search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'qemu/master'
[qemu/ar7.git] / exec.c
blobd2dbc14513bee371d21f3134a1277b0e39745d0b
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #include "hw/qdev.h"
30 #include "qemu/osdep.h"
31 #include "sysemu/kvm.h"
32 #include "sysemu/sysemu.h"
33 #include "hw/xen/xen.h"
34 #include "qemu/timer.h"
35 #include "qemu/config-file.h"
36 #include "qemu/error-report.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
41 #include <qemu.h>
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
44 #include "trace.h"
45 #endif
46 #include "exec/cpu-all.h"
47
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
50
51 #include "exec/memory-internal.h"
52 #include "exec/ram_addr.h"
53
54 #include "qemu/range.h"
55
56 //#define DEBUG_SUBPAGE
57
58 #if !defined(CONFIG_USER_ONLY)
59 static bool in_migration;
60
61 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
62
63 static MemoryRegion *system_memory;
64 static MemoryRegion *system_io;
65
66 AddressSpace address_space_io;
67 AddressSpace address_space_memory;
68
69 MemoryRegion io_mem_rom, io_mem_notdirty;
70 static MemoryRegion io_mem_unassigned;
71
72 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
73 #define RAM_PREALLOC (1 << 0)
74
75 /* RAM is mmap-ed with MAP_SHARED */
76 #define RAM_SHARED (1 << 1)
77
78 #endif
79
80 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
81 /* current CPU in the current thread. It is only valid inside
82 cpu_exec() */
83 DEFINE_TLS(CPUState *, current_cpu);
84 /* 0 = Do not count executed instructions.
85 1 = Precise instruction counting.
86 2 = Adaptive rate instruction counting. */
87 int use_icount;
88
89 #if !defined(CONFIG_USER_ONLY)
90
91 typedef struct PhysPageEntry PhysPageEntry;
92
93 struct PhysPageEntry {
94 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
95 uint32_t skip : 6;
96 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
97 uint32_t ptr : 26;
98 };
99
100 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
101
102 /* Size of the L2 (and L3, etc) page tables. */
103 #define ADDR_SPACE_BITS 64
104
105 #define P_L2_BITS 9
106 #define P_L2_SIZE (1 << P_L2_BITS)
107
108 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
109
110 typedef PhysPageEntry Node[P_L2_SIZE];
111
112 typedef struct PhysPageMap {
113 unsigned sections_nb;
114 unsigned sections_nb_alloc;
115 unsigned nodes_nb;
116 unsigned nodes_nb_alloc;
117 Node *nodes;
118 MemoryRegionSection *sections;
119 } PhysPageMap;
120
121 struct AddressSpaceDispatch {
122 /* This is a multi-level map on the physical address space.
123 * The bottom level has pointers to MemoryRegionSections.
124 */
125 PhysPageEntry phys_map;
126 PhysPageMap map;
127 AddressSpace *as;
128 };
129
130 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
131 typedef struct subpage_t {
132 MemoryRegion iomem;
133 AddressSpace *as;
134 hwaddr base;
135 uint16_t sub_section[TARGET_PAGE_SIZE];
136 } subpage_t;
137
138 #define PHYS_SECTION_UNASSIGNED 0
139 #define PHYS_SECTION_NOTDIRTY 1
140 #define PHYS_SECTION_ROM 2
141 #define PHYS_SECTION_WATCH 3
142
143 static void io_mem_init(void);
144 static void memory_map_init(void);
145 static void tcg_commit(MemoryListener *listener);
146
147 static MemoryRegion io_mem_watch;
148 #endif
149
150 #if !defined(CONFIG_USER_ONLY)
151
152 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
153 {
154 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
155 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
156 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
157 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
158 }
159 }
160
161 static uint32_t phys_map_node_alloc(PhysPageMap *map)
162 {
163 unsigned i;
164 uint32_t ret;
165
166 ret = map->nodes_nb++;
167 assert(ret != PHYS_MAP_NODE_NIL);
168 assert(ret != map->nodes_nb_alloc);
169 for (i = 0; i < P_L2_SIZE; ++i) {
170 map->nodes[ret][i].skip = 1;
171 map->nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
172 }
173 return ret;
174 }
175
176 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
177 hwaddr *index, hwaddr *nb, uint16_t leaf,
178 int level)
179 {
180 PhysPageEntry *p;
181 int i;
182 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
183
184 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
185 lp->ptr = phys_map_node_alloc(map);
186 p = map->nodes[lp->ptr];
187 if (level == 0) {
188 for (i = 0; i < P_L2_SIZE; i++) {
189 p[i].skip = 0;
190 p[i].ptr = PHYS_SECTION_UNASSIGNED;
191 }
192 }
193 } else {
194 p = map->nodes[lp->ptr];
195 }
196 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
197
198 while (*nb && lp < &p[P_L2_SIZE]) {
199 if ((*index & (step - 1)) == 0 && *nb >= step) {
200 lp->skip = 0;
201 lp->ptr = leaf;
202 *index += step;
203 *nb -= step;
204 } else {
205 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
206 }
207 ++lp;
208 }
209 }
210
211 static void phys_page_set(AddressSpaceDispatch *d,
212 hwaddr index, hwaddr nb,
213 uint16_t leaf)
214 {
215 /* Wildly overreserve - it doesn't matter much. */
216 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
217
218 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
219 }
220
221 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
222 * and update our entry so we can skip it and go directly to the destination.
223 */
224 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
225 {
226 unsigned valid_ptr = P_L2_SIZE;
227 int valid = 0;
228 PhysPageEntry *p;
229 int i;
230
231 if (lp->ptr == PHYS_MAP_NODE_NIL) {
232 return;
233 }
234
235 p = nodes[lp->ptr];
236 for (i = 0; i < P_L2_SIZE; i++) {
237 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
238 continue;
239 }
240
241 valid_ptr = i;
242 valid++;
243 if (p[i].skip) {
244 phys_page_compact(&p[i], nodes, compacted);
245 }
246 }
247
248 /* We can only compress if there's only one child. */
249 if (valid != 1) {
250 return;
251 }
252
253 assert(valid_ptr < P_L2_SIZE);
254
255 /* Don't compress if it won't fit in the # of bits we have. */
256 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
257 return;
258 }
259
260 lp->ptr = p[valid_ptr].ptr;
261 if (!p[valid_ptr].skip) {
262 /* If our only child is a leaf, make this a leaf. */
263 /* By design, we should have made this node a leaf to begin with so we
264 * should never reach here.
265 * But since it's so simple to handle this, let's do it just in case we
266 * change this rule.
267 */
268 lp->skip = 0;
269 } else {
270 lp->skip += p[valid_ptr].skip;
271 }
272 }
273
274 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
275 {
276 DECLARE_BITMAP(compacted, nodes_nb);
277
278 if (d->phys_map.skip) {
279 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
280 }
281 }
282
283 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
284 Node *nodes, MemoryRegionSection *sections)
285 {
286 PhysPageEntry *p;
287 hwaddr index = addr >> TARGET_PAGE_BITS;
288 int i;
289
290 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
291 if (lp.ptr == PHYS_MAP_NODE_NIL) {
292 return &sections[PHYS_SECTION_UNASSIGNED];
293 }
294 p = nodes[lp.ptr];
295 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
296 }
297
298 if (sections[lp.ptr].size.hi ||
299 range_covers_byte(sections[lp.ptr].offset_within_address_space,
300 sections[lp.ptr].size.lo, addr)) {
301 return &sections[lp.ptr];
302 } else {
303 return &sections[PHYS_SECTION_UNASSIGNED];
304 }
305 }
306
307 bool memory_region_is_unassigned(MemoryRegion *mr)
308 {
309 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
310 && mr != &io_mem_watch;
311 }
312
313 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
314 hwaddr addr,
315 bool resolve_subpage)
316 {
317 MemoryRegionSection *section;
318 subpage_t *subpage;
319
320 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
321 if (resolve_subpage && section->mr->subpage) {
322 subpage = container_of(section->mr, subpage_t, iomem);
323 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
324 }
325 return section;
326 }
327
328 static MemoryRegionSection *
329 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
330 hwaddr *plen, bool resolve_subpage)
331 {
332 MemoryRegionSection *section;
333 Int128 diff;
334
335 section = address_space_lookup_region(d, addr, resolve_subpage);
336 /* Compute offset within MemoryRegionSection */
337 addr -= section->offset_within_address_space;
338
339 /* Compute offset within MemoryRegion */
340 *xlat = addr + section->offset_within_region;
341
342 diff = int128_sub(section->mr->size, int128_make64(addr));
343 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
344 return section;
345 }
346
347 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
348 {
349 if (memory_region_is_ram(mr)) {
350 return !(is_write && mr->readonly);
351 }
352 if (memory_region_is_romd(mr)) {
353 return !is_write;
354 }
355
356 return false;
357 }
358
359 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
360 hwaddr *xlat, hwaddr *plen,
