search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
qemu-kvm: remove unused qemu_kvm_get_dirty_pages
[qemu-kvm/amd-iommu.git] / exec.c
blobde2fbeadb19fb64f2d8b4b884a5757c02d4a3b76
1 /*
2 * virtual page mapping and translated block handling
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifdef _WIN32
21 #include <windows.h>
22 #else
23 #include <sys/types.h>
24 #include <sys/mman.h>
25 #endif
26 #include <stdlib.h>
27 #include <stdio.h>
28 #include <stdarg.h>
29 #include <string.h>
30 #include <errno.h>
31 #include <unistd.h>
32 #include <inttypes.h>
33
34 #include "cpu.h"
35 #include "exec-all.h"
36 #include "qemu-common.h"
37 #include "cache-utils.h"
38
39 #if !defined(TARGET_IA64)
40 #include "tcg.h"
41 #endif
42 #include "qemu-kvm.h"
43
44 #include "hw/hw.h"
45 #include "osdep.h"
46 #include "kvm.h"
47 #if defined(CONFIG_USER_ONLY)
48 #include <qemu.h>
49 #include <signal.h>
50 #endif
51
52 //#define DEBUG_TB_INVALIDATE
53 //#define DEBUG_FLUSH
54 //#define DEBUG_TLB
55 //#define DEBUG_UNASSIGNED
56
57 /* make various TB consistency checks */
58 //#define DEBUG_TB_CHECK
59 //#define DEBUG_TLB_CHECK
60
61 //#define DEBUG_IOPORT
62 //#define DEBUG_SUBPAGE
63
64 #if !defined(CONFIG_USER_ONLY)
65 /* TB consistency checks only implemented for usermode emulation. */
66 #undef DEBUG_TB_CHECK
67 #endif
68
69 #define SMC_BITMAP_USE_THRESHOLD 10
70
71 static TranslationBlock *tbs;
72 int code_gen_max_blocks;
73 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
74 static int nb_tbs;
75 /* any access to the tbs or the page table must use this lock */
76 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
77
78 #if defined(__arm__) || defined(__sparc_v9__)
79 /* The prologue must be reachable with a direct jump. ARM and Sparc64
80 have limited branch ranges (possibly also PPC) so place it in a
81 section close to code segment. */
82 #define code_gen_section \
83 __attribute__((__section__(".gen_code"))) \
84 __attribute__((aligned (32)))
85 #elif defined(_WIN32)
86 /* Maximum alignment for Win32 is 16. */
87 #define code_gen_section \
88 __attribute__((aligned (16)))
89 #else
90 #define code_gen_section \
91 __attribute__((aligned (32)))
92 #endif
93
94 uint8_t code_gen_prologue[1024] code_gen_section;
95 static uint8_t *code_gen_buffer;
96 static unsigned long code_gen_buffer_size;
97 /* threshold to flush the translated code buffer */
98 static unsigned long code_gen_buffer_max_size;
99 uint8_t *code_gen_ptr;
100
101 #if !defined(CONFIG_USER_ONLY)
102 int phys_ram_fd;
103 uint8_t *phys_ram_dirty;
104 static int in_migration;
105
106 typedef struct RAMBlock {
107 uint8_t *host;
108 ram_addr_t offset;
109 ram_addr_t length;
110 struct RAMBlock *next;
111 } RAMBlock;
112
113 static RAMBlock *ram_blocks;
114 /* TODO: When we implement (and use) ram deallocation (e.g. for hotplug)
115 then we can no longer assume contiguous ram offsets, and external uses
116 of this variable will break. */
117 ram_addr_t last_ram_offset;
118 #endif
119
120 CPUState *first_cpu;
121 /* current CPU in the current thread. It is only valid inside
122 cpu_exec() */
123 CPUState *cpu_single_env;
124 /* 0 = Do not count executed instructions.
125 1 = Precise instruction counting.
126 2 = Adaptive rate instruction counting. */
127 int use_icount = 0;
128 /* Current instruction counter. While executing translated code this may
129 include some instructions that have not yet been executed. */
130 int64_t qemu_icount;
131
132 typedef struct PageDesc {
133 /* list of TBs intersecting this ram page */
134 TranslationBlock *first_tb;
135 /* in order to optimize self modifying code, we count the number
136 of lookups we do to a given page to use a bitmap */
137 unsigned int code_write_count;
138 uint8_t *code_bitmap;
139 #if defined(CONFIG_USER_ONLY)
140 unsigned long flags;
141 #endif
142 } PageDesc;
143
144 /* In system mode we want L1_MAP to be based on ram offsets,
145 while in user mode we want it to be based on virtual addresses. */
146 #if !defined(CONFIG_USER_ONLY)
147 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
148 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
149 #else
150 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
151 #endif
152 #else
153 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
154 #endif
155
156 /* Size of the L2 (and L3, etc) page tables. */
157 #define L2_BITS 10
158 #define L2_SIZE (1 << L2_BITS)
159
160 /* The bits remaining after N lower levels of page tables. */
161 #define P_L1_BITS_REM \
162 ((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
163 #define V_L1_BITS_REM \
164 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
165
166 /* Size of the L1 page table. Avoid silly small sizes. */
167 #if P_L1_BITS_REM < 4
168 #define P_L1_BITS (P_L1_BITS_REM + L2_BITS)
169 #else
170 #define P_L1_BITS P_L1_BITS_REM
171 #endif
172
173 #if V_L1_BITS_REM < 4
174 #define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
175 #else
176 #define V_L1_BITS V_L1_BITS_REM
177 #endif
178
179 #define P_L1_SIZE ((target_phys_addr_t)1 << P_L1_BITS)
180 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
181
182 #define P_L1_SHIFT (TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - P_L1_BITS)
183 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
184
185 unsigned long qemu_real_host_page_size;
186 unsigned long qemu_host_page_bits;
187 unsigned long qemu_host_page_size;
188 unsigned long qemu_host_page_mask;
189
190 /* This is a multi-level map on the virtual address space.
191 The bottom level has pointers to PageDesc. */
192 static void *l1_map[V_L1_SIZE];
193
194 #if !defined(CONFIG_USER_ONLY)
195 typedef struct PhysPageDesc {
196 /* offset in host memory of the page + io_index in the low bits */
197 ram_addr_t phys_offset;
198 ram_addr_t region_offset;
199 } PhysPageDesc;
200
201 /* This is a multi-level map on the physical address space.
202 The bottom level has pointers to PhysPageDesc. */
203 static void *l1_phys_map[P_L1_SIZE];
204
205 static void io_mem_init(void);
206
207 /* io memory support */
208 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
209 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
210 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
211 static char io_mem_used[IO_MEM_NB_ENTRIES];
212 static int io_mem_watch;
213 #endif
214
215 /* log support */
216 #ifdef WIN32
217 static const char *logfilename = "qemu.log";
218 #else
219 static const char *logfilename = "/tmp/qemu.log";
220 #endif
221 FILE *logfile;
222 int loglevel;
223 static int log_append = 0;
224
225 /* statistics */
226 #if !defined(CONFIG_USER_ONLY)
227 static int tlb_flush_count;
228 #endif
229 static int tb_flush_count;
230 static int tb_phys_invalidate_count;
231
232 #ifdef _WIN32
233 static void map_exec(void *addr, long size)
234 {
235 DWORD old_protect;
236 VirtualProtect(addr, size,
237 PAGE_EXECUTE_READWRITE, &old_protect);
238
239 }
240 #else
241 static void map_exec(void *addr, long size)
242 {
243 unsigned long start, end, page_size;
244
245 page_size = getpagesize();
246 start = (unsigned long)addr;
247 start &= ~(page_size - 1);
248
249 end = (unsigned long)addr + size;
250 end += page_size - 1;
251 end &= ~(page_size - 1);
252
253 mprotect((void *)start, end - start,
254 PROT_READ | PROT_WRITE | PROT_EXEC);
255 }
256 #endif
257
258 static void page_init(void)
259 {
260 /* NOTE: we can always suppose that qemu_host_page_size >=
261 TARGET_PAGE_SIZE */
262 #ifdef _WIN32
263 {
264 SYSTEM_INFO system_info;
265
266 GetSystemInfo(&system_info);
267 qemu_real_host_page_size = system_info.dwPageSize;
268 }
269 #else
270 qemu_real_host_page_size = getpagesize();
271 #endif
272 if (qemu_host_page_size == 0)
273 qemu_host_page_size = qemu_real_host_page_size;
274 if (qemu_host_page_size < TARGET_PAGE_SIZE)
275 qemu_host_page_size = TARGET_PAGE_SIZE;
276 qemu_host_page_bits = 0;
277 while ((1 << qemu_host_page_bits) < qemu_host_page_size)
278 qemu_host_page_bits++;
279 qemu_host_page_mask = ~(qemu_host_page_size - 1);
280
281 #if !defined(_WIN32) && defined(CONFIG_USER_ONLY)
282 {
283 FILE *f;
284
285 last_brk = (unsigned long)sbrk(0);
286
287 f = fopen("/proc/self/maps", "r");
288 if (f) {
289 mmap_lock();
290
291 do {
292 unsigned long startaddr, endaddr;
293 int n;
294
295 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
296
297 if (n == 2 && h2g_valid(startaddr)) {
298 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
299
300 if (h2g_valid(endaddr)) {
301 endaddr = h2g(endaddr);
302 } else {
303 endaddr = ~0ul;
304 }
305 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
306 }
307 } while (!feof(f));
308
309 fclose(f);
310 mmap_unlock();
311 }
312 }
313 #endif
314 }
315
316 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
317 {
318 PageDesc *pd;
319 void **lp;
320 int i;
321
322 #if defined(CONFIG_USER_ONLY)
323 /* We can't use qemu_malloc because it may recurse into a locked mutex.
324 Neither can we record the new pages we reserve while allocating a
325 given page because that may recurse into an unallocated page table
326 entry. Stuff the allocations we do make into a queue and process
327 them after having completed one entire page table allocation. */
328
329 unsigned long reserve[2 * (V_L1_SHIFT / L2_BITS)];
330 int reserve_idx = 0;
331
332 # define ALLOC(P, SIZE) \
333 do { \
334 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
335 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
336 if (h2g_valid(P)) { \
337 reserve[reserve_idx] = h2g(P); \
338 reserve[reserve_idx + 1] = SIZE; \
339 reserve_idx += 2; \
340 } \
341 } while (0)
342 #else
343 # define ALLOC(P, SIZE) \
344 do { P = qemu_mallocz(SIZE); } while (0)
345 #endif
346
347 /* Level 1. Always allocated. */
348 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
349
350 /* Level 2..N-1. */
351 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
352 void **p = *lp;
353
354 if (p == NULL) {
355 if (!alloc) {
356 return NULL;
357 }
358 ALLOC(p, sizeof(void *) * L2_SIZE);
359 *lp = p;
360 }
361
362 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
363 }
364
365 pd = *lp;
366 if (pd == NULL) {
367 if (!alloc) {
368 return NULL;
369 }
370 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
371 *lp = pd;
372 }
373
374 #undef ALLOC
375 #if defined(CONFIG_USER_ONLY)
376 for (i = 0; i < reserve_idx; i += 2) {
377 unsigned long addr = reserve[i];
378 unsigned long len = reserve[i + 1];
379
380 page_set_flags(addr & TARGET_PAGE_MASK,
381 TARGET_PAGE_ALIGN(addr + len),
382 PAGE_RESERVED);
383 }
384 #endif
385
386 return pd + (index & (L2_SIZE - 1));
387 }
388
389 static inline PageDesc *page_find(tb_page_addr_t index)
390 {
391 return page_find_alloc(index, 0);
392 }
393
394 #if !defined(CONFIG_USER_ONLY)
395 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
396 {
397 PhysPageDesc *pd;
398 void **lp;
399 int i;
400
401 /* Level 1. Always allocated. */
402 lp = l1_phys_map + ((index >> P_L1_SHIFT) & (P_L1_SIZE - 1));
403
404 /* Level 2..N-1. */
405 for (i = P_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
406 void **p = *lp;
407 if (p == NULL) {
408 if (!alloc) {
409 return NULL;
410 }
411 *lp = p = qemu_mallocz(sizeof(void *) * L2_SIZE);
412 }
413 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
414 }
415
416 pd = *lp;
417 if (pd == NULL) {
418 int i;
419
420 if (!alloc) {
421 return NULL;
422 }
423
424 *lp = pd = qemu_malloc(sizeof(PhysPageDesc) * L2_SIZE);
425
426 for (i = 0; i < L2_SIZE; i++) {
427 pd[i].phys_offset = IO_MEM_UNASSIGNED;
428 pd[i].region_offset = (index + i) << TARGET_PAGE_BITS;
429 }
430 }
431
432 return pd + (index & (L2_SIZE - 1));
433 }
434
435 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
436 {
437 return phys_page_find_alloc(index, 0);
438 }
439
440 static void tlb_protect_code(ram_addr_t ram_addr);
441 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
442 target_ulong vaddr);
443 #define mmap_lock() do { } while(0)
444 #define mmap_unlock() do { } while(0)
445 #endif
446
447 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
448
449 #if defined(CONFIG_USER_ONLY)
450 /* Currently it is not recommended to allocate big chunks of data in
451 user mode. It will change when a dedicated libc will be used */
452 #define USE_STATIC_CODE_GEN_BUFFER
453 #endif
454
455 #ifdef USE_STATIC_CODE_GEN_BUFFER
456 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE];
457 #endif
458
459 static void code_gen_alloc(unsigned long tb_size)
460 {
461 if (kvm_enabled())
462 return;
463
464 #ifdef USE_STATIC_CODE_GEN_BUFFER
465 code_gen_buffer = static_code_gen_buffer;
466 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
467 map_exec(code_gen_buffer, code_gen_buffer_size);
468 #else
469 code_gen_buffer_size = tb_size;
470 if (code_gen_buffer_size == 0) {
471 #if defined(CONFIG_USER_ONLY)
472 /* in user mode, phys_ram_size is not meaningful */
473 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
474 #else
475 /* XXX: needs adjustments */
476 code_gen_buffer_size = (unsigned long)(ram_size / 4);
477 #endif
478 }
479 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
480 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
481 /* The code gen buffer location may have constraints depending on
482 the host cpu and OS */
483 #if defined(__linux__)
484 {
485 int flags;
486 void *start = NULL;
487
488 flags = MAP_PRIVATE | MAP_ANONYMOUS;
489 #if defined(__x86_64__)
490 flags |= MAP_32BIT;
491 /* Cannot map more than that */
492 if (code_gen_buffer_size > (800 * 1024 * 1024))
493 code_gen_buffer_size = (800 * 1024 * 1024);
494 #elif defined(__sparc_v9__)
495 // Map the buffer below 2G, so we can use direct calls and branches
496 flags |= MAP_FIXED;
497 start = (void *) 0x60000000UL;
498 if (code_gen_buffer_size > (512 * 1024 * 1024))
499 code_gen_buffer_size = (512 * 1024 * 1024);
500 #elif defined(__arm__)
501 /* Map the buffer below 32M, so we can use direct calls and branches */
502 flags |= MAP_FIXED;
503 start = (void *) 0x01000000UL;
504 if (code_gen_buffer_size > 16 * 1024 * 1024)
505 code_gen_buffer_size = 16 * 1024 * 1024;
506 #endif
507 code_gen_buffer = mmap(start, code_gen_buffer_size,
508 PROT_WRITE | PROT_READ | PROT_EXEC,
509 flags, -1, 0);
510 if (code_gen_buffer == MAP_FAILED) {
511 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
512 exit(1);
513 }
514 }
515 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__)
516 {
517 int flags;
518 void *addr = NULL;
519 flags = MAP_PRIVATE | MAP_ANONYMOUS;
520 #if defined(__x86_64__)
521 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
522 * 0x40000000 is free */
523 flags |= MAP_FIXED;
524 addr = (void *)0x40000000;
525 /* Cannot map more than that */
526 if (code_gen_buffer_size > (800 * 1024 * 1024))
527 code_gen_buffer_size = (800 * 1024 * 1024);
528 #endif
529 code_gen_buffer = mmap(addr, code_gen_buffer_size,
530 PROT_WRITE | PROT_READ | PROT_EXEC,
531 flags, -1, 0);
532 if (code_gen_buffer == MAP_FAILED) {
533 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
534 exit(1);
535 }
536 }
537 #else
538 code_gen_buffer = qemu_malloc(code_gen_buffer_size);
