4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
23 #include <sys/types.h>
27 #include "qemu-common.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "sysemu/sysemu.h"
35 #include "hw/xen/xen.h"
36 #include "qemu/timer.h"
37 #include "qemu/config-file.h"
38 #include "exec/memory.h"
39 #include "sysemu/dma.h"
40 #include "exec/address-spaces.h"
41 #if defined(CONFIG_USER_ONLY)
43 #else /* !CONFIG_USER_ONLY */
44 #include "sysemu/xen-mapcache.h"
47 #include "exec/cpu-all.h"
49 #include "exec/cputlb.h"
50 #include "translate-all.h"
52 #include "exec/memory-internal.h"
54 //#define DEBUG_SUBPAGE
56 #if !defined(CONFIG_USER_ONLY)
57 static int in_migration
;
59 RAMList ram_list
= { .blocks
= QTAILQ_HEAD_INITIALIZER(ram_list
.blocks
) };
61 static MemoryRegion
*system_memory
;
62 static MemoryRegion
*system_io
;
64 AddressSpace address_space_io
;
65 AddressSpace address_space_memory
;
67 MemoryRegion io_mem_rom
, io_mem_notdirty
;
68 static MemoryRegion io_mem_unassigned
;
72 struct CPUTailQ cpus
= QTAILQ_HEAD_INITIALIZER(cpus
);
73 /* current CPU in the current thread. It is only valid inside
75 DEFINE_TLS(CPUState
*, current_cpu
);
76 /* 0 = Do not count executed instructions.
77 1 = Precise instruction counting.
78 2 = Adaptive rate instruction counting. */
81 #if !defined(CONFIG_USER_ONLY)
83 typedef struct PhysPageEntry PhysPageEntry
;
85 struct PhysPageEntry
{
87 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
91 typedef PhysPageEntry Node
[L2_SIZE
];
93 struct AddressSpaceDispatch
{
94 /* This is a multi-level map on the physical address space.
95 * The bottom level has pointers to MemoryRegionSections.
97 PhysPageEntry phys_map
;
99 MemoryRegionSection
*sections
;
103 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
104 typedef struct subpage_t
{
108 uint16_t sub_section
[TARGET_PAGE_SIZE
];
111 #define PHYS_SECTION_UNASSIGNED 0
112 #define PHYS_SECTION_NOTDIRTY 1
113 #define PHYS_SECTION_ROM 2
114 #define PHYS_SECTION_WATCH 3
116 typedef struct PhysPageMap
{
117 unsigned sections_nb
;
118 unsigned sections_nb_alloc
;
120 unsigned nodes_nb_alloc
;
122 MemoryRegionSection
*sections
;
125 static PhysPageMap
*prev_map
;
126 static PhysPageMap next_map
;
128 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
130 static void io_mem_init(void);
131 static void memory_map_init(void);
133 static MemoryRegion io_mem_watch
;
136 #if !defined(CONFIG_USER_ONLY)
138 static void phys_map_node_reserve(unsigned nodes
)
140 if (next_map
.nodes_nb
+ nodes
> next_map
.nodes_nb_alloc
) {
141 next_map
.nodes_nb_alloc
= MAX(next_map
.nodes_nb_alloc
* 2,
143 next_map
.nodes_nb_alloc
= MAX(next_map
.nodes_nb_alloc
,
144 next_map
.nodes_nb
+ nodes
);
145 next_map
.nodes
= g_renew(Node
, next_map
.nodes
,
146 next_map
.nodes_nb_alloc
);
150 static uint16_t phys_map_node_alloc(void)
155 ret
= next_map
.nodes_nb
++;
156 assert(ret
!= PHYS_MAP_NODE_NIL
);
157 assert(ret
!= next_map
.nodes_nb_alloc
);
158 for (i
= 0; i
< L2_SIZE
; ++i
) {
159 next_map
.nodes
[ret
][i
].is_leaf
= 0;
160 next_map
.nodes
[ret
][i
].ptr
= PHYS_MAP_NODE_NIL
;
165 static void phys_page_set_level(PhysPageEntry
*lp
, hwaddr
*index
,
166 hwaddr
*nb
, uint16_t leaf
,
171 hwaddr step
= (hwaddr
)1 << (level
* L2_BITS
);
173 if (!lp
->is_leaf
&& lp
->ptr
== PHYS_MAP_NODE_NIL
) {
174 lp
->ptr
= phys_map_node_alloc();
175 p
= next_map
.nodes
[lp
->ptr
];
177 for (i
= 0; i
< L2_SIZE
; i
++) {
179 p
[i
].ptr
= PHYS_SECTION_UNASSIGNED
;
183 p
= next_map
.nodes
[lp
->ptr
];
185 lp
= &p
[(*index
>> (level
* L2_BITS
)) & (L2_SIZE
- 1)];
187 while (*nb
&& lp
< &p
[L2_SIZE
]) {
188 if ((*index
& (step
- 1)) == 0 && *nb
>= step
) {
194 phys_page_set_level(lp
, index
, nb
, leaf
, level
- 1);
200 static void phys_page_set(AddressSpaceDispatch
*d
,
201 hwaddr index
, hwaddr nb
,
204 /* Wildly overreserve - it doesn't matter much. */
205 phys_map_node_reserve(3 * P_L2_LEVELS
);
207 phys_page_set_level(&d
->phys_map
, &index
, &nb
, leaf
, P_L2_LEVELS
- 1);
210 static MemoryRegionSection
*phys_page_find(PhysPageEntry lp
, hwaddr index
,
211 Node
*nodes
, MemoryRegionSection
*sections
)
216 for (i
= P_L2_LEVELS
- 1; i
>= 0 && !lp
.is_leaf
; i
--) {
217 if (lp
.ptr
== PHYS_MAP_NODE_NIL
) {
218 return §ions
[PHYS_SECTION_UNASSIGNED
];
221 lp
= p
[(index
>> (i
* L2_BITS
)) & (L2_SIZE
- 1)];
223 return §ions
[lp
.ptr
];
226 bool memory_region_is_unassigned(MemoryRegion
*mr
)
228 return mr
!= &io_mem_rom
&& mr
!= &io_mem_notdirty
&& !mr
->rom_device
229 && mr
!= &io_mem_watch
;
232 static MemoryRegionSection
*address_space_lookup_region(AddressSpaceDispatch
*d
,
234 bool resolve_subpage
)
236 MemoryRegionSection
*section
;
239 section
= phys_page_find(d
->phys_map
, addr
>> TARGET_PAGE_BITS
,
240 d
->nodes
, d
->sections
);
241 if (resolve_subpage
&& section
->mr
->subpage
) {
242 subpage
= container_of(section
->mr
, subpage_t
, iomem
);
243 section
= &d
->sections
[subpage
->sub_section
[SUBPAGE_IDX(addr
)]];
248 static MemoryRegionSection
*
249 address_space_translate_internal(AddressSpaceDispatch
*d
, hwaddr addr
, hwaddr
*xlat
,
250 hwaddr
*plen
, bool resolve_subpage
)
252 MemoryRegionSection
*section
;
255 section
= address_space_lookup_region(d
, addr
, resolve_subpage
);
256 /* Compute offset within MemoryRegionSection */
257 addr
-= section
->offset_within_address_space
;
259 /* Compute offset within MemoryRegion */
260 *xlat
= addr
+ section
->offset_within_region
;
262 diff
= int128_sub(section
->mr
->size
, int128_make64(addr
));
263 *plen
= int128_get64(int128_min(diff
, int128_make64(*plen
)));
267 MemoryRegion
*address_space_translate(AddressSpace
*as
, hwaddr addr
,
268 hwaddr
*xlat
, hwaddr
*plen
,
272 MemoryRegionSection
*section
;
277 section
= address_space_translate_internal(as
->dispatch
, addr
, &addr
, plen
, true);
280 if (!mr
->iommu_ops
) {
284 iotlb
= mr
->iommu_ops
->translate(mr
, addr
);
285 addr
= ((iotlb
.translated_addr
& ~iotlb
.addr_mask
)
286 | (addr
& iotlb
.addr_mask
));
287 len
= MIN(len
, (addr
| iotlb
.addr_mask
) - addr
+ 1);
288 if (!(iotlb
.perm
& (1 << is_write
))) {
289 mr
= &io_mem_unassigned
;
293 as
= iotlb
.target_as
;
301 MemoryRegionSection
