search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Improve log message for unaligned i/o
[qemu/ar7.git] / exec.c
blobae87e46139f4aeba61c63cb2c516d940efedb4c1
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "exec/cputlb.h"
53 #include "translate-all.h"
54
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
57
58 #include "qemu/range.h"
59
60 //#define DEBUG_SUBPAGE
61
62 #if !defined(CONFIG_USER_ONLY)
63 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
64 * are protected by the ramlist lock.
65 */
66 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
67
68 static MemoryRegion *system_memory;
69 static MemoryRegion *system_io;
70
71 AddressSpace address_space_io;
72 AddressSpace address_space_memory;
73
74 MemoryRegion io_mem_rom, io_mem_notdirty;
75 static MemoryRegion io_mem_unassigned;
76
77 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
78 #define RAM_PREALLOC (1 << 0)
79
80 /* RAM is mmap-ed with MAP_SHARED */
81 #define RAM_SHARED (1 << 1)
82
83 /* Only a portion of RAM (used_length) is actually used, and migrated.
84 * This used_length size can change across reboots.
85 */
86 #define RAM_RESIZEABLE (1 << 2)
87
88 #endif
89
90 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
91 /* current CPU in the current thread. It is only valid inside
92 cpu_exec() */
93 DEFINE_TLS(CPUState *, current_cpu);
94 /* 0 = Do not count executed instructions.
95 1 = Precise instruction counting.
96 2 = Adaptive rate instruction counting. */
97 int use_icount;
98
99 #if !defined(CONFIG_USER_ONLY)
100
101 typedef struct PhysPageEntry PhysPageEntry;
102
103 struct PhysPageEntry {
104 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
105 uint32_t skip : 6;
106 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
107 uint32_t ptr : 26;
108 };
109
110 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
111
112 /* Size of the L2 (and L3, etc) page tables. */
113 #define ADDR_SPACE_BITS 64
114
115 #define P_L2_BITS 9
116 #define P_L2_SIZE (1 << P_L2_BITS)
117
118 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
119
120 typedef PhysPageEntry Node[P_L2_SIZE];
121
122 typedef struct PhysPageMap {
123 struct rcu_head rcu;
124
125 unsigned sections_nb;
126 unsigned sections_nb_alloc;
127 unsigned nodes_nb;
128 unsigned nodes_nb_alloc;
129 Node *nodes;
130 MemoryRegionSection *sections;
131 } PhysPageMap;
132
133 struct AddressSpaceDispatch {
134 struct rcu_head rcu;
135
136 /* This is a multi-level map on the physical address space.
137 * The bottom level has pointers to MemoryRegionSections.
138 */
139 PhysPageEntry phys_map;
140 PhysPageMap map;
141 AddressSpace *as;
142 };
143
144 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
145 typedef struct subpage_t {
146 MemoryRegion iomem;
147 AddressSpace *as;
148 hwaddr base;
149 uint16_t sub_section[TARGET_PAGE_SIZE];
150 } subpage_t;
151
152 #define PHYS_SECTION_UNASSIGNED 0
153 #define PHYS_SECTION_NOTDIRTY 1
154 #define PHYS_SECTION_ROM 2
155 #define PHYS_SECTION_WATCH 3
156
157 static void io_mem_init(void);
158 static void memory_map_init(void);
159 static void tcg_commit(MemoryListener *listener);
160
161 static MemoryRegion io_mem_watch;
162 #endif
163
164 #if !defined(CONFIG_USER_ONLY)
165
166 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
167 {
168 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
170 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
171 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
172 }
173 }
174
175 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
176 {
177 unsigned i;
178 uint32_t ret;
179 PhysPageEntry e;
180 PhysPageEntry *p;
181
182 ret = map->nodes_nb++;
183 p = map->nodes[ret];
184 assert(ret != PHYS_MAP_NODE_NIL);
185 assert(ret != map->nodes_nb_alloc);
186
187 e.skip = leaf ? 0 : 1;
188 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
189 for (i = 0; i < P_L2_SIZE; ++i) {
190 memcpy(&p[i], &e, sizeof(e));
191 }
192 return ret;
193 }
194
195 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
196 hwaddr *index, hwaddr *nb, uint16_t leaf,
197 int level)
198 {
199 PhysPageEntry *p;
200 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
201
202 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
203 lp->ptr = phys_map_node_alloc(map, level == 0);
204 }
205 p = map->nodes[lp->ptr];
206 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
207
208 while (*nb && lp < &p[P_L2_SIZE]) {
209 if ((*index & (step - 1)) == 0 && *nb >= step) {
210 lp->skip = 0;
211 lp->ptr = leaf;
212 *index += step;
213 *nb -= step;
214 } else {
215 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
216 }
217 ++lp;
218 }
219 }
220
221 static void phys_page_set(AddressSpaceDispatch *d,
222 hwaddr index, hwaddr nb,
223 uint16_t leaf)
224 {
225 /* Wildly overreserve - it doesn't matter much. */
226 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
227
228 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
229 }
230
231 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
232 * and update our entry so we can skip it and go directly to the destination.