539 map_exec(code_gen_buffer, code_gen_buffer_size);
540 #endif
541 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
542 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
543 code_gen_buffer_max_size = code_gen_buffer_size -
544 code_gen_max_block_size();
545 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
546 tbs = qemu_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
547 }
548
549 /* Must be called before using the QEMU cpus. 'tb_size' is the size
550 (in bytes) allocated to the translation buffer. Zero means default
551 size. */
552 void cpu_exec_init_all(unsigned long tb_size)
553 {
554 cpu_gen_init();
555 code_gen_alloc(tb_size);
556 code_gen_ptr = code_gen_buffer;
557 page_init();
558 #if !defined(CONFIG_USER_ONLY)
559 io_mem_init();
560 #endif
561 }
562
563 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
564
565 static int cpu_common_post_load(void *opaque, int version_id)
566 {
567 CPUState *env = opaque;
568
569 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
570 version_id is increased. */
571 env->interrupt_request &= ~0x01;
572 tlb_flush(env, 1);
573
574 return 0;
575 }
576
577 static const VMStateDescription vmstate_cpu_common = {
578 .name = "cpu_common",
579 .version_id = 1,
580 .minimum_version_id = 1,
581 .minimum_version_id_old = 1,
582 .post_load = cpu_common_post_load,
583 .fields = (VMStateField []) {
584 VMSTATE_UINT32(halted, CPUState),
585 VMSTATE_UINT32(interrupt_request, CPUState),
586 VMSTATE_END_OF_LIST()
587 }
588 };
589 #endif
590
591 CPUState *qemu_get_cpu(int cpu)
592 {
593 CPUState *env = first_cpu;
594
595 while (env) {
596 if (env->cpu_index == cpu)
597 break;
598 env = env->next_cpu;
599 }
600
601 return env;
602 }
603
604 void cpu_exec_init(CPUState *env)
605 {
606 CPUState **penv;
607 int cpu_index;
608
609 #if defined(CONFIG_USER_ONLY)
610 cpu_list_lock();
611 #endif
612 env->next_cpu = NULL;
613 penv = &first_cpu;
614 cpu_index = 0;
615 while (*penv != NULL) {
616 penv = &(*penv)->next_cpu;
617 cpu_index++;
618 }
619 env->cpu_index = cpu_index;
620 env->numa_node = 0;
621 QTAILQ_INIT(&env->breakpoints);
622 QTAILQ_INIT(&env->watchpoints);
623 #ifdef __WIN32
624 env->thread_id = GetCurrentProcessId();
625 #else
626 env->thread_id = getpid();
627 #endif
628 *penv = env;
629 #if defined(CONFIG_USER_ONLY)
630 cpu_list_unlock();
631 #endif
632 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
633 vmstate_register(cpu_index, &vmstate_cpu_common, env);
634 register_savevm("cpu", cpu_index, CPU_SAVE_VERSION,
635 cpu_save, cpu_load, env);
636 #endif
637 }
638
639 static inline void invalidate_page_bitmap(PageDesc *p)
640 {
641 if (p->code_bitmap) {
642 qemu_free(p->code_bitmap);
643 p->code_bitmap = NULL;
644 }
645 p->code_write_count = 0;
646 }
647
648 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
649
650 static void page_flush_tb_1 (int level, void **lp)
651 {
652 int i;
653
654 if (*lp == NULL) {
655 return;
656 }
657 if (level == 0) {
658 PageDesc *pd = *lp;
659 for (i = 0; i < L2_SIZE; ++i) {
660 pd[i].first_tb = NULL;
661 invalidate_page_bitmap(pd + i);
662 }
663 } else {
664 void **pp = *lp;
665 for (i = 0; i < L2_SIZE; ++i) {
666 page_flush_tb_1 (level - 1, pp + i);
667 }
668 }
669 }
670
671 static void page_flush_tb(void)
672 {
673 int i;
674 for (i = 0; i < V_L1_SIZE; i++) {
675 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
676 }
677 }
678
679 /* flush all the translation blocks */
680 /* XXX: tb_flush is currently not thread safe */
681 void tb_flush(CPUState *env1)
682 {
683 CPUState *env;
684 #if defined(DEBUG_FLUSH)
685 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
686 (unsigned long)(code_gen_ptr - code_gen_buffer),
687 nb_tbs, nb_tbs > 0 ?
688 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
689 #endif
690 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
691 cpu_abort(env1, "Internal error: code buffer overflow\n");
692
693 nb_tbs = 0;
694
695 for(env = first_cpu; env != NULL; env = env->next_cpu) {
696 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
697 }
698
699 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
700 page_flush_tb();
701
702 code_gen_ptr = code_gen_buffer;
703 /* XXX: flush processor icache at this point if cache flush is
704 expensive */
705 tb_flush_count++;
706 }
707
708 #ifdef DEBUG_TB_CHECK
709
710 static void tb_invalidate_check(target_ulong address)
711 {
712 TranslationBlock *tb;
713 int i;
714 address &= TARGET_PAGE_MASK;
715 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
716 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
717 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
718 address >= tb->pc + tb->size)) {
719 printf("ERROR invalidate: address=" TARGET_FMT_lx
720 " PC=%08lx size=%04x\n",
721 address, (long)tb->pc, tb->size);
722 }
723 }
724 }
725 }
726
727 /* verify that all the pages have correct rights for code */
728 static void tb_page_check(void)
729 {
730 TranslationBlock *tb;
731 int i, flags1, flags2;
732
733 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
734 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
735 flags1 = page_get_flags(tb->pc);
736 flags2 = page_get_flags(tb->pc + tb->size - 1);
737 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
738 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
739 (long)tb->pc, tb->size, flags1, flags2);
740 }
741 }
742 }
743 }
744
745 #endif
746
747 /* invalidate one TB */
748 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
749 int next_offset)
750 {
751 TranslationBlock *tb1;
752 for(;;) {
753 tb1 = *ptb;
754 if (tb1 == tb) {
755 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
756 break;
757 }
758 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
759 }
760 }
761
762 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
763 {
764 TranslationBlock *tb1;
765 unsigned int n1;
766
767 for(;;) {
768 tb1 = *ptb;
769 n1 = (long)tb1 & 3;
770 tb1 = (TranslationBlock *)((long)tb1 & ~3);
771 if (tb1 == tb) {
772 *ptb = tb1->page_next[n1];
773 break;
774 }
775 ptb = &tb1->page_next[n1];
776 }
777 }
778
779 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
780 {
781 TranslationBlock *tb1, **ptb;
782 unsigned int n1;
783
784 ptb = &tb->jmp_next[n];
785 tb1 = *ptb;
786 if (tb1) {
787 /* find tb(n) in circular list */
788 for(;;) {
789 tb1 = *ptb;
790 n1 = (long)tb1 & 3;
791 tb1 = (TranslationBlock *)((long)tb1 & ~3);
792 if (n1 == n && tb1 == tb)
793 break;
794 if (n1 == 2) {
795 ptb = &tb1->jmp_first;
796 } else {
797 ptb = &tb1->jmp_next[n1];
798 }
799 }
800 /* now we can suppress tb(n) from the list */
801 *ptb = tb->jmp_next[n];
802
803 tb->jmp_next[n] = NULL;
804 }
805 }
806
807 /* reset the jump entry 'n' of a TB so that it is not chained to
808 another TB */
809 static inline void tb_reset_jump(TranslationBlock *tb, int n)
810 {
811 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
812 }
813
814 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
815 {
816 CPUState *env;
817 PageDesc *p;
818 unsigned int h, n1;
819 tb_page_addr_t phys_pc;
820 TranslationBlock *tb1, *tb2;
821
822 /* remove the TB from the hash list */
823 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
824 h = tb_phys_hash_func(phys_pc);
825 tb_remove(&tb_phys_hash[h], tb,
826 offsetof(TranslationBlock, phys_hash_next));
827
828 /* remove the TB from the page list */
829 if (tb->page_addr[0] != page_addr) {
830 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
831 tb_page_remove(&p->first_tb, tb);
832 invalidate_page_bitmap(p);
833 }
834 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
835 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
836 tb_page_remove(&p->first_tb, tb);
837 invalidate_page_bitmap(p);
838 }
839
840 tb_invalidated_flag = 1;
841
842 /* remove the TB from the hash list */
843 h = tb_jmp_cache_hash_func(tb->pc);
844 for(env = first_cpu; env != NULL; env = env->next_cpu) {
845 if (env->tb_jmp_cache[h] == tb)
846 env->tb_jmp_cache[h] = NULL;
847 }
848
849 /* suppress this TB from the two jump lists */
850 tb_jmp_remove(tb, 0);
851 tb_jmp_remove(tb, 1);
852
853 /* suppress any remaining jumps to this TB */
854 tb1 = tb->jmp_first;
855 for(;;) {
856 n1 = (long)tb1 & 3;
857 if (n1 == 2)
858 break;
859 tb1 = (TranslationBlock *)((long)tb1 & ~3);
860 tb2 = tb1->jmp_next[n1];
861 tb_reset_jump(tb1, n1);
862 tb1->jmp_next[n1] = NULL;
863 tb1 = tb2;
864 }
865 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
866
867 tb_phys_invalidate_count++;
868 }
869
870 static inline void set_bits(uint8_t *tab, int start, int len)
871 {
872 int end, mask, end1;
873
874 end = start + len;
875 tab += start >> 3;
876 mask = 0xff << (start & 7);
877 if ((start & ~7) == (end & ~7)) {
878 if (start < end) {
879 mask &= ~(0xff << (end & 7));
880 *tab |= mask;
881 }
882 } else {
883 *tab++ |= mask;
884 start = (start + 8) & ~7;
885 end1 = end & ~7;
886 while (start < end1) {
887 *tab++ = 0xff;
888 start += 8;
889 }
890 if (start < end) {
891 mask = ~(0xff << (end & 7));
892 *tab |= mask;
893 }
894 }
895 }
896
897 static void build_page_bitmap(PageDesc *p)
898 {
899 int n, tb_start, tb_end;
900 TranslationBlock *tb;
901
902 p->code_bitmap = qemu_mallocz(TARGET_PAGE_SIZE / 8);
903
904 tb = p->first_tb;
905 while (tb != NULL) {
906 n = (long)tb & 3;
907 tb = (TranslationBlock *)((long)tb & ~3);
908 /* NOTE: this is subtle as a TB may span two physical pages */
909 if (n == 0) {
910 /* NOTE: tb_end may be after the end of the page, but
911 it is not a problem */
912 tb_start = tb->pc & ~TARGET_PAGE_MASK;
913 tb_end = tb_start + tb->size;
914 if (tb_end > TARGET_PAGE_SIZE)
915 tb_end = TARGET_PAGE_SIZE;
916 } else {
917 tb_start = 0;
918 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
919 }
920 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
921 tb = tb->page_next[n];
922 }
923 }
924
925 TranslationBlock *tb_gen_code(CPUState *env,
926 target_ulong pc, target_ulong cs_base,
927 int flags, int cflags)
928 {
929 TranslationBlock *tb;
930 uint8_t *tc_ptr;
931 tb_page_addr_t phys_pc, phys_page2;
932 target_ulong virt_page2;
933 int code_gen_size;
934
935 phys_pc = get_page_addr_code(env, pc);
936 tb = tb_alloc(pc);
937 if (!tb) {
938 /* flush must be done */
939 tb_flush(env);
940 /* cannot fail at this point */
941 tb = tb_alloc(pc);
942 /* Don't forget to invalidate previous TB info. */
943 tb_invalidated_flag = 1;
944 }
945 tc_ptr = code_gen_ptr;
946 tb->tc_ptr = tc_ptr;
947 tb->cs_base = cs_base;
948 tb->flags = flags;
949 tb->cflags = cflags;
950 cpu_gen_code(env, tb, &code_gen_size);
951 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
952
953 /* check next page if needed */
954 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
955 phys_page2 = -1;
956 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
957 phys_page2 = get_page_addr_code(env, virt_page2);
958 }
959 tb_link_page(tb, phys_pc, phys_page2);
960 return tb;
961 }
962
963 /* invalidate all TBs which intersect with the target physical page
964 starting in range [start;end[. NOTE: start and end must refer to
965 the same physical page. 'is_cpu_write_access' should be true if called
966 from a real cpu write access: the virtual CPU will exit the current
967 TB if code is modified inside this TB. */
968 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
969 int is_cpu_write_access)
970 {
971 TranslationBlock *tb, *tb_next, *saved_tb;
972 CPUState *env = cpu_single_env;
973 tb_page_addr_t tb_start, tb_end;
974 PageDesc *p;
975 int n;
976 #ifdef TARGET_HAS_PRECISE_SMC
977 int current_tb_not_found = is_cpu_write_access;
978 TranslationBlock *current_tb = NULL;
979 int current_tb_modified = 0;
980 target_ulong current_pc = 0;
981 target_ulong current_cs_base = 0;
982 int current_flags = 0;
983 #endif /* TARGET_HAS_PRECISE_SMC */
984
985 p = page_find(start >> TARGET_PAGE_BITS);
986 if (!p)
987 return;
988 if (!p->code_bitmap &&
989 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
990 is_cpu_write_access) {
991 /* build code bitmap */
992 build_page_bitmap(p);
993 }
994
995 /* we remove all the TBs in the range [start, end[ */
996 /* XXX: see if in some cases it could be faster to invalidate all the code */
997 tb = p->first_tb;
998 while (tb != NULL) {
999 n = (long)tb & 3;
1000 tb = (TranslationBlock *)((long)tb & ~3);
1001 tb_next = tb->page_next[n];
1002 /* NOTE: this is subtle as a TB may span two physical pages */
1003 if (n == 0) {
1004 /* NOTE: tb_end may be after the end of the page, but
1005 it is not a problem */
1006 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1007 tb_end = tb_start + tb->size;
1008 } else {
1009 tb_start = tb->page_addr[1];
1010 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1011 }
1012 if (!(tb_end <= start || tb_start >= end)) {
1013 #ifdef TARGET_HAS_PRECISE_SMC
1014 if (current_tb_not_found) {
1015 current_tb_not_found = 0;
1016 current_tb = NULL;
1017 if (env->mem_io_pc) {
1018 /* now we have a real cpu fault */
1019 current_tb = tb_find_pc(env->mem_io_pc);
1020 }
1021 }
1022 if (current_tb == tb &&
1023 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1024 /* If we are modifying the current TB, we must stop
1025 its execution. We could be more precise by checking
1026 that the modification is after the current PC, but it
1027 would require a specialized function to partially
1028 restore the CPU state */
1029
1030 current_tb_modified = 1;
1031 cpu_restore_state(current_tb, env,
1032 env->mem_io_pc, NULL);
1033 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1034 &current_flags);
1035 }
1036 #endif /* TARGET_HAS_PRECISE_SMC */
1037 /* we need to do that to handle the case where a signal
1038 occurs while doing tb_phys_invalidate() */
1039 saved_tb = NULL;
1040 if (env) {
1041 saved_tb = env->current_tb;
1042 env->current_tb = NULL;
1043 }
1044 tb_phys_invalidate(tb, -1);
1045 if (env) {
1046 env->current_tb = saved_tb;
1047 if (env->interrupt_request && env->current_tb)
1048 cpu_interrupt(env, env->interrupt_request);
1049 }
1050 }
1051 tb = tb_next;
1052 }
1053 #if !defined(CONFIG_USER_ONLY)
1054 /* if no code remaining, no need to continue to use slow writes */
1055 if (!p->first_tb) {
1056 invalidate_page_bitmap(p);
1057 if (is_cpu_write_access) {
1058 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1059 }
1060 }
1061 #endif
1062 #ifdef TARGET_HAS_PRECISE_SMC
1063 if (current_tb_modified) {
1064 /* we generate a block containing just the instruction
1065 modifying the memory. It will ensure that it cannot modify
1066 itself */
1067 env->current_tb = NULL;
1068 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1069 cpu_resume_from_signal(env, NULL);
1070 }
1071 #endif
1072 }
1073
1074 /* len must be <= 8 and start must be a multiple of len */
1075 static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1076 {
1077 PageDesc *p;
1078 int offset, b;
1079 #if 0
1080 if (1) {
1081 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1082 cpu_single_env->mem_io_vaddr, len,
1083 cpu_single_env->eip,
1084 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
1085 }
1086 #endif
1087 p = page_find(start >> TARGET_PAGE_BITS);
1088 if (!p)