*
302 address_space_translate_for_iotlb(AddressSpace
*as
, hwaddr addr
, hwaddr
*xlat
,
305 MemoryRegionSection
*section
;
306 section
= address_space_translate_internal(as
->dispatch
, addr
, xlat
, plen
, false);
308 assert(!section
->mr
->iommu_ops
);
313 void cpu_exec_init_all(void)
315 #if !defined(CONFIG_USER_ONLY)
316 qemu_mutex_init(&ram_list
.mutex
);
322 #if !defined(CONFIG_USER_ONLY)
324 static int cpu_common_post_load(void *opaque
, int version_id
)
326 CPUState
*cpu
= opaque
;
328 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
329 version_id is increased. */
330 cpu
->interrupt_request
&= ~0x01;
331 tlb_flush(cpu
->env_ptr
, 1);
336 const VMStateDescription vmstate_cpu_common
= {
337 .name
= "cpu_common",
339 .minimum_version_id
= 1,
340 .minimum_version_id_old
= 1,
341 .post_load
= cpu_common_post_load
,
342 .fields
= (VMStateField
[]) {
343 VMSTATE_UINT32(halted
, CPUState
),
344 VMSTATE_UINT32(interrupt_request
, CPUState
),
345 VMSTATE_END_OF_LIST()
351 CPUState
*qemu_get_cpu(int index
)
356 if (cpu
->cpu_index
== index
) {
364 void cpu_exec_init(CPUArchState
*env
)
366 CPUState
*cpu
= ENV_GET_CPU(env
);
367 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
371 #if defined(CONFIG_USER_ONLY)
375 CPU_FOREACH(some_cpu
) {
378 cpu
->cpu_index
= cpu_index
;
380 QTAILQ_INIT(&env
->breakpoints
);
381 QTAILQ_INIT(&env
->watchpoints
);
382 #ifndef CONFIG_USER_ONLY
383 cpu
->thread_id
= qemu_get_thread_id();
385 QTAILQ_INSERT_TAIL(&cpus
, cpu
, node
);
386 #if defined(CONFIG_USER_ONLY)
389 if (qdev_get_vmsd(DEVICE(cpu
)) == NULL
) {
390 vmstate_register(NULL
, cpu_index
, &vmstate_cpu_common
, cpu
);
392 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
393 register_savevm(NULL
, "cpu", cpu_index
, CPU_SAVE_VERSION
,
394 cpu_save
, cpu_load
, env
);
395 assert(cc
->vmsd
== NULL
);
396 assert(qdev_get_vmsd(DEVICE(cpu
)) == NULL
);
398 if (cc
->vmsd
!= NULL
) {
399 vmstate_register(NULL
, cpu_index
, cc
->vmsd
, cpu
);
403 #if defined(TARGET_HAS_ICE)
404 #if defined(CONFIG_USER_ONLY)
405 static void breakpoint_invalidate(CPUState
*cpu
, target_ulong pc
)
407 tb_invalidate_phys_page_range(pc
, pc
+ 1, 0);
410 static void breakpoint_invalidate(CPUState
*cpu
, target_ulong pc
)
412 tb_invalidate_phys_addr(cpu_get_phys_page_debug(cpu
, pc
) |
413 (pc
& ~TARGET_PAGE_MASK
));
416 #endif /* TARGET_HAS_ICE */
418 #if defined(CONFIG_USER_ONLY)
419 void cpu_watchpoint_remove_all(CPUArchState
*env
, int mask
)
424 int cpu_watchpoint_insert(CPUArchState
*env
, target_ulong addr
, target_ulong len
,
425 int flags
, CPUWatchpoint
**watchpoint
)
430 /* Add a watchpoint. */
431 int cpu_watchpoint_insert(CPUArchState
*env
, target_ulong addr
, target_ulong len
,
432 int flags
, CPUWatchpoint
**watchpoint
)
434 target_ulong len_mask
= ~(len
- 1);
437 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
438 if ((len
& (len
- 1)) || (addr
& ~len_mask
) ||
439 len
== 0 || len
> TARGET_PAGE_SIZE
) {
440 fprintf(stderr
, "qemu: tried to set invalid watchpoint at "
441 TARGET_FMT_lx
", len=" TARGET_FMT_lu
"\n", addr
, len
);
444 wp
= g_malloc(sizeof(*wp
));
447 wp
->len_mask
= len_mask
;
450 /* keep all GDB-injected watchpoints in front */
452 QTAILQ_INSERT_HEAD(&env
->watchpoints
, wp
, entry
);
454 QTAILQ_INSERT_TAIL(&env
->watchpoints
, wp
, entry
);
456 tlb_flush_page(env
, addr
);
463 /* Remove a specific watchpoint. */
464 int cpu_watchpoint_remove(CPUArchState
*env
, target_ulong addr
, target_ulong len
,
467 target_ulong len_mask
= ~(len
- 1);
470 QTAILQ_FOREACH(wp
, &env
->watchpoints
, entry
) {
471 if (addr
== wp
->vaddr
&& len_mask
== wp
->len_mask
472 && flags
== (wp
->flags
& ~BP_WATCHPOINT_HIT
)) {
473 cpu_watchpoint_remove_by_ref(env
, wp
);
480 /* Remove a specific watchpoint by reference. */
481 void cpu_watchpoint_remove_by_ref(CPUArchState
*env
, CPUWatchpoint
*watchpoint
)
483 QTAILQ_REMOVE(&env
->watchpoints
, watchpoint
, entry
);
485 tlb_flush_page(env
, watchpoint
->vaddr
);
490 /* Remove all matching watchpoints. */
491 void cpu_watchpoint_remove_all(CPUArchState
*env
, int mask
)
493 CPUWatchpoint
*wp
, *next
;
495 QTAILQ_FOREACH_SAFE(wp
, &env
->watchpoints
, entry
, next
) {
496 if (wp
->flags
& mask
)
497 cpu_watchpoint_remove_by_ref(env
, wp
);
502 /* Add a breakpoint. */
503 int cpu_breakpoint_insert(CPUArchState
*env
, target_ulong pc
, int flags
,
504 CPUBreakpoint
**breakpoint
)
506 #if defined(TARGET_HAS_ICE)
509 bp
= g_malloc(sizeof(*bp
));
514 /* keep all GDB-injected breakpoints in front */
515 if (flags
& BP_GDB
) {
516 QTAILQ_INSERT_HEAD(&env
->breakpoints
, bp
, entry
);
518 QTAILQ_INSERT_TAIL(&env
->breakpoints
, bp
, entry
);
521 breakpoint_invalidate(ENV_GET_CPU(env
), pc
);
532 /* Remove a specific breakpoint. */
533 int cpu_breakpoint_remove(CPUArchState
*env
, target_ulong pc
, int flags
)
535 #if defined(TARGET_HAS_ICE)
538 QTAILQ_FOREACH(bp
, &env
->breakpoints
, entry
) {
539 if (bp
->pc
== pc
&& bp
->flags
== flags
) {
540 cpu_breakpoint_remove_by_ref(env
, bp
);
550 /* Remove a specific breakpoint by reference. */
551 void cpu_breakpoint_remove_by_ref(CPUArchState
*env
, CPUBreakpoint
*breakpoint
)
553 #if defined(TARGET_HAS_ICE)
554 QTAILQ_REMOVE(&env
->breakpoints
, breakpoint
, entry
);
556 breakpoint_invalidate(ENV_GET_CPU(env
), breakpoint
->pc
);
562 /* Remove all matching breakpoints. */
563 void cpu_breakpoint_remove_all(CPUArchState
*env
, int mask
)
565 #if defined(TARGET_HAS_ICE)
566 CPUBreakpoint
*bp
, *next
;
568 QTAILQ_FOREACH_SAFE(bp
, &env
->breakpoints
, entry
, next
) {
569 if (bp
->flags
& mask
)
570 cpu_breakpoint_remove_by_ref(env
, bp
);
575 /* enable or disable single step mode. EXCP_DEBUG is returned by the
576 CPU loop after each instruction */
577 void cpu_single_step(CPUState
*cpu
, int enabled
)
579 #if defined(TARGET_HAS_ICE)
580 if (cpu
->singlestep_enabled
!= enabled
) {
581 cpu
->singlestep_enabled
= enabled
;
583 kvm_update_guest_debug(cpu
, 0);
585 /* must flush all the translated code to avoid inconsistencies */
586 /* XXX: only flush what is necessary */
587 CPUArchState
*env
= cpu
->env_ptr
;
594 void cpu_abort(CPUArchState
*env
, const char *fmt
, ...)