361 bool is_write)
362 {
363 IOMMUTLBEntry iotlb;
364 MemoryRegionSection *section;
365 MemoryRegion *mr;
366 hwaddr len = *plen;
367
368 for (;;) {
369 section = address_space_translate_internal(as->dispatch, addr, &addr, plen, true);
370 mr = section->mr;
371
372 if (!mr->iommu_ops) {
373 break;
374 }
375
376 iotlb = mr->iommu_ops->translate(mr, addr);
377 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
378 | (addr & iotlb.addr_mask));
379 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
380 if (!(iotlb.perm & (1 << is_write))) {
381 mr = &io_mem_unassigned;
382 break;
383 }
384
385 as = iotlb.target_as;
386 }
387
388 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
389 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
390 len = MIN(page, len);
391 }
392
393 *plen = len;
394 *xlat = addr;
395 return mr;
396 }
397
398 MemoryRegionSection *
399 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
400 hwaddr *plen)
401 {
402 MemoryRegionSection *section;
403 section = address_space_translate_internal(as->dispatch, addr, xlat, plen, false);
404
405 assert(!section->mr->iommu_ops);
406 return section;
407 }
408 #endif
409
410 void cpu_exec_init_all(void)
411 {
412 #if !defined(CONFIG_USER_ONLY)
413 qemu_mutex_init(&ram_list.mutex);
414 memory_map_init();
415 io_mem_init();
416 #endif
417 }
418
419 #if !defined(CONFIG_USER_ONLY)
420
421 static int cpu_common_post_load(void *opaque, int version_id)
422 {
423 CPUState *cpu = opaque;
424
425 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
426 version_id is increased. */
427 cpu->interrupt_request &= ~0x01;
428 tlb_flush(cpu, 1);
429
430 return 0;
431 }
432
433 const VMStateDescription vmstate_cpu_common = {
434 .name = "cpu_common",
435 .version_id = 1,
436 .minimum_version_id = 1,
437 .post_load = cpu_common_post_load,
438 .fields = (VMStateField[]) {
439 VMSTATE_UINT32(halted, CPUState),
440 VMSTATE_UINT32(interrupt_request, CPUState),
441 VMSTATE_END_OF_LIST()
442 }
443 };
444
445 #endif
446
447 CPUState *qemu_get_cpu(int index)
448 {
449 CPUState *cpu;
450
451 CPU_FOREACH(cpu) {
452 if (cpu->cpu_index == index) {
453 return cpu;
454 }
455 }
456
457 return NULL;
458 }
459
460 #if !defined(CONFIG_USER_ONLY)
461 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
462 {
463 /* We only support one address space per cpu at the moment. */
464 assert(cpu->as == as);
465
466 if (cpu->tcg_as_listener) {
467 memory_listener_unregister(cpu->tcg_as_listener);
468 } else {
469 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
470 }
471 cpu->tcg_as_listener->commit = tcg_commit;
472 memory_listener_register(cpu->tcg_as_listener, as);
473 }
474 #endif
475
476 void cpu_exec_init(CPUArchState *env)
477 {
478 CPUState *cpu = ENV_GET_CPU(env);
479 CPUClass *cc = CPU_GET_CLASS(cpu);
480 CPUState *some_cpu;
481 int cpu_index;
482
483 #ifdef TARGET_WORDS_BIGENDIAN
484 cpu->bigendian = true;
485 #else
486 cpu->bigendian = false;
487 #endif
488
489 #if defined(CONFIG_USER_ONLY)
490 cpu_list_lock();
491 #endif
492 cpu_index = 0;
493 CPU_FOREACH(some_cpu) {
494 cpu_index++;
495 }
496 cpu->cpu_index = cpu_index;
497 cpu->numa_node = 0;
498 QTAILQ_INIT(&cpu->breakpoints);
499 QTAILQ_INIT(&cpu->watchpoints);
500 #ifndef CONFIG_USER_ONLY
501 cpu->as = &address_space_memory;
502 cpu->thread_id = qemu_get_thread_id();
503 #endif
504 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
505 #if defined(CONFIG_USER_ONLY)
506 cpu_list_unlock();
507 #endif
508 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
509 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
510 }
511 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
512 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
513 cpu_save, cpu_load, env);
514 assert(cc->vmsd == NULL);
515 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
516 #endif
517 if (cc->vmsd != NULL) {
518 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
519 }
520 }
521
522 #if defined(TARGET_HAS_ICE)
523 #if defined(CONFIG_USER_ONLY)
524 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
525 {
526 tb_invalidate_phys_page_range(pc, pc + 1, 0);
527 }
528 #else
529 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
530 {
531 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
532 if (phys != -1) {
533 tb_invalidate_phys_addr(cpu->as,
534 phys | (pc & ~TARGET_PAGE_MASK));
535 }
536 }
537 #endif
538 #endif /* TARGET_HAS_ICE */
539
540 #if defined(CONFIG_USER_ONLY)
541 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
542
543 {
544 }
545
546 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
547 int flags, CPUWatchpoint **watchpoint)
548 {
549 return -ENOSYS;
550 }
551 #else
552 /* Add a watchpoint. */
553 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
554 int flags, CPUWatchpoint **watchpoint)
555 {
556 vaddr len_mask = ~(len - 1);
557 CPUWatchpoint *wp;
558
559 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
560 if ((len & (len - 1)) || (addr & ~len_mask) ||
561 len == 0 || len > TARGET_PAGE_SIZE) {
562 error_report("tried to set invalid watchpoint at %"
563 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
564 return -EINVAL;
565 }
566 wp = g_malloc(sizeof(*wp));
567
568 wp->vaddr = addr;
569 wp->len_mask = len_mask;
570 wp->flags = flags;
571
572 /* keep all GDB-injected watchpoints in front */
573 if (flags & BP_GDB) {
574 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
575 } else {
576 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
577 }
578
579 tlb_flush_page(cpu, addr);
580
581 if (watchpoint)
582 *watchpoint = wp;
583 return 0;
584 }
585
586 /* Remove a specific watchpoint. */
587 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
588 int flags)
589 {
590 vaddr len_mask = ~(len - 1);
591 CPUWatchpoint *wp;
592
593 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
594 if (addr == wp->vaddr && len_mask == wp->len_mask
595 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
596 cpu_watchpoint_remove_by_ref(cpu, wp);
597 return 0;
598 }
599 }
600 return -ENOENT;
601 }
602
603 /* Remove a specific watchpoint by reference. */
604 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
605 {
606 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
607
608 tlb_flush_page(cpu, watchpoint->vaddr);
609
610 g_free(watchpoint);
611 }
612
613 /* Remove all matching watchpoints. */
614 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
615 {
616 CPUWatchpoint *wp, *next;
617
618 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
619 if (wp->flags & mask) {
620 cpu_watchpoint_remove_by_ref(cpu, wp);
621 }
622 }
623 }
624 #endif
625
626 /* Add a breakpoint. */
627 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
628 CPUBreakpoint **breakpoint)
629 {
630 #if defined(TARGET_HAS_ICE)
631 CPUBreakpoint *bp;
632
633 bp = g_malloc(sizeof(*bp));
634
635 bp->pc = pc;
636 bp->flags = flags;
637
638 /* keep all GDB-injected breakpoints in front */
639 if (flags & BP_GDB) {
640 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
641 } else {
642 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
643 }
644
645 breakpoint_invalidate(cpu, pc);
646
647 if (breakpoint) {
648 *breakpoint = bp;
649 }
650 return 0;
651 #else
652 return -ENOSYS;
653 #endif
654 }
655
656 /* Remove a specific breakpoint. */
657 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
658 {
659 #if defined(TARGET_HAS_ICE)
660 CPUBreakpoint *bp;
661
662 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
663 if (bp->pc == pc && bp->flags == flags) {
664 cpu_breakpoint_remove_by_ref(cpu, bp);
665 return 0;
666 }
667 }
668 return -ENOENT;
669 #else
670 return -ENOSYS;
671 #endif
672 }
673
674 /* Remove a specific breakpoint by reference. */
675 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
676 {
677 #if defined(TARGET_HAS_ICE)
678 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
679
680 breakpoint_invalidate(cpu, breakpoint->pc);
681
682 g_free(breakpoint);
683 #endif
684 }
685
686 /* Remove all matching breakpoints. */
687 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
688 {
689 #if defined(TARGET_HAS_ICE)
690 CPUBreakpoint *bp, *next;
691
692 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
693 if (bp->flags & mask) {
694 cpu_breakpoint_remove_by_ref(cpu, bp);
695 }
696 }
697 #endif
698 }
699
700 /* enable or disable single step mode. EXCP_DEBUG is returned by the
701 CPU loop after each instruction */
702 void cpu_single_step(CPUState *cpu, int enabled)
703 {
704 #if defined(TARGET_HAS_ICE)
705 if (cpu->singlestep_enabled != enabled) {
706 cpu->singlestep_enabled = enabled;
707 if (kvm_enabled()) {
708 kvm_update_guest_debug(cpu, 0);
709 } else {
710 /* must flush all the translated code to avoid inconsistencies */
711 /* XXX: only flush what is necessary */
712 CPUArchState *env = cpu->env_ptr;
713 tb_flush(env);
714 }
715 }
716 #endif
717 }
718
719 void QEMU_NORETURN cpu_abort(CPUState *cpu, const char *fmt, ...)