1089 return;
1090 if (p->code_bitmap) {
1091 offset = start & ~TARGET_PAGE_MASK;
1092 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1093 if (b & ((1 << len) - 1))
1094 goto do_invalidate;
1095 } else {
1096 do_invalidate:
1097 tb_invalidate_phys_page_range(start, start + len, 1);
1098 }
1099 }
1100
1101 #if !defined(CONFIG_SOFTMMU)
1102 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1103 unsigned long pc, void *puc)
1104 {
1105 TranslationBlock *tb;
1106 PageDesc *p;
1107 int n;
1108 #ifdef TARGET_HAS_PRECISE_SMC
1109 TranslationBlock *current_tb = NULL;
1110 CPUState *env = cpu_single_env;
1111 int current_tb_modified = 0;
1112 target_ulong current_pc = 0;
1113 target_ulong current_cs_base = 0;
1114 int current_flags = 0;
1115 #endif
1116
1117 addr &= TARGET_PAGE_MASK;
1118 p = page_find(addr >> TARGET_PAGE_BITS);
1119 if (!p)
1120 return;
1121 tb = p->first_tb;
1122 #ifdef TARGET_HAS_PRECISE_SMC
1123 if (tb && pc != 0) {
1124 current_tb = tb_find_pc(pc);
1125 }
1126 #endif
1127 while (tb != NULL) {
1128 n = (long)tb & 3;
1129 tb = (TranslationBlock *)((long)tb & ~3);
1130 #ifdef TARGET_HAS_PRECISE_SMC
1131 if (current_tb == tb &&
1132 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1133 /* If we are modifying the current TB, we must stop
1134 its execution. We could be more precise by checking
1135 that the modification is after the current PC, but it
1136 would require a specialized function to partially
1137 restore the CPU state */
1138
1139 current_tb_modified = 1;
1140 cpu_restore_state(current_tb, env, pc, puc);
1141 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1142 &current_flags);
1143 }
1144 #endif /* TARGET_HAS_PRECISE_SMC */
1145 tb_phys_invalidate(tb, addr);
1146 tb = tb->page_next[n];
1147 }
1148 p->first_tb = NULL;
1149 #ifdef TARGET_HAS_PRECISE_SMC
1150 if (current_tb_modified) {
1151 /* we generate a block containing just the instruction
1152 modifying the memory. It will ensure that it cannot modify
1153 itself */
1154 env->current_tb = NULL;
1155 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1156 cpu_resume_from_signal(env, puc);
1157 }
1158 #endif
1159 }
1160 #endif
1161
1162 /* add the tb in the target page and protect it if necessary */
1163 static inline void tb_alloc_page(TranslationBlock *tb,
1164 unsigned int n, tb_page_addr_t page_addr)
1165 {
1166 PageDesc *p;
1167 TranslationBlock *last_first_tb;
1168
1169 tb->page_addr[n] = page_addr;
1170 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1171 tb->page_next[n] = p->first_tb;
1172 last_first_tb = p->first_tb;
1173 p->first_tb = (TranslationBlock *)((long)tb | n);
1174 invalidate_page_bitmap(p);
1175
1176 #if defined(TARGET_HAS_SMC) || 1
1177
1178 #if defined(CONFIG_USER_ONLY)
1179 if (p->flags & PAGE_WRITE) {
1180 target_ulong addr;
1181 PageDesc *p2;
1182 int prot;
1183
1184 /* force the host page as non writable (writes will have a
1185 page fault + mprotect overhead) */
1186 page_addr &= qemu_host_page_mask;
1187 prot = 0;
1188 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1189 addr += TARGET_PAGE_SIZE) {
1190
1191 p2 = page_find (addr >> TARGET_PAGE_BITS);
1192 if (!p2)
1193 continue;
1194 prot |= p2->flags;
1195 p2->flags &= ~PAGE_WRITE;
1196 page_get_flags(addr);
1197 }
1198 mprotect(g2h(page_addr), qemu_host_page_size,
1199 (prot & PAGE_BITS) & ~PAGE_WRITE);
1200 #ifdef DEBUG_TB_INVALIDATE
1201 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1202 page_addr);
1203 #endif
1204 }
1205 #else
1206 /* if some code is already present, then the pages are already
1207 protected. So we handle the case where only the first TB is
1208 allocated in a physical page */
1209 if (!last_first_tb) {
1210 tlb_protect_code(page_addr);
1211 }
1212 #endif
1213
1214 #endif /* TARGET_HAS_SMC */
1215 }
1216
1217 /* Allocate a new translation block. Flush the translation buffer if
1218 too many translation blocks or too much generated code. */
1219 TranslationBlock *tb_alloc(target_ulong pc)
1220 {
1221 TranslationBlock *tb;
1222
1223 if (nb_tbs >= code_gen_max_blocks ||
1224 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
1225 return NULL;
1226 tb = &tbs[nb_tbs++];
1227 tb->pc = pc;
1228 tb->cflags = 0;
1229 return tb;
1230 }
1231
1232 void tb_free(TranslationBlock *tb)
1233 {
1234 /* In practice this is mostly used for single use temporary TB
1235 Ignore the hard cases and just back up if this TB happens to
1236 be the last one generated. */
1237 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
1238 code_gen_ptr = tb->tc_ptr;
1239 nb_tbs--;
1240 }
1241 }
1242
1243 /* add a new TB and link it to the physical page tables. phys_page2 is
1244 (-1) to indicate that only one page contains the TB. */
1245 void tb_link_page(TranslationBlock *tb,
1246 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
1247 {
1248 unsigned int h;
1249 TranslationBlock **ptb;
1250
1251 /* Grab the mmap lock to stop another thread invalidating this TB
1252 before we are done. */
1253 mmap_lock();
1254 /* add in the physical hash table */
1255 h = tb_phys_hash_func(phys_pc);
1256 ptb = &tb_phys_hash[h];
1257 tb->phys_hash_next = *ptb;
1258 *ptb = tb;
1259
1260 /* add in the page list */
1261 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1262 if (phys_page2 != -1)
1263 tb_alloc_page(tb, 1, phys_page2);
1264 else
1265 tb->page_addr[1] = -1;
1266
1267 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1268 tb->jmp_next[0] = NULL;
1269 tb->jmp_next[1] = NULL;
1270
1271 /* init original jump addresses */
1272 if (tb->tb_next_offset[0] != 0xffff)
1273 tb_reset_jump(tb, 0);
1274 if (tb->tb_next_offset[1] != 0xffff)
1275 tb_reset_jump(tb, 1);
1276
1277 #ifdef DEBUG_TB_CHECK
1278 tb_page_check();
1279 #endif
1280 mmap_unlock();
1281 }
1282
1283 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1284 tb[1].tc_ptr. Return NULL if not found */
1285 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1286 {
1287 int m_min, m_max, m;
1288 unsigned long v;
1289 TranslationBlock *tb;
1290
1291 if (nb_tbs <= 0)
1292 return NULL;
1293 if (tc_ptr < (unsigned long)code_gen_buffer ||
1294 tc_ptr >= (unsigned long)code_gen_ptr)
1295 return NULL;
1296 /* binary search (cf Knuth) */
1297 m_min = 0;
1298 m_max = nb_tbs - 1;
1299 while (m_min <= m_max) {
1300 m = (m_min + m_max) >> 1;
1301 tb = &tbs[m];
1302 v = (unsigned long)tb->tc_ptr;
1303 if (v == tc_ptr)
1304 return tb;
1305 else if (tc_ptr < v) {
1306 m_max = m - 1;
1307 } else {
1308 m_min = m + 1;
1309 }
1310 }
1311 return &tbs[m_max];
1312 }
1313
1314 static void tb_reset_jump_recursive(TranslationBlock *tb);
1315
1316 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1317 {
1318 TranslationBlock *tb1, *tb_next, **ptb;
1319 unsigned int n1;
1320
1321 tb1 = tb->jmp_next[n];
1322 if (tb1 != NULL) {
1323 /* find head of list */
1324 for(;;) {
1325 n1 = (long)tb1 & 3;
1326 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1327 if (n1 == 2)
1328 break;
1329 tb1 = tb1->jmp_next[n1];
1330 }
1331 /* we are now sure now that tb jumps to tb1 */
1332 tb_next = tb1;
1333
1334 /* remove tb from the jmp_first list */
1335 ptb = &tb_next->jmp_first;
1336 for(;;) {
1337 tb1 = *ptb;
1338 n1 = (long)tb1 & 3;
1339 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1340 if (n1 == n && tb1 == tb)
1341 break;
1342 ptb = &tb1->jmp_next[n1];
1343 }
1344 *ptb = tb->jmp_next[n];
1345 tb->jmp_next[n] = NULL;
1346
1347 /* suppress the jump to next tb in generated code */
1348 tb_reset_jump(tb, n);
1349
1350 /* suppress jumps in the tb on which we could have jumped */
1351 tb_reset_jump_recursive(tb_next);
1352 }
1353 }
1354
1355 static void tb_reset_jump_recursive(TranslationBlock *tb)
1356 {
1357 tb_reset_jump_recursive2(tb, 0);
1358 tb_reset_jump_recursive2(tb, 1);
1359 }
1360
1361 #if defined(TARGET_HAS_ICE)
1362 #if defined(CONFIG_USER_ONLY)
1363 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1364 {
1365 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1366 }
1367 #else
1368 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1369 {
1370 target_phys_addr_t addr;
1371 target_ulong pd;
1372 ram_addr_t ram_addr;
1373 PhysPageDesc *p;
1374
1375 addr = cpu_get_phys_page_debug(env, pc);
1376 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1377 if (!p) {
1378 pd = IO_MEM_UNASSIGNED;
1379 } else {
1380 pd = p->phys_offset;
1381 }
1382 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1383 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1384 }
1385 #endif
1386 #endif /* TARGET_HAS_ICE */
1387
1388 #if defined(CONFIG_USER_ONLY)
1389 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1390
1391 {
1392 }
1393
1394 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1395 int flags, CPUWatchpoint **watchpoint)
1396 {
1397 return -ENOSYS;
1398 }
1399 #else
1400 /* Add a watchpoint. */
1401 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1402 int flags, CPUWatchpoint **watchpoint)
1403 {
1404 target_ulong len_mask = ~(len - 1);
1405 CPUWatchpoint *wp;
1406
1407 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1408 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1409 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1410 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1411 return -EINVAL;
1412 }
1413 wp = qemu_malloc(sizeof(*wp));
1414
1415 wp->vaddr = addr;
1416 wp->len_mask = len_mask;
1417 wp->flags = flags;
1418
1419 /* keep all GDB-injected watchpoints in front */
1420 if (flags & BP_GDB)
1421 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1422 else
1423 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1424
1425 tlb_flush_page(env, addr);
1426
1427 if (watchpoint)
1428 *watchpoint = wp;
1429 return 0;
1430 }
1431
1432 /* Remove a specific watchpoint. */
1433 int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1434 int flags)
1435 {
1436 target_ulong len_mask = ~(len - 1);
1437 CPUWatchpoint *wp;
1438
1439 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1440 if (addr == wp->vaddr && len_mask == wp->len_mask
1441 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1442 cpu_watchpoint_remove_by_ref(env, wp);
1443 return 0;
1444 }
1445 }
1446 return -ENOENT;
1447 }
1448
1449 /* Remove a specific watchpoint by reference. */
1450 void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1451 {
1452 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1453
1454 tlb_flush_page(env, watchpoint->vaddr);
1455
1456 qemu_free(watchpoint);
1457 }
1458
1459 /* Remove all matching watchpoints. */
1460 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1461 {
1462 CPUWatchpoint *wp, *next;
1463
1464 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1465 if (wp->flags & mask)
1466 cpu_watchpoint_remove_by_ref(env, wp);
1467 }
1468 }
1469 #endif
1470
1471 /* Add a breakpoint. */
1472 int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1473 CPUBreakpoint **breakpoint)
1474 {
1475 #if defined(TARGET_HAS_ICE)
1476 CPUBreakpoint *bp;
1477
1478 bp = qemu_malloc(sizeof(*bp));
1479
1480 bp->pc = pc;
1481 bp->flags = flags;
1482
1483 /* keep all GDB-injected breakpoints in front */
1484 if (flags & BP_GDB)
1485 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1486 else
1487 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1488
1489 breakpoint_invalidate(env, pc);
1490
1491 if (breakpoint)
1492 *breakpoint = bp;
1493 return 0;
1494 #else
1495 return -ENOSYS;
1496 #endif
1497 }
1498
1499 /* Remove a specific breakpoint. */
1500 int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1501 {
1502 #if defined(TARGET_HAS_ICE)
1503 CPUBreakpoint *bp;
1504
1505 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1506 if (bp->pc == pc && bp->flags == flags) {
1507 cpu_breakpoint_remove_by_ref(env, bp);
1508 return 0;
1509 }
1510 }
1511 return -ENOENT;
1512 #else
1513 return -ENOSYS;
1514 #endif
1515 }
1516
1517 /* Remove a specific breakpoint by reference. */
1518 void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
1519 {
1520 #if defined(TARGET_HAS_ICE)
1521 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1522
1523 breakpoint_invalidate(env, breakpoint->pc);
1524
1525 qemu_free(breakpoint);
1526 #endif
1527 }
1528
1529 /* Remove all matching breakpoints. */
1530 void cpu_breakpoint_remove_all(CPUState *env, int mask)
1531 {
1532 #if defined(TARGET_HAS_ICE)
1533 CPUBreakpoint *bp, *next;
1534
1535 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1536 if (bp->flags & mask)
1537 cpu_breakpoint_remove_by_ref(env, bp);
1538 }
1539 #endif
1540 }
1541
1542 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1543 CPU loop after each instruction */
1544 void cpu_single_step(CPUState *env, int enabled)
1545 {
1546 #if defined(TARGET_HAS_ICE)
1547 if (env->singlestep_enabled != enabled) {
1548 env->singlestep_enabled = enabled;
1549 if (kvm_enabled())
1550 kvm_update_guest_debug(env, 0);
1551 else {
1552 /* must flush all the translated code to avoid inconsistencies */
1553 /* XXX: only flush what is necessary */
1554 tb_flush(env);
1555 }
1556 }
1557 #endif
1558 }
1559
1560 /* enable or disable low levels log */
1561 void cpu_set_log(int log_flags)
1562 {
1563 loglevel = log_flags;
1564 if (loglevel && !logfile) {
1565 logfile = fopen(logfilename, log_append ? "a" : "w");
1566 if (!logfile) {
1567 perror(logfilename);
1568 _exit(1);
1569 }
1570 #if !defined(CONFIG_SOFTMMU)
1571 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1572 {
1573 static char logfile_buf[4096];
1574 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1575 }
1576 #elif !defined(_WIN32)
1577 /* Win32 doesn't support line-buffering and requires size >= 2 */
1578 setvbuf(logfile, NULL, _IOLBF, 0);
1579 #endif
1580 log_append = 1;
1581 }
1582 if (!loglevel && logfile) {
1583 fclose(logfile);
1584 logfile = NULL;
1585 }
1586 }
1587
1588 void cpu_set_log_filename(const char *filename)
1589 {
1590 logfilename = strdup(filename);
1591 if (logfile) {
1592 fclose(logfile);
1593 logfile = NULL;
1594 }
1595 cpu_set_log(loglevel);
1596 }
1597
1598 static void cpu_unlink_tb(CPUState *env)
1599 {
1600 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1601 problem and hope the cpu will stop of its own accord. For userspace
1602 emulation this often isn't actually as bad as it sounds. Often
1603 signals are used primarily to interrupt blocking syscalls. */
1604 TranslationBlock *tb;
1605 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1606
1607 spin_lock(&interrupt_lock);
1608 tb = env->current_tb;
1609 /* if the cpu is currently executing code, we must unlink it and
1610 all the potentially executing TB */
1611 if (tb) {
1612 env->current_tb = NULL;
1613 tb_reset_jump_recursive(tb);
1614 }
1615 spin_unlock(&interrupt_lock);
1616 }
1617
1618 /* mask must never be zero, except for A20 change call */
1619 void cpu_interrupt(CPUState *env, int mask)
1620 {
1621 int old_mask;
1622
1623 old_mask = env->interrupt_request;
1624 env->interrupt_request |= mask;
1625 if (kvm_enabled() && !kvm_irqchip_in_kernel())
1626 kvm_update_interrupt_request(env);
1627
1628 #ifndef CONFIG_USER_ONLY
1629 /*
1630 * If called from iothread context, wake the target cpu in
1631 * case its halted.