233 */
234 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
235 {
236 unsigned valid_ptr = P_L2_SIZE;
237 int valid = 0;
238 PhysPageEntry *p;
239 int i;
240
241 if (lp->ptr == PHYS_MAP_NODE_NIL) {
242 return;
243 }
244
245 p = nodes[lp->ptr];
246 for (i = 0; i < P_L2_SIZE; i++) {
247 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
248 continue;
249 }
250
251 valid_ptr = i;
252 valid++;
253 if (p[i].skip) {
254 phys_page_compact(&p[i], nodes, compacted);
255 }
256 }
257
258 /* We can only compress if there's only one child. */
259 if (valid != 1) {
260 return;
261 }
262
263 assert(valid_ptr < P_L2_SIZE);
264
265 /* Don't compress if it won't fit in the # of bits we have. */
266 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
267 return;
268 }
269
270 lp->ptr = p[valid_ptr].ptr;
271 if (!p[valid_ptr].skip) {
272 /* If our only child is a leaf, make this a leaf. */
273 /* By design, we should have made this node a leaf to begin with so we
274 * should never reach here.
275 * But since it's so simple to handle this, let's do it just in case we
276 * change this rule.
277 */
278 lp->skip = 0;
279 } else {
280 lp->skip += p[valid_ptr].skip;
281 }
282 }
283
284 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
285 {
286 DECLARE_BITMAP(compacted, nodes_nb);
287
288 if (d->phys_map.skip) {
289 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
290 }
291 }
292
293 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
294 Node *nodes, MemoryRegionSection *sections)
295 {
296 PhysPageEntry *p;
297 hwaddr index = addr >> TARGET_PAGE_BITS;
298 int i;
299
300 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
301 if (lp.ptr == PHYS_MAP_NODE_NIL) {
302 return &sections[PHYS_SECTION_UNASSIGNED];
303 }
304 p = nodes[lp.ptr];
305 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
306 }
307
308 if (sections[lp.ptr].size.hi ||
309 range_covers_byte(sections[lp.ptr].offset_within_address_space,
310 sections[lp.ptr].size.lo, addr)) {
311 return &sections[lp.ptr];
312 } else {
313 return &sections[PHYS_SECTION_UNASSIGNED];
314 }
315 }
316
317 bool memory_region_is_unassigned(MemoryRegion *mr)
318 {
319 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
320 && mr != &io_mem_watch;
321 }
322
323 /* Called from RCU critical section */
324 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
325 hwaddr addr,
326 bool resolve_subpage)
327 {
328 MemoryRegionSection *section;
329 subpage_t *subpage;
330
331 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
332 if (resolve_subpage && section->mr->subpage) {
333 subpage = container_of(section->mr, subpage_t, iomem);
334 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
335 }
336 return section;
337 }
338
339 /* Called from RCU critical section */
340 static MemoryRegionSection *
341 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
342 hwaddr *plen, bool resolve_subpage)
343 {
344 MemoryRegionSection *section;
345 MemoryRegion *mr;
346 Int128 diff;
347
348 section = address_space_lookup_region(d, addr, resolve_subpage);
349 /* Compute offset within MemoryRegionSection */
350 addr -= section->offset_within_address_space;
351
352 /* Compute offset within MemoryRegion */
353 *xlat = addr + section->offset_within_region;
354
355 mr = section->mr;
356
357 /* MMIO registers can be expected to perform full-width accesses based only
358 * on their address, without considering adjacent registers that could
359 * decode to completely different MemoryRegions. When such registers
360 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
361 * regions overlap wildly. For this reason we cannot clamp the accesses
362 * here.
363 *
364 * If the length is small (as is the case for address_space_ldl/stl),
365 * everything works fine. If the incoming length is large, however,
366 * the caller really has to do the clamping through memory_access_size.
