search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Remove cpu_get_physical_page_desc()
[qemu-kvm.git] / exec.c
blobb02199b271de70350cf135a2ed05cce5ce113f2c
1 /*
2 * virtual page mapping and translated block handling
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifdef _WIN32
21 #include <windows.h>
22 #else
23 #include <sys/types.h>
24 #include <sys/mman.h>
25 #endif
26
27 #include "qemu-common.h"
28 #include "cpu.h"
29 #include "tcg.h"
30 #include "hw/hw.h"
31 #include "hw/qdev.h"
32 #include "osdep.h"
33 #include "kvm.h"
34 #include "hw/xen.h"
35 #include "qemu-timer.h"
36 #include "memory.h"
37 #include "exec-memory.h"
38 #if defined(CONFIG_USER_ONLY)
39 #include <qemu.h>
40 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41 #include <sys/param.h>
42 #if __FreeBSD_version >= 700104
43 #define HAVE_KINFO_GETVMMAP
44 #define sigqueue sigqueue_freebsd /* avoid redefinition */
45 #include <sys/time.h>
46 #include <sys/proc.h>
47 #include <machine/profile.h>
48 #define _KERNEL
49 #include <sys/user.h>
50 #undef _KERNEL
51 #undef sigqueue
52 #include <libutil.h>
53 #endif
54 #endif
55 #else /* !CONFIG_USER_ONLY */
56 #include "xen-mapcache.h"
57 #include "trace.h"
58 #endif
59
60 #define WANT_EXEC_OBSOLETE
61 #include "exec-obsolete.h"
62
63 //#define DEBUG_TB_INVALIDATE
64 //#define DEBUG_FLUSH
65 //#define DEBUG_TLB
66 //#define DEBUG_UNASSIGNED
67
68 /* make various TB consistency checks */
69 //#define DEBUG_TB_CHECK
70 //#define DEBUG_TLB_CHECK
71
72 //#define DEBUG_IOPORT
73 //#define DEBUG_SUBPAGE
74
75 #if !defined(CONFIG_USER_ONLY)
76 /* TB consistency checks only implemented for usermode emulation. */
77 #undef DEBUG_TB_CHECK
78 #endif
79
80 #define SMC_BITMAP_USE_THRESHOLD 10
81
82 static TranslationBlock *tbs;
83 static int code_gen_max_blocks;
84 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
85 static int nb_tbs;
86 /* any access to the tbs or the page table must use this lock */
87 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
88
89 #if defined(__arm__) || defined(__sparc_v9__)
90 /* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
92 section close to code segment. */
93 #define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
96 #elif defined(_WIN32)
97 /* Maximum alignment for Win32 is 16. */
98 #define code_gen_section \
99 __attribute__((aligned (16)))
100 #else
101 #define code_gen_section \
102 __attribute__((aligned (32)))
103 #endif
104
105 uint8_t code_gen_prologue[1024] code_gen_section;
106 static uint8_t *code_gen_buffer;
107 static unsigned long code_gen_buffer_size;
108 /* threshold to flush the translated code buffer */
109 static unsigned long code_gen_buffer_max_size;
110 static uint8_t *code_gen_ptr;
111
112 #if !defined(CONFIG_USER_ONLY)
113 int phys_ram_fd;
114 static int in_migration;
115
116 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
117
118 static MemoryRegion *system_memory;
119 static MemoryRegion *system_io;
120
121 #endif
122
123 CPUState *first_cpu;
124 /* current CPU in the current thread. It is only valid inside
125 cpu_exec() */
126 DEFINE_TLS(CPUState *,cpu_single_env);
127 /* 0 = Do not count executed instructions.
128 1 = Precise instruction counting.
129 2 = Adaptive rate instruction counting. */
130 int use_icount = 0;
131
132 typedef struct PageDesc {
133 /* list of TBs intersecting this ram page */
134 TranslationBlock *first_tb;
135 /* in order to optimize self modifying code, we count the number
136 of lookups we do to a given page to use a bitmap */
137 unsigned int code_write_count;
138 uint8_t *code_bitmap;
139 #if defined(CONFIG_USER_ONLY)
140 unsigned long flags;
141 #endif
142 } PageDesc;
143
144 /* In system mode we want L1_MAP to be based on ram offsets,
145 while in user mode we want it to be based on virtual addresses. */
146 #if !defined(CONFIG_USER_ONLY)
147 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
148 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
149 #else
150 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
151 #endif
152 #else
153 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
154 #endif
155
156 /* Size of the L2 (and L3, etc) page tables. */
157 #define L2_BITS 10
158 #define L2_SIZE (1 << L2_BITS)
159
160 /* The bits remaining after N lower levels of page tables. */
161 #define P_L1_BITS_REM \
162 ((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
163 #define V_L1_BITS_REM \
164 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
165
166 /* Size of the L1 page table. Avoid silly small sizes. */
167 #if P_L1_BITS_REM < 4
168 #define P_L1_BITS (P_L1_BITS_REM + L2_BITS)
169 #else
170 #define P_L1_BITS P_L1_BITS_REM
171 #endif
172
173 #if V_L1_BITS_REM < 4
174 #define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
175 #else
176 #define V_L1_BITS V_L1_BITS_REM
177 #endif
178
179 #define P_L1_SIZE ((target_phys_addr_t)1 << P_L1_BITS)
180 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
181
182 #define P_L1_SHIFT (TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - P_L1_BITS)
183 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
184
185 unsigned long qemu_real_host_page_size;
186 unsigned long qemu_host_page_size;
187 unsigned long qemu_host_page_mask;
188
189 /* This is a multi-level map on the virtual address space.
190 The bottom level has pointers to PageDesc. */
191 static void *l1_map[V_L1_SIZE];
192
193 #if !defined(CONFIG_USER_ONLY)
194 typedef struct PhysPageDesc {
195 /* offset in host memory of the page + io_index in the low bits */
196 ram_addr_t phys_offset;
197 ram_addr_t region_offset;
198 } PhysPageDesc;
199
200 /* This is a multi-level map on the physical address space.
201 The bottom level has pointers to PhysPageDesc. */
202 static void *l1_phys_map[P_L1_SIZE];
203
204 static void io_mem_init(void);
205 static void memory_map_init(void);
206
207 /* io memory support */
208 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
209 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
210 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
211 static char io_mem_used[IO_MEM_NB_ENTRIES];
212 static int io_mem_watch;
213 #endif
214
215 /* log support */
216 #ifdef WIN32
217 static const char *logfilename = "qemu.log";
218 #else
219 static const char *logfilename = "/tmp/qemu.log";
220 #endif
221 FILE *logfile;
222 int loglevel;
223 static int log_append = 0;
224
225 /* statistics */
226 #if !defined(CONFIG_USER_ONLY)
227 static int tlb_flush_count;
228 #endif
229 static int tb_flush_count;
230 static int tb_phys_invalidate_count;
231
232 #ifdef _WIN32
233 static void map_exec(void *addr, long size)
234 {
235 DWORD old_protect;
236 VirtualProtect(addr, size,
237 PAGE_EXECUTE_READWRITE, &old_protect);
238
239 }
240 #else
241 static void map_exec(void *addr, long size)
242 {
243 unsigned long start, end, page_size;
244
245 page_size = getpagesize();
246 start = (unsigned long)addr;
247 start &= ~(page_size - 1);
248
249 end = (unsigned long)addr + size;
250 end += page_size - 1;
251 end &= ~(page_size - 1);
252
253 mprotect((void *)start, end - start,
254 PROT_READ | PROT_WRITE | PROT_EXEC);
255 }
256 #endif
257
258 static void page_init(void)
259 {
260 /* NOTE: we can always suppose that qemu_host_page_size >=
261 TARGET_PAGE_SIZE */
262 #ifdef _WIN32
263 {
264 SYSTEM_INFO system_info;
265
266 GetSystemInfo(&system_info);
267 qemu_real_host_page_size = system_info.dwPageSize;
268 }
269 #else
270 qemu_real_host_page_size = getpagesize();
271 #endif
272 if (qemu_host_page_size == 0)
273 qemu_host_page_size = qemu_real_host_page_size;
274 if (qemu_host_page_size < TARGET_PAGE_SIZE)
275 qemu_host_page_size = TARGET_PAGE_SIZE;
276 qemu_host_page_mask = ~(qemu_host_page_size - 1);
277
278 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
279 {
280 #ifdef HAVE_KINFO_GETVMMAP
281 struct kinfo_vmentry *freep;
282 int i, cnt;
283
284 freep = kinfo_getvmmap(getpid(), &cnt);
285 if (freep) {
286 mmap_lock();
287 for (i = 0; i < cnt; i++) {
288 unsigned long startaddr, endaddr;
289
290 startaddr = freep[i].kve_start;
291 endaddr = freep[i].kve_end;
292 if (h2g_valid(startaddr)) {
293 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
294
295 if (h2g_valid(endaddr)) {
296 endaddr = h2g(endaddr);
297 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
298 } else {
299 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
300 endaddr = ~0ul;
301 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
302 #endif
303 }
304 }
305 }
306 free(freep);
307 mmap_unlock();
308 }
309 #else
310 FILE *f;
311
312 last_brk = (unsigned long)sbrk(0);
313
314 f = fopen("/compat/linux/proc/self/maps", "r");
315 if (f) {
316 mmap_lock();
317
318 do {
319 unsigned long startaddr, endaddr;
320 int n;
321
322 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
323
324 if (n == 2 && h2g_valid(startaddr)) {
325 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
326
327 if (h2g_valid(endaddr)) {
328 endaddr = h2g(endaddr);
329 } else {
330 endaddr = ~0ul;
331 }
332 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
333 }
334 } while (!feof(f));
335
336 fclose(f);
337 mmap_unlock();
338 }
339 #endif
340 }
341 #endif
342 }
343
344 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
345 {
346 PageDesc *pd;
347 void **lp;
348 int i;
349
350 #if defined(CONFIG_USER_ONLY)
351 /* We can't use g_malloc because it may recurse into a locked mutex. */
352 # define ALLOC(P, SIZE) \
353 do { \
354 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
355 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
356 } while (0)
357 #else
358 # define ALLOC(P, SIZE) \
359 do { P = g_malloc0(SIZE); } while (0)
360 #endif
361
362 /* Level 1. Always allocated. */
363 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
364
365 /* Level 2..N-1. */
366 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
367 void **p = *lp;
368
369 if (p == NULL) {
370 if (!alloc) {
371 return NULL;
372 }
373 ALLOC(p, sizeof(void *) * L2_SIZE);
374 *lp = p;
375 }
376
377 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
378 }
379
380 pd = *lp;
381 if (pd == NULL) {
382 if (!alloc) {
383 return NULL;
384 }
385 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
386 *lp = pd;
387 }
388
389 #undef ALLOC
390
391 return pd + (index & (L2_SIZE - 1));
392 }
393
394 static inline PageDesc *page_find(tb_page_addr_t index)
395 {
396 return page_find_alloc(index, 0);
397 }
398
399 #if !defined(CONFIG_USER_ONLY)
400 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
401 {
402 PhysPageDesc *pd;
403 void **lp;
404 int i;
405
406 /* Level 1. Always allocated. */
407 lp = l1_phys_map + ((index >> P_L1_SHIFT) & (P_L1_SIZE - 1));
408
409 /* Level 2..N-1. */
410 for (i = P_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
411 void **p = *lp;
412 if (p == NULL) {
413 if (!alloc) {
414 return NULL;
415 }
416 *lp = p = g_malloc0(sizeof(void *) * L2_SIZE);
417 }
418 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
419 }
420
421 pd = *lp;
422 if (pd == NULL) {
423 int i;
424 int first_index = index & ~(L2_SIZE - 1);
425
426 if (!alloc) {
427 return NULL;
428 }
429
430 *lp = pd = g_malloc(sizeof(PhysPageDesc) * L2_SIZE);
431
432 for (i = 0; i < L2_SIZE; i++) {
433 pd[i].phys_offset = IO_MEM_UNASSIGNED;
434 pd[i].region_offset = (first_index + i) << TARGET_PAGE_BITS;
435 }
436 }
437
438 return pd + (index & (L2_SIZE - 1));
439 }
440
441 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
442 {
443 return phys_page_find_alloc(index, 0);
444 }
445
446 static void tlb_protect_code(ram_addr_t ram_addr);
447 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
448 target_ulong vaddr);
449 #define mmap_lock() do { } while(0)
450 #define mmap_unlock() do { } while(0)
451 #endif
452
453 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
454
455 #if defined(CONFIG_USER_ONLY)
456 /* Currently it is not recommended to allocate big chunks of data in
457 user mode. It will change when a dedicated libc will be used */
458 #define USE_STATIC_CODE_GEN_BUFFER
459 #endif
460
461 #ifdef USE_STATIC_CODE_GEN_BUFFER
462 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
463 __attribute__((aligned (CODE_GEN_ALIGN)));
464 #endif
465
466 static void code_gen_alloc(unsigned long tb_size)
467 {
468 #ifdef USE_STATIC_CODE_GEN_BUFFER
469 code_gen_buffer = static_code_gen_buffer;
470 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
471 map_exec(code_gen_buffer, code_gen_buffer_size);
472 #else
473 code_gen_buffer_size = tb_size;
474 if (code_gen_buffer_size == 0) {
475 #if defined(CONFIG_USER_ONLY)
476 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
477 #else
478 /* XXX: needs adjustments */
479 code_gen_buffer_size = (unsigned long)(ram_size / 4);
480 #endif
481 }
482 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
483 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
484 /* The code gen buffer location may have constraints depending on
485 the host cpu and OS */
486 #if defined(__linux__)
487 {
488 int flags;
489 void *start = NULL;
490
491 flags = MAP_PRIVATE | MAP_ANONYMOUS;
492 #if defined(__x86_64__)
493 flags |= MAP_32BIT;
494 /* Cannot map more than that */
495 if (code_gen_buffer_size > (800 * 1024 * 1024))
496 code_gen_buffer_size = (800 * 1024 * 1024);
497 #elif defined(__sparc_v9__)
498 // Map the buffer below 2G, so we can use direct calls and branches
499 flags |= MAP_FIXED;
500 start = (void *) 0x60000000UL;
501 if (code_gen_buffer_size > (512 * 1024 * 1024))
502 code_gen_buffer_size = (512 * 1024 * 1024);
503 #elif defined(__arm__)
504 /* Keep the buffer no bigger than 16GB to branch between blocks */
505 if (code_gen_buffer_size > 16 * 1024 * 1024)
506 code_gen_buffer_size = 16 * 1024 * 1024;
507 #elif defined(__s390x__)
508 /* Map the buffer so that we can use direct calls and branches. */
509 /* We have a +- 4GB range on the branches; leave some slop. */
510 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
511 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
512 }
513 start = (void *)0x90000000UL;
514 #endif
515 code_gen_buffer = mmap(start, code_gen_buffer_size,
516 PROT_WRITE | PROT_READ | PROT_EXEC,
517 flags, -1, 0);
518 if (code_gen_buffer == MAP_FAILED) {
519 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
520 exit(1);
521 }
522 }
523 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
524 || defined(__DragonFly__) || defined(__OpenBSD__) \
525 || defined(__NetBSD__)
526 {
527 int flags;
528 void *addr = NULL;
529 flags = MAP_PRIVATE | MAP_ANONYMOUS;
530 #if defined(__x86_64__)
531 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
532 * 0x40000000 is free */
533 flags |= MAP_FIXED;
534 addr = (void *)0x40000000;
535 /* Cannot map more than that */
536 if (code_gen_buffer_size > (800 * 1024 * 1024))
537 code_gen_buffer_size = (800 * 1024 * 1024);
538 #elif defined(__sparc_v9__)
539 // Map the buffer below 2G, so we can use direct calls and branches
540 flags |= MAP_FIXED;
541 addr = (void *) 0x60000000UL;
542 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
543 code_gen_buffer_size = (512 * 1024 * 1024);
544 }
545 #endif
546 code_gen_buffer = mmap(addr, code_gen_buffer_size,
547 PROT_WRITE | PROT_READ | PROT_EXEC,
548 flags, -1, 0);
549 if (code_gen_buffer == MAP_FAILED) {
550 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
551 exit(1);
552 }
553 }
554 #else
555 code_gen_buffer = g_malloc(code_gen_buffer_size);
556 map_exec(code_gen_buffer, code_gen_buffer_size);
557 #endif
558 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
559 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
560 code_gen_buffer_max_size = code_gen_buffer_size -
561 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
562 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
563 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
564 }
565
566 /* Must be called before using the QEMU cpus. 'tb_size' is the size
567 (in bytes) allocated to the translation buffer. Zero means default
568 size. */
569 void tcg_exec_init(unsigned long tb_size)
570 {
571 cpu_gen_init();
572 code_gen_alloc(tb_size);
573 code_gen_ptr = code_gen_buffer;
574 page_init();
575 #if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
576 /* There's no guest base to take into account, so go ahead and
577 initialize the prologue now. */
578 tcg_prologue_init(&tcg_ctx);
579 #endif
580 }
581
582 bool tcg_enabled(void)
583 {
584 return code_gen_buffer != NULL;
585 }
586
587 void cpu_exec_init_all(void)
588 {
589 #if !defined(CONFIG_USER_ONLY)
590 memory_map_init();
591 io_mem_init();
592 #endif
593 }
594
595 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
596
597 static int cpu_common_post_load(void *opaque, int version_id)
598 {
599 CPUState *env = opaque;
600
601 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
602 version_id is increased. */
603 env->interrupt_request &= ~0x01;
604 tlb_flush(env, 1);
605
606 return 0;
607 }
608
609 static const VMStateDescription vmstate_cpu_common = {
610 .name = "cpu_common",
611 .version_id = 1,
612 .minimum_version_id = 1,
613 .minimum_version_id_old = 1,
614 .post_load = cpu_common_post_load,
615 .fields = (VMStateField []) {
616 VMSTATE_UINT32(halted, CPUState),
617 VMSTATE_UINT32(interrupt_request, CPUState),
618 VMSTATE_END_OF_LIST()
619 }
620 };
621 #endif
622
623 CPUState *qemu_get_cpu(int cpu)
624 {
625 CPUState *env = first_cpu;
626
627 while (env) {
628 if (env->cpu_index == cpu)
629 break;
630 env = env->next_cpu;
631 }
632
633 return env;
634 }
635
636 void cpu_exec_init(CPUState *env)
637 {
638 CPUState **penv;
639 int cpu_index;
640
641 #if defined(CONFIG_USER_ONLY)
642 cpu_list_lock();
643 #endif
644 env->next_cpu = NULL;
645 penv = &first_cpu;
646 cpu_index = 0;
647 while (*penv != NULL) {
648 penv = &(*penv)->next_cpu;
649 cpu_index++;
650 }
651 env->cpu_index = cpu_index;
652 env->numa_node = 0;
653 QTAILQ_INIT(&env->breakpoints);
654 QTAILQ_INIT(&env->watchpoints);
655 #ifndef CONFIG_USER_ONLY
656 env->thread_id = qemu_get_thread_id();
657 #endif
658 *penv = env;
659 #if defined(CONFIG_USER_ONLY)
660 cpu_list_unlock();
661 #endif
662 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
663 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
664 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
665 cpu_save, cpu_load, env);
666 #endif
667 }
668
669 /* Allocate a new translation block. Flush the translation buffer if
670 too many translation blocks or too much generated code. */
671 static TranslationBlock *tb_alloc(target_ulong pc)
672 {
673 TranslationBlock *tb;
674
675 if (nb_tbs >= code_gen_max_blocks ||
676 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
677 return NULL;
678 tb = &tbs[nb_tbs++];
679 tb->pc = pc;
680 tb->cflags = 0;
681 return tb;
682 }
683
684 void tb_free(TranslationBlock *tb)
685 {
686 /* In practice this is mostly used for single use temporary TB
687 Ignore the hard cases and just back up if this TB happens to
688 be the last one generated. */
689 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
690 code_gen_ptr = tb->tc_ptr;
691 nb_tbs--;
692 }
693 }
694
695 static inline void invalidate_page_bitmap(PageDesc *p)
696 {
697 if (p->code_bitmap) {
698 g_free(p->code_bitmap);
699 p->code_bitmap = NULL;
700 }
701 p->code_write_count = 0;
702 }
703
704 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
705
706 static void page_flush_tb_1 (int level, void **lp)
707 {
708 int i;
709
710 if (*lp == NULL) {
711 return;
712 }
713 if (level == 0) {
714 PageDesc *pd = *lp;
715 for (i = 0; i < L2_SIZE; ++i) {
716 pd[i].first_tb = NULL;
717 invalidate_page_bitmap(pd + i);
718 }
719 } else {
720 void **pp = *lp;
721 for (i = 0; i < L2_SIZE; ++i) {
722 page_flush_tb_1 (level - 1, pp + i);
723 }
724 }
725 }
726
727 static void page_flush_tb(void)
728 {
729 int i;
730 for (i = 0; i < V_L1_SIZE; i++) {
731 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
732 }
733 }
734
735 /* flush all the translation blocks */
736 /* XXX: tb_flush is currently not thread safe */
737 void tb_flush(CPUState *env1)
738 {
739 CPUState *env;
740 #if defined(DEBUG_FLUSH)
741 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
742 (unsigned long)(code_gen_ptr - code_gen_buffer),
743 nb_tbs, nb_tbs > 0 ?
