search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
kvm: Switch to unlocked MMIO
[qemu.git] / exec.c
blob3457f7e82873c3c5312c3833c8ac03e1453478bb
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "exec/cputlb.h"
53 #include "translate-all.h"
54
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
57
58 #include "qemu/range.h"
59
60 //#define DEBUG_SUBPAGE
61
62 #if !defined(CONFIG_USER_ONLY)
63 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
64 * are protected by the ramlist lock.
65 */
66 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
67
68 static MemoryRegion *system_memory;
69 static MemoryRegion *system_io;
70
71 AddressSpace address_space_io;
72 AddressSpace address_space_memory;
73
74 MemoryRegion io_mem_rom, io_mem_notdirty;
75 static MemoryRegion io_mem_unassigned;
76
77 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
78 #define RAM_PREALLOC (1 << 0)
79
80 /* RAM is mmap-ed with MAP_SHARED */
81 #define RAM_SHARED (1 << 1)
82
83 /* Only a portion of RAM (used_length) is actually used, and migrated.
84 * This used_length size can change across reboots.
85 */
86 #define RAM_RESIZEABLE (1 << 2)
87
88 #endif
89
90 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
91 /* current CPU in the current thread. It is only valid inside
92 cpu_exec() */
93 DEFINE_TLS(CPUState *, current_cpu);
94 /* 0 = Do not count executed instructions.
95 1 = Precise instruction counting.
96 2 = Adaptive rate instruction counting. */
97 int use_icount;
98
99 #if !defined(CONFIG_USER_ONLY)
100
101 typedef struct PhysPageEntry PhysPageEntry;
102
103 struct PhysPageEntry {
104 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
105 uint32_t skip : 6;
106 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
107 uint32_t ptr : 26;
108 };
109
110 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
111
112 /* Size of the L2 (and L3, etc) page tables. */
113 #define ADDR_SPACE_BITS 64
114
115 #define P_L2_BITS 9
116 #define P_L2_SIZE (1 << P_L2_BITS)
117
118 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
119
120 typedef PhysPageEntry Node[P_L2_SIZE];
121
122 typedef struct PhysPageMap {
123 struct rcu_head rcu;
124
125 unsigned sections_nb;
126 unsigned sections_nb_alloc;
127 unsigned nodes_nb;
128 unsigned nodes_nb_alloc;
129 Node *nodes;
130 MemoryRegionSection *sections;
131 } PhysPageMap;
132
133 struct AddressSpaceDispatch {
134 struct rcu_head rcu;
135
136 /* This is a multi-level map on the physical address space.
137 * The bottom level has pointers to MemoryRegionSections.
138 */
139 PhysPageEntry phys_map;
140 PhysPageMap map;
141 AddressSpace *as;
142 };
143
144 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
145 typedef struct subpage_t {
146 MemoryRegion iomem;
147 AddressSpace *as;
148 hwaddr base;
149 uint16_t sub_section[TARGET_PAGE_SIZE];
150 } subpage_t;
151
152 #define PHYS_SECTION_UNASSIGNED 0
153 #define PHYS_SECTION_NOTDIRTY 1
154 #define PHYS_SECTION_ROM 2
155 #define PHYS_SECTION_WATCH 3
156
157 static void io_mem_init(void);
158 static void memory_map_init(void);
159 static void tcg_commit(MemoryListener *listener);
160
161 static MemoryRegion io_mem_watch;
162 #endif
163
164 #if !defined(CONFIG_USER_ONLY)
165
166 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
167 {
168 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
170 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
171 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
172 }
173 }
174
175 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
176 {
177 unsigned i;
178 uint32_t ret;
179 PhysPageEntry e;
180 PhysPageEntry *p;
181
182 ret = map->nodes_nb++;
183 p = map->nodes[ret];
184 assert(ret != PHYS_MAP_NODE_NIL);
185 assert(ret != map->nodes_nb_alloc);
186
187 e.skip = leaf ? 0 : 1;
188 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
189 for (i = 0; i < P_L2_SIZE; ++i) {
190 memcpy(&p[i], &e, sizeof(e));
191 }
192 return ret;
193 }
194
195 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
196 hwaddr *index, hwaddr *nb, uint16_t leaf,
197 int level)
198 {
199 PhysPageEntry *p;
200 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
201
202 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
203 lp->ptr = phys_map_node_alloc(map, level == 0);
204 }
205 p = map->nodes[lp->ptr];
206 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
207
208 while (*nb && lp < &p[P_L2_SIZE]) {
209 if ((*index & (step - 1)) == 0 && *nb >= step) {
210 lp->skip = 0;
211 lp->ptr = leaf;
212 *index += step;
213 *nb -= step;
214 } else {
215 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
216 }
217 ++lp;
218 }
219 }
220
221 static void phys_page_set(AddressSpaceDispatch *d,
222 hwaddr index, hwaddr nb,
223 uint16_t leaf)
224 {
225 /* Wildly overreserve - it doesn't matter much. */
226 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
227
228 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
229 }
230
231 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
232 * and update our entry so we can skip it and go directly to the destination.
233 */
234 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
235 {
236 unsigned valid_ptr = P_L2_SIZE;
237 int valid = 0;
238 PhysPageEntry *p;
239 int i;
240
241 if (lp->ptr == PHYS_MAP_NODE_NIL) {
242 return;
243 }
244
245 p = nodes[lp->ptr];
246 for (i = 0; i < P_L2_SIZE; i++) {
247 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
248 continue;
249 }
250
251 valid_ptr = i;
252 valid++;
253 if (p[i].skip) {
254 phys_page_compact(&p[i], nodes, compacted);
255 }
256 }
257
258 /* We can only compress if there's only one child. */
259 if (valid != 1) {
260 return;
261 }
262
263 assert(valid_ptr < P_L2_SIZE);
264
265 /* Don't compress if it won't fit in the # of bits we have. */
266 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
267 return;
268 }
269
270 lp->ptr = p[valid_ptr].ptr;
271 if (!p[valid_ptr].skip) {
272 /* If our only child is a leaf, make this a leaf. */
273 /* By design, we should have made this node a leaf to begin with so we
274 * should never reach here.
275 * But since it's so simple to handle this, let's do it just in case we
276 * change this rule.
277 */
278 lp->skip = 0;
279 } else {
280 lp->skip += p[valid_ptr].skip;
281 }
282 }
283
284 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
285 {
286 DECLARE_BITMAP(compacted, nodes_nb);
287
288 if (d->phys_map.skip) {
289 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
290 }
291 }
292
293 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
294 Node *nodes, MemoryRegionSection *sections)
295 {
296 PhysPageEntry *p;
297 hwaddr index = addr >> TARGET_PAGE_BITS;
298 int i;
299
300 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
301 if (lp.ptr == PHYS_MAP_NODE_NIL) {
302 return &sections[PHYS_SECTION_UNASSIGNED];
303 }
304 p = nodes[lp.ptr];
305 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
306 }
307
308 if (sections[lp.ptr].size.hi ||
309 range_covers_byte(sections[lp.ptr].offset_within_address_space,
310 sections[lp.ptr].size.lo, addr)) {
311 return &sections[lp.ptr];
312 } else {
313 return &sections[PHYS_SECTION_UNASSIGNED];
314 }
315 }
316
317 bool memory_region_is_unassigned(MemoryRegion *mr)
318 {
319 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
320 && mr != &io_mem_watch;
321 }
322
323 /* Called from RCU critical section */
324 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
325 hwaddr addr,
326 bool resolve_subpage)
327 {
328 MemoryRegionSection *section;
329 subpage_t *subpage;
330
331 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
332 if (resolve_subpage && section->mr->subpage) {
333 subpage = container_of(section->mr, subpage_t, iomem);
334 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
335 }
336 return section;
337 }
338
339 /* Called from RCU critical section */
340 static MemoryRegionSection *
341 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
342 hwaddr *plen, bool resolve_subpage)
343 {
344 MemoryRegionSection *section;
345 MemoryRegion *mr;
346 Int128 diff;
347
348 section = address_space_lookup_region(d, addr, resolve_subpage);
349 /* Compute offset within MemoryRegionSection */
350 addr -= section->offset_within_address_space;
351
352 /* Compute offset within MemoryRegion */
353 *xlat = addr + section->offset_within_region;
354
355 mr = section->mr;
356 if (memory_region_is_ram(mr)) {
357 diff = int128_sub(section->size, int128_make64(addr));
358 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
359 }
360 return section;
361 }
362
363 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
364 {
365 if (memory_region_is_ram(mr)) {
366 return !(is_write && mr->readonly);
367 }
368 if (memory_region_is_romd(mr)) {
369 return !is_write;
370 }
371
372 return false;
373 }
374
375 /* Called from RCU critical section */
376 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
377 hwaddr *xlat, hwaddr *plen,
378 bool is_write)
379 {
380 IOMMUTLBEntry iotlb;
381 MemoryRegionSection *section;
382 MemoryRegion *mr;
383
384 for (;;) {
385 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
386 section = address_space_translate_internal(d, addr, &addr, plen, true);
387 mr = section->mr;
388
389 if (!mr->iommu_ops) {
390 break;
391 }
392
393 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
394 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
395 | (addr & iotlb.addr_mask));
396 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
397 if (!(iotlb.perm & (1 << is_write))) {
398 mr = &io_mem_unassigned;
399 break;
400 }
401
402 as = iotlb.target_as;
403 }
404
405 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
406 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
407 *plen = MIN(page, *plen);
408 }
409
410 *xlat = addr;
411 return mr;
412 }
413
414 /* Called from RCU critical section */
415 MemoryRegionSection *
416 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
417 hwaddr *xlat, hwaddr *plen)
418 {
419 MemoryRegionSection *section;
420 section = address_space_translate_internal(cpu->memory_dispatch,
421 addr, xlat, plen, false);
422
423 assert(!section->mr->iommu_ops);
424 return section;
425 }
426 #endif
427
428 #if !defined(CONFIG_USER_ONLY)
429
430 static int cpu_common_post_load(void *opaque, int version_id)
431 {
432 CPUState *cpu = opaque;
433
434 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
435 version_id is increased. */
436 cpu->interrupt_request &= ~0x01;
437 tlb_flush(cpu, 1);
438
439 return 0;
440 }
441
442 static int cpu_common_pre_load(void *opaque)
443 {
444 CPUState *cpu = opaque;
445
446 cpu->exception_index = -1;
447
448 return 0;
449 }
450
451 static bool cpu_common_exception_index_needed(void *opaque)
452 {
453 CPUState *cpu = opaque;
454
455 return tcg_enabled() && cpu->exception_index != -1;
456 }
457
458 static const VMStateDescription vmstate_cpu_common_exception_index = {
459 .name = "cpu_common/exception_index",
460 .version_id = 1,
461 .minimum_version_id = 1,
462 .needed = cpu_common_exception_index_needed,
463 .fields = (VMStateField[]) {
464 VMSTATE_INT32(exception_index, CPUState),
465 VMSTATE_END_OF_LIST()
466 }
467 };
468
469 const VMStateDescription vmstate_cpu_common = {
470 .name = "cpu_common",
471 .version_id = 1,
472 .minimum_version_id = 1,
473 .pre_load = cpu_common_pre_load,
474 .post_load = cpu_common_post_load,
475 .fields = (VMStateField[]) {
476 VMSTATE_UINT32(halted, CPUState),
477 VMSTATE_UINT32(interrupt_request, CPUState),
478 VMSTATE_END_OF_LIST()
479 },
480 .subsections = (const VMStateDescription*[]) {
481 &vmstate_cpu_common_exception_index,
482 NULL
483 }
484 };
485
486 #endif
487
488 CPUState *qemu_get_cpu(int index)
489 {
490 CPUState *cpu;
491
492 CPU_FOREACH(cpu) {
493 if (cpu->cpu_index == index) {
494 return cpu;
495 }
496 }
497
498 return NULL;
499 }
500
501 #if !defined(CONFIG_USER_ONLY)