367 */
368 if (memory_region_is_ram(mr)) {
369 diff = int128_sub(section->size, int128_make64(addr));
370 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
371 }
372 return section;
373 }
374
375 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
376 {
377 if (memory_region_is_ram(mr)) {
378 return !(is_write && mr->readonly);
379 }
380 if (memory_region_is_romd(mr)) {
381 return !is_write;
382 }
383
384 return false;
385 }
386
387 /* Called from RCU critical section */
388 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
389 hwaddr *xlat, hwaddr *plen,
390 bool is_write)
391 {
392 IOMMUTLBEntry iotlb;
393 MemoryRegionSection *section;
394 MemoryRegion *mr;
395
396 for (;;) {
397 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
398 section = address_space_translate_internal(d, addr, &addr, plen, true);
399 mr = section->mr;
400
401 if (!mr->iommu_ops) {
402 break;
403 }
404
405 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
406 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
407 | (addr & iotlb.addr_mask));
408 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
409 if (!(iotlb.perm & (1 << is_write))) {
410 mr = &io_mem_unassigned;
411 break;
412 }
413
414 as = iotlb.target_as;
415 }
416
417 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
418 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
419 *plen = MIN(page, *plen);
420 }
421
422 *xlat = addr;
423 return mr;
424 }
425
426 /* Called from RCU critical section */
427 MemoryRegionSection *
428 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
429 hwaddr *xlat, hwaddr *plen)
430 {
431 MemoryRegionSection *section;
432 section = address_space_translate_internal(cpu->memory_dispatch,
433 addr, xlat, plen, false);
434
435 assert(!section->mr->iommu_ops);
436 return section;
437 }
438 #endif
439
440 #if !defined(CONFIG_USER_ONLY)
441
442 static int cpu_common_post_load(void *opaque, int version_id)
443 {
444 CPUState *cpu = opaque;
445
446 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
447 version_id is increased. */
448 cpu->interrupt_request &= ~0x01;
449 tlb_flush(cpu, 1);
450
451 return 0;
452 }
453
454 static int cpu_common_pre_load(void *opaque)
455 {
456 CPUState *cpu = opaque;
457
458 cpu->exception_index = -1;
459
460 return 0;
461 }
462
463 static bool cpu_common_exception_index_needed(void *opaque)
464 {
465 CPUState *cpu = opaque;
466
467 return tcg_enabled() && cpu->exception_index != -1;
468 }
469
470 static const VMStateDescription vmstate_cpu_common_exception_index = {
471 .name = "cpu_common/exception_index",
472 .version_id = 1,
473 .minimum_version_id = 1,
474 .needed = cpu_common_exception_index_needed,
475 .fields = (VMStateField[]) {
476 VMSTATE_INT32(exception_index, CPUState),
477 VMSTATE_END_OF_LIST()
478 }
479 };
480
481 const VMStateDescription vmstate_cpu_common = {
482 .name = "cpu_common",
483 .version_id = 1,
484 .minimum_version_id = 1,
485 .pre_load = cpu_common_pre_load,
486 .post_load = cpu_common_post_load,
487 .fields = (VMStateField[]) {
488 VMSTATE_UINT32(halted, CPUState),
489 VMSTATE_UINT32(interrupt_request, CPUState),
490 VMSTATE_END_OF_LIST()
491 },
492 .subsections = (const VMStateDescription*[]) {
493 &vmstate_cpu_common_exception_index,
494 NULL
495 }
496 };
497
498 #endif
499
500 CPUState *qemu_get_cpu(int index)
501 {
502 CPUState *cpu;
503
504 CPU_FOREACH(cpu) {
505 if (cpu->cpu_index == index) {
506 return cpu;
507 }
508 }
509
510 return NULL;
511 }
512
513 #if !defined(CONFIG_USER_ONLY)
514 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
515 {
516 /* We only support one address space per cpu at the moment. */
517 assert(cpu->as == as);
518
519 if (cpu->tcg_as_listener) {
520 memory_listener_unregister(cpu->tcg_as_listener);
521 } else {
522 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
523 }
524 cpu->tcg_as_listener->commit = tcg_commit;
525 memory_listener_register(cpu->tcg_as_listener, as);
526 }
527 #endif
528
529 #ifndef CONFIG_USER_ONLY
530 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
531
532 static int cpu_get_free_index(Error **errp)
533 {
534 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
535
536 if (cpu >= MAX_CPUMASK_BITS) {
537 error_setg(errp, "Trying to use more CPUs than max of %d",
538 MAX_CPUMASK_BITS);
539 return -1;
540 }
541
542 bitmap_set(cpu_index_map, cpu, 1);
543 return cpu;
544 }
545
546 void cpu_exec_exit(CPUState *cpu)
547 {
548 if (cpu->cpu_index == -1) {
549 /* cpu_index was never allocated by this @cpu or was already freed. */
550 return;
551 }
552
553 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
554 cpu->cpu_index = -1;
555 }
556 #else
557
558 static int cpu_get_free_index(Error **errp)
559 {
560 CPUState *some_cpu;
561 int cpu_index = 0;
562
563 CPU_FOREACH(some_cpu) {
564 cpu_index++;
565 }
566 return cpu_index;
567 }
568
569 void cpu_exec_exit(CPUState *cpu)
570 {
571 }
572 #endif
573
574 void cpu_exec_init(CPUState *cpu, Error **errp)
575 {
576 CPUClass *cc = CPU_GET_CLASS(cpu);
577 int cpu_index;
578 Error *local_err = NULL;
579
580 #ifdef TARGET_WORDS_BIGENDIAN
581 cpu->bigendian = true;
582 #else
583 cpu->bigendian = false;
584 #endif
585
586 #ifndef CONFIG_USER_ONLY
587 cpu->as = &address_space_memory;
588 cpu->thread_id = qemu_get_thread_id();
589 cpu_reload_memory_map(cpu);
590 #endif
591
592 #if defined(CONFIG_USER_ONLY)
593 cpu_list_lock();
594 #endif
595 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
596 if (local_err) {
597 error_propagate(errp, local_err);
598 #if defined(CONFIG_USER_ONLY)
599 cpu_list_unlock();
600 #endif
601 return;
602 }
603 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
604 #if defined(CONFIG_USER_ONLY)
605 cpu_list_unlock();
606 #endif
607 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