744 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
745 #endif
746 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
747 cpu_abort(env1, "Internal error: code buffer overflow\n");
748
749 nb_tbs = 0;
750
751 for(env = first_cpu; env != NULL; env = env->next_cpu) {
752 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
753 }
754
755 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
756 page_flush_tb();
757
758 code_gen_ptr = code_gen_buffer;
759 /* XXX: flush processor icache at this point if cache flush is
760 expensive */
761 tb_flush_count++;
762 }
763
764 #ifdef DEBUG_TB_CHECK
765
766 static void tb_invalidate_check(target_ulong address)
767 {
768 TranslationBlock *tb;
769 int i;
770 address &= TARGET_PAGE_MASK;
771 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
772 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
773 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
774 address >= tb->pc + tb->size)) {
775 printf("ERROR invalidate: address=" TARGET_FMT_lx
776 " PC=%08lx size=%04x\n",
777 address, (long)tb->pc, tb->size);
778 }
779 }
780 }
781 }
782
783 /* verify that all the pages have correct rights for code */
784 static void tb_page_check(void)
785 {
786 TranslationBlock *tb;
787 int i, flags1, flags2;
788
789 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
790 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
791 flags1 = page_get_flags(tb->pc);
792 flags2 = page_get_flags(tb->pc + tb->size - 1);
793 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
794 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
795 (long)tb->pc, tb->size, flags1, flags2);
796 }
797 }
798 }
799 }
800
801 #endif
802
803 /* invalidate one TB */
804 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
805 int next_offset)
806 {
807 TranslationBlock *tb1;
808 for(;;) {
809 tb1 = *ptb;
810 if (tb1 == tb) {
811 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
812 break;
813 }
814 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
815 }
816 }
817
818 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
819 {
820 TranslationBlock *tb1;
821 unsigned int n1;
822
823 for(;;) {
824 tb1 = *ptb;
825 n1 = (long)tb1 & 3;
826 tb1 = (TranslationBlock *)((long)tb1 & ~3);
827 if (tb1 == tb) {
828 *ptb = tb1->page_next[n1];
829 break;
830 }
831 ptb = &tb1->page_next[n1];
832 }
833 }
834
835 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
836 {
837 TranslationBlock *tb1, **ptb;
838 unsigned int n1;
839
840 ptb = &tb->jmp_next[n];
841 tb1 = *ptb;
842 if (tb1) {
843 /* find tb(n) in circular list */
844 for(;;) {
845 tb1 = *ptb;
846 n1 = (long)tb1 & 3;
847 tb1 = (TranslationBlock *)((long)tb1 & ~3);
848 if (n1 == n && tb1 == tb)
849 break;
850 if (n1 == 2) {
851 ptb = &tb1->jmp_first;
852 } else {
853 ptb = &tb1->jmp_next[n1];
854 }
855 }
856 /* now we can suppress tb(n) from the list */
857 *ptb = tb->jmp_next[n];
858
859 tb->jmp_next[n] = NULL;
860 }
861 }
862
863 /* reset the jump entry 'n' of a TB so that it is not chained to
864 another TB */
865 static inline void tb_reset_jump(TranslationBlock *tb, int n)
866 {
867 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
868 }
869
870 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
871 {
872 CPUState *env;
873 PageDesc *p;
874 unsigned int h, n1;
875 tb_page_addr_t phys_pc;
876 TranslationBlock *tb1, *tb2;
877
878 /* remove the TB from the hash list */
879 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
880 h = tb_phys_hash_func(phys_pc);
881 tb_remove(&tb_phys_hash[h], tb,
882 offsetof(TranslationBlock, phys_hash_next));
883
884 /* remove the TB from the page list */
885 if (tb->page_addr[0] != page_addr) {
886 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
887 tb_page_remove(&p->first_tb, tb);
888 invalidate_page_bitmap(p);
889 }
890 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
891 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
892 tb_page_remove(&p->first_tb, tb);
893 invalidate_page_bitmap(p);
894 }
895
896 tb_invalidated_flag = 1;
897
898 /* remove the TB from the hash list */
899 h = tb_jmp_cache_hash_func(tb->pc);
900 for(env = first_cpu; env != NULL; env = env->next_cpu) {
901 if (env->tb_jmp_cache[h] == tb)
902 env->tb_jmp_cache[h] = NULL;
903 }
904
905 /* suppress this TB from the two jump lists */
906 tb_jmp_remove(tb, 0);
907 tb_jmp_remove(tb, 1);
908
909 /* suppress any remaining jumps to this TB */
910 tb1 = tb->jmp_first;
911 for(;;) {
912 n1 = (long)tb1 & 3;
913 if (n1 == 2)
914 break;
915 tb1 = (TranslationBlock *)((long)tb1 & ~3);
916 tb2 = tb1->jmp_next[n1];
917 tb_reset_jump(tb1, n1);
918 tb1->jmp_next[n1] = NULL;
919 tb1 = tb2;
920 }
921 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
922
923 tb_phys_invalidate_count++;
924 }
925
926 static inline void set_bits(uint8_t *tab, int start, int len)
927 {
928 int end, mask, end1;
929
930 end = start + len;
931 tab += start >> 3;
932 mask = 0xff << (start & 7);
933 if ((start & ~7) == (end & ~7)) {
934 if (start < end) {
935 mask &= ~(0xff << (end & 7));
936 *tab |= mask;
937 }
938 } else {
939 *tab++ |= mask;
940 start = (start + 8) & ~7;
941 end1 = end & ~7;
942 while (start < end1) {
943 *tab++ = 0xff;
944 start += 8;
945 }
946 if (start < end) {
947 mask = ~(0xff << (end & 7));
948 *tab |= mask;
949 }
950 }
951 }
952
953 static void build_page_bitmap(PageDesc *p)
954 {
955 int n, tb_start, tb_end;
956 TranslationBlock *tb;
957
958 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
959
960 tb = p->first_tb;
961 while (tb != NULL) {
962 n = (long)tb & 3;
963 tb = (TranslationBlock *)((long)tb & ~3);
964 /* NOTE: this is subtle as a TB may span two physical pages */
965 if (n == 0) {
966 /* NOTE: tb_end may be after the end of the page, but
967 it is not a problem */
968 tb_start = tb->pc & ~TARGET_PAGE_MASK;
969 tb_end = tb_start + tb->size;
970 if (tb_end > TARGET_PAGE_SIZE)
971 tb_end = TARGET_PAGE_SIZE;
972 } else {
973 tb_start = 0;
974 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
975 }
976 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
977 tb = tb->page_next[n];
978 }
979 }
980
981 TranslationBlock *tb_gen_code(CPUState *env,
982 target_ulong pc, target_ulong cs_base,
983 int flags, int cflags)
984 {
985 TranslationBlock *tb;
986 uint8_t *tc_ptr;
987 tb_page_addr_t phys_pc, phys_page2;
988 target_ulong virt_page2;
989 int code_gen_size;
990
991 phys_pc = get_page_addr_code(env, pc);
992 tb = tb_alloc(pc);
993 if (!tb) {
994 /* flush must be done */
995 tb_flush(env);
996 /* cannot fail at this point */
997 tb = tb_alloc(pc);
998 /* Don't forget to invalidate previous TB info. */
999 tb_invalidated_flag = 1;
1000 }
1001 tc_ptr = code_gen_ptr;
1002 tb->tc_ptr = tc_ptr;
1003 tb->cs_base = cs_base;
1004 tb->flags = flags;
1005 tb->cflags = cflags;
1006 cpu_gen_code(env, tb, &code_gen_size);
1007 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
1008
1009 /* check next page if needed */
1010 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
1011 phys_page2 = -1;
1012 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
1013 phys_page2 = get_page_addr_code(env, virt_page2);
1014 }
1015 tb_link_page(tb, phys_pc, phys_page2);
1016 return tb;
1017 }
1018
1019 /* invalidate all TBs which intersect with the target physical page
1020 starting in range [start;end[. NOTE: start and end must refer to
1021 the same physical page. 'is_cpu_write_access' should be true if called
1022 from a real cpu write access: the virtual CPU will exit the current
1023 TB if code is modified inside this TB. */
1024 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
1025 int is_cpu_write_access)
1026 {
1027 TranslationBlock *tb, *tb_next, *saved_tb;
1028 CPUState *env = cpu_single_env;
1029 tb_page_addr_t tb_start, tb_end;
1030 PageDesc *p;
1031 int n;
1032 #ifdef TARGET_HAS_PRECISE_SMC
1033 int current_tb_not_found = is_cpu_write_access;
1034 TranslationBlock *current_tb = NULL;
1035 int current_tb_modified = 0;
1036 target_ulong current_pc = 0;
1037 target_ulong current_cs_base = 0;
1038 int current_flags = 0;
1039 #endif /* TARGET_HAS_PRECISE_SMC */
1040
1041 p = page_find(start >> TARGET_PAGE_BITS);
1042 if (!p)
1043 return;
1044 if (!p->code_bitmap &&
1045 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1046 is_cpu_write_access) {
1047 /* build code bitmap */
1048 build_page_bitmap(p);
1049 }
1050
1051 /* we remove all the TBs in the range [start, end[ */
1052 /* XXX: see if in some cases it could be faster to invalidate all the code */
1053 tb = p->first_tb;
1054 while (tb != NULL) {
1055 n = (long)tb & 3;
1056 tb = (TranslationBlock *)((long)tb & ~3);
1057 tb_next = tb->page_next[n];
1058 /* NOTE: this is subtle as a TB may span two physical pages */
1059 if (n == 0) {
1060 /* NOTE: tb_end may be after the end of the page, but
1061 it is not a problem */
1062 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1063 tb_end = tb_start + tb->size;
1064 } else {
1065 tb_start = tb->page_addr[1];
1066 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1067 }
1068 if (!(tb_end <= start || tb_start >= end)) {
1069 #ifdef TARGET_HAS_PRECISE_SMC
1070 if (current_tb_not_found) {
1071 current_tb_not_found = 0;
1072 current_tb = NULL;
1073 if (env->mem_io_pc) {
1074 /* now we have a real cpu fault */
1075 current_tb = tb_find_pc(env->mem_io_pc);
1076 }
1077 }
1078 if (current_tb == tb &&
1079 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1080 /* If we are modifying the current TB, we must stop
1081 its execution. We could be more precise by checking
1082 that the modification is after the current PC, but it
1083 would require a specialized function to partially
1084 restore the CPU state */
1085
1086 current_tb_modified = 1;
1087 cpu_restore_state(current_tb, env, env->mem_io_pc);
1088 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1089 &current_flags);
1090 }
1091 #endif /* TARGET_HAS_PRECISE_SMC */
1092 /* we need to do that to handle the case where a signal
1093 occurs while doing tb_phys_invalidate() */
1094 saved_tb = NULL;
1095 if (env) {
1096 saved_tb = env->current_tb;
1097 env->current_tb = NULL;
1098 }
1099 tb_phys_invalidate(tb, -1);
1100 if (env) {
1101 env->current_tb = saved_tb;
1102 if (env->interrupt_request && env->current_tb)
1103 cpu_interrupt(env, env->interrupt_request);
1104 }
1105 }
1106 tb = tb_next;
1107 }
1108 #if !defined(CONFIG_USER_ONLY)
1109 /* if no code remaining, no need to continue to use slow writes */
1110 if (!p->first_tb) {
1111 invalidate_page_bitmap(p);
1112 if (is_cpu_write_access) {
1113 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1114 }
1115 }
1116 #endif
1117 #ifdef TARGET_HAS_PRECISE_SMC
1118 if (current_tb_modified) {
1119 /* we generate a block containing just the instruction
1120 modifying the memory. It will ensure that it cannot modify
1121 itself */
1122 env->current_tb = NULL;
1123 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1124 cpu_resume_from_signal(env, NULL);
1125 }
1126 #endif
1127 }
1128
1129 /* len must be <= 8 and start must be a multiple of len */
1130 static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1131 {
1132 PageDesc *p;
1133 int offset, b;
1134 #if 0
1135 if (1) {
1136 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1137 cpu_single_env->mem_io_vaddr, len,
1138 cpu_single_env->eip,
1139 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
1140 }
1141 #endif
1142 p = page_find(start >> TARGET_PAGE_BITS);
1143 if (!p)
1144 return;
1145 if (p->code_bitmap) {
1146 offset = start & ~TARGET_PAGE_MASK;
1147 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1148 if (b & ((1 << len) - 1))
1149 goto do_invalidate;
1150 } else {
1151 do_invalidate:
1152 tb_invalidate_phys_page_range(start, start + len, 1);
1153 }
1154 }
1155
1156 #if !defined(CONFIG_SOFTMMU)
1157 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1158 unsigned long pc, void *puc)
1159 {
1160 TranslationBlock *tb;
1161 PageDesc *p;
1162 int n;
1163 #ifdef TARGET_HAS_PRECISE_SMC
1164 TranslationBlock *current_tb = NULL;
1165 CPUState *env = cpu_single_env;
1166 int current_tb_modified = 0;
1167 target_ulong current_pc = 0;
1168 target_ulong current_cs_base = 0;
1169 int current_flags = 0;
1170 #endif
1171
1172 addr &= TARGET_PAGE_MASK;
1173 p = page_find(addr >> TARGET_PAGE_BITS);
1174 if (!p)
1175 return;
1176 tb = p->first_tb;
1177 #ifdef TARGET_HAS_PRECISE_SMC
1178 if (tb && pc != 0) {
1179 current_tb = tb_find_pc(pc);
1180 }
1181 #endif
1182 while (tb != NULL) {
1183 n = (long)tb & 3;
1184 tb = (TranslationBlock *)((long)tb & ~3);
1185 #ifdef TARGET_HAS_PRECISE_SMC
1186 if (current_tb == tb &&
1187 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1188 /* If we are modifying the current TB, we must stop
1189 its execution. We could be more precise by checking
1190 that the modification is after the current PC, but it
1191 would require a specialized function to partially
1192 restore the CPU state */
1193
1194 current_tb_modified = 1;
1195 cpu_restore_state(current_tb, env, pc);
1196 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1197 &current_flags);
1198 }
1199 #endif /* TARGET_HAS_PRECISE_SMC */
1200 tb_phys_invalidate(tb, addr);
1201 tb = tb->page_next[n];
1202 }
1203 p->first_tb = NULL;
1204 #ifdef TARGET_HAS_PRECISE_SMC
1205 if (current_tb_modified) {
1206 /* we generate a block containing just the instruction
1207 modifying the memory. It will ensure that it cannot modify
1208 itself */
1209 env->current_tb = NULL;
1210 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1211 cpu_resume_from_signal(env, puc);
1212 }
1213 #endif
1214 }
1215 #endif
1216
1217 /* add the tb in the target page and protect it if necessary */
1218 static inline void tb_alloc_page(TranslationBlock *tb,
1219 unsigned int n, tb_page_addr_t page_addr)
1220 {
1221 PageDesc *p;
1222 #ifndef CONFIG_USER_ONLY
1223 bool page_already_protected;
1224 #endif
1225
1226 tb->page_addr[n] = page_addr;
1227 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1228 tb->page_next[n] = p->first_tb;
1229 #ifndef CONFIG_USER_ONLY
1230 page_already_protected = p->first_tb != NULL;
1231 #endif
1232 p->first_tb = (TranslationBlock *)((long)tb | n);
1233 invalidate_page_bitmap(p);
1234
1235 #if defined(TARGET_HAS_SMC) || 1
1236
1237 #if defined(CONFIG_USER_ONLY)
1238 if (p->flags & PAGE_WRITE) {