596 CPUState
*cpu
= ENV_GET_CPU(env
);
602 fprintf(stderr
, "qemu: fatal: ");
603 vfprintf(stderr
, fmt
, ap
);
604 fprintf(stderr
, "\n");
605 cpu_dump_state(cpu
, stderr
, fprintf
, CPU_DUMP_FPU
| CPU_DUMP_CCOP
);
606 if (qemu_log_enabled()) {
607 qemu_log("qemu: fatal: ");
608 qemu_log_vprintf(fmt
, ap2
);
610 log_cpu_state(cpu
, CPU_DUMP_FPU
| CPU_DUMP_CCOP
);
616 #if defined(CONFIG_USER_ONLY)
618 struct sigaction act
;
619 sigfillset(&act
.sa_mask
);
620 act
.sa_handler
= SIG_DFL
;
621 sigaction(SIGABRT
, &act
, NULL
);
627 #if !defined(CONFIG_USER_ONLY)
628 static RAMBlock
*qemu_get_ram_block(ram_addr_t addr
)
632 /* The list is protected by the iothread lock here. */
633 block
= ram_list
.mru_block
;
634 if (block
&& addr
- block
->offset
< block
->length
) {
637 QTAILQ_FOREACH(block
, &ram_list
.blocks
, next
) {
638 if (addr
- block
->offset
< block
->length
) {
643 fprintf(stderr
, "Bad ram offset %" PRIx64
"\n", (uint64_t)addr
);
647 ram_list
.mru_block
= block
;
651 static void tlb_reset_dirty_range_all(ram_addr_t start
, ram_addr_t end
,
657 block
= qemu_get_ram_block(start
);
658 assert(block
== qemu_get_ram_block(end
- 1));
659 start1
= (uintptr_t)block
->host
+ (start
- block
->offset
);
660 cpu_tlb_reset_dirty_all(start1
, length
);
663 /* Note: start and end must be within the same ram block. */
664 void cpu_physical_memory_reset_dirty(ram_addr_t start
, ram_addr_t end
,
669 start
&= TARGET_PAGE_MASK
;
670 end
= TARGET_PAGE_ALIGN(end
);
672 length
= end
- start
;
675 cpu_physical_memory_mask_dirty_range(start
, length
, dirty_flags
);
678 tlb_reset_dirty_range_all(start
, end
, length
);
682 static int cpu_physical_memory_set_dirty_tracking(int enable
)
685 in_migration
= enable
;
689 hwaddr
memory_region_section_get_iotlb(CPUArchState
*env
,
690 MemoryRegionSection
*section
,
692 hwaddr paddr
, hwaddr xlat
,
694 target_ulong
*address
)
699 if (memory_region_is_ram(section
->mr
)) {
701 iotlb
= (memory_region_get_ram_addr(section
->mr
) & TARGET_PAGE_MASK
)
703 if (!section
->readonly
) {
704 iotlb
|= PHYS_SECTION_NOTDIRTY
;
706 iotlb
|= PHYS_SECTION_ROM
;
709 iotlb
= section
- address_space_memory
.dispatch
->sections
;
713 /* Make accesses to pages with watchpoints go via the
714 watchpoint trap routines. */
715 QTAILQ_FOREACH(wp
, &env
->watchpoints
, entry
) {
716 if (vaddr
== (wp
->vaddr
& TARGET_PAGE_MASK
)) {
717 /* Avoid trapping reads of pages with a write breakpoint. */
718 if ((prot
& PAGE_WRITE
) || (wp
->flags
& BP_MEM_READ
)) {
719 iotlb
= PHYS_SECTION_WATCH
+ paddr
;
720 *address
|= TLB_MMIO
;
728 #endif /* defined(CONFIG_USER_ONLY) */
730 #if !defined(CONFIG_USER_ONLY)
732 static int subpage_register (subpage_t
*mmio
, uint32_t start
, uint32_t end
,
734 static subpage_t
*subpage_init(AddressSpace
*as
, hwaddr base
);
736 static void *(*phys_mem_alloc
)(size_t size
) = qemu_anon_ram_alloc
;
739 * Set a custom physical guest memory alloator.
740 * Accelerators with unusual needs may need this. Hopefully, we can
741 * get rid of it eventually.
743 void phys_mem_set_alloc(void *(*alloc
)(size_t))
745 phys_mem_alloc
= alloc
;
748 static uint16_t phys_section_add(MemoryRegionSection
*section
)
750 /* The physical section number is ORed with a page-aligned
751 * pointer to produce the iotlb entries. Thus it should
752 * never overflow into the page-aligned value.
754 assert(next_map
.sections_nb
< TARGET_PAGE_SIZE
);
756 if (next_map
.sections_nb
== next_map
.sections_nb_alloc
) {
757 next_map
.sections_nb_alloc
= MAX(next_map
.sections_nb_alloc
* 2,
759 next_map
.sections
= g_renew(MemoryRegionSection
, next_map
.sections
,
760 next_map
.sections_nb_alloc
);
762 next_map
.sections
[next_map
.sections_nb
] = *section
;
763 memory_region_ref(section
->mr
);
764 return next_map
.sections_nb
++;
767 static void phys_section_destroy(MemoryRegion
*mr
)
769 memory_region_unref(mr
);
772 subpage_t
*subpage
= container_of(mr
, subpage_t
, iomem
);
773 memory_region_destroy(&subpage
->iomem
);
778 static void phys_sections_free(PhysPageMap
*map
)
780 while (map
->sections_nb
> 0) {
781 MemoryRegionSection
*section
= &map
->sections
[--map
->sections_nb
];
782 phys_section_destroy(section
->mr
);
784 g_free(map
->sections
);
789 static void register_subpage(AddressSpaceDispatch
*d
, MemoryRegionSection
*section
)
792 hwaddr base
= section
->offset_within_address_space
794 MemoryRegionSection
*existing
= phys_page_find(d
->phys_map
, base
>> TARGET_PAGE_BITS
,
795 next_map
.nodes
, next_map
.sections
);
796 MemoryRegionSection subsection
= {
797 .offset_within_address_space
= base
,
798 .size
= int128_make64(TARGET_PAGE_SIZE
),
802 assert(existing
->mr
->subpage
|| existing
->mr
== &io_mem_unassigned
);
804 if (!(existing
->mr
->subpage
)) {
805 subpage
= subpage_init(d
->as
, base
);
806 subsection
.mr
= &subpage
->iomem
;
807 phys_page_set(d
, base
>> TARGET_PAGE_BITS
, 1,
808 phys_section_add(&subsection
));
810 subpage
= container_of(existing
->mr
, subpage_t
, iomem
);
812 start
= section
->offset_within_address_space
& ~TARGET_PAGE_MASK
;
813 end
= start
+ int128_get64(section
->size
) - 1;
814 subpage_register(subpage
, start
, end
, phys_section_add(section
));
818 static void register_multipage(AddressSpaceDispatch
*d
,
819 MemoryRegionSection
*section
)
821 hwaddr start_addr
= section
->offset_within_address_space
;
822 uint16_t section_index
= phys_section_add(section
);
823 uint64_t num_pages
= int128_get64(int128_rshift(section
->size
,
827 phys_page_set(d
, start_addr
>> TARGET_PAGE_BITS
, num_pages
, section_index
);
830 static void mem_add(MemoryListener
*listener
, MemoryRegionSection
*section
)
832 AddressSpace
*as
= container_of(listener
, AddressSpace
, dispatch_listener
);
833 AddressSpaceDispatch
*d
= as
->next_dispatch
;
834 MemoryRegionSection now
= *section
, remain
= *section
;
835 Int128 page_size
= int128_make64(TARGET_PAGE_SIZE
);
837 if (now
.offset_within_address_space
& ~TARGET_PAGE_MASK
) {
838 uint64_t left
= TARGET_PAGE_ALIGN(now
.offset_within_address_space
)
839 - now
.offset_within_address_space
;
841 now
.size
= int128_min(int128_make64(left
), now
.size
);
842 register_subpage(d
, &now
);
844 now
.size
= int128_zero();
846 while (int128_ne(remain
.size
, now
.size
)) {
847 remain
.size
= int128_sub(remain
.size
, now
.size
);
848 remain
.offset_within_address_space
+= int128_get64(now
.size
);
849 remain
.offset_within_region
+= int128_get64(now
.size
);
851 if (int128_lt(remain
.size
, page_size
)) {
852 register_subpage(d
, &now
);
853 } else if (remain
.offset_within_address_space
& ~TARGET_PAGE_MASK
) {
854 now
.size
= page_size
;
855 register_subpage(d
, &now
);
857 now
.size
= int128_and(now
.size
, int128_neg(page_size
));
858 register_multipage(d
, &now
);
863 void qemu_flush_coalesced_mmio_buffer(void)
866 kvm_flush_coalesced_mmio_buffer();
869 void qemu_mutex_lock_ramlist(void)
871 qemu_mutex_lock(&ram_list
.mutex
);
874 void qemu_mutex_unlock_ramlist(void)
876 qemu_mutex_unlock(&ram_list
.mutex
);
883 #define HUGETLBFS_MAGIC 0x958458f6
885 static long gethugepagesize(const char *path
)
891 ret
= statfs(path
, &fs
);
892 } while (ret
!= 0 && errno
== EINTR
);
899 if (fs
.f_type
!= HUGETLBFS_MAGIC
)
900 fprintf(stderr
, "Warning: path not on HugeTLBFS: %s\n", path
);
905 static void *file_ram_alloc(RAMBlock
*block
,
910 char *sanitized_name
;
917 unsigned long hpagesize
;
919 hpagesize
= gethugepagesize(path
);
924 if (memory
< hpagesize
) {
928 if (kvm_enabled() && !kvm_has_sync_mmu()) {
929 fprintf(stderr
, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
933 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
934 sanitized_name
= g_strdup(block
->mr
->name
);
935 for (c
= sanitized_name
; *c
!= '\0'; c
++) {
940 filename
= g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path
,
942 g_free(sanitized_name
);
944 fd
= mkstemp(filename
);
946 perror("unable to create backing store for hugepages");
953 memory
= (memory
+hpagesize
-1) & ~(hpagesize
-1);
956 * ftruncate is not supported by hugetlbfs in older
957 * hosts, so don't bother bailing out on errors.