1632 */
1633 if (!qemu_cpu_self(env)) {
1634 qemu_cpu_kick(env);
1635 return;
1636 }
1637 #endif
1638
1639 if (use_icount) {
1640 env->icount_decr.u16.high = 0xffff;
1641 #ifndef CONFIG_USER_ONLY
1642 if (!can_do_io(env)
1643 && (mask & ~old_mask) != 0) {
1644 cpu_abort(env, "Raised interrupt while not in I/O function");
1645 }
1646 #endif
1647 } else {
1648 cpu_unlink_tb(env);
1649 }
1650 }
1651
1652 void cpu_reset_interrupt(CPUState *env, int mask)
1653 {
1654 env->interrupt_request &= ~mask;
1655 }
1656
1657 void cpu_exit(CPUState *env)
1658 {
1659 env->exit_request = 1;
1660 cpu_unlink_tb(env);
1661 }
1662
1663 const CPULogItem cpu_log_items[] = {
1664 { CPU_LOG_TB_OUT_ASM, "out_asm",
1665 "show generated host assembly code for each compiled TB" },
1666 { CPU_LOG_TB_IN_ASM, "in_asm",
1667 "show target assembly code for each compiled TB" },
1668 { CPU_LOG_TB_OP, "op",
1669 "show micro ops for each compiled TB" },
1670 { CPU_LOG_TB_OP_OPT, "op_opt",
1671 "show micro ops "
1672 #ifdef TARGET_I386
1673 "before eflags optimization and "
1674 #endif
1675 "after liveness analysis" },
1676 { CPU_LOG_INT, "int",
1677 "show interrupts/exceptions in short format" },
1678 { CPU_LOG_EXEC, "exec",
1679 "show trace before each executed TB (lots of logs)" },
1680 { CPU_LOG_TB_CPU, "cpu",
1681 "show CPU state before block translation" },
1682 #ifdef TARGET_I386
1683 { CPU_LOG_PCALL, "pcall",
1684 "show protected mode far calls/returns/exceptions" },
1685 { CPU_LOG_RESET, "cpu_reset",
1686 "show CPU state before CPU resets" },
1687 #endif
1688 #ifdef DEBUG_IOPORT
1689 { CPU_LOG_IOPORT, "ioport",
1690 "show all i/o ports accesses" },
1691 #endif
1692 { 0, NULL, NULL },
1693 };
1694
1695 #ifndef CONFIG_USER_ONLY
1696 static QLIST_HEAD(memory_client_list, CPUPhysMemoryClient) memory_client_list
1697 = QLIST_HEAD_INITIALIZER(memory_client_list);
1698
1699 static void cpu_notify_set_memory(target_phys_addr_t start_addr,
1700 ram_addr_t size,
1701 ram_addr_t phys_offset)
1702 {
1703 CPUPhysMemoryClient *client;
1704 QLIST_FOREACH(client, &memory_client_list, list) {
1705 client->set_memory(client, start_addr, size, phys_offset);
1706 }
1707 }
1708
1709 static int cpu_notify_sync_dirty_bitmap(target_phys_addr_t start,
1710 target_phys_addr_t end)
1711 {
1712 CPUPhysMemoryClient *client;
1713 QLIST_FOREACH(client, &memory_client_list, list) {
1714 int r = client->sync_dirty_bitmap(client, start, end);
1715 if (r < 0)
1716 return r;
1717 }
1718 return 0;
1719 }
1720
1721 static int cpu_notify_migration_log(int enable)
1722 {
1723 CPUPhysMemoryClient *client;
1724 QLIST_FOREACH(client, &memory_client_list, list) {
1725 int r = client->migration_log(client, enable);
1726 if (r < 0)
1727 return r;
1728 }
1729 return 0;
1730 }
1731
1732 static void phys_page_for_each_1(CPUPhysMemoryClient *client,
1733 int level, void **lp)
1734 {
1735 int i;
1736
1737 if (*lp == NULL) {
1738 return;
1739 }
1740 if (level == 0) {
1741 PhysPageDesc *pd = *lp;
1742 for (i = 0; i < L2_SIZE; ++i) {
1743 if (pd[i].phys_offset != IO_MEM_UNASSIGNED) {
1744 client->set_memory(client, pd[i].region_offset,
1745 TARGET_PAGE_SIZE, pd[i].phys_offset);
1746 }
1747 }
1748 } else {
1749 void **pp = *lp;
1750 for (i = 0; i < L2_SIZE; ++i) {
1751 phys_page_for_each_1(client, level - 1, pp + i);
1752 }
1753 }
1754 }
1755
1756 static void phys_page_for_each(CPUPhysMemoryClient *client)
1757 {
1758 int i;
1759 for (i = 0; i < P_L1_SIZE; ++i) {
1760 phys_page_for_each_1(client, P_L1_SHIFT / L2_BITS - 1,
1761 l1_phys_map + 1);
1762 }
1763 }
1764
1765 void cpu_register_phys_memory_client(CPUPhysMemoryClient *client)
1766 {
1767 QLIST_INSERT_HEAD(&memory_client_list, client, list);
1768 phys_page_for_each(client);
1769 }
1770
1771 void cpu_unregister_phys_memory_client(CPUPhysMemoryClient *client)
1772 {
1773 QLIST_REMOVE(client, list);
1774 }
1775 #endif
1776
1777 static int cmp1(const char *s1, int n, const char *s2)
1778 {
1779 if (strlen(s2) != n)
1780 return 0;
1781 return memcmp(s1, s2, n) == 0;
1782 }
1783
1784 /* takes a comma separated list of log masks. Return 0 if error. */
1785 int cpu_str_to_log_mask(const char *str)
1786 {
1787 const CPULogItem *item;
1788 int mask;
1789 const char *p, *p1;
1790
1791 p = str;
1792 mask = 0;
1793 for(;;) {
1794 p1 = strchr(p, ',');
1795 if (!p1)
1796 p1 = p + strlen(p);
1797 if(cmp1(p,p1-p,"all")) {
1798 for(item = cpu_log_items; item->mask != 0; item++) {
1799 mask |= item->mask;
1800 }
1801 } else {
1802 for(item = cpu_log_items; item->mask != 0; item++) {
1803 if (cmp1(p, p1 - p, item->name))
1804 goto found;
1805 }
1806 return 0;
1807 }
1808 found:
1809 mask |= item->mask;
1810 if (*p1 != ',')
1811 break;
1812 p = p1 + 1;
1813 }
1814 return mask;
1815 }
1816
1817 void cpu_abort(CPUState *env, const char *fmt, ...)
1818 {
1819 va_list ap;
1820 va_list ap2;
1821
1822 va_start(ap, fmt);
1823 va_copy(ap2, ap);
1824 fprintf(stderr, "qemu: fatal: ");
1825 vfprintf(stderr, fmt, ap);
1826 fprintf(stderr, "\n");
1827 #ifdef TARGET_I386
1828 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1829 #else
1830 cpu_dump_state(env, stderr, fprintf, 0);
1831 #endif
1832 if (qemu_log_enabled()) {
1833 qemu_log("qemu: fatal: ");
1834 qemu_log_vprintf(fmt, ap2);
1835 qemu_log("\n");
1836 #ifdef TARGET_I386
1837 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
1838 #else
1839 log_cpu_state(env, 0);
1840 #endif
1841 qemu_log_flush();
1842 qemu_log_close();
1843 }
1844 va_end(ap2);
1845 va_end(ap);
1846 #if defined(CONFIG_USER_ONLY)
1847 {
1848 struct sigaction act;
1849 sigfillset(&act.sa_mask);
1850 act.sa_handler = SIG_DFL;
1851 sigaction(SIGABRT, &act, NULL);
1852 }
1853 #endif
1854 abort();
1855 }
1856
1857 CPUState *cpu_copy(CPUState *env)
1858 {
1859 CPUState *new_env = cpu_init(env->cpu_model_str);
1860 CPUState *next_cpu = new_env->next_cpu;
1861 int cpu_index = new_env->cpu_index;
1862 #if defined(TARGET_HAS_ICE)
1863 CPUBreakpoint *bp;
1864 CPUWatchpoint *wp;
1865 #endif
1866
1867 memcpy(new_env, env, sizeof(CPUState));
1868
1869 /* Preserve chaining and index. */
1870 new_env->next_cpu = next_cpu;
1871 new_env->cpu_index = cpu_index;
1872
1873 /* Clone all break/watchpoints.