720 {
721 va_list ap;
722 va_list ap2;
723
724 va_start(ap, fmt);
725 va_copy(ap2, ap);
726 fprintf(stderr, "qemu: fatal: ");
727 vfprintf(stderr, fmt, ap);
728 fprintf(stderr, "\n");
729 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
730 if (qemu_log_enabled()) {
731 qemu_log("qemu: fatal: ");
732 qemu_log_vprintf(fmt, ap2);
733 qemu_log("\n");
734 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
735 qemu_log_flush();
736 qemu_log_close();
737 }
738 va_end(ap2);
739 va_end(ap);
740 #if defined(CONFIG_USER_ONLY)
741 {
742 struct sigaction act;
743 sigfillset(&act.sa_mask);
744 act.sa_handler = SIG_DFL;
745 sigaction(SIGABRT, &act, NULL);
746 }
747 #endif
748 abort();
749 }
750
751 #if !defined(CONFIG_USER_ONLY)
752 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
753 {
754 RAMBlock *block;
755
756 /* The list is protected by the iothread lock here. */
757 block = ram_list.mru_block;
758 if (block && addr - block->offset < block->length) {
759 goto found;
760 }
761 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
762 if (addr - block->offset < block->length) {
763 goto found;
764 }
765 }
766
767 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
768 abort();
769
770 found:
771 ram_list.mru_block = block;
772 return block;
773 }
774
775 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
776 {
777 ram_addr_t start1;
778 RAMBlock *block;
779 ram_addr_t end;
780
781 end = TARGET_PAGE_ALIGN(start + length);
782 start &= TARGET_PAGE_MASK;
783
784 block = qemu_get_ram_block(start);
785 assert(block == qemu_get_ram_block(end - 1));
786 start1 = (uintptr_t)block->host + (start - block->offset);
787 cpu_tlb_reset_dirty_all(start1, length);
788 }
789
790 /* Note: start and end must be within the same ram block. */
791 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t length,
792 unsigned client)
793 {
794 if (length == 0)
795 return;
796 cpu_physical_memory_clear_dirty_range(start, length, client);
797
798 if (tcg_enabled()) {
799 tlb_reset_dirty_range_all(start, length);
800 }
801 }
802
803 static void cpu_physical_memory_set_dirty_tracking(bool enable)
804 {
805 in_migration = enable;
806 }
807
808 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
809 MemoryRegionSection *section,
810 target_ulong vaddr,
811 hwaddr paddr, hwaddr xlat,
812 int prot,
813 target_ulong *address)
814 {
815 hwaddr iotlb;
816 CPUWatchpoint *wp;
817
818 if (memory_region_is_ram(section->mr)) {
819 /* Normal RAM. */
820 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
821 + xlat;
822 if (!section->readonly) {
823 iotlb |= PHYS_SECTION_NOTDIRTY;
824 } else {
825 iotlb |= PHYS_SECTION_ROM;
826 }
827 } else {
828 iotlb = section - section->address_space->dispatch->map.sections;
829 iotlb += xlat;
830 }
831
832 /* Make accesses to pages with watchpoints go via the
833 watchpoint trap routines. */
834 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
835 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
836 /* Avoid trapping reads of pages with a write breakpoint. */
837 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
838 iotlb = PHYS_SECTION_WATCH + paddr;
839 *address |= TLB_MMIO;
840 break;
841 }
842 }
843 }
844
845 return iotlb;
846 }
847 #endif /* defined(CONFIG_USER_ONLY) */
848
849 #if !defined(CONFIG_USER_ONLY)
850
851 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
852 uint16_t section);
853 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
854
855 static void *(*phys_mem_alloc)(size_t size) = qemu_anon_ram_alloc;
856
857 /*
858 * Set a custom physical guest memory alloator.
859 * Accelerators with unusual needs may need this. Hopefully, we can
860 * get rid of it eventually.
861 */
862 void phys_mem_set_alloc(void *(*alloc)(size_t))
863 {
864 phys_mem_alloc = alloc;
865 }
866
867 static uint16_t phys_section_add(PhysPageMap *map,
868 MemoryRegionSection *section)
869 {
870 /* The physical section number is ORed with a page-aligned
871 * pointer to produce the iotlb entries. Thus it should
872 * never overflow into the page-aligned value.
873 */
874 assert(map->sections_nb < TARGET_PAGE_SIZE);
875
876 if (map->sections_nb == map->sections_nb_alloc) {
877 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
878 map->sections = g_renew(MemoryRegionSection, map->sections,
879 map->sections_nb_alloc);
880 }
881 map->sections[map->sections_nb] = *section;
882 memory_region_ref(section->mr);
883 return map->sections_nb++;
884 }
885
886 static void phys_section_destroy(MemoryRegion *mr)
887 {
888 memory_region_unref(mr);
889
890 if (mr->subpage) {
891 subpage_t *subpage = container_of(mr, subpage_t, iomem);
892 object_unref(OBJECT(&subpage->iomem));
893 g_free(subpage);
894 }
895 }
896
897 static void phys_sections_free(PhysPageMap *map)
898 {
899 while (map->sections_nb > 0) {
900 MemoryRegionSection *section = &map->sections[--map->sections_nb];
901 phys_section_destroy(section->mr);
902 }
903 g_free(map->sections);
904 g_free(map->nodes);
905 }
906
907 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
908 {
909 subpage_t *subpage;
910 hwaddr base = section->offset_within_address_space
911 & TARGET_PAGE_MASK;
912 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
913 d->map.nodes, d->map.sections);
914 MemoryRegionSection subsection = {
915 .offset_within_address_space = base,
916 .size = int128_make64(TARGET_PAGE_SIZE),
917 };
918 hwaddr start, end;
919
920 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
921
922 if (!(existing->mr->subpage)) {
923 subpage = subpage_init(d->as, base);
924 subsection.address_space = d->as;
925 subsection.mr = &subpage->iomem;
926 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
927 phys_section_add(&d->map, &subsection));
928 } else {
929 subpage = container_of(existing->mr, subpage_t, iomem);
930 }
931 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
932 end = start + int128_get64(section->size) - 1;
933 subpage_register(subpage, start, end,
934 phys_section_add(&d->map, section));
935 }
936
937
938 static void register_multipage(AddressSpaceDispatch *d,
939 MemoryRegionSection *section)
940 {
941 hwaddr start_addr = section->offset_within_address_space;
942 uint16_t section_index = phys_section_add(&d->map, section);
943 uint64_t num_pages = int128_get64(int128_rshift(section->size,
944 TARGET_PAGE_BITS));
945
946 assert(num_pages);
947 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
948 }
949
950 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
951 {
952 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
953 AddressSpaceDispatch *d = as->next_dispatch;
954 MemoryRegionSection now = *section, remain = *section;
955 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
956
957 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
958 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
959 - now.offset_within_address_space;
960
961 now.size = int128_min(int128_make64(left), now.size);
962 register_subpage(d, &now);
963 } else {
964 now.size = int128_zero();
965 }
966 while (int128_ne(remain.size, now.size)) {
967 remain.size = int128_sub(remain.size, now.size);
968 remain.offset_within_address_space += int128_get64(now.size);
969 remain.offset_within_region += int128_get64(now.size);
970 now = remain;
971 if (int128_lt(remain.size, page_size)) {
972 register_subpage(d, &now);
973 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
974 now.size = page_size;
975 register_subpage(d, &now);
976 } else {
977 now.size = int128_and(now.size, int128_neg(page_size));
978 register_multipage(d, &now);
979 }
980 }
981 }
982
983 void qemu_flush_coalesced_mmio_buffer(void)
984 {
985 if (kvm_enabled())
986 kvm_flush_coalesced_mmio_buffer();
987 }
988
989 void qemu_mutex_lock_ramlist(void)
990 {
991 qemu_mutex_lock(&ram_list.mutex);
992 }
993
994 void qemu_mutex_unlock_ramlist(void)
995 {
996 qemu_mutex_unlock(&ram_list.mutex);
997 }
998
999 #ifdef __linux__
1000
1001 #include <sys/vfs.h>
1002
1003 #define HUGETLBFS_MAGIC 0x958458f6
1004
1005 static long gethugepagesize(const char *path)
1006 {
1007 struct statfs fs;
1008 int ret;
1009
1010 do {
1011 ret = statfs(path, &fs);
1012 } while (ret != 0 && errno == EINTR);
1013
1014 if (ret != 0) {
1015 perror(path);
1016 return 0;
1017 }
1018
1019 if (fs.f_type != HUGETLBFS_MAGIC)
1020 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1021
1022 return fs.f_bsize;
1023 }
1024
1025 static void *file_ram_alloc(RAMBlock *block,
1026 ram_addr_t memory,
1027 const char *path,
1028 Error **errp)
1029 {
1030 char *filename;
1031 char *sanitized_name;
1032 char *c;
1033 void * volatile area;
1034 int fd;
1035 uintptr_t hpagesize;
1036
1037 hpagesize = gethugepagesize(path);
1038 if (!hpagesize) {
1039 goto error;
1040 }
1041
1042 if (memory < hpagesize) {
1043 return NULL;
1044 }
1045
1046 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1047 error_setg(errp,
1048 "host lacks kvm mmu notifiers, -mem-path unsupported");
1049 goto error;
1050 }
1051
1052 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1053 sanitized_name = g_strdup(block->mr->name);
1054 for (c = sanitized_name; *c != '\0'; c++) {
1055 if (*c == '/')
1056 *c = '_';
1057 }
1058
1059 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1060 sanitized_name);
1061 g_free(sanitized_name);
1062
1063 fd = mkstemp(filename);
1064 if (fd < 0) {
1065 error_setg_errno(errp, errno,
1066 "unable to create backing store for hugepages");
1067 g_free(filename);
1068 goto error;
1069 }
1070 unlink(filename);
1071 g_free(filename);
1072
1073 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1074
1075 /*
1076 * ftruncate is not supported by hugetlbfs in older
1077 * hosts, so don't bother bailing out on errors.
1078 * If anything goes wrong with it under other filesystems,
1079 * mmap will fail.
