search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
memory: inline a few small accessors
[qemu.git] / exec.c
blob1597e8ab4835e339682e7c926fea9ba2a82b2235
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53 #include "sysemu/replay.h"
54
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
57
58 #include "qemu/range.h"
59 #ifndef _WIN32
60 #include "qemu/mmap-alloc.h"
61 #endif
62
63 //#define DEBUG_SUBPAGE
64
65 #if !defined(CONFIG_USER_ONLY)
66 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
67 * are protected by the ramlist lock.
68 */
69 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
70
71 static MemoryRegion *system_memory;
72 static MemoryRegion *system_io;
73
74 AddressSpace address_space_io;
75 AddressSpace address_space_memory;
76
77 MemoryRegion io_mem_rom, io_mem_notdirty;
78 static MemoryRegion io_mem_unassigned;
79
80 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
81 #define RAM_PREALLOC (1 << 0)
82
83 /* RAM is mmap-ed with MAP_SHARED */
84 #define RAM_SHARED (1 << 1)
85
86 /* Only a portion of RAM (used_length) is actually used, and migrated.
87 * This used_length size can change across reboots.
88 */
89 #define RAM_RESIZEABLE (1 << 2)
90
91 #endif
92
93 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
94 /* current CPU in the current thread. It is only valid inside
95 cpu_exec() */
96 __thread CPUState *current_cpu;
97 /* 0 = Do not count executed instructions.
98 1 = Precise instruction counting.
99 2 = Adaptive rate instruction counting. */
100 int use_icount;
101
102 #if !defined(CONFIG_USER_ONLY)
103
104 typedef struct PhysPageEntry PhysPageEntry;
105
106 struct PhysPageEntry {
107 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
108 uint32_t skip : 6;
109 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
110 uint32_t ptr : 26;
111 };
112
113 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
114
115 /* Size of the L2 (and L3, etc) page tables. */
116 #define ADDR_SPACE_BITS 64
117
118 #define P_L2_BITS 9
119 #define P_L2_SIZE (1 << P_L2_BITS)
120
121 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
122
123 typedef PhysPageEntry Node[P_L2_SIZE];
124
125 typedef struct PhysPageMap {
126 struct rcu_head rcu;
127
128 unsigned sections_nb;
129 unsigned sections_nb_alloc;
130 unsigned nodes_nb;
131 unsigned nodes_nb_alloc;
132 Node *nodes;
133 MemoryRegionSection *sections;
134 } PhysPageMap;
135
136 struct AddressSpaceDispatch {
137 struct rcu_head rcu;
138
139 /* This is a multi-level map on the physical address space.
140 * The bottom level has pointers to MemoryRegionSections.
141 */
142 PhysPageEntry phys_map;
143 PhysPageMap map;
144 AddressSpace *as;
145 };
146
147 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
148 typedef struct subpage_t {
149 MemoryRegion iomem;
150 AddressSpace *as;
151 hwaddr base;
152 uint16_t sub_section[TARGET_PAGE_SIZE];
153 } subpage_t;
154
155 #define PHYS_SECTION_UNASSIGNED 0
156 #define PHYS_SECTION_NOTDIRTY 1
157 #define PHYS_SECTION_ROM 2
158 #define PHYS_SECTION_WATCH 3
159
160 static void io_mem_init(void);
161 static void memory_map_init(void);
162 static void tcg_commit(MemoryListener *listener);
163
164 static MemoryRegion io_mem_watch;
165
166 /**
167 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
168 * @cpu: the CPU whose AddressSpace this is
169 * @as: the AddressSpace itself
170 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
171 * @tcg_as_listener: listener for tracking changes to the AddressSpace
172 */
173 struct CPUAddressSpace {
174 CPUState *cpu;
175 AddressSpace *as;
176 struct AddressSpaceDispatch *memory_dispatch;
177 MemoryListener tcg_as_listener;
178 };
179
180 #endif
181
182 #if !defined(CONFIG_USER_ONLY)
183
184 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
185 {
186 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
187 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
188 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
189 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
190 }
191 }
192
193 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
194 {
195 unsigned i;
196 uint32_t ret;
197 PhysPageEntry e;
198 PhysPageEntry *p;
199
200 ret = map->nodes_nb++;
201 p = map->nodes[ret];
202 assert(ret != PHYS_MAP_NODE_NIL);
203 assert(ret != map->nodes_nb_alloc);
204
205 e.skip = leaf ? 0 : 1;
206 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
207 for (i = 0; i < P_L2_SIZE; ++i) {
208 memcpy(&p[i], &e, sizeof(e));
209 }
210 return ret;
211 }
212
213 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
214 hwaddr *index, hwaddr *nb, uint16_t leaf,
215 int level)
216 {
217 PhysPageEntry *p;
218 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
219
220 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
221 lp->ptr = phys_map_node_alloc(map, level == 0);
222 }
223 p = map->nodes[lp->ptr];
224 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
225
226 while (*nb && lp < &p[P_L2_SIZE]) {
227 if ((*index & (step - 1)) == 0 && *nb >= step) {
228 lp->skip = 0;
229 lp->ptr = leaf;
230 *index += step;
231 *nb -= step;
232 } else {
233 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
234 }
235 ++lp;
236 }
237 }
238
239 static void phys_page_set(AddressSpaceDispatch *d,
240 hwaddr index, hwaddr nb,
241 uint16_t leaf)
242 {
243 /* Wildly overreserve - it doesn't matter much. */
244 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
245
246 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
247 }
248
249 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
250 * and update our entry so we can skip it and go directly to the destination.
251 */
252 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
253 {
254 unsigned valid_ptr = P_L2_SIZE;
255 int valid = 0;
256 PhysPageEntry *p;
257 int i;
258
259 if (lp->ptr == PHYS_MAP_NODE_NIL) {
260 return;
261 }
262
263 p = nodes[lp->ptr];
264 for (i = 0; i < P_L2_SIZE; i++) {
265 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
266 continue;
267 }
268
269 valid_ptr = i;
270 valid++;
271 if (p[i].skip) {
272 phys_page_compact(&p[i], nodes, compacted);
273 }
274 }
275
276 /* We can only compress if there's only one child. */
277 if (valid != 1) {
278 return;
279 }
280
281 assert(valid_ptr < P_L2_SIZE);
282
283 /* Don't compress if it won't fit in the # of bits we have. */
284 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
285 return;
286 }
287
288 lp->ptr = p[valid_ptr].ptr;
289 if (!p[valid_ptr].skip) {
290 /* If our only child is a leaf, make this a leaf. */
291 /* By design, we should have made this node a leaf to begin with so we
292 * should never reach here.
293 * But since it's so simple to handle this, let's do it just in case we
294 * change this rule.
295 */
296 lp->skip = 0;
297 } else {
298 lp->skip += p[valid_ptr].skip;
299 }
300 }
301
302 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
303 {
304 DECLARE_BITMAP(compacted, nodes_nb);
305
306 if (d->phys_map.skip) {
307 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
308 }
309 }
310
311 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
312 Node *nodes, MemoryRegionSection *sections)
313 {
314 PhysPageEntry *p;
315 hwaddr index = addr >> TARGET_PAGE_BITS;
316 int i;
317
318 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
319 if (lp.ptr == PHYS_MAP_NODE_NIL) {
320 return &sections[PHYS_SECTION_UNASSIGNED];
321 }
322 p = nodes[lp.ptr];
323 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
324 }
325
326 if (sections[lp.ptr].size.hi ||
327 range_covers_byte(sections[lp.ptr].offset_within_address_space,
328 sections[lp.ptr].size.lo, addr)) {
329 return &sections[lp.ptr];
330 } else {
331 return &sections[PHYS_SECTION_UNASSIGNED];
332 }
333 }
334
335 bool memory_region_is_unassigned(MemoryRegion *mr)
336 {
337 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
338 && mr != &io_mem_watch;
339 }
340
341 /* Called from RCU critical section */
342 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
343 hwaddr addr,
344 bool resolve_subpage)
345 {
346 MemoryRegionSection *section;
347 subpage_t *subpage;
348
349 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
350 if (resolve_subpage && section->mr->subpage) {
351 subpage = container_of(section->mr, subpage_t, iomem);
352 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
353 }
354 return section;
355 }
356
357 /* Called from RCU critical section */
358 static MemoryRegionSection *
359 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
360 hwaddr *plen, bool resolve_subpage)
361 {
362 MemoryRegionSection *section;
363 MemoryRegion *mr;
364 Int128 diff;
365
366 section = address_space_lookup_region(d, addr, resolve_subpage);
367 /* Compute offset within MemoryRegionSection */
368 addr -= section->offset_within_address_space;
369
370 /* Compute offset within MemoryRegion */
371 *xlat = addr + section->offset_within_region;
372
373 mr = section->mr;
374
375 /* MMIO registers can be expected to perform full-width accesses based only
376 * on their address, without considering adjacent registers that could
377 * decode to completely different MemoryRegions. When such registers
378 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
379 * regions overlap wildly. For this reason we cannot clamp the accesses
380 * here.
381 *
382 * If the length is small (as is the case for address_space_ldl/stl),
383 * everything works fine. If the incoming length is large, however,
384 * the caller really has to do the clamping through memory_access_size.