608 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
609 }
610 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
611 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
612 cpu_save, cpu_load, cpu->env_ptr);
613 assert(cc->vmsd == NULL);
614 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
615 #endif
616 if (cc->vmsd != NULL) {
617 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
618 }
619 }
620
621 #if defined(CONFIG_USER_ONLY)
622 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
623 {
624 tb_invalidate_phys_page_range(pc, pc + 1, 0);
625 }
626 #else
627 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
628 {
629 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
630 if (phys != -1) {
631 tb_invalidate_phys_addr(cpu->as,
632 phys | (pc & ~TARGET_PAGE_MASK));
633 }
634 }
635 #endif
636
637 #if defined(CONFIG_USER_ONLY)
638 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
639
640 {
641 }
642
643 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
644 int flags)
645 {
646 return -ENOSYS;
647 }
648
649 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
650 {
651 }
652
653 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
654 int flags, CPUWatchpoint **watchpoint)
655 {
656 return -ENOSYS;
657 }
658 #else
659 /* Add a watchpoint. */
660 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
661 int flags, CPUWatchpoint **watchpoint)
662 {
663 CPUWatchpoint *wp;
664
665 /* forbid ranges which are empty or run off the end of the address space */
666 if (len == 0 || (addr + len - 1) < addr) {
667 error_report("tried to set invalid watchpoint at %"
668 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
669 return -EINVAL;
670 }
671 wp = g_malloc(sizeof(*wp));
672
673 wp->vaddr = addr;
674 wp->len = len;
675 wp->flags = flags;
676
677 /* keep all GDB-injected watchpoints in front */
678 if (flags & BP_GDB) {
679 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
680 } else {
681 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
682 }
683
684 tlb_flush_page(cpu, addr);
685
686 if (watchpoint)
687 *watchpoint = wp;
688 return 0;
689 }
690
691 /* Remove a specific watchpoint. */
692 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
693 int flags)
694 {
695 CPUWatchpoint *wp;
696
697 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
698 if (addr == wp->vaddr && len == wp->len
699 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
700 cpu_watchpoint_remove_by_ref(cpu, wp);
701 return 0;
702 }
703 }
704 return -ENOENT;
705 }
706
707 /* Remove a specific watchpoint by reference. */
708 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
709 {
710 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
711
712 tlb_flush_page(cpu, watchpoint->vaddr);
713
714 g_free(watchpoint);
715 }
716
717 /* Remove all matching watchpoints. */
718 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
719 {
720 CPUWatchpoint *wp, *next;
721
722 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
723 if (wp->flags & mask) {
724 cpu_watchpoint_remove_by_ref(cpu, wp);
725 }
726 }
727 }
728
729 /* Return true if this watchpoint address matches the specified
730 * access (ie the address range covered by the watchpoint overlaps
731 * partially or completely with the address range covered by the
732 * access).
733 */
734 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
735 vaddr addr,
736 vaddr len)
737 {
738 /* We know the lengths are non-zero, but a little caution is
739 * required to avoid errors in the case where the range ends
740 * exactly at the top of the address space and so addr + len
741 * wraps round to zero.
742 */
743 vaddr wpend = wp->vaddr + wp->len - 1;
744 vaddr addrend = addr + len - 1;
745
746 return !(addr > wpend || wp->vaddr > addrend);
747 }
748
749 #endif
750
751 /* Add a breakpoint. */
752 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
753 CPUBreakpoint **breakpoint)
754 {
755 CPUBreakpoint *bp;
756
757 bp = g_malloc(sizeof(*bp));
758
759 bp->pc = pc;
760 bp->flags = flags;
761
762 /* keep all GDB-injected breakpoints in front */
763 if (flags & BP_GDB) {
764 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
765 } else {
766 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
767 }
768
769 breakpoint_invalidate(cpu, pc);
770
771 if (breakpoint) {
772 *breakpoint = bp;
773 }
774 return 0;
775 }
776
777 /* Remove a specific breakpoint. */
778 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
779 {
780 CPUBreakpoint *bp;
781
782 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
783 if (bp->pc == pc && bp->flags == flags) {
784 cpu_breakpoint_remove_by_ref(cpu, bp);
785 return 0;
786 }
787 }
788 return -ENOENT;
789 }
790
791 /* Remove a specific breakpoint by reference. */
792 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
793 {
794 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
795
796 breakpoint_invalidate(cpu, breakpoint->pc);
797
798 g_free(breakpoint);
799 }
800
801 /* Remove all matching breakpoints. */
802 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
803 {
804 CPUBreakpoint *bp, *next;
805
806 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
807 if (bp->flags & mask) {
808 cpu_breakpoint_remove_by_ref(cpu, bp);
809 }
810 }
811 }
812
813 /* enable or disable single step mode. EXCP_DEBUG is returned by the
814 CPU loop after each instruction */
815 void cpu_single_step(CPUState *cpu, int enabled)
816 {
817 if (cpu->singlestep_enabled != enabled) {
818 cpu->singlestep_enabled = enabled;
819 if (kvm_enabled()) {
820 kvm_update_guest_debug(cpu, 0);
821 } else {
822 /* must flush all the translated code to avoid inconsistencies */
823 /* XXX: only flush what is necessary */
824 tb_flush(cpu);
825 }
826 }
827 }
828
829 void QEMU_NORETURN cpu_abort(CPUState *cpu, const char *fmt, ...)