958 * If anything goes wrong with it under other filesystems,
961 if (ftruncate(fd
, memory
))
965 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
966 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
967 * to sidestep this quirk.
969 flags
= mem_prealloc
? MAP_POPULATE
| MAP_SHARED
: MAP_PRIVATE
;
970 area
= mmap(0, memory
, PROT_READ
| PROT_WRITE
, flags
, fd
, 0);
972 area
= mmap(0, memory
, PROT_READ
| PROT_WRITE
, MAP_PRIVATE
, fd
, 0);
974 if (area
== MAP_FAILED
) {
975 perror("file_ram_alloc: can't mmap RAM pages");
983 static void *file_ram_alloc(RAMBlock
*block
,
987 fprintf(stderr
, "-mem-path not supported on this host\n");
992 static ram_addr_t
find_ram_offset(ram_addr_t size
)
994 RAMBlock
*block
, *next_block
;
995 ram_addr_t offset
= RAM_ADDR_MAX
, mingap
= RAM_ADDR_MAX
;
997 assert(size
!= 0); /* it would hand out same offset multiple times */
999 if (QTAILQ_EMPTY(&ram_list
.blocks
))
1002 QTAILQ_FOREACH(block
, &ram_list
.blocks
, next
) {
1003 ram_addr_t end
, next
= RAM_ADDR_MAX
;
1005 end
= block
->offset
+ block
->length
;
1007 QTAILQ_FOREACH(next_block
, &ram_list
.blocks
, next
) {
1008 if (next_block
->offset
>= end
) {
1009 next
= MIN(next
, next_block
->offset
);
1012 if (next
- end
>= size
&& next
- end
< mingap
) {
1014 mingap
= next
- end
;
1018 if (offset
== RAM_ADDR_MAX
) {
1019 fprintf(stderr
, "Failed to find gap of requested size: %" PRIu64
"\n",
1027 ram_addr_t
last_ram_offset(void)
1030 ram_addr_t last
= 0;
1032 QTAILQ_FOREACH(block
, &ram_list
.blocks
, next
)
1033 last
= MAX(last
, block
->offset
+ block
->length
);
1038 static void qemu_ram_setup_dump(void *addr
, ram_addr_t size
)
1042 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1043 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1044 "dump-guest-core", true)) {
1045 ret
= qemu_madvise(addr
, size
, QEMU_MADV_DONTDUMP
);
1047 perror("qemu_madvise");
1048 fprintf(stderr
, "madvise doesn't support MADV_DONTDUMP, "
1049 "but dump_guest_core=off specified\n");
1054 void qemu_ram_set_idstr(ram_addr_t addr
, const char *name
, DeviceState
*dev
)
1056 RAMBlock
*new_block
, *block
;
1059 QTAILQ_FOREACH(block
, &ram_list
.blocks
, next
) {
1060 if (block
->offset
== addr
) {
1066 assert(!new_block
->idstr
[0]);
1069 char *id
= qdev_get_dev_path(dev
);
1071 snprintf(new_block
->idstr
, sizeof(new_block
->idstr
), "%s/", id
);
1075 pstrcat(new_block
->idstr
, sizeof(new_block
->idstr
), name
);
1077 /* This assumes the iothread lock is taken here too. */
1078 qemu_mutex_lock_ramlist();
1079 QTAILQ_FOREACH(block
, &ram_list
.blocks
, next
) {
1080 if (block
!= new_block
&& !strcmp(block
->idstr
, new_block
->idstr
)) {
1081 fprintf(stderr
, "RAMBlock \"%s\" already registered, abort!\n",
1086 qemu_mutex_unlock_ramlist();
1089 static int memory_try_enable_merging(void *addr
, size_t len
)
1091 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
1092 /* disabled by the user */
1096 return qemu_madvise(addr
, len
, QEMU_MADV_MERGEABLE
);
1099 ram_addr_t
qemu_ram_alloc_from_ptr(ram_addr_t size
, void *host
,
1102 RAMBlock
*block
, *new_block
;
1104 size
= TARGET_PAGE_ALIGN(size
);
1105 new_block
= g_malloc0(sizeof(*new_block
));
1108 /* This assumes the iothread lock is taken here too. */
1109 qemu_mutex_lock_ramlist();
1111 new_block
->offset
= find_ram_offset(size
);
1113 new_block
->host
= host
;
1114 new_block
->flags
|= RAM_PREALLOC_MASK
;
1115 } else if (xen_enabled()) {
1117 fprintf(stderr
, "-mem-path not supported with Xen\n");
1120 xen_ram_alloc(new_block
->offset
, size
, mr
);
1123 if (phys_mem_alloc
!= qemu_anon_ram_alloc
) {
1125 * file_ram_alloc() needs to allocate just like
1126 * phys_mem_alloc, but we haven't bothered to provide
1130 "-mem-path not supported with this accelerator\n");
1133 new_block
->host
= file_ram_alloc(new_block
, size
, mem_path
);
1135 if (!new_block
->host
) {
1136 new_block
->host
= phys_mem_alloc(size
);
1137 if (!new_block
->host
) {
1138 fprintf(stderr
, "Cannot set up guest memory '%s': %s\n",
1139 new_block
->mr
->name
, strerror(errno
));
1142 memory_try_enable_merging(new_block
->host
, size
);
1145 new_block
->length
= size
;
1147 /* Keep the list sorted from biggest to smallest block. */
1148 QTAILQ_FOREACH(block
, &ram_list
.blocks
, next
) {
1149 if (block
->length
< new_block
->length
) {
1154 QTAILQ_INSERT_BEFORE(block
, new_block
, next
);
1156 QTAILQ_INSERT_TAIL(&ram_list
.blocks
, new_block
, next
);
1158 ram_list
.mru_block
= NULL
;
1161 qemu_mutex_unlock_ramlist();
1163 ram_list
.phys_dirty
= g_realloc(ram_list
.phys_dirty
,
1164 last_ram_offset() >> TARGET_PAGE_BITS
);
1165 memset(ram_list
.phys_dirty
+ (new_block
->offset
>> TARGET_PAGE_BITS
),
1166 0, size
>> TARGET_PAGE_BITS
);
1167 cpu_physical_memory_set_dirty_range(new_block
->offset
, size
, 0xff);
1169 qemu_ram_setup_dump(new_block
->host
, size
);
1170 qemu_madvise(new_block
->host
, size
, QEMU_MADV_HUGEPAGE
);
1171 qemu_madvise(new_block
->host
, size
, QEMU_MADV_DONTFORK
);
1174 kvm_setup_guest_memory(new_block
->host
, size
);
1176 return new_block
->offset
;
1179 ram_addr_t
qemu_ram_alloc(ram_addr_t size
, MemoryRegion
*mr
)
1181 return qemu_ram_alloc_from_ptr(size
, NULL
, mr
);
1184 void qemu_ram_free_from_ptr(ram_addr_t addr
)
1188 /* This assumes the iothread lock is taken here too. */
1189 qemu_mutex_lock_ramlist();
1190 QTAILQ_FOREACH(block
, &ram_list
.blocks
, next
) {
1191 if (addr
== block
->offset
) {
1192 QTAILQ_REMOVE(&ram_list
.blocks
, block
, next
);
1193 ram_list
.mru_block
= NULL
;
1199 qemu_mutex_unlock_ramlist();
1202 void qemu_ram_free(ram_addr_t addr
)
1206 /* This assumes the iothread lock is taken here too. */
1207 qemu_mutex_lock_ramlist();
1208 QTAILQ_FOREACH(block
, &ram_list
.blocks
, next
) {
1209 if (addr
== block
->offset
) {
1210 QTAILQ_REMOVE(&ram_list
.blocks
, block
, next
);
1211 ram_list
.mru_block
= NULL
;
1213 if (block
->flags
& RAM_PREALLOC_MASK
) {
1215 } else if (xen_enabled()) {
1216 xen_invalidate_map_cache_entry(block
->host
);
1218 } else if (block
->fd
>= 0) {
1219 munmap(block
->host
, block
->length
);
1223 qemu_anon_ram_free(block
->host
, block
->length
);
1229 qemu_mutex_unlock_ramlist();
1234 void qemu_ram_remap(ram_addr_t addr
, ram_addr_t length
)
1241 QTAILQ_FOREACH(block
, &ram_list
.blocks
, next
) {
1242 offset
= addr
- block
->offset
;
1243 if (offset
< block
->length
) {
1244 vaddr
= block
->host
+ offset
;
1245 if (block
->flags
& RAM_PREALLOC_MASK
) {
1247 } else if (xen_enabled()) {
1251 munmap(vaddr
, length
);
1252 if (block
->fd
>= 0) {
1254 flags
|= mem_prealloc
? MAP_POPULATE
| MAP_SHARED
:
1257 flags
|= MAP_PRIVATE
;
1259 area
= mmap(vaddr
, length
, PROT_READ
| PROT_WRITE
,
1260 flags
, block
->fd
, offset
);
1263 * Remap needs to match alloc. Accelerators that
1264 * set phys_mem_alloc never remap. If they did,
1265 * we'd need a remap hook here.