1239 target_ulong addr;
1240 PageDesc *p2;
1241 int prot;
1242
1243 /* force the host page as non writable (writes will have a
1244 page fault + mprotect overhead) */
1245 page_addr &= qemu_host_page_mask;
1246 prot = 0;
1247 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1248 addr += TARGET_PAGE_SIZE) {
1249
1250 p2 = page_find (addr >> TARGET_PAGE_BITS);
1251 if (!p2)
1252 continue;
1253 prot |= p2->flags;
1254 p2->flags &= ~PAGE_WRITE;
1255 }
1256 mprotect(g2h(page_addr), qemu_host_page_size,
1257 (prot & PAGE_BITS) & ~PAGE_WRITE);
1258 #ifdef DEBUG_TB_INVALIDATE
1259 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1260 page_addr);
1261 #endif
1262 }
1263 #else
1264 /* if some code is already present, then the pages are already
1265 protected. So we handle the case where only the first TB is
1266 allocated in a physical page */
1267 if (!page_already_protected) {
1268 tlb_protect_code(page_addr);
1269 }
1270 #endif
1271
1272 #endif /* TARGET_HAS_SMC */
1273 }
1274
1275 /* add a new TB and link it to the physical page tables. phys_page2 is
1276 (-1) to indicate that only one page contains the TB. */
1277 void tb_link_page(TranslationBlock *tb,
1278 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
1279 {
1280 unsigned int h;
1281 TranslationBlock **ptb;
1282
1283 /* Grab the mmap lock to stop another thread invalidating this TB
1284 before we are done. */
1285 mmap_lock();
1286 /* add in the physical hash table */
1287 h = tb_phys_hash_func(phys_pc);
1288 ptb = &tb_phys_hash[h];
1289 tb->phys_hash_next = *ptb;
1290 *ptb = tb;
1291
1292 /* add in the page list */
1293 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1294 if (phys_page2 != -1)
1295 tb_alloc_page(tb, 1, phys_page2);
1296 else
1297 tb->page_addr[1] = -1;
1298
1299 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1300 tb->jmp_next[0] = NULL;
1301 tb->jmp_next[1] = NULL;
1302
1303 /* init original jump addresses */
1304 if (tb->tb_next_offset[0] != 0xffff)
1305 tb_reset_jump(tb, 0);
1306 if (tb->tb_next_offset[1] != 0xffff)
1307 tb_reset_jump(tb, 1);
1308
1309 #ifdef DEBUG_TB_CHECK
1310 tb_page_check();
1311 #endif
1312 mmap_unlock();
1313 }
1314
1315 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1316 tb[1].tc_ptr. Return NULL if not found */
1317 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1318 {
1319 int m_min, m_max, m;
1320 unsigned long v;
1321 TranslationBlock *tb;
1322
1323 if (nb_tbs <= 0)
1324 return NULL;
1325 if (tc_ptr < (unsigned long)code_gen_buffer ||
1326 tc_ptr >= (unsigned long)code_gen_ptr)
1327 return NULL;
1328 /* binary search (cf Knuth) */
1329 m_min = 0;
1330 m_max = nb_tbs - 1;
1331 while (m_min <= m_max) {
1332 m = (m_min + m_max) >> 1;
1333 tb = &tbs[m];
1334 v = (unsigned long)tb->tc_ptr;
1335 if (v == tc_ptr)
1336 return tb;
1337 else if (tc_ptr < v) {
1338 m_max = m - 1;
1339 } else {
1340 m_min = m + 1;
1341 }
1342 }
1343 return &tbs[m_max];
1344 }
1345
1346 static void tb_reset_jump_recursive(TranslationBlock *tb);
1347
1348 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1349 {
1350 TranslationBlock *tb1, *tb_next, **ptb;
1351 unsigned int n1;
1352
1353 tb1 = tb->jmp_next[n];
1354 if (tb1 != NULL) {
1355 /* find head of list */
1356 for(;;) {
1357 n1 = (long)tb1 & 3;
1358 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1359 if (n1 == 2)
1360 break;
1361 tb1 = tb1->jmp_next[n1];
1362 }
1363 /* we are now sure now that tb jumps to tb1 */
1364 tb_next = tb1;
1365
1366 /* remove tb from the jmp_first list */
1367 ptb = &tb_next->jmp_first;
1368 for(;;) {
1369 tb1 = *ptb;
1370 n1 = (long)tb1 & 3;
1371 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1372 if (n1 == n && tb1 == tb)
1373 break;
1374 ptb = &tb1->jmp_next[n1];
1375 }
1376 *ptb = tb->jmp_next[n];
1377 tb->jmp_next[n] = NULL;
1378
1379 /* suppress the jump to next tb in generated code */
1380 tb_reset_jump(tb, n);
1381
1382 /* suppress jumps in the tb on which we could have jumped */
1383 tb_reset_jump_recursive(tb_next);
1384 }
1385 }
1386
1387 static void tb_reset_jump_recursive(TranslationBlock *tb)
1388 {
1389 tb_reset_jump_recursive2(tb, 0);
1390 tb_reset_jump_recursive2(tb, 1);
1391 }
1392
1393 #if defined(TARGET_HAS_ICE)
1394 #if defined(CONFIG_USER_ONLY)
1395 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1396 {
1397 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1398 }
1399 #else
1400 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1401 {
1402 target_phys_addr_t addr;
1403 target_ulong pd;
1404 ram_addr_t ram_addr;
1405 PhysPageDesc *p;
1406
1407 addr = cpu_get_phys_page_debug(env, pc);
1408 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1409 if (!p) {
1410 pd = IO_MEM_UNASSIGNED;
1411 } else {
1412 pd = p->phys_offset;
1413 }
1414 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1415 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1416 }
1417 #endif
1418 #endif /* TARGET_HAS_ICE */
1419
1420 #if defined(CONFIG_USER_ONLY)
1421 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1422
1423 {
1424 }
1425
1426 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1427 int flags, CPUWatchpoint **watchpoint)
1428 {
1429 return -ENOSYS;
1430 }
1431 #else
1432 /* Add a watchpoint. */
1433 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1434 int flags, CPUWatchpoint **watchpoint)
1435 {
1436 target_ulong len_mask = ~(len - 1);
1437 CPUWatchpoint *wp;
1438
1439 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1440 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1441 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1442 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1443 return -EINVAL;
1444 }
1445 wp = g_malloc(sizeof(*wp));
1446
1447 wp->vaddr = addr;
1448 wp->len_mask = len_mask;
1449 wp->flags = flags;
1450
1451 /* keep all GDB-injected watchpoints in front */
1452 if (flags & BP_GDB)
1453 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1454 else
1455 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1456
1457 tlb_flush_page(env, addr);
1458
1459 if (watchpoint)
1460 *watchpoint = wp;
1461 return 0;
1462 }
1463
1464 /* Remove a specific watchpoint. */
1465 int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1466 int flags)
1467 {
1468 target_ulong len_mask = ~(len - 1);
1469 CPUWatchpoint *wp;
1470
1471 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1472 if (addr == wp->vaddr && len_mask == wp->len_mask
1473 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1474 cpu_watchpoint_remove_by_ref(env, wp);
1475 return 0;
1476 }
1477 }
1478 return -ENOENT;
1479 }
1480
1481 /* Remove a specific watchpoint by reference. */
1482 void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1483 {
1484 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1485
1486 tlb_flush_page(env, watchpoint->vaddr);
1487
1488 g_free(watchpoint);
1489 }
1490
1491 /* Remove all matching watchpoints. */
1492 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1493 {
1494 CPUWatchpoint *wp, *next;
1495
1496 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1497 if (wp->flags & mask)
1498 cpu_watchpoint_remove_by_ref(env, wp);
1499 }
1500 }
1501 #endif
1502
1503 /* Add a breakpoint. */
1504 int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1505 CPUBreakpoint **breakpoint)
1506 {
1507 #if defined(TARGET_HAS_ICE)
1508 CPUBreakpoint *bp;
1509
1510 bp = g_malloc(sizeof(*bp));
1511
1512 bp->pc = pc;
1513 bp->flags = flags;
1514
1515 /* keep all GDB-injected breakpoints in front */
1516 if (flags & BP_GDB)
1517 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1518 else
1519 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1520
1521 breakpoint_invalidate(env, pc);
1522
1523 if (breakpoint)
1524 *breakpoint = bp;
1525 return 0;
1526 #else
1527 return -ENOSYS;
1528 #endif
1529 }
1530
1531 /* Remove a specific breakpoint. */
1532 int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1533 {
1534 #if defined(TARGET_HAS_ICE)
1535 CPUBreakpoint *bp;
1536
1537 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1538 if (bp->pc == pc && bp->flags == flags) {
1539 cpu_breakpoint_remove_by_ref(env, bp);
1540 return 0;
1541 }
1542 }
1543 return -ENOENT;
1544 #else
1545 return -ENOSYS;
1546 #endif
1547 }
1548
1549 /* Remove a specific breakpoint by reference. */
1550 void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
1551 {
1552 #if defined(TARGET_HAS_ICE)
1553 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1554
1555 breakpoint_invalidate(env, breakpoint->pc);
1556
1557 g_free(breakpoint);
1558 #endif
1559 }
1560
1561 /* Remove all matching breakpoints. */
1562 void cpu_breakpoint_remove_all(CPUState *env, int mask)
1563 {
1564 #if defined(TARGET_HAS_ICE)
1565 CPUBreakpoint *bp, *next;
1566
1567 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1568 if (bp->flags & mask)
1569 cpu_breakpoint_remove_by_ref(env, bp);
1570 }
1571 #endif
1572 }
1573
1574 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1575 CPU loop after each instruction */
1576 void cpu_single_step(CPUState *env, int enabled)
1577 {
1578 #if defined(TARGET_HAS_ICE)
1579 if (env->singlestep_enabled != enabled) {
1580 env->singlestep_enabled = enabled;
1581 if (kvm_enabled())
1582 kvm_update_guest_debug(env, 0);
1583 else {
1584 /* must flush all the translated code to avoid inconsistencies */
1585 /* XXX: only flush what is necessary */
1586 tb_flush(env);
1587 }
1588 }
1589 #endif
1590 }
1591
1592 /* enable or disable low levels log */
1593 void cpu_set_log(int log_flags)
1594 {
1595 loglevel = log_flags;
1596 if (loglevel && !logfile) {
1597 logfile = fopen(logfilename, log_append ? "a" : "w");
1598 if (!logfile) {
1599 perror(logfilename);
1600 _exit(1);
1601 }
1602 #if !defined(CONFIG_SOFTMMU)
1603 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1604 {
1605 static char logfile_buf[4096];
1606 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1607 }
1608 #elif defined(_WIN32)
1609 /* Win32 doesn't support line-buffering, so use unbuffered output. */
1610 setvbuf(logfile, NULL, _IONBF, 0);
1611 #else
1612 setvbuf(logfile, NULL, _IOLBF, 0);
1613 #endif
1614 log_append = 1;
1615 }
1616 if (!loglevel && logfile) {
1617 fclose(logfile);
1618 logfile = NULL;
1619 }
1620 }
1621
1622 void cpu_set_log_filename(const char *filename)
1623 {
1624 logfilename = strdup(filename);
1625 if (logfile) {
1626 fclose(logfile);
1627 logfile = NULL;
1628 }
1629 cpu_set_log(loglevel);
1630 }
1631
1632 static void cpu_unlink_tb(CPUState *env)
1633 {
1634 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1635 problem and hope the cpu will stop of its own accord. For userspace
1636 emulation this often isn't actually as bad as it sounds. Often
1637 signals are used primarily to interrupt blocking syscalls. */
1638 TranslationBlock *tb;
1639 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1640
1641 spin_lock(&interrupt_lock);
1642 tb = env->current_tb;
1643 /* if the cpu is currently executing code, we must unlink it and
1644 all the potentially executing TB */
1645 if (tb) {
1646 env->current_tb = NULL;
1647 tb_reset_jump_recursive(tb);
1648 }
1649 spin_unlock(&interrupt_lock);
1650 }
1651
1652 #ifndef CONFIG_USER_ONLY
1653 /* mask must never be zero, except for A20 change call */
1654 static void tcg_handle_interrupt(CPUState *env, int mask)
1655 {
1656 int old_mask;
1657
1658 old_mask = env->interrupt_request;
1659 env->interrupt_request |= mask;
1660
1661 /*
1662 * If called from iothread context, wake the target cpu in
1663 * case its halted.
1664 */
1665 if (!qemu_cpu_is_self(env)) {
1666 qemu_cpu_kick(env);
1667 return;
1668 }
1669
1670 if (use_icount) {
1671 env->icount_decr.u16.high = 0xffff;
1672 if (!can_do_io(env)
1673 && (mask & ~old_mask) != 0) {
1674 cpu_abort(env, "Raised interrupt while not in I/O function");
1675 }
1676 } else {
1677 cpu_unlink_tb(env);
1678 }
1679 }
1680
1681 CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1682
1683 #else /* CONFIG_USER_ONLY */
1684
1685 void cpu_interrupt(CPUState *env, int mask)
1686 {
1687 env->interrupt_request |= mask;
1688 cpu_unlink_tb(env);
1689 }
1690 #endif /* CONFIG_USER_ONLY */
1691
1692 void cpu_reset_interrupt(CPUState *env, int mask)
1693 {
1694 env->interrupt_request &= ~mask;
1695 }
1696
1697 void cpu_exit(CPUState *env)
1698 {
1699 env->exit_request = 1;
1700 cpu_unlink_tb(env);
1701 }
1702
1703 const CPULogItem cpu_log_items[] = {
1704 { CPU_LOG_TB_OUT_ASM, "out_asm",
1705 "show generated host assembly code for each compiled TB" },
1706 { CPU_LOG_TB_IN_ASM, "in_asm",
1707 "show target assembly code for each compiled TB" },
1708 { CPU_LOG_TB_OP, "op",
1709 "show micro ops for each compiled TB" },
1710 { CPU_LOG_TB_OP_OPT, "op_opt",
1711 "show micro ops "
1712 #ifdef TARGET_I386
1713 "before eflags optimization and "
1714 #endif
1715 "after liveness analysis" },
1716 { CPU_LOG_INT, "int",
1717 "show interrupts/exceptions in short format" },
1718 { CPU_LOG_EXEC, "exec",
1719 "show trace before each executed TB (lots of logs)" },
1720 { CPU_LOG_TB_CPU, "cpu",
1721 "show CPU state before block translation" },
1722 #ifdef TARGET_I386
1723 { CPU_LOG_PCALL, "pcall",
1724 "show protected mode far calls/returns/exceptions" },
1725 { CPU_LOG_RESET, "cpu_reset",
1726 "show CPU state before CPU resets" },
1727 #endif
1728 #ifdef DEBUG_IOPORT
1729 { CPU_LOG_IOPORT, "ioport",
1730 "show all i/o ports accesses" },
1731 #endif
1732 { 0, NULL, NULL },
1733 };
1734
1735 static int cmp1(const char *s1, int n, const char *s2)
1736 {
1737 if (strlen(s2) != n)
1738 return 0;
1739 return memcmp(s1, s2, n) == 0;
1740 }
1741
1742 /* takes a comma separated list of log masks. Return 0 if error. */
1743 int cpu_str_to_log_mask(const char *str)
1744 {
1745 const CPULogItem *item;
1746 int mask;
1747 const char *p, *p1;
1748
1749 p = str;
1750 mask = 0;
1751 for(;;) {
1752 p1 = strchr(p, ',');
1753 if (!p1)
1754 p1 = p + strlen(p);
1755 if(cmp1(p,p1-p,"all")) {
1756 for(item = cpu_log_items; item->mask != 0; item++) {
1757 mask |= item->mask;
1758 }
1759 } else {
1760 for(item = cpu_log_items; item->mask != 0; item++) {
1761 if (cmp1(p, p1 - p, item->name))
1762 goto found;
1763 }
1764 return 0;
1765 }
1766 found:
1767 mask |= item->mask;
1768 if (*p1 != ',')
1769 break;
1770 p = p1 + 1;
1771 }
1772 return mask;
1773 }
1774
1775 void cpu_abort(CPUState *env, const char *fmt, ...)