1874 Note: Once we support ptrace with hw-debug register access, make sure
1875 BP_CPU break/watchpoints are handled correctly on clone. */
1876 QTAILQ_INIT(&env->breakpoints);
1877 QTAILQ_INIT(&env->watchpoints);
1878 #if defined(TARGET_HAS_ICE)
1879 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1880 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1881 }
1882 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1883 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1884 wp->flags, NULL);
1885 }
1886 #endif
1887
1888 return new_env;
1889 }
1890
1891 #if !defined(CONFIG_USER_ONLY)
1892
1893 static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1894 {
1895 unsigned int i;
1896
1897 /* Discard jump cache entries for any tb which might potentially
1898 overlap the flushed page. */
1899 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1900 memset (&env->tb_jmp_cache[i], 0,
1901 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1902
1903 i = tb_jmp_cache_hash_page(addr);
1904 memset (&env->tb_jmp_cache[i], 0,
1905 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1906 }
1907
1908 static CPUTLBEntry s_cputlb_empty_entry = {
1909 .addr_read = -1,
1910 .addr_write = -1,
1911 .addr_code = -1,
1912 .addend = -1,
1913 };
1914
1915 /* NOTE: if flush_global is true, also flush global entries (not
1916 implemented yet) */
1917 void tlb_flush(CPUState *env, int flush_global)
1918 {
1919 int i;
1920
1921 #if defined(DEBUG_TLB)
1922 printf("tlb_flush:\n");
1923 #endif
1924 /* must reset current TB so that interrupts cannot modify the
1925 links while we are modifying them */
1926 env->current_tb = NULL;
1927
1928 for(i = 0; i < CPU_TLB_SIZE; i++) {
1929 int mmu_idx;
1930 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1931 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
1932 }
1933 }
1934
1935 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1936
1937 tlb_flush_count++;
1938 }
1939
1940 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1941 {
1942 if (addr == (tlb_entry->addr_read &
1943 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1944 addr == (tlb_entry->addr_write &
1945 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1946 addr == (tlb_entry->addr_code &
1947 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1948 *tlb_entry = s_cputlb_empty_entry;
1949 }
1950 }
1951
1952 void tlb_flush_page(CPUState *env, target_ulong addr)
1953 {
1954 int i;
1955 int mmu_idx;
1956
1957 #if defined(DEBUG_TLB)
1958 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1959 #endif
1960 /* must reset current TB so that interrupts cannot modify the
1961 links while we are modifying them */
1962 env->current_tb = NULL;
1963
1964 addr &= TARGET_PAGE_MASK;
1965 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1966 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
1967 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
1968
1969 tlb_flush_jmp_cache(env, addr);
1970 }
1971
1972 /* update the TLBs so that writes to code in the virtual page 'addr'
1973 can be detected */
1974 static void tlb_protect_code(ram_addr_t ram_addr)
1975 {
1976 cpu_physical_memory_reset_dirty(ram_addr,
1977 ram_addr + TARGET_PAGE_SIZE,
1978 CODE_DIRTY_FLAG);
1979 }
1980
1981 /* update the TLB so that writes in physical page 'phys_addr' are no longer
1982 tested for self modifying code */
1983 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
1984 target_ulong vaddr)
1985 {
1986 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] |= CODE_DIRTY_FLAG;
1987 }
1988
1989 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1990 unsigned long start, unsigned long length)
1991 {
1992 unsigned long addr;
1993 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1994 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1995 if ((addr - start) < length) {
1996 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1997 }
1998 }
1999 }
2000
2001 /* Note: start and end must be within the same ram block. */
2002 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
2003 int dirty_flags)
2004 {
2005 CPUState *env;
2006 unsigned long length, start1;
2007 int i, mask, len;
2008 uint8_t *p;
2009
2010 start &= TARGET_PAGE_MASK;
2011 end = TARGET_PAGE_ALIGN(end);
2012
2013 length = end - start;
2014 if (length == 0)
2015 return;
2016 len = length >> TARGET_PAGE_BITS;
2017 mask = ~dirty_flags;
2018 p = phys_ram_dirty + (start >> TARGET_PAGE_BITS);
2019 for(i = 0; i < len; i++)
2020 p[i] &= mask;
2021
2022 /* we modify the TLB cache so that the dirty bit will be set again
2023 when accessing the range */
2024 start1 = (unsigned long)qemu_get_ram_ptr(start);
2025 /* Chek that we don't span multiple blocks - this breaks the
2026 address comparisons below. */
2027 if ((unsigned long)qemu_get_ram_ptr(end - 1) - start1
2028 != (end - 1) - start) {
2029 abort();
2030 }
2031
2032 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2033 int mmu_idx;
2034 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2035 for(i = 0; i < CPU_TLB_SIZE; i++)
2036 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2037 start1, length);
2038 }
2039 }
2040 }
2041
2042 int cpu_physical_memory_set_dirty_tracking(int enable)
2043 {
2044 int ret = 0;
2045 in_migration = enable;
2046 ret = cpu_notify_migration_log(!!enable);
2047 return ret;
2048 }
2049
2050 int cpu_physical_memory_get_dirty_tracking(void)
2051 {
2052 return in_migration;
2053 }
2054
2055 int cpu_physical_sync_dirty_bitmap(target_phys_addr_t start_addr,
2056 target_phys_addr_t end_addr)
2057 {
2058 int ret;
2059
2060 ret = cpu_notify_sync_dirty_bitmap(start_addr, end_addr);
2061 return ret;
2062 }
2063
2064 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2065 {
2066 ram_addr_t ram_addr;
2067 void *p;
2068
2069 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
2070 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2071 + tlb_entry->addend);
2072 ram_addr = qemu_ram_addr_from_host(p);
2073 if (!cpu_physical_memory_is_dirty(ram_addr)) {
2074 tlb_entry->addr_write |= TLB_NOTDIRTY;
2075 }
2076 }
2077 }
2078
2079 /* update the TLB according to the current state of the dirty bits */
2080 void cpu_tlb_update_dirty(CPUState *env)
2081 {
2082 int i;
2083 int mmu_idx;
2084 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2085 for(i = 0; i < CPU_TLB_SIZE; i++)
2086 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2087 }
2088 }
2089
2090 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
2091 {
2092 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2093 tlb_entry->addr_write = vaddr;
2094 }
2095
2096 /* update the TLB corresponding to virtual page vaddr
2097 so that it is no longer dirty */
2098 static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
2099 {
2100 int i;
2101 int mmu_idx;
2102
2103 vaddr &= TARGET_PAGE_MASK;
2104 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2105 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2106 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
2107 }
2108
2109 /* add a new TLB entry. At most one entry for a given virtual address
2110 is permitted. Return 0 if OK or 2 if the page could not be mapped
2111 (can only happen in non SOFTMMU mode for I/O pages or pages
2112 conflicting with the host address space). */
2113 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
2114 target_phys_addr_t paddr, int prot,
2115 int mmu_idx, int is_softmmu)
2116 {
2117 PhysPageDesc *p;
2118 unsigned long pd;
2119 unsigned int index;
2120 target_ulong address;
2121 target_ulong code_address;
2122 target_phys_addr_t addend;
2123 int ret;
2124 CPUTLBEntry *te;
2125 CPUWatchpoint *wp;
2126 target_phys_addr_t iotlb;
2127
2128 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
2129 if (!p) {
2130 pd = IO_MEM_UNASSIGNED;
2131 } else {
2132 pd = p->phys_offset;
2133 }
2134 #if defined(DEBUG_TLB)
2135 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x%08x prot=%x idx=%d smmu=%d pd=0x%08lx\n",
2136 vaddr, (int)paddr, prot, mmu_idx, is_softmmu, pd);
2137 #endif
2138
2139 ret = 0;
2140 address = vaddr;
2141 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
2142 /* IO memory case (romd handled later) */
2143 address |= TLB_MMIO;
2144 }
2145 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
2146 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
2147 /* Normal RAM. */
2148 iotlb = pd & TARGET_PAGE_MASK;
2149 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
2150 iotlb |= IO_MEM_NOTDIRTY;
2151 else
2152 iotlb |= IO_MEM_ROM;
2153 } else {
2154 /* IO handlers are currently passed a physical address.
2155 It would be nice to pass an offset from the base address
2156 of that region. This would avoid having to special case RAM,
2157 and avoid full address decoding in every device.
2158 We can't use the high bits of pd for this because
2159 IO_MEM_ROMD uses these as a ram address. */
2160 iotlb = (pd & ~TARGET_PAGE_MASK);
2161 if (p) {
2162 iotlb += p->region_offset;
2163 } else {
2164 iotlb += paddr;
2165 }
2166 }
2167
2168 code_address = address;
2169 /* Make accesses to pages with watchpoints go via the
2170 watchpoint trap routines. */
2171 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2172 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2173 iotlb = io_mem_watch + paddr;
2174 /* TODO: The memory case can be optimized by not trapping
2175 reads of pages with a write breakpoint. */
2176 address |= TLB_MMIO;
2177 }
2178 }
2179
2180 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2181 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2182 te = &env->tlb_table[mmu_idx][index];
2183 te->addend = addend - vaddr;
2184 if (prot & PAGE_READ) {
2185 te->addr_read = address;
2186 } else {
2187 te->addr_read = -1;
2188 }
2189
2190 if (prot & PAGE_EXEC) {
2191 te->addr_code = code_address;
2192 } else {
2193 te->addr_code = -1;
2194 }
2195 if (prot & PAGE_WRITE) {
2196 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
2197 (pd & IO_MEM_ROMD)) {
2198 /* Write access calls the I/O callback. */
2199 te->addr_write = address | TLB_MMIO;
2200 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
2201 !cpu_physical_memory_is_dirty(pd)) {
2202 te->addr_write = address | TLB_NOTDIRTY;
2203 } else {
2204 te->addr_write = address;
2205 }
2206 } else {
2207 te->addr_write = -1;
2208 }
2209 return ret;
2210 }
2211
2212 #else
2213
2214 void tlb_flush(CPUState *env, int flush_global)
2215 {
2216 }
2217
2218 void tlb_flush_page(CPUState *env, target_ulong addr)
2219 {
2220 }
2221
2222 /*
2223 * Walks guest process memory "regions" one by one
2224 * and calls callback function 'fn' for each region.
2225 */
2226
2227 struct walk_memory_regions_data
2228 {
2229 walk_memory_regions_fn fn;
2230 void *priv;
2231 unsigned long start;
2232 int prot;
2233 };
2234
2235 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
2236 abi_ulong end, int new_prot)
2237 {
2238 if (data->start != -1ul) {
2239 int rc = data->fn(data->priv, data->start, end, data->prot);
2240 if (rc != 0) {
2241 return rc;
2242 }
2243 }
2244
2245 data->start = (new_prot ? end : -1ul);
2246 data->prot = new_prot;
2247
2248 return 0;
2249 }
2250
2251 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
2252 abi_ulong base, int level, void **lp)
2253 {
2254 abi_ulong pa;
2255 int i, rc;
2256
2257 if (*lp == NULL) {
2258 return walk_memory_regions_end(data, base, 0);
2259 }
2260
2261 if (level == 0) {
2262 PageDesc *pd = *lp;
2263 for (i = 0; i < L2_SIZE; ++i) {
2264 int prot = pd[i].flags;
2265
2266 pa = base | (i << TARGET_PAGE_BITS);
2267 if (prot != data->prot) {
2268 rc = walk_memory_regions_end(data, pa, prot);
2269 if (rc != 0) {
2270 return rc;
2271 }
2272 }
2273 }
2274 } else {
2275 void **pp = *lp;
2276 for (i = 0; i < L2_SIZE; ++i) {
2277 pa = base | ((abi_ulong)i <<
2278 (TARGET_PAGE_BITS + L2_BITS * level));
2279 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2280 if (rc != 0) {
2281 return rc;
2282 }
2283 }
2284 }
2285
2286 return 0;
2287 }
2288
2289 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2290 {
2291 struct walk_memory_regions_data data;
2292 unsigned long i;
2293
2294 data.fn = fn;
2295 data.priv = priv;
2296 data.start = -1ul;
2297 data.prot = 0;
2298
2299 for (i = 0; i < V_L1_SIZE; i++) {
2300 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
2301 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2302 if (rc != 0) {
2303 return rc;
2304 }
2305 }
2306
2307 return walk_memory_regions_end(&data, 0, 0);
2308 }
2309
2310 static int dump_region(void *priv, abi_ulong start,
2311 abi_ulong end, unsigned long prot)
2312 {
2313 FILE *f = (FILE *)priv;
2314
2315 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2316 " "TARGET_ABI_FMT_lx" %c%c%c\n",
2317 start, end, end - start,
2318 ((prot & PAGE_READ) ? 'r' : '-'),
2319 ((prot & PAGE_WRITE) ? 'w' : '-'),
2320 ((prot & PAGE_EXEC) ? 'x' : '-'));
2321
2322 return (0);
2323 }
2324
2325 /* dump memory mappings */
2326 void page_dump(FILE *f)
2327 {
2328 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2329 "start", "end", "size", "prot");
2330 walk_memory_regions(f, dump_region);
2331 }
2332
2333 int page_get_flags(target_ulong address)
2334 {
2335 PageDesc *p;
2336
2337 p = page_find(address >> TARGET_PAGE_BITS);
2338 if (!p)
2339 return 0;
2340 return p->flags;
2341 }
2342
2343 /* Modify the flags of a page and invalidate the code if necessary.
2344 The flag PAGE_WRITE_ORG is positioned automatically depending
2345 on PAGE_WRITE. The mmap_lock should already be held. */
2346 void page_set_flags(target_ulong start, target_ulong end, int flags)
2347 {
2348 target_ulong addr, len;
2349
2350 /* This function should never be called with addresses outside the
2351 guest address space. If this assert fires, it probably indicates
2352 a missing call to h2g_valid. */
2353 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2354 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2355 #endif
2356 assert(start < end);
2357
2358 start = start & TARGET_PAGE_MASK;
2359 end = TARGET_PAGE_ALIGN(end);
2360
2361 if (flags & PAGE_WRITE) {
2362 flags |= PAGE_WRITE_ORG;
2363 }
2364
2365 for (addr = start, len = end - start;
2366 len != 0;
2367 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2368 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2369
2370 /* If the write protection bit is set, then we invalidate
2371 the code inside. */
2372 if (!(p->flags & PAGE_WRITE) &&
2373 (flags & PAGE_WRITE) &&
2374 p->first_tb) {
2375 tb_invalidate_phys_page(addr, 0, NULL);
2376 }
2377 p->flags = flags;
2378 }
2379 }
2380
2381 int page_check_range(target_ulong start, target_ulong len, int flags)
2382 {
2383 PageDesc *p;
2384 target_ulong end;
2385 target_ulong addr;
2386
2387 /* This function should never be called with addresses outside the
2388 guest address space. If this assert fires, it probably indicates
2389 a missing call to h2g_valid. */
2390 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2391 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2392 #endif
2393
2394 if (start + len - 1 < start) {
2395 /* We've wrapped around. */
2396 return -1;
2397 }
2398
2399 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2400 start = start & TARGET_PAGE_MASK;
2401
2402 for (addr = start, len = end - start;
2403 len != 0;
2404 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2405 p = page_find(addr >> TARGET_PAGE_BITS);
2406 if( !p )
2407 return -1;
2408 if( !(p->flags & PAGE_VALID) )
2409 return -1;
2410
2411 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2412 return -1;
2413 if (flags & PAGE_WRITE) {
2414 if (!(p->flags & PAGE_WRITE_ORG))
2415 return -1;
2416 /* unprotect the page if it was put read-only because it
2417 contains translated code */
2418 if (!(p->flags & PAGE_WRITE)) {
2419 if (!page_unprotect(addr, 0, NULL))
2420 return -1;
2421 }
2422 return 0;
2423 }
2424 }
2425 return 0;
2426 }
2427
2428 /* called from signal handler: invalidate the code and unprotect the
2429 page. Return TRUE if the fault was successfully handled. */
2430 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2431 {
2432 unsigned int page_index, prot, pindex;
2433 PageDesc *p, *p1;
2434 target_ulong host_start, host_end, addr;
2435
2436 /* Technically this isn't safe inside a signal handler. However we
2437 know this only ever happens in a synchronous SEGV handler, so in
2438 practice it seems to be ok. */
2439 mmap_lock();
2440
2441 host_start = address & qemu_host_page_mask;
2442 page_index = host_start >> TARGET_PAGE_BITS;
2443 p1 = page_find(page_index);
2444 if (!p1) {
2445 mmap_unlock();
2446 return 0;
2447 }
2448 host_end = host_start + qemu_host_page_size;
2449 p = p1;
2450 prot = 0;
2451 for(addr = host_start;addr < host_end; addr += TARGET_PAGE_SIZE) {
2452 prot |= p->flags;
2453 p++;
2454 }
2455 /* if the page was really writable, then we change its
2456 protection back to writable */
2457 if (prot & PAGE_WRITE_ORG) {
2458 pindex = (address - host_start) >> TARGET_PAGE_BITS;
2459 if (!(p1[pindex].flags & PAGE_WRITE)) {
2460 mprotect((void *)g2h(host_start), qemu_host_page_size,
2461 (prot & PAGE_BITS) | PAGE_WRITE);
2462 p1[pindex].flags |= PAGE_WRITE;
2463 /* and since the content will be modified, we must invalidate
2464 the corresponding translated code. */
2465 tb_invalidate_phys_page(address, pc, puc);
2466 #ifdef DEBUG_TB_CHECK
2467 tb_invalidate_check(address);
2468 #endif
2469 mmap_unlock();
2470 return 1;
2471 }
2472 }
2473 mmap_unlock();
2474 return 0;
2475 }
2476
2477 static inline void tlb_set_dirty(CPUState *env,
2478 unsigned long addr, target_ulong vaddr)
2479 {
2480 }
2481 #endif /* defined(CONFIG_USER_ONLY) */
2482
2483 #if !defined(CONFIG_USER_ONLY)
2484
2485 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2486 typedef struct subpage_t {
2487 target_phys_addr_t base;
2488 CPUReadMemoryFunc * const *mem_read[TARGET_PAGE_SIZE][4];
2489 CPUWriteMemoryFunc * const *mem_write[TARGET_PAGE_SIZE][4];
2490 void *opaque[TARGET_PAGE_SIZE][2][4];
2491 ram_addr_t region_offset[TARGET_PAGE_SIZE][2][4];
2492 } subpage_t;
2493
2494 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2495 ram_addr_t memory, ram_addr_t region_offset);
2496 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2497 ram_addr_t orig_memory, ram_addr_t region_offset);
2498 #define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2499 need_subpage) \
2500 do { \
2501 if (addr > start_addr) \
2502 start_addr2 = 0; \
2503 else { \
2504 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2505 if (start_addr2 > 0) \
2506 need_subpage = 1; \
2507 } \
2508 \
2509 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2510 end_addr2 = TARGET_PAGE_SIZE - 1; \
2511 else { \
2512 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2513 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2514 need_subpage = 1; \
2515 } \
2516 } while (0)
2517
2518 /* register physical memory.