1080 */
1081 if (ftruncate(fd, memory)) {
1082 perror("ftruncate");
1083 }
1084
1085 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1086 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1087 fd, 0);
1088 if (area == MAP_FAILED) {
1089 error_setg_errno(errp, errno,
1090 "unable to map backing store for hugepages");
1091 close(fd);
1092 goto error;
1093 }
1094
1095 if (mem_prealloc) {
1096 os_mem_prealloc(fd, area, memory);
1097 }
1098
1099 block->fd = fd;
1100 return area;
1101
1102 error:
1103 if (mem_prealloc) {
1104 exit(1);
1105 }
1106 return NULL;
1107 }
1108 #endif
1109
1110 static ram_addr_t find_ram_offset(ram_addr_t size)
1111 {
1112 RAMBlock *block, *next_block;
1113 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1114
1115 assert(size != 0); /* it would hand out same offset multiple times */
1116
1117 if (QTAILQ_EMPTY(&ram_list.blocks))
1118 return 0;
1119
1120 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1121 ram_addr_t end, next = RAM_ADDR_MAX;
1122
1123 end = block->offset + block->length;
1124
1125 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1126 if (next_block->offset >= end) {
1127 next = MIN(next, next_block->offset);
1128 }
1129 }
1130 if (next - end >= size && next - end < mingap) {
1131 offset = end;
1132 mingap = next - end;
1133 }
1134 }
1135
1136 if (offset == RAM_ADDR_MAX) {
1137 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1138 (uint64_t)size);
1139 abort();
1140 }
1141
1142 return offset;
1143 }
1144
1145 ram_addr_t last_ram_offset(void)
1146 {
1147 RAMBlock *block;
1148 ram_addr_t last = 0;
1149
1150 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1151 last = MAX(last, block->offset + block->length);
1152
1153 return last;
1154 }
1155
1156 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1157 {
1158 int ret;
1159
1160 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1161 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1162 "dump-guest-core", true)) {
1163 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1164 if (ret) {
1165 perror("qemu_madvise");
1166 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1167 "but dump_guest_core=off specified\n");
1168 }
1169 }
1170 }
1171
1172 static RAMBlock *find_ram_block(ram_addr_t addr)
1173 {
1174 RAMBlock *block;
1175
1176 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1177 if (block->offset == addr) {
1178 return block;
1179 }
1180 }
1181
1182 return NULL;
1183 }
1184
1185 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1186 {
1187 RAMBlock *new_block = find_ram_block(addr);
1188 RAMBlock *block;
1189
1190 assert(new_block);
1191 assert(!new_block->idstr[0]);
1192
1193 if (dev) {
1194 char *id = qdev_get_dev_path(dev);
1195 if (id) {
1196 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1197 g_free(id);
1198 }
1199 }
1200 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1201
1202 /* This assumes the iothread lock is taken here too. */
1203 qemu_mutex_lock_ramlist();
1204 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1205 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1206 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1207 new_block->idstr);
1208 abort();
1209 }
1210 }
1211 qemu_mutex_unlock_ramlist();
1212 }
1213
1214 void qemu_ram_unset_idstr(ram_addr_t addr)
1215 {
1216 RAMBlock *block = find_ram_block(addr);
1217
1218 if (block) {
1219 memset(block->idstr, 0, sizeof(block->idstr));
1220 }
1221 }
1222
1223 static int memory_try_enable_merging(void *addr, size_t len)
1224 {
1225 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
1226 /* disabled by the user */
1227 return 0;
1228 }
1229
1230 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1231 }
1232
1233 static ram_addr_t ram_block_add(RAMBlock *new_block)
1234 {
1235 RAMBlock *block;
1236 ram_addr_t old_ram_size, new_ram_size;
1237
1238 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1239
1240 /* This assumes the iothread lock is taken here too. */
1241 qemu_mutex_lock_ramlist();
1242 new_block->offset = find_ram_offset(new_block->length);
1243
1244 if (!new_block->host) {
1245 if (xen_enabled()) {
1246 xen_ram_alloc(new_block->offset, new_block->length, new_block->mr);
1247 } else {
1248 new_block->host = phys_mem_alloc(new_block->length);
1249 if (!new_block->host) {
1250 fprintf(stderr, "Cannot set up guest memory '%s': %s\n",
1251 new_block->mr->name, strerror(errno));
1252 exit(1);
1253 }
1254 memory_try_enable_merging(new_block->host, new_block->length);
1255 }
1256 }
1257
1258 /* Keep the list sorted from biggest to smallest block. */
1259 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1260 if (block->length < new_block->length) {
1261 break;
1262 }
1263 }
1264 if (block) {
1265 QTAILQ_INSERT_BEFORE(block, new_block, next);
1266 } else {
1267 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1268 }
1269 ram_list.mru_block = NULL;
1270
1271 ram_list.version++;
1272 qemu_mutex_unlock_ramlist();
1273
1274 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1275
1276 if (new_ram_size > old_ram_size) {
1277 int i;
1278 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1279 ram_list.dirty_memory[i] =
1280 bitmap_zero_extend(ram_list.dirty_memory[i],
1281 old_ram_size, new_ram_size);
1282 }
1283 }
1284 cpu_physical_memory_set_dirty_range(new_block->offset, new_block->length);
1285
1286 qemu_ram_setup_dump(new_block->host, new_block->length);
1287 qemu_madvise(new_block->host, new_block->length, QEMU_MADV_HUGEPAGE);
1288 qemu_madvise(new_block->host, new_block->length, QEMU_MADV_DONTFORK);
1289
1290 if (kvm_enabled()) {
1291 kvm_setup_guest_memory(new_block->host, new_block->length);
1292 }
1293
1294 return new_block->offset;
1295 }
1296
1297 #ifdef __linux__
1298 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1299 bool share, const char *mem_path,
1300 Error **errp)
1301 {
1302 RAMBlock *new_block;
1303
1304 if (xen_enabled()) {
1305 error_setg(errp, "-mem-path not supported with Xen");
1306 return -1;
1307 }
1308
1309 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1310 /*
1311 * file_ram_alloc() needs to allocate just like
1312 * phys_mem_alloc, but we haven't bothered to provide
1313 * a hook there.
1314 */
1315 error_setg(errp,
1316 "-mem-path not supported with this accelerator");
1317 return -1;
1318 }
1319
1320 size = TARGET_PAGE_ALIGN(size);
1321 new_block = g_malloc0(sizeof(*new_block));
1322 new_block->mr = mr;
1323 new_block->length = size;
1324 new_block->flags = share ? RAM_SHARED : 0;
1325 new_block->host = file_ram_alloc(new_block, size,
1326 mem_path, errp);
1327 if (!new_block->host) {
1328 g_free(new_block);
1329 return -1;
1330 }
1331
1332 return ram_block_add(new_block);
1333 }
1334 #endif
1335
1336 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1337 MemoryRegion *mr)
1338 {
1339 RAMBlock *new_block;
1340
1341 size = TARGET_PAGE_ALIGN(size);
1342 new_block = g_malloc0(sizeof(*new_block));
1343 new_block->mr = mr;
1344 new_block->length = size;
1345 new_block->fd = -1;
1346 new_block->host = host;
1347 if (host) {
1348 new_block->flags |= RAM_PREALLOC;
1349 }
1350 return ram_block_add(new_block);
1351 }
1352
1353 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1354 {
1355 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1356 }
1357
1358 void qemu_ram_free_from_ptr(ram_addr_t addr)
1359 {
1360 RAMBlock *block;
1361
1362 /* This assumes the iothread lock is taken here too. */
1363 qemu_mutex_lock_ramlist();
1364 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1365 if (addr == block->offset) {
1366 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1367 ram_list.mru_block = NULL;
1368 ram_list.version++;
1369 g_free(block);
1370 break;
1371 }
1372 }
1373 qemu_mutex_unlock_ramlist();
1374 }
1375
1376 void qemu_ram_free(ram_addr_t addr)
1377 {
1378 RAMBlock *block;
1379
1380 /* This assumes the iothread lock is taken here too. */
1381 qemu_mutex_lock_ramlist();
1382 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1383 if (addr == block->offset) {
1384 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1385 ram_list.mru_block = NULL;
1386 ram_list.version++;
1387 if (block->flags & RAM_PREALLOC) {
1388 ;
1389 } else if (xen_enabled()) {
1390 xen_invalidate_map_cache_entry(block->host);
1391 #ifndef _WIN32
1392 } else if (block->fd >= 0) {
1393 munmap(block->host, block->length);
1394 close(block->fd);
1395 #endif
1396 } else {
1397 qemu_anon_ram_free(block->host, block->length);
1398 }
1399 g_free(block);
1400 break;
1401 }
1402 }
1403 qemu_mutex_unlock_ramlist();
1404
1405 }
1406
1407 #ifndef _WIN32
1408 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1409 {
1410 RAMBlock *block;
1411 ram_addr_t offset;
1412 int flags;
1413 void *area, *vaddr;
1414
1415 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1416 offset = addr - block->offset;
1417 if (offset < block->length) {
1418 vaddr = block->host + offset;
1419 if (block->flags & RAM_PREALLOC) {
1420 ;
1421 } else if (xen_enabled()) {
1422 abort();
1423 } else {
1424 flags = MAP_FIXED;
1425 munmap(vaddr, length);
1426 if (block->fd >= 0) {
1427 flags |= (block->flags & RAM_SHARED ?
1428 MAP_SHARED : MAP_PRIVATE);
1429 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1430 flags, block->fd, offset);
1431 } else {
1432 /*
1433 * Remap needs to match alloc. Accelerators that
1434 * set phys_mem_alloc never remap. If they did,
1435 * we'd need a remap hook here.
1436 */
1437 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1438
1439 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1440 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1441 flags, -1, 0);
1442 }
1443 if (area != vaddr) {
1444 fprintf(stderr, "Could not remap addr: "
1445 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1446 length, addr);
1447 exit(1);
1448 }
1449 memory_try_enable_merging(vaddr, length);
1450 qemu_ram_setup_dump(vaddr, length);
1451 }
1452 return;
1453 }
1454 }
1455 }
1456 #endif /* !_WIN32 */
1457
1458 int qemu_get_ram_fd(ram_addr_t addr)
1459 {
1460 RAMBlock *block = qemu_get_ram_block(addr);
1461
1462 return block->fd;
1463 }
1464
1465 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1466 {
1467 RAMBlock *block = qemu_get_ram_block(addr);
1468
1469 return block->host;
1470 }
1471
1472 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1473 With the exception of the softmmu code in this file, this should
1474 only be used for local memory (e.g. video ram) that the device owns,
1475 and knows it isn't going to access beyond the end of the block.