502 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
503 {
504 /* We only support one address space per cpu at the moment. */
505 assert(cpu->as == as);
506
507 if (cpu->tcg_as_listener) {
508 memory_listener_unregister(cpu->tcg_as_listener);
509 } else {
510 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
511 }
512 cpu->tcg_as_listener->commit = tcg_commit;
513 memory_listener_register(cpu->tcg_as_listener, as);
514 }
515 #endif
516
517 void cpu_exec_init(CPUArchState *env)
518 {
519 CPUState *cpu = ENV_GET_CPU(env);
520 CPUClass *cc = CPU_GET_CLASS(cpu);
521 CPUState *some_cpu;
522 int cpu_index;
523
524 #if defined(CONFIG_USER_ONLY)
525 cpu_list_lock();
526 #endif
527 cpu_index = 0;
528 CPU_FOREACH(some_cpu) {
529 cpu_index++;
530 }
531 cpu->cpu_index = cpu_index;
532 cpu->numa_node = 0;
533 QTAILQ_INIT(&cpu->breakpoints);
534 QTAILQ_INIT(&cpu->watchpoints);
535 #ifndef CONFIG_USER_ONLY
536 cpu->as = &address_space_memory;
537 cpu->thread_id = qemu_get_thread_id();
538 cpu_reload_memory_map(cpu);
539 #endif
540 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
541 #if defined(CONFIG_USER_ONLY)
542 cpu_list_unlock();
543 #endif
544 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
545 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
546 }
547 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
548 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
549 cpu_save, cpu_load, env);
550 assert(cc->vmsd == NULL);
551 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
552 #endif
553 if (cc->vmsd != NULL) {
554 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
555 }
556 }
557
558 #if defined(CONFIG_USER_ONLY)
559 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
560 {
561 tb_invalidate_phys_page_range(pc, pc + 1, 0);
562 }
563 #else
564 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
565 {
566 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
567 if (phys != -1) {
568 tb_invalidate_phys_addr(cpu->as,
569 phys | (pc & ~TARGET_PAGE_MASK));
570 }
571 }
572 #endif
573
574 #if defined(CONFIG_USER_ONLY)
575 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
576
577 {
578 }
579
580 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
581 int flags)
582 {
583 return -ENOSYS;
584 }
585
586 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
587 {
588 }
589
590 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
591 int flags, CPUWatchpoint **watchpoint)
592 {
593 return -ENOSYS;
594 }
595 #else
596 /* Add a watchpoint. */
597 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
598 int flags, CPUWatchpoint **watchpoint)
599 {
600 CPUWatchpoint *wp;
601
602 /* forbid ranges which are empty or run off the end of the address space */
603 if (len == 0 || (addr + len - 1) < addr) {
604 error_report("tried to set invalid watchpoint at %"
605 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
606 return -EINVAL;
607 }
608 wp = g_malloc(sizeof(*wp));
609
610 wp->vaddr = addr;
611 wp->len = len;
612 wp->flags = flags;
613
614 /* keep all GDB-injected watchpoints in front */
615 if (flags & BP_GDB) {
616 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
617 } else {
618 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
619 }
620
621 tlb_flush_page(cpu, addr);
622
623 if (watchpoint)
624 *watchpoint = wp;
625 return 0;
626 }
627
628 /* Remove a specific watchpoint. */
629 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
630 int flags)
631 {
632 CPUWatchpoint *wp;
633
634 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
635 if (addr == wp->vaddr && len == wp->len
636 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
637 cpu_watchpoint_remove_by_ref(cpu, wp);
638 return 0;
639 }
640 }
641 return -ENOENT;
642 }
643
644 /* Remove a specific watchpoint by reference. */
645 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
646 {
647 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
648
649 tlb_flush_page(cpu, watchpoint->vaddr);
650
651 g_free(watchpoint);
652 }
653
654 /* Remove all matching watchpoints. */
655 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
656 {
657 CPUWatchpoint *wp, *next;
658
659 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
660 if (wp->flags & mask) {
661 cpu_watchpoint_remove_by_ref(cpu, wp);
662 }
663 }
664 }
665
666 /* Return true if this watchpoint address matches the specified
667 * access (ie the address range covered by the watchpoint overlaps
668 * partially or completely with the address range covered by the
669 * access).
670 */
671 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
672 vaddr addr,
673 vaddr len)
674 {
675 /* We know the lengths are non-zero, but a little caution is
676 * required to avoid errors in the case where the range ends
677 * exactly at the top of the address space and so addr + len
678 * wraps round to zero.
679 */
680 vaddr wpend = wp->vaddr + wp->len - 1;
681 vaddr addrend = addr + len - 1;
682
683 return !(addr > wpend || wp->vaddr > addrend);
684 }
685
686 #endif
687
688 /* Add a breakpoint. */
689 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
690 CPUBreakpoint **breakpoint)
691 {
692 CPUBreakpoint *bp;
693
694 bp = g_malloc(sizeof(*bp));
695
696 bp->pc = pc;
697 bp->flags = flags;
698
699 /* keep all GDB-injected breakpoints in front */
700 if (flags & BP_GDB) {
701 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
702 } else {
703 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
704 }
705
706 breakpoint_invalidate(cpu, pc);
707
708 if (breakpoint) {
709 *breakpoint = bp;
710 }
711 return 0;
712 }
713
714 /* Remove a specific breakpoint. */
715 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
716 {
717 CPUBreakpoint *bp;
718
719 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
720 if (bp->pc == pc && bp->flags == flags) {
721 cpu_breakpoint_remove_by_ref(cpu, bp);
722 return 0;
723 }
724 }
725 return -ENOENT;
726 }
727
728 /* Remove a specific breakpoint by reference. */
729 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
730 {
731 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
732
733 breakpoint_invalidate(cpu, breakpoint->pc);
734
735 g_free(breakpoint);
736 }
737
738 /* Remove all matching breakpoints. */
739 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
740 {
741 CPUBreakpoint *bp, *next;
742
743 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
744 if (bp->flags & mask) {
745 cpu_breakpoint_remove_by_ref(cpu, bp);
746 }
747 }
748 }
749
750 /* enable or disable single step mode. EXCP_DEBUG is returned by the
751 CPU loop after each instruction */
752 void cpu_single_step(CPUState *cpu, int enabled)
753 {
754 if (cpu->singlestep_enabled != enabled) {
755 cpu->singlestep_enabled = enabled;
756 if (kvm_enabled()) {
757 kvm_update_guest_debug(cpu, 0);
758 } else {
759 /* must flush all the translated code to avoid inconsistencies */
760 /* XXX: only flush what is necessary */
761 CPUArchState *env = cpu->env_ptr;
762 tb_flush(env);
763 }
764 }
765 }
766
767 void cpu_abort(CPUState *cpu, const char *fmt, ...)
768 {
769 va_list ap;
770 va_list ap2;
771
772 va_start(ap, fmt);
773 va_copy(ap2, ap);
774 fprintf(stderr, "qemu: fatal: ");
775 vfprintf(stderr, fmt, ap);
776 fprintf(stderr, "\n");
777 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
778 if (qemu_log_enabled()) {
779 qemu_log("qemu: fatal: ");
780 qemu_log_vprintf(fmt, ap2);
781 qemu_log("\n");
782 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
783 qemu_log_flush();
784 qemu_log_close();
785 }
786 va_end(ap2);
787 va_end(ap);
788 #if defined(CONFIG_USER_ONLY)
789 {
790 struct sigaction act;
791 sigfillset(&act.sa_mask);
792 act.sa_handler = SIG_DFL;
793 sigaction(SIGABRT, &act, NULL);
794 }
795 #endif
796 abort();
797 }
798
799 #if !defined(CONFIG_USER_ONLY)
800 /* Called from RCU critical section */
801 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
802 {
803 RAMBlock *block;
804
805 block = atomic_rcu_read(&ram_list.mru_block);
806 if (block && addr - block->offset < block->max_length) {
807 goto found;
808 }
809 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
810 if (addr - block->offset < block->max_length) {
811 goto found;
812 }
813 }
814
815 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
816 abort();
817
818 found:
819 /* It is safe to write mru_block outside the iothread lock. This
820 * is what happens:
821 *
822 * mru_block = xxx
823 * rcu_read_unlock()
824 * xxx removed from list
825 * rcu_read_lock()
826 * read mru_block
827 * mru_block = NULL;
828 * call_rcu(reclaim_ramblock, xxx);
829 * rcu_read_unlock()
830 *
831 * atomic_rcu_set is not needed here. The block was already published
832 * when it was placed into the list. Here we're just making an extra
833 * copy of the pointer.
834 */
835 ram_list.mru_block = block;
836 return block;
837 }
838
839 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
840 {
841 ram_addr_t start1;
842 RAMBlock *block;
843 ram_addr_t end;
844
845 end = TARGET_PAGE_ALIGN(start + length);
846 start &= TARGET_PAGE_MASK;
847
848 rcu_read_lock();
849 block = qemu_get_ram_block(start);
850 assert(block == qemu_get_ram_block(end - 1));
851 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
852 cpu_tlb_reset_dirty_all(start1, length);
853 rcu_read_unlock();
854 }
855
856 /* Note: start and end must be within the same ram block. */
857 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
858 ram_addr_t length,
859 unsigned client)
860 {
861 unsigned long end, page;
862 bool dirty;
863
864 if (length == 0) {
865 return false;
866 }
867
868 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
869 page = start >> TARGET_PAGE_BITS;
870 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
871 page, end - page);
872
873 if (dirty && tcg_enabled()) {
874 tlb_reset_dirty_range_all(start, length);
875 }
876
877 return dirty;
878 }
879
880 /* Called from RCU critical section */
881 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
882 MemoryRegionSection *section,
883 target_ulong vaddr,
884 hwaddr paddr, hwaddr xlat,
885 int prot,
886 target_ulong *address)
887 {
888 hwaddr iotlb;
889 CPUWatchpoint *wp;
890
891 if (memory_region_is_ram(section->mr)) {
892 /* Normal RAM. */
893 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
894 + xlat;
895 if (!section->readonly) {
896 iotlb |= PHYS_SECTION_NOTDIRTY;
897 } else {
898 iotlb |= PHYS_SECTION_ROM;
899 }
900 } else {
901 iotlb = section - section->address_space->dispatch->map.sections;
902 iotlb += xlat;
903 }
904
905 /* Make accesses to pages with watchpoints go via the
906 watchpoint trap routines. */
907 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
908 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
909 /* Avoid trapping reads of pages with a write breakpoint. */
910 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
911 iotlb = PHYS_SECTION_WATCH + paddr;
912 *address |= TLB_MMIO;
913 break;
914 }
915 }
916 }
917
918 return iotlb;
919 }
920 #endif /* defined(CONFIG_USER_ONLY) */
921
922 #if !defined(CONFIG_USER_ONLY)
923
924 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
925 uint16_t section);
926 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
927
928 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
929 qemu_anon_ram_alloc;
930
931 /*
932 * Set a custom physical guest memory alloator.
933 * Accelerators with unusual needs may need this. Hopefully, we can
934 * get rid of it eventually.
935 */
936 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
937 {
938 phys_mem_alloc = alloc;
939 }
940
941 static uint16_t phys_section_add(PhysPageMap *map,
942 MemoryRegionSection *section)
943 {
944 /* The physical section number is ORed with a page-aligned
945 * pointer to produce the iotlb entries. Thus it should
946 * never overflow into the page-aligned value.