1776 {
1777 va_list ap;
1778 va_list ap2;
1779
1780 va_start(ap, fmt);
1781 va_copy(ap2, ap);
1782 fprintf(stderr, "qemu: fatal: ");
1783 vfprintf(stderr, fmt, ap);
1784 fprintf(stderr, "\n");
1785 #ifdef TARGET_I386
1786 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1787 #else
1788 cpu_dump_state(env, stderr, fprintf, 0);
1789 #endif
1790 if (qemu_log_enabled()) {
1791 qemu_log("qemu: fatal: ");
1792 qemu_log_vprintf(fmt, ap2);
1793 qemu_log("\n");
1794 #ifdef TARGET_I386
1795 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
1796 #else
1797 log_cpu_state(env, 0);
1798 #endif
1799 qemu_log_flush();
1800 qemu_log_close();
1801 }
1802 va_end(ap2);
1803 va_end(ap);
1804 #if defined(CONFIG_USER_ONLY)
1805 {
1806 struct sigaction act;
1807 sigfillset(&act.sa_mask);
1808 act.sa_handler = SIG_DFL;
1809 sigaction(SIGABRT, &act, NULL);
1810 }
1811 #endif
1812 abort();
1813 }
1814
1815 CPUState *cpu_copy(CPUState *env)
1816 {
1817 CPUState *new_env = cpu_init(env->cpu_model_str);
1818 CPUState *next_cpu = new_env->next_cpu;
1819 int cpu_index = new_env->cpu_index;
1820 #if defined(TARGET_HAS_ICE)
1821 CPUBreakpoint *bp;
1822 CPUWatchpoint *wp;
1823 #endif
1824
1825 memcpy(new_env, env, sizeof(CPUState));
1826
1827 /* Preserve chaining and index. */
1828 new_env->next_cpu = next_cpu;
1829 new_env->cpu_index = cpu_index;
1830
1831 /* Clone all break/watchpoints.
1832 Note: Once we support ptrace with hw-debug register access, make sure
1833 BP_CPU break/watchpoints are handled correctly on clone. */
1834 QTAILQ_INIT(&env->breakpoints);
1835 QTAILQ_INIT(&env->watchpoints);
1836 #if defined(TARGET_HAS_ICE)
1837 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1838 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1839 }
1840 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1841 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1842 wp->flags, NULL);
1843 }
1844 #endif
1845
1846 return new_env;
1847 }
1848
1849 #if !defined(CONFIG_USER_ONLY)
1850
1851 static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1852 {
1853 unsigned int i;
1854
1855 /* Discard jump cache entries for any tb which might potentially
1856 overlap the flushed page. */
1857 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1858 memset (&env->tb_jmp_cache[i], 0,
1859 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1860
1861 i = tb_jmp_cache_hash_page(addr);
1862 memset (&env->tb_jmp_cache[i], 0,
1863 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1864 }
1865
1866 static CPUTLBEntry s_cputlb_empty_entry = {
1867 .addr_read = -1,
1868 .addr_write = -1,
1869 .addr_code = -1,
1870 .addend = -1,
1871 };
1872
1873 /* NOTE: if flush_global is true, also flush global entries (not
1874 implemented yet) */
1875 void tlb_flush(CPUState *env, int flush_global)
1876 {
1877 int i;
1878
1879 #if defined(DEBUG_TLB)
1880 printf("tlb_flush:\n");
1881 #endif
1882 /* must reset current TB so that interrupts cannot modify the
1883 links while we are modifying them */
1884 env->current_tb = NULL;
1885
1886 for(i = 0; i < CPU_TLB_SIZE; i++) {
1887 int mmu_idx;
1888 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1889 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
1890 }
1891 }
1892
1893 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1894
1895 env->tlb_flush_addr = -1;
1896 env->tlb_flush_mask = 0;
1897 tlb_flush_count++;
1898 }
1899
1900 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1901 {
1902 if (addr == (tlb_entry->addr_read &
1903 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1904 addr == (tlb_entry->addr_write &
1905 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1906 addr == (tlb_entry->addr_code &
1907 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1908 *tlb_entry = s_cputlb_empty_entry;
1909 }
1910 }
1911
1912 void tlb_flush_page(CPUState *env, target_ulong addr)
1913 {
1914 int i;
1915 int mmu_idx;
1916
1917 #if defined(DEBUG_TLB)
1918 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1919 #endif
1920 /* Check if we need to flush due to large pages. */
1921 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
1922 #if defined(DEBUG_TLB)
1923 printf("tlb_flush_page: forced full flush ("
1924 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
1925 env->tlb_flush_addr, env->tlb_flush_mask);
1926 #endif
1927 tlb_flush(env, 1);
1928 return;
1929 }
1930 /* must reset current TB so that interrupts cannot modify the
1931 links while we are modifying them */
1932 env->current_tb = NULL;
1933
1934 addr &= TARGET_PAGE_MASK;
1935 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1936 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
1937 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
1938
1939 tlb_flush_jmp_cache(env, addr);
1940 }
1941
1942 /* update the TLBs so that writes to code in the virtual page 'addr'
1943 can be detected */
1944 static void tlb_protect_code(ram_addr_t ram_addr)
1945 {
1946 cpu_physical_memory_reset_dirty(ram_addr,
1947 ram_addr + TARGET_PAGE_SIZE,
1948 CODE_DIRTY_FLAG);
1949 }
1950
1951 /* update the TLB so that writes in physical page 'phys_addr' are no longer
1952 tested for self modifying code */
1953 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
1954 target_ulong vaddr)
1955 {
1956 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
1957 }
1958
1959 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1960 unsigned long start, unsigned long length)
1961 {
1962 unsigned long addr;
1963 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1964 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1965 if ((addr - start) < length) {
1966 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1967 }
1968 }
1969 }
1970
1971 /* Note: start and end must be within the same ram block. */
1972 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
1973 int dirty_flags)
1974 {
1975 CPUState *env;
1976 unsigned long length, start1;
1977 int i;
1978
1979 start &= TARGET_PAGE_MASK;
1980 end = TARGET_PAGE_ALIGN(end);
1981
1982 length = end - start;
1983 if (length == 0)
1984 return;
1985 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
1986
1987 /* we modify the TLB cache so that the dirty bit will be set again
1988 when accessing the range */
1989 start1 = (unsigned long)qemu_safe_ram_ptr(start);
1990 /* Check that we don't span multiple blocks - this breaks the
1991 address comparisons below. */
1992 if ((unsigned long)qemu_safe_ram_ptr(end - 1) - start1
1993 != (end - 1) - start) {
1994 abort();
1995 }
1996
1997 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1998 int mmu_idx;
1999 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2000 for(i = 0; i < CPU_TLB_SIZE; i++)
2001 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2002 start1, length);
2003 }
2004 }
2005 }
2006
2007 int cpu_physical_memory_set_dirty_tracking(int enable)
2008 {
2009 int ret = 0;
2010 in_migration = enable;
2011 if (enable) {
2012 memory_global_dirty_log_start();
2013 } else {
2014 memory_global_dirty_log_stop();
2015 }
2016 return ret;
2017 }
2018
2019 int cpu_physical_memory_get_dirty_tracking(void)
2020 {
2021 return in_migration;
2022 }
2023
2024 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2025 {
2026 ram_addr_t ram_addr;
2027 void *p;
2028
2029 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
2030 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2031 + tlb_entry->addend);
2032 ram_addr = qemu_ram_addr_from_host_nofail(p);
2033 if (!cpu_physical_memory_is_dirty(ram_addr)) {
2034 tlb_entry->addr_write |= TLB_NOTDIRTY;
2035 }
2036 }
2037 }
2038
2039 /* update the TLB according to the current state of the dirty bits */
2040 void cpu_tlb_update_dirty(CPUState *env)
2041 {
2042 int i;
2043 int mmu_idx;
2044 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2045 for(i = 0; i < CPU_TLB_SIZE; i++)
2046 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2047 }
2048 }
2049
2050 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
2051 {
2052 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2053 tlb_entry->addr_write = vaddr;
2054 }
2055
2056 /* update the TLB corresponding to virtual page vaddr
2057 so that it is no longer dirty */
2058 static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
2059 {
2060 int i;
2061 int mmu_idx;
2062
2063 vaddr &= TARGET_PAGE_MASK;
2064 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2065 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2066 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
2067 }
2068
2069 /* Our TLB does not support large pages, so remember the area covered by
2070 large pages and trigger a full TLB flush if these are invalidated. */
2071 static void tlb_add_large_page(CPUState *env, target_ulong vaddr,
2072 target_ulong size)
2073 {
2074 target_ulong mask = ~(size - 1);
2075
2076 if (env->tlb_flush_addr == (target_ulong)-1) {
2077 env->tlb_flush_addr = vaddr & mask;
2078 env->tlb_flush_mask = mask;
2079 return;
2080 }
2081 /* Extend the existing region to include the new page.
2082 This is a compromise between unnecessary flushes and the cost
2083 of maintaining a full variable size TLB. */
2084 mask &= env->tlb_flush_mask;
2085 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2086 mask <<= 1;
2087 }
2088 env->tlb_flush_addr &= mask;
2089 env->tlb_flush_mask = mask;
2090 }
2091
2092 /* Add a new TLB entry. At most one entry for a given virtual address
2093 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2094 supplied size is only used by tlb_flush_page. */
2095 void tlb_set_page(CPUState *env, target_ulong vaddr,
2096 target_phys_addr_t paddr, int prot,
2097 int mmu_idx, target_ulong size)
2098 {
2099 PhysPageDesc *p;
2100 unsigned long pd;
2101 unsigned int index;
2102 target_ulong address;
2103 target_ulong code_address;
2104 unsigned long addend;
2105 CPUTLBEntry *te;
2106 CPUWatchpoint *wp;
2107 target_phys_addr_t iotlb;
2108
2109 assert(size >= TARGET_PAGE_SIZE);
2110 if (size != TARGET_PAGE_SIZE) {
2111 tlb_add_large_page(env, vaddr, size);
2112 }
2113 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
2114 if (!p) {
2115 pd = IO_MEM_UNASSIGNED;
2116 } else {
2117 pd = p->phys_offset;
2118 }
2119 #if defined(DEBUG_TLB)
2120 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
2121 " prot=%x idx=%d pd=0x%08lx\n",
2122 vaddr, paddr, prot, mmu_idx, pd);
2123 #endif
2124
2125 address = vaddr;
2126 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
2127 /* IO memory case (romd handled later) */
2128 address |= TLB_MMIO;
2129 }
2130 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
2131 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
2132 /* Normal RAM. */
2133 iotlb = pd & TARGET_PAGE_MASK;
2134 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
2135 iotlb |= IO_MEM_NOTDIRTY;
2136 else
2137 iotlb |= IO_MEM_ROM;
2138 } else {
2139 /* IO handlers are currently passed a physical address.
2140 It would be nice to pass an offset from the base address
2141 of that region. This would avoid having to special case RAM,
2142 and avoid full address decoding in every device.
2143 We can't use the high bits of pd for this because
2144 IO_MEM_ROMD uses these as a ram address. */
2145 iotlb = (pd & ~TARGET_PAGE_MASK);
2146 if (p) {
2147 iotlb += p->region_offset;
2148 } else {
2149 iotlb += paddr;
2150 }
2151 }
2152
2153 code_address = address;
2154 /* Make accesses to pages with watchpoints go via the
2155 watchpoint trap routines. */
2156 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2157 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2158 /* Avoid trapping reads of pages with a write breakpoint. */
2159 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
2160 iotlb = io_mem_watch + paddr;
2161 address |= TLB_MMIO;
2162 break;
2163 }
2164 }
2165 }
2166
2167 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2168 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2169 te = &env->tlb_table[mmu_idx][index];
2170 te->addend = addend - vaddr;
2171 if (prot & PAGE_READ) {
2172 te->addr_read = address;
2173 } else {
2174 te->addr_read = -1;
2175 }
2176
2177 if (prot & PAGE_EXEC) {
2178 te->addr_code = code_address;
2179 } else {
2180 te->addr_code = -1;
2181 }
2182 if (prot & PAGE_WRITE) {
2183 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
2184 (pd & IO_MEM_ROMD)) {
2185 /* Write access calls the I/O callback. */
2186 te->addr_write = address | TLB_MMIO;
2187 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
2188 !cpu_physical_memory_is_dirty(pd)) {
2189 te->addr_write = address | TLB_NOTDIRTY;
2190 } else {
2191 te->addr_write = address;
2192 }
2193 } else {
2194 te->addr_write = -1;
2195 }
2196 }
2197
2198 #else
2199
2200 void tlb_flush(CPUState *env, int flush_global)
2201 {
2202 }
2203
2204 void tlb_flush_page(CPUState *env, target_ulong addr)
2205 {
2206 }
2207
2208 /*
2209 * Walks guest process memory "regions" one by one
2210 * and calls callback function 'fn' for each region.
2211 */
2212
2213 struct walk_memory_regions_data
2214 {
2215 walk_memory_regions_fn fn;
2216 void *priv;
2217 unsigned long start;
2218 int prot;
2219 };
2220
2221 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
2222 abi_ulong end, int new_prot)
2223 {
2224 if (data->start != -1ul) {
2225 int rc = data->fn(data->priv, data->start, end, data->prot);
2226 if (rc != 0) {
2227 return rc;
2228 }
2229 }
2230
2231 data->start = (new_prot ? end : -1ul);
2232 data->prot = new_prot;
2233
2234 return 0;
2235 }
2236
2237 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
2238 abi_ulong base, int level, void **lp)
2239 {
2240 abi_ulong pa;
2241 int i, rc;
2242
2243 if (*lp == NULL) {
2244 return walk_memory_regions_end(data, base, 0);
2245 }
2246
2247 if (level == 0) {
2248 PageDesc *pd = *lp;
2249 for (i = 0; i < L2_SIZE; ++i) {
2250 int prot = pd[i].flags;
2251
2252 pa = base | (i << TARGET_PAGE_BITS);
2253 if (prot != data->prot) {
2254 rc = walk_memory_regions_end(data, pa, prot);
2255 if (rc != 0) {
2256 return rc;
2257 }
2258 }
2259 }
2260 } else {
2261 void **pp = *lp;
2262 for (i = 0; i < L2_SIZE; ++i) {
2263 pa = base | ((abi_ulong)i <<
2264 (TARGET_PAGE_BITS + L2_BITS * level));
2265 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2266 if (rc != 0) {
2267 return rc;
2268 }
2269 }
2270 }
2271
2272 return 0;
2273 }
2274
2275 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2276 {
2277 struct walk_memory_regions_data data;
2278 unsigned long i;
2279
2280 data.fn = fn;
2281 data.priv = priv;
2282 data.start = -1ul;
2283 data.prot = 0;
2284
2285 for (i = 0; i < V_L1_SIZE; i++) {
2286 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
2287 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2288 if (rc != 0) {
2289 return rc;
2290 }
2291 }
2292
2293 return walk_memory_regions_end(&data, 0, 0);
2294 }
2295
2296 static int dump_region(void *priv, abi_ulong start,
2297 abi_ulong end, unsigned long prot)
2298 {
2299 FILE *f = (FILE *)priv;
2300
2301 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2302 " "TARGET_ABI_FMT_lx" %c%c%c\n",
2303 start, end, end - start,
2304 ((prot & PAGE_READ) ? 'r' : '-'),
2305 ((prot & PAGE_WRITE) ? 'w' : '-'),
2306 ((prot & PAGE_EXEC) ? 'x' : '-'));
2307
2308 return (0);
2309 }
2310
2311 /* dump memory mappings */
2312 void page_dump(FILE *f)
2313 {
2314 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2315 "start", "end", "size", "prot");
2316 walk_memory_regions(f, dump_region);
2317 }
2318
2319 int page_get_flags(target_ulong address)
2320 {
2321 PageDesc *p;
2322
2323 p = page_find(address >> TARGET_PAGE_BITS);
2324 if (!p)
2325 return 0;
2326 return p->flags;
2327 }
2328
2329 /* Modify the flags of a page and invalidate the code if necessary.