1476
1477 It should not be used for general purpose DMA.
1478 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1479 */
1480 void *qemu_get_ram_ptr(ram_addr_t addr)
1481 {
1482 RAMBlock *block = qemu_get_ram_block(addr);
1483
1484 if (xen_enabled()) {
1485 /* We need to check if the requested address is in the RAM
1486 * because we don't want to map the entire memory in QEMU.
1487 * In that case just map until the end of the page.
1488 */
1489 if (block->offset == 0) {
1490 return xen_map_cache(addr, 0, 0);
1491 } else if (block->host == NULL) {
1492 block->host =
1493 xen_map_cache(block->offset, block->length, 1);
1494 }
1495 }
1496 return block->host + (addr - block->offset);
1497 }
1498
1499 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1500 * but takes a size argument */
1501 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1502 {
1503 if (*size == 0) {
1504 return NULL;
1505 }
1506 if (xen_enabled()) {
1507 return xen_map_cache(addr, *size, 1);
1508 } else {
1509 RAMBlock *block;
1510
1511 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1512 if (addr - block->offset < block->length) {
1513 if (addr - block->offset + *size > block->length)
1514 *size = block->length - addr + block->offset;
1515 return block->host + (addr - block->offset);
1516 }
1517 }
1518
1519 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1520 abort();
1521 }
1522 }
1523
1524 /* Some of the softmmu routines need to translate from a host pointer
1525 (typically a TLB entry) back to a ram offset. */
1526 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1527 {
1528 RAMBlock *block;
1529 uint8_t *host = ptr;
1530
1531 if (xen_enabled()) {
1532 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1533 return qemu_get_ram_block(*ram_addr)->mr;
1534 }
1535
1536 block = ram_list.mru_block;
1537 if (block && block->host && host - block->host < block->length) {
1538 goto found;
1539 }
1540
1541 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1542 /* This case append when the block is not mapped. */
1543 if (block->host == NULL) {
1544 continue;
1545 }
1546 if (host - block->host < block->length) {
1547 goto found;
1548 }
1549 }
1550
1551 return NULL;
1552
1553 found:
1554 *ram_addr = block->offset + (host - block->host);
1555 return block->mr;
1556 }
1557
1558 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1559 uint64_t val, unsigned size)
1560 {
1561 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1562 tb_invalidate_phys_page_fast(ram_addr, size);
1563 }
1564 switch (size) {
1565 case 1:
1566 stb_p(qemu_get_ram_ptr(ram_addr), val);
1567 break;
1568 case 2:
1569 stw_p(qemu_get_ram_ptr(ram_addr), val);
1570 break;
1571 case 4:
1572 stl_p(qemu_get_ram_ptr(ram_addr), val);
1573 break;
1574 default:
1575 abort();
1576 }
1577 cpu_physical_memory_set_dirty_range_nocode(ram_addr, size);
1578 /* we remove the notdirty callback only if the code has been
1579 flushed */
1580 if (!cpu_physical_memory_is_clean(ram_addr)) {
1581 CPUArchState *env = current_cpu->env_ptr;
1582 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1583 }
1584 }
1585
1586 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1587 unsigned size, bool is_write)
1588 {
1589 return is_write;
1590 }
1591
1592 static const MemoryRegionOps notdirty_mem_ops = {
1593 .write = notdirty_mem_write,
1594 .valid.accepts = notdirty_mem_accepts,
1595 .endianness = DEVICE_NATIVE_ENDIAN,
1596 };
1597
1598 /* Generate a debug exception if a watchpoint has been hit. */
1599 static void check_watchpoint(int offset, int len_mask, int flags)
1600 {
1601 CPUState *cpu = current_cpu;
1602 CPUArchState *env = cpu->env_ptr;
1603 target_ulong pc, cs_base;
1604 target_ulong vaddr;
1605 CPUWatchpoint *wp;
1606 int cpu_flags;
1607
1608 if (cpu->watchpoint_hit) {
1609 /* We re-entered the check after replacing the TB. Now raise
1610 * the debug interrupt so that is will trigger after the
1611 * current instruction. */
1612 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1613 return;
1614 }
1615 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1616 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1617 if ((vaddr == (wp->vaddr & len_mask) ||
1618 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1619 wp->flags |= BP_WATCHPOINT_HIT;
1620 if (!cpu->watchpoint_hit) {
1621 cpu->watchpoint_hit = wp;
1622 tb_check_watchpoint(cpu);
1623 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1624 cpu->exception_index = EXCP_DEBUG;
1625 cpu_loop_exit(cpu);
1626 } else {
1627 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1628 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1629 cpu_resume_from_signal(cpu, NULL);
1630 }
1631 }
1632 } else {
1633 wp->flags &= ~BP_WATCHPOINT_HIT;
1634 }
1635 }
1636 }
1637
1638 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1639 so these check for a hit then pass through to the normal out-of-line
1640 phys routines. */
1641 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1642 unsigned size)
1643 {
1644 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1645 switch (size) {
1646 case 1: return ldub_phys(&address_space_memory, addr);
1647 case 2: return lduw_phys(&address_space_memory, addr);
1648 case 4: return ldl_phys(&address_space_memory, addr);
1649 default: abort();
1650 }
1651 }
1652
1653 static void watch_mem_write(void *opaque, hwaddr addr,
1654 uint64_t val, unsigned size)
1655 {
1656 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1657 switch (size) {
1658 case 1:
1659 stb_phys(&address_space_memory, addr, val);
1660 break;
1661 case 2:
1662 stw_phys(&address_space_memory, addr, val);
1663 break;
1664 case 4:
1665 stl_phys(&address_space_memory, addr, val);
1666 break;
1667 default: abort();
1668 }
1669 }
1670
1671 static const MemoryRegionOps watch_mem_ops = {
1672 .read = watch_mem_read,
1673 .write = watch_mem_write,
1674 .endianness = DEVICE_NATIVE_ENDIAN,
1675 };
1676
1677 static uint64_t subpage_read(void *opaque, hwaddr addr,
1678 unsigned len)
1679 {
1680 subpage_t *subpage = opaque;
1681 uint8_t buf[4];
1682
1683 #if defined(DEBUG_SUBPAGE)
1684 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1685 subpage, len, addr);
1686 #endif
1687 address_space_read(subpage->as, addr + subpage->base, buf, len);
1688 switch (len) {
1689 case 1:
1690 return ldub_p(buf);
1691 case 2:
1692 return lduw_p(buf);
1693 case 4:
1694 return ldl_p(buf);
1695 default:
1696 abort();
1697 }
1698 }
1699
1700 static void subpage_write(void *opaque, hwaddr addr,
1701 uint64_t value, unsigned len)
1702 {
1703 subpage_t *subpage = opaque;
1704 uint8_t buf[4];
1705
1706 #if defined(DEBUG_SUBPAGE)
1707 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1708 " value %"PRIx64"\n",
1709 __func__, subpage, len, addr, value);
1710 #endif
1711 switch (len) {
1712 case 1:
1713 stb_p(buf, value);
1714 break;
1715 case 2:
1716 stw_p(buf, value);
1717 break;
1718 case 4:
1719 stl_p(buf, value);
1720 break;
1721 default:
1722 abort();
1723 }
1724 address_space_write(subpage->as, addr + subpage->base, buf, len);
1725 }
1726
1727 static bool subpage_accepts(void *opaque, hwaddr addr,
1728 unsigned len, bool is_write)
1729 {
1730 subpage_t *subpage = opaque;
1731 #if defined(DEBUG_SUBPAGE)
1732 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
1733 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1734 #endif
1735
1736 return address_space_access_valid(subpage->as, addr + subpage->base,
1737 len, is_write);
1738 }
1739
1740 static const MemoryRegionOps subpage_ops = {
1741 .read = subpage_read,
1742 .write = subpage_write,
1743 .valid.accepts = subpage_accepts,
1744 .endianness = DEVICE_NATIVE_ENDIAN,
1745 };
1746
1747 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1748 uint16_t section)
1749 {
1750 int idx, eidx;
1751
1752 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1753 return -1;
1754 idx = SUBPAGE_IDX(start);
1755 eidx = SUBPAGE_IDX(end);
1756 #if defined(DEBUG_SUBPAGE)
1757 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
1758 __func__, mmio, start, end, idx, eidx, section);
1759 #endif
1760 for (; idx <= eidx; idx++) {
1761 mmio->sub_section[idx] = section;
1762 }
1763
1764 return 0;
1765 }
1766
1767 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1768 {
1769 subpage_t *mmio;
1770
1771 mmio = g_malloc0(sizeof(subpage_t));
1772
1773 mmio->as = as;
1774 mmio->base = base;
1775 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
1776 NULL, TARGET_PAGE_SIZE);
1777 mmio->iomem.subpage = true;
1778 #if defined(DEBUG_SUBPAGE)
1779 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
1780 mmio, base, TARGET_PAGE_SIZE);
1781 #endif
1782 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
1783
1784 return mmio;
1785 }
1786
1787 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
1788 MemoryRegion *mr)
1789 {
1790 assert(as);
1791 MemoryRegionSection section = {
1792 .address_space = as,
1793 .mr = mr,
1794 .offset_within_address_space = 0,
1795 .offset_within_region = 0,
1796 .size = int128_2_64(),
1797 };
1798
1799 return phys_section_add(map, &section);
1800 }
1801
1802 MemoryRegion *iotlb_to_region(AddressSpace *as, hwaddr index)
1803 {
1804 return as->dispatch->map.sections[index & ~TARGET_PAGE_MASK].mr;
1805 }
1806
1807 static void io_mem_init(void)
1808 {
1809 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
1810 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1811 NULL, UINT64_MAX);
1812 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1813 NULL, UINT64_MAX);
1814 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1815 NULL, UINT64_MAX);
1816 }
1817
1818 static void mem_begin(MemoryListener *listener)