2519 For RAM, 'size' must be a multiple of the target page size.
2520 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2521 io memory page. The address used when calling the IO function is
2522 the offset from the start of the region, plus region_offset. Both
2523 start_addr and region_offset are rounded down to a page boundary
2524 before calculating this offset. This should not be a problem unless
2525 the low bits of start_addr and region_offset differ. */
2526 void cpu_register_physical_memory_offset(target_phys_addr_t start_addr,
2527 ram_addr_t size,
2528 ram_addr_t phys_offset,
2529 ram_addr_t region_offset)
2530 {
2531 target_phys_addr_t addr, end_addr;
2532 PhysPageDesc *p;
2533 CPUState *env;
2534 ram_addr_t orig_size = size;
2535 void *subpage;
2536
2537 cpu_notify_set_memory(start_addr, size, phys_offset);
2538
2539 if (phys_offset == IO_MEM_UNASSIGNED) {
2540 region_offset = start_addr;
2541 }
2542 region_offset &= TARGET_PAGE_MASK;
2543 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2544 end_addr = start_addr + (target_phys_addr_t)size;
2545 for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
2546 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2547 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2548 ram_addr_t orig_memory = p->phys_offset;
2549 target_phys_addr_t start_addr2, end_addr2;
2550 int need_subpage = 0;
2551
2552 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2553 need_subpage);
2554 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2555 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2556 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2557 &p->phys_offset, orig_memory,
2558 p->region_offset);
2559 } else {
2560 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2561 >> IO_MEM_SHIFT];
2562 }
2563 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2564 region_offset);
2565 p->region_offset = 0;
2566 } else {
2567 p->phys_offset = phys_offset;
2568 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2569 (phys_offset & IO_MEM_ROMD))
2570 phys_offset += TARGET_PAGE_SIZE;
2571 }
2572 } else {
2573 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2574 p->phys_offset = phys_offset;
2575 p->region_offset = region_offset;
2576 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2577 (phys_offset & IO_MEM_ROMD)) {
2578 phys_offset += TARGET_PAGE_SIZE;
2579 } else {
2580 target_phys_addr_t start_addr2, end_addr2;
2581 int need_subpage = 0;
2582
2583 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2584 end_addr2, need_subpage);
2585
2586 if (need_subpage || phys_offset & IO_MEM_SUBWIDTH) {
2587 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2588 &p->phys_offset, IO_MEM_UNASSIGNED,
2589 addr & TARGET_PAGE_MASK);
2590 subpage_register(subpage, start_addr2, end_addr2,
2591 phys_offset, region_offset);
2592 p->region_offset = 0;
2593 }
2594 }
2595 }
2596 region_offset += TARGET_PAGE_SIZE;
2597 }
2598
2599 /* since each CPU stores ram addresses in its TLB cache, we must
2600 reset the modified entries */
2601 /* XXX: slow ! */
2602 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2603 tlb_flush(env, 1);
2604 }
2605 }
2606
2607 /* XXX: temporary until new memory mapping API */
2608 ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
2609 {
2610 PhysPageDesc *p;
2611
2612 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2613 if (!p)
2614 return IO_MEM_UNASSIGNED;
2615 return p->phys_offset;
2616 }
2617
2618 void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2619 {
2620 if (kvm_enabled())
2621 kvm_coalesce_mmio_region(addr, size);
2622 }
2623
2624 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2625 {
2626 if (kvm_enabled())
2627 kvm_uncoalesce_mmio_region(addr, size);
2628 }
2629
2630 void qemu_flush_coalesced_mmio_buffer(void)
2631 {
2632 if (kvm_enabled())
2633 kvm_flush_coalesced_mmio_buffer();
2634 }
2635
2636 #if defined(__linux__) && !defined(TARGET_S390X)
2637
2638 #include <sys/vfs.h>
2639
2640 #define HUGETLBFS_MAGIC 0x958458f6
2641
2642 static long gethugepagesize(const char *path)
2643 {
2644 struct statfs fs;
2645 int ret;
2646
2647 do {
2648 ret = statfs(path, &fs);
2649 } while (ret != 0 && errno == EINTR);
2650
2651 if (ret != 0) {
2652 perror("statfs");
2653 return 0;
2654 }
2655
2656 if (fs.f_type != HUGETLBFS_MAGIC)
2657 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
2658
2659 return fs.f_bsize;
2660 }
2661
2662 static void *file_ram_alloc(ram_addr_t memory, const char *path)
2663 {
2664 char *filename;
2665 void *area;
2666 int fd;
2667 #ifdef MAP_POPULATE
2668 int flags;
2669 #endif
2670 unsigned long hpagesize;
2671
2672 hpagesize = gethugepagesize(path);
2673 if (!hpagesize) {
2674 return NULL;
2675 }
2676
2677 if (memory < hpagesize) {
2678 return NULL;
2679 }
2680
2681 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2682 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2683 return NULL;
2684 }
2685
2686 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
2687 return NULL;
2688 }
2689
2690 fd = mkstemp(filename);
2691 if (fd < 0) {
2692 perror("mkstemp");
2693 free(filename);
2694 return NULL;
2695 }
2696 unlink(filename);
2697 free(filename);
2698
2699 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2700
2701 /*
2702 * ftruncate is not supported by hugetlbfs in older
2703 * hosts, so don't bother bailing out on errors.
2704 * If anything goes wrong with it under other filesystems,
2705 * mmap will fail.
2706 */
2707 if (ftruncate(fd, memory))
2708 perror("ftruncate");
2709
2710 #ifdef MAP_POPULATE
2711 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2712 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2713 * to sidestep this quirk.
2714 */
2715 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2716 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2717 #else
2718 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2719 #endif
2720 if (area == MAP_FAILED) {
2721 perror("file_ram_alloc: can't mmap RAM pages");
2722 close(fd);
2723 return (NULL);
2724 }
2725 return area;
2726 }
2727 #endif
2728
2729 ram_addr_t qemu_ram_alloc(ram_addr_t size)
2730 {
2731 RAMBlock *new_block;
2732
2733 size = TARGET_PAGE_ALIGN(size);
2734 new_block = qemu_malloc(sizeof(*new_block));
2735
2736 if (mem_path) {
2737 #if defined (__linux__) && !defined(TARGET_S390X)
2738 new_block->host = file_ram_alloc(size, mem_path);
2739 if (!new_block->host)
2740 exit(1);
2741 #else
2742 fprintf(stderr, "-mem-path option unsupported\n");
2743 exit(1);
2744 #endif
2745 } else {
2746 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2747 /* XXX S390 KVM requires the topmost vma of the RAM to be < 256GB */
2748 new_block->host = mmap((void*)0x1000000, size,
2749 PROT_EXEC|PROT_READ|PROT_WRITE,
2750 MAP_SHARED | MAP_ANONYMOUS, -1, 0);
2751 #else
2752 new_block->host = qemu_vmalloc(size);
2753 #endif
2754 #ifdef MADV_MERGEABLE
2755 madvise(new_block->host, size, MADV_MERGEABLE);
2756 #endif
2757 }
2758 new_block->offset = last_ram_offset;
2759 new_block->length = size;
2760
2761 new_block->next = ram_blocks;
2762 ram_blocks = new_block;
2763
2764 phys_ram_dirty = qemu_realloc(phys_ram_dirty,
2765 (last_ram_offset + size) >> TARGET_PAGE_BITS);
2766 memset(phys_ram_dirty + (last_ram_offset >> TARGET_PAGE_BITS),
2767 0xff, size >> TARGET_PAGE_BITS);
2768
2769 last_ram_offset += size;
2770
2771 if (kvm_enabled())
2772 kvm_setup_guest_memory(new_block->host, size);
2773
2774 return new_block->offset;
2775 }
2776
2777 void qemu_ram_free(ram_addr_t addr)
2778 {
2779 /* TODO: implement this. */
2780 }
2781
2782 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2783 With the exception of the softmmu code in this file, this should
2784 only be used for local memory (e.g. video ram) that the device owns,
2785 and knows it isn't going to access beyond the end of the block.
2786
2787 It should not be used for general purpose DMA.
2788 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2789 */
2790 void *qemu_get_ram_ptr(ram_addr_t addr)
2791 {
2792 RAMBlock *prev;
2793 RAMBlock **prevp;
2794 RAMBlock *block;
2795
2796 prev = NULL;
2797 prevp = &ram_blocks;
2798 block = ram_blocks;
2799 while (block && (block->offset > addr
2800 || block->offset + block->length <= addr)) {
2801 if (prev)
2802 prevp = &prev->next;
2803 prev = block;
2804 block = block->next;
2805 }
2806 if (!block) {
2807 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2808 abort();
2809 }
2810 /* Move this entry to to start of the list. */
2811 if (prev) {
2812 prev->next = block->next;
2813 block->next = *prevp;
2814 *prevp = block;
2815 }
2816 return block->host + (addr - block->offset);
2817 }
2818
2819 int do_qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
2820 {
2821 RAMBlock *prev;
2822 RAMBlock *block;
2823 uint8_t *host = ptr;
2824
2825 prev = NULL;
2826 block = ram_blocks;
2827 while (block && (block->host > host
2828 || block->host + block->length <= host)) {
2829 prev = block;
2830 block = block->next;
2831 }
2832 if (!block)
2833 return -1;
2834 *ram_addr = block->offset + (host - block->host);
2835 return 0;
2836 }
2837
2838 /* Some of the softmmu routines need to translate from a host pointer
2839 (typically a TLB entry) back to a ram offset. */
2840 ram_addr_t qemu_ram_addr_from_host(void *ptr)
2841 {
2842 ram_addr_t ram_addr;
2843
2844 if (do_qemu_ram_addr_from_host(ptr, &ram_addr)) {
2845 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2846 abort();
2847 }
2848 return ram_addr;
2849 }
2850
2851 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
2852 {
2853 #ifdef DEBUG_UNASSIGNED
2854 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2855 #endif
2856 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2857 do_unassigned_access(addr, 0, 0, 0, 1);
2858 #endif
2859 return 0;
2860 }
2861
2862 static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
2863 {
2864 #ifdef DEBUG_UNASSIGNED
2865 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2866 #endif
2867 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2868 do_unassigned_access(addr, 0, 0, 0, 2);
2869 #endif
2870 return 0;
2871 }
2872
2873 static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
2874 {
2875 #ifdef DEBUG_UNASSIGNED
2876 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2877 #endif
2878 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2879 do_unassigned_access(addr, 0, 0, 0, 4);
2880 #endif
2881 return 0;
2882 }
2883
2884 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
2885 {
2886 #ifdef DEBUG_UNASSIGNED
2887 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2888 #endif
2889 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2890 do_unassigned_access(addr, 1, 0, 0, 1);
2891 #endif
2892 }
2893
2894 static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
2895 {
2896 #ifdef DEBUG_UNASSIGNED
2897 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2898 #endif
2899 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2900 do_unassigned_access(addr, 1, 0, 0, 2);
2901 #endif
2902 }
2903
2904 static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
2905 {
2906 #ifdef DEBUG_UNASSIGNED
2907 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
2908 #endif
2909 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2910 do_unassigned_access(addr, 1, 0, 0, 4);
2911 #endif
2912 }
2913
2914 static CPUReadMemoryFunc * const unassigned_mem_read[3] = {
2915 unassigned_mem_readb,
2916 unassigned_mem_readw,
2917 unassigned_mem_readl,
2918 };
2919
2920 static CPUWriteMemoryFunc * const unassigned_mem_write[3] = {
2921 unassigned_mem_writeb,
2922 unassigned_mem_writew,
2923 unassigned_mem_writel,
2924 };
2925
2926 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
2927 uint32_t val)
2928 {
2929 int dirty_flags;
2930 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2931 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2932 #if !defined(CONFIG_USER_ONLY)
2933 tb_invalidate_phys_page_fast(ram_addr, 1);
2934 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2935 #endif
2936 }
2937 stb_p(qemu_get_ram_ptr(ram_addr), val);
2938 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2939 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2940 /* we remove the notdirty callback only if the code has been
2941 flushed */
2942 if (dirty_flags == 0xff)
2943 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2944 }
2945
2946 static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
2947 uint32_t val)
2948 {
2949 int dirty_flags;
2950 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2951 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2952 #if !defined(CONFIG_USER_ONLY)
2953 tb_invalidate_phys_page_fast(ram_addr, 2);
2954 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2955 #endif
2956 }
2957 stw_p(qemu_get_ram_ptr(ram_addr), val);
2958 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2959 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2960 /* we remove the notdirty callback only if the code has been
2961 flushed */
2962 if (dirty_flags == 0xff)
2963 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2964 }
2965
2966 static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
2967 uint32_t val)
2968 {
2969 int dirty_flags;
2970 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2971 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2972 #if !defined(CONFIG_USER_ONLY)
2973 tb_invalidate_phys_page_fast(ram_addr, 4);
2974 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
2975 #endif
2976 }
2977 stl_p(qemu_get_ram_ptr(ram_addr), val);
2978 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2979 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
2980 /* we remove the notdirty callback only if the code has been
2981 flushed */
2982 if (dirty_flags == 0xff)
2983 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2984 }
2985
2986 static CPUReadMemoryFunc * const error_mem_read[3] = {
2987 NULL, /* never used */
2988 NULL, /* never used */
2989 NULL, /* never used */
2990 };
2991
2992 static CPUWriteMemoryFunc * const notdirty_mem_write[3] = {
2993 notdirty_mem_writeb,
2994 notdirty_mem_writew,
2995 notdirty_mem_writel,
2996 };
2997
2998 /* Generate a debug exception if a watchpoint has been hit. */
2999 static void check_watchpoint(int offset, int len_mask, int flags)
3000 {
3001 CPUState *env = cpu_single_env;
3002 target_ulong pc, cs_base;
3003 TranslationBlock *tb;
3004 target_ulong vaddr;
3005 CPUWatchpoint *wp;
3006 int cpu_flags;
3007
3008 if (env->watchpoint_hit) {
3009 /* We re-entered the check after replacing the TB. Now raise
3010 * the debug interrupt so that is will trigger after the
3011 * current instruction. */
3012 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3013 return;
3014 }
3015 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
3016 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
3017 if ((vaddr == (wp->vaddr & len_mask) ||
3018 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
3019 wp->flags |= BP_WATCHPOINT_HIT;
3020 if (!env->watchpoint_hit) {
3021 env->watchpoint_hit = wp;
3022 tb = tb_find_pc(env->mem_io_pc);
3023 if (!tb) {
3024 cpu_abort(env, "check_watchpoint: could not find TB for "
3025 "pc=%p", (void *)env->mem_io_pc);
3026 }
3027 cpu_restore_state(tb, env, env->mem_io_pc, NULL);