947 */
948 assert(map->sections_nb < TARGET_PAGE_SIZE);
949
950 if (map->sections_nb == map->sections_nb_alloc) {
951 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
952 map->sections = g_renew(MemoryRegionSection, map->sections,
953 map->sections_nb_alloc);
954 }
955 map->sections[map->sections_nb] = *section;
956 memory_region_ref(section->mr);
957 return map->sections_nb++;
958 }
959
960 static void phys_section_destroy(MemoryRegion *mr)
961 {
962 memory_region_unref(mr);
963
964 if (mr->subpage) {
965 subpage_t *subpage = container_of(mr, subpage_t, iomem);
966 object_unref(OBJECT(&subpage->iomem));
967 g_free(subpage);
968 }
969 }
970
971 static void phys_sections_free(PhysPageMap *map)
972 {
973 while (map->sections_nb > 0) {
974 MemoryRegionSection *section = &map->sections[--map->sections_nb];
975 phys_section_destroy(section->mr);
976 }
977 g_free(map->sections);
978 g_free(map->nodes);
979 }
980
981 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
982 {
983 subpage_t *subpage;
984 hwaddr base = section->offset_within_address_space
985 & TARGET_PAGE_MASK;
986 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
987 d->map.nodes, d->map.sections);
988 MemoryRegionSection subsection = {
989 .offset_within_address_space = base,
990 .size = int128_make64(TARGET_PAGE_SIZE),
991 };
992 hwaddr start, end;
993
994 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
995
996 if (!(existing->mr->subpage)) {
997 subpage = subpage_init(d->as, base);
998 subsection.address_space = d->as;
999 subsection.mr = &subpage->iomem;
1000 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1001 phys_section_add(&d->map, &subsection));
1002 } else {
1003 subpage = container_of(existing->mr, subpage_t, iomem);
1004 }
1005 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1006 end = start + int128_get64(section->size) - 1;
1007 subpage_register(subpage, start, end,
1008 phys_section_add(&d->map, section));
1009 }
1010
1011
1012 static void register_multipage(AddressSpaceDispatch *d,
1013 MemoryRegionSection *section)
1014 {
1015 hwaddr start_addr = section->offset_within_address_space;
1016 uint16_t section_index = phys_section_add(&d->map, section);
1017 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1018 TARGET_PAGE_BITS));
1019
1020 assert(num_pages);
1021 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1022 }
1023
1024 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1025 {
1026 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1027 AddressSpaceDispatch *d = as->next_dispatch;
1028 MemoryRegionSection now = *section, remain = *section;
1029 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1030
1031 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1032 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1033 - now.offset_within_address_space;
1034
1035 now.size = int128_min(int128_make64(left), now.size);
1036 register_subpage(d, &now);
1037 } else {
1038 now.size = int128_zero();
1039 }
1040 while (int128_ne(remain.size, now.size)) {
1041 remain.size = int128_sub(remain.size, now.size);
1042 remain.offset_within_address_space += int128_get64(now.size);
1043 remain.offset_within_region += int128_get64(now.size);
1044 now = remain;
1045 if (int128_lt(remain.size, page_size)) {
1046 register_subpage(d, &now);
1047 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1048 now.size = page_size;
1049 register_subpage(d, &now);
1050 } else {
1051 now.size = int128_and(now.size, int128_neg(page_size));
1052 register_multipage(d, &now);
1053 }
1054 }
1055 }
1056
1057 void qemu_flush_coalesced_mmio_buffer(void)
1058 {
1059 if (kvm_enabled())
1060 kvm_flush_coalesced_mmio_buffer();
1061 }
1062
1063 void qemu_mutex_lock_ramlist(void)
1064 {
1065 qemu_mutex_lock(&ram_list.mutex);
1066 }
1067
1068 void qemu_mutex_unlock_ramlist(void)
1069 {
1070 qemu_mutex_unlock(&ram_list.mutex);
1071 }
1072
1073 #ifdef __linux__
1074
1075 #include <sys/vfs.h>
1076
1077 #define HUGETLBFS_MAGIC 0x958458f6
1078
1079 static long gethugepagesize(const char *path, Error **errp)
1080 {
1081 struct statfs fs;
1082 int ret;
1083
1084 do {
1085 ret = statfs(path, &fs);
1086 } while (ret != 0 && errno == EINTR);
1087
1088 if (ret != 0) {
1089 error_setg_errno(errp, errno, "failed to get page size of file %s",
1090 path);
1091 return 0;
1092 }
1093
1094 if (fs.f_type != HUGETLBFS_MAGIC)
1095 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1096
1097 return fs.f_bsize;
1098 }
1099
1100 static void *file_ram_alloc(RAMBlock *block,
1101 ram_addr_t memory,
1102 const char *path,
1103 Error **errp)
1104 {
1105 char *filename;
1106 char *sanitized_name;
1107 char *c;
1108 void *area = NULL;
1109 int fd;
1110 uint64_t hpagesize;
1111 Error *local_err = NULL;
1112
1113 hpagesize = gethugepagesize(path, &local_err);
1114 if (local_err) {
1115 error_propagate(errp, local_err);
1116 goto error;
1117 }
1118 block->mr->align = hpagesize;
1119
1120 if (memory < hpagesize) {
1121 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1122 "or larger than huge page size 0x%" PRIx64,
1123 memory, hpagesize);
1124 goto error;
1125 }
1126
1127 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1128 error_setg(errp,
1129 "host lacks kvm mmu notifiers, -mem-path unsupported");
1130 goto error;
1131 }
1132
1133 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1134 sanitized_name = g_strdup(memory_region_name(block->mr));
1135 for (c = sanitized_name; *c != '\0'; c++) {
1136 if (*c == '/')
1137 *c = '_';
1138 }
1139
1140 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1141 sanitized_name);
1142 g_free(sanitized_name);
1143
1144 fd = mkstemp(filename);
1145 if (fd < 0) {
1146 error_setg_errno(errp, errno,
1147 "unable to create backing store for hugepages");
1148 g_free(filename);
1149 goto error;
1150 }
1151 unlink(filename);
1152 g_free(filename);
1153
1154 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1155
1156 /*
1157 * ftruncate is not supported by hugetlbfs in older
1158 * hosts, so don't bother bailing out on errors.
1159 * If anything goes wrong with it under other filesystems,
1160 * mmap will fail.
1161 */
1162 if (ftruncate(fd, memory)) {
1163 perror("ftruncate");
1164 }
1165
1166 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1167 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1168 fd, 0);
1169 if (area == MAP_FAILED) {
1170 error_setg_errno(errp, errno,
1171 "unable to map backing store for hugepages");
1172 close(fd);
1173 goto error;
1174 }
1175
1176 if (mem_prealloc) {
1177 os_mem_prealloc(fd, area, memory);
1178 }
1179
1180 block->fd = fd;
1181 return area;
1182
1183 error:
1184 if (mem_prealloc) {
1185 error_report("%s", error_get_pretty(*errp));
1186 exit(1);
1187 }
1188 return NULL;
1189 }
1190 #endif
1191
1192 /* Called with the ramlist lock held. */
1193 static ram_addr_t find_ram_offset(ram_addr_t size)
1194 {
1195 RAMBlock *block, *next_block;
1196 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1197
1198 assert(size != 0); /* it would hand out same offset multiple times */
1199
1200 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1201 return 0;
1202 }
1203
1204 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1205 ram_addr_t end, next = RAM_ADDR_MAX;
1206
1207 end = block->offset + block->max_length;
1208
1209 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1210 if (next_block->offset >= end) {
1211 next = MIN(next, next_block->offset);
1212 }
1213 }
1214 if (next - end >= size && next - end < mingap) {
1215 offset = end;
1216 mingap = next - end;
1217 }
1218 }
1219
1220 if (offset == RAM_ADDR_MAX) {
1221 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1222 (uint64_t)size);
1223 abort();
1224 }
1225
1226 return offset;
1227 }
1228
1229 ram_addr_t last_ram_offset(void)
1230 {
1231 RAMBlock *block;
1232 ram_addr_t last = 0;
1233
1234 rcu_read_lock();
1235 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1236 last = MAX(last, block->offset + block->max_length);
1237 }
1238 rcu_read_unlock();
1239 return last;
1240 }
1241
1242 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1243 {
1244 int ret;
1245
1246 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1247 if (!machine_dump_guest_core(current_machine)) {
1248 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1249 if (ret) {
1250 perror("qemu_madvise");
1251 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1252 "but dump_guest_core=off specified\n");
1253 }
1254 }
1255 }
1256
1257 /* Called within an RCU critical section, or while the ramlist lock
1258 * is held.
1259 */
1260 static RAMBlock *find_ram_block(ram_addr_t addr)
1261 {
1262 RAMBlock *block;
1263
1264 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1265 if (block->offset == addr) {
1266 return block;
1267 }
1268 }
1269
1270 return NULL;
1271 }
1272
1273 /* Called with iothread lock held. */
1274 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1275 {
1276 RAMBlock *new_block, *block;
1277
1278 rcu_read_lock();
1279 new_block = find_ram_block(addr);
1280 assert(new_block);
1281 assert(!new_block->idstr[0]);
1282
1283 if (dev) {
1284 char *id = qdev_get_dev_path(dev);
1285 if (id) {
1286 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1287 g_free(id);
1288 }
1289 }
1290 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1291
1292 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1293 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1294 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1295 new_block->idstr);
1296 abort();
1297 }
1298 }
1299 rcu_read_unlock();
1300 }
1301
1302 /* Called with iothread lock held. */
1303 void qemu_ram_unset_idstr(ram_addr_t addr)
1304 {
1305 RAMBlock *block;
1306
1307 /* FIXME: arch_init.c assumes that this is not called throughout
1308 * migration. Ignore the problem since hot-unplug during migration
1309 * does not work anyway.
1310 */
1311
1312 rcu_read_lock();
1313 block = find_ram_block(addr);
1314 if (block) {
1315 memset(block->idstr, 0, sizeof(block->idstr));
1316 }
1317 rcu_read_unlock();
1318 }
1319
1320 static int memory_try_enable_merging(void *addr, size_t len)
1321 {
1322 if (!machine_mem_merge(current_machine)) {
1323 /* disabled by the user */
1324 return 0;
1325 }
1326
1327 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1328 }
1329
1330 /* Only legal before guest might have detected the memory size: e.g. on
1331 * incoming migration, or right after reset.
1332 *
1333 * As memory core doesn't know how is memory accessed, it is up to
1334 * resize callback to update device state and/or add assertions to detect
1335 * misuse, if necessary.