385 */
386 if (memory_region_is_ram(mr)) {
387 diff = int128_sub(section->size, int128_make64(addr));
388 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
389 }
390 return section;
391 }
392
393 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
394 {
395 if (is_write) {
396 return memory_region_is_ram(mr) && !mr->readonly;
397 } else {
398 return memory_region_is_ram(mr) || memory_region_is_romd(mr);
399 }
400
401 return false;
402 }
403
404 /* Called from RCU critical section */
405 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
406 hwaddr *xlat, hwaddr *plen,
407 bool is_write)
408 {
409 IOMMUTLBEntry iotlb;
410 MemoryRegionSection *section;
411 MemoryRegion *mr;
412
413 for (;;) {
414 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
415 section = address_space_translate_internal(d, addr, &addr, plen, true);
416 mr = section->mr;
417
418 if (!mr->iommu_ops) {
419 break;
420 }
421
422 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
423 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
424 | (addr & iotlb.addr_mask));
425 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
426 if (!(iotlb.perm & (1 << is_write))) {
427 mr = &io_mem_unassigned;
428 break;
429 }
430
431 as = iotlb.target_as;
432 }
433
434 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
435 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
436 *plen = MIN(page, *plen);
437 }
438
439 *xlat = addr;
440 return mr;
441 }
442
443 /* Called from RCU critical section */
444 MemoryRegionSection *
445 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
446 hwaddr *xlat, hwaddr *plen)
447 {
448 MemoryRegionSection *section;
449 section = address_space_translate_internal(cpu->cpu_ases[0].memory_dispatch,
450 addr, xlat, plen, false);
451
452 assert(!section->mr->iommu_ops);
453 return section;
454 }
455 #endif
456
457 #if !defined(CONFIG_USER_ONLY)
458
459 static int cpu_common_post_load(void *opaque, int version_id)
460 {
461 CPUState *cpu = opaque;
462
463 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
464 version_id is increased. */
465 cpu->interrupt_request &= ~0x01;
466 tlb_flush(cpu, 1);
467
468 return 0;
469 }
470
471 static int cpu_common_pre_load(void *opaque)
472 {
473 CPUState *cpu = opaque;
474
475 cpu->exception_index = -1;
476
477 return 0;
478 }
479
480 static bool cpu_common_exception_index_needed(void *opaque)
481 {
482 CPUState *cpu = opaque;
483
484 return tcg_enabled() && cpu->exception_index != -1;
485 }
486
487 static const VMStateDescription vmstate_cpu_common_exception_index = {
488 .name = "cpu_common/exception_index",
489 .version_id = 1,
490 .minimum_version_id = 1,
491 .needed = cpu_common_exception_index_needed,
492 .fields = (VMStateField[]) {
493 VMSTATE_INT32(exception_index, CPUState),
494 VMSTATE_END_OF_LIST()
495 }
496 };
497
498 static bool cpu_common_crash_occurred_needed(void *opaque)
499 {
500 CPUState *cpu = opaque;
501
502 return cpu->crash_occurred;
503 }
504
505 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
506 .name = "cpu_common/crash_occurred",
507 .version_id = 1,
508 .minimum_version_id = 1,
509 .needed = cpu_common_crash_occurred_needed,
510 .fields = (VMStateField[]) {
511 VMSTATE_BOOL(crash_occurred, CPUState),
512 VMSTATE_END_OF_LIST()
513 }
514 };
515
516 const VMStateDescription vmstate_cpu_common = {
517 .name = "cpu_common",
518 .version_id = 1,
519 .minimum_version_id = 1,
520 .pre_load = cpu_common_pre_load,
521 .post_load = cpu_common_post_load,
522 .fields = (VMStateField[]) {
523 VMSTATE_UINT32(halted, CPUState),
524 VMSTATE_UINT32(interrupt_request, CPUState),
525 VMSTATE_END_OF_LIST()
526 },
527 .subsections = (const VMStateDescription*[]) {
528 &vmstate_cpu_common_exception_index,
529 &vmstate_cpu_common_crash_occurred,
530 NULL
531 }
532 };
533
534 #endif
535
536 CPUState *qemu_get_cpu(int index)
537 {
538 CPUState *cpu;
539
540 CPU_FOREACH(cpu) {
541 if (cpu->cpu_index == index) {
542 return cpu;
543 }
544 }
545
546 return NULL;
547 }
548
549 #if !defined(CONFIG_USER_ONLY)
550 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
551 {
552 /* We only support one address space per cpu at the moment. */
553 assert(cpu->as == as);
554
555 if (cpu->cpu_ases) {
556 /* We've already registered the listener for our only AS */
557 return;
558 }
559
560 cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
561 cpu->cpu_ases[0].cpu = cpu;
562 cpu->cpu_ases[0].as = as;
563 cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
564 memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as);
565 }
566 #endif
567
568 #ifndef CONFIG_USER_ONLY
569 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
570
571 static int cpu_get_free_index(Error **errp)
572 {
573 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
574
575 if (cpu >= MAX_CPUMASK_BITS) {
576 error_setg(errp, "Trying to use more CPUs than max of %d",
577 MAX_CPUMASK_BITS);
578 return -1;
579 }
580
581 bitmap_set(cpu_index_map, cpu, 1);
582 return cpu;
583 }
584
585 void cpu_exec_exit(CPUState *cpu)
586 {
587 if (cpu->cpu_index == -1) {
588 /* cpu_index was never allocated by this @cpu or was already freed. */
589 return;
590 }
591
592 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
593 cpu->cpu_index = -1;
594 }
595 #else
596
597 static int cpu_get_free_index(Error **errp)
598 {
599 CPUState *some_cpu;
600 int cpu_index = 0;
601
602 CPU_FOREACH(some_cpu) {
603 cpu_index++;
604 }
605 return cpu_index;
606 }
607
608 void cpu_exec_exit(CPUState *cpu)
609 {
610 }
611 #endif
612
613 void cpu_exec_init(CPUState *cpu, Error **errp)
614 {
615 CPUClass *cc = CPU_GET_CLASS(cpu);
616 int cpu_index;
617 Error *local_err = NULL;
618
619 #ifndef CONFIG_USER_ONLY
620 cpu->as = &address_space_memory;
621 cpu->thread_id = qemu_get_thread_id();
622 #endif
623
624 #if defined(CONFIG_USER_ONLY)
625 cpu_list_lock();
626 #endif
627 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
628 if (local_err) {
629 error_propagate(errp, local_err);
630 #if defined(CONFIG_USER_ONLY)
631 cpu_list_unlock();
632 #endif
633 return;
634 }
635 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
636 #if defined(CONFIG_USER_ONLY)
637 cpu_list_unlock();
638 #endif
639 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
640 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
641 }
642 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
643 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
644 cpu_save, cpu_load, cpu->env_ptr);
645 assert(cc->vmsd == NULL);
646 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
647 #endif
648 if (cc->vmsd != NULL) {
649 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
650 }
651 }
652
653 #if defined(CONFIG_USER_ONLY)
654 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
655 {
656 tb_invalidate_phys_page_range(pc, pc + 1, 0);
657 }
658 #else
659 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
660 {
661 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
662 if (phys != -1) {
663 tb_invalidate_phys_addr(cpu->as,
664 phys | (pc & ~TARGET_PAGE_MASK));
665 }
666 }
667 #endif
668
669 #if defined(CONFIG_USER_ONLY)
670 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
671
672 {
673 }
674
675 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
676 int flags)
677 {
678 return -ENOSYS;
679 }
680
681 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
682 {
683 }
684
685 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
686 int flags, CPUWatchpoint **watchpoint)
687 {
688 return -ENOSYS;
689 }
690 #else
691 /* Add a watchpoint. */
692 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
693 int flags, CPUWatchpoint **watchpoint)
694 {
695 CPUWatchpoint *wp;
696
697 /* forbid ranges which are empty or run off the end of the address space */
698 if (len == 0 || (addr + len - 1) < addr) {
699 error_report("tried to set invalid watchpoint at %"
700 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
701 return -EINVAL;
702 }
703 wp = g_malloc(sizeof(*wp));
704
705 wp->vaddr = addr;
706 wp->len = len;
707 wp->flags = flags;
708
709 /* keep all GDB-injected watchpoints in front */
710 if (flags & BP_GDB) {
711 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
712 } else {
713 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
714 }
715
716 tlb_flush_page(cpu, addr);
717
718 if (watchpoint)
719 *watchpoint = wp;
720 return 0;
721 }
722
723 /* Remove a specific watchpoint. */
724 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
725 int flags)
726 {
727 CPUWatchpoint *wp;
728
729 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
730 if (addr == wp->vaddr && len == wp->len
731 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
732 cpu_watchpoint_remove_by_ref(cpu, wp);
733 return 0;
734 }
735 }
736 return -ENOENT;
737 }
738
739 /* Remove a specific watchpoint by reference. */
740 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
741 {
742 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
743
744 tlb_flush_page(cpu, watchpoint->vaddr);
745
746 g_free(watchpoint);
747 }
748
749 /* Remove all matching watchpoints. */
750 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
751 {
752 CPUWatchpoint *wp, *next;
753
754 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
755 if (wp->flags & mask) {
756 cpu_watchpoint_remove_by_ref(cpu, wp);
757 }
758 }
759 }
760
761 /* Return true if this watchpoint address matches the specified
762 * access (ie the address range covered by the watchpoint overlaps
763 * partially or completely with the address range covered by the
764 * access).
765 */
766 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
767 vaddr addr,
768 vaddr len)
769 {
770 /* We know the lengths are non-zero, but a little caution is
771 * required to avoid errors in the case where the range ends
772 * exactly at the top of the address space and so addr + len
773 * wraps round to zero.
774 */
775 vaddr wpend = wp->vaddr + wp->len - 1;
776 vaddr addrend = addr + len - 1;
777
778 return !(addr > wpend || wp->vaddr > addrend);
779 }
780
781 #endif
782
783 /* Add a breakpoint. */
784 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
785 CPUBreakpoint **breakpoint)
786 {
787 CPUBreakpoint *bp;
788
789 bp = g_malloc(sizeof(*bp));
790
791 bp->pc = pc;
792 bp->flags = flags;
793
794 /* keep all GDB-injected breakpoints in front */
795 if (flags & BP_GDB) {
796 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
797 } else {
798 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
799 }
800
801 breakpoint_invalidate(cpu, pc);
802
803 if (breakpoint) {
804 *breakpoint = bp;
805 }
806 return 0;
807 }
808
809 /* Remove a specific breakpoint. */
810 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
811 {
812 CPUBreakpoint *bp;
813
814 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
815 if (bp->pc == pc && bp->flags == flags) {
816 cpu_breakpoint_remove_by_ref(cpu, bp);
817 return 0;
818 }
819 }
820 return -ENOENT;
821 }
822
823 /* Remove a specific breakpoint by reference. */
824 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
825 {
826 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
827
828 breakpoint_invalidate(cpu, breakpoint->pc);
829
830 g_free(breakpoint);
831 }
832
833 /* Remove all matching breakpoints. */
834 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
835 {
836 CPUBreakpoint *bp, *next;
837
838 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
839 if (bp->flags & mask) {
840 cpu_breakpoint_remove_by_ref(cpu, bp);
841 }
842 }
843 }
844
845 /* enable or disable single step mode. EXCP_DEBUG is returned by the
846 CPU loop after each instruction */
847 void cpu_single_step(CPUState *cpu, int enabled)
848 {
849 if (cpu->singlestep_enabled != enabled) {
850 cpu->singlestep_enabled = enabled;
851 if (kvm_enabled()) {
852 kvm_update_guest_debug(cpu, 0);
853 } else {
854 /* must flush all the translated code to avoid inconsistencies */
855 /* XXX: only flush what is necessary */
856 tb_flush(cpu);
857 }
858 }
859 }
860
861 void cpu_abort(CPUState *cpu, const char *fmt, ...)
862 {
863 va_list ap;
864 va_list ap2;
865
866 va_start(ap, fmt);
867 va_copy(ap2, ap);
868 fprintf(stderr, "qemu: fatal: ");
869 vfprintf(stderr, fmt, ap);
870 fprintf(stderr, "\n");
871 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
872 if (qemu_log_separate()) {
873 qemu_log("qemu: fatal: ");
874 qemu_log_vprintf(fmt, ap2);
875 qemu_log("\n");
876 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
877 qemu_log_flush();
878 qemu_log_close();
879 }
880 va_end(ap2);
881 va_end(ap);
882 replay_finish();
883 #if defined(CONFIG_USER_ONLY)
884 {
885 struct sigaction act;
886 sigfillset(&act.sa_mask);
887 act.sa_handler = SIG_DFL;
888 sigaction(SIGABRT, &act, NULL);
889 }
890 #endif
891 abort();
892 }
893
894 #if !defined(CONFIG_USER_ONLY)
895 /* Called from RCU critical section */
896 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
897 {
898 RAMBlock *block;
899
900 block = atomic_rcu_read(&ram_list.mru_block);
901 if (block && addr - block->offset < block->max_length) {
902 return block;
903 }
904 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
905 if (addr - block->offset < block->max_length) {
906 goto found;
907 }
908 }
909
910 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
911 abort();
912
913 found:
914 /* It is safe to write mru_block outside the iothread lock. This
915 * is what happens:
916 *
917 * mru_block = xxx
918 * rcu_read_unlock()
919 * xxx removed from list
920 * rcu_read_lock()
921 * read mru_block
922 * mru_block = NULL;
923 * call_rcu(reclaim_ramblock, xxx);
924 * rcu_read_unlock()
925 *
926 * atomic_rcu_set is not needed here. The block was already published
927 * when it was placed into the list. Here we're just making an extra
928 * copy of the pointer.
929 */
930 ram_list.mru_block = block;
931 return block;
932 }
933
934 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
935 {
936 CPUState *cpu;
937 ram_addr_t start1;
938 RAMBlock *block;
939 ram_addr_t end;
940
941 end = TARGET_PAGE_ALIGN(start + length);
942 start &= TARGET_PAGE_MASK;
943
944 rcu_read_lock();
945 block = qemu_get_ram_block(start);
946 assert(block == qemu_get_ram_block(end - 1));
947 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
948 CPU_FOREACH(cpu) {
949 tlb_reset_dirty(cpu, start1, length);
950 }
951 rcu_read_unlock();
952 }
953
954 /* Note: start and end must be within the same ram block. */
955 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
956 ram_addr_t length,
957 unsigned client)
958 {
959 unsigned long end, page;
960 bool dirty;
961
962 if (length == 0) {
963 return false;
964 }
965
966 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
967 page = start >> TARGET_PAGE_BITS;
968 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
969 page, end - page);
970
971 if (dirty && tcg_enabled()) {
972 tlb_reset_dirty_range_all(start, length);
973 }
974
975 return dirty;
976 }
977
978 /* Called from RCU critical section */
979 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
980 MemoryRegionSection *section,
981 target_ulong vaddr,
982 hwaddr paddr, hwaddr xlat,
983 int prot,
984 target_ulong *address)
985 {
986 hwaddr iotlb;
987 CPUWatchpoint *wp;
988
989 if (memory_region_is_ram(section->mr)) {
990 /* Normal RAM. */
991 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
992 + xlat;
993 if (!section->readonly) {
994 iotlb |= PHYS_SECTION_NOTDIRTY;
995 } else {
996 iotlb |= PHYS_SECTION_ROM;
997 }
998 } else {
999 AddressSpaceDispatch *d;
1000
1001 d = atomic_rcu_read(&section->address_space->dispatch);
1002 iotlb = section - d->map.sections;
1003 iotlb += xlat;
1004 }
1005
1006 /* Make accesses to pages with watchpoints go via the
1007 watchpoint trap routines. */
1008 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1009 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1010 /* Avoid trapping reads of pages with a write breakpoint. */
1011 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1012 iotlb = PHYS_SECTION_WATCH + paddr;
1013 *address |= TLB_MMIO;
1014 break;
1015 }
1016 }
1017 }
1018
1019 return iotlb;
1020 }
1021 #endif /* defined(CONFIG_USER_ONLY) */
1022
1023 #if !defined(CONFIG_USER_ONLY)
1024
1025 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1026 uint16_t section);
1027 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1028
1029 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1030 qemu_anon_ram_alloc;
1031
1032 /*
1033 * Set a custom physical guest memory alloator.
