575 phys_addr = cpu_get_phys_page_debug(cpu, page);
3576 /* if no physical page mapped, return an error */
3577 if (phys_addr == -1)
3578 return -1;
3579 l = (page + TARGET_PAGE_SIZE) - addr;
3580 if (l > len)
3581 l = len;
3582 phys_addr += (addr & ~TARGET_PAGE_MASK);
3583 if (is_write) {
3584 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3585 } else {
3586 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3587 buf, l, 0);
3588 }
3589 len -= l;
3590 buf += l;
3591 addr += l;
3592 }
3593 return 0;
3594 }
3595
3596 /*
3597 * Allows code that needs to deal with migration bitmaps etc to still be built
3598 * target independent.
3599 */
3600 size_t qemu_target_page_bits(void)
3601 {
3602 return TARGET_PAGE_BITS;
3603 }
3604
3605 #endif
3606
3607 /*
3608 * A helper function for the _utterly broken_ virtio device model to find out if
3609 * it's running on a big endian machine. Don't do this at home kids!
3610 */
3611 bool target_words_bigendian(void);
3612 bool target_words_bigendian(void)
3613 {
3614 #if defined(TARGET_WORDS_BIGENDIAN)
3615 return true;
3616 #else
3617 return false;
3618 #endif
3619 }
3620
3621 #ifndef CONFIG_USER_ONLY
3622 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3623 {
3624 MemoryRegion*mr;
3625 hwaddr l = 1;
3626 bool res;
3627
3628 rcu_read_lock();
3629 mr = address_space_translate(&address_space_memory,
3630 phys_addr, &phys_addr, &l, false);
3631
3632 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3633 rcu_read_unlock();
3634 return res;
3635 }
3636
3637 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3638 {
3639 RAMBlock *block;
3640 int ret = 0;
3641
3642 rcu_read_lock();
3643 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3644 ret = func(block->idstr, block->host, block->offset,
3645 block->used_length, opaque);
3646 if (ret) {
3647 break;
3648 }
3649 }
3650 rcu_read_unlock();
3651 return ret;
3652 }
3653 #endif
AR7 emulation for QEMU