3028 tb_phys_invalidate(tb, -1);
3029 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3030 env->exception_index = EXCP_DEBUG;
3031 } else {
3032 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3033 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3034 }
3035 cpu_resume_from_signal(env, NULL);
3036 }
3037 } else {
3038 wp->flags &= ~BP_WATCHPOINT_HIT;
3039 }
3040 }
3041 }
3042
3043 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3044 so these check for a hit then pass through to the normal out-of-line
3045 phys routines. */
3046 static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
3047 {
3048 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_READ);
3049 return ldub_phys(addr);
3050 }
3051
3052 static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
3053 {
3054 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_READ);
3055 return lduw_phys(addr);
3056 }
3057
3058 static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
3059 {
3060 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_READ);
3061 return ldl_phys(addr);
3062 }
3063
3064 static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
3065 uint32_t val)
3066 {
3067 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_WRITE);
3068 stb_phys(addr, val);
3069 }
3070
3071 static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
3072 uint32_t val)
3073 {
3074 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_WRITE);
3075 stw_phys(addr, val);
3076 }
3077
3078 static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
3079 uint32_t val)
3080 {
3081 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_WRITE);
3082 stl_phys(addr, val);
3083 }
3084
3085 static CPUReadMemoryFunc * const watch_mem_read[3] = {
3086 watch_mem_readb,
3087 watch_mem_readw,
3088 watch_mem_readl,
3089 };
3090
3091 static CPUWriteMemoryFunc * const watch_mem_write[3] = {
3092 watch_mem_writeb,
3093 watch_mem_writew,
3094 watch_mem_writel,
3095 };
3096
3097 static inline uint32_t subpage_readlen (subpage_t *mmio, target_phys_addr_t addr,
3098 unsigned int len)
3099 {
3100 uint32_t ret;
3101 unsigned int idx;
3102
3103 idx = SUBPAGE_IDX(addr);
3104 #if defined(DEBUG_SUBPAGE)
3105 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3106 mmio, len, addr, idx);
3107 #endif
3108 ret = (**mmio->mem_read[idx][len])(mmio->opaque[idx][0][len],
3109 addr + mmio->region_offset[idx][0][len]);
3110
3111 return ret;
3112 }
3113
3114 static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
3115 uint32_t value, unsigned int len)
3116 {
3117 unsigned int idx;
3118
3119 idx = SUBPAGE_IDX(addr);
3120 #if defined(DEBUG_SUBPAGE)
3121 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n", __func__,
3122 mmio, len, addr, idx, value);
3123 #endif
3124 (**mmio->mem_write[idx][len])(mmio->opaque[idx][1][len],
3125 addr + mmio->region_offset[idx][1][len],
3126 value);
3127 }
3128
3129 static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
3130 {
3131 #if defined(DEBUG_SUBPAGE)
3132 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
3133 #endif
3134
3135 return subpage_readlen(opaque, addr, 0);
3136 }
3137
3138 static void subpage_writeb (void *opaque, target_phys_addr_t addr,
3139 uint32_t value)
3140 {
3141 #if defined(DEBUG_SUBPAGE)
3142 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
3143 #endif
3144 subpage_writelen(opaque, addr, value, 0);
3145 }
3146
3147 static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
3148 {
3149 #if defined(DEBUG_SUBPAGE)
3150 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
3151 #endif
3152
3153 return subpage_readlen(opaque, addr, 1);
3154 }
3155
3156 static void subpage_writew (void *opaque, target_phys_addr_t addr,
3157 uint32_t value)
3158 {
3159 #if defined(DEBUG_SUBPAGE)
3160 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
3161 #endif
3162 subpage_writelen(opaque, addr, value, 1);
3163 }
3164
3165 static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
3166 {
3167 #if defined(DEBUG_SUBPAGE)
3168 printf("%s: addr " TARGET_FMT_plx "\n", __func__, addr);
3169 #endif
3170
3171 return subpage_readlen(opaque, addr, 2);
3172 }
3173
3174 static void subpage_writel (void *opaque,
3175 target_phys_addr_t addr, uint32_t value)
3176 {
3177 #if defined(DEBUG_SUBPAGE)
3178 printf("%s: addr " TARGET_FMT_plx " val %08x\n", __func__, addr, value);
3179 #endif
3180 subpage_writelen(opaque, addr, value, 2);
3181 }
3182
3183 static CPUReadMemoryFunc * const subpage_read[] = {
3184 &subpage_readb,
3185 &subpage_readw,
3186 &subpage_readl,
3187 };
3188
3189 static CPUWriteMemoryFunc * const subpage_write[] = {
3190 &subpage_writeb,
3191 &subpage_writew,
3192 &subpage_writel,
3193 };
3194
3195 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3196 ram_addr_t memory, ram_addr_t region_offset)
3197 {
3198 int idx, eidx;
3199 unsigned int i;
3200
3201 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3202 return -1;
3203 idx = SUBPAGE_IDX(start);
3204 eidx = SUBPAGE_IDX(end);
3205 #if defined(DEBUG_SUBPAGE)
3206 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
3207 mmio, start, end, idx, eidx, memory);
3208 #endif
3209 memory >>= IO_MEM_SHIFT;
3210 for (; idx <= eidx; idx++) {
3211 for (i = 0; i < 4; i++) {
3212 if (io_mem_read[memory][i]) {
3213 mmio->mem_read[idx][i] = &io_mem_read[memory][i];
3214 mmio->opaque[idx][0][i] = io_mem_opaque[memory];
3215 mmio->region_offset[idx][0][i] = region_offset;
3216 }
3217 if (io_mem_write[memory][i]) {
3218 mmio->mem_write[idx][i] = &io_mem_write[memory][i];
3219 mmio->opaque[idx][1][i] = io_mem_opaque[memory];
3220 mmio->region_offset[idx][1][i] = region_offset;
3221 }
3222 }
3223 }
3224
3225 return 0;
3226 }
3227
3228 static void *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
3229 ram_addr_t orig_memory, ram_addr_t region_offset)
3230 {
3231 subpage_t *mmio;
3232 int subpage_memory;
3233
3234 mmio = qemu_mallocz(sizeof(subpage_t));
3235
3236 mmio->base = base;
3237 subpage_memory = cpu_register_io_memory(subpage_read, subpage_write, mmio);
3238 #if defined(DEBUG_SUBPAGE)
3239 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3240 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
3241 #endif
3242 *phys = subpage_memory | IO_MEM_SUBPAGE;
3243 subpage_register(mmio, 0, TARGET_PAGE_SIZE - 1, orig_memory,
3244 region_offset);
3245
3246 return mmio;
3247 }
3248
3249 static int get_free_io_mem_idx(void)
3250 {
3251 int i;
3252
3253 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3254 if (!io_mem_used[i]) {
3255 io_mem_used[i] = 1;
3256 return i;
3257 }
3258 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
3259 return -1;
3260 }
3261
3262 /* mem_read and mem_write are arrays of functions containing the
3263 function to access byte (index 0), word (index 1) and dword (index
3264 2). Functions can be omitted with a NULL function pointer.
3265 If io_index is non zero, the corresponding io zone is
3266 modified. If it is zero, a new io zone is allocated. The return
3267 value can be used with cpu_register_physical_memory(). (-1) is
3268 returned if error. */
3269 static int cpu_register_io_memory_fixed(int io_index,
3270 CPUReadMemoryFunc * const *mem_read,
3271 CPUWriteMemoryFunc * const *mem_write,
3272 void *opaque)
3273 {
3274 int i, subwidth = 0;
3275
3276 if (io_index <= 0) {
3277 io_index = get_free_io_mem_idx();
3278 if (io_index == -1)
3279 return io_index;
3280 } else {
3281 io_index >>= IO_MEM_SHIFT;
3282 if (io_index >= IO_MEM_NB_ENTRIES)
3283 return -1;
3284 }
3285
3286 for(i = 0;i < 3; i++) {
3287 if (!mem_read[i] || !mem_write[i])
3288 subwidth = IO_MEM_SUBWIDTH;
3289 io_mem_read[io_index][i] = mem_read[i];
3290 io_mem_write[io_index][i] = mem_write[i];
3291 }
3292 io_mem_opaque[io_index] = opaque;
3293 return (io_index << IO_MEM_SHIFT) | subwidth;
3294 }
3295
3296 int cpu_register_io_memory(CPUReadMemoryFunc * const *mem_read,
3297 CPUWriteMemoryFunc * const *mem_write,
3298 void *opaque)
3299 {
3300 return cpu_register_io_memory_fixed(0, mem_read, mem_write, opaque);
3301 }
3302
3303 void cpu_unregister_io_memory(int io_table_address)
3304 {
3305 int i;
3306 int io_index = io_table_address >> IO_MEM_SHIFT;
3307
3308 for (i=0;i < 3; i++) {
3309 io_mem_read[io_index][i] = unassigned_mem_read[i];
3310 io_mem_write[io_index][i] = unassigned_mem_write[i];
3311 }
3312 io_mem_opaque[io_index] = NULL;
3313 io_mem_used[io_index] = 0;
3314 }
3315
3316 static void io_mem_init(void)
3317 {
3318 int i;
3319
3320 cpu_register_io_memory_fixed(IO_MEM_ROM, error_mem_read, unassigned_mem_write, NULL);
3321 cpu_register_io_memory_fixed(IO_MEM_UNASSIGNED, unassigned_mem_read, unassigned_mem_write, NULL);
3322 cpu_register_io_memory_fixed(IO_MEM_NOTDIRTY, error_mem_read, notdirty_mem_write, NULL);
3323 for (i=0; i<5; i++)
3324 io_mem_used[i] = 1;
3325
3326 io_mem_watch = cpu_register_io_memory(watch_mem_read,
3327 watch_mem_write, NULL);
3328 }
3329
3330 #endif /* !defined(CONFIG_USER_ONLY) */
3331
3332 /* physical memory access (slow version, mainly for debug) */
3333 #if defined(CONFIG_USER_ONLY)
3334 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3335 uint8_t *buf, int len, int is_write)
3336 {
3337 int l, flags;
3338 target_ulong page;
3339 void * p;
3340
3341 while (len > 0) {
3342 page = addr & TARGET_PAGE_MASK;
3343 l = (page + TARGET_PAGE_SIZE) - addr;
3344 if (l > len)
3345 l = len;
3346 flags = page_get_flags(page);
3347 if (!(flags & PAGE_VALID))
3348 return -1;
3349 if (is_write) {
3350 if (!(flags & PAGE_WRITE))
3351 return -1;
3352 /* XXX: this code should not depend on lock_user */
3353 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3354 return -1;
3355 memcpy(p, buf, l);
3356 unlock_user(p, addr, l);
3357 } else {
3358 if (!(flags & PAGE_READ))
3359 return -1;
3360 /* XXX: this code should not depend on lock_user */
3361 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3362 return -1;
3363 memcpy(buf, p, l);
3364 unlock_user(p, addr, 0);
3365 }
3366 len -= l;
3367 buf += l;
3368 addr += l;
3369 }
3370 return 0;
3371 }
3372
3373 #else
3374 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3375 int len, int is_write)
3376 {
3377 int l, io_index;
3378 uint8_t *ptr;
3379 uint32_t val;
3380 target_phys_addr_t page;
3381 unsigned long pd;
3382 PhysPageDesc *p;
3383
3384 while (len > 0) {
3385 page = addr & TARGET_PAGE_MASK;
3386 l = (page + TARGET_PAGE_SIZE) - addr;
3387 if (l > len)
3388 l = len;
3389 p = phys_page_find(page >> TARGET_PAGE_BITS);
3390 if (!p) {
3391 pd = IO_MEM_UNASSIGNED;
3392 } else {
3393 pd = p->phys_offset;
3394 }
3395
3396 if (is_write) {
3397 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3398 target_phys_addr_t addr1 = addr;
3399 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3400 if (p)
3401 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3402 /* XXX: could force cpu_single_env to NULL to avoid
3403 potential bugs */
3404 if (l >= 4 && ((addr1 & 3) == 0)) {
3405 /* 32 bit write access */
3406 val = ldl_p(buf);
3407 io_mem_write[io_index][2](io_mem_opaque[io_index], addr1, val);
3408 l = 4;
3409 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3410 /* 16 bit write access */
3411 val = lduw_p(buf);
3412 io_mem_write[io_index][1](io_mem_opaque[io_index], addr1, val);
3413 l = 2;
3414 } else {
3415 /* 8 bit write access */
3416 val = ldub_p(buf);
3417 io_mem_write[io_index][0](io_mem_opaque[io_index], addr1, val);
3418 l = 1;
3419 }
3420 } else {
3421 unsigned long addr1;
3422 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3423 /* RAM case */
3424 ptr = qemu_get_ram_ptr(addr1);
3425 memcpy(ptr, buf, l);
3426 if (!cpu_physical_memory_is_dirty(addr1)) {
3427 /* invalidate code */
3428 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3429 /* set dirty bit */
3430 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3431 (0xff & ~CODE_DIRTY_FLAG);
3432 }
3433 /* qemu doesn't execute guest code directly, but kvm does
3434 therefore flush instruction caches */
3435 if (kvm_enabled())
3436 flush_icache_range((unsigned long)ptr,
3437 ((unsigned long)ptr)+l);
3438 }
3439 } else {
3440 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3441 !(pd & IO_MEM_ROMD)) {
3442 target_phys_addr_t addr1 = addr;
3443 /* I/O case */
3444 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3445 if (p)
3446 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3447 if (l >= 4 && ((addr1 & 3) == 0)) {
3448 /* 32 bit read access */
3449 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr1);
3450 stl_p(buf, val);
3451 l = 4;
3452 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3453 /* 16 bit read access */
3454 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr1);
3455 stw_p(buf, val);
3456 l = 2;
3457 } else {
3458 /* 8 bit read access */
3459 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr1);
3460 stb_p(buf, val);
3461 l = 1;
3462 }
3463 } else {
3464 /* RAM case */
3465 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3466 (addr & ~TARGET_PAGE_MASK);
3467 memcpy(buf, ptr, l);
3468 }
3469 }
3470 len -= l;
3471 buf += l;
3472 addr += l;
3473 }
3474 }
3475
3476 /* used for ROM loading : can write in RAM and ROM */
3477 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
3478 const uint8_t *buf, int len)
3479 {
3480 int l;
3481 uint8_t *ptr;
3482 target_phys_addr_t page;
3483 unsigned long pd;
3484 PhysPageDesc *p;
3485
3486 while (len > 0) {
3487 page = addr & TARGET_PAGE_MASK;
3488 l = (page + TARGET_PAGE_SIZE) - addr;
3489 if (l > len)
3490 l = len;
3491 p = phys_page_find(page >> TARGET_PAGE_BITS);
3492 if (!p) {
3493 pd = IO_MEM_UNASSIGNED;
3494 } else {
3495 pd = p->phys_offset;
3496 }
3497
3498 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
3499 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
3500 !(pd & IO_MEM_ROMD)) {
3501 /* do nothing */
3502 } else {
3503 unsigned long addr1;
3504 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3505 /* ROM/RAM case */
3506 ptr = qemu_get_ram_ptr(addr1);
3507 memcpy(ptr, buf, l);
3508 }
3509 len -= l;
3510 buf += l;
3511 addr += l;
3512 }
3513 }
3514
3515 typedef struct {
3516 void *buffer;
3517 target_phys_addr_t addr;
3518 target_phys_addr_t len;
3519 } BounceBuffer;
3520
3521 static BounceBuffer bounce;
3522
3523 typedef struct MapClient {
3524 void *opaque;
3525 void (*callback)(void *opaque);
3526 QLIST_ENTRY(MapClient) link;
3527 } MapClient;
3528
3529 static QLIST_HEAD(map_client_list, MapClient) map_client_list
3530 = QLIST_HEAD_INITIALIZER(map_client_list);
3531
3532 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3533 {
3534 MapClient *client = qemu_malloc(sizeof(*client));
3535
3536 client->opaque = opaque;
3537 client->callback = callback;
3538 QLIST_INSERT_HEAD(&map_client_list, client, link);
3539 return client;
3540 }
3541
3542 void cpu_unregister_map_client(void *_client)
3543 {
3544 MapClient *client = (MapClient *)_client;
3545
3546 QLIST_REMOVE(client, link);
3547 qemu_free(client);
3548 }
3549
3550 static void cpu_notify_map_clients(void)
3551 {
3552 MapClient *client;
3553
3554 while (!QLIST_EMPTY(&map_client_list)) {
3555 client = QLIST_FIRST(&map_client_list);
3556 client->callback(client->opaque);
3557 cpu_unregister_map_client(client);
3558 }
3559 }
3560
3561 /* Map a physical memory region into a host virtual address.