1034 * Accelerators with unusual needs may need this. Hopefully, we can
1035 * get rid of it eventually.
1036 */
1037 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1038 {
1039 phys_mem_alloc = alloc;
1040 }
1041
1042 static uint16_t phys_section_add(PhysPageMap *map,
1043 MemoryRegionSection *section)
1044 {
1045 /* The physical section number is ORed with a page-aligned
1046 * pointer to produce the iotlb entries. Thus it should
1047 * never overflow into the page-aligned value.
1048 */
1049 assert(map->sections_nb < TARGET_PAGE_SIZE);
1050
1051 if (map->sections_nb == map->sections_nb_alloc) {
1052 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1053 map->sections = g_renew(MemoryRegionSection, map->sections,
1054 map->sections_nb_alloc);
1055 }
1056 map->sections[map->sections_nb] = *section;
1057 memory_region_ref(section->mr);
1058 return map->sections_nb++;
1059 }
1060
1061 static void phys_section_destroy(MemoryRegion *mr)
1062 {
1063 bool have_sub_page = mr->subpage;
1064
1065 memory_region_unref(mr);
1066
1067 if (have_sub_page) {
1068 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1069 object_unref(OBJECT(&subpage->iomem));
1070 g_free(subpage);
1071 }
1072 }
1073
1074 static void phys_sections_free(PhysPageMap *map)
1075 {
1076 while (map->sections_nb > 0) {
1077 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1078 phys_section_destroy(section->mr);
1079 }
1080 g_free(map->sections);
1081 g_free(map->nodes);
1082 }
1083
1084 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1085 {
1086 subpage_t *subpage;
1087 hwaddr base = section->offset_within_address_space
1088 & TARGET_PAGE_MASK;
1089 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1090 d->map.nodes, d->map.sections);
1091 MemoryRegionSection subsection = {
1092 .offset_within_address_space = base,
1093 .size = int128_make64(TARGET_PAGE_SIZE),
1094 };
1095 hwaddr start, end;
1096
1097 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1098
1099 if (!(existing->mr->subpage)) {
1100 subpage = subpage_init(d->as, base);
1101 subsection.address_space = d->as;
1102 subsection.mr = &subpage->iomem;
1103 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1104 phys_section_add(&d->map, &subsection));
1105 } else {
1106 subpage = container_of(existing->mr, subpage_t, iomem);
1107 }
1108 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1109 end = start + int128_get64(section->size) - 1;
1110 subpage_register(subpage, start, end,
1111 phys_section_add(&d->map, section));
1112 }
1113
1114
1115 static void register_multipage(AddressSpaceDispatch *d,
1116 MemoryRegionSection *section)
1117 {
1118 hwaddr start_addr = section->offset_within_address_space;
1119 uint16_t section_index = phys_section_add(&d->map, section);
1120 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1121 TARGET_PAGE_BITS));
1122
1123 assert(num_pages);
1124 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1125 }
1126
1127 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1128 {
1129 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1130 AddressSpaceDispatch *d = as->next_dispatch;
1131 MemoryRegionSection now = *section, remain = *section;
1132 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1133
1134 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1135 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1136 - now.offset_within_address_space;
1137
1138 now.size = int128_min(int128_make64(left), now.size);
1139 register_subpage(d, &now);
1140 } else {
1141 now.size = int128_zero();
1142 }
1143 while (int128_ne(remain.size, now.size)) {
1144 remain.size = int128_sub(remain.size, now.size);
1145 remain.offset_within_address_space += int128_get64(now.size);
1146 remain.offset_within_region += int128_get64(now.size);
1147 now = remain;
1148 if (int128_lt(remain.size, page_size)) {
1149 register_subpage(d, &now);
1150 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1151 now.size = page_size;
1152 register_subpage(d, &now);
1153 } else {
1154 now.size = int128_and(now.size, int128_neg(page_size));
1155 register_multipage(d, &now);
1156 }
1157 }
1158 }
1159
1160 void qemu_flush_coalesced_mmio_buffer(void)
1161 {
1162 if (kvm_enabled())
1163 kvm_flush_coalesced_mmio_buffer();
1164 }
1165
1166 void qemu_mutex_lock_ramlist(void)
1167 {
1168 qemu_mutex_lock(&ram_list.mutex);
1169 }
1170
1171 void qemu_mutex_unlock_ramlist(void)
1172 {
1173 qemu_mutex_unlock(&ram_list.mutex);
1174 }
1175
1176 #ifdef __linux__
1177
1178 #include <sys/vfs.h>
1179
1180 #define HUGETLBFS_MAGIC 0x958458f6
1181
1182 static long gethugepagesize(const char *path, Error **errp)
1183 {
1184 struct statfs fs;
1185 int ret;
1186
1187 do {
1188 ret = statfs(path, &fs);
1189 } while (ret != 0 && errno == EINTR);
1190
1191 if (ret != 0) {
1192 error_setg_errno(errp, errno, "failed to get page size of file %s",
1193 path);
1194 return 0;
1195 }
1196
1197 return fs.f_bsize;
1198 }
1199
1200 static void *file_ram_alloc(RAMBlock *block,
1201 ram_addr_t memory,
1202 const char *path,
1203 Error **errp)
1204 {
1205 struct stat st;
1206 char *filename;
1207 char *sanitized_name;
1208 char *c;
1209 void *area;
1210 int fd;
1211 uint64_t hpagesize;
1212 Error *local_err = NULL;
1213
1214 hpagesize = gethugepagesize(path, &local_err);
1215 if (local_err) {
1216 error_propagate(errp, local_err);
1217 goto error;
1218 }
1219 block->mr->align = hpagesize;
1220
1221 if (memory < hpagesize) {
1222 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1223 "or larger than huge page size 0x%" PRIx64,
1224 memory, hpagesize);
1225 goto error;
1226 }
1227
1228 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1229 error_setg(errp,
1230 "host lacks kvm mmu notifiers, -mem-path unsupported");
1231 goto error;
1232 }
1233
1234 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1235 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1236 sanitized_name = g_strdup(memory_region_name(block->mr));
1237 for (c = sanitized_name; *c != '\0'; c++) {
1238 if (*c == '/') {
1239 *c = '_';
1240 }
1241 }
1242
1243 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1244 sanitized_name);
1245 g_free(sanitized_name);
1246
1247 fd = mkstemp(filename);
1248 if (fd >= 0) {
1249 unlink(filename);
1250 }
1251 g_free(filename);
1252 } else {
1253 fd = open(path, O_RDWR | O_CREAT, 0644);
1254 }
1255
1256 if (fd < 0) {
1257 error_setg_errno(errp, errno,
1258 "unable to create backing store for hugepages");
1259 goto error;
1260 }
1261
1262 memory = ROUND_UP(memory, hpagesize);
1263
1264 /*
1265 * ftruncate is not supported by hugetlbfs in older
1266 * hosts, so don't bother bailing out on errors.
1267 * If anything goes wrong with it under other filesystems,
1268 * mmap will fail.
1269 */
1270 if (ftruncate(fd, memory)) {
1271 perror("ftruncate");
1272 }
1273
1274 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
1275 if (area == MAP_FAILED) {
1276 error_setg_errno(errp, errno,
1277 "unable to map backing store for hugepages");
1278 close(fd);
1279 goto error;
1280 }
1281
1282 if (mem_prealloc) {
1283 os_mem_prealloc(fd, area, memory);
1284 }
1285
1286 block->fd = fd;
1287 return area;
1288
1289 error:
1290 return NULL;
1291 }
1292 #endif
1293
1294 /* Called with the ramlist lock held. */
1295 static ram_addr_t find_ram_offset(ram_addr_t size)
1296 {
1297 RAMBlock *block, *next_block;
1298 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1299
1300 assert(size != 0); /* it would hand out same offset multiple times */
1301
1302 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1303 return 0;
1304 }
1305
1306 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1307 ram_addr_t end, next = RAM_ADDR_MAX;
1308
1309 end = block->offset + block->max_length;
1310
1311 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1312 if (next_block->offset >= end) {
1313 next = MIN(next, next_block->offset);
1314 }
1315 }
1316 if (next - end >= size && next - end < mingap) {
1317 offset = end;
1318 mingap = next - end;
1319 }
1320 }
1321
1322 if (offset == RAM_ADDR_MAX) {
1323 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1324 (uint64_t)size);
1325 abort();
1326 }
1327
1328 return offset;
1329 }
1330
1331 ram_addr_t last_ram_offset(void)
1332 {
1333 RAMBlock *block;
1334 ram_addr_t last = 0;
1335
1336 rcu_read_lock();
1337 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1338 last = MAX(last, block->offset + block->max_length);
1339 }
1340 rcu_read_unlock();
1341 return last;
1342 }
1343
1344 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1345 {
1346 int ret;
1347
1348 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1349 if (!machine_dump_guest_core(current_machine)) {
1350 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1351 if (ret) {
1352 perror("qemu_madvise");
1353 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1354 "but dump_guest_core=off specified\n");
1355 }
1356 }
1357 }
1358
1359 /* Called within an RCU critical section, or while the ramlist lock
1360 * is held.
1361 */
1362 static RAMBlock *find_ram_block(ram_addr_t addr)
1363 {
1364 RAMBlock *block;
1365
1366 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1367 if (block->offset == addr) {
1368 return block;
1369 }
1370 }
1371
1372 return NULL;
1373 }
1374
1375 const char *qemu_ram_get_idstr(RAMBlock *rb)
1376 {
1377 return rb->idstr;
1378 }
1379
1380 /* Called with iothread lock held. */
1381 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1382 {
1383 RAMBlock *new_block, *block;
1384
1385 rcu_read_lock();
1386 new_block = find_ram_block(addr);
1387 assert(new_block);
1388 assert(!new_block->idstr[0]);
1389
1390 if (dev) {
1391 char *id = qdev_get_dev_path(dev);
1392 if (id) {
1393 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1394 g_free(id);
1395 }
1396 }
1397 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1398
1399 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1400 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1401 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1402 new_block->idstr);
1403 abort();
1404 }
1405 }
1406 rcu_read_unlock();
1407 }
1408
1409 /* Called with iothread lock held. */
1410 void qemu_ram_unset_idstr(ram_addr_t addr)
1411 {
1412 RAMBlock *block;
1413
1414 /* FIXME: arch_init.c assumes that this is not called throughout
1415 * migration. Ignore the problem since hot-unplug during migration
1416 * does not work anyway.
1417 */
1418
1419 rcu_read_lock();
1420 block = find_ram_block(addr);
1421 if (block) {
1422 memset(block->idstr, 0, sizeof(block->idstr));
1423 }
1424 rcu_read_unlock();
1425 }
1426
1427 static int memory_try_enable_merging(void *addr, size_t len)
1428 {
1429 if (!machine_mem_merge(current_machine)) {
1430 /* disabled by the user */
1431 return 0;
1432 }
1433
1434 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1435 }
1436
1437 /* Only legal before guest might have detected the memory size: e.g. on
1438 * incoming migration, or right after reset.
1439 *
1440 * As memory core doesn't know how is memory accessed, it is up to
1441 * resize callback to update device state and/or add assertions to detect
1442 * misuse, if necessary.