2330 The flag PAGE_WRITE_ORG is positioned automatically depending
2331 on PAGE_WRITE. The mmap_lock should already be held. */
2332 void page_set_flags(target_ulong start, target_ulong end, int flags)
2333 {
2334 target_ulong addr, len;
2335
2336 /* This function should never be called with addresses outside the
2337 guest address space. If this assert fires, it probably indicates
2338 a missing call to h2g_valid. */
2339 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2340 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2341 #endif
2342 assert(start < end);
2343
2344 start = start & TARGET_PAGE_MASK;
2345 end = TARGET_PAGE_ALIGN(end);
2346
2347 if (flags & PAGE_WRITE) {
2348 flags |= PAGE_WRITE_ORG;
2349 }
2350
2351 for (addr = start, len = end - start;
2352 len != 0;
2353 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2354 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2355
2356 /* If the write protection bit is set, then we invalidate
2357 the code inside. */
2358 if (!(p->flags & PAGE_WRITE) &&
2359 (flags & PAGE_WRITE) &&
2360 p->first_tb) {
2361 tb_invalidate_phys_page(addr, 0, NULL);
2362 }
2363 p->flags = flags;
2364 }
2365 }
2366
2367 int page_check_range(target_ulong start, target_ulong len, int flags)
2368 {
2369 PageDesc *p;
2370 target_ulong end;
2371 target_ulong addr;
2372
2373 /* This function should never be called with addresses outside the
2374 guest address space. If this assert fires, it probably indicates
2375 a missing call to h2g_valid. */
2376 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2377 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2378 #endif
2379
2380 if (len == 0) {
2381 return 0;
2382 }
2383 if (start + len - 1 < start) {
2384 /* We've wrapped around. */
2385 return -1;
2386 }
2387
2388 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2389 start = start & TARGET_PAGE_MASK;
2390
2391 for (addr = start, len = end - start;
2392 len != 0;
2393 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2394 p = page_find(addr >> TARGET_PAGE_BITS);
2395 if( !p )
2396 return -1;
2397 if( !(p->flags & PAGE_VALID) )
2398 return -1;
2399
2400 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2401 return -1;
2402 if (flags & PAGE_WRITE) {
2403 if (!(p->flags & PAGE_WRITE_ORG))
2404 return -1;
2405 /* unprotect the page if it was put read-only because it
2406 contains translated code */
2407 if (!(p->flags & PAGE_WRITE)) {
2408 if (!page_unprotect(addr, 0, NULL))
2409 return -1;
2410 }
2411 return 0;
2412 }
2413 }
2414 return 0;
2415 }
2416
2417 /* called from signal handler: invalidate the code and unprotect the
2418 page. Return TRUE if the fault was successfully handled. */
2419 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2420 {
2421 unsigned int prot;
2422 PageDesc *p;
2423 target_ulong host_start, host_end, addr;
2424
2425 /* Technically this isn't safe inside a signal handler. However we
2426 know this only ever happens in a synchronous SEGV handler, so in
2427 practice it seems to be ok. */
2428 mmap_lock();
2429
2430 p = page_find(address >> TARGET_PAGE_BITS);
2431 if (!p) {
2432 mmap_unlock();
2433 return 0;
2434 }
2435
2436 /* if the page was really writable, then we change its
2437 protection back to writable */
2438 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2439 host_start = address & qemu_host_page_mask;
2440 host_end = host_start + qemu_host_page_size;
2441
2442 prot = 0;
2443 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2444 p = page_find(addr >> TARGET_PAGE_BITS);
2445 p->flags |= PAGE_WRITE;
2446 prot |= p->flags;
2447
2448 /* and since the content will be modified, we must invalidate
2449 the corresponding translated code. */
2450 tb_invalidate_phys_page(addr, pc, puc);
2451 #ifdef DEBUG_TB_CHECK
2452 tb_invalidate_check(addr);
2453 #endif
2454 }
2455 mprotect((void *)g2h(host_start), qemu_host_page_size,
2456 prot & PAGE_BITS);
2457
2458 mmap_unlock();
2459 return 1;
2460 }
2461 mmap_unlock();
2462 return 0;
2463 }
2464
2465 static inline void tlb_set_dirty(CPUState *env,
2466 unsigned long addr, target_ulong vaddr)
2467 {
2468 }
2469 #endif /* defined(CONFIG_USER_ONLY) */
2470
2471 #if !defined(CONFIG_USER_ONLY)
2472
2473 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2474 typedef struct subpage_t {
2475 target_phys_addr_t base;
2476 ram_addr_t sub_io_index[TARGET_PAGE_SIZE];
2477 ram_addr_t region_offset[TARGET_PAGE_SIZE];
2478 } subpage_t;
2479
2480 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2481 ram_addr_t memory, ram_addr_t region_offset);
2482 static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2483 ram_addr_t orig_memory,
2484 ram_addr_t region_offset);
2485 #define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2486 need_subpage) \
2487 do { \
2488 if (addr > start_addr) \
2489 start_addr2 = 0; \
2490 else { \
2491 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2492 if (start_addr2 > 0) \
2493 need_subpage = 1; \
2494 } \
2495 \
2496 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2497 end_addr2 = TARGET_PAGE_SIZE - 1; \
2498 else { \
2499 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2500 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2501 need_subpage = 1; \
2502 } \
2503 } while (0)
2504
2505 /* register physical memory.
2506 For RAM, 'size' must be a multiple of the target page size.
2507 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2508 io memory page. The address used when calling the IO function is
2509 the offset from the start of the region, plus region_offset. Both
2510 start_addr and region_offset are rounded down to a page boundary
2511 before calculating this offset. This should not be a problem unless
2512 the low bits of start_addr and region_offset differ. */
2513 void cpu_register_physical_memory_log(target_phys_addr_t start_addr,
2514 ram_addr_t size,
2515 ram_addr_t phys_offset,
2516 ram_addr_t region_offset,
2517 bool log_dirty)
2518 {
2519 target_phys_addr_t addr, end_addr;
2520 PhysPageDesc *p;
2521 CPUState *env;
2522 ram_addr_t orig_size = size;
2523 subpage_t *subpage;
2524
2525 assert(size);
2526
2527 if (phys_offset == IO_MEM_UNASSIGNED) {
2528 region_offset = start_addr;
2529 }
2530 region_offset &= TARGET_PAGE_MASK;
2531 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2532 end_addr = start_addr + (target_phys_addr_t)size;
2533
2534 addr = start_addr;
2535 do {
2536 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2537 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2538 ram_addr_t orig_memory = p->phys_offset;
2539 target_phys_addr_t start_addr2, end_addr2;
2540 int need_subpage = 0;
2541
2542 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2543 need_subpage);
2544 if (need_subpage) {
2545 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2546 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2547 &p->phys_offset, orig_memory,
2548 p->region_offset);
2549 } else {
2550 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2551 >> IO_MEM_SHIFT];
2552 }
2553 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2554 region_offset);
2555 p->region_offset = 0;
2556 } else {
2557 p->phys_offset = phys_offset;
2558 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2559 (phys_offset & IO_MEM_ROMD))
2560 phys_offset += TARGET_PAGE_SIZE;
2561 }
2562 } else {
2563 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2564 p->phys_offset = phys_offset;
2565 p->region_offset = region_offset;
2566 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2567 (phys_offset & IO_MEM_ROMD)) {
2568 phys_offset += TARGET_PAGE_SIZE;
2569 } else {
2570 target_phys_addr_t start_addr2, end_addr2;
2571 int need_subpage = 0;
2572
2573 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2574 end_addr2, need_subpage);
2575
2576 if (need_subpage) {
2577 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2578 &p->phys_offset, IO_MEM_UNASSIGNED,
2579 addr & TARGET_PAGE_MASK);
2580 subpage_register(subpage, start_addr2, end_addr2,
2581 phys_offset, region_offset);
2582 p->region_offset = 0;
2583 }
2584 }
2585 }
2586 region_offset += TARGET_PAGE_SIZE;
2587 addr += TARGET_PAGE_SIZE;
2588 } while (addr != end_addr);
2589
2590 /* since each CPU stores ram addresses in its TLB cache, we must
2591 reset the modified entries */
2592 /* XXX: slow ! */
2593 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2594 tlb_flush(env, 1);
2595 }
2596 }
2597
2598 void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2599 {
2600 if (kvm_enabled())
2601 kvm_coalesce_mmio_region(addr, size);
2602 }
2603
2604 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2605 {
2606 if (kvm_enabled())
2607 kvm_uncoalesce_mmio_region(addr, size);
2608 }
2609
2610 void qemu_flush_coalesced_mmio_buffer(void)
2611 {
2612 if (kvm_enabled())
2613 kvm_flush_coalesced_mmio_buffer();
2614 }
2615
2616 #if defined(__linux__) && !defined(TARGET_S390X)
2617
2618 #include <sys/vfs.h>
2619
2620 #define HUGETLBFS_MAGIC 0x958458f6
2621
2622 static long gethugepagesize(const char *path)
2623 {
2624 struct statfs fs;
2625 int ret;
2626
2627 do {
2628 ret = statfs(path, &fs);
2629 } while (ret != 0 && errno == EINTR);
2630
2631 if (ret != 0) {
2632 perror(path);
2633 return 0;
2634 }
2635
2636 if (fs.f_type != HUGETLBFS_MAGIC)
2637 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
2638
2639 return fs.f_bsize;
2640 }
2641
2642 static void *file_ram_alloc(RAMBlock *block,
2643 ram_addr_t memory,
2644 const char *path)
2645 {
2646 char *filename;
2647 void *area;
2648 int fd;
2649 #ifdef MAP_POPULATE
2650 int flags;
2651 #endif
2652 unsigned long hpagesize;
2653
2654 hpagesize = gethugepagesize(path);
2655 if (!hpagesize) {
2656 return NULL;
2657 }
2658
2659 if (memory < hpagesize) {
2660 return NULL;
2661 }
2662
2663 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2664 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2665 return NULL;
2666 }
2667
2668 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
2669 return NULL;
2670 }
2671
2672 fd = mkstemp(filename);
2673 if (fd < 0) {
2674 perror("unable to create backing store for hugepages");
2675 free(filename);
2676 return NULL;
2677 }
2678 unlink(filename);
2679 free(filename);
2680
2681 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2682
2683 /*
2684 * ftruncate is not supported by hugetlbfs in older
2685 * hosts, so don't bother bailing out on errors.
2686 * If anything goes wrong with it under other filesystems,
2687 * mmap will fail.
2688 */
2689 if (ftruncate(fd, memory))
2690 perror("ftruncate");
2691
2692 #ifdef MAP_POPULATE
2693 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2694 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2695 * to sidestep this quirk.
2696 */
2697 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2698 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2699 #else
2700 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2701 #endif
2702 if (area == MAP_FAILED) {
2703 perror("file_ram_alloc: can't mmap RAM pages");
2704 close(fd);
2705 return (NULL);
2706 }
2707 block->fd = fd;
2708 return area;
2709 }
2710 #endif
2711
2712 static ram_addr_t find_ram_offset(ram_addr_t size)
2713 {
2714 RAMBlock *block, *next_block;
2715 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
2716
2717 if (QLIST_EMPTY(&ram_list.blocks))
2718 return 0;
2719
2720 QLIST_FOREACH(block, &ram_list.blocks, next) {
2721 ram_addr_t end, next = RAM_ADDR_MAX;
2722
2723 end = block->offset + block->length;
2724
2725 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2726 if (next_block->offset >= end) {
2727 next = MIN(next, next_block->offset);
2728 }
2729 }
2730 if (next - end >= size && next - end < mingap) {
2731 offset = end;
2732 mingap = next - end;
2733 }
2734 }
2735
2736 if (offset == RAM_ADDR_MAX) {
2737 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2738 (uint64_t)size);
2739 abort();
2740 }
2741
2742 return offset;
2743 }
2744
2745 static ram_addr_t last_ram_offset(void)
2746 {
2747 RAMBlock *block;
2748 ram_addr_t last = 0;
2749
2750 QLIST_FOREACH(block, &ram_list.blocks, next)
2751 last = MAX(last, block->offset + block->length);
2752
2753 return last;
2754 }
2755
2756 ram_addr_t qemu_ram_alloc_from_ptr(DeviceState *dev, const char *name,
2757 ram_addr_t size, void *host,
2758 MemoryRegion *mr)
2759 {
2760 RAMBlock *new_block, *block;
2761
2762 size = TARGET_PAGE_ALIGN(size);
2763 new_block = g_malloc0(sizeof(*new_block));
2764
2765 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2766 char *id = dev->parent_bus->info->get_dev_path(dev);
2767 if (id) {
2768 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
2769 g_free(id);
2770 }
2771 }
2772 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2773
2774 QLIST_FOREACH(block, &ram_list.blocks, next) {
2775 if (!strcmp(block->idstr, new_block->idstr)) {
2776 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2777 new_block->idstr);
2778 abort();
2779 }
2780 }
2781
2782 new_block->offset = find_ram_offset(size);
2783 if (host) {
2784 new_block->host = host;
2785 new_block->flags |= RAM_PREALLOC_MASK;
2786 } else {
2787 if (mem_path) {
2788 #if defined (__linux__) && !defined(TARGET_S390X)
2789 new_block->host = file_ram_alloc(new_block, size, mem_path);
2790 if (!new_block->host) {
2791 new_block->host = qemu_vmalloc(size);
2792 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
2793 }
2794 #else
2795 fprintf(stderr, "-mem-path option unsupported\n");
2796 exit(1);
2797 #endif
2798 } else {
2799 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2800 /* S390 KVM requires the topmost vma of the RAM to be smaller than
2801 an system defined value, which is at least 256GB. Larger systems
2802 have larger values. We put the guest between the end of data
2803 segment (system break) and this value. We use 32GB as a base to
2804 have enough room for the system break to grow. */
2805 new_block->host = mmap((void*)0x800000000, size,
2806 PROT_EXEC|PROT_READ|PROT_WRITE,
2807 MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
2808 if (new_block->host == MAP_FAILED) {
2809 fprintf(stderr, "Allocating RAM failed\n");
2810 abort();
2811 }
2812 #else
2813 if (xen_enabled()) {
2814 xen_ram_alloc(new_block->offset, size, mr);
2815 } else {
2816 new_block->host = qemu_vmalloc(size);
2817 }
2818 #endif
2819 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
2820 }
2821 }
2822 new_block->length = size;
2823
2824 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
2825
2826 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
2827 last_ram_offset() >> TARGET_PAGE_BITS);
2828 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2829 0xff, size >> TARGET_PAGE_BITS);
2830
2831 if (kvm_enabled())
2832 kvm_setup_guest_memory(new_block->host, size);
2833
2834 return new_block->offset;
2835 }
2836
2837 ram_addr_t qemu_ram_alloc(DeviceState *dev, const char *name, ram_addr_t size,
2838 MemoryRegion *mr)
2839 {
2840 return qemu_ram_alloc_from_ptr(dev, name, size, NULL, mr);
2841 }
2842
2843 void qemu_ram_free_from_ptr(ram_addr_t addr)
2844 {
2845 RAMBlock *block;
2846
2847 QLIST_FOREACH(block, &ram_list.blocks, next) {
2848 if (addr == block->offset) {
2849 QLIST_REMOVE(block, next);
2850 g_free(block);
2851 return;
2852 }
2853 }
2854 }
2855
2856 void qemu_ram_free(ram_addr_t addr)
2857 {
2858 RAMBlock *block;
2859
2860 QLIST_FOREACH(block, &ram_list.blocks, next) {
2861 if (addr == block->offset) {
2862 QLIST_REMOVE(block, next);
2863 if (block->flags & RAM_PREALLOC_MASK) {
2864 ;
2865 } else if (mem_path) {
2866 #if defined (__linux__) && !defined(TARGET_S390X)
2867 if (block->fd) {
2868 munmap(block->host, block->length);
2869 close(block->fd);
2870 } else {
2871 qemu_vfree(block->host);
2872 }
2873 #else
2874 abort();
2875 #endif
2876 } else {
2877 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2878 munmap(block->host, block->length);
2879 #else
2880 if (xen_enabled()) {
2881 xen_invalidate_map_cache_entry(block->host);
2882 } else {
2883 qemu_vfree(block->host);
2884 }
2885 #endif
2886 }
2887 g_free(block);
2888 return;
2889 }
2890 }
2891
2892 }
2893
2894 #ifndef _WIN32
2895 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2896 {
2897 RAMBlock *block;
2898 ram_addr_t offset;
2899 int flags;
2900 void *area, *vaddr;
2901
2902 QLIST_FOREACH(block, &ram_list.blocks, next) {
2903 offset = addr - block->offset;
2904 if (offset < block->length) {
2905 vaddr = block->host + offset;
2906 if (block->flags & RAM_PREALLOC_MASK) {
2907 ;
2908 } else {
2909 flags = MAP_FIXED;
2910 munmap(vaddr, length);
2911 if (mem_path) {
2912 #if defined(__linux__) && !defined(TARGET_S390X)
2913 if (block->fd) {
2914 #ifdef MAP_POPULATE
2915 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
2916 MAP_PRIVATE;
2917 #else
2918 flags |= MAP_PRIVATE;
2919 #endif
2920 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2921 flags, block->fd, offset);
2922 } else {
2923 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2924 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2925 flags, -1, 0);
2926 }
2927 #else
2928 abort();
2929 #endif
2930 } else {
2931 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2932 flags |= MAP_SHARED | MAP_ANONYMOUS;
2933 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
2934 flags, -1, 0);
2935 #else
2936 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2937 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2938 flags, -1, 0);
2939 #endif
2940 }
2941 if (area != vaddr) {
2942 fprintf(stderr, "Could not remap addr: "
2943 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
2944 length, addr);
2945 exit(1);
2946 }
2947 qemu_madvise(vaddr, length, QEMU_MADV_MERGEABLE);
2948 }
2949 return;
2950 }
2951 }
2952 }
2953 #endif /* !_WIN32 */
2954
2955 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2956 With the exception of the softmmu code in this file, this should
2957 only be used for local memory (e.g. video ram) that the device owns,
2958 and knows it isn't going to access beyond the end of the block.