1819 {
1820 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1821 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
1822 uint16_t n;
1823
1824 n = dummy_section(&d->map, as, &io_mem_unassigned);
1825 assert(n == PHYS_SECTION_UNASSIGNED);
1826 n = dummy_section(&d->map, as, &io_mem_notdirty);
1827 assert(n == PHYS_SECTION_NOTDIRTY);
1828 n = dummy_section(&d->map, as, &io_mem_rom);
1829 assert(n == PHYS_SECTION_ROM);
1830 n = dummy_section(&d->map, as, &io_mem_watch);
1831 assert(n == PHYS_SECTION_WATCH);
1832
1833 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
1834 d->as = as;
1835 as->next_dispatch = d;
1836 }
1837
1838 static void mem_commit(MemoryListener *listener)
1839 {
1840 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1841 AddressSpaceDispatch *cur = as->dispatch;
1842 AddressSpaceDispatch *next = as->next_dispatch;
1843
1844 phys_page_compact_all(next, next->map.nodes_nb);
1845
1846 as->dispatch = next;
1847
1848 if (cur) {
1849 phys_sections_free(&cur->map);
1850 g_free(cur);
1851 }
1852 }
1853
1854 static void tcg_commit(MemoryListener *listener)
1855 {
1856 CPUState *cpu;
1857
1858 /* since each CPU stores ram addresses in its TLB cache, we must
1859 reset the modified entries */
1860 /* XXX: slow ! */
1861 CPU_FOREACH(cpu) {
1862 /* FIXME: Disentangle the cpu.h circular files deps so we can
1863 directly get the right CPU from listener. */
1864 if (cpu->tcg_as_listener != listener) {
1865 continue;
1866 }
1867 tlb_flush(cpu, 1);
1868 }
1869 }
1870
1871 static void core_log_global_start(MemoryListener *listener)
1872 {
1873 cpu_physical_memory_set_dirty_tracking(true);
1874 }
1875
1876 static void core_log_global_stop(MemoryListener *listener)
1877 {
1878 cpu_physical_memory_set_dirty_tracking(false);
1879 }
1880
1881 static MemoryListener core_memory_listener = {
1882 .log_global_start = core_log_global_start,
1883 .log_global_stop = core_log_global_stop,
1884 .priority = 1,
1885 };
1886
1887 void address_space_init_dispatch(AddressSpace *as)
1888 {
1889 as->dispatch = NULL;
1890 as->dispatch_listener = (MemoryListener) {
1891 .begin = mem_begin,
1892 .commit = mem_commit,
1893 .region_add = mem_add,
1894 .region_nop = mem_add,
1895 .priority = 0,
1896 };
1897 memory_listener_register(&as->dispatch_listener, as);
1898 }
1899
1900 void address_space_destroy_dispatch(AddressSpace *as)
1901 {
1902 AddressSpaceDispatch *d = as->dispatch;
1903
1904 memory_listener_unregister(&as->dispatch_listener);
1905 g_free(d);
1906 as->dispatch = NULL;
1907 }
1908
1909 static void memory_map_init(void)
1910 {
1911 system_memory = g_malloc(sizeof(*system_memory));
1912
1913 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
1914 address_space_init(&address_space_memory, system_memory, "memory");
1915
1916 system_io = g_malloc(sizeof(*system_io));
1917 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
1918 65536);
1919 address_space_init(&address_space_io, system_io, "I/O");
1920
1921 memory_listener_register(&core_memory_listener, &address_space_memory);
1922 }
1923
1924 MemoryRegion *get_system_memory(void)
1925 {
1926 return system_memory;
1927 }
1928
1929 MemoryRegion *get_system_io(void)
1930 {
1931 return system_io;
1932 }
1933
1934 #endif /* !defined(CONFIG_USER_ONLY) */
1935
1936 /* physical memory access (slow version, mainly for debug) */
1937 #if defined(CONFIG_USER_ONLY)
1938 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
1939 uint8_t *buf, int len, int is_write)
1940 {
1941 int l, flags;
1942 target_ulong page;
1943 void * p;
1944
1945 while (len > 0) {
1946 page = addr & TARGET_PAGE_MASK;
1947 l = (page + TARGET_PAGE_SIZE) - addr;
1948 if (l > len)
1949 l = len;
1950 flags = page_get_flags(page);
1951 if (!(flags & PAGE_VALID))
1952 return -1;
1953 if (is_write) {
1954 if (!(flags & PAGE_WRITE))
1955 return -1;
1956 /* XXX: this code should not depend on lock_user */
1957 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1958 return -1;
1959 memcpy(p, buf, l);
1960 unlock_user(p, addr, l);
1961 } else {
1962 if (!(flags & PAGE_READ))
1963 return -1;
1964 /* XXX: this code should not depend on lock_user */
1965 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1966 return -1;
1967 memcpy(buf, p, l);
1968 unlock_user(p, addr, 0);
1969 }
1970 len -= l;
1971 buf += l;
1972 addr += l;
1973 }
1974 return 0;
1975 }
1976
1977 #else
1978
1979 static void invalidate_and_set_dirty(hwaddr addr,
1980 hwaddr length)
1981 {
1982 if (cpu_physical_memory_is_clean(addr)) {
1983 /* invalidate code */
1984 tb_invalidate_phys_page_range(addr, addr + length, 0);
1985 /* set dirty bit */
1986 cpu_physical_memory_set_dirty_range_nocode(addr, length);
1987 }
1988 xen_modified_memory(addr, length);
1989 }
1990
1991 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
1992 {
1993 unsigned access_size_max = mr->ops->valid.max_access_size;
1994
1995 /* Regions are assumed to support 1-4 byte accesses unless
1996 otherwise specified. */
1997 if (access_size_max == 0) {
1998 access_size_max = 4;
1999 }
2000
2001 /* Bound the maximum access by the alignment of the address. */
2002 if (!mr->ops->impl.unaligned) {
2003 unsigned align_size_max = addr & -addr;
2004 if (align_size_max != 0 && align_size_max < access_size_max) {
2005 access_size_max = align_size_max;
2006 }
2007 }
2008
2009 /* Don't attempt accesses larger than the maximum. */
2010 if (l > access_size_max) {
2011 l = access_size_max;
2012 }
2013 if (l & (l - 1)) {
2014 l = 1 << (qemu_fls(l) - 1);
2015 }
2016
2017 return l;
2018 }
2019
2020 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
2021 int len, bool is_write)
2022 {
2023 hwaddr l;
2024 uint8_t *ptr;
2025 uint64_t val;
2026 hwaddr addr1;
2027 MemoryRegion *mr;
2028 bool error = false;
2029
2030 while (len > 0) {
2031 l = len;
2032 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2033
2034 if (is_write) {
2035 if (!memory_access_is_direct(mr, is_write)) {
2036 l = memory_access_size(mr, l, addr1);
2037 /* XXX: could force current_cpu to NULL to avoid
2038 potential bugs */
2039 switch (l) {
2040 case 8:
2041 /* 64 bit write access */
2042 val = ldq_p(buf);
2043 error |= io_mem_write(mr, addr1, val, 8);
2044 break;
2045 case 4:
2046 /* 32 bit write access */
2047 val = ldl_p(buf);
2048 error |= io_mem_write(mr, addr1, val, 4);
2049 break;
2050 case 2:
2051 /* 16 bit write access */
2052 val = lduw_p(buf);
2053 error |= io_mem_write(mr, addr1, val, 2);
2054 break;
2055 case 1:
2056 /* 8 bit write access */
2057 val = ldub_p(buf);
2058 error |= io_mem_write(mr, addr1, val, 1);
2059 break;
2060 default:
2061 abort();
2062 }
2063 } else {
2064 addr1 += memory_region_get_ram_addr(mr);
2065 /* RAM case */
2066 ptr = qemu_get_ram_ptr(addr1);
2067 memcpy(ptr, buf, l);
2068 invalidate_and_set_dirty(addr1, l);
2069 }
2070 } else {
2071 if (!memory_access_is_direct(mr, is_write)) {
2072 /* I/O case */
2073 l = memory_access_size(mr, l, addr1);
2074 switch (l) {
2075 case 8:
2076 /* 64 bit read access */
2077 error |= io_mem_read(mr, addr1, &val, 8);
2078 stq_p(buf, val);
2079 break;
2080 case 4:
2081 /* 32 bit read access */
2082 error |= io_mem_read(mr, addr1, &val, 4);
2083 stl_p(buf, val);
2084 break;
2085 case 2:
2086 /* 16 bit read access */
2087 error |= io_mem_read(mr, addr1, &val, 2);
2088 stw_p(buf, val);
2089 break;
2090 case 1:
2091 /* 8 bit read access */
2092 error |= io_mem_read(mr, addr1, &val, 1);
2093 stb_p(buf, val);
2094 break;
2095 default:
2096 abort();
2097 }
2098 } else {
2099 /* RAM case */
2100 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2101 memcpy(buf, ptr, l);
2102 }
2103 }
2104 len -= l;
2105 buf += l;
2106 addr += l;
2107 }
2108
2109 return error;
2110 }
2111
2112 bool address_space_write(AddressSpace *as, hwaddr addr,
2113 const uint8_t *buf, int len)
2114 {
2115 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
2116 }
2117
2118 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
2119 {
2120 return address_space_rw(as, addr, buf, len, false);
2121 }
2122
2123
2124 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2125 int len, int is_write)
2126 {
2127 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2128 }
2129
2130 enum write_rom_type {
2131 WRITE_DATA,
2132 FLUSH_CACHE,
2133 };
2134
2135 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2136 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2137 {
2138 hwaddr l;
2139 uint8_t *ptr;
2140 hwaddr addr1;
2141 MemoryRegion *mr;
2142
2143 while (len > 0) {
2144 l = len;
2145 mr = address_space_translate(as, addr, &addr1, &l, true);
2146
2147 if (!(memory_region_is_ram(mr) ||
2148 memory_region_is_romd(mr))) {
2149 /* do nothing */
2150 } else {
2151 addr1 += memory_region_get_ram_addr(mr);
2152 /* ROM/RAM case */
2153 ptr = qemu_get_ram_ptr(addr1);
2154 switch (type) {
2155 case WRITE_DATA:
2156 memcpy(ptr, buf, l);
2157 invalidate_and_set_dirty(addr1, l);
2158 break;
2159 case FLUSH_CACHE:
2160 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2161 break;
2162 }
2163 }
2164 len -= l;
2165 buf += l;
2166 addr += l;
2167 }
2168 }
2169
2170 /* used for ROM loading : can write in RAM and ROM */
2171 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2172 const uint8_t *buf, int len)
2173 {
2174 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2175 }
2176
2177 void cpu_flush_icache_range(hwaddr start, int len)
2178 {
2179 /*
2180 * This function should do the same thing as an icache flush that was
2181 * triggered from within the guest. For TCG we are always cache coherent,
2182 * so there is no need to flush anything. For KVM / Xen we need to flush
2183 * the host's instruction cache at least.