1336 */
1337 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1338 {
1339 RAMBlock *block = find_ram_block(base);
1340
1341 assert(block);
1342
1343 newsize = TARGET_PAGE_ALIGN(newsize);
1344
1345 if (block->used_length == newsize) {
1346 return 0;
1347 }
1348
1349 if (!(block->flags & RAM_RESIZEABLE)) {
1350 error_setg_errno(errp, EINVAL,
1351 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1352 " in != 0x" RAM_ADDR_FMT, block->idstr,
1353 newsize, block->used_length);
1354 return -EINVAL;
1355 }
1356
1357 if (block->max_length < newsize) {
1358 error_setg_errno(errp, EINVAL,
1359 "Length too large: %s: 0x" RAM_ADDR_FMT
1360 " > 0x" RAM_ADDR_FMT, block->idstr,
1361 newsize, block->max_length);
1362 return -EINVAL;
1363 }
1364
1365 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1366 block->used_length = newsize;
1367 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1368 DIRTY_CLIENTS_ALL);
1369 memory_region_set_size(block->mr, newsize);
1370 if (block->resized) {
1371 block->resized(block->idstr, newsize, block->host);
1372 }
1373 return 0;
1374 }
1375
1376 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1377 {
1378 RAMBlock *block;
1379 RAMBlock *last_block = NULL;
1380 ram_addr_t old_ram_size, new_ram_size;
1381
1382 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1383
1384 qemu_mutex_lock_ramlist();
1385 new_block->offset = find_ram_offset(new_block->max_length);
1386
1387 if (!new_block->host) {
1388 if (xen_enabled()) {
1389 xen_ram_alloc(new_block->offset, new_block->max_length,
1390 new_block->mr);
1391 } else {
1392 new_block->host = phys_mem_alloc(new_block->max_length,
1393 &new_block->mr->align);
1394 if (!new_block->host) {
1395 error_setg_errno(errp, errno,
1396 "cannot set up guest memory '%s'",
1397 memory_region_name(new_block->mr));
1398 qemu_mutex_unlock_ramlist();
1399 return -1;
1400 }
1401 memory_try_enable_merging(new_block->host, new_block->max_length);
1402 }
1403 }
1404
1405 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1406 * QLIST (which has an RCU-friendly variant) does not have insertion at
1407 * tail, so save the last element in last_block.
1408 */
1409 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1410 last_block = block;
1411 if (block->max_length < new_block->max_length) {
1412 break;
1413 }
1414 }
1415 if (block) {
1416 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1417 } else if (last_block) {
1418 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1419 } else { /* list is empty */
1420 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1421 }
1422 ram_list.mru_block = NULL;
1423
1424 /* Write list before version */
1425 smp_wmb();
1426 ram_list.version++;
1427 qemu_mutex_unlock_ramlist();
1428
1429 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1430
1431 if (new_ram_size > old_ram_size) {
1432 int i;
1433
1434 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1435 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1436 ram_list.dirty_memory[i] =
1437 bitmap_zero_extend(ram_list.dirty_memory[i],
1438 old_ram_size, new_ram_size);
1439 }
1440 }
1441 cpu_physical_memory_set_dirty_range(new_block->offset,
1442 new_block->used_length,
1443 DIRTY_CLIENTS_ALL);
1444
1445 if (new_block->host) {
1446 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1447 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1448 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1449 if (kvm_enabled()) {
1450 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1451 }
1452 }
1453
1454 return new_block->offset;
1455 }
1456
1457 #ifdef __linux__
1458 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1459 bool share, const char *mem_path,
1460 Error **errp)
1461 {
1462 RAMBlock *new_block;
1463 ram_addr_t addr;
1464 Error *local_err = NULL;
1465
1466 if (xen_enabled()) {
1467 error_setg(errp, "-mem-path not supported with Xen");
1468 return -1;
1469 }
1470
1471 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1472 /*
1473 * file_ram_alloc() needs to allocate just like
1474 * phys_mem_alloc, but we haven't bothered to provide
1475 * a hook there.
1476 */
1477 error_setg(errp,
1478 "-mem-path not supported with this accelerator");
1479 return -1;
1480 }
1481
1482 size = TARGET_PAGE_ALIGN(size);
1483 new_block = g_malloc0(sizeof(*new_block));
1484 new_block->mr = mr;
1485 new_block->used_length = size;
1486 new_block->max_length = size;
1487 new_block->flags = share ? RAM_SHARED : 0;
1488 new_block->host = file_ram_alloc(new_block, size,
1489 mem_path, errp);
1490 if (!new_block->host) {
1491 g_free(new_block);
1492 return -1;
1493 }
1494
1495 addr = ram_block_add(new_block, &local_err);
1496 if (local_err) {
1497 g_free(new_block);
1498 error_propagate(errp, local_err);
1499 return -1;
1500 }
1501 return addr;
1502 }
1503 #endif
1504
1505 static
1506 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1507 void (*resized)(const char*,
1508 uint64_t length,
1509 void *host),
1510 void *host, bool resizeable,
1511 MemoryRegion *mr, Error **errp)
1512 {
1513 RAMBlock *new_block;
1514 ram_addr_t addr;
1515 Error *local_err = NULL;
1516
1517 size = TARGET_PAGE_ALIGN(size);
1518 max_size = TARGET_PAGE_ALIGN(max_size);
1519 new_block = g_malloc0(sizeof(*new_block));
1520 new_block->mr = mr;
1521 new_block->resized = resized;
1522 new_block->used_length = size;
1523 new_block->max_length = max_size;
1524 assert(max_size >= size);
1525 new_block->fd = -1;
1526 new_block->host = host;
1527 if (host) {
1528 new_block->flags |= RAM_PREALLOC;
1529 }
1530 if (resizeable) {
1531 new_block->flags |= RAM_RESIZEABLE;
1532 }
1533 addr = ram_block_add(new_block, &local_err);
1534 if (local_err) {
1535 g_free(new_block);
1536 error_propagate(errp, local_err);
1537 return -1;
1538 }
1539 return addr;
1540 }
1541
1542 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1543 MemoryRegion *mr, Error **errp)
1544 {
1545 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1546 }
1547
1548 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1549 {
1550 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1551 }
1552
1553 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1554 void (*resized)(const char*,
1555 uint64_t length,
1556 void *host),
1557 MemoryRegion *mr, Error **errp)
1558 {
1559 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1560 }
1561
1562 void qemu_ram_free_from_ptr(ram_addr_t addr)
1563 {
1564 RAMBlock *block;
1565
1566 qemu_mutex_lock_ramlist();
1567 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1568 if (addr == block->offset) {
1569 QLIST_REMOVE_RCU(block, next);
1570 ram_list.mru_block = NULL;
1571 /* Write list before version */
1572 smp_wmb();
1573 ram_list.version++;
1574 g_free_rcu(block, rcu);
1575 break;
1576 }
1577 }
1578 qemu_mutex_unlock_ramlist();
1579 }
1580
1581 static void reclaim_ramblock(RAMBlock *block)
1582 {
1583 if (block->flags & RAM_PREALLOC) {
1584 ;
1585 } else if (xen_enabled()) {
1586 xen_invalidate_map_cache_entry(block->host);
1587 #ifndef _WIN32
1588 } else if (block->fd >= 0) {
1589 munmap(block->host, block->max_length);
1590 close(block->fd);
1591 #endif
1592 } else {
1593 qemu_anon_ram_free(block->host, block->max_length);
1594 }
1595 g_free(block);
1596 }
1597
1598 void qemu_ram_free(ram_addr_t addr)
1599 {
1600 RAMBlock *block;
1601
1602 qemu_mutex_lock_ramlist();
1603 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1604 if (addr == block->offset) {
1605 QLIST_REMOVE_RCU(block, next);
1606 ram_list.mru_block = NULL;
1607 /* Write list before version */
1608 smp_wmb();
1609 ram_list.version++;
1610 call_rcu(block, reclaim_ramblock, rcu);
1611 break;
1612 }
1613 }
1614 qemu_mutex_unlock_ramlist();
1615 }
1616
1617 #ifndef _WIN32
1618 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1619 {
1620 RAMBlock *block;
1621 ram_addr_t offset;
1622 int flags;
1623 void *area, *vaddr;
1624
1625 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1626 offset = addr - block->offset;
1627 if (offset < block->max_length) {
1628 vaddr = ramblock_ptr(block, offset);
1629 if (block->flags & RAM_PREALLOC) {
1630 ;
1631 } else if (xen_enabled()) {
1632 abort();
1633 } else {
1634 flags = MAP_FIXED;
1635 if (block->fd >= 0) {
1636 flags |= (block->flags & RAM_SHARED ?
1637 MAP_SHARED : MAP_PRIVATE);
1638 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1639 flags, block->fd, offset);
1640 } else {
1641 /*
1642 * Remap needs to match alloc. Accelerators that
1643 * set phys_mem_alloc never remap. If they did,
1644 * we'd need a remap hook here.
1645 */
1646 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1647
1648 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1649 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1650 flags, -1, 0);
1651 }
1652 if (area != vaddr) {
1653 fprintf(stderr, "Could not remap addr: "
1654 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1655 length, addr);
1656 exit(1);
1657 }
1658 memory_try_enable_merging(vaddr, length);
1659 qemu_ram_setup_dump(vaddr, length);
1660 }
1661 }
1662 }
1663 }
1664 #endif /* !_WIN32 */
1665
1666 int qemu_get_ram_fd(ram_addr_t addr)
1667 {
1668 RAMBlock *block;
1669 int fd;
1670
1671 rcu_read_lock();
1672 block = qemu_get_ram_block(addr);
1673 fd = block->fd;
1674 rcu_read_unlock();
1675 return fd;
1676 }
1677
1678 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1679 {
1680 RAMBlock *block;
1681 void *ptr;
1682
1683 rcu_read_lock();
1684 block = qemu_get_ram_block(addr);
1685 ptr = ramblock_ptr(block, 0);
1686 rcu_read_unlock();
1687 return ptr;
1688 }
1689
1690 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1691 * This should not be used for general purpose DMA. Use address_space_map
1692 * or address_space_rw instead. For local memory (e.g. video ram) that the
1693 * device owns, use memory_region_get_ram_ptr.
1694 *
1695 * By the time this function returns, the returned pointer is not protected
1696 * by RCU anymore. If the caller is not within an RCU critical section and
1697 * does not hold the iothread lock, it must have other means of protecting the
1698 * pointer, such as a reference to the region that includes the incoming
1699 * ram_addr_t.
1700 */
1701 void *qemu_get_ram_ptr(ram_addr_t addr)
1702 {
1703 RAMBlock *block;
1704 void *ptr;
1705
1706 rcu_read_lock();
1707 block = qemu_get_ram_block(addr);
1708
1709 if (xen_enabled() && block->host == NULL) {
1710 /* We need to check if the requested address is in the RAM
1711 * because we don't want to map the entire memory in QEMU.
1712 * In that case just map until the end of the page.
1713 */
1714 if (block->offset == 0) {
1715 ptr = xen_map_cache(addr, 0, 0);
1716 goto unlock;
1717 }
1718
1719 block->host = xen_map_cache(block->offset, block->max_length, 1);
1720 }
1721 ptr = ramblock_ptr(block, addr - block->offset);
1722
1723 unlock:
1724 rcu_read_unlock();
1725 return ptr;
1726 }
1727
1728 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1729 * but takes a size argument.
1730 *
1731 * By the time this function returns, the returned pointer is not protected
1732 * by RCU anymore. If the caller is not within an RCU critical section and
1733 * does not hold the iothread lock, it must have other means of protecting the
1734 * pointer, such as a reference to the region that includes the incoming
1735 * ram_addr_t.
1736 */
1737 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1738 {
1739 void *ptr;
1740 if (*size == 0) {
1741 return NULL;
1742 }
1743 if (xen_enabled()) {
1744 return xen_map_cache(addr, *size, 1);
1745 } else {
1746 RAMBlock *block;
1747 rcu_read_lock();
1748 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1749 if (addr - block->offset < block->max_length) {
1750 if (addr - block->offset + *size > block->max_length)
1751 *size = block->max_length - addr + block->offset;
1752 ptr = ramblock_ptr(block, addr - block->offset);
1753 rcu_read_unlock();
1754 return ptr;
1755 }
1756 }
1757
1758 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1759 abort();
1760 }
1761 }
1762
1763 /* Some of the softmmu routines need to translate from a host pointer
1764 * (typically a TLB entry) back to a ram offset.