3562 * May map a subset of the requested range, given by and returned in *plen.
3563 * May return NULL if resources needed to perform the mapping are exhausted.
3564 * Use only for reads OR writes - not for read-modify-write operations.
3565 * Use cpu_register_map_client() to know when retrying the map operation is
3566 * likely to succeed.
3567 */
3568 void *cpu_physical_memory_map(target_phys_addr_t addr,
3569 target_phys_addr_t *plen,
3570 int is_write)
3571 {
3572 target_phys_addr_t len = *plen;
3573 target_phys_addr_t done = 0;
3574 int l;
3575 uint8_t *ret = NULL;
3576 uint8_t *ptr;
3577 target_phys_addr_t page;
3578 unsigned long pd;
3579 PhysPageDesc *p;
3580 unsigned long addr1;
3581
3582 while (len > 0) {
3583 page = addr & TARGET_PAGE_MASK;
3584 l = (page + TARGET_PAGE_SIZE) - addr;
3585 if (l > len)
3586 l = len;
3587 p = phys_page_find(page >> TARGET_PAGE_BITS);
3588 if (!p) {
3589 pd = IO_MEM_UNASSIGNED;
3590 } else {
3591 pd = p->phys_offset;
3592 }
3593
3594 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3595 if (done || bounce.buffer) {
3596 break;
3597 }
3598 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3599 bounce.addr = addr;
3600 bounce.len = l;
3601 if (!is_write) {
3602 cpu_physical_memory_rw(addr, bounce.buffer, l, 0);
3603 }
3604 ptr = bounce.buffer;
3605 } else {
3606 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3607 ptr = qemu_get_ram_ptr(addr1);
3608 }
3609 if (!done) {
3610 ret = ptr;
3611 } else if (ret + done != ptr) {
3612 break;
3613 }
3614
3615 len -= l;
3616 addr += l;
3617 done += l;
3618 }
3619 *plen = done;
3620 return ret;
3621 }
3622
3623 /* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3624 * Will also mark the memory as dirty if is_write == 1. access_len gives
3625 * the amount of memory that was actually read or written by the caller.
3626 */
3627 void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3628 int is_write, target_phys_addr_t access_len)
3629 {
3630 unsigned long flush_len = (unsigned long)access_len;
3631
3632 if (buffer != bounce.buffer) {
3633 if (is_write) {
3634 ram_addr_t addr1 = qemu_ram_addr_from_host(buffer);
3635 while (access_len) {
3636 unsigned l;
3637 l = TARGET_PAGE_SIZE;
3638 if (l > access_len)
3639 l = access_len;
3640 if (!cpu_physical_memory_is_dirty(addr1)) {
3641 /* invalidate code */
3642 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3643 /* set dirty bit */
3644 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3645 (0xff & ~CODE_DIRTY_FLAG);
3646 }
3647 addr1 += l;
3648 access_len -= l;
3649 }
3650 dma_flush_range((unsigned long)buffer,
3651 (unsigned long)buffer + flush_len);
3652 }
3653 return;
3654 }
3655 if (is_write) {
3656 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3657 }
3658 qemu_vfree(bounce.buffer);
3659 bounce.buffer = NULL;
3660 cpu_notify_map_clients();
3661 }
3662
3663 /* warning: addr must be aligned */
3664 uint32_t ldl_phys(target_phys_addr_t addr)
3665 {
3666 int io_index;
3667 uint8_t *ptr;
3668 uint32_t val;
3669 unsigned long pd;
3670 PhysPageDesc *p;
3671
3672 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3673 if (!p) {
3674 pd = IO_MEM_UNASSIGNED;
3675 } else {
3676 pd = p->phys_offset;
3677 }
3678
3679 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3680 !(pd & IO_MEM_ROMD)) {
3681 /* I/O case */
3682 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3683 if (p)
3684 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3685 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3686 } else {
3687 /* RAM case */
3688 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3689 (addr & ~TARGET_PAGE_MASK);
3690 val = ldl_p(ptr);
3691 }
3692 return val;
3693 }
3694
3695 /* warning: addr must be aligned */
3696 uint64_t ldq_phys(target_phys_addr_t addr)
3697 {
3698 int io_index;
3699 uint8_t *ptr;
3700 uint64_t val;
3701 unsigned long pd;
3702 PhysPageDesc *p;
3703
3704 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3705 if (!p) {
3706 pd = IO_MEM_UNASSIGNED;
3707 } else {
3708 pd = p->phys_offset;
3709 }
3710
3711 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3712 !(pd & IO_MEM_ROMD)) {
3713 /* I/O case */
3714 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3715 if (p)
3716 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3717 #ifdef TARGET_WORDS_BIGENDIAN
3718 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
3719 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
3720 #else
3721 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3722 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
3723 #endif
3724 } else {
3725 /* RAM case */
3726 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3727 (addr & ~TARGET_PAGE_MASK);
3728 val = ldq_p(ptr);
3729 }
3730 return val;
3731 }
3732
3733 /* XXX: optimize */
3734 uint32_t ldub_phys(target_phys_addr_t addr)
3735 {
3736 uint8_t val;
3737 cpu_physical_memory_read(addr, &val, 1);
3738 return val;
3739 }
3740
3741 /* XXX: optimize */
3742 uint32_t lduw_phys(target_phys_addr_t addr)
3743 {
3744 uint16_t val;
3745 cpu_physical_memory_read(addr, (uint8_t *)&val, 2);
3746 return tswap16(val);
3747 }
3748
3749 /* warning: addr must be aligned. The ram page is not masked as dirty
3750 and the code inside is not invalidated. It is useful if the dirty
3751 bits are used to track modified PTEs */
3752 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
3753 {
3754 int io_index;
3755 uint8_t *ptr;
3756 unsigned long pd;
3757 PhysPageDesc *p;
3758
3759 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3760 if (!p) {
3761 pd = IO_MEM_UNASSIGNED;
3762 } else {
3763 pd = p->phys_offset;
3764 }
3765
3766 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3767 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3768 if (p)
3769 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3770 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3771 } else {
3772 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3773 ptr = qemu_get_ram_ptr(addr1);
3774 stl_p(ptr, val);
3775
3776 if (unlikely(in_migration)) {
3777 if (!cpu_physical_memory_is_dirty(addr1)) {
3778 /* invalidate code */
3779 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3780 /* set dirty bit */
3781 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3782 (0xff & ~CODE_DIRTY_FLAG);
3783 }
3784 }
3785 }
3786 }
3787
3788 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
3789 {
3790 int io_index;
3791 uint8_t *ptr;
3792 unsigned long pd;
3793 PhysPageDesc *p;
3794
3795 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3796 if (!p) {
3797 pd = IO_MEM_UNASSIGNED;
3798 } else {
3799 pd = p->phys_offset;
3800 }
3801
3802 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3803 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3804 if (p)
3805 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3806 #ifdef TARGET_WORDS_BIGENDIAN
3807 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
3808 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
3809 #else
3810 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3811 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
3812 #endif
3813 } else {
3814 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3815 (addr & ~TARGET_PAGE_MASK);
3816 stq_p(ptr, val);
3817 }
3818 }
3819
3820 /* warning: addr must be aligned */
3821 void stl_phys(target_phys_addr_t addr, uint32_t val)
3822 {
3823 int io_index;
3824 uint8_t *ptr;
3825 unsigned long pd;
3826 PhysPageDesc *p;
3827
3828 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3829 if (!p) {
3830 pd = IO_MEM_UNASSIGNED;
3831 } else {
3832 pd = p->phys_offset;
3833 }
3834
3835 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3836 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3837 if (p)
3838 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3839 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3840 } else {
3841 unsigned long addr1;
3842 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3843 /* RAM case */
3844 ptr = qemu_get_ram_ptr(addr1);
3845 stl_p(ptr, val);
3846 if (!cpu_physical_memory_is_dirty(addr1)) {
3847 /* invalidate code */
3848 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3849 /* set dirty bit */
3850 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
3851 (0xff & ~CODE_DIRTY_FLAG);
3852 }
3853 }
3854 }
3855
3856 /* XXX: optimize */
3857 void stb_phys(target_phys_addr_t addr, uint32_t val)
3858 {
3859 uint8_t v = val;
3860 cpu_physical_memory_write(addr, &v, 1);
3861 }
3862
3863 /* XXX: optimize */
3864 void stw_phys(target_phys_addr_t addr, uint32_t val)
3865 {
3866 uint16_t v = tswap16(val);
3867 cpu_physical_memory_write(addr, (const uint8_t *)&v, 2);
3868 }
3869
3870 /* XXX: optimize */
3871 void stq_phys(target_phys_addr_t addr, uint64_t val)
3872 {
3873 val = tswap64(val);
3874 cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
3875 }
3876
3877 /* virtual memory access for debug (includes writing to ROM) */
3878 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3879 uint8_t *buf, int len, int is_write)
3880 {
3881 int l;
3882 target_phys_addr_t phys_addr;
3883 target_ulong page;
3884
3885 while (len > 0) {
3886 page = addr & TARGET_PAGE_MASK;
3887 phys_addr = cpu_get_phys_page_debug(env, page);
3888 /* if no physical page mapped, return an error */
3889 if (phys_addr == -1)
3890 return -1;
3891 l = (page + TARGET_PAGE_SIZE) - addr;
3892 if (l > len)
3893 l = len;
3894 phys_addr += (addr & ~TARGET_PAGE_MASK);
3895 if (is_write)
3896 cpu_physical_memory_write_rom(phys_addr, buf, l);
3897 else
3898 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
3899 len -= l;
3900 buf += l;
3901 addr += l;
3902 }
3903 return 0;
3904 }
3905 #endif
3906
3907 /* in deterministic execution mode, instructions doing device I/Os
3908 must be at the end of the TB */
3909 void cpu_io_recompile(CPUState *env, void *retaddr)
3910 {
3911 TranslationBlock *tb;
3912 uint32_t n, cflags;
3913 target_ulong pc, cs_base;
3914 uint64_t flags;
3915
3916 tb = tb_find_pc((unsigned long)retaddr);
3917 if (!tb) {
3918 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
3919 retaddr);
3920 }
3921 n = env->icount_decr.u16.low + tb->icount;
3922 cpu_restore_state(tb, env, (unsigned long)retaddr, NULL);
3923 /* Calculate how many instructions had been executed before the fault
3924 occurred. */
3925 n = n - env->icount_decr.u16.low;
3926 /* Generate a new TB ending on the I/O insn. */
3927 n++;
3928 /* On MIPS and SH, delay slot instructions can only be restarted if
3929 they were already the first instruction in the TB. If this is not
3930 the first instruction in a TB then re-execute the preceding
3931 branch. */
3932 #if defined(TARGET_MIPS)
3933 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
3934 env->active_tc.PC -= 4;
3935 env->icount_decr.u16.low++;
3936 env->hflags &= ~MIPS_HFLAG_BMASK;
3937 }
3938 #elif defined(TARGET_SH4)
3939 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
3940 && n > 1) {
3941 env->pc -= 2;
3942 env->icount_decr.u16.low++;
3943 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
3944 }
3945 #endif
3946 /* This should never happen. */
3947 if (n > CF_COUNT_MASK)
3948 cpu_abort(env, "TB too big during recompile");
3949
3950 cflags = n | CF_LAST_IO;
3951 pc = tb->pc;
3952 cs_base = tb->cs_base;
3953 flags = tb->flags;
3954 tb_phys_invalidate(tb, -1);
3955 /* FIXME: In theory this could raise an exception. In practice
3956 we have already translated the block once so it's probably ok. */
3957 tb_gen_code(env, pc, cs_base, flags, cflags);
3958 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
3959 the first in the TB) then we end up generating a whole new TB and
3960 repeating the fault, which is horribly inefficient.
3961 Better would be to execute just this insn uncached, or generate a
3962 second new TB. */
3963 cpu_resume_from_signal(env, NULL);
3964 }
3965
3966 #if !defined(CONFIG_USER_ONLY)
3967
3968 void dump_exec_info(FILE *f,
3969 int (*cpu_fprintf)(FILE *f, const char *fmt, ...))
3970 {
3971 int i, target_code_size, max_target_code_size;
3972 int direct_jmp_count, direct_jmp2_count, cross_page;
3973 TranslationBlock *tb;
3974
3975 target_code_size = 0;
3976 max_target_code_size = 0;
3977 cross_page = 0;
3978 direct_jmp_count = 0;
3979 direct_jmp2_count = 0;
3980 for(i = 0; i < nb_tbs; i++) {
3981 tb = &tbs[i];
3982 target_code_size += tb->size;
3983 if (tb->size > max_target_code_size)
3984 max_target_code_size = tb->size;
3985 if (tb->page_addr[1] != -1)
3986 cross_page++;
3987 if (tb->tb_next_offset[0] != 0xffff) {
3988 direct_jmp_count++;
3989 if (tb->tb_next_offset[1] != 0xffff) {
3990 direct_jmp2_count++;
3991 }
3992 }
3993 }
3994 /* XXX: avoid using doubles ? */
3995 cpu_fprintf(f, "Translation buffer state:\n");
3996 cpu_fprintf(f, "gen code size %ld/%ld\n",
3997 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
3998 cpu_fprintf(f, "TB count %d/%d\n",
3999 nb_tbs, code_gen_max_blocks);
4000 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
4001 nb_tbs ? target_code_size / nb_tbs : 0,
4002 max_target_code_size);
4003 cpu_fprintf(f, "TB avg host size %d bytes (expansion ratio: %0.1f)\n",
4004 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4005 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
4006 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4007 cross_page,
4008 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4009 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
4010 direct_jmp_count,
4011 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4012 direct_jmp2_count,
4013 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
4014 cpu_fprintf(f, "\nStatistics:\n");
4015 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4016 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4017 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
4018 #ifdef CONFIG_PROFILER
4019 tcg_dump_info(f, cpu_fprintf);
4020 #endif
4021 }
4022
4023 #define MMUSUFFIX _cmmu
4024 #define GETPC() NULL
4025 #define env cpu_single_env
4026 #define SOFTMMU_CODE_ACCESS
4027
4028 #define SHIFT 0
4029 #include "softmmu_template.h"
4030
4031 #define SHIFT 1
4032 #include "softmmu_template.h"
4033
4034 #define SHIFT 2
4035 #include "softmmu_template.h"
4036
4037 #define SHIFT 3
4038 #include "softmmu_template.h"
4039
4040 #undef env
4041
4042 #endif
AMD IOMMU emulation for KVM