1267 assert(phys_mem_alloc
== qemu_anon_ram_alloc
);
1269 flags
|= MAP_PRIVATE
| MAP_ANONYMOUS
;
1270 area
= mmap(vaddr
, length
, PROT_READ
| PROT_WRITE
,
1273 if (area
!= vaddr
) {
1274 fprintf(stderr
, "Could not remap addr: "
1275 RAM_ADDR_FMT
"@" RAM_ADDR_FMT
"\n",
1279 memory_try_enable_merging(vaddr
, length
);
1280 qemu_ram_setup_dump(vaddr
, length
);
1286 #endif /* !_WIN32 */
1288 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1289 With the exception of the softmmu code in this file, this should
1290 only be used for local memory (e.g. video ram) that the device owns,
1291 and knows it isn't going to access beyond the end of the block.
1293 It should not be used for general purpose DMA.
1294 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1296 void *qemu_get_ram_ptr(ram_addr_t addr
)
1298 RAMBlock
*block
= qemu_get_ram_block(addr
);
1300 if (xen_enabled()) {
1301 /* We need to check if the requested address is in the RAM
1302 * because we don't want to map the entire memory in QEMU.
1303 * In that case just map until the end of the page.
1305 if (block
->offset
== 0) {
1306 return xen_map_cache(addr
, 0, 0);
1307 } else if (block
->host
== NULL
) {
1309 xen_map_cache(block
->offset
, block
->length
, 1);
1312 return block
->host
+ (addr
- block
->offset
);
1315 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1316 * but takes a size argument */
1317 static void *qemu_ram_ptr_length(ram_addr_t addr
, hwaddr
*size
)
1322 if (xen_enabled()) {
1323 return xen_map_cache(addr
, *size
, 1);
1327 QTAILQ_FOREACH(block
, &ram_list
.blocks
, next
) {
1328 if (addr
- block
->offset
< block
->length
) {
1329 if (addr
- block
->offset
+ *size
> block
->length
)
1330 *size
= block
->length
- addr
+ block
->offset
;
1331 return block
->host
+ (addr
- block
->offset
);
1335 fprintf(stderr
, "Bad ram offset %" PRIx64
"\n", (uint64_t)addr
);
1340 /* Some of the softmmu routines need to translate from a host pointer
1341 (typically a TLB entry) back to a ram offset. */
1342 MemoryRegion
*qemu_ram_addr_from_host(void *ptr
, ram_addr_t
*ram_addr
)
1345 uint8_t *host
= ptr
;
1347 if (xen_enabled()) {
1348 *ram_addr
= xen_ram_addr_from_mapcache(ptr
);
1349 return qemu_get_ram_block(*ram_addr
)->mr
;
1352 block
= ram_list
.mru_block
;
1353 if (block
&& block
->host
&& host
- block
->host
< block
->length
) {
1357 QTAILQ_FOREACH(block
, &ram_list
.blocks
, next
) {
1358 /* This case append when the block is not mapped. */
1359 if (block
->host
== NULL
) {
1362 if (host
- block
->host
< block
->length
) {
1370 *ram_addr
= block
->offset
+ (host
- block
->host
);
1374 static void notdirty_mem_write(void *opaque
, hwaddr ram_addr
,
1375 uint64_t val
, unsigned size
)
1378 dirty_flags
= cpu_physical_memory_get_dirty_flags(ram_addr
);
1379 if (!(dirty_flags
& CODE_DIRTY_FLAG
)) {
1380 tb_invalidate_phys_page_fast(ram_addr
, size
);
1381 dirty_flags
= cpu_physical_memory_get_dirty_flags(ram_addr
);
1385 stb_p(qemu_get_ram_ptr(ram_addr
), val
);
1388 stw_p(qemu_get_ram_ptr(ram_addr
), val
);
1391 stl_p(qemu_get_ram_ptr(ram_addr
), val
);
1396 dirty_flags
|= (0xff & ~CODE_DIRTY_FLAG
);
1397 cpu_physical_memory_set_dirty_flags(ram_addr
, dirty_flags
);
1398 /* we remove the notdirty callback only if the code has been
1400 if (dirty_flags
== 0xff) {
1401 CPUArchState
*env
= current_cpu
->env_ptr
;
1402 tlb_set_dirty(env
, env
->mem_io_vaddr
);
1406 static bool notdirty_mem_accepts(void *opaque
, hwaddr addr
,
1407 unsigned size
, bool is_write
)
1412 static const MemoryRegionOps notdirty_mem_ops
= {
1413 .write
= notdirty_mem_write
,
1414 .valid
.accepts
= notdirty_mem_accepts
,
1415 .endianness
= DEVICE_NATIVE_ENDIAN
,
1418 /* Generate a debug exception if a watchpoint has been hit. */
1419 static void check_watchpoint(int offset
, int len_mask
, int flags
)
1421 CPUArchState
*env
= current_cpu
->env_ptr
;
1422 target_ulong pc
, cs_base
;
1427 if (env
->watchpoint_hit
) {
1428 /* We re-entered the check after replacing the TB. Now raise
1429 * the debug interrupt so that is will trigger after the
1430 * current instruction. */
1431 cpu_interrupt(ENV_GET_CPU(env
), CPU_INTERRUPT_DEBUG
);
1434 vaddr
= (env
->mem_io_vaddr
& TARGET_PAGE_MASK
) + offset
;
1435 QTAILQ_FOREACH(wp
, &env
->watchpoints
, entry
) {
1436 if ((vaddr
== (wp
->vaddr
& len_mask
) ||
1437 (vaddr
& wp
->len_mask
) == wp
->vaddr
) && (wp
->flags
& flags
)) {
1438 wp
->flags
|= BP_WATCHPOINT_HIT
;
1439 if (!env
->watchpoint_hit
) {
1440 env
->watchpoint_hit
= wp
;
1441 tb_check_watchpoint(env
);
1442 if (wp
->flags
& BP_STOP_BEFORE_ACCESS
) {
1443 env
->exception_index
= EXCP_DEBUG
;
1446 cpu_get_tb_cpu_state(env
, &pc
, &cs_base
, &cpu_flags
);
1447 tb_gen_code(env
, pc
, cs_base
, cpu_flags
, 1);
1448 cpu_resume_from_signal(env
, NULL
);
1452 wp
->flags
&= ~BP_WATCHPOINT_HIT
;
1457 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1458 so these check for a hit then pass through to the normal out-of-line
1460 static uint64_t watch_mem_read(void *opaque
, hwaddr addr
,
1463 check_watchpoint(addr
& ~TARGET_PAGE_MASK
, ~(size
- 1), BP_MEM_READ
);
1465 case 1: return ldub_phys(addr
);
1466 case 2: return lduw_phys(addr
);
1467 case 4: return ldl_phys(addr
);
1472 static void watch_mem_write(void *opaque
, hwaddr addr
,
1473 uint64_t val
, unsigned size
)
1475 check_watchpoint(addr
& ~TARGET_PAGE_MASK
, ~(size
- 1), BP_MEM_WRITE
);
1478 stb_phys(addr
, val
);
1481 stw_phys(addr
, val
);
1484 stl_phys(addr
, val
);
1490 static const MemoryRegionOps watch_mem_ops
= {
1491 .read
= watch_mem_read
,
1492 .write
= watch_mem_write
,
1493 .endianness
= DEVICE_NATIVE_ENDIAN
,
1496 static uint64_t subpage_read(void *opaque
, hwaddr addr
,
1499 subpage_t
*subpage
= opaque
;
1502 #if defined(DEBUG_SUBPAGE)
1503 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
"\n", __func__
,
1504 subpage
, len
, addr
);
1506 address_space_read(subpage
->as
, addr
+ subpage
->base
, buf
, len
);
1519 static void subpage_write(void *opaque
, hwaddr addr
,
1520 uint64_t value
, unsigned len
)
1522 subpage_t
*subpage
= opaque
;
1525 #if defined(DEBUG_SUBPAGE)
1526 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1527 " value %"PRIx64
"\n",
1528 __func__
, subpage
, len
, addr
, value
);
1543 address_space_write(subpage
->as
, addr
+ subpage
->base
, buf
, len
);
1546 static bool subpage_accepts(void *opaque
, hwaddr addr
,
1547 unsigned len
, bool is_write
)
1549 subpage_t
*subpage
= opaque
;
1550 #if defined(DEBUG_SUBPAGE)
1551 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx
"\n",
1552 __func__
, subpage
, is_write
? 'w' : 'r', len
, addr
);
1555 return address_space_access_valid(subpage
->as
, addr
+ subpage
->base
,
1559 static const MemoryRegionOps subpage_ops
= {
1560 .read
= subpage_read
,
1561 .write
= subpage_write