1765 *
1766 * By the time this function returns, the returned pointer is not protected
1767 * by RCU anymore. If the caller is not within an RCU critical section and
1768 * does not hold the iothread lock, it must have other means of protecting the
1769 * pointer, such as a reference to the region that includes the incoming
1770 * ram_addr_t.
1771 */
1772 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1773 {
1774 RAMBlock *block;
1775 uint8_t *host = ptr;
1776 MemoryRegion *mr;
1777
1778 if (xen_enabled()) {
1779 rcu_read_lock();
1780 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1781 mr = qemu_get_ram_block(*ram_addr)->mr;
1782 rcu_read_unlock();
1783 return mr;
1784 }
1785
1786 rcu_read_lock();
1787 block = atomic_rcu_read(&ram_list.mru_block);
1788 if (block && block->host && host - block->host < block->max_length) {
1789 goto found;
1790 }
1791
1792 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1793 /* This case append when the block is not mapped. */
1794 if (block->host == NULL) {
1795 continue;
1796 }
1797 if (host - block->host < block->max_length) {
1798 goto found;
1799 }
1800 }
1801
1802 rcu_read_unlock();
1803 return NULL;
1804
1805 found:
1806 *ram_addr = block->offset + (host - block->host);
1807 mr = block->mr;
1808 rcu_read_unlock();
1809 return mr;
1810 }
1811
1812 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1813 uint64_t val, unsigned size)
1814 {
1815 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1816 tb_invalidate_phys_page_fast(ram_addr, size);
1817 }
1818 switch (size) {
1819 case 1:
1820 stb_p(qemu_get_ram_ptr(ram_addr), val);
1821 break;
1822 case 2:
1823 stw_p(qemu_get_ram_ptr(ram_addr), val);
1824 break;
1825 case 4:
1826 stl_p(qemu_get_ram_ptr(ram_addr), val);
1827 break;
1828 default:
1829 abort();
1830 }
1831 /* Set both VGA and migration bits for simplicity and to remove
1832 * the notdirty callback faster.
1833 */
1834 cpu_physical_memory_set_dirty_range(ram_addr, size,
1835 DIRTY_CLIENTS_NOCODE);
1836 /* we remove the notdirty callback only if the code has been
1837 flushed */
1838 if (!cpu_physical_memory_is_clean(ram_addr)) {
1839 CPUArchState *env = current_cpu->env_ptr;
1840 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1841 }
1842 }
1843
1844 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1845 unsigned size, bool is_write)
1846 {
1847 return is_write;
1848 }
1849
1850 static const MemoryRegionOps notdirty_mem_ops = {
1851 .write = notdirty_mem_write,
1852 .valid.accepts = notdirty_mem_accepts,
1853 .endianness = DEVICE_NATIVE_ENDIAN,
1854 };
1855
1856 /* Generate a debug exception if a watchpoint has been hit. */
1857 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1858 {
1859 CPUState *cpu = current_cpu;
1860 CPUArchState *env = cpu->env_ptr;
1861 target_ulong pc, cs_base;
1862 target_ulong vaddr;
1863 CPUWatchpoint *wp;
1864 int cpu_flags;
1865
1866 if (cpu->watchpoint_hit) {
1867 /* We re-entered the check after replacing the TB. Now raise
1868 * the debug interrupt so that is will trigger after the
1869 * current instruction. */
1870 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1871 return;
1872 }
1873 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1874 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1875 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1876 && (wp->flags & flags)) {
1877 if (flags == BP_MEM_READ) {
1878 wp->flags |= BP_WATCHPOINT_HIT_READ;
1879 } else {
1880 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1881 }
1882 wp->hitaddr = vaddr;
1883 wp->hitattrs = attrs;
1884 if (!cpu->watchpoint_hit) {
1885 cpu->watchpoint_hit = wp;
1886 tb_check_watchpoint(cpu);
1887 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1888 cpu->exception_index = EXCP_DEBUG;
1889 cpu_loop_exit(cpu);
1890 } else {
1891 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1892 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1893 cpu_resume_from_signal(cpu, NULL);
1894 }
1895 }
1896 } else {
1897 wp->flags &= ~BP_WATCHPOINT_HIT;
1898 }
1899 }
1900 }
1901
1902 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1903 so these check for a hit then pass through to the normal out-of-line
1904 phys routines. */
1905 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
1906 unsigned size, MemTxAttrs attrs)
1907 {
1908 MemTxResult res;
1909 uint64_t data;
1910
1911 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1912 switch (size) {
1913 case 1:
1914 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
1915 break;
1916 case 2:
1917 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
1918 break;
1919 case 4:
1920 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
1921 break;
1922 default: abort();
1923 }
1924 *pdata = data;
1925 return res;
1926 }
1927
1928 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
1929 uint64_t val, unsigned size,
1930 MemTxAttrs attrs)
1931 {
1932 MemTxResult res;
1933
1934 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1935 switch (size) {
1936 case 1:
1937 address_space_stb(&address_space_memory, addr, val, attrs, &res);
1938 break;
1939 case 2:
1940 address_space_stw(&address_space_memory, addr, val, attrs, &res);
1941 break;
1942 case 4:
1943 address_space_stl(&address_space_memory, addr, val, attrs, &res);
1944 break;
1945 default: abort();
1946 }
1947 return res;
1948 }
1949
1950 static const MemoryRegionOps watch_mem_ops = {
1951 .read_with_attrs = watch_mem_read,
1952 .write_with_attrs = watch_mem_write,
1953 .endianness = DEVICE_NATIVE_ENDIAN,
1954 };
1955
1956 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
1957 unsigned len, MemTxAttrs attrs)
1958 {
1959 subpage_t *subpage = opaque;
1960 uint8_t buf[8];
1961 MemTxResult res;
1962
1963 #if defined(DEBUG_SUBPAGE)
1964 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1965 subpage, len, addr);
1966 #endif
1967 res = address_space_read(subpage->as, addr + subpage->base,
1968 attrs, buf, len);
1969 if (res) {
1970 return res;
1971 }
1972 switch (len) {
1973 case 1:
1974 *data = ldub_p(buf);
1975 return MEMTX_OK;
1976 case 2:
1977 *data = lduw_p(buf);
1978 return MEMTX_OK;
1979 case 4:
1980 *data = ldl_p(buf);
1981 return MEMTX_OK;
1982 case 8:
1983 *data = ldq_p(buf);
1984 return MEMTX_OK;
1985 default:
1986 abort();
1987 }
1988 }
1989
1990 static MemTxResult subpage_write(void *opaque, hwaddr addr,
1991 uint64_t value, unsigned len, MemTxAttrs attrs)
1992 {
1993 subpage_t *subpage = opaque;
1994 uint8_t buf[8];
1995
1996 #if defined(DEBUG_SUBPAGE)
1997 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1998 " value %"PRIx64"\n",
1999 __func__, subpage, len, addr, value);
2000 #endif
2001 switch (len) {
2002 case 1:
2003 stb_p(buf, value);
2004 break;
2005 case 2:
2006 stw_p(buf, value);
2007 break;
2008 case 4:
2009 stl_p(buf, value);
2010 break;
2011 case 8:
2012 stq_p(buf, value);
2013 break;
2014 default:
2015 abort();
2016 }
2017 return address_space_write(subpage->as, addr + subpage->base,
2018 attrs, buf, len);
2019 }
2020
2021 static bool subpage_accepts(void *opaque, hwaddr addr,
2022 unsigned len, bool is_write)
2023 {
2024 subpage_t *subpage = opaque;
2025 #if defined(DEBUG_SUBPAGE)
2026 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2027 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2028 #endif
2029
2030 return address_space_access_valid(subpage->as, addr + subpage->base,
2031 len, is_write);
2032 }
2033
2034 static const MemoryRegionOps subpage_ops = {
2035 .read_with_attrs = subpage_read,
2036 .write_with_attrs = subpage_write,
2037 .impl.min_access_size = 1,
2038 .impl.max_access_size = 8,
2039 .valid.min_access_size = 1,
2040 .valid.max_access_size = 8,
2041 .valid.accepts = subpage_accepts,
2042 .endianness = DEVICE_NATIVE_ENDIAN,
2043 };
2044
2045 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2046 uint16_t section)
2047 {
2048 int idx, eidx;
2049
2050 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2051 return -1;
2052 idx = SUBPAGE_IDX(start);
2053 eidx = SUBPAGE_IDX(end);
2054 #if defined(DEBUG_SUBPAGE)
2055 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2056 __func__, mmio, start, end, idx, eidx, section);
2057 #endif
2058 for (; idx <= eidx; idx++) {
2059 mmio->sub_section[idx] = section;
2060 }
2061
2062 return 0;
2063 }
2064
2065 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2066 {
2067 subpage_t *mmio;
2068
2069 mmio = g_malloc0(sizeof(subpage_t));
2070
2071 mmio->as = as;
2072 mmio->base = base;
2073 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2074 NULL, TARGET_PAGE_SIZE);
2075 mmio->iomem.subpage = true;
2076 #if defined(DEBUG_SUBPAGE)
2077 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2078 mmio, base, TARGET_PAGE_SIZE);
2079 #endif
2080 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2081
2082 return mmio;
2083 }
2084
2085 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2086 MemoryRegion *mr)
2087 {
2088 assert(as);
2089 MemoryRegionSection section = {
2090 .address_space = as,
2091 .mr = mr,
2092 .offset_within_address_space = 0,
2093 .offset_within_region = 0,
2094 .size = int128_2_64(),
2095 };
2096
2097 return phys_section_add(map, &section);
2098 }
2099
2100 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2101 {
2102 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2103 MemoryRegionSection *sections = d->map.sections;
2104
2105 return sections[index & ~TARGET_PAGE_MASK].mr;
2106 }
2107
2108 static void io_mem_init(void)
2109 {
2110 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2111 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2112 NULL, UINT64_MAX);
2113 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2114 NULL, UINT64_MAX);
2115 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2116 NULL, UINT64_MAX);
2117 }
2118
2119 static void mem_begin(MemoryListener *listener)
2120 {
2121 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2122 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2123 uint16_t n;
2124
2125 n = dummy_section(&d->map, as, &io_mem_unassigned);
2126 assert(n == PHYS_SECTION_UNASSIGNED);
2127 n = dummy_section(&d->map, as, &io_mem_notdirty);
2128 assert(n == PHYS_SECTION_NOTDIRTY);
2129 n = dummy_section(&d->map, as, &io_mem_rom);
2130 assert(n == PHYS_SECTION_ROM);
2131 n = dummy_section(&d->map, as, &io_mem_watch);
2132 assert(n == PHYS_SECTION_WATCH);
2133
2134 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2135 d->as = as;
2136 as->next_dispatch = d;
2137 }
2138
2139 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2140 {
2141 phys_sections_free(&d->map);
2142 g_free(d);
2143 }
2144
2145 static void mem_commit(MemoryListener *listener)
2146 {
2147 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2148 AddressSpaceDispatch *cur = as->dispatch;
2149 AddressSpaceDispatch *next = as->next_dispatch;
2150
2151 phys_page_compact_all(next, next->map.nodes_nb);
2152
2153 atomic_rcu_set(&as->dispatch, next);
2154 if (cur) {
2155 call_rcu(cur, address_space_dispatch_free, rcu);
2156 }
2157 }
2158
2159 static void tcg_commit(MemoryListener *listener)
2160 {
2161 CPUState *cpu;
2162
2163 /* since each CPU stores ram addresses in its TLB cache, we must
2164 reset the modified entries */
2165 /* XXX: slow ! */
2166 CPU_FOREACH(cpu) {
2167 /* FIXME: Disentangle the cpu.h circular files deps so we can
2168 directly get the right CPU from listener. */
2169 if (cpu->tcg_as_listener != listener) {
2170 continue;
2171 }
2172 cpu_reload_memory_map(cpu);
2173 }
2174 }
2175
2176 void address_space_init_dispatch(AddressSpace *as)
2177 {
2178 as->dispatch = NULL;
2179 as->dispatch_listener = (MemoryListener) {
2180 .begin = mem_begin,
2181 .commit = mem_commit,
2182 .region_add = mem_add,
2183 .region_nop = mem_add,
2184 .priority = 0,
2185 };
2186 memory_listener_register(&as->dispatch_listener, as);
2187 }
2188
2189 void address_space_unregister(AddressSpace *as)
2190 {
2191 memory_listener_unregister(&as->dispatch_listener);
2192 }
2193
2194 void address_space_destroy_dispatch(AddressSpace *as)
2195 {
2196 AddressSpaceDispatch *d = as->dispatch;
2197
2198 atomic_rcu_set(&as->dispatch, NULL);
2199 if (d) {
2200 call_rcu(d, address_space_dispatch_free, rcu);
2201 }
2202 }
2203
2204 static void memory_map_init(void)
2205 {
2206 system_memory = g_malloc(sizeof(*system_memory));
2207
2208 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2209 address_space_init(&address_space_memory, system_memory, "memory");
2210
2211 system_io = g_malloc(sizeof(*system_io));
2212 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2213 65536);
2214 address_space_init(&address_space_io, system_io, "I/O");
2215 }
2216
2217 MemoryRegion *get_system_memory(void)
2218 {
2219 return system_memory;
2220 }
2221
2222 MemoryRegion *get_system_io(void)
2223 {
2224 return system_io;
2225 }
2226
2227 #endif /* !defined(CONFIG_USER_ONLY) */
2228
2229 /* physical memory access (slow version, mainly for debug) */
2230 #if defined(CONFIG_USER_ONLY)
2231 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2232 uint8_t *buf, int len, int is_write)
2233 {
2234 int l, flags;
2235 target_ulong page;
2236 void * p;
2237
2238 while (len > 0) {
2239 page = addr & TARGET_PAGE_MASK;
2240 l = (page + TARGET_PAGE_SIZE) - addr;
2241 if (l > len)
2242 l = len;
2243 flags = page_get_flags(page);
2244 if (!(flags & PAGE_VALID))
2245 return -1;
2246 if (is_write) {
2247 if (!(flags & PAGE_WRITE))
2248 return -1;
2249 /* XXX: this code should not depend on lock_user */
2250 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2251 return -1;
2252 memcpy(p, buf, l);
2253 unlock_user(p, addr, l);
2254 } else {
2255 if (!(flags & PAGE_READ))
2256 return -1;
2257 /* XXX: this code should not depend on lock_user */
2258 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2259 return -1;
2260 memcpy(buf, p, l);
2261 unlock_user(p, addr, 0);
2262 }
2263 len -= l;
2264 buf += l;
2265 addr += l;
2266 }
2267 return 0;
2268 }
2269
2270 #else
2271
2272 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2273 hwaddr length)
2274 {
2275 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2276 /* No early return if dirty_log_mask is or becomes 0, because
2277 * cpu_physical_memory_set_dirty_range will still call
2278 * xen_modified_memory.