830 {
831 va_list ap;
832 va_list ap2;
833
834 va_start(ap, fmt);
835 va_copy(ap2, ap);
836 fprintf(stderr, "qemu: fatal: ");
837 vfprintf(stderr, fmt, ap);
838 fprintf(stderr, "\n");
839 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
840 if (qemu_log_enabled()) {
841 qemu_log("qemu: fatal: ");
842 qemu_log_vprintf(fmt, ap2);
843 qemu_log("\n");
844 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
845 qemu_log_flush();
846 qemu_log_close();
847 }
848 va_end(ap2);
849 va_end(ap);
850 #if defined(CONFIG_USER_ONLY)
851 {
852 struct sigaction act;
853 sigfillset(&act.sa_mask);
854 act.sa_handler = SIG_DFL;
855 sigaction(SIGABRT, &act, NULL);
856 }
857 #endif
858 abort();
859 }
860
861 #if !defined(CONFIG_USER_ONLY)
862 /* Called from RCU critical section */
863 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
864 {
865 RAMBlock *block;
866
867 block = atomic_rcu_read(&ram_list.mru_block);
868 if (block && addr - block->offset < block->max_length) {
869 goto found;
870 }
871 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
872 if (addr - block->offset < block->max_length) {
873 goto found;
874 }
875 }
876
877 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
878 abort();
879
880 found:
881 /* It is safe to write mru_block outside the iothread lock. This
882 * is what happens:
883 *
884 * mru_block = xxx
885 * rcu_read_unlock()
886 * xxx removed from list
887 * rcu_read_lock()
888 * read mru_block
889 * mru_block = NULL;
890 * call_rcu(reclaim_ramblock, xxx);
891 * rcu_read_unlock()
892 *
893 * atomic_rcu_set is not needed here. The block was already published
894 * when it was placed into the list. Here we're just making an extra
895 * copy of the pointer.
896 */
897 ram_list.mru_block = block;
898 return block;
899 }
900
901 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
902 {
903 ram_addr_t start1;
904 RAMBlock *block;
905 ram_addr_t end;
906
907 end = TARGET_PAGE_ALIGN(start + length);
908 start &= TARGET_PAGE_MASK;
909
910 rcu_read_lock();
911 block = qemu_get_ram_block(start);
912 assert(block == qemu_get_ram_block(end - 1));
913 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
914 cpu_tlb_reset_dirty_all(start1, length);
915 rcu_read_unlock();
916 }
917
918 /* Note: start and end must be within the same ram block. */
919 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
920 ram_addr_t length,
921 unsigned client)
922 {
923 unsigned long end, page;
924 bool dirty;
925
926 if (length == 0) {
927 return false;
928 }
929
930 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
931 page = start >> TARGET_PAGE_BITS;
932 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
933 page, end - page);
934
935 if (dirty && tcg_enabled()) {
936 tlb_reset_dirty_range_all(start, length);
937 }
938
939 return dirty;
940 }
941
942 /* Called from RCU critical section */
943 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
944 MemoryRegionSection *section,
945 target_ulong vaddr,
946 hwaddr paddr, hwaddr xlat,
947 int prot,
948 target_ulong *address)
949 {
950 hwaddr iotlb;
951 CPUWatchpoint *wp;
952
953 if (memory_region_is_ram(section->mr)) {
954 /* Normal RAM. */
955 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
956 + xlat;
957 if (!section->readonly) {
958 iotlb |= PHYS_SECTION_NOTDIRTY;
959 } else {
960 iotlb |= PHYS_SECTION_ROM;
961 }
962 } else {
963 iotlb = section - section->address_space->dispatch->map.sections;
964 iotlb += xlat;
965 }
966
967 /* Make accesses to pages with watchpoints go via the
968 watchpoint trap routines. */
969 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
970 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
971 /* Avoid trapping reads of pages with a write breakpoint. */
972 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
973 iotlb = PHYS_SECTION_WATCH + paddr;
974 *address |= TLB_MMIO;
975 break;
976 }
977 }
978 }
979
980 return iotlb;
981 }
982 #endif /* defined(CONFIG_USER_ONLY) */
983
984 #if !defined(CONFIG_USER_ONLY)
985
986 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
987 uint16_t section);
988 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
989
990 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
991 qemu_anon_ram_alloc;
992
993 /*
994 * Set a custom physical guest memory alloator.
995 * Accelerators with unusual needs may need this. Hopefully, we can
996 * get rid of it eventually.
997 */
998 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
999 {
1000 phys_mem_alloc = alloc;
1001 }
1002
1003 static uint16_t phys_section_add(PhysPageMap *map,
1004 MemoryRegionSection *section)
1005 {
1006 /* The physical section number is ORed with a page-aligned
1007 * pointer to produce the iotlb entries. Thus it should
1008 * never overflow into the page-aligned value.