2184 */
2185 if (tcg_enabled()) {
2186 return;
2187 }
2188
2189 cpu_physical_memory_write_rom_internal(&address_space_memory,
2190 start, NULL, len, FLUSH_CACHE);
2191 }
2192
2193 typedef struct {
2194 MemoryRegion *mr;
2195 void *buffer;
2196 hwaddr addr;
2197 hwaddr len;
2198 } BounceBuffer;
2199
2200 static BounceBuffer bounce;
2201
2202 typedef struct MapClient {
2203 void *opaque;
2204 void (*callback)(void *opaque);
2205 QLIST_ENTRY(MapClient) link;
2206 } MapClient;
2207
2208 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2209 = QLIST_HEAD_INITIALIZER(map_client_list);
2210
2211 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2212 {
2213 MapClient *client = g_malloc(sizeof(*client));
2214
2215 client->opaque = opaque;
2216 client->callback = callback;
2217 QLIST_INSERT_HEAD(&map_client_list, client, link);
2218 return client;
2219 }
2220
2221 static void cpu_unregister_map_client(void *_client)
2222 {
2223 MapClient *client = (MapClient *)_client;
2224
2225 QLIST_REMOVE(client, link);
2226 g_free(client);
2227 }
2228
2229 static void cpu_notify_map_clients(void)
2230 {
2231 MapClient *client;
2232
2233 while (!QLIST_EMPTY(&map_client_list)) {
2234 client = QLIST_FIRST(&map_client_list);
2235 client->callback(client->opaque);
2236 cpu_unregister_map_client(client);
2237 }
2238 }
2239
2240 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2241 {
2242 MemoryRegion *mr;
2243 hwaddr l, xlat;
2244
2245 while (len > 0) {
2246 l = len;
2247 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2248 if (!memory_access_is_direct(mr, is_write)) {
2249 l = memory_access_size(mr, l, addr);
2250 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2251 return false;
2252 }
2253 }
2254
2255 len -= l;
2256 addr += l;
2257 }
2258 return true;
2259 }
2260
2261 /* Map a physical memory region into a host virtual address.
2262 * May map a subset of the requested range, given by and returned in *plen.
2263 * May return NULL if resources needed to perform the mapping are exhausted.
2264 * Use only for reads OR writes - not for read-modify-write operations.
2265 * Use cpu_register_map_client() to know when retrying the map operation is
2266 * likely to succeed.
2267 */
2268 void *address_space_map(AddressSpace *as,
2269 hwaddr addr,
2270 hwaddr *plen,
2271 bool is_write)
2272 {
2273 hwaddr len = *plen;
2274 hwaddr done = 0;
2275 hwaddr l, xlat, base;
2276 MemoryRegion *mr, *this_mr;
2277 ram_addr_t raddr;
2278
2279 if (len == 0) {
2280 return NULL;
2281 }
2282
2283 l = len;
2284 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2285 if (!memory_access_is_direct(mr, is_write)) {
2286 if (bounce.buffer) {
2287 return NULL;
2288 }
2289 /* Avoid unbounded allocations */
2290 l = MIN(l, TARGET_PAGE_SIZE);
2291 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2292 bounce.addr = addr;
2293 bounce.len = l;
2294
2295 memory_region_ref(mr);
2296 bounce.mr = mr;
2297 if (!is_write) {
2298 address_space_read(as, addr, bounce.buffer, l);
2299 }
2300
2301 *plen = l;
2302 return bounce.buffer;
2303 }
2304
2305 base = xlat;
2306 raddr = memory_region_get_ram_addr(mr);
2307
2308 for (;;) {
2309 len -= l;
2310 addr += l;
2311 done += l;
2312 if (len == 0) {
2313 break;
2314 }
2315
2316 l = len;
2317 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2318 if (this_mr != mr || xlat != base + done) {
2319 break;
2320 }
2321 }
2322
2323 memory_region_ref(mr);
2324 *plen = done;
2325 return qemu_ram_ptr_length(raddr + base, plen);
2326 }
2327
2328 /* Unmaps a memory region previously mapped by address_space_map().
2329 * Will also mark the memory as dirty if is_write == 1. access_len gives
2330 * the amount of memory that was actually read or written by the caller.
2331 */
2332 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2333 int is_write, hwaddr access_len)
2334 {
2335 if (buffer != bounce.buffer) {
2336 MemoryRegion *mr;
2337 ram_addr_t addr1;
2338
2339 mr = qemu_ram_addr_from_host(buffer, &addr1);
2340 assert(mr != NULL);
2341 if (is_write) {
2342 invalidate_and_set_dirty(addr1, access_len);
2343 }
2344 if (xen_enabled()) {
2345 xen_invalidate_map_cache_entry(buffer);
2346 }
2347 memory_region_unref(mr);
2348 return;
2349 }
2350 if (is_write) {
2351 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2352 }
2353 qemu_vfree(bounce.buffer);
2354 bounce.buffer = NULL;
2355 memory_region_unref(bounce.mr);
2356 cpu_notify_map_clients();
2357 }
2358
2359 void *cpu_physical_memory_map(hwaddr addr,
2360 hwaddr *plen,
2361 int is_write)
2362 {
2363 return address_space_map(&address_space_memory, addr, plen, is_write);
2364 }
2365
2366 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2367 int is_write, hwaddr access_len)
2368 {
2369 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2370 }
2371
2372 /* warning: addr must be aligned */
2373 static inline uint32_t ldl_phys_internal(AddressSpace *as, hwaddr addr,
2374 enum device_endian endian)
2375 {
2376 uint8_t *ptr;
2377 uint64_t val;
2378 MemoryRegion *mr;
2379 hwaddr l = 4;
2380 hwaddr addr1;
2381
2382 mr = address_space_translate(as, addr, &addr1, &l, false);
2383 if (l < 4 || !memory_access_is_direct(mr, false)) {
2384 /* I/O case */
2385 io_mem_read(mr, addr1, &val, 4);
2386 #if defined(TARGET_WORDS_BIGENDIAN)
2387 if (endian == DEVICE_LITTLE_ENDIAN) {
2388 val = bswap32(val);
2389 }
2390 #else
2391 if (endian == DEVICE_BIG_ENDIAN) {
2392 val = bswap32(val);
2393 }
2394 #endif
2395 } else {
2396 /* RAM case */
2397 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2398 & TARGET_PAGE_MASK)
2399 + addr1);
2400 switch (endian) {
2401 case DEVICE_LITTLE_ENDIAN:
2402 val = ldl_le_p(ptr);
2403 break;
2404 case DEVICE_BIG_ENDIAN:
2405 val = ldl_be_p(ptr);
2406 break;
2407 default:
2408 val = ldl_p(ptr);
2409 break;
2410 }
2411 }
2412 return val;
2413 }
2414
2415 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2416 {
2417 return ldl_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2418 }
2419
2420 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2421 {
2422 return ldl_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2423 }
2424
2425 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2426 {
2427 return ldl_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2428 }
2429
2430 /* warning: addr must be aligned */
2431 static inline uint64_t ldq_phys_internal(AddressSpace *as, hwaddr addr,
2432 enum device_endian endian)
2433 {
2434 uint8_t *ptr;
2435 uint64_t val;
2436 MemoryRegion *mr;
2437 hwaddr l = 8;
2438 hwaddr addr1;
2439
2440 mr = address_space_translate(as, addr, &addr1, &l,
2441 false);
2442 if (l < 8 || !memory_access_is_direct(mr, false)) {
2443 /* I/O case */
2444 io_mem_read(mr, addr1, &val, 8);
2445 #if defined(TARGET_WORDS_BIGENDIAN)
2446 if (endian == DEVICE_LITTLE_ENDIAN) {
2447 val = bswap64(val);
2448 }
2449 #else
2450 if (endian == DEVICE_BIG_ENDIAN) {
2451 val = bswap64(val);
2452 }
2453 #endif
2454 } else {
2455 /* RAM case */
2456 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2457 & TARGET_PAGE_MASK)
2458 + addr1);
2459 switch (endian) {
2460 case DEVICE_LITTLE_ENDIAN:
2461 val = ldq_le_p(ptr);
2462 break;
2463 case DEVICE_BIG_ENDIAN:
2464 val = ldq_be_p(ptr);
2465 break;
2466 default:
2467 val = ldq_p(ptr);
2468 break;
2469 }
2470 }
2471 return val;
2472 }
2473
2474 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
2475 {
2476 return ldq_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2477 }
2478
2479 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
2480 {
2481 return ldq_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2482 }
2483
2484 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
2485 {
2486 return ldq_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2487 }
2488
2489 /* XXX: optimize */
2490 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
2491 {