2279 */
2280 if (dirty_log_mask) {
2281 dirty_log_mask =
2282 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2283 }
2284 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2285 tb_invalidate_phys_range(addr, addr + length);
2286 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2287 }
2288 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2289 }
2290
2291 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2292 {
2293 unsigned access_size_max = mr->ops->valid.max_access_size;
2294
2295 /* Regions are assumed to support 1-4 byte accesses unless
2296 otherwise specified. */
2297 if (access_size_max == 0) {
2298 access_size_max = 4;
2299 }
2300
2301 /* Bound the maximum access by the alignment of the address. */
2302 if (!mr->ops->impl.unaligned) {
2303 unsigned align_size_max = addr & -addr;
2304 if (align_size_max != 0 && align_size_max < access_size_max) {
2305 access_size_max = align_size_max;
2306 }
2307 }
2308
2309 /* Don't attempt accesses larger than the maximum. */
2310 if (l > access_size_max) {
2311 l = access_size_max;
2312 }
2313 if (l & (l - 1)) {
2314 l = 1 << (qemu_fls(l) - 1);
2315 }
2316
2317 return l;
2318 }
2319
2320 static bool prepare_mmio_access(MemoryRegion *mr)
2321 {
2322 bool unlocked = !qemu_mutex_iothread_locked();
2323 bool release_lock = false;
2324
2325 if (unlocked && mr->global_locking) {
2326 qemu_mutex_lock_iothread();
2327 unlocked = false;
2328 release_lock = true;
2329 }
2330 if (mr->flush_coalesced_mmio) {
2331 if (unlocked) {
2332 qemu_mutex_lock_iothread();
2333 }
2334 qemu_flush_coalesced_mmio_buffer();
2335 if (unlocked) {
2336 qemu_mutex_unlock_iothread();
2337 }
2338 }
2339
2340 return release_lock;
2341 }
2342
2343 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2344 uint8_t *buf, int len, bool is_write)
2345 {
2346 hwaddr l;
2347 uint8_t *ptr;
2348 uint64_t val;
2349 hwaddr addr1;
2350 MemoryRegion *mr;
2351 MemTxResult result = MEMTX_OK;
2352 bool release_lock = false;
2353
2354 rcu_read_lock();
2355 while (len > 0) {
2356 l = len;
2357 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2358
2359 if (is_write) {
2360 if (!memory_access_is_direct(mr, is_write)) {
2361 release_lock |= prepare_mmio_access(mr);
2362 l = memory_access_size(mr, l, addr1);
2363 /* XXX: could force current_cpu to NULL to avoid
2364 potential bugs */
2365 switch (l) {
2366 case 8:
2367 /* 64 bit write access */
2368 val = ldq_p(buf);
2369 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2370 attrs);
2371 break;
2372 case 4:
2373 /* 32 bit write access */
2374 val = ldl_p(buf);
2375 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2376 attrs);
2377 break;
2378 case 2:
2379 /* 16 bit write access */
2380 val = lduw_p(buf);
2381 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2382 attrs);
2383 break;
2384 case 1:
2385 /* 8 bit write access */
2386 val = ldub_p(buf);
2387 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2388 attrs);
2389 break;
2390 default:
2391 abort();
2392 }
2393 } else {
2394 addr1 += memory_region_get_ram_addr(mr);
2395 /* RAM case */
2396 ptr = qemu_get_ram_ptr(addr1);
2397 memcpy(ptr, buf, l);
2398 invalidate_and_set_dirty(mr, addr1, l);
2399 }
2400 } else {
2401 if (!memory_access_is_direct(mr, is_write)) {
2402 /* I/O case */
2403 release_lock |= prepare_mmio_access(mr);
2404 l = memory_access_size(mr, l, addr1);
2405 switch (l) {
2406 case 8:
2407 /* 64 bit read access */
2408 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2409 attrs);
2410 stq_p(buf, val);
2411 break;
2412 case 4:
2413 /* 32 bit read access */
2414 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2415 attrs);
2416 stl_p(buf, val);
2417 break;
2418 case 2:
2419 /* 16 bit read access */
2420 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2421 attrs);
2422 stw_p(buf, val);
2423 break;
2424 case 1:
2425 /* 8 bit read access */
2426 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2427 attrs);
2428 stb_p(buf, val);
2429 break;
2430 default:
2431 abort();
2432 }
2433 } else {
2434 /* RAM case */
2435 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2436 memcpy(buf, ptr, l);
2437 }
2438 }
2439
2440 if (release_lock) {
2441 qemu_mutex_unlock_iothread();
2442 release_lock = false;
2443 }
2444
2445 len -= l;
2446 buf += l;
2447 addr += l;
2448 }
2449 rcu_read_unlock();
2450
2451 return result;
2452 }
2453
2454 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2455 const uint8_t *buf, int len)
2456 {
2457 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2458 }
2459
2460 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2461 uint8_t *buf, int len)
2462 {
2463 return address_space_rw(as, addr, attrs, buf, len, false);
2464 }
2465
2466
2467 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2468 int len, int is_write)
2469 {
2470 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2471 buf, len, is_write);
2472 }
2473
2474 enum write_rom_type {
2475 WRITE_DATA,
2476 FLUSH_CACHE,
2477 };
2478
2479 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2480 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2481 {
2482 hwaddr l;
2483 uint8_t *ptr;
2484 hwaddr addr1;
2485 MemoryRegion *mr;
2486
2487 rcu_read_lock();
2488 while (len > 0) {
2489 l = len;
2490 mr = address_space_translate(as, addr, &addr1, &l, true);
2491
2492 if (!(memory_region_is_ram(mr) ||
2493 memory_region_is_romd(mr))) {
2494 /* do nothing */
2495 } else {
2496 addr1 += memory_region_get_ram_addr(mr);
2497 /* ROM/RAM case */
2498 ptr = qemu_get_ram_ptr(addr1);
2499 switch (type) {
2500 case WRITE_DATA:
2501 memcpy(ptr, buf, l);
2502 invalidate_and_set_dirty(mr, addr1, l);
2503 break;
2504 case FLUSH_CACHE:
2505 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2506 break;
2507 }
2508 }
2509 len -= l;
2510 buf += l;
2511 addr += l;
2512 }
2513 rcu_read_unlock();
2514 }
2515
2516 /* used for ROM loading : can write in RAM and ROM */
2517 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2518 const uint8_t *buf, int len)
2519 {
2520 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2521 }
2522
2523 void cpu_flush_icache_range(hwaddr start, int len)
2524 {
2525 /*
2526 * This function should do the same thing as an icache flush that was
2527 * triggered from within the guest. For TCG we are always cache coherent,
2528 * so there is no need to flush anything. For KVM / Xen we need to flush
2529 * the host's instruction cache at least.
2530 */
2531 if (tcg_enabled()) {
2532 return;
2533 }
2534
2535 cpu_physical_memory_write_rom_internal(&address_space_memory,
2536 start, NULL, len, FLUSH_CACHE);
2537 }
2538
2539 typedef struct {
2540 MemoryRegion *mr;
2541 void *buffer;
2542 hwaddr addr;
2543 hwaddr len;
2544 bool in_use;
2545 } BounceBuffer;
2546
2547 static BounceBuffer bounce;
2548
2549 typedef struct MapClient {
2550 QEMUBH *bh;
2551 QLIST_ENTRY(MapClient) link;
2552 } MapClient;
2553
2554 QemuMutex map_client_list_lock;
2555 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2556 = QLIST_HEAD_INITIALIZER(map_client_list);
2557
2558 static void cpu_unregister_map_client_do(MapClient *client)
2559 {
2560 QLIST_REMOVE(client, link);
2561 g_free(client);
2562 }
2563
2564 static void cpu_notify_map_clients_locked(void)
2565 {
2566 MapClient *client;
2567
2568 while (!QLIST_EMPTY(&map_client_list)) {
2569 client = QLIST_FIRST(&map_client_list);
2570 qemu_bh_schedule(client->bh);
2571 cpu_unregister_map_client_do(client);
2572 }
2573 }
2574
2575 void cpu_register_map_client(QEMUBH *bh)
2576 {
2577 MapClient *client = g_malloc(sizeof(*client));
2578
2579 qemu_mutex_lock(&map_client_list_lock);
2580 client->bh = bh;
2581 QLIST_INSERT_HEAD(&map_client_list, client, link);
2582 if (!atomic_read(&bounce.in_use)) {
2583 cpu_notify_map_clients_locked();
2584 }
2585 qemu_mutex_unlock(&map_client_list_lock);
2586 }
2587
2588 void cpu_exec_init_all(void)
2589 {
2590 qemu_mutex_init(&ram_list.mutex);
2591 memory_map_init();
2592 io_mem_init();
2593 qemu_mutex_init(&map_client_list_lock);
2594 }
2595
2596 void cpu_unregister_map_client(QEMUBH *bh)
2597 {
2598 MapClient *client;
2599
2600 qemu_mutex_lock(&map_client_list_lock);
2601 QLIST_FOREACH(client, &map_client_list, link) {
2602 if (client->bh == bh) {
2603 cpu_unregister_map_client_do(client);
2604 break;
2605 }
2606 }
2607 qemu_mutex_unlock(&map_client_list_lock);
2608 }
2609
2610 static void cpu_notify_map_clients(void)
2611 {
2612 qemu_mutex_lock(&map_client_list_lock);
2613 cpu_notify_map_clients_locked();
2614 qemu_mutex_unlock(&map_client_list_lock);
2615 }
2616
2617 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2618 {
2619 MemoryRegion *mr;
2620 hwaddr l, xlat;
2621
2622 rcu_read_lock();
2623 while (len > 0) {
2624 l = len;
2625 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2626 if (!memory_access_is_direct(mr, is_write)) {
2627 l = memory_access_size(mr, l, addr);
2628 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2629 return false;
2630 }
2631 }
2632
2633 len -= l;
2634 addr += l;
2635 }
2636 rcu_read_unlock();
2637 return true;
2638 }
2639
2640 /* Map a physical memory region into a host virtual address.