1009 */
1010 assert(map->sections_nb < TARGET_PAGE_SIZE);
1011
1012 if (map->sections_nb == map->sections_nb_alloc) {
1013 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1014 map->sections = g_renew(MemoryRegionSection, map->sections,
1015 map->sections_nb_alloc);
1016 }
1017 map->sections[map->sections_nb] = *section;
1018 memory_region_ref(section->mr);
1019 return map->sections_nb++;
1020 }
1021
1022 static void phys_section_destroy(MemoryRegion *mr)
1023 {
1024 memory_region_unref(mr);
1025
1026 if (mr->subpage) {
1027 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1028 object_unref(OBJECT(&subpage->iomem));
1029 g_free(subpage);
1030 }
1031 }
1032
1033 static void phys_sections_free(PhysPageMap *map)
1034 {
1035 while (map->sections_nb > 0) {
1036 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1037 phys_section_destroy(section->mr);
1038 }
1039 g_free(map->sections);
1040 g_free(map->nodes);
1041 }
1042
1043 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1044 {
1045 subpage_t *subpage;
1046 hwaddr base = section->offset_within_address_space
1047 & TARGET_PAGE_MASK;
1048 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1049 d->map.nodes, d->map.sections);
1050 MemoryRegionSection subsection = {
1051 .offset_within_address_space = base,
1052 .size = int128_make64(TARGET_PAGE_SIZE),
1053 };
1054 hwaddr start, end;
1055
1056 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1057
1058 if (!(existing->mr->subpage)) {
1059 subpage = subpage_init(d->as, base);
1060 subsection.address_space = d->as;
1061 subsection.mr = &subpage->iomem;
1062 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1063 phys_section_add(&d->map, &subsection));
1064 } else {
1065 subpage = container_of(existing->mr, subpage_t, iomem);
1066 }
1067 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1068 end = start + int128_get64(section->size) - 1;
1069 subpage_register(subpage, start, end,
1070 phys_section_add(&d->map, section));
1071 }
1072
1073
1074 static void register_multipage(AddressSpaceDispatch *d,
1075 MemoryRegionSection *section)
1076 {
1077 hwaddr start_addr = section->offset_within_address_space;
1078 uint16_t section_index = phys_section_add(&d->map, section);
1079 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1080 TARGET_PAGE_BITS));
1081
1082 assert(num_pages);
1083 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1084 }
1085
1086 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1087 {
1088 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1089 AddressSpaceDispatch *d = as->next_dispatch;
1090 MemoryRegionSection now = *section, remain = *section;
1091 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1092
1093 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1094 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1095 - now.offset_within_address_space;
1096
1097 now.size = int128_min(int128_make64(left), now.size);
1098 register_subpage(d, &now);
1099 } else {
1100 now.size = int128_zero();
1101 }
1102 while (int128_ne(remain.size, now.size)) {
1103 remain.size = int128_sub(remain.size, now.size);
1104 remain.offset_within_address_space += int128_get64(now.size);
1105 remain.offset_within_region += int128_get64(now.size);
1106 now = remain;
1107 if (int128_lt(remain.size, page_size)) {
1108 register_subpage(d, &now);
1109 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1110 now.size = page_size;
1111 register_subpage(d, &now);
1112 } else {
1113 now.size = int128_and(now.size, int128_neg(page_size));
1114 register_multipage(d, &now);
1115 }
1116 }
1117 }
1118
1119 void qemu_flush_coalesced_mmio_buffer(void)
1120 {
1121 if (kvm_enabled())
1122 kvm_flush_coalesced_mmio_buffer();
1123 }
1124
1125 void qemu_mutex_lock_ramlist(void)
1126 {
1127 qemu_mutex_lock(&ram_list.mutex);
1128 }
1129
1130 void qemu_mutex_unlock_ramlist(void)
1131 {
1132 qemu_mutex_unlock(&ram_list.mutex);
1133 }
1134
1135 #ifdef __linux__
1136
1137 #include <sys/vfs.h>
1138
1139 #define HUGETLBFS_MAGIC 0x958458f6
1140
1141 static long gethugepagesize(const char *path, Error **errp)
1142 {
1143 struct statfs fs;
1144 int ret;
1145
1146 do {
1147 ret = statfs(path, &fs);
1148 } while (ret != 0 && errno == EINTR);
1149
1150 if (ret != 0) {
1151 error_setg_errno(errp, errno, "failed to get page size of file %s",
1152 path);
1153 return 0;
1154 }
1155
1156 if (fs.f_type != HUGETLBFS_MAGIC)
1157 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1158
1159 return fs.f_bsize;
1160 }
1161
1162 static void *file_ram_alloc(RAMBlock *block,
1163 ram_addr_t memory,
1164 const char *path,
1165 Error **errp)
1166 {
1167 char *filename;
1168 char *sanitized_name;
1169 char *c;
1170 void * volatile area = NULL;
1171 int fd;
1172 uint64_t hpagesize;
1173 Error *local_err = NULL;
1174
1175 hpagesize = gethugepagesize(path, &local_err);
1176 if (local_err) {
1177 error_propagate(errp, local_err);
1178 goto error;
1179 }
1180 block->mr->align = hpagesize;
1181
1182 if (memory < hpagesize) {
1183 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1184 "or larger than huge page size 0x%" PRIx64,
1185 memory, hpagesize);
1186 goto error;
1187 }
1188
1189 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1190 error_setg(errp,
1191 "host lacks kvm mmu notifiers, -mem-path unsupported");
1192 goto error;
1193 }
1194
1195 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1196 sanitized_name = g_strdup(memory_region_name(block->mr));
1197 for (c = sanitized_name; *c != '\0'; c++) {
1198 if (*c == '/')
1199 *c = '_';
1200 }
1201
1202 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1203 sanitized_name);
1204 g_free(sanitized_name);
1205
1206 fd = mkstemp(filename);
1207 if (fd < 0) {
1208 error_setg_errno(errp, errno,
1209 "unable to create backing store for hugepages");
1210 g_free(filename);
1211 goto error;
1212 }
1213 unlink(filename);
1214 g_free(filename);
1215
1216 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1217
1218 /*
1219 * ftruncate is not supported by hugetlbfs in older
1220 * hosts, so don't bother bailing out on errors.