1443 */
1444 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1445 {
1446 RAMBlock *block = find_ram_block(base);
1447
1448 assert(block);
1449
1450 newsize = HOST_PAGE_ALIGN(newsize);
1451
1452 if (block->used_length == newsize) {
1453 return 0;
1454 }
1455
1456 if (!(block->flags & RAM_RESIZEABLE)) {
1457 error_setg_errno(errp, EINVAL,
1458 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1459 " in != 0x" RAM_ADDR_FMT, block->idstr,
1460 newsize, block->used_length);
1461 return -EINVAL;
1462 }
1463
1464 if (block->max_length < newsize) {
1465 error_setg_errno(errp, EINVAL,
1466 "Length too large: %s: 0x" RAM_ADDR_FMT
1467 " > 0x" RAM_ADDR_FMT, block->idstr,
1468 newsize, block->max_length);
1469 return -EINVAL;
1470 }
1471
1472 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1473 block->used_length = newsize;
1474 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1475 DIRTY_CLIENTS_ALL);
1476 memory_region_set_size(block->mr, newsize);
1477 if (block->resized) {
1478 block->resized(block->idstr, newsize, block->host);
1479 }
1480 return 0;
1481 }
1482
1483 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1484 {
1485 RAMBlock *block;
1486 RAMBlock *last_block = NULL;
1487 ram_addr_t old_ram_size, new_ram_size;
1488
1489 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1490
1491 qemu_mutex_lock_ramlist();
1492 new_block->offset = find_ram_offset(new_block->max_length);
1493
1494 if (!new_block->host) {
1495 if (xen_enabled()) {
1496 xen_ram_alloc(new_block->offset, new_block->max_length,
1497 new_block->mr);
1498 } else {
1499 new_block->host = phys_mem_alloc(new_block->max_length,
1500 &new_block->mr->align);
1501 if (!new_block->host) {
1502 error_setg_errno(errp, errno,
1503 "cannot set up guest memory '%s'",
1504 memory_region_name(new_block->mr));
1505 qemu_mutex_unlock_ramlist();
1506 return -1;
1507 }
1508 memory_try_enable_merging(new_block->host, new_block->max_length);
1509 }
1510 }
1511
1512 new_ram_size = MAX(old_ram_size,
1513 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1514 if (new_ram_size > old_ram_size) {
1515 migration_bitmap_extend(old_ram_size, new_ram_size);
1516 }
1517 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1518 * QLIST (which has an RCU-friendly variant) does not have insertion at
1519 * tail, so save the last element in last_block.
1520 */
1521 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1522 last_block = block;
1523 if (block->max_length < new_block->max_length) {
1524 break;
1525 }
1526 }
1527 if (block) {
1528 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1529 } else if (last_block) {
1530 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1531 } else { /* list is empty */
1532 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1533 }
1534 ram_list.mru_block = NULL;
1535
1536 /* Write list before version */
1537 smp_wmb();
1538 ram_list.version++;
1539 qemu_mutex_unlock_ramlist();
1540
1541 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1542
1543 if (new_ram_size > old_ram_size) {
1544 int i;
1545
1546 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1547 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1548 ram_list.dirty_memory[i] =
1549 bitmap_zero_extend(ram_list.dirty_memory[i],
1550 old_ram_size, new_ram_size);
1551 }
1552 }
1553 cpu_physical_memory_set_dirty_range(new_block->offset,
1554 new_block->used_length,
1555 DIRTY_CLIENTS_ALL);
1556
1557 if (new_block->host) {
1558 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1559 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1560 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1561 if (kvm_enabled()) {
1562 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1563 }
1564 }
1565
1566 return new_block->offset;
1567 }
1568
1569 #ifdef __linux__
1570 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1571 bool share, const char *mem_path,
1572 Error **errp)
1573 {
1574 RAMBlock *new_block;
1575 ram_addr_t addr;
1576 Error *local_err = NULL;
1577
1578 if (xen_enabled()) {
1579 error_setg(errp, "-mem-path not supported with Xen");
1580 return -1;
1581 }
1582
1583 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1584 /*
1585 * file_ram_alloc() needs to allocate just like
1586 * phys_mem_alloc, but we haven't bothered to provide
1587 * a hook there.
1588 */
1589 error_setg(errp,
1590 "-mem-path not supported with this accelerator");
1591 return -1;
1592 }
1593
1594 size = HOST_PAGE_ALIGN(size);
1595 new_block = g_malloc0(sizeof(*new_block));
1596 new_block->mr = mr;
1597 new_block->used_length = size;
1598 new_block->max_length = size;
1599 new_block->flags = share ? RAM_SHARED : 0;
1600 new_block->host = file_ram_alloc(new_block, size,
1601 mem_path, errp);
1602 if (!new_block->host) {
1603 g_free(new_block);
1604 return -1;
1605 }
1606
1607 addr = ram_block_add(new_block, &local_err);
1608 if (local_err) {
1609 g_free(new_block);
1610 error_propagate(errp, local_err);
1611 return -1;
1612 }
1613 return addr;
1614 }
1615 #endif
1616
1617 static
1618 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1619 void (*resized)(const char*,
1620 uint64_t length,
1621 void *host),
1622 void *host, bool resizeable,
1623 MemoryRegion *mr, Error **errp)
1624 {
1625 RAMBlock *new_block;
1626 ram_addr_t addr;
1627 Error *local_err = NULL;
1628
1629 size = HOST_PAGE_ALIGN(size);
1630 max_size = HOST_PAGE_ALIGN(max_size);
1631 new_block = g_malloc0(sizeof(*new_block));
1632 new_block->mr = mr;
1633 new_block->resized = resized;
1634 new_block->used_length = size;
1635 new_block->max_length = max_size;
1636 assert(max_size >= size);
1637 new_block->fd = -1;
1638 new_block->host = host;
1639 if (host) {
1640 new_block->flags |= RAM_PREALLOC;
1641 }
1642 if (resizeable) {
1643 new_block->flags |= RAM_RESIZEABLE;
1644 }
1645 addr = ram_block_add(new_block, &local_err);
1646 if (local_err) {
1647 g_free(new_block);
1648 error_propagate(errp, local_err);
1649 return -1;
1650 }
1651 return addr;
1652 }
1653
1654 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1655 MemoryRegion *mr, Error **errp)
1656 {
1657 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1658 }
1659
1660 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1661 {
1662 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1663 }
1664
1665 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1666 void (*resized)(const char*,
1667 uint64_t length,
1668 void *host),
1669 MemoryRegion *mr, Error **errp)
1670 {
1671 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1672 }
1673
1674 static void reclaim_ramblock(RAMBlock *block)
1675 {
1676 if (block->flags & RAM_PREALLOC) {
1677 ;
1678 } else if (xen_enabled()) {
1679 xen_invalidate_map_cache_entry(block->host);
1680 #ifndef _WIN32
1681 } else if (block->fd >= 0) {
1682 qemu_ram_munmap(block->host, block->max_length);
1683 close(block->fd);
1684 #endif
1685 } else {
1686 qemu_anon_ram_free(block->host, block->max_length);
1687 }
1688 g_free(block);
1689 }
1690
1691 void qemu_ram_free(ram_addr_t addr)
1692 {
1693 RAMBlock *block;
1694
1695 qemu_mutex_lock_ramlist();
1696 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1697 if (addr == block->offset) {
1698 QLIST_REMOVE_RCU(block, next);
1699 ram_list.mru_block = NULL;
1700 /* Write list before version */
1701 smp_wmb();
1702 ram_list.version++;
1703 call_rcu(block, reclaim_ramblock, rcu);
1704 break;
1705 }
1706 }
1707 qemu_mutex_unlock_ramlist();
1708 }
1709
1710 #ifndef _WIN32
1711 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1712 {
1713 RAMBlock *block;
1714 ram_addr_t offset;
1715 int flags;
1716 void *area, *vaddr;
1717
1718 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1719 offset = addr - block->offset;
1720 if (offset < block->max_length) {
1721 vaddr = ramblock_ptr(block, offset);
1722 if (block->flags & RAM_PREALLOC) {
1723 ;
1724 } else if (xen_enabled()) {
1725 abort();
1726 } else {
1727 flags = MAP_FIXED;
1728 if (block->fd >= 0) {
1729 flags |= (block->flags & RAM_SHARED ?
1730 MAP_SHARED : MAP_PRIVATE);
1731 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1732 flags, block->fd, offset);
1733 } else {
1734 /*
1735 * Remap needs to match alloc. Accelerators that
1736 * set phys_mem_alloc never remap. If they did,
1737 * we'd need a remap hook here.
1738 */
1739 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1740
1741 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1742 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1743 flags, -1, 0);
1744 }
1745 if (area != vaddr) {
1746 fprintf(stderr, "Could not remap addr: "
1747 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1748 length, addr);
1749 exit(1);
1750 }
1751 memory_try_enable_merging(vaddr, length);
1752 qemu_ram_setup_dump(vaddr, length);
1753 }
1754 }
1755 }
1756 }
1757 #endif /* !_WIN32 */
1758
1759 int qemu_get_ram_fd(ram_addr_t addr)
1760 {
1761 RAMBlock *block;
1762 int fd;
1763
1764 rcu_read_lock();
1765 block = qemu_get_ram_block(addr);
1766 fd = block->fd;
1767 rcu_read_unlock();
1768 return fd;
1769 }
1770
1771 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1772 {
1773 RAMBlock *block;
1774 void *ptr;
1775
1776 rcu_read_lock();
1777 block = qemu_get_ram_block(addr);
1778 ptr = ramblock_ptr(block, 0);
1779 rcu_read_unlock();
1780 return ptr;
1781 }
1782
1783 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1784 * This should not be used for general purpose DMA. Use address_space_map
1785 * or address_space_rw instead. For local memory (e.g. video ram) that the
1786 * device owns, use memory_region_get_ram_ptr.
1787 *
1788 * Called within RCU critical section.
1789 */
1790 void *qemu_get_ram_ptr(ram_addr_t addr)
1791 {
1792 RAMBlock *block = qemu_get_ram_block(addr);
1793
1794 if (xen_enabled() && block->host == NULL) {
1795 /* We need to check if the requested address is in the RAM
1796 * because we don't want to map the entire memory in QEMU.
1797 * In that case just map until the end of the page.
1798 */
1799 if (block->offset == 0) {
1800 return xen_map_cache(addr, 0, 0);
1801 }
1802
1803 block->host = xen_map_cache(block->offset, block->max_length, 1);
1804 }
1805 return ramblock_ptr(block, addr - block->offset);
1806 }
1807
1808 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1809 * but takes a size argument.
1810 *
1811 * Called within RCU critical section.
1812 */
1813 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1814 {
1815 RAMBlock *block;
1816 ram_addr_t offset_inside_block;
1817 if (*size == 0) {
1818 return NULL;
1819 }
1820
1821 block = qemu_get_ram_block(addr);
1822 offset_inside_block = addr - block->offset;
1823 *size = MIN(*size, block->max_length - offset_inside_block);
1824
1825 if (xen_enabled() && block->host == NULL) {
1826 /* We need to check if the requested address is in the RAM
1827 * because we don't want to map the entire memory in QEMU.
1828 * In that case just map the requested area.
1829 */
1830 if (block->offset == 0) {
1831 return xen_map_cache(addr, *size, 1);
1832 }
1833
1834 block->host = xen_map_cache(block->offset, block->max_length, 1);
1835 }
1836
1837 return ramblock_ptr(block, offset_inside_block);
1838 }
1839
1840 /*
1841 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1842 * in that RAMBlock.
1843 *
1844 * ptr: Host pointer to look up
1845 * round_offset: If true round the result offset down to a page boundary
1846 * *ram_addr: set to result ram_addr
1847 * *offset: set to result offset within the RAMBlock
1848 *
1849 * Returns: RAMBlock (or NULL if not found)
1850 *
1851 * By the time this function returns, the returned pointer is not protected
1852 * by RCU anymore. If the caller is not within an RCU critical section and
1853 * does not hold the iothread lock, it must have other means of protecting the
1854 * pointer, such as a reference to the region that includes the incoming
1855 * ram_addr_t.