2641 * May map a subset of the requested range, given by and returned in *plen.
2642 * May return NULL if resources needed to perform the mapping are exhausted.
2643 * Use only for reads OR writes - not for read-modify-write operations.
2644 * Use cpu_register_map_client() to know when retrying the map operation is
2645 * likely to succeed.
2646 */
2647 void *address_space_map(AddressSpace *as,
2648 hwaddr addr,
2649 hwaddr *plen,
2650 bool is_write)
2651 {
2652 hwaddr len = *plen;
2653 hwaddr done = 0;
2654 hwaddr l, xlat, base;
2655 MemoryRegion *mr, *this_mr;
2656 ram_addr_t raddr;
2657
2658 if (len == 0) {
2659 return NULL;
2660 }
2661
2662 l = len;
2663 rcu_read_lock();
2664 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2665
2666 if (!memory_access_is_direct(mr, is_write)) {
2667 if (atomic_xchg(&bounce.in_use, true)) {
2668 rcu_read_unlock();
2669 return NULL;
2670 }
2671 /* Avoid unbounded allocations */
2672 l = MIN(l, TARGET_PAGE_SIZE);
2673 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2674 bounce.addr = addr;
2675 bounce.len = l;
2676
2677 memory_region_ref(mr);
2678 bounce.mr = mr;
2679 if (!is_write) {
2680 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2681 bounce.buffer, l);
2682 }
2683
2684 rcu_read_unlock();
2685 *plen = l;
2686 return bounce.buffer;
2687 }
2688
2689 base = xlat;
2690 raddr = memory_region_get_ram_addr(mr);
2691
2692 for (;;) {
2693 len -= l;
2694 addr += l;
2695 done += l;
2696 if (len == 0) {
2697 break;
2698 }
2699
2700 l = len;
2701 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2702 if (this_mr != mr || xlat != base + done) {
2703 break;
2704 }
2705 }
2706
2707 memory_region_ref(mr);
2708 rcu_read_unlock();
2709 *plen = done;
2710 return qemu_ram_ptr_length(raddr + base, plen);
2711 }
2712
2713 /* Unmaps a memory region previously mapped by address_space_map().
2714 * Will also mark the memory as dirty if is_write == 1. access_len gives
2715 * the amount of memory that was actually read or written by the caller.
2716 */
2717 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2718 int is_write, hwaddr access_len)
2719 {
2720 if (buffer != bounce.buffer) {
2721 MemoryRegion *mr;
2722 ram_addr_t addr1;
2723
2724 mr = qemu_ram_addr_from_host(buffer, &addr1);
2725 assert(mr != NULL);
2726 if (is_write) {
2727 invalidate_and_set_dirty(mr, addr1, access_len);
2728 }
2729 if (xen_enabled()) {
2730 xen_invalidate_map_cache_entry(buffer);
2731 }
2732 memory_region_unref(mr);
2733 return;
2734 }
2735 if (is_write) {
2736 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2737 bounce.buffer, access_len);
2738 }
2739 qemu_vfree(bounce.buffer);
2740 bounce.buffer = NULL;
2741 memory_region_unref(bounce.mr);
2742 atomic_mb_set(&bounce.in_use, false);
2743 cpu_notify_map_clients();
2744 }
2745
2746 void *cpu_physical_memory_map(hwaddr addr,
2747 hwaddr *plen,
2748 int is_write)
2749 {
2750 return address_space_map(&address_space_memory, addr, plen, is_write);
2751 }
2752
2753 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2754 int is_write, hwaddr access_len)
2755 {
2756 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2757 }
2758
2759 /* warning: addr must be aligned */
2760 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2761 MemTxAttrs attrs,
2762 MemTxResult *result,
2763 enum device_endian endian)
2764 {
2765 uint8_t *ptr;
2766 uint64_t val;
2767 MemoryRegion *mr;
2768 hwaddr l = 4;
2769 hwaddr addr1;
2770 MemTxResult r;
2771 bool release_lock = false;
2772
2773 rcu_read_lock();
2774 mr = address_space_translate(as, addr, &addr1, &l, false);
2775 if (l < 4 || !memory_access_is_direct(mr, false)) {
2776 release_lock |= prepare_mmio_access(mr);
2777
2778 /* I/O case */
2779 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2780 #if defined(TARGET_WORDS_BIGENDIAN)
2781 if (endian == DEVICE_LITTLE_ENDIAN) {
2782 val = bswap32(val);
2783 }
2784 #else
2785 if (endian == DEVICE_BIG_ENDIAN) {
2786 val = bswap32(val);
2787 }
2788 #endif
2789 } else {
2790 /* RAM case */
2791 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2792 & TARGET_PAGE_MASK)
2793 + addr1);
2794 switch (endian) {
2795 case DEVICE_LITTLE_ENDIAN:
2796 val = ldl_le_p(ptr);
2797 break;
2798 case DEVICE_BIG_ENDIAN:
2799 val = ldl_be_p(ptr);
2800 break;
2801 default:
2802 val = ldl_p(ptr);
2803 break;
2804 }
2805 r = MEMTX_OK;
2806 }
2807 if (result) {
2808 *result = r;
2809 }
2810 if (release_lock) {
2811 qemu_mutex_unlock_iothread();
2812 }
2813 rcu_read_unlock();
2814 return val;
2815 }
2816
2817 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2818 MemTxAttrs attrs, MemTxResult *result)
2819 {
2820 return address_space_ldl_internal(as, addr, attrs, result,
2821 DEVICE_NATIVE_ENDIAN);
2822 }
2823
2824 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2825 MemTxAttrs attrs, MemTxResult *result)
2826 {
2827 return address_space_ldl_internal(as, addr, attrs, result,
2828 DEVICE_LITTLE_ENDIAN);
2829 }
2830
2831 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2832 MemTxAttrs attrs, MemTxResult *result)
2833 {
2834 return address_space_ldl_internal(as, addr, attrs, result,
2835 DEVICE_BIG_ENDIAN);
2836 }
2837
2838 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2839 {
2840 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2841 }
2842
2843 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2844 {
2845 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2846 }
2847
2848 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2849 {
2850 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2851 }
2852
2853 /* warning: addr must be aligned */
2854 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2855 MemTxAttrs attrs,
2856 MemTxResult *result,
2857 enum device_endian endian)
2858 {
2859 uint8_t *ptr;
2860 uint64_t val;
2861 MemoryRegion *mr;
2862 hwaddr l = 8;
2863 hwaddr addr1;
2864 MemTxResult r;
2865 bool release_lock = false;
2866
2867 rcu_read_lock();
2868 mr = address_space_translate(as, addr, &addr1, &l,
2869 false);
2870 if (l < 8 || !memory_access_is_direct(mr, false)) {
2871 release_lock |= prepare_mmio_access(mr);
2872
2873 /* I/O case */
2874 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2875 #if defined(TARGET_WORDS_BIGENDIAN)
2876 if (endian == DEVICE_LITTLE_ENDIAN) {
2877 val = bswap64(val);
2878 }
2879 #else
2880 if (endian == DEVICE_BIG_ENDIAN) {
2881 val = bswap64(val);
2882 }
2883 #endif
2884 } else {
2885 /* RAM case */
2886 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2887 & TARGET_PAGE_MASK)
2888 + addr1);
2889 switch (endian) {
2890 case DEVICE_LITTLE_ENDIAN:
2891 val = ldq_le_p(ptr);
2892 break;
2893 case DEVICE_BIG_ENDIAN:
2894 val = ldq_be_p(ptr);
2895 break;
2896 default:
2897 val = ldq_p(ptr);
2898 break;
2899 }
2900 r = MEMTX_OK;
2901 }
2902 if (result) {
2903 *result = r;
2904 }
2905 if (release_lock) {
2906 qemu_mutex_unlock_iothread();
2907 }
2908 rcu_read_unlock();
2909 return val;
2910 }
2911
2912 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
2913 MemTxAttrs attrs, MemTxResult *result)
2914 {
2915 return address_space_ldq_internal(as, addr, attrs, result,
2916 DEVICE_NATIVE_ENDIAN);
2917 }
2918
2919 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
2920 MemTxAttrs attrs, MemTxResult *result)
2921 {
2922 return address_space_ldq_internal(as, addr, attrs, result,
2923 DEVICE_LITTLE_ENDIAN);
2924 }
2925
2926 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
2927 MemTxAttrs attrs, MemTxResult *result)
2928 {
2929 return address_space_ldq_internal(as, addr, attrs, result,
2930 DEVICE_BIG_ENDIAN);
2931 }
2932
2933 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
2934 {
2935 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2936 }
2937
2938 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
2939 {
2940 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2941 }
2942
2943 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
2944 {
2945 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2946 }
2947
2948 /* XXX: optimize */
2949 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
2950 MemTxAttrs attrs, MemTxResult *result)
2951 {
2952 uint8_t val;
2953 MemTxResult r;
2954
2955 r = address_space_rw(as, addr, attrs, &val, 1, 0);
2956 if (result) {
2957 *result = r;
2958 }
2959 return val;
2960 }
2961
2962 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
2963 {
2964 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2965 }
2966
2967 /* warning: addr must be aligned */
2968 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
2969 hwaddr addr,
2970 MemTxAttrs attrs,
2971 MemTxResult *result,
2972 enum device_endian endian)
2973 {
2974 uint8_t *ptr;
2975 uint64_t val;
2976 MemoryRegion *mr;
2977 hwaddr l = 2;
2978 hwaddr addr1;
2979 MemTxResult r;
2980 bool release_lock = false;
2981
2982 rcu_read_lock();
2983 mr = address_space_translate(as, addr, &addr1, &l,
2984 false);
2985 if (l < 2 || !memory_access_is_direct(mr, false)) {
2986 release_lock |= prepare_mmio_access(mr);
2987
2988 /* I/O case */
2989 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
2990 #if defined(TARGET_WORDS_BIGENDIAN)
2991 if (endian == DEVICE_LITTLE_ENDIAN) {
2992 val = bswap16(val);
2993 }
2994 #else
2995 if (endian == DEVICE_BIG_ENDIAN) {
2996 val = bswap16(val);
2997 }
2998 #endif
2999 } else {
3000 /* RAM case */
3001 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3002 & TARGET_PAGE_MASK)
3003 + addr1);
3004 switch (endian) {
3005 case DEVICE_LITTLE_ENDIAN:
3006 val = lduw_le_p(ptr);
3007 break;
3008 case DEVICE_BIG_ENDIAN:
3009 val = lduw_be_p(ptr);
3010 break;
3011 default:
3012 val = lduw_p(ptr);
3013 break;
3014 }
3015 r = MEMTX_OK;
3016 }
3017 if (result) {
3018 *result = r;
3019 }
3020 if (release_lock) {
3021 qemu_mutex_unlock_iothread();
3022 }
3023 rcu_read_unlock();
3024 return val;
3025 }
3026
3027 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3028 MemTxAttrs attrs, MemTxResult *result)
3029 {
3030 return address_space_lduw_internal(as, addr, attrs, result,
3031 DEVICE_NATIVE_ENDIAN);
3032 }
3033
3034 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3035 MemTxAttrs attrs, MemTxResult *result)
3036 {
3037 return address_space_lduw_internal(as, addr, attrs, result,
3038 DEVICE_LITTLE_ENDIAN);
3039 }
3040
3041 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3042 MemTxAttrs attrs, MemTxResult *result)
3043 {