1221 * If anything goes wrong with it under other filesystems,
1222 * mmap will fail.
1223 */
1224 if (ftruncate(fd, memory)) {
1225 perror("ftruncate");
1226 }
1227
1228 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1229 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1230 fd, 0);
1231 if (area == MAP_FAILED) {
1232 error_setg_errno(errp, errno,
1233 "unable to map backing store for hugepages");
1234 close(fd);
1235 goto error;
1236 }
1237
1238 if (mem_prealloc) {
1239 os_mem_prealloc(fd, area, memory);
1240 }
1241
1242 block->fd = fd;
1243 return area;
1244
1245 error:
1246 if (mem_prealloc) {
1247 error_report("%s", error_get_pretty(*errp));
1248 exit(1);
1249 }
1250 return NULL;
1251 }
1252 #endif
1253
1254 /* Called with the ramlist lock held. */
1255 static ram_addr_t find_ram_offset(ram_addr_t size)
1256 {
1257 RAMBlock *block, *next_block;
1258 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1259
1260 assert(size != 0); /* it would hand out same offset multiple times */
1261
1262 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1263 return 0;
1264 }
1265
1266 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1267 ram_addr_t end, next = RAM_ADDR_MAX;
1268
1269 end = block->offset + block->max_length;
1270
1271 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1272 if (next_block->offset >= end) {
1273 next = MIN(next, next_block->offset);
1274 }
1275 }
1276 if (next - end >= size && next - end < mingap) {
1277 offset = end;
1278 mingap = next - end;
1279 }
1280 }
1281
1282 if (offset == RAM_ADDR_MAX) {
1283 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1284 (uint64_t)size);
1285 abort();
1286 }
1287
1288 return offset;
1289 }
1290
1291 ram_addr_t last_ram_offset(void)
1292 {
1293 RAMBlock *block;
1294 ram_addr_t last = 0;
1295
1296 rcu_read_lock();
1297 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1298 last = MAX(last, block->offset + block->max_length);
1299 }
1300 rcu_read_unlock();
1301 return last;
1302 }
1303
1304 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1305 {
1306 int ret;
1307
1308 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1309 if (!machine_dump_guest_core(current_machine)) {
1310 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1311 if (ret) {
1312 perror("qemu_madvise");
1313 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1314 "but dump_guest_core=off specified\n");
1315 }
1316 }
1317 }
1318
1319 /* Called within an RCU critical section, or while the ramlist lock
1320 * is held.
1321 */
1322 static RAMBlock *find_ram_block(ram_addr_t addr)
1323 {
1324 RAMBlock *block;
1325
1326 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1327 if (block->offset == addr) {
1328 return block;
1329 }
1330 }
1331
1332 return NULL;
1333 }
1334
1335 /* Called with iothread lock held. */
1336 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1337 {
1338 RAMBlock *new_block, *block;
1339
1340 rcu_read_lock();
1341 new_block = find_ram_block(addr);
1342 assert(new_block);
1343 assert(!new_block->idstr[0]);
1344
1345 if (dev) {
1346 char *id = qdev_get_dev_path(dev);
1347 if (id) {
1348 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1349 g_free(id);
1350 }
1351 }
1352 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1353
1354 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1355 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1356 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1357 new_block->idstr);
1358 abort();
1359 }
1360 }
1361 rcu_read_unlock();
1362 }
1363
1364 /* Called with iothread lock held. */
1365 void qemu_ram_unset_idstr(ram_addr_t addr)
1366 {
1367 RAMBlock *block;
1368
1369 /* FIXME: arch_init.c assumes that this is not called throughout
1370 * migration. Ignore the problem since hot-unplug during migration
1371 * does not work anyway.
1372 */
1373
1374 rcu_read_lock();
1375 block = find_ram_block(addr);
1376 if (block) {
1377 memset(block->idstr, 0, sizeof(block->idstr));
1378 }
1379 rcu_read_unlock();
1380 }
1381
1382 static int memory_try_enable_merging(void *addr, size_t len)
1383 {
1384 if (!machine_mem_merge(current_machine)) {
1385 /* disabled by the user */
1386 return 0;
1387 }
1388
1389 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1390 }
1391
1392 /* Only legal before guest might have detected the memory size: e.g. on
1393 * incoming migration, or right after reset.