1856 */
1857 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1858 ram_addr_t *ram_addr,
1859 ram_addr_t *offset)
1860 {
1861 RAMBlock *block;
1862 uint8_t *host = ptr;
1863
1864 if (xen_enabled()) {
1865 rcu_read_lock();
1866 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1867 block = qemu_get_ram_block(*ram_addr);
1868 if (block) {
1869 *offset = (host - block->host);
1870 }
1871 rcu_read_unlock();
1872 return block;
1873 }
1874
1875 rcu_read_lock();
1876 block = atomic_rcu_read(&ram_list.mru_block);
1877 if (block && block->host && host - block->host < block->max_length) {
1878 goto found;
1879 }
1880
1881 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1882 /* This case append when the block is not mapped. */
1883 if (block->host == NULL) {
1884 continue;
1885 }
1886 if (host - block->host < block->max_length) {
1887 goto found;
1888 }
1889 }
1890
1891 rcu_read_unlock();
1892 return NULL;
1893
1894 found:
1895 *offset = (host - block->host);
1896 if (round_offset) {
1897 *offset &= TARGET_PAGE_MASK;
1898 }
1899 *ram_addr = block->offset + *offset;
1900 rcu_read_unlock();
1901 return block;
1902 }
1903
1904 /*
1905 * Finds the named RAMBlock
1906 *
1907 * name: The name of RAMBlock to find
1908 *
1909 * Returns: RAMBlock (or NULL if not found)
1910 */
1911 RAMBlock *qemu_ram_block_by_name(const char *name)
1912 {
1913 RAMBlock *block;
1914
1915 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1916 if (!strcmp(name, block->idstr)) {
1917 return block;
1918 }
1919 }
1920
1921 return NULL;
1922 }
1923
1924 /* Some of the softmmu routines need to translate from a host pointer
1925 (typically a TLB entry) back to a ram offset. */
1926 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1927 {
1928 RAMBlock *block;
1929 ram_addr_t offset; /* Not used */
1930
1931 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
1932
1933 if (!block) {
1934 return NULL;
1935 }
1936
1937 return block->mr;
1938 }
1939
1940 /* Called within RCU critical section. */
1941 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1942 uint64_t val, unsigned size)
1943 {
1944 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1945 tb_invalidate_phys_page_fast(ram_addr, size);
1946 }
1947 switch (size) {
1948 case 1:
1949 stb_p(qemu_get_ram_ptr(ram_addr), val);
1950 break;
1951 case 2:
1952 stw_p(qemu_get_ram_ptr(ram_addr), val);
1953 break;
1954 case 4:
1955 stl_p(qemu_get_ram_ptr(ram_addr), val);
1956 break;
1957 default:
1958 abort();
1959 }
1960 /* Set both VGA and migration bits for simplicity and to remove
1961 * the notdirty callback faster.
1962 */
1963 cpu_physical_memory_set_dirty_range(ram_addr, size,
1964 DIRTY_CLIENTS_NOCODE);
1965 /* we remove the notdirty callback only if the code has been
1966 flushed */
1967 if (!cpu_physical_memory_is_clean(ram_addr)) {
1968 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1969 }
1970 }
1971
1972 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1973 unsigned size, bool is_write)
1974 {
1975 return is_write;
1976 }
1977
1978 static const MemoryRegionOps notdirty_mem_ops = {
1979 .write = notdirty_mem_write,
1980 .valid.accepts = notdirty_mem_accepts,
1981 .endianness = DEVICE_NATIVE_ENDIAN,
1982 };
1983
1984 /* Generate a debug exception if a watchpoint has been hit. */
1985 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1986 {
1987 CPUState *cpu = current_cpu;
1988 CPUArchState *env = cpu->env_ptr;
1989 target_ulong pc, cs_base;
1990 target_ulong vaddr;
1991 CPUWatchpoint *wp;
1992 int cpu_flags;
1993
1994 if (cpu->watchpoint_hit) {
1995 /* We re-entered the check after replacing the TB. Now raise
1996 * the debug interrupt so that is will trigger after the
1997 * current instruction. */
1998 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1999 return;
2000 }
2001 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2002 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2003 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2004 && (wp->flags & flags)) {
2005 if (flags == BP_MEM_READ) {
2006 wp->flags |= BP_WATCHPOINT_HIT_READ;
2007 } else {
2008 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2009 }
2010 wp->hitaddr = vaddr;
2011 wp->hitattrs = attrs;
2012 if (!cpu->watchpoint_hit) {
2013 cpu->watchpoint_hit = wp;
2014 tb_check_watchpoint(cpu);
2015 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2016 cpu->exception_index = EXCP_DEBUG;
2017 cpu_loop_exit(cpu);
2018 } else {
2019 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2020 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2021 cpu_resume_from_signal(cpu, NULL);
2022 }
2023 }
2024 } else {
2025 wp->flags &= ~BP_WATCHPOINT_HIT;
2026 }
2027 }
2028 }
2029
2030 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2031 so these check for a hit then pass through to the normal out-of-line
2032 phys routines. */
2033 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2034 unsigned size, MemTxAttrs attrs)
2035 {
2036 MemTxResult res;
2037 uint64_t data;
2038
2039 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2040 switch (size) {
2041 case 1:
2042 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2043 break;
2044 case 2:
2045 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2046 break;
2047 case 4:
2048 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2049 break;
2050 default: abort();
2051 }
2052 *pdata = data;
2053 return res;
2054 }
2055
2056 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2057 uint64_t val, unsigned size,
2058 MemTxAttrs attrs)
2059 {
2060 MemTxResult res;
2061
2062 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2063 switch (size) {
2064 case 1:
2065 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2066 break;
2067 case 2:
2068 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2069 break;
2070 case 4:
2071 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2072 break;
2073 default: abort();
2074 }
2075 return res;
2076 }
2077
2078 static const MemoryRegionOps watch_mem_ops = {
2079 .read_with_attrs = watch_mem_read,
2080 .write_with_attrs = watch_mem_write,
2081 .endianness = DEVICE_NATIVE_ENDIAN,
2082 };
2083
2084 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2085 unsigned len, MemTxAttrs attrs)
2086 {
2087 subpage_t *subpage = opaque;
2088 uint8_t buf[8];
2089 MemTxResult res;
2090
2091 #if defined(DEBUG_SUBPAGE)
2092 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2093 subpage, len, addr);
2094 #endif
2095 res = address_space_read(subpage->as, addr + subpage->base,
2096 attrs, buf, len);
2097 if (res) {
2098 return res;
2099 }
2100 switch (len) {
2101 case 1:
2102 *data = ldub_p(buf);
2103 return MEMTX_OK;
2104 case 2:
2105 *data = lduw_p(buf);
2106 return MEMTX_OK;
2107 case 4:
2108 *data = ldl_p(buf);
2109 return MEMTX_OK;
2110 case 8:
2111 *data = ldq_p(buf);
2112 return MEMTX_OK;
2113 default:
2114 abort();
2115 }
2116 }
2117
2118 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2119 uint64_t value, unsigned len, MemTxAttrs attrs)
2120 {
2121 subpage_t *subpage = opaque;
2122 uint8_t buf[8];
2123
2124 #if defined(DEBUG_SUBPAGE)
2125 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2126 " value %"PRIx64"\n",
2127 __func__, subpage, len, addr, value);
2128 #endif
2129 switch (len) {
2130 case 1:
2131 stb_p(buf, value);
2132 break;
2133 case 2:
2134 stw_p(buf, value);
2135 break;
2136 case 4:
2137 stl_p(buf, value);
2138 break;
2139 case 8:
2140 stq_p(buf, value);
2141 break;
2142 default:
2143 abort();
2144 }
2145 return address_space_write(subpage->as, addr + subpage->base,
2146 attrs, buf, len);
2147 }
2148
2149 static bool subpage_accepts(void *opaque, hwaddr addr,
2150 unsigned len, bool is_write)
2151 {
2152 subpage_t *subpage = opaque;
2153 #if defined(DEBUG_SUBPAGE)
2154 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2155 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2156 #endif
2157
2158 return address_space_access_valid(subpage->as, addr + subpage->base,
2159 len, is_write);
2160 }
2161
2162 static const MemoryRegionOps subpage_ops = {
2163 .read_with_attrs = subpage_read,
2164 .write_with_attrs = subpage_write,
2165 .impl.min_access_size = 1,
2166 .impl.max_access_size = 8,
2167 .valid.min_access_size = 1,
2168 .valid.max_access_size = 8,
2169 .valid.accepts = subpage_accepts,
2170 .endianness = DEVICE_NATIVE_ENDIAN,
2171 };
2172
2173 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2174 uint16_t section)
2175 {
2176 int idx, eidx;
2177
2178 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2179 return -1;
2180 idx = SUBPAGE_IDX(start);
2181 eidx = SUBPAGE_IDX(end);
2182 #if defined(DEBUG_SUBPAGE)
2183 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2184 __func__, mmio, start, end, idx, eidx, section);
2185 #endif
2186 for (; idx <= eidx; idx++) {
2187 mmio->sub_section[idx] = section;
2188 }
2189
2190 return 0;
2191 }
2192
2193 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2194 {
2195 subpage_t *mmio;
2196
2197 mmio = g_malloc0(sizeof(subpage_t));
2198
2199 mmio->as = as;
2200 mmio->base = base;
2201 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2202 NULL, TARGET_PAGE_SIZE);
2203 mmio->iomem.subpage = true;
2204 #if defined(DEBUG_SUBPAGE)
2205 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2206 mmio, base, TARGET_PAGE_SIZE);
2207 #endif
2208 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2209
2210 return mmio;
2211 }
2212
2213 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2214 MemoryRegion *mr)
2215 {
2216 assert(as);
2217 MemoryRegionSection section = {
2218 .address_space = as,
2219 .mr = mr,
2220 .offset_within_address_space = 0,
2221 .offset_within_region = 0,
2222 .size = int128_2_64(),
2223 };
2224
2225 return phys_section_add(map, &section);
2226 }
2227
2228 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2229 {
2230 CPUAddressSpace *cpuas = &cpu->cpu_ases[0];
2231 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2232 MemoryRegionSection *sections = d->map.sections;
2233
2234 return sections[index & ~TARGET_PAGE_MASK].mr;
2235 }
2236
2237 static void io_mem_init(void)
2238 {
2239 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2240 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2241 NULL, UINT64_MAX);
2242 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2243 NULL, UINT64_MAX);
2244 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2245 NULL, UINT64_MAX);
2246 }
2247
2248 static void mem_begin(MemoryListener *listener)
2249 {
2250 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2251 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2252 uint16_t n;
2253
2254 n = dummy_section(&d->map, as, &io_mem_unassigned);
2255 assert(n == PHYS_SECTION_UNASSIGNED);
2256 n = dummy_section(&d->map, as, &io_mem_notdirty);
2257 assert(n == PHYS_SECTION_NOTDIRTY);
2258 n = dummy_section(&d->map, as, &io_mem_rom);
2259 assert(n == PHYS_SECTION_ROM);
2260 n = dummy_section(&d->map, as, &io_mem_watch);
2261 assert(n == PHYS_SECTION_WATCH);
2262
2263 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2264 d->as = as;
2265 as->next_dispatch = d;
2266 }
2267
2268 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2269 {
2270 phys_sections_free(&d->map);
2271 g_free(d);
2272 }
2273
2274 static void mem_commit(MemoryListener *listener)
2275 {
2276 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2277 AddressSpaceDispatch *cur = as->dispatch;
2278 AddressSpaceDispatch *next = as->next_dispatch;
2279
2280 phys_page_compact_all(next, next->map.nodes_nb);
2281
2282 atomic_rcu_set(&as->dispatch, next);
2283 if (cur) {
2284 call_rcu(cur, address_space_dispatch_free, rcu);
2285 }
2286 }
2287
2288 static void tcg_commit(MemoryListener *listener)
2289 {
2290 CPUAddressSpace *cpuas;
2291 AddressSpaceDispatch *d;
2292
2293 /* since each CPU stores ram addresses in its TLB cache, we must
2294 reset the modified entries */
2295 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2296 cpu_reloading_memory_map();
2297 /* The CPU and TLB are protected by the iothread lock.
2298 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2299 * may have split the RCU critical section.