3044 return address_space_lduw_internal(as, addr, attrs, result,
3045 DEVICE_BIG_ENDIAN);
3046 }
3047
3048 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3049 {
3050 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3051 }
3052
3053 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3054 {
3055 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3056 }
3057
3058 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3059 {
3060 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3061 }
3062
3063 /* warning: addr must be aligned. The ram page is not masked as dirty
3064 and the code inside is not invalidated. It is useful if the dirty
3065 bits are used to track modified PTEs */
3066 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3067 MemTxAttrs attrs, MemTxResult *result)
3068 {
3069 uint8_t *ptr;
3070 MemoryRegion *mr;
3071 hwaddr l = 4;
3072 hwaddr addr1;
3073 MemTxResult r;
3074 uint8_t dirty_log_mask;
3075 bool release_lock = false;
3076
3077 rcu_read_lock();
3078 mr = address_space_translate(as, addr, &addr1, &l,
3079 true);
3080 if (l < 4 || !memory_access_is_direct(mr, true)) {
3081 release_lock |= prepare_mmio_access(mr);
3082
3083 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3084 } else {
3085 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3086 ptr = qemu_get_ram_ptr(addr1);
3087 stl_p(ptr, val);
3088
3089 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3090 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3091 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3092 r = MEMTX_OK;
3093 }
3094 if (result) {
3095 *result = r;
3096 }
3097 if (release_lock) {
3098 qemu_mutex_unlock_iothread();
3099 }
3100 rcu_read_unlock();
3101 }
3102
3103 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3104 {
3105 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3106 }
3107
3108 /* warning: addr must be aligned */
3109 static inline void address_space_stl_internal(AddressSpace *as,
3110 hwaddr addr, uint32_t val,
3111 MemTxAttrs attrs,
3112 MemTxResult *result,
3113 enum device_endian endian)
3114 {
3115 uint8_t *ptr;
3116 MemoryRegion *mr;
3117 hwaddr l = 4;
3118 hwaddr addr1;
3119 MemTxResult r;
3120 bool release_lock = false;
3121
3122 rcu_read_lock();
3123 mr = address_space_translate(as, addr, &addr1, &l,
3124 true);
3125 if (l < 4 || !memory_access_is_direct(mr, true)) {
3126 release_lock |= prepare_mmio_access(mr);
3127
3128 #if defined(TARGET_WORDS_BIGENDIAN)
3129 if (endian == DEVICE_LITTLE_ENDIAN) {
3130 val = bswap32(val);
3131 }
3132 #else
3133 if (endian == DEVICE_BIG_ENDIAN) {
3134 val = bswap32(val);
3135 }
3136 #endif
3137 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3138 } else {
3139 /* RAM case */
3140 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3141 ptr = qemu_get_ram_ptr(addr1);
3142 switch (endian) {
3143 case DEVICE_LITTLE_ENDIAN:
3144 stl_le_p(ptr, val);
3145 break;
3146 case DEVICE_BIG_ENDIAN:
3147 stl_be_p(ptr, val);
3148 break;
3149 default:
3150 stl_p(ptr, val);
3151 break;
3152 }
3153 invalidate_and_set_dirty(mr, addr1, 4);
3154 r = MEMTX_OK;
3155 }
3156 if (result) {
3157 *result = r;
3158 }
3159 if (release_lock) {
3160 qemu_mutex_unlock_iothread();
3161 }
3162 rcu_read_unlock();
3163 }
3164
3165 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3166 MemTxAttrs attrs, MemTxResult *result)
3167 {
3168 address_space_stl_internal(as, addr, val, attrs, result,
3169 DEVICE_NATIVE_ENDIAN);
3170 }
3171
3172 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3173 MemTxAttrs attrs, MemTxResult *result)
3174 {
3175 address_space_stl_internal(as, addr, val, attrs, result,
3176 DEVICE_LITTLE_ENDIAN);
3177 }
3178
3179 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3180 MemTxAttrs attrs, MemTxResult *result)
3181 {
3182 address_space_stl_internal(as, addr, val, attrs, result,
3183 DEVICE_BIG_ENDIAN);
3184 }
3185
3186 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3187 {
3188 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3189 }
3190
3191 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3192 {
3193 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3194 }
3195
3196 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3197 {
3198 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3199 }
3200
3201 /* XXX: optimize */
3202 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3203 MemTxAttrs attrs, MemTxResult *result)
3204 {
3205 uint8_t v = val;
3206 MemTxResult r;
3207
3208 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3209 if (result) {
3210 *result = r;
3211 }
3212 }
3213
3214 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3215 {
3216 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3217 }
3218
3219 /* warning: addr must be aligned */
3220 static inline void address_space_stw_internal(AddressSpace *as,
3221 hwaddr addr, uint32_t val,
3222 MemTxAttrs attrs,
3223 MemTxResult *result,
3224 enum device_endian endian)
3225 {
3226 uint8_t *ptr;
3227 MemoryRegion *mr;
3228 hwaddr l = 2;
3229 hwaddr addr1;
3230 MemTxResult r;
3231 bool release_lock = false;
3232
3233 rcu_read_lock();
3234 mr = address_space_translate(as, addr, &addr1, &l, true);
3235 if (l < 2 || !memory_access_is_direct(mr, true)) {
3236 release_lock |= prepare_mmio_access(mr);
3237
3238 #if defined(TARGET_WORDS_BIGENDIAN)
3239 if (endian == DEVICE_LITTLE_ENDIAN) {
3240 val = bswap16(val);
3241 }
3242 #else
3243 if (endian == DEVICE_BIG_ENDIAN) {
3244 val = bswap16(val);
3245 }
3246 #endif
3247 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3248 } else {
3249 /* RAM case */
3250 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3251 ptr = qemu_get_ram_ptr(addr1);
3252 switch (endian) {
3253 case DEVICE_LITTLE_ENDIAN:
3254 stw_le_p(ptr, val);
3255 break;
3256 case DEVICE_BIG_ENDIAN:
3257 stw_be_p(ptr, val);
3258 break;
3259 default:
3260 stw_p(ptr, val);
3261 break;
3262 }
3263 invalidate_and_set_dirty(mr, addr1, 2);
3264 r = MEMTX_OK;
3265 }
3266 if (result) {
3267 *result = r;
3268 }
3269 if (release_lock) {
3270 qemu_mutex_unlock_iothread();
3271 }
3272 rcu_read_unlock();
3273 }
3274
3275 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3276 MemTxAttrs attrs, MemTxResult *result)
3277 {
3278 address_space_stw_internal(as, addr, val, attrs, result,
3279 DEVICE_NATIVE_ENDIAN);
3280 }
3281
3282 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3283 MemTxAttrs attrs, MemTxResult *result)
3284 {
3285 address_space_stw_internal(as, addr, val, attrs, result,
3286 DEVICE_LITTLE_ENDIAN);
3287 }
3288
3289 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3290 MemTxAttrs attrs, MemTxResult *result)
3291 {
3292 address_space_stw_internal(as, addr, val, attrs, result,
3293 DEVICE_BIG_ENDIAN);
3294 }
3295
3296 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3297 {
3298 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3299 }
3300
3301 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3302 {
3303 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3304 }
3305
3306 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3307 {
3308 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3309 }
3310
3311 /* XXX: optimize */
3312 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3313 MemTxAttrs attrs, MemTxResult *result)
3314 {
3315 MemTxResult r;
3316 val = tswap64(val);
3317 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3318 if (result) {
3319 *result = r;
3320 }
3321 }
3322
3323 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3324 MemTxAttrs attrs, MemTxResult *result)
3325 {
3326 MemTxResult r;
3327 val = cpu_to_le64(val);
3328 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3329 if (result) {
3330 *result = r;
3331 }
3332 }
3333 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3334 MemTxAttrs attrs, MemTxResult *result)
3335 {
3336 MemTxResult r;
3337 val = cpu_to_be64(val);
3338 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3339 if (result) {
3340 *result = r;
3341 }
3342 }
3343
3344 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3345 {
3346 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3347 }
3348
3349 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3350 {
3351 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3352 }
3353
3354 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3355 {
3356 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3357 }
3358
3359 /* virtual memory access for debug (includes writing to ROM) */
3360 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3361 uint8_t *buf, int len, int is_write)
3362 {
3363 int l;
3364 hwaddr phys_addr;
3365 target_ulong page;
3366
3367 while (len > 0) {
3368 page = addr & TARGET_PAGE_MASK;
3369 phys_addr = cpu_get_phys_page_debug(cpu, page);
3370 /* if no physical page mapped, return an error */
3371 if (phys_addr == -1)
3372 return -1;
3373 l = (page + TARGET_PAGE_SIZE) - addr;
3374 if (l > len)
3375 l = len;
3376 phys_addr += (addr & ~TARGET_PAGE_MASK);
3377 if (is_write) {
3378 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3379 } else {
3380 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3381 buf, l, 0);
3382 }
3383 len -= l;
3384 buf += l;
3385 addr += l;
3386 }
3387 return 0;
3388 }
3389 #endif
3390
3391 /*
3392 * A helper function for the _utterly broken_ virtio device model to find out if
3393 * it's running on a big endian machine. Don't do this at home kids!
3394 */
3395 bool target_words_bigendian(void);
3396 bool target_words_bigendian(void)
3397 {
3398 #if defined(TARGET_WORDS_BIGENDIAN)
3399 return true;
3400 #else
3401 return false;
3402 #endif
3403 }
3404
3405 #ifndef CONFIG_USER_ONLY
3406 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3407 {
3408 MemoryRegion*mr;
3409 hwaddr l = 1;
3410 bool res;
3411
3412 rcu_read_lock();
3413 mr = address_space_translate(&address_space_memory,
3414 phys_addr, &phys_addr, &l, false);
3415
3416 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3417 rcu_read_unlock();
3418 return res;
3419 }
3420
3421 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3422 {
3423 RAMBlock *block;
3424 int ret = 0;
3425
3426 rcu_read_lock();
3427 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3428 ret = func(block->idstr, block->host, block->offset,
3429 block->used_length, opaque);
3430 if (ret) {
3431 break;
3432 }
3433 }
3434 rcu_read_unlock();
3435 return ret;
3436 }
3437 #endif
QEmu