2959
2960 It should not be used for general purpose DMA.
2961 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2962 */
2963 void *qemu_get_ram_ptr(ram_addr_t addr)
2964 {
2965 RAMBlock *block;
2966
2967 QLIST_FOREACH(block, &ram_list.blocks, next) {
2968 if (addr - block->offset < block->length) {
2969 /* Move this entry to to start of the list. */
2970 if (block != QLIST_FIRST(&ram_list.blocks)) {
2971 QLIST_REMOVE(block, next);
2972 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2973 }
2974 if (xen_enabled()) {
2975 /* We need to check if the requested address is in the RAM
2976 * because we don't want to map the entire memory in QEMU.
2977 * In that case just map until the end of the page.
2978 */
2979 if (block->offset == 0) {
2980 return xen_map_cache(addr, 0, 0);
2981 } else if (block->host == NULL) {
2982 block->host =
2983 xen_map_cache(block->offset, block->length, 1);
2984 }
2985 }
2986 return block->host + (addr - block->offset);
2987 }
2988 }
2989
2990 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2991 abort();
2992
2993 return NULL;
2994 }
2995
2996 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2997 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
2998 */
2999 void *qemu_safe_ram_ptr(ram_addr_t addr)
3000 {
3001 RAMBlock *block;
3002
3003 QLIST_FOREACH(block, &ram_list.blocks, next) {
3004 if (addr - block->offset < block->length) {
3005 if (xen_enabled()) {
3006 /* We need to check if the requested address is in the RAM
3007 * because we don't want to map the entire memory in QEMU.
3008 * In that case just map until the end of the page.
3009 */
3010 if (block->offset == 0) {
3011 return xen_map_cache(addr, 0, 0);
3012 } else if (block->host == NULL) {
3013 block->host =
3014 xen_map_cache(block->offset, block->length, 1);
3015 }
3016 }
3017 return block->host + (addr - block->offset);
3018 }
3019 }
3020
3021 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3022 abort();
3023
3024 return NULL;
3025 }
3026
3027 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
3028 * but takes a size argument */
3029 void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
3030 {
3031 if (*size == 0) {
3032 return NULL;
3033 }
3034 if (xen_enabled()) {
3035 return xen_map_cache(addr, *size, 1);
3036 } else {
3037 RAMBlock *block;
3038
3039 QLIST_FOREACH(block, &ram_list.blocks, next) {
3040 if (addr - block->offset < block->length) {
3041 if (addr - block->offset + *size > block->length)
3042 *size = block->length - addr + block->offset;
3043 return block->host + (addr - block->offset);
3044 }
3045 }
3046
3047 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3048 abort();
3049 }
3050 }
3051
3052 void qemu_put_ram_ptr(void *addr)
3053 {
3054 trace_qemu_put_ram_ptr(addr);
3055 }
3056
3057 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
3058 {
3059 RAMBlock *block;
3060 uint8_t *host = ptr;
3061
3062 if (xen_enabled()) {
3063 *ram_addr = xen_ram_addr_from_mapcache(ptr);
3064 return 0;
3065 }
3066
3067 QLIST_FOREACH(block, &ram_list.blocks, next) {
3068 /* This case append when the block is not mapped. */
3069 if (block->host == NULL) {
3070 continue;
3071 }
3072 if (host - block->host < block->length) {
3073 *ram_addr = block->offset + (host - block->host);
3074 return 0;
3075 }
3076 }
3077
3078 return -1;
3079 }
3080
3081 /* Some of the softmmu routines need to translate from a host pointer
3082 (typically a TLB entry) back to a ram offset. */
3083 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
3084 {
3085 ram_addr_t ram_addr;
3086
3087 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
3088 fprintf(stderr, "Bad ram pointer %p\n", ptr);
3089 abort();
3090 }
3091 return ram_addr;
3092 }
3093
3094 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
3095 {
3096 #ifdef DEBUG_UNASSIGNED
3097 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3098 #endif
3099 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3100 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, 1);
3101 #endif
3102 return 0;
3103 }
3104
3105 static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
3106 {
3107 #ifdef DEBUG_UNASSIGNED
3108 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3109 #endif
3110 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3111 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, 2);
3112 #endif
3113 return 0;
3114 }
3115
3116 static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
3117 {
3118 #ifdef DEBUG_UNASSIGNED
3119 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3120 #endif
3121 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3122 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, 4);
3123 #endif
3124 return 0;
3125 }
3126
3127 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
3128 {
3129 #ifdef DEBUG_UNASSIGNED
3130 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3131 #endif
3132 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3133 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, 1);
3134 #endif
3135 }
3136
3137 static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
3138 {
3139 #ifdef DEBUG_UNASSIGNED
3140 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3141 #endif
3142 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3143 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, 2);
3144 #endif
3145 }
3146
3147 static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
3148 {
3149 #ifdef DEBUG_UNASSIGNED
3150 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3151 #endif
3152 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3153 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, 4);
3154 #endif
3155 }
3156
3157 static CPUReadMemoryFunc * const unassigned_mem_read[3] = {
3158 unassigned_mem_readb,
3159 unassigned_mem_readw,
3160 unassigned_mem_readl,
3161 };
3162
3163 static CPUWriteMemoryFunc * const unassigned_mem_write[3] = {
3164 unassigned_mem_writeb,
3165 unassigned_mem_writew,
3166 unassigned_mem_writel,
3167 };
3168
3169 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
3170 uint32_t val)
3171 {
3172 int dirty_flags;
3173 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3174 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3175 #if !defined(CONFIG_USER_ONLY)
3176 tb_invalidate_phys_page_fast(ram_addr, 1);
3177 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3178 #endif
3179 }
3180 stb_p(qemu_get_ram_ptr(ram_addr), val);
3181 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3182 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3183 /* we remove the notdirty callback only if the code has been
3184 flushed */
3185 if (dirty_flags == 0xff)
3186 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3187 }
3188
3189 static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
3190 uint32_t val)
3191 {
3192 int dirty_flags;
3193 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3194 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3195 #if !defined(CONFIG_USER_ONLY)
3196 tb_invalidate_phys_page_fast(ram_addr, 2);
3197 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3198 #endif
3199 }
3200 stw_p(qemu_get_ram_ptr(ram_addr), val);
3201 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3202 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3203 /* we remove the notdirty callback only if the code has been
3204 flushed */
3205 if (dirty_flags == 0xff)
3206 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3207 }
3208
3209 static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
3210 uint32_t val)
3211 {
3212 int dirty_flags;
3213 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3214 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3215 #if !defined(CONFIG_USER_ONLY)
3216 tb_invalidate_phys_page_fast(ram_addr, 4);
3217 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3218 #endif
3219 }
3220 stl_p(qemu_get_ram_ptr(ram_addr), val);
3221 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3222 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3223 /* we remove the notdirty callback only if the code has been
3224 flushed */
3225 if (dirty_flags == 0xff)
3226 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3227 }
3228
3229 static CPUReadMemoryFunc * const error_mem_read[3] = {
3230 NULL, /* never used */
3231 NULL, /* never used */
3232 NULL, /* never used */
3233 };
3234
3235 static CPUWriteMemoryFunc * const notdirty_mem_write[3] = {
3236 notdirty_mem_writeb,
3237 notdirty_mem_writew,
3238 notdirty_mem_writel,
3239 };
3240
3241 /* Generate a debug exception if a watchpoint has been hit. */
3242 static void check_watchpoint(int offset, int len_mask, int flags)
3243 {
3244 CPUState *env = cpu_single_env;
3245 target_ulong pc, cs_base;
3246 TranslationBlock *tb;
3247 target_ulong vaddr;
3248 CPUWatchpoint *wp;
3249 int cpu_flags;
3250
3251 if (env->watchpoint_hit) {
3252 /* We re-entered the check after replacing the TB. Now raise
3253 * the debug interrupt so that is will trigger after the
3254 * current instruction. */
3255 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3256 return;
3257 }
3258 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
3259 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
3260 if ((vaddr == (wp->vaddr & len_mask) ||
3261 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
3262 wp->flags |= BP_WATCHPOINT_HIT;
3263 if (!env->watchpoint_hit) {
3264 env->watchpoint_hit = wp;
3265 tb = tb_find_pc(env->mem_io_pc);
3266 if (!tb) {
3267 cpu_abort(env, "check_watchpoint: could not find TB for "
3268 "pc=%p", (void *)env->mem_io_pc);
3269 }
3270 cpu_restore_state(tb, env, env->mem_io_pc);
3271 tb_phys_invalidate(tb, -1);
3272 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3273 env->exception_index = EXCP_DEBUG;
3274 } else {
3275 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3276 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3277 }
3278 cpu_resume_from_signal(env, NULL);
3279 }
3280 } else {
3281 wp->flags &= ~BP_WATCHPOINT_HIT;
3282 }
3283 }
3284 }
3285
3286 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3287 so these check for a hit then pass through to the normal out-of-line
3288 phys routines. */
3289 static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
3290 {
3291 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_READ);
3292 return ldub_phys(addr);
3293 }
3294
3295 static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
3296 {
3297 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_READ);
3298 return lduw_phys(addr);
3299 }
3300
3301 static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
3302 {
3303 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_READ);
3304 return ldl_phys(addr);
3305 }
3306
3307 static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
3308 uint32_t val)
3309 {
3310 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_WRITE);
3311 stb_phys(addr, val);
3312 }
3313
3314 static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
3315 uint32_t val)
3316 {
3317 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_WRITE);
3318 stw_phys(addr, val);
3319 }
3320
3321 static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
3322 uint32_t val)
3323 {
3324 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_WRITE);
3325 stl_phys(addr, val);
3326 }
3327
3328 static CPUReadMemoryFunc * const watch_mem_read[3] = {
3329 watch_mem_readb,
3330 watch_mem_readw,
3331 watch_mem_readl,
3332 };
3333
3334 static CPUWriteMemoryFunc * const watch_mem_write[3] = {
3335 watch_mem_writeb,
3336 watch_mem_writew,
3337 watch_mem_writel,
3338 };
3339
3340 static inline uint32_t subpage_readlen (subpage_t *mmio,
3341 target_phys_addr_t addr,
3342 unsigned int len)
3343 {
3344 unsigned int idx = SUBPAGE_IDX(addr);
3345 #if defined(DEBUG_SUBPAGE)
3346 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3347 mmio, len, addr, idx);
3348 #endif
3349
3350 addr += mmio->region_offset[idx];
3351 idx = mmio->sub_io_index[idx];
3352 return io_mem_read[idx][len](io_mem_opaque[idx], addr);
3353 }
3354
3355 static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
3356 uint32_t value, unsigned int len)
3357 {
3358 unsigned int idx = SUBPAGE_IDX(addr);
3359 #if defined(DEBUG_SUBPAGE)
3360 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n",
3361 __func__, mmio, len, addr, idx, value);
3362 #endif
3363
3364 addr += mmio->region_offset[idx];
3365 idx = mmio->sub_io_index[idx];
3366 io_mem_write[idx][len](io_mem_opaque[idx], addr, value);
3367 }
3368
3369 static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
3370 {
3371 return subpage_readlen(opaque, addr, 0);
3372 }
3373
3374 static void subpage_writeb (void *opaque, target_phys_addr_t addr,
3375 uint32_t value)
3376 {
3377 subpage_writelen(opaque, addr, value, 0);
3378 }
3379
3380 static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
3381 {
3382 return subpage_readlen(opaque, addr, 1);
3383 }
3384
3385 static void subpage_writew (void *opaque, target_phys_addr_t addr,
3386 uint32_t value)
3387 {
3388 subpage_writelen(opaque, addr, value, 1);
3389 }
3390
3391 static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
3392 {
3393 return subpage_readlen(opaque, addr, 2);
3394 }
3395
3396 static void subpage_writel (void *opaque, target_phys_addr_t addr,
3397 uint32_t value)
3398 {
3399 subpage_writelen(opaque, addr, value, 2);
3400 }
3401
3402 static CPUReadMemoryFunc * const subpage_read[] = {
3403 &subpage_readb,
3404 &subpage_readw,
3405 &subpage_readl,
3406 };
3407
3408 static CPUWriteMemoryFunc * const subpage_write[] = {
3409 &subpage_writeb,
3410 &subpage_writew,
3411 &subpage_writel,
3412 };
3413
3414 static uint32_t subpage_ram_readb(void *opaque, target_phys_addr_t addr)
3415 {
3416 ram_addr_t raddr = addr;
3417 void *ptr = qemu_get_ram_ptr(raddr);
3418 return ldub_p(ptr);
3419 }
3420
3421 static void subpage_ram_writeb(void *opaque, target_phys_addr_t addr,
3422 uint32_t value)
3423 {
3424 ram_addr_t raddr = addr;
3425 void *ptr = qemu_get_ram_ptr(raddr);
3426 stb_p(ptr, value);
3427 }
3428
3429 static uint32_t subpage_ram_readw(void *opaque, target_phys_addr_t addr)
3430 {
3431 ram_addr_t raddr = addr;
3432 void *ptr = qemu_get_ram_ptr(raddr);
3433 return lduw_p(ptr);
3434 }
3435
3436 static void subpage_ram_writew(void *opaque, target_phys_addr_t addr,
3437 uint32_t value)
3438 {
3439 ram_addr_t raddr = addr;
3440 void *ptr = qemu_get_ram_ptr(raddr);
3441 stw_p(ptr, value);
3442 }
3443
3444 static uint32_t subpage_ram_readl(void *opaque, target_phys_addr_t addr)
3445 {
3446 ram_addr_t raddr = addr;
3447 void *ptr = qemu_get_ram_ptr(raddr);
3448 return ldl_p(ptr);
3449 }
3450
3451 static void subpage_ram_writel(void *opaque, target_phys_addr_t addr,
3452 uint32_t value)
3453 {
3454 ram_addr_t raddr = addr;
3455 void *ptr = qemu_get_ram_ptr(raddr);
3456 stl_p(ptr, value);
3457 }
3458
3459 static CPUReadMemoryFunc * const subpage_ram_read[] = {
3460 &subpage_ram_readb,
3461 &subpage_ram_readw,
3462 &subpage_ram_readl,
3463 };
3464
3465 static CPUWriteMemoryFunc * const subpage_ram_write[] = {
3466 &subpage_ram_writeb,
3467 &subpage_ram_writew,
3468 &subpage_ram_writel,
3469 };
3470
3471 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3472 ram_addr_t memory, ram_addr_t region_offset)
3473 {
3474 int idx, eidx;
3475
3476 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3477 return -1;
3478 idx = SUBPAGE_IDX(start);
3479 eidx = SUBPAGE_IDX(end);
3480 #if defined(DEBUG_SUBPAGE)
3481 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
3482 mmio, start, end, idx, eidx, memory);
3483 #endif
3484 if ((memory & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
3485 memory = IO_MEM_SUBPAGE_RAM;
3486 }
3487 memory = (memory >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3488 for (; idx <= eidx; idx++) {
3489 mmio->sub_io_index[idx] = memory;
3490 mmio->region_offset[idx] = region_offset;
3491 }
3492
3493 return 0;
3494 }
3495
3496 static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
3497 ram_addr_t orig_memory,
3498 ram_addr_t region_offset)
3499 {
3500 subpage_t *mmio;
3501 int subpage_memory;
3502
3503 mmio = g_malloc0(sizeof(subpage_t));
3504
3505 mmio->base = base;
3506 subpage_memory = cpu_register_io_memory(subpage_read, subpage_write, mmio,
3507 DEVICE_NATIVE_ENDIAN);
3508 #if defined(DEBUG_SUBPAGE)
3509 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3510 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
3511 #endif
3512 *phys = subpage_memory | IO_MEM_SUBPAGE;
3513 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, orig_memory, region_offset);
3514
3515 return mmio;
3516 }
3517
3518 static int get_free_io_mem_idx(void)
3519 {
3520 int i;
3521
3522 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3523 if (!io_mem_used[i]) {
3524 io_mem_used[i] = 1;
3525 return i;
3526 }
3527 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
3528 return -1;
3529 }
3530
3531 /*
3532 * Usually, devices operate in little endian mode. There are devices out
3533 * there that operate in big endian too. Each device gets byte swapped
3534 * mmio if plugged onto a CPU that does the other endianness.
3535 *
3536 * CPU Device swap?