2300 */
2301 d = atomic_rcu_read(&cpuas->as->dispatch);
2302 cpuas->memory_dispatch = d;
2303 tlb_flush(cpuas->cpu, 1);
2304 }
2305
2306 void address_space_init_dispatch(AddressSpace *as)
2307 {
2308 as->dispatch = NULL;
2309 as->dispatch_listener = (MemoryListener) {
2310 .begin = mem_begin,
2311 .commit = mem_commit,
2312 .region_add = mem_add,
2313 .region_nop = mem_add,
2314 .priority = 0,
2315 };
2316 memory_listener_register(&as->dispatch_listener, as);
2317 }
2318
2319 void address_space_unregister(AddressSpace *as)
2320 {
2321 memory_listener_unregister(&as->dispatch_listener);
2322 }
2323
2324 void address_space_destroy_dispatch(AddressSpace *as)
2325 {
2326 AddressSpaceDispatch *d = as->dispatch;
2327
2328 atomic_rcu_set(&as->dispatch, NULL);
2329 if (d) {
2330 call_rcu(d, address_space_dispatch_free, rcu);
2331 }
2332 }
2333
2334 static void memory_map_init(void)
2335 {
2336 system_memory = g_malloc(sizeof(*system_memory));
2337
2338 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2339 address_space_init(&address_space_memory, system_memory, "memory");
2340
2341 system_io = g_malloc(sizeof(*system_io));
2342 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2343 65536);
2344 address_space_init(&address_space_io, system_io, "I/O");
2345 }
2346
2347 MemoryRegion *get_system_memory(void)
2348 {
2349 return system_memory;
2350 }
2351
2352 MemoryRegion *get_system_io(void)
2353 {
2354 return system_io;
2355 }
2356
2357 #endif /* !defined(CONFIG_USER_ONLY) */
2358
2359 /* physical memory access (slow version, mainly for debug) */
2360 #if defined(CONFIG_USER_ONLY)
2361 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2362 uint8_t *buf, int len, int is_write)
2363 {
2364 int l, flags;
2365 target_ulong page;
2366 void * p;
2367
2368 while (len > 0) {
2369 page = addr & TARGET_PAGE_MASK;
2370 l = (page + TARGET_PAGE_SIZE) - addr;
2371 if (l > len)
2372 l = len;
2373 flags = page_get_flags(page);
2374 if (!(flags & PAGE_VALID))
2375 return -1;
2376 if (is_write) {
2377 if (!(flags & PAGE_WRITE))
2378 return -1;
2379 /* XXX: this code should not depend on lock_user */
2380 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2381 return -1;
2382 memcpy(p, buf, l);
2383 unlock_user(p, addr, l);
2384 } else {
2385 if (!(flags & PAGE_READ))
2386 return -1;
2387 /* XXX: this code should not depend on lock_user */
2388 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2389 return -1;
2390 memcpy(buf, p, l);
2391 unlock_user(p, addr, 0);
2392 }
2393 len -= l;
2394 buf += l;
2395 addr += l;
2396 }
2397 return 0;
2398 }
2399
2400 #else
2401
2402 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2403 hwaddr length)
2404 {
2405 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2406 /* No early return if dirty_log_mask is or becomes 0, because
2407 * cpu_physical_memory_set_dirty_range will still call
2408 * xen_modified_memory.
2409 */
2410 if (dirty_log_mask) {
2411 dirty_log_mask =
2412 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2413 }
2414 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2415 tb_invalidate_phys_range(addr, addr + length);
2416 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2417 }
2418 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2419 }
2420
2421 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2422 {
2423 unsigned access_size_max = mr->ops->valid.max_access_size;
2424
2425 /* Regions are assumed to support 1-4 byte accesses unless
2426 otherwise specified. */
2427 if (access_size_max == 0) {
2428 access_size_max = 4;
2429 }
2430
2431 /* Bound the maximum access by the alignment of the address. */
2432 if (!mr->ops->impl.unaligned) {
2433 unsigned align_size_max = addr & -addr;
2434 if (align_size_max != 0 && align_size_max < access_size_max) {
2435 access_size_max = align_size_max;
2436 }
2437 }
2438
2439 /* Don't attempt accesses larger than the maximum. */
2440 if (l > access_size_max) {
2441 l = access_size_max;
2442 }
2443 l = pow2floor(l);
2444
2445 return l;
2446 }
2447
2448 static bool prepare_mmio_access(MemoryRegion *mr)
2449 {
2450 bool unlocked = !qemu_mutex_iothread_locked();
2451 bool release_lock = false;
2452
2453 if (unlocked && mr->global_locking) {
2454 qemu_mutex_lock_iothread();
2455 unlocked = false;
2456 release_lock = true;
2457 }
2458 if (mr->flush_coalesced_mmio) {
2459 if (unlocked) {
2460 qemu_mutex_lock_iothread();
2461 }
2462 qemu_flush_coalesced_mmio_buffer();
2463 if (unlocked) {
2464 qemu_mutex_unlock_iothread();
2465 }
2466 }
2467
2468 return release_lock;
2469 }
2470
2471 /* Called within RCU critical section. */
2472 static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2473 MemTxAttrs attrs,
2474 const uint8_t *buf,
2475 int len, hwaddr addr1,
2476 hwaddr l, MemoryRegion *mr)
2477 {
2478 uint8_t *ptr;
2479 uint64_t val;
2480 MemTxResult result = MEMTX_OK;
2481 bool release_lock = false;
2482
2483 for (;;) {
2484 if (!memory_access_is_direct(mr, true)) {
2485 release_lock |= prepare_mmio_access(mr);
2486 l = memory_access_size(mr, l, addr1);
2487 /* XXX: could force current_cpu to NULL to avoid
2488 potential bugs */
2489 switch (l) {
2490 case 8:
2491 /* 64 bit write access */
2492 val = ldq_p(buf);
2493 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2494 attrs);
2495 break;
2496 case 4:
2497 /* 32 bit write access */
2498 val = ldl_p(buf);
2499 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2500 attrs);
2501 break;
2502 case 2:
2503 /* 16 bit write access */
2504 val = lduw_p(buf);
2505 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2506 attrs);
2507 break;
2508 case 1:
2509 /* 8 bit write access */
2510 val = ldub_p(buf);
2511 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2512 attrs);
2513 break;
2514 default:
2515 abort();
2516 }
2517 } else {
2518 addr1 += memory_region_get_ram_addr(mr);
2519 /* RAM case */
2520 ptr = qemu_get_ram_ptr(addr1);
2521 memcpy(ptr, buf, l);
2522 invalidate_and_set_dirty(mr, addr1, l);
2523 }
2524
2525 if (release_lock) {
2526 qemu_mutex_unlock_iothread();
2527 release_lock = false;
2528 }
2529
2530 len -= l;
2531 buf += l;
2532 addr += l;
2533
2534 if (!len) {
2535 break;
2536 }
2537
2538 l = len;
2539 mr = address_space_translate(as, addr, &addr1, &l, true);
2540 }
2541
2542 return result;
2543 }
2544
2545 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2546 const uint8_t *buf, int len)
2547 {
2548 hwaddr l;
2549 hwaddr addr1;
2550 MemoryRegion *mr;
2551 MemTxResult result = MEMTX_OK;
2552
2553 if (len > 0) {
2554 rcu_read_lock();
2555 l = len;
2556 mr = address_space_translate(as, addr, &addr1, &l, true);
2557 result = address_space_write_continue(as, addr, attrs, buf, len,
2558 addr1, l, mr);
2559 rcu_read_unlock();
2560 }
2561
2562 return result;
2563 }
2564
2565 /* Called within RCU critical section. */
2566 MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2567 MemTxAttrs attrs, uint8_t *buf,
2568 int len, hwaddr addr1, hwaddr l,
2569 MemoryRegion *mr)
2570 {
2571 uint8_t *ptr;
2572 uint64_t val;
2573 MemTxResult result = MEMTX_OK;
2574 bool release_lock = false;
2575
2576 for (;;) {
2577 if (!memory_access_is_direct(mr, false)) {
2578 /* I/O case */
2579 release_lock |= prepare_mmio_access(mr);
2580 l = memory_access_size(mr, l, addr1);
2581 switch (l) {
2582 case 8:
2583 /* 64 bit read access */
2584 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2585 attrs);
2586 stq_p(buf, val);
2587 break;
2588 case 4:
2589 /* 32 bit read access */
2590 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2591 attrs);
2592 stl_p(buf, val);
2593 break;
2594 case 2:
2595 /* 16 bit read access */
2596 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2597 attrs);
2598 stw_p(buf, val);
2599 break;
2600 case 1:
2601 /* 8 bit read access */
2602 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2603 attrs);
2604 stb_p(buf, val);
2605 break;
2606 default:
2607 abort();
2608 }
2609 } else {
2610 /* RAM case */
2611 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2612 memcpy(buf, ptr, l);
2613 }
2614
2615 if (release_lock) {
2616 qemu_mutex_unlock_iothread();
2617 release_lock = false;
2618 }
2619
2620 len -= l;
2621 buf += l;
2622 addr += l;
2623
2624 if (!len) {
2625 break;
2626 }
2627
2628 l = len;
2629 mr = address_space_translate(as, addr, &addr1, &l, false);
2630 }
2631
2632 return result;
2633 }
2634
2635 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2636 uint8_t *buf, int len)
2637 {
2638 hwaddr l;
2639 hwaddr addr1;
2640 MemoryRegion *mr;
2641 MemTxResult result = MEMTX_OK;
2642
2643 if (len > 0) {
2644 rcu_read_lock();
2645 l = len;
2646 mr = address_space_translate(as, addr, &addr1, &l, false);
2647 result = address_space_read_continue(as, addr, attrs, buf, len,
2648 addr1, l, mr);
2649 rcu_read_unlock();
2650 }
2651
2652 return result;
2653 }
2654
2655 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2656 uint8_t *buf, int len, bool is_write)
2657 {
2658 if (is_write) {
2659 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2660 } else {
2661 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2662 }
2663 }
2664
2665 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2666 int len, int is_write)
2667 {
2668 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2669 buf, len, is_write);
2670 }
2671
2672 enum write_rom_type {
2673 WRITE_DATA,
2674 FLUSH_CACHE,
2675 };
2676
2677 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2678 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2679 {
2680 hwaddr l;
2681 uint8_t *ptr;
2682 hwaddr addr1;
2683 MemoryRegion *mr;
2684
2685 rcu_read_lock();
2686 while (len > 0) {
2687 l = len;
2688 mr = address_space_translate(as, addr, &addr1, &l, true);
2689
2690 if (!(memory_region_is_ram(mr) ||
2691 memory_region_is_romd(mr))) {
2692 l = memory_access_size(mr, l, addr1);
2693 } else {
2694 addr1 += memory_region_get_ram_addr(mr);
2695 /* ROM/RAM case */
2696 ptr = qemu_get_ram_ptr(addr1);
2697 switch (type) {
2698 case WRITE_DATA:
2699 memcpy(ptr, buf, l);
2700 invalidate_and_set_dirty(mr, addr1, l);
2701 break;
2702 case FLUSH_CACHE:
2703 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2704 break;
2705 }
2706 }
2707 len -= l;
2708 buf += l;
2709 addr += l;
2710 }
2711 rcu_read_unlock();
2712 }
2713
2714 /* used for ROM loading : can write in RAM and ROM */
2715 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2716 const uint8_t *buf, int len)
2717 {
2718 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2719 }
2720
2721 void cpu_flush_icache_range(hwaddr start, int len)
2722 {
2723 /*
2724 * This function should do the same thing as an icache flush that was
2725 * triggered from within the guest. For TCG we are always cache coherent,
2726 * so there is no need to flush anything. For KVM / Xen we need to flush
2727 * the host's instruction cache at least.