,
1562 .valid
.accepts
= subpage_accepts
,
1563 .endianness
= DEVICE_NATIVE_ENDIAN
,
1566 static int subpage_register (subpage_t
*mmio
, uint32_t start
, uint32_t end
,
1571 if (start
>= TARGET_PAGE_SIZE
|| end
>= TARGET_PAGE_SIZE
)
1573 idx
= SUBPAGE_IDX(start
);
1574 eidx
= SUBPAGE_IDX(end
);
1575 #if defined(DEBUG_SUBPAGE)
1576 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
1577 __func__
, mmio
, start
, end
, idx
, eidx
, section
);
1579 for (; idx
<= eidx
; idx
++) {
1580 mmio
->sub_section
[idx
] = section
;
1586 static subpage_t
*subpage_init(AddressSpace
*as
, hwaddr base
)
1590 mmio
= g_malloc0(sizeof(subpage_t
));
1594 memory_region_init_io(&mmio
->iomem
, NULL
, &subpage_ops
, mmio
,
1595 "subpage", TARGET_PAGE_SIZE
);
1596 mmio
->iomem
.subpage
= true;
1597 #if defined(DEBUG_SUBPAGE)
1598 printf("%s: %p base " TARGET_FMT_plx
" len %08x\n", __func__
,
1599 mmio
, base
, TARGET_PAGE_SIZE
);
1601 subpage_register(mmio
, 0, TARGET_PAGE_SIZE
-1, PHYS_SECTION_UNASSIGNED
);
1606 static uint16_t dummy_section(MemoryRegion
*mr
)
1608 MemoryRegionSection section
= {
1610 .offset_within_address_space
= 0,
1611 .offset_within_region
= 0,
1612 .size
= int128_2_64(),
1615 return phys_section_add(§ion
);
1618 MemoryRegion
*iotlb_to_region(hwaddr index
)
1620 return address_space_memory
.dispatch
->sections
[index
& ~TARGET_PAGE_MASK
].mr
;
1623 static void io_mem_init(void)
1625 memory_region_init_io(&io_mem_rom
, NULL
, &unassigned_mem_ops
, NULL
, "rom", UINT64_MAX
);
1626 memory_region_init_io(&io_mem_unassigned
, NULL
, &unassigned_mem_ops
, NULL
,
1627 "unassigned", UINT64_MAX
);
1628 memory_region_init_io(&io_mem_notdirty
, NULL
, ¬dirty_mem_ops
, NULL
,
1629 "notdirty", UINT64_MAX
);
1630 memory_region_init_io(&io_mem_watch
, NULL
, &watch_mem_ops
, NULL
,
1631 "watch", UINT64_MAX
);
1634 static void mem_begin(MemoryListener
*listener
)
1636 AddressSpace
*as
= container_of(listener
, AddressSpace
, dispatch_listener
);
1637 AddressSpaceDispatch
*d
= g_new(AddressSpaceDispatch
, 1);
1639 d
->phys_map
= (PhysPageEntry
) { .ptr
= PHYS_MAP_NODE_NIL
, .is_leaf
= 0 };
1641 as
->next_dispatch
= d
;
1644 static void mem_commit(MemoryListener
*listener
)
1646 AddressSpace
*as
= container_of(listener
, AddressSpace
, dispatch_listener
);
1647 AddressSpaceDispatch
*cur
= as
->dispatch
;
1648 AddressSpaceDispatch
*next
= as
->next_dispatch
;
1650 next
->nodes
= next_map
.nodes
;
1651 next
->sections
= next_map
.sections
;
1653 as
->dispatch
= next
;
1657 static void core_begin(MemoryListener
*listener
)
1661 prev_map
= g_new(PhysPageMap
, 1);
1662 *prev_map
= next_map
;
1664 memset(&next_map
, 0, sizeof(next_map
));
1665 n
= dummy_section(&io_mem_unassigned
);
1666 assert(n
== PHYS_SECTION_UNASSIGNED
);
1667 n
= dummy_section(&io_mem_notdirty
);
1668 assert(n
== PHYS_SECTION_NOTDIRTY
);
1669 n
= dummy_section(&io_mem_rom
);
1670 assert(n
== PHYS_SECTION_ROM
);
1671 n
= dummy_section(&io_mem_watch
);
1672 assert(n
== PHYS_SECTION_WATCH
);
1675 /* This listener's commit run after the other AddressSpaceDispatch listeners'.
1676 * All AddressSpaceDispatch instances have switched to the next map.
1678 static void core_commit(MemoryListener
*listener
)
1680 phys_sections_free(prev_map
);
1683 static void tcg_commit(MemoryListener
*listener
)
1687 /* since each CPU stores ram addresses in its TLB cache, we must
1688 reset the modified entries */
1691 CPUArchState
*env
= cpu
->env_ptr
;
1697 static void core_log_global_start(MemoryListener
*listener
)
1699 cpu_physical_memory_set_dirty_tracking(1);
1702 static void core_log_global_stop(MemoryListener
*listener
)
1704 cpu_physical_memory_set_dirty_tracking(0);
1707 static MemoryListener core_memory_listener
= {
1708 .begin
= core_begin
,
1709 .commit
= core_commit
,
1710 .log_global_start
= core_log_global_start
,
1711 .log_global_stop
= core_log_global_stop
,
1715 static MemoryListener tcg_memory_listener
= {
1716 .commit
= tcg_commit
,
1719 void address_space_init_dispatch(AddressSpace
*as
)
1721 as
->dispatch
= NULL
;
1722 as
->dispatch_listener
= (MemoryListener
) {
1724 .commit
= mem_commit
,
1725 .region_add
= mem_add
,
1726 .region_nop
= mem_add
,
1729 memory_listener_register(&as
->dispatch_listener
, as
);
1732 void address_space_destroy_dispatch(AddressSpace
*as
)
1734 AddressSpaceDispatch
*d
= as
->dispatch
;
1736 memory_listener_unregister(&as
->dispatch_listener
);
1738 as
->dispatch
= NULL
;
1741 static void memory_map_init(void)
1743 system_memory
= g_malloc(sizeof(*system_memory
));
1744 memory_region_init(system_memory
, NULL
, "system", INT64_MAX
);
1745 address_space_init(&address_space_memory
, system_memory
, "memory");
1747 system_io
= g_malloc(sizeof(*system_io
));
1748 memory_region_init_io(system_io
, NULL
, &unassigned_io_ops
, NULL
, "io",
1750 address_space_init(&address_space_io
, system_io
, "I/O");
1752 memory_listener_register(&core_memory_listener
, &address_space_memory
);
1753 if (tcg_enabled()) {
1754 memory_listener_register(&tcg_memory_listener
, &address_space_memory
);
1758 MemoryRegion
*get_system_memory(void)
1760 return system_memory
;
1763 MemoryRegion
*get_system_io(void)
1768 #endif /* !defined(CONFIG_USER_ONLY) */
1770 /* physical memory access (slow version, mainly for debug) */
1771 #if defined(CONFIG_USER_ONLY)
1772 int cpu_memory_rw_debug(CPUState
*cpu
, target_ulong addr
,
1773 uint8_t *buf
, int len
, int is_write
)
1780 page
= addr
& TARGET_PAGE_MASK
;
1781 l
= (page
+ TARGET_PAGE_SIZE
) - addr
;
1784 flags
= page_get_flags(page
);
1785 if (!(flags
& PAGE_VALID
))
1788 if (!(flags
& PAGE_WRITE
))
1790 /* XXX: this code should not depend on lock_user */
1791 if (!(p
= lock_user(VERIFY_WRITE
, addr
, l
, 0)))
1794 unlock_user(p
, addr
, l
);
1796 if (!(flags
& PAGE_READ
))
1798 /* XXX: this code should not depend on lock_user */
1799 if (!(p
= lock_user(VERIFY_READ
, addr
, l
, 1)))
1802 unlock_user(p
, addr
, 0);
1813 static void invalidate_and_set_dirty(hwaddr addr
,
1816 if (!cpu_physical_memory_is_dirty(addr
)) {
1817 /* invalidate code */
1818 tb_invalidate_phys_page_range(addr
, addr
+ length
, 0);
1820 cpu_physical_memory_set_dirty_flags(addr
, (0xff & ~CODE_DIRTY_FLAG
));
1822 xen_modified_memory(addr
, length
);
1825 static inline bool memory_access_is_direct(MemoryRegion
*mr
, bool is_write
)
1827 if (memory_region_is_ram(mr
)) {
1828 return !(is_write
&& mr
->readonly
);
1830 if (memory_region_is_romd(mr
)) {
1837 static int memory_access_size(MemoryRegion
*mr
, unsigned l
, hwaddr addr
)
1839 unsigned access_size_max
= mr
->ops
->valid
.max_access_size
;
1841 /* Regions are assumed to support 1-4 byte accesses unless
1842 otherwise specified. */
1843 if (access_size_max
== 0) {
1844 access_size_max
= 4;
1847 /* Bound the maximum access by the alignment of the address. */