3537 *
3538 * little little no
3539 * little big yes
3540 * big little yes
3541 * big big no
3542 */
3543
3544 typedef struct SwapEndianContainer {
3545 CPUReadMemoryFunc *read[3];
3546 CPUWriteMemoryFunc *write[3];
3547 void *opaque;
3548 } SwapEndianContainer;
3549
3550 static uint32_t swapendian_mem_readb (void *opaque, target_phys_addr_t addr)
3551 {
3552 uint32_t val;
3553 SwapEndianContainer *c = opaque;
3554 val = c->read[0](c->opaque, addr);
3555 return val;
3556 }
3557
3558 static uint32_t swapendian_mem_readw(void *opaque, target_phys_addr_t addr)
3559 {
3560 uint32_t val;
3561 SwapEndianContainer *c = opaque;
3562 val = bswap16(c->read[1](c->opaque, addr));
3563 return val;
3564 }
3565
3566 static uint32_t swapendian_mem_readl(void *opaque, target_phys_addr_t addr)
3567 {
3568 uint32_t val;
3569 SwapEndianContainer *c = opaque;
3570 val = bswap32(c->read[2](c->opaque, addr));
3571 return val;
3572 }
3573
3574 static CPUReadMemoryFunc * const swapendian_readfn[3]={
3575 swapendian_mem_readb,
3576 swapendian_mem_readw,
3577 swapendian_mem_readl
3578 };
3579
3580 static void swapendian_mem_writeb(void *opaque, target_phys_addr_t addr,
3581 uint32_t val)
3582 {
3583 SwapEndianContainer *c = opaque;
3584 c->write[0](c->opaque, addr, val);
3585 }
3586
3587 static void swapendian_mem_writew(void *opaque, target_phys_addr_t addr,
3588 uint32_t val)
3589 {
3590 SwapEndianContainer *c = opaque;
3591 c->write[1](c->opaque, addr, bswap16(val));
3592 }
3593
3594 static void swapendian_mem_writel(void *opaque, target_phys_addr_t addr,
3595 uint32_t val)
3596 {
3597 SwapEndianContainer *c = opaque;
3598 c->write[2](c->opaque, addr, bswap32(val));
3599 }
3600
3601 static CPUWriteMemoryFunc * const swapendian_writefn[3]={
3602 swapendian_mem_writeb,
3603 swapendian_mem_writew,
3604 swapendian_mem_writel
3605 };
3606
3607 static void swapendian_init(int io_index)
3608 {
3609 SwapEndianContainer *c = g_malloc(sizeof(SwapEndianContainer));
3610 int i;
3611
3612 /* Swap mmio for big endian targets */
3613 c->opaque = io_mem_opaque[io_index];
3614 for (i = 0; i < 3; i++) {
3615 c->read[i] = io_mem_read[io_index][i];
3616 c->write[i] = io_mem_write[io_index][i];
3617
3618 io_mem_read[io_index][i] = swapendian_readfn[i];
3619 io_mem_write[io_index][i] = swapendian_writefn[i];
3620 }
3621 io_mem_opaque[io_index] = c;
3622 }
3623
3624 static void swapendian_del(int io_index)
3625 {
3626 if (io_mem_read[io_index][0] == swapendian_readfn[0]) {
3627 g_free(io_mem_opaque[io_index]);
3628 }
3629 }
3630
3631 /* mem_read and mem_write are arrays of functions containing the
3632 function to access byte (index 0), word (index 1) and dword (index
3633 2). Functions can be omitted with a NULL function pointer.
3634 If io_index is non zero, the corresponding io zone is
3635 modified. If it is zero, a new io zone is allocated. The return
3636 value can be used with cpu_register_physical_memory(). (-1) is
3637 returned if error. */
3638 static int cpu_register_io_memory_fixed(int io_index,
3639 CPUReadMemoryFunc * const *mem_read,
3640 CPUWriteMemoryFunc * const *mem_write,
3641 void *opaque, enum device_endian endian)
3642 {
3643 int i;
3644
3645 if (io_index <= 0) {
3646 io_index = get_free_io_mem_idx();
3647 if (io_index == -1)
3648 return io_index;
3649 } else {
3650 io_index >>= IO_MEM_SHIFT;
3651 if (io_index >= IO_MEM_NB_ENTRIES)
3652 return -1;
3653 }
3654
3655 for (i = 0; i < 3; ++i) {
3656 io_mem_read[io_index][i]
3657 = (mem_read[i] ? mem_read[i] : unassigned_mem_read[i]);
3658 }
3659 for (i = 0; i < 3; ++i) {
3660 io_mem_write[io_index][i]
3661 = (mem_write[i] ? mem_write[i] : unassigned_mem_write[i]);
3662 }
3663 io_mem_opaque[io_index] = opaque;
3664
3665 switch (endian) {
3666 case DEVICE_BIG_ENDIAN:
3667 #ifndef TARGET_WORDS_BIGENDIAN
3668 swapendian_init(io_index);
3669 #endif
3670 break;
3671 case DEVICE_LITTLE_ENDIAN:
3672 #ifdef TARGET_WORDS_BIGENDIAN
3673 swapendian_init(io_index);
3674 #endif
3675 break;
3676 case DEVICE_NATIVE_ENDIAN:
3677 default:
3678 break;
3679 }
3680
3681 return (io_index << IO_MEM_SHIFT);
3682 }
3683
3684 int cpu_register_io_memory(CPUReadMemoryFunc * const *mem_read,
3685 CPUWriteMemoryFunc * const *mem_write,
3686 void *opaque, enum device_endian endian)
3687 {
3688 return cpu_register_io_memory_fixed(0, mem_read, mem_write, opaque, endian);
3689 }
3690
3691 void cpu_unregister_io_memory(int io_table_address)
3692 {
3693 int i;
3694 int io_index = io_table_address >> IO_MEM_SHIFT;
3695
3696 swapendian_del(io_index);
3697
3698 for (i=0;i < 3; i++) {
3699 io_mem_read[io_index][i] = unassigned_mem_read[i];
3700 io_mem_write[io_index][i] = unassigned_mem_write[i];
3701 }
3702 io_mem_opaque[io_index] = NULL;
3703 io_mem_used[io_index] = 0;
3704 }
3705
3706 static void io_mem_init(void)
3707 {
3708 int i;
3709
3710 cpu_register_io_memory_fixed(IO_MEM_ROM, error_mem_read,
3711 unassigned_mem_write, NULL,
3712 DEVICE_NATIVE_ENDIAN);
3713 cpu_register_io_memory_fixed(IO_MEM_UNASSIGNED, unassigned_mem_read,
3714 unassigned_mem_write, NULL,
3715 DEVICE_NATIVE_ENDIAN);
3716 cpu_register_io_memory_fixed(IO_MEM_NOTDIRTY, error_mem_read,
3717 notdirty_mem_write, NULL,
3718 DEVICE_NATIVE_ENDIAN);
3719 cpu_register_io_memory_fixed(IO_MEM_SUBPAGE_RAM, subpage_ram_read,
3720 subpage_ram_write, NULL,
3721 DEVICE_NATIVE_ENDIAN);
3722 for (i=0; i<5; i++)
3723 io_mem_used[i] = 1;
3724
3725 io_mem_watch = cpu_register_io_memory(watch_mem_read,
3726 watch_mem_write, NULL,
3727 DEVICE_NATIVE_ENDIAN);
3728 }
3729
3730 static void memory_map_init(void)
3731 {
3732 system_memory = g_malloc(sizeof(*system_memory));
3733 memory_region_init(system_memory, "system", INT64_MAX);
3734 set_system_memory_map(system_memory);
3735
3736 system_io = g_malloc(sizeof(*system_io));
3737 memory_region_init(system_io, "io", 65536);
3738 set_system_io_map(system_io);
3739 }
3740
3741 MemoryRegion *get_system_memory(void)
3742 {
3743 return system_memory;
3744 }
3745
3746 MemoryRegion *get_system_io(void)
3747 {
3748 return system_io;
3749 }
3750
3751 #endif /* !defined(CONFIG_USER_ONLY) */
3752
3753 /* physical memory access (slow version, mainly for debug) */
3754 #if defined(CONFIG_USER_ONLY)
3755 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3756 uint8_t *buf, int len, int is_write)
3757 {
3758 int l, flags;
3759 target_ulong page;
3760 void * p;
3761
3762 while (len > 0) {
3763 page = addr & TARGET_PAGE_MASK;
3764 l = (page + TARGET_PAGE_SIZE) - addr;
3765 if (l > len)
3766 l = len;
3767 flags = page_get_flags(page);
3768 if (!(flags & PAGE_VALID))
3769 return -1;
3770 if (is_write) {
3771 if (!(flags & PAGE_WRITE))
3772 return -1;
3773 /* XXX: this code should not depend on lock_user */
3774 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3775 return -1;
3776 memcpy(p, buf, l);
3777 unlock_user(p, addr, l);
3778 } else {
3779 if (!(flags & PAGE_READ))
3780 return -1;
3781 /* XXX: this code should not depend on lock_user */
3782 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3783 return -1;
3784 memcpy(buf, p, l);
3785 unlock_user(p, addr, 0);
3786 }
3787 len -= l;
3788 buf += l;
3789 addr += l;
3790 }
3791 return 0;
3792 }
3793
3794 #else
3795 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3796 int len, int is_write)
3797 {
3798 int l, io_index;
3799 uint8_t *ptr;
3800 uint32_t val;
3801 target_phys_addr_t page;
3802 ram_addr_t pd;
3803 PhysPageDesc *p;
3804
3805 while (len > 0) {
3806 page = addr & TARGET_PAGE_MASK;
3807 l = (page + TARGET_PAGE_SIZE) - addr;
3808 if (l > len)
3809 l = len;
3810 p = phys_page_find(page >> TARGET_PAGE_BITS);
3811 if (!p) {
3812 pd = IO_MEM_UNASSIGNED;
3813 } else {
3814 pd = p->phys_offset;
3815 }
3816
3817 if (is_write) {
3818 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3819 target_phys_addr_t addr1 = addr;
3820 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3821 if (p)
3822 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3823 /* XXX: could force cpu_single_env to NULL to avoid
3824 potential bugs */
3825 if (l >= 4 && ((addr1 & 3) == 0)) {
3826 /* 32 bit write access */
3827 val = ldl_p(buf);
3828 io_mem_write[io_index][2](io_mem_opaque[io_index], addr1, val);
3829 l = 4;
3830 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3831 /* 16 bit write access */
3832 val = lduw_p(buf);
3833 io_mem_write[io_index][1](io_mem_opaque[io_index], addr1, val);
3834 l = 2;
3835 } else {
3836 /* 8 bit write access */
3837 val = ldub_p(buf);
3838 io_mem_write[io_index][0](io_mem_opaque[io_index], addr1, val);
3839 l = 1;
3840 }
3841 } else {
3842 ram_addr_t addr1;
3843 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3844 /* RAM case */
3845 ptr = qemu_get_ram_ptr(addr1);
3846 memcpy(ptr, buf, l);
3847 if (!cpu_physical_memory_is_dirty(addr1)) {
3848 /* invalidate code */
3849 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3850 /* set dirty bit */
3851 cpu_physical_memory_set_dirty_flags(
3852 addr1, (0xff & ~CODE_DIRTY_FLAG));
3853 }
3854 qemu_put_ram_ptr(ptr);
3855 }
3856 } else {
3857 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3858 !(pd & IO_MEM_ROMD)) {
3859 target_phys_addr_t addr1 = addr;
3860 /* I/O case */
3861 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3862 if (p)
3863 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3864 if (l >= 4 && ((addr1 & 3) == 0)) {
3865 /* 32 bit read access */
3866 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr1);
3867 stl_p(buf, val);
3868 l = 4;
3869 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3870 /* 16 bit read access */
3871 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr1);
3872 stw_p(buf, val);
3873 l = 2;
3874 } else {
3875 /* 8 bit read access */
3876 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr1);
3877 stb_p(buf, val);
3878 l = 1;
3879 }
3880 } else {
3881 /* RAM case */
3882 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
3883 memcpy(buf, ptr + (addr & ~TARGET_PAGE_MASK), l);
3884 qemu_put_ram_ptr(ptr);
3885 }
3886 }
3887 len -= l;
3888 buf += l;
3889 addr += l;
3890 }
3891 }
3892
3893 /* used for ROM loading : can write in RAM and ROM */
3894 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
3895 const uint8_t *buf, int len)
3896 {
3897 int l;
3898 uint8_t *ptr;
3899 target_phys_addr_t page;
3900 unsigned long pd;
3901 PhysPageDesc *p;
3902
3903 while (len > 0) {
3904 page = addr & TARGET_PAGE_MASK;
3905 l = (page + TARGET_PAGE_SIZE) - addr;
3906 if (l > len)
3907 l = len;
3908 p = phys_page_find(page >> TARGET_PAGE_BITS);
3909 if (!p) {
3910 pd = IO_MEM_UNASSIGNED;
3911 } else {
3912 pd = p->phys_offset;
3913 }
3914
3915 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
3916 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
3917 !(pd & IO_MEM_ROMD)) {
3918 /* do nothing */
3919 } else {
3920 unsigned long addr1;
3921 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3922 /* ROM/RAM case */
3923 ptr = qemu_get_ram_ptr(addr1);
3924 memcpy(ptr, buf, l);
3925 qemu_put_ram_ptr(ptr);
3926 }
3927 len -= l;
3928 buf += l;
3929 addr += l;
3930 }
3931 }
3932
3933 typedef struct {
3934 void *buffer;
3935 target_phys_addr_t addr;
3936 target_phys_addr_t len;
3937 } BounceBuffer;
3938
3939 static BounceBuffer bounce;
3940
3941 typedef struct MapClient {
3942 void *opaque;
3943 void (*callback)(void *opaque);
3944 QLIST_ENTRY(MapClient) link;
3945 } MapClient;
3946
3947 static QLIST_HEAD(map_client_list, MapClient) map_client_list
3948 = QLIST_HEAD_INITIALIZER(map_client_list);
3949
3950 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3951 {
3952 MapClient *client = g_malloc(sizeof(*client));
3953
3954 client->opaque = opaque;
3955 client->callback = callback;
3956 QLIST_INSERT_HEAD(&map_client_list, client, link);
3957 return client;
3958 }
3959
3960 void cpu_unregister_map_client(void *_client)
3961 {
3962 MapClient *client = (MapClient *)_client;
3963
3964 QLIST_REMOVE(client, link);
3965 g_free(client);
3966 }
3967
3968 static void cpu_notify_map_clients(void)
3969 {
3970 MapClient *client;
3971
3972 while (!QLIST_EMPTY(&map_client_list)) {
3973 client = QLIST_FIRST(&map_client_list);
3974 client->callback(client->opaque);
3975 cpu_unregister_map_client(client);
3976 }
3977 }
3978
3979 /* Map a physical memory region into a host virtual address.
3980 * May map a subset of the requested range, given by and returned in *plen.
3981 * May return NULL if resources needed to perform the mapping are exhausted.
3982 * Use only for reads OR writes - not for read-modify-write operations.
3983 * Use cpu_register_map_client() to know when retrying the map operation is
3984 * likely to succeed.
3985 */
3986 void *cpu_physical_memory_map(target_phys_addr_t addr,
3987 target_phys_addr_t *plen,
3988 int is_write)
3989 {
3990 target_phys_addr_t len = *plen;
3991 target_phys_addr_t todo = 0;
3992 int l;
3993 target_phys_addr_t page;
3994 unsigned long pd;
3995 PhysPageDesc *p;
3996 ram_addr_t raddr = RAM_ADDR_MAX;
3997 ram_addr_t rlen;
3998 void *ret;
3999
4000 while (len > 0) {
4001 page = addr & TARGET_PAGE_MASK;
4002 l = (page + TARGET_PAGE_SIZE) - addr;
4003 if (l > len)
4004 l = len;
4005 p = phys_page_find(page >> TARGET_PAGE_BITS);
4006 if (!p) {
4007 pd = IO_MEM_UNASSIGNED;
4008 } else {
4009 pd = p->phys_offset;
4010 }
4011
4012 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4013 if (todo || bounce.buffer) {
4014 break;
4015 }
4016 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
4017 bounce.addr = addr;
4018 bounce.len = l;
4019 if (!is_write) {
4020 cpu_physical_memory_read(addr, bounce.buffer, l);
4021 }
4022
4023 *plen = l;
4024 return bounce.buffer;
4025 }
4026 if (!todo) {
4027 raddr = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4028 }
4029
4030 len -= l;
4031 addr += l;
4032 todo += l;
4033 }
4034 rlen = todo;
4035 ret = qemu_ram_ptr_length(raddr, &rlen);
4036 *plen = rlen;
4037 return ret;
4038 }
4039
4040 /* Unmaps a memory region previously mapped by cpu_physical_memory_map().
4041 * Will also mark the memory as dirty if is_write == 1. access_len gives
4042 * the amount of memory that was actually read or written by the caller.