2728 */
2729 if (tcg_enabled()) {
2730 return;
2731 }
2732
2733 cpu_physical_memory_write_rom_internal(&address_space_memory,
2734 start, NULL, len, FLUSH_CACHE);
2735 }
2736
2737 typedef struct {
2738 MemoryRegion *mr;
2739 void *buffer;
2740 hwaddr addr;
2741 hwaddr len;
2742 bool in_use;
2743 } BounceBuffer;
2744
2745 static BounceBuffer bounce;
2746
2747 typedef struct MapClient {
2748 QEMUBH *bh;
2749 QLIST_ENTRY(MapClient) link;
2750 } MapClient;
2751
2752 QemuMutex map_client_list_lock;
2753 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2754 = QLIST_HEAD_INITIALIZER(map_client_list);
2755
2756 static void cpu_unregister_map_client_do(MapClient *client)
2757 {
2758 QLIST_REMOVE(client, link);
2759 g_free(client);
2760 }
2761
2762 static void cpu_notify_map_clients_locked(void)
2763 {
2764 MapClient *client;
2765
2766 while (!QLIST_EMPTY(&map_client_list)) {
2767 client = QLIST_FIRST(&map_client_list);
2768 qemu_bh_schedule(client->bh);
2769 cpu_unregister_map_client_do(client);
2770 }
2771 }
2772
2773 void cpu_register_map_client(QEMUBH *bh)
2774 {
2775 MapClient *client = g_malloc(sizeof(*client));
2776
2777 qemu_mutex_lock(&map_client_list_lock);
2778 client->bh = bh;
2779 QLIST_INSERT_HEAD(&map_client_list, client, link);
2780 if (!atomic_read(&bounce.in_use)) {
2781 cpu_notify_map_clients_locked();
2782 }
2783 qemu_mutex_unlock(&map_client_list_lock);
2784 }
2785
2786 void cpu_exec_init_all(void)
2787 {
2788 qemu_mutex_init(&ram_list.mutex);
2789 io_mem_init();
2790 memory_map_init();
2791 qemu_mutex_init(&map_client_list_lock);
2792 }
2793
2794 void cpu_unregister_map_client(QEMUBH *bh)
2795 {
2796 MapClient *client;
2797
2798 qemu_mutex_lock(&map_client_list_lock);
2799 QLIST_FOREACH(client, &map_client_list, link) {
2800 if (client->bh == bh) {
2801 cpu_unregister_map_client_do(client);
2802 break;
2803 }
2804 }
2805 qemu_mutex_unlock(&map_client_list_lock);
2806 }
2807
2808 static void cpu_notify_map_clients(void)
2809 {
2810 qemu_mutex_lock(&map_client_list_lock);
2811 cpu_notify_map_clients_locked();
2812 qemu_mutex_unlock(&map_client_list_lock);
2813 }
2814
2815 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2816 {
2817 MemoryRegion *mr;
2818 hwaddr l, xlat;
2819
2820 rcu_read_lock();
2821 while (len > 0) {
2822 l = len;
2823 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2824 if (!memory_access_is_direct(mr, is_write)) {
2825 l = memory_access_size(mr, l, addr);
2826 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2827 return false;
2828 }
2829 }
2830
2831 len -= l;
2832 addr += l;
2833 }
2834 rcu_read_unlock();
2835 return true;
2836 }
2837
2838 /* Map a physical memory region into a host virtual address.
2839 * May map a subset of the requested range, given by and returned in *plen.
2840 * May return NULL if resources needed to perform the mapping are exhausted.
2841 * Use only for reads OR writes - not for read-modify-write operations.
2842 * Use cpu_register_map_client() to know when retrying the map operation is
2843 * likely to succeed.
2844 */
2845 void *address_space_map(AddressSpace *as,
2846 hwaddr addr,
2847 hwaddr *plen,
2848 bool is_write)
2849 {
2850 hwaddr len = *plen;
2851 hwaddr done = 0;
2852 hwaddr l, xlat, base;
2853 MemoryRegion *mr, *this_mr;
2854 ram_addr_t raddr;
2855 void *ptr;
2856
2857 if (len == 0) {
2858 return NULL;
2859 }
2860
2861 l = len;
2862 rcu_read_lock();
2863 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2864
2865 if (!memory_access_is_direct(mr, is_write)) {
2866 if (atomic_xchg(&bounce.in_use, true)) {
2867 rcu_read_unlock();
2868 return NULL;
2869 }
2870 /* Avoid unbounded allocations */
2871 l = MIN(l, TARGET_PAGE_SIZE);
2872 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2873 bounce.addr = addr;
2874 bounce.len = l;
2875
2876 memory_region_ref(mr);
2877 bounce.mr = mr;
2878 if (!is_write) {
2879 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2880 bounce.buffer, l);
2881 }
2882
2883 rcu_read_unlock();
2884 *plen = l;
2885 return bounce.buffer;
2886 }
2887
2888 base = xlat;
2889 raddr = memory_region_get_ram_addr(mr);
2890
2891 for (;;) {
2892 len -= l;
2893 addr += l;
2894 done += l;
2895 if (len == 0) {
2896 break;
2897 }
2898
2899 l = len;
2900 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2901 if (this_mr != mr || xlat != base + done) {
2902 break;
2903 }
2904 }
2905
2906 memory_region_ref(mr);
2907 *plen = done;
2908 ptr = qemu_ram_ptr_length(raddr + base, plen);
2909 rcu_read_unlock();
2910
2911 return ptr;
2912 }
2913
2914 /* Unmaps a memory region previously mapped by address_space_map().
2915 * Will also mark the memory as dirty if is_write == 1. access_len gives
2916 * the amount of memory that was actually read or written by the caller.
2917 */
2918 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2919 int is_write, hwaddr access_len)
2920 {
2921 if (buffer != bounce.buffer) {
2922 MemoryRegion *mr;
2923 ram_addr_t addr1;
2924
2925 mr = qemu_ram_addr_from_host(buffer, &addr1);
2926 assert(mr != NULL);
2927 if (is_write) {
2928 invalidate_and_set_dirty(mr, addr1, access_len);
2929 }
2930 if (xen_enabled()) {
2931 xen_invalidate_map_cache_entry(buffer);
2932 }
2933 memory_region_unref(mr);
2934 return;
2935 }
2936 if (is_write) {
2937 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2938 bounce.buffer, access_len);
2939 }
2940 qemu_vfree(bounce.buffer);
2941 bounce.buffer = NULL;
2942 memory_region_unref(bounce.mr);
2943 atomic_mb_set(&bounce.in_use, false);
2944 cpu_notify_map_clients();
2945 }
2946
2947 void *cpu_physical_memory_map(hwaddr addr,
2948 hwaddr *plen,
2949 int is_write)
2950 {
2951 return address_space_map(&address_space_memory, addr, plen, is_write);
2952 }
2953
2954 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2955 int is_write, hwaddr access_len)
2956 {
2957 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2958 }
2959
2960 /* warning: addr must be aligned */
2961 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2962 MemTxAttrs attrs,
2963 MemTxResult *result,
2964 enum device_endian endian)
2965 {
2966 uint8_t *ptr;
2967 uint64_t val;
2968 MemoryRegion *mr;
2969 hwaddr l = 4;
2970 hwaddr addr1;
2971 MemTxResult r;
2972 bool release_lock = false;
2973
2974 rcu_read_lock();
2975 mr = address_space_translate(as, addr, &addr1, &l, false);
2976 if (l < 4 || !memory_access_is_direct(mr, false)) {
2977 release_lock |= prepare_mmio_access(mr);
2978
2979 /* I/O case */
2980 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2981 #if defined(TARGET_WORDS_BIGENDIAN)
2982 if (endian == DEVICE_LITTLE_ENDIAN) {
2983 val = bswap32(val);
2984 }
2985 #else
2986 if (endian == DEVICE_BIG_ENDIAN) {
2987 val = bswap32(val);
2988 }
2989 #endif
2990 } else {
2991 /* RAM case */
2992 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2993 & TARGET_PAGE_MASK)
2994 + addr1);
2995 switch (endian) {
2996 case DEVICE_LITTLE_ENDIAN:
2997 val = ldl_le_p(ptr);
2998 break;
2999 case DEVICE_BIG_ENDIAN:
3000 val = ldl_be_p(ptr);
3001 break;
3002 default:
3003 val = ldl_p(ptr);
3004 break;
3005 }
3006 r = MEMTX_OK;
3007 }
3008 if (result) {
3009 *result = r;
3010 }
3011 if (release_lock) {
3012 qemu_mutex_unlock_iothread();
3013 }
3014 rcu_read_unlock();
3015 return val;
3016 }
3017
3018 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3019 MemTxAttrs attrs, MemTxResult *result)
3020 {
3021 return address_space_ldl_internal(as, addr, attrs, result,
3022 DEVICE_NATIVE_ENDIAN);
3023 }
3024
3025 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3026 MemTxAttrs attrs, MemTxResult *result)
3027 {
3028 return address_space_ldl_internal(as, addr, attrs, result,
3029 DEVICE_LITTLE_ENDIAN);
3030 }
3031
3032 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3033 MemTxAttrs attrs, MemTxResult *result)
3034 {
3035 return address_space_ldl_internal(as, addr, attrs, result,
3036 DEVICE_BIG_ENDIAN);
3037 }
3038
3039 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
3040 {
3041 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3042 }
3043
3044 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
3045 {
3046 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3047 }
3048
3049 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
3050 {
3051 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3052 }
3053
3054 /* warning: addr must be aligned */
3055 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3056 MemTxAttrs attrs,
3057 MemTxResult *result,
3058 enum device_endian endian)
3059 {
3060 uint8_t *ptr;
3061 uint64_t val;
3062 MemoryRegion *mr;
3063 hwaddr l = 8;
3064 hwaddr addr1;
3065 MemTxResult r;
3066 bool release_lock = false;
3067
3068 rcu_read_lock();
3069 mr = address_space_translate(as, addr, &addr1, &l,
3070 false);
3071 if (l < 8 || !memory_access_is_direct(mr, false)) {
3072 release_lock |= prepare_mmio_access(mr);
3073
3074 /* I/O case */
3075 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3076 #if defined(TARGET_WORDS_BIGENDIAN)
3077 if (endian == DEVICE_LITTLE_ENDIAN) {
3078 val = bswap64(val);
3079 }
3080 #else
3081 if (endian == DEVICE_BIG_ENDIAN) {
3082 val = bswap64(val);
3083 }
3084 #endif
3085 } else {
3086 /* RAM case */
3087 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3088 & TARGET_PAGE_MASK)
3089 + addr1);
3090 switch (endian) {
3091 case DEVICE_LITTLE_ENDIAN:
3092 val = ldq_le_p(ptr);
3093 break;
3094 case DEVICE_BIG_ENDIAN:
3095 val = ldq_be_p(ptr);
3096 break;
3097 default:
3098 val = ldq_p(ptr);
3099 break;
3100 }
3101 r = MEMTX_OK;
3102 }
3103 if (result) {
3104 *result = r;
3105 }
3106 if (release_lock) {
3107 qemu_mutex_unlock_iothread();
3108 }
3109 rcu_read_unlock();
3110 return val;
3111 }
3112
3113 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3114 MemTxAttrs attrs, MemTxResult *result)
3115 {
3116 return address_space_ldq_internal(as, addr, attrs, result,
3117 DEVICE_NATIVE_ENDIAN);
3118 }
3119
3120 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3121 MemTxAttrs attrs, MemTxResult *result)
3122 {
3123 return address_space_ldq_internal(as, addr, attrs, result,
3124 DEVICE_LITTLE_ENDIAN);
3125 }
3126
3127 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3128 MemTxAttrs attrs, MemTxResult *result)
3129 {
3130 return address_space_ldq_internal(as, addr, attrs, result,
3131 DEVICE_BIG_ENDIAN);
3132 }
3133
3134 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3135 {
3136 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3137 }
3138
3139 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3140 {
3141 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3142 }
3143
3144 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3145 {
3146 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3147 }
3148
3149 /* XXX: optimize */
3150 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3151 MemTxAttrs attrs, MemTxResult *result)
3152 {
3153 uint8_t val;
3154 MemTxResult r;
3155
3156 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3157 if (result) {
3158 *result = r;
3159 }
3160 return val;
3161 }
3162
3163 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3164 {
3165 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3166 }
3167
3168 /* warning: addr must be aligned */
3169 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3170 hwaddr addr,
3171 MemTxAttrs attrs,
3172 MemTxResult *result,
3173 enum device_endian endian)
3174 {
3175 uint8_t *ptr;
3176 uint64_t val;
3177 MemoryRegion *mr;
3178 hwaddr l = 2;
3179 hwaddr addr1;
3180 MemTxResult r;
3181 bool release_lock = false;
3182
3183 rcu_read_lock();
3184 mr = address_space_translate(as, addr, &addr1, &l,
3185 false);
3186 if (l < 2 || !memory_access_is_direct(mr, false)) {
3187 release_lock |= prepare_mmio_access(mr);
3188
3189 /* I/O case */
3190 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3191 #if defined(TARGET_WORDS_BIGENDIAN)