2492 uint8_t val;
2493 address_space_rw(as, addr, &val, 1, 0);
2494 return val;
2495 }
2496
2497 /* warning: addr must be aligned */
2498 static inline uint32_t lduw_phys_internal(AddressSpace *as, hwaddr addr,
2499 enum device_endian endian)
2500 {
2501 uint8_t *ptr;
2502 uint64_t val;
2503 MemoryRegion *mr;
2504 hwaddr l = 2;
2505 hwaddr addr1;
2506
2507 mr = address_space_translate(as, addr, &addr1, &l,
2508 false);
2509 if (l < 2 || !memory_access_is_direct(mr, false)) {
2510 /* I/O case */
2511 io_mem_read(mr, addr1, &val, 2);
2512 #if defined(TARGET_WORDS_BIGENDIAN)
2513 if (endian == DEVICE_LITTLE_ENDIAN) {
2514 val = bswap16(val);
2515 }
2516 #else
2517 if (endian == DEVICE_BIG_ENDIAN) {
2518 val = bswap16(val);
2519 }
2520 #endif
2521 } else {
2522 /* RAM case */
2523 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2524 & TARGET_PAGE_MASK)
2525 + addr1);
2526 switch (endian) {
2527 case DEVICE_LITTLE_ENDIAN:
2528 val = lduw_le_p(ptr);
2529 break;
2530 case DEVICE_BIG_ENDIAN:
2531 val = lduw_be_p(ptr);
2532 break;
2533 default:
2534 val = lduw_p(ptr);
2535 break;
2536 }
2537 }
2538 return val;
2539 }
2540
2541 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
2542 {
2543 return lduw_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2544 }
2545
2546 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
2547 {
2548 return lduw_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2549 }
2550
2551 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
2552 {
2553 return lduw_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2554 }
2555
2556 /* warning: addr must be aligned. The ram page is not masked as dirty
2557 and the code inside is not invalidated. It is useful if the dirty
2558 bits are used to track modified PTEs */
2559 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
2560 {
2561 uint8_t *ptr;
2562 MemoryRegion *mr;
2563 hwaddr l = 4;
2564 hwaddr addr1;
2565
2566 mr = address_space_translate(as, addr, &addr1, &l,
2567 true);
2568 if (l < 4 || !memory_access_is_direct(mr, true)) {
2569 io_mem_write(mr, addr1, val, 4);
2570 } else {
2571 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2572 ptr = qemu_get_ram_ptr(addr1);
2573 stl_p(ptr, val);
2574
2575 if (unlikely(in_migration)) {
2576 if (cpu_physical_memory_is_clean(addr1)) {
2577 /* invalidate code */
2578 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2579 /* set dirty bit */
2580 cpu_physical_memory_set_dirty_range_nocode(addr1, 4);
2581 }
2582 }
2583 }
2584 }
2585
2586 /* warning: addr must be aligned */
2587 static inline void stl_phys_internal(AddressSpace *as,
2588 hwaddr addr, uint32_t val,
2589 enum device_endian endian)
2590 {
2591 uint8_t *ptr;
2592 MemoryRegion *mr;
2593 hwaddr l = 4;
2594 hwaddr addr1;
2595
2596 mr = address_space_translate(as, addr, &addr1, &l,
2597 true);
2598 if (l < 4 || !memory_access_is_direct(mr, true)) {
2599 #if defined(TARGET_WORDS_BIGENDIAN)
2600 if (endian == DEVICE_LITTLE_ENDIAN) {
2601 val = bswap32(val);
2602 }
2603 #else
2604 if (endian == DEVICE_BIG_ENDIAN) {
2605 val = bswap32(val);
2606 }
2607 #endif
2608 io_mem_write(mr, addr1, val, 4);
2609 } else {
2610 /* RAM case */
2611 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2612 ptr = qemu_get_ram_ptr(addr1);
2613 switch (endian) {
2614 case DEVICE_LITTLE_ENDIAN:
2615 stl_le_p(ptr, val);
2616 break;
2617 case DEVICE_BIG_ENDIAN:
2618 stl_be_p(ptr, val);
2619 break;
2620 default:
2621 stl_p(ptr, val);
2622 break;
2623 }
2624 invalidate_and_set_dirty(addr1, 4);
2625 }
2626 }
2627
2628 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2629 {
2630 stl_phys_internal(as, addr, val, DEVICE_NATIVE_ENDIAN);
2631 }
2632
2633 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2634 {
2635 stl_phys_internal(as, addr, val, DEVICE_LITTLE_ENDIAN);
2636 }
2637
2638 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2639 {
2640 stl_phys_internal(as, addr, val, DEVICE_BIG_ENDIAN);
2641 }
2642
2643 /* XXX: optimize */
2644 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2645 {
2646 uint8_t v = val;
2647 address_space_rw(as, addr, &v, 1, 1);
2648 }
2649
2650 /* warning: addr must be aligned */
2651 static inline void stw_phys_internal(AddressSpace *as,
2652 hwaddr addr, uint32_t val,
2653 enum device_endian endian)
2654 {
2655 uint8_t *ptr;
2656 MemoryRegion *mr;
2657 hwaddr l = 2;
2658 hwaddr addr1;
2659
2660 mr = address_space_translate(as, addr, &addr1, &l, true);
2661 if (l < 2 || !memory_access_is_direct(mr, true)) {
2662 #if defined(TARGET_WORDS_BIGENDIAN)
2663 if (endian == DEVICE_LITTLE_ENDIAN) {
2664 val = bswap16(val);
2665 }
2666 #else
2667 if (endian == DEVICE_BIG_ENDIAN) {
2668 val = bswap16(val);
2669 }
2670 #endif
2671 io_mem_write(mr, addr1, val, 2);
2672 } else {
2673 /* RAM case */
2674 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2675 ptr = qemu_get_ram_ptr(addr1);
2676 switch (endian) {
2677 case DEVICE_LITTLE_ENDIAN:
2678 stw_le_p(ptr, val);
2679 break;
2680 case DEVICE_BIG_ENDIAN:
2681 stw_be_p(ptr, val);
2682 break;
2683 default:
2684 stw_p(ptr, val);
2685 break;
2686 }
2687 invalidate_and_set_dirty(addr1, 2);
2688 }
2689 }
2690
2691 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2692 {
2693 stw_phys_internal(as, addr, val, DEVICE_NATIVE_ENDIAN);
2694 }
2695
2696 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2697 {
2698 stw_phys_internal(as, addr, val, DEVICE_LITTLE_ENDIAN);
2699 }
2700
2701 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2702 {
2703 stw_phys_internal(as, addr, val, DEVICE_BIG_ENDIAN);
2704 }
2705
2706 /* XXX: optimize */
2707 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
2708 {
2709 val = tswap64(val);
2710 address_space_rw(as, addr, (void *) &val, 8, 1);
2711 }
2712
2713 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
2714 {
2715 val = cpu_to_le64(val);
2716 address_space_rw(as, addr, (void *) &val, 8, 1);
2717 }
2718
2719 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
2720 {
2721 val = cpu_to_be64(val);
2722 address_space_rw(as, addr, (void *) &val, 8, 1);
2723 }
2724
2725 /* virtual memory access for debug (includes writing to ROM) */
2726 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2727 uint8_t *buf, int len, int is_write)
2728 {
2729 int l;
2730 hwaddr phys_addr;
2731 target_ulong page;
2732
2733 while (len > 0) {
2734 page = addr & TARGET_PAGE_MASK;
2735 phys_addr = cpu_get_phys_page_debug(cpu, page);
2736 /* if no physical page mapped, return an error */
2737 if (phys_addr == -1)
2738 return -1;
2739 l = (page + TARGET_PAGE_SIZE) - addr;
2740 if (l > len)
2741 l = len;
2742 phys_addr += (addr & ~TARGET_PAGE_MASK);
2743 if (is_write) {
2744 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
2745 } else {
2746 address_space_rw(cpu->as, phys_addr, buf, l, 0);
2747 }
2748 len -= l;
2749 buf += l;
2750 addr += l;
2751 }
2752 return 0;
2753 }
2754 #endif
2755
2756 /*
2757 * A helper function for the _utterly broken_ virtio device model to find out if
2758 * it's running on a big endian machine. Don't do this at home kids!
2759 */
2760 bool target_words_bigendian(void);
2761 bool target_words_bigendian(void)
2762 {
2763 #if defined(TARGET_WORDS_BIGENDIAN)
2764 return true;
2765 #else
2766 return false;
2767 #endif
2768 }
2769
2770 #ifndef CONFIG_USER_ONLY
2771 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2772 {
2773 MemoryRegion*mr;
2774 hwaddr l = 1;
2775
2776 mr = address_space_translate(&address_space_memory,
2777 phys_addr, &phys_addr, &l, false);
2778
2779 return !(memory_region_is_ram(mr) ||
2780 memory_region_is_romd(mr));
2781 }
2782
2783 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2784 {
2785 RAMBlock *block;
2786
2787 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2788 func(block->host, block->offset, block->length, opaque);
2789 }
2790 }
2791 #endif
AR7 emulation for QEMU