1848 if (!mr
->ops
->impl
.unaligned
) {
1849 unsigned align_size_max
= addr
& -addr
;
1850 if (align_size_max
!= 0 && align_size_max
< access_size_max
) {
1851 access_size_max
= align_size_max
;
1855 /* Don't attempt accesses larger than the maximum. */
1856 if (l
> access_size_max
) {
1857 l
= access_size_max
;
1860 l
= 1 << (qemu_fls(l
) - 1);
1866 bool address_space_rw(AddressSpace
*as
, hwaddr addr
, uint8_t *buf
,
1867 int len
, bool is_write
)
1878 mr
= address_space_translate(as
, addr
, &addr1
, &l
, is_write
);
1881 if (!memory_access_is_direct(mr
, is_write
)) {
1882 l
= memory_access_size(mr
, l
, addr1
);
1883 /* XXX: could force current_cpu to NULL to avoid
1887 /* 64 bit write access */
1889 error
|= io_mem_write(mr
, addr1
, val
, 8);
1892 /* 32 bit write access */
1894 error
|= io_mem_write(mr
, addr1
, val
, 4);
1897 /* 16 bit write access */
1899 error
|= io_mem_write(mr
, addr1
, val
, 2);
1902 /* 8 bit write access */
1904 error
|= io_mem_write(mr
, addr1
, val
, 1);
1910 addr1
+= memory_region_get_ram_addr(mr
);
1912 ptr
= qemu_get_ram_ptr(addr1
);
1913 memcpy(ptr
, buf
, l
);
1914 invalidate_and_set_dirty(addr1
, l
);
1917 if (!memory_access_is_direct(mr
, is_write
)) {
1919 l
= memory_access_size(mr
, l
, addr1
);
1922 /* 64 bit read access */
1923 error
|= io_mem_read(mr
, addr1
, &val
, 8);
1927 /* 32 bit read access */
1928 error
|= io_mem_read(mr
, addr1
, &val
, 4);
1932 /* 16 bit read access */
1933 error
|= io_mem_read(mr
, addr1
, &val
, 2);
1937 /* 8 bit read access */
1938 error
|= io_mem_read(mr
, addr1
, &val
, 1);
1946 ptr
= qemu_get_ram_ptr(mr
->ram_addr
+ addr1
);
1947 memcpy(buf
, ptr
, l
);
1958 bool address_space_write(AddressSpace
*as
, hwaddr addr
,
1959 const uint8_t *buf
, int len
)
1961 return address_space_rw(as
, addr
, (uint8_t *)buf
, len
, true);
1964 bool address_space_read(AddressSpace
*as
, hwaddr addr
, uint8_t *buf
, int len
)
1966 return address_space_rw(as
, addr
, buf
, len
, false);
1970 void cpu_physical_memory_rw(hwaddr addr
, uint8_t *buf
,
1971 int len
, int is_write
)
1973 address_space_rw(&address_space_memory
, addr
, buf
, len
, is_write
);
1976 /* used for ROM loading : can write in RAM and ROM */
1977 void cpu_physical_memory_write_rom(hwaddr addr
,
1978 const uint8_t *buf
, int len
)
1987 mr
= address_space_translate(&address_space_memory
,
1988 addr
, &addr1
, &l
, true);
1990 if (!(memory_region_is_ram(mr
) ||
1991 memory_region_is_romd(mr
))) {
1994 addr1
+= memory_region_get_ram_addr(mr
);
1996 ptr
= qemu_get_ram_ptr(addr1
);
1997 memcpy(ptr
, buf
, l
);
1998 invalidate_and_set_dirty(addr1
, l
);
2013 static BounceBuffer bounce
;
2015 typedef struct MapClient
{
2017 void (*callback
)(void *opaque
);
2018 QLIST_ENTRY(MapClient
) link
;
2021 static QLIST_HEAD(map_client_list
, MapClient
) map_client_list
2022 = QLIST_HEAD_INITIALIZER(map_client_list
);
2024 void *cpu_register_map_client(void *opaque
, void (*callback
)(void *opaque
))
2026 MapClient
*client
= g_malloc(sizeof(*client
));
2028 client
->opaque
= opaque
;
2029 client
->callback
= callback
;
2030 QLIST_INSERT_HEAD(&map_client_list
, client
, link
);
2034 static void cpu_unregister_map_client(void *_client
)
2036 MapClient
*client
= (MapClient
*)_client
;
2038 QLIST_REMOVE(client
, link
);
2042 static void cpu_notify_map_clients(void)
2046 while (!QLIST_EMPTY(&map_client_list
)) {
2047 client
= QLIST_FIRST(&map_client_list
);
2048 client
->callback(client
->opaque
);
2049 cpu_unregister_map_client(client
);
2053 bool address_space_access_valid(AddressSpace
*as
, hwaddr addr
, int len
, bool is_write
)
2060 mr
= address_space_translate(as
, addr
, &xlat
, &l
, is_write
);
2061 if (!memory_access_is_direct(mr
, is_write
)) {
2062 l
= memory_access_size(mr
, l
, addr
);
2063 if (!memory_region_access_valid(mr
, xlat
, l
, is_write
)) {
2074 /* Map a physical memory region into a host virtual address.
2075 * May map a subset of the requested range, given by and returned in *plen.
2076 * May return NULL if resources needed to perform the mapping are exhausted.
2077 * Use only for reads OR writes - not for read-modify-write operations.
2078 * Use cpu_register_map_client() to know when retrying the map operation is
2079 * likely to succeed.
2081 void *address_space_map(AddressSpace
*as
,
2088 hwaddr l
, xlat
, base
;
2089 MemoryRegion
*mr
, *this_mr
;
2097 mr
= address_space_translate(as
, addr
, &xlat
, &l
, is_write
);
2098 if (!memory_access_is_direct(mr
, is_write
)) {
2099 if (bounce
.buffer
) {
2102 /* Avoid unbounded allocations */
2103 l
= MIN(l
, TARGET_PAGE_SIZE
);
2104 bounce
.buffer
= qemu_memalign(TARGET_PAGE_SIZE
, l
);
2108 memory_region_ref(mr
);
2111 address_space_read(as
, addr
, bounce
.buffer
, l
);
2115 return bounce
.buffer
;
2119 raddr
= memory_region_get_ram_addr(mr
);
2130 this_mr
= address_space_translate(as
, addr
, &xlat
, &l
, is_write
);
2131 if (this_mr
!= mr
|| xlat
!= base
+ done
) {
2136 memory_region_ref(mr
);
2138 return qemu_ram_ptr_length(raddr
+ base
, plen
);
2141 /* Unmaps a memory region previously mapped by address_space_map().
2142 * Will also mark the memory as dirty if is_write == 1. access_len gives
2143 * the amount of memory that was actually read or written by the caller.
2145 void address_space_unmap(AddressSpace
*as
, void *buffer
, hwaddr len
,
2146 int is_write
, hwaddr access_len
)
2148 if (buffer
!= bounce
.buffer
) {
2152 mr
= qemu_ram_addr_from_host(buffer
, &addr1
);
2155 while (access_len
) {
2157 l
= TARGET_PAGE_SIZE
;
2160 invalidate_and_set_dirty(addr1
, l
);
2165 if (xen_enabled()) {
2166 xen_invalidate_map_cache_entry(buffer
);
2168 memory_region_unref(mr
);
2172 address_space_write(as
, bounce
.addr
, bounce
.buffer
, access_len
);
2174 qemu_vfree(bounce
.buffer
);
2175 bounce
.buffer
= NULL
;
2176 memory_region_unref(bounce
.mr
);
2177 cpu_notify_map_clients();
2180 void *cpu_physical_memory_map(hwaddr addr
,
2184 return address_space_map(&address_space_memory
, addr
, plen
, is_write
);
2187 void cpu_physical_memory_unmap(void *buffer
, hwaddr len
,
2188 int is_write
, hwaddr access_len
)
2190 return address_space_unmap(&address_space_memory
, buffer
, len
, is_write
, access_len
);
2193 /* warning: addr must be aligned */
2194 static inline uint32_t ldl_phys_internal(hwaddr addr
,
2195 enum device_endian endian
)
2203 mr
= address_space_translate(&address_space_memory
, addr
, &addr1
, &l
,
2205 if (l
< 4 || !memory_access_is_direct(mr
, false)) {
2207 io_mem_read(mr
, addr1
, &val
, 4);
2208 #if defined(TARGET_WORDS_BIGENDIAN)
2209 if (endian
== DEVICE_LITTLE_ENDIAN
) {
2213 if (endian
== DEVICE_BIG_ENDIAN
) {
2219 ptr
= qemu_get_ram_ptr((memory_region_get_ram_addr(mr
)
2223 case DEVICE_LITTLE_ENDIAN
:
2224 val
= ldl_le_p(ptr
);
2226 case DEVICE_BIG_ENDIAN