3192 if (endian == DEVICE_LITTLE_ENDIAN) {
3193 val = bswap16(val);
3194 }
3195 #else
3196 if (endian == DEVICE_BIG_ENDIAN) {
3197 val = bswap16(val);
3198 }
3199 #endif
3200 } else {
3201 /* RAM case */
3202 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3203 & TARGET_PAGE_MASK)
3204 + addr1);
3205 switch (endian) {
3206 case DEVICE_LITTLE_ENDIAN:
3207 val = lduw_le_p(ptr);
3208 break;
3209 case DEVICE_BIG_ENDIAN:
3210 val = lduw_be_p(ptr);
3211 break;
3212 default:
3213 val = lduw_p(ptr);
3214 break;
3215 }
3216 r = MEMTX_OK;
3217 }
3218 if (result) {
3219 *result = r;
3220 }
3221 if (release_lock) {
3222 qemu_mutex_unlock_iothread();
3223 }
3224 rcu_read_unlock();
3225 return val;
3226 }
3227
3228 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3229 MemTxAttrs attrs, MemTxResult *result)
3230 {
3231 return address_space_lduw_internal(as, addr, attrs, result,
3232 DEVICE_NATIVE_ENDIAN);
3233 }
3234
3235 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3236 MemTxAttrs attrs, MemTxResult *result)
3237 {
3238 return address_space_lduw_internal(as, addr, attrs, result,
3239 DEVICE_LITTLE_ENDIAN);
3240 }
3241
3242 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3243 MemTxAttrs attrs, MemTxResult *result)
3244 {
3245 return address_space_lduw_internal(as, addr, attrs, result,
3246 DEVICE_BIG_ENDIAN);
3247 }
3248
3249 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3250 {
3251 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3252 }
3253
3254 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3255 {
3256 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3257 }
3258
3259 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3260 {
3261 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3262 }
3263
3264 /* warning: addr must be aligned. The ram page is not masked as dirty
3265 and the code inside is not invalidated. It is useful if the dirty
3266 bits are used to track modified PTEs */
3267 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3268 MemTxAttrs attrs, MemTxResult *result)
3269 {
3270 uint8_t *ptr;
3271 MemoryRegion *mr;
3272 hwaddr l = 4;
3273 hwaddr addr1;
3274 MemTxResult r;
3275 uint8_t dirty_log_mask;
3276 bool release_lock = false;
3277
3278 rcu_read_lock();
3279 mr = address_space_translate(as, addr, &addr1, &l,
3280 true);
3281 if (l < 4 || !memory_access_is_direct(mr, true)) {
3282 release_lock |= prepare_mmio_access(mr);
3283
3284 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3285 } else {
3286 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3287 ptr = qemu_get_ram_ptr(addr1);
3288 stl_p(ptr, val);
3289
3290 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3291 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3292 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3293 r = MEMTX_OK;
3294 }
3295 if (result) {
3296 *result = r;
3297 }
3298 if (release_lock) {
3299 qemu_mutex_unlock_iothread();
3300 }
3301 rcu_read_unlock();
3302 }
3303
3304 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3305 {
3306 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3307 }
3308
3309 /* warning: addr must be aligned */
3310 static inline void address_space_stl_internal(AddressSpace *as,
3311 hwaddr addr, uint32_t val,
3312 MemTxAttrs attrs,
3313 MemTxResult *result,
3314 enum device_endian endian)
3315 {
3316 uint8_t *ptr;
3317 MemoryRegion *mr;
3318 hwaddr l = 4;
3319 hwaddr addr1;
3320 MemTxResult r;
3321 bool release_lock = false;
3322
3323 rcu_read_lock();
3324 mr = address_space_translate(as, addr, &addr1, &l,
3325 true);
3326 if (l < 4 || !memory_access_is_direct(mr, true)) {
3327 release_lock |= prepare_mmio_access(mr);
3328
3329 #if defined(TARGET_WORDS_BIGENDIAN)
3330 if (endian == DEVICE_LITTLE_ENDIAN) {
3331 val = bswap32(val);
3332 }
3333 #else
3334 if (endian == DEVICE_BIG_ENDIAN) {
3335 val = bswap32(val);
3336 }
3337 #endif
3338 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3339 } else {
3340 /* RAM case */
3341 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3342 ptr = qemu_get_ram_ptr(addr1);
3343 switch (endian) {
3344 case DEVICE_LITTLE_ENDIAN:
3345 stl_le_p(ptr, val);
3346 break;
3347 case DEVICE_BIG_ENDIAN:
3348 stl_be_p(ptr, val);
3349 break;
3350 default:
3351 stl_p(ptr, val);
3352 break;
3353 }
3354 invalidate_and_set_dirty(mr, addr1, 4);
3355 r = MEMTX_OK;
3356 }
3357 if (result) {
3358 *result = r;
3359 }
3360 if (release_lock) {
3361 qemu_mutex_unlock_iothread();
3362 }
3363 rcu_read_unlock();
3364 }
3365
3366 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3367 MemTxAttrs attrs, MemTxResult *result)
3368 {
3369 address_space_stl_internal(as, addr, val, attrs, result,
3370 DEVICE_NATIVE_ENDIAN);
3371 }
3372
3373 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3374 MemTxAttrs attrs, MemTxResult *result)
3375 {
3376 address_space_stl_internal(as, addr, val, attrs, result,
3377 DEVICE_LITTLE_ENDIAN);
3378 }
3379
3380 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3381 MemTxAttrs attrs, MemTxResult *result)
3382 {
3383 address_space_stl_internal(as, addr, val, attrs, result,
3384 DEVICE_BIG_ENDIAN);
3385 }
3386
3387 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3388 {
3389 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3390 }
3391
3392 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3393 {
3394 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3395 }
3396
3397 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3398 {
3399 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3400 }
3401
3402 /* XXX: optimize */
3403 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3404 MemTxAttrs attrs, MemTxResult *result)
3405 {
3406 uint8_t v = val;
3407 MemTxResult r;
3408
3409 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3410 if (result) {
3411 *result = r;
3412 }
3413 }
3414
3415 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3416 {
3417 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3418 }
3419
3420 /* warning: addr must be aligned */
3421 static inline void address_space_stw_internal(AddressSpace *as,
3422 hwaddr addr, uint32_t val,
3423 MemTxAttrs attrs,
3424 MemTxResult *result,
3425 enum device_endian endian)
3426 {
3427 uint8_t *ptr;
3428 MemoryRegion *mr;
3429 hwaddr l = 2;
3430 hwaddr addr1;
3431 MemTxResult r;
3432 bool release_lock = false;
3433
3434 rcu_read_lock();
3435 mr = address_space_translate(as, addr, &addr1, &l, true);
3436 if (l < 2 || !memory_access_is_direct(mr, true)) {
3437 release_lock |= prepare_mmio_access(mr);
3438
3439 #if defined(TARGET_WORDS_BIGENDIAN)
3440 if (endian == DEVICE_LITTLE_ENDIAN) {
3441 val = bswap16(val);
3442 }
3443 #else
3444 if (endian == DEVICE_BIG_ENDIAN) {
3445 val = bswap16(val);
3446 }
3447 #endif
3448 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3449 } else {
3450 /* RAM case */
3451 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3452 ptr = qemu_get_ram_ptr(addr1);
3453 switch (endian) {
3454 case DEVICE_LITTLE_ENDIAN:
3455 stw_le_p(ptr, val);
3456 break;
3457 case DEVICE_BIG_ENDIAN:
3458 stw_be_p(ptr, val);
3459 break;
3460 default:
3461 stw_p(ptr, val);
3462 break;
3463 }
3464 invalidate_and_set_dirty(mr, addr1, 2);
3465 r = MEMTX_OK;
3466 }
3467 if (result) {
3468 *result = r;
3469 }
3470 if (release_lock) {
3471 qemu_mutex_unlock_iothread();
3472 }
3473 rcu_read_unlock();
3474 }
3475
3476 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3477 MemTxAttrs attrs, MemTxResult *result)
3478 {
3479 address_space_stw_internal(as, addr, val, attrs, result,
3480 DEVICE_NATIVE_ENDIAN);
3481 }
3482
3483 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3484 MemTxAttrs attrs, MemTxResult *result)
3485 {
3486 address_space_stw_internal(as, addr, val, attrs, result,
3487 DEVICE_LITTLE_ENDIAN);
3488 }
3489
3490 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3491 MemTxAttrs attrs, MemTxResult *result)
3492 {
3493 address_space_stw_internal(as, addr, val, attrs, result,
3494 DEVICE_BIG_ENDIAN);
3495 }
3496
3497 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3498 {
3499 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3500 }
3501
3502 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3503 {
3504 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3505 }
3506
3507 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3508 {
3509 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3510 }
3511
3512 /* XXX: optimize */
3513 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3514 MemTxAttrs attrs, MemTxResult *result)
3515 {
3516 MemTxResult r;
3517 val = tswap64(val);
3518 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3519 if (result) {
3520 *result = r;
3521 }
3522 }
3523
3524 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3525 MemTxAttrs attrs, MemTxResult *result)
3526 {
3527 MemTxResult r;
3528 val = cpu_to_le64(val);
3529 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3530 if (result) {
3531 *result = r;
3532 }
3533 }
3534 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3535 MemTxAttrs attrs, MemTxResult *result)
3536 {
3537 MemTxResult r;
3538 val = cpu_to_be64(val);
3539 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3540 if (result) {
3541 *result = r;
3542 }
3543 }
3544
3545 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3546 {
3547 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3548 }
3549
3550 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3551 {
3552 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3553 }
3554
3555 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3556 {
3557 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3558 }
3559
3560 /* virtual memory access for debug (includes writing to ROM) */
3561 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3562 uint8_t *buf, int len, int is_write)
3563 {
3564 int l;
3565 hwaddr phys_addr;
3566 target_ulong page;
3567
3568 while (len > 0) {
3569 page = addr & TARGET_PAGE_MASK;
3570 phys_addr = cpu_get_phys_page_debug(cpu, page);
3571 /* if no physical page mapped, return an error */
3572 if (phys_addr == -1)
3573 return -1;
3574 l = (page + TARGET_PAGE_SIZE) - addr;
3575 if (l > len)
3576 l = len;
3577 phys_addr += (addr & ~TARGET_PAGE_MASK);
3578 if (is_write) {
3579 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3580 } else {
3581 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3582 buf, l, 0);
3583 }
3584 len -= l;
3585 buf += l;
3586 addr += l;
3587 }
3588 return 0;
3589 }
3590
3591 /*
3592 * Allows code that needs to deal with migration bitmaps etc to still be built
3593 * target independent.
3594 */
3595 size_t qemu_target_page_bits(void)
3596 {
3597 return TARGET_PAGE_BITS;
3598 }
3599
3600 #endif
3601
3602 /*
3603 * A helper function for the _utterly broken_ virtio device model to find out if
3604 * it's running on a big endian machine. Don't do this at home kids!
3605 */
3606 bool target_words_bigendian(void);
3607 bool target_words_bigendian(void)
3608 {
3609 #if defined(TARGET_WORDS_BIGENDIAN)
3610 return true;
3611 #else
3612 return false;
3613 #endif
3614 }
3615
3616 #ifndef CONFIG_USER_ONLY
3617 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3618 {
3619 MemoryRegion*mr;
3620 hwaddr l = 1;
3621 bool res;
3622
3623 rcu_read_lock();
3624 mr = address_space_translate(&address_space_memory,
3625 phys_addr, &phys_addr, &l, false);
3626
3627 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3628 rcu_read_unlock();
3629 return res;
3630 }
3631
3632 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3633 {
3634 RAMBlock *block;
3635 int ret = 0;
3636
3637 rcu_read_lock();
3638 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3639 ret = func(block->idstr, block->host, block->offset,
3640 block->used_length, opaque);
3641 if (ret) {
3642 break;
3643 }
3644 }
3645 rcu_read_unlock();
3646 return ret;
3647 }
3648 #endif
QEmu