4043 */
4044 void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
4045 int is_write, target_phys_addr_t access_len)
4046 {
4047 if (buffer != bounce.buffer) {
4048 if (is_write) {
4049 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
4050 while (access_len) {
4051 unsigned l;
4052 l = TARGET_PAGE_SIZE;
4053 if (l > access_len)
4054 l = access_len;
4055 if (!cpu_physical_memory_is_dirty(addr1)) {
4056 /* invalidate code */
4057 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
4058 /* set dirty bit */
4059 cpu_physical_memory_set_dirty_flags(
4060 addr1, (0xff & ~CODE_DIRTY_FLAG));
4061 }
4062 addr1 += l;
4063 access_len -= l;
4064 }
4065 }
4066 if (xen_enabled()) {
4067 xen_invalidate_map_cache_entry(buffer);
4068 }
4069 return;
4070 }
4071 if (is_write) {
4072 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
4073 }
4074 qemu_vfree(bounce.buffer);
4075 bounce.buffer = NULL;
4076 cpu_notify_map_clients();
4077 }
4078
4079 /* warning: addr must be aligned */
4080 static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
4081 enum device_endian endian)
4082 {
4083 int io_index;
4084 uint8_t *ptr;
4085 uint32_t val;
4086 unsigned long pd;
4087 PhysPageDesc *p;
4088
4089 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4090 if (!p) {
4091 pd = IO_MEM_UNASSIGNED;
4092 } else {
4093 pd = p->phys_offset;
4094 }
4095
4096 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
4097 !(pd & IO_MEM_ROMD)) {
4098 /* I/O case */
4099 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4100 if (p)
4101 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4102 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
4103 #if defined(TARGET_WORDS_BIGENDIAN)
4104 if (endian == DEVICE_LITTLE_ENDIAN) {
4105 val = bswap32(val);
4106 }
4107 #else
4108 if (endian == DEVICE_BIG_ENDIAN) {
4109 val = bswap32(val);
4110 }
4111 #endif
4112 } else {
4113 /* RAM case */
4114 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
4115 (addr & ~TARGET_PAGE_MASK);
4116 switch (endian) {
4117 case DEVICE_LITTLE_ENDIAN:
4118 val = ldl_le_p(ptr);
4119 break;
4120 case DEVICE_BIG_ENDIAN:
4121 val = ldl_be_p(ptr);
4122 break;
4123 default:
4124 val = ldl_p(ptr);
4125 break;
4126 }
4127 }
4128 return val;
4129 }
4130
4131 uint32_t ldl_phys(target_phys_addr_t addr)
4132 {
4133 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4134 }
4135
4136 uint32_t ldl_le_phys(target_phys_addr_t addr)
4137 {
4138 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4139 }
4140
4141 uint32_t ldl_be_phys(target_phys_addr_t addr)
4142 {
4143 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
4144 }
4145
4146 /* warning: addr must be aligned */
4147 static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
4148 enum device_endian endian)
4149 {
4150 int io_index;
4151 uint8_t *ptr;
4152 uint64_t val;
4153 unsigned long pd;
4154 PhysPageDesc *p;
4155
4156 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4157 if (!p) {
4158 pd = IO_MEM_UNASSIGNED;
4159 } else {
4160 pd = p->phys_offset;
4161 }
4162
4163 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
4164 !(pd & IO_MEM_ROMD)) {
4165 /* I/O case */
4166 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4167 if (p)
4168 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4169
4170 /* XXX This is broken when device endian != cpu endian.
4171 Fix and add "endian" variable check */
4172 #ifdef TARGET_WORDS_BIGENDIAN
4173 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
4174 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
4175 #else
4176 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
4177 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
4178 #endif
4179 } else {
4180 /* RAM case */
4181 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
4182 (addr & ~TARGET_PAGE_MASK);
4183 switch (endian) {
4184 case DEVICE_LITTLE_ENDIAN:
4185 val = ldq_le_p(ptr);
4186 break;
4187 case DEVICE_BIG_ENDIAN:
4188 val = ldq_be_p(ptr);
4189 break;
4190 default:
4191 val = ldq_p(ptr);
4192 break;
4193 }
4194 }
4195 return val;
4196 }
4197
4198 uint64_t ldq_phys(target_phys_addr_t addr)
4199 {
4200 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4201 }
4202
4203 uint64_t ldq_le_phys(target_phys_addr_t addr)
4204 {
4205 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4206 }
4207
4208 uint64_t ldq_be_phys(target_phys_addr_t addr)
4209 {
4210 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
4211 }
4212
4213 /* XXX: optimize */
4214 uint32_t ldub_phys(target_phys_addr_t addr)
4215 {
4216 uint8_t val;
4217 cpu_physical_memory_read(addr, &val, 1);
4218 return val;
4219 }
4220
4221 /* warning: addr must be aligned */
4222 static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
4223 enum device_endian endian)
4224 {
4225 int io_index;
4226 uint8_t *ptr;
4227 uint64_t val;
4228 unsigned long pd;
4229 PhysPageDesc *p;
4230
4231 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4232 if (!p) {
4233 pd = IO_MEM_UNASSIGNED;
4234 } else {
4235 pd = p->phys_offset;
4236 }
4237
4238 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
4239 !(pd & IO_MEM_ROMD)) {
4240 /* I/O case */
4241 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4242 if (p)
4243 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4244 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr);
4245 #if defined(TARGET_WORDS_BIGENDIAN)
4246 if (endian == DEVICE_LITTLE_ENDIAN) {
4247 val = bswap16(val);
4248 }
4249 #else
4250 if (endian == DEVICE_BIG_ENDIAN) {
4251 val = bswap16(val);
4252 }
4253 #endif
4254 } else {
4255 /* RAM case */
4256 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
4257 (addr & ~TARGET_PAGE_MASK);
4258 switch (endian) {
4259 case DEVICE_LITTLE_ENDIAN:
4260 val = lduw_le_p(ptr);
4261 break;
4262 case DEVICE_BIG_ENDIAN:
4263 val = lduw_be_p(ptr);
4264 break;
4265 default:
4266 val = lduw_p(ptr);
4267 break;
4268 }
4269 }
4270 return val;
4271 }
4272
4273 uint32_t lduw_phys(target_phys_addr_t addr)
4274 {
4275 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4276 }
4277
4278 uint32_t lduw_le_phys(target_phys_addr_t addr)
4279 {
4280 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4281 }
4282
4283 uint32_t lduw_be_phys(target_phys_addr_t addr)
4284 {
4285 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
4286 }
4287
4288 /* warning: addr must be aligned. The ram page is not masked as dirty
4289 and the code inside is not invalidated. It is useful if the dirty
4290 bits are used to track modified PTEs */
4291 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
4292 {
4293 int io_index;
4294 uint8_t *ptr;
4295 unsigned long pd;
4296 PhysPageDesc *p;
4297
4298 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4299 if (!p) {
4300 pd = IO_MEM_UNASSIGNED;
4301 } else {
4302 pd = p->phys_offset;
4303 }
4304
4305 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4306 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4307 if (p)
4308 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4309 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
4310 } else {
4311 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4312 ptr = qemu_get_ram_ptr(addr1);
4313 stl_p(ptr, val);
4314
4315 if (unlikely(in_migration)) {
4316 if (!cpu_physical_memory_is_dirty(addr1)) {
4317 /* invalidate code */
4318 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4319 /* set dirty bit */
4320 cpu_physical_memory_set_dirty_flags(
4321 addr1, (0xff & ~CODE_DIRTY_FLAG));
4322 }
4323 }
4324 }
4325 }
4326
4327 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
4328 {
4329 int io_index;
4330 uint8_t *ptr;
4331 unsigned long pd;
4332 PhysPageDesc *p;
4333
4334 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4335 if (!p) {
4336 pd = IO_MEM_UNASSIGNED;
4337 } else {
4338 pd = p->phys_offset;
4339 }
4340
4341 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4342 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4343 if (p)
4344 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4345 #ifdef TARGET_WORDS_BIGENDIAN
4346 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
4347 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
4348 #else
4349 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
4350 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
4351 #endif
4352 } else {
4353 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
4354 (addr & ~TARGET_PAGE_MASK);
4355 stq_p(ptr, val);
4356 }
4357 }
4358
4359 /* warning: addr must be aligned */
4360 static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
4361 enum device_endian endian)
4362 {
4363 int io_index;
4364 uint8_t *ptr;
4365 unsigned long pd;
4366 PhysPageDesc *p;
4367
4368 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4369 if (!p) {
4370 pd = IO_MEM_UNASSIGNED;
4371 } else {
4372 pd = p->phys_offset;
4373 }
4374
4375 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4376 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4377 if (p)
4378 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4379 #if defined(TARGET_WORDS_BIGENDIAN)
4380 if (endian == DEVICE_LITTLE_ENDIAN) {
4381 val = bswap32(val);
4382 }
4383 #else
4384 if (endian == DEVICE_BIG_ENDIAN) {
4385 val = bswap32(val);
4386 }
4387 #endif
4388 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
4389 } else {
4390 unsigned long addr1;
4391 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4392 /* RAM case */
4393 ptr = qemu_get_ram_ptr(addr1);
4394 switch (endian) {
4395 case DEVICE_LITTLE_ENDIAN:
4396 stl_le_p(ptr, val);
4397 break;
4398 case DEVICE_BIG_ENDIAN:
4399 stl_be_p(ptr, val);
4400 break;
4401 default:
4402 stl_p(ptr, val);
4403 break;
4404 }
4405 if (!cpu_physical_memory_is_dirty(addr1)) {
4406 /* invalidate code */
4407 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4408 /* set dirty bit */
4409 cpu_physical_memory_set_dirty_flags(addr1,
4410 (0xff & ~CODE_DIRTY_FLAG));
4411 }
4412 }
4413 }
4414
4415 void stl_phys(target_phys_addr_t addr, uint32_t val)
4416 {
4417 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4418 }
4419
4420 void stl_le_phys(target_phys_addr_t addr, uint32_t val)
4421 {
4422 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4423 }
4424
4425 void stl_be_phys(target_phys_addr_t addr, uint32_t val)
4426 {
4427 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4428 }
4429
4430 /* XXX: optimize */
4431 void stb_phys(target_phys_addr_t addr, uint32_t val)
4432 {
4433 uint8_t v = val;
4434 cpu_physical_memory_write(addr, &v, 1);
4435 }
4436
4437 /* warning: addr must be aligned */
4438 static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4439 enum device_endian endian)
4440 {
4441 int io_index;
4442 uint8_t *ptr;
4443 unsigned long pd;
4444 PhysPageDesc *p;
4445
4446 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4447 if (!p) {
4448 pd = IO_MEM_UNASSIGNED;
4449 } else {
4450 pd = p->phys_offset;
4451 }
4452
4453 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4454 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4455 if (p)
4456 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4457 #if defined(TARGET_WORDS_BIGENDIAN)
4458 if (endian == DEVICE_LITTLE_ENDIAN) {
4459 val = bswap16(val);
4460 }
4461 #else
4462 if (endian == DEVICE_BIG_ENDIAN) {
4463 val = bswap16(val);
4464 }
4465 #endif
4466 io_mem_write[io_index][1](io_mem_opaque[io_index], addr, val);
4467 } else {
4468 unsigned long addr1;
4469 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4470 /* RAM case */
4471 ptr = qemu_get_ram_ptr(addr1);
4472 switch (endian) {
4473 case DEVICE_LITTLE_ENDIAN:
4474 stw_le_p(ptr, val);
4475 break;
4476 case DEVICE_BIG_ENDIAN:
4477 stw_be_p(ptr, val);
4478 break;
4479 default:
4480 stw_p(ptr, val);
4481 break;
4482 }
4483 if (!cpu_physical_memory_is_dirty(addr1)) {
4484 /* invalidate code */
4485 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4486 /* set dirty bit */
4487 cpu_physical_memory_set_dirty_flags(addr1,
4488 (0xff & ~CODE_DIRTY_FLAG));
4489 }
4490 }
4491 }
4492
4493 void stw_phys(target_phys_addr_t addr, uint32_t val)
4494 {
4495 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4496 }
4497
4498 void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4499 {
4500 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4501 }
4502
4503 void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4504 {
4505 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4506 }
4507
4508 /* XXX: optimize */
4509 void stq_phys(target_phys_addr_t addr, uint64_t val)
4510 {
4511 val = tswap64(val);
4512 cpu_physical_memory_write(addr, &val, 8);
4513 }
4514
4515 void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4516 {
4517 val = cpu_to_le64(val);
4518 cpu_physical_memory_write(addr, &val, 8);
4519 }
4520
4521 void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4522 {
4523 val = cpu_to_be64(val);
4524 cpu_physical_memory_write(addr, &val, 8);
4525 }
4526
4527 /* virtual memory access for debug (includes writing to ROM) */
4528 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
4529 uint8_t *buf, int len, int is_write)
4530 {
4531 int l;
4532 target_phys_addr_t phys_addr;
4533 target_ulong page;
4534
4535 while (len > 0) {
4536 page = addr & TARGET_PAGE_MASK;
4537 phys_addr = cpu_get_phys_page_debug(env, page);
4538 /* if no physical page mapped, return an error */
4539 if (phys_addr == -1)
4540 return -1;
4541 l = (page + TARGET_PAGE_SIZE) - addr;
4542 if (l > len)
4543 l = len;
4544 phys_addr += (addr & ~TARGET_PAGE_MASK);
4545 if (is_write)
4546 cpu_physical_memory_write_rom(phys_addr, buf, l);
4547 else
4548 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
4549 len -= l;
4550 buf += l;
4551 addr += l;
4552 }
4553 return 0;
4554 }
4555 #endif
4556
4557 /* in deterministic execution mode, instructions doing device I/Os
4558 must be at the end of the TB */
4559 void cpu_io_recompile(CPUState *env, void *retaddr)
4560 {
4561 TranslationBlock *tb;
4562 uint32_t n, cflags;
4563 target_ulong pc, cs_base;
4564 uint64_t flags;
4565
4566 tb = tb_find_pc((unsigned long)retaddr);
4567 if (!tb) {
4568 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4569 retaddr);
4570 }
4571 n = env->icount_decr.u16.low + tb->icount;
4572 cpu_restore_state(tb, env, (unsigned long)retaddr);
4573 /* Calculate how many instructions had been executed before the fault
4574 occurred. */
4575 n = n - env->icount_decr.u16.low;
4576 /* Generate a new TB ending on the I/O insn. */
4577 n++;
4578 /* On MIPS and SH, delay slot instructions can only be restarted if
4579 they were already the first instruction in the TB. If this is not
4580 the first instruction in a TB then re-execute the preceding
4581 branch. */
4582 #if defined(TARGET_MIPS)
4583 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4584 env->active_tc.PC -= 4;
4585 env->icount_decr.u16.low++;
4586 env->hflags &= ~MIPS_HFLAG_BMASK;
4587 }
4588 #elif defined(TARGET_SH4)
4589 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4590 && n > 1) {
4591 env->pc -= 2;
4592 env->icount_decr.u16.low++;
4593 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4594 }
4595 #endif
4596 /* This should never happen. */
4597 if (n > CF_COUNT_MASK)
4598 cpu_abort(env, "TB too big during recompile");
4599
4600 cflags = n | CF_LAST_IO;
4601 pc = tb->pc;
4602 cs_base = tb->cs_base;
4603 flags = tb->flags;
4604 tb_phys_invalidate(tb, -1);
4605 /* FIXME: In theory this could raise an exception. In practice
4606 we have already translated the block once so it's probably ok. */
4607 tb_gen_code(env, pc, cs_base, flags, cflags);
4608 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
4609 the first in the TB) then we end up generating a whole new TB and
4610 repeating the fault, which is horribly inefficient.
4611 Better would be to execute just this insn uncached, or generate a
4612 second new TB. */
4613 cpu_resume_from_signal(env, NULL);
4614 }
4615
4616 #if !defined(CONFIG_USER_ONLY)
4617
4618 void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
4619 {
4620 int i, target_code_size, max_target_code_size;
4621 int direct_jmp_count, direct_jmp2_count, cross_page;
4622 TranslationBlock *tb;
4623
4624 target_code_size = 0;
4625 max_target_code_size = 0;
4626 cross_page = 0;
4627 direct_jmp_count = 0;
4628 direct_jmp2_count = 0;
4629 for(i = 0; i < nb_tbs; i++) {
4630 tb = &tbs[i];
4631 target_code_size += tb->size;
4632 if (tb->size > max_target_code_size)
4633 max_target_code_size = tb->size;
4634 if (tb->page_addr[1] != -1)
4635 cross_page++;
4636 if (tb->tb_next_offset[0] != 0xffff) {
4637 direct_jmp_count++;
4638 if (tb->tb_next_offset[1] != 0xffff) {
4639 direct_jmp2_count++;
4640 }
4641 }
4642 }
4643 /* XXX: avoid using doubles ? */
4644 cpu_fprintf(f, "Translation buffer state:\n");
4645 cpu_fprintf(f, "gen code size %td/%ld\n",
4646 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4647 cpu_fprintf(f, "TB count %d/%d\n",
4648 nb_tbs, code_gen_max_blocks);
4649 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
4650 nb_tbs ? target_code_size / nb_tbs : 0,
4651 max_target_code_size);
4652 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
4653 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4654 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
4655 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4656 cross_page,
4657 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4658 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
4659 direct_jmp_count,
4660 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4661 direct_jmp2_count,
4662 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
4663 cpu_fprintf(f, "\nStatistics:\n");
4664 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4665 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4666 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
4667 tcg_dump_info(f, cpu_fprintf);
4668 }
4669
4670 #define MMUSUFFIX _cmmu
4671 #undef GETPC
4672 #define GETPC() NULL
4673 #define env cpu_single_env
4674 #define SOFTMMU_CODE_ACCESS
4675
4676 #define SHIFT 0
4677 #include "softmmu_template.h"
4678
4679 #define SHIFT 1
4680 #include "softmmu_template.h"
4681
4682 #define SHIFT 2
4683 #include "softmmu_template.h"
4684
4685 #define SHIFT 3
4686 #include "softmmu_template.h"
4687
4688 #undef env
4689
4690 #endif
QEMU modified to work with kvm