:
2227 val
= ldl_be_p(ptr
);
2237 uint32_t ldl_phys(hwaddr addr
)
2239 return ldl_phys_internal(addr
, DEVICE_NATIVE_ENDIAN
);
2242 uint32_t ldl_le_phys(hwaddr addr
)
2244 return ldl_phys_internal(addr
, DEVICE_LITTLE_ENDIAN
);
2247 uint32_t ldl_be_phys(hwaddr addr
)
2249 return ldl_phys_internal(addr
, DEVICE_BIG_ENDIAN
);
2252 /* warning: addr must be aligned */
2253 static inline uint64_t ldq_phys_internal(hwaddr addr
,
2254 enum device_endian endian
)
2262 mr
= address_space_translate(&address_space_memory
, addr
, &addr1
, &l
,
2264 if (l
< 8 || !memory_access_is_direct(mr
, false)) {
2266 io_mem_read(mr
, addr1
, &val
, 8);
2267 #if defined(TARGET_WORDS_BIGENDIAN)
2268 if (endian
== DEVICE_LITTLE_ENDIAN
) {
2272 if (endian
== DEVICE_BIG_ENDIAN
) {
2278 ptr
= qemu_get_ram_ptr((memory_region_get_ram_addr(mr
)
2282 case DEVICE_LITTLE_ENDIAN
:
2283 val
= ldq_le_p(ptr
);
2285 case DEVICE_BIG_ENDIAN
:
2286 val
= ldq_be_p(ptr
);
2296 uint64_t ldq_phys(hwaddr addr
)
2298 return ldq_phys_internal(addr
, DEVICE_NATIVE_ENDIAN
);
2301 uint64_t ldq_le_phys(hwaddr addr
)
2303 return ldq_phys_internal(addr
, DEVICE_LITTLE_ENDIAN
);
2306 uint64_t ldq_be_phys(hwaddr addr
)
2308 return ldq_phys_internal(addr
, DEVICE_BIG_ENDIAN
);
2312 uint32_t ldub_phys(hwaddr addr
)
2315 cpu_physical_memory_read(addr
, &val
, 1);
2319 /* warning: addr must be aligned */
2320 static inline uint32_t lduw_phys_internal(hwaddr addr
,
2321 enum device_endian endian
)
2329 mr
= address_space_translate(&address_space_memory
, addr
, &addr1
, &l
,
2331 if (l
< 2 || !memory_access_is_direct(mr
, false)) {
2333 io_mem_read(mr
, addr1
, &val
, 2);
2334 #if defined(TARGET_WORDS_BIGENDIAN)
2335 if (endian
== DEVICE_LITTLE_ENDIAN
) {
2339 if (endian
== DEVICE_BIG_ENDIAN
) {
2345 ptr
= qemu_get_ram_ptr((memory_region_get_ram_addr(mr
)
2349 case DEVICE_LITTLE_ENDIAN
:
2350 val
= lduw_le_p(ptr
);
2352 case DEVICE_BIG_ENDIAN
:
2353 val
= lduw_be_p(ptr
);
2363 uint32_t lduw_phys(hwaddr addr
)
2365 return lduw_phys_internal(addr
, DEVICE_NATIVE_ENDIAN
);
2368 uint32_t lduw_le_phys(hwaddr addr
)
2370 return lduw_phys_internal(addr
, DEVICE_LITTLE_ENDIAN
);
2373 uint32_t lduw_be_phys(hwaddr addr
)
2375 return lduw_phys_internal(addr
, DEVICE_BIG_ENDIAN
);
2378 /* warning: addr must be aligned. The ram page is not masked as dirty
2379 and the code inside is not invalidated. It is useful if the dirty
2380 bits are used to track modified PTEs */
2381 void stl_phys_notdirty(hwaddr addr
, uint32_t val
)
2388 mr
= address_space_translate(&address_space_memory
, addr
, &addr1
, &l
,
2390 if (l
< 4 || !memory_access_is_direct(mr
, true)) {
2391 io_mem_write(mr
, addr1
, val
, 4);
2393 addr1
+= memory_region_get_ram_addr(mr
) & TARGET_PAGE_MASK
;
2394 ptr
= qemu_get_ram_ptr(addr1
);
2397 if (unlikely(in_migration
)) {
2398 if (!cpu_physical_memory_is_dirty(addr1
)) {
2399 /* invalidate code */
2400 tb_invalidate_phys_page_range(addr1
, addr1
+ 4, 0);
2402 cpu_physical_memory_set_dirty_flags(
2403 addr1
, (0xff & ~CODE_DIRTY_FLAG
));
2409 /* warning: addr must be aligned */
2410 static inline void stl_phys_internal(hwaddr addr
, uint32_t val
,
2411 enum device_endian endian
)
2418 mr
= address_space_translate(&address_space_memory
, addr
, &addr1
, &l
,
2420 if (l
< 4 || !memory_access_is_direct(mr
, true)) {
2421 #if defined(TARGET_WORDS_BIGENDIAN)
2422 if (endian
== DEVICE_LITTLE_ENDIAN
) {
2426 if (endian
== DEVICE_BIG_ENDIAN
) {
2430 io_mem_write(mr
, addr1
, val
, 4);
2433 addr1
+= memory_region_get_ram_addr(mr
) & TARGET_PAGE_MASK
;
2434 ptr
= qemu_get_ram_ptr(addr1
);
2436 case DEVICE_LITTLE_ENDIAN
:
2439 case DEVICE_BIG_ENDIAN
:
2446 invalidate_and_set_dirty(addr1
, 4);
2450 void stl_phys(hwaddr addr
, uint32_t val
)
2452 stl_phys_internal(addr
, val
, DEVICE_NATIVE_ENDIAN
);
2455 void stl_le_phys(hwaddr addr
, uint32_t val
)
2457 stl_phys_internal(addr
, val
, DEVICE_LITTLE_ENDIAN
);
2460 void stl_be_phys(hwaddr addr
, uint32_t val
)
2462 stl_phys_internal(addr
, val
, DEVICE_BIG_ENDIAN
);
2466 void stb_phys(hwaddr addr
, uint32_t val
)
2469 cpu_physical_memory_write(addr
, &v
, 1);
2472 /* warning: addr must be aligned */
2473 static inline void stw_phys_internal(hwaddr addr
, uint32_t val
,
2474 enum device_endian endian
)
2481 mr
= address_space_translate(&address_space_memory
, addr
, &addr1
, &l
,
2483 if (l
< 2 || !memory_access_is_direct(mr
, true)) {
2484 #if defined(TARGET_WORDS_BIGENDIAN)
2485 if (endian
== DEVICE_LITTLE_ENDIAN
) {
2489 if (endian
== DEVICE_BIG_ENDIAN
) {
2493 io_mem_write(mr
, addr1
, val
, 2);
2496 addr1
+= memory_region_get_ram_addr(mr
) & TARGET_PAGE_MASK
;
2497 ptr
= qemu_get_ram_ptr(addr1
);
2499 case DEVICE_LITTLE_ENDIAN
:
2502 case DEVICE_BIG_ENDIAN
:
2509 invalidate_and_set_dirty(addr1
, 2);
2513 void stw_phys(hwaddr addr
, uint32_t val
)
2515 stw_phys_internal(addr
, val
, DEVICE_NATIVE_ENDIAN
);
2518 void stw_le_phys(hwaddr addr
, uint32_t val
)
2520 stw_phys_internal(addr
, val
, DEVICE_LITTLE_ENDIAN
);
2523 void stw_be_phys(hwaddr addr
, uint32_t val
)
2525 stw_phys_internal(addr
, val
, DEVICE_BIG_ENDIAN
);
2529 void stq_phys(hwaddr addr
, uint64_t val
)
2532 cpu_physical_memory_write(addr
, &val
, 8);
2535 void stq_le_phys(hwaddr addr
, uint64_t val
)
2537 val
= cpu_to_le64(val
);
2538 cpu_physical_memory_write(addr
, &val
, 8);
2541 void stq_be_phys(hwaddr addr
, uint64_t val
)
2543 val
= cpu_to_be64(val
);
2544 cpu_physical_memory_write(addr
, &val
, 8);
2547 /* virtual memory access for debug (includes writing to ROM) */
2548 int cpu_memory_rw_debug(CPUState
*cpu
, target_ulong addr
,
2549 uint8_t *buf
, int len
, int is_write
)
2556 page
= addr
& TARGET_PAGE_MASK
;
2557 phys_addr
= cpu_get_phys_page_debug(cpu
, page
);
2558 /* if no physical page mapped, return an error */
2559 if (phys_addr
== -1)
2561 l
= (page
+ TARGET_PAGE_SIZE
) - addr
;
2564 phys_addr
+= (addr
& ~TARGET_PAGE_MASK
);
2566 cpu_physical_memory_write_rom(phys_addr
, buf
, l
);
2568 cpu_physical_memory_rw(phys_addr
, buf
, l
, is_write
);
2577 #if !defined(CONFIG_USER_ONLY)
2580 * A helper function for the _utterly broken_ virtio device model to find out if
2581 * it's running on a big endian machine. Don't do this at home kids!
2583 bool virtio_is_big_endian(void);
2584 bool virtio_is_big_endian(void)
2586 #if defined(TARGET_WORDS_BIGENDIAN)
2595 #ifndef CONFIG_USER_ONLY
2596 bool cpu_physical_memory_is_io(hwaddr phys_addr
)
2601 mr
= address_space_translate(&address_space_memory
,
2602 phys_addr
, &phys_addr
, &l
, false);
2604 return !(memory_region_is_ram(mr
) ||
2605 memory_region_is_romd(mr
));
2608 void qemu_ram_foreach_block(RAMBlockIterFunc func
, void *opaque
)
2612 QTAILQ_FOREACH(block
, &ram_list
.blocks
, next
) {
2613 func(block
->host
, block
->offset
, block
->length
, opaque
);