1394 *
1395 * As memory core doesn't know how is memory accessed, it is up to
1396 * resize callback to update device state and/or add assertions to detect
1397 * misuse, if necessary.
1398 */
1399 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1400 {
1401 RAMBlock *block = find_ram_block(base);
1402
1403 assert(block);
1404
1405 newsize = TARGET_PAGE_ALIGN(newsize);
1406
1407 if (block->used_length == newsize) {
1408 return 0;
1409 }
1410
1411 if (!(block->flags & RAM_RESIZEABLE)) {
1412 error_setg_errno(errp, EINVAL,
1413 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1414 " in != 0x" RAM_ADDR_FMT, block->idstr,
1415 newsize, block->used_length);
1416 return -EINVAL;
1417 }
1418
1419 if (block->max_length < newsize) {
1420 error_setg_errno(errp, EINVAL,
1421 "Length too large: %s: 0x" RAM_ADDR_FMT
1422 " > 0x" RAM_ADDR_FMT, block->idstr,
1423 newsize, block->max_length);
1424 return -EINVAL;
1425 }
1426
1427 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1428 block->used_length = newsize;
1429 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1430 DIRTY_CLIENTS_ALL);
1431 memory_region_set_size(block->mr, newsize);
1432 if (block->resized) {
1433 block->resized(block->idstr, newsize, block->host);
1434 }
1435 return 0;
1436 }
1437
1438 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1439 {
1440 RAMBlock *block;
1441 RAMBlock *last_block = NULL;
1442 ram_addr_t old_ram_size, new_ram_size;
1443
1444 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1445
1446 qemu_mutex_lock_ramlist();
1447 new_block->offset = find_ram_offset(new_block->max_length);
1448
1449 if (!new_block->host) {
1450 if (xen_enabled()) {
1451 xen_ram_alloc(new_block->offset, new_block->max_length,
1452 new_block->mr);
1453 } else {
1454 new_block->host = phys_mem_alloc(new_block->max_length,
1455 &new_block->mr->align);
1456 if (!new_block->host) {
1457 error_setg_errno(errp, errno,
1458 "cannot set up guest memory '%s'",
1459 memory_region_name(new_block->mr));
1460 qemu_mutex_unlock_ramlist();
1461 return -1;
1462 }
1463 memory_try_enable_merging(new_block->host, new_block->max_length);
1464 }
1465 }
1466
1467 new_ram_size = MAX(old_ram_size,
1468 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1469 if (new_ram_size > old_ram_size) {
1470 migration_bitmap_extend(old_ram_size, new_ram_size);
1471 }
1472 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1473 * QLIST (which has an RCU-friendly variant) does not have insertion at
1474 * tail, so save the last element in last_block.
1475 */
1476 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1477 last_block = block;
1478 if (block->max_length < new_block->max_length) {
1479 break;
1480 }
1481 }
1482 if (block) {
1483 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1484 } else if (last_block) {
1485 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1486 } else { /* list is empty */
1487 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1488 }
1489 ram_list.mru_block = NULL;
1490
1491 /* Write list before version */
1492 smp_wmb();
1493 ram_list.version++;
1494 qemu_mutex_unlock_ramlist();
1495
1496 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1497
1498 if (new_ram_size > old_ram_size) {
1499 int i;
1500
1501 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1502 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1503 ram_list.dirty_memory[i] =
1504 bitmap_zero_extend(ram_list.dirty_memory[i],
1505 old_ram_size, new_ram_size);
1506 }
1507 }
1508 cpu_physical_memory_set_dirty_range(new_block->offset,
1509 new_block->used_length,
1510 DIRTY_CLIENTS_ALL);
1511
1512 if (new_block->host) {
1513 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1514 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1515 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1516 if (kvm_enabled()) {
1517 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1518 }
1519 }
1520
1521 return new_block->offset;
1522 }
1523
1524 #ifdef __linux__
1525 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1526 bool share, const char *mem_path,
1527 Error **errp)
1528 {
1529 RAMBlock *new_block;
1530 ram_addr_t addr;
1531 Error *local_err = NULL;
1532
1533 if (xen_enabled()) {
1534 error_setg(errp, "-mem-path not supported with Xen");
1535 return -1;
1536 }
1537
1538 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1539 /*
1540 * file_ram_alloc() needs to allocate just like
1541 * phys_mem_alloc, but we haven't bothered to provide
1542 * a hook there.
1543 */
1544 error_setg(errp,
1545 "-mem-path not supported with this accelerator");
1546 return -1;
1547 }
1548
1549 size = TARGET_PAGE_ALIGN(size);
1550 new_block = g_malloc0(sizeof(*new_block));
1551 new_block->mr = mr;
1552 new_block->used_length = size;
1553 new_block->max_length = size;
1554 new_block->flags = share ? RAM_SHARED : 0;
1555 new_block->host = file_ram_alloc(new_block, size,
1556 mem_path, errp);
1557 if (!new_block->host) {
1558 g_free(new_block);
1559 return -1;
1560 }
1561
1562 addr = ram_block_add(new_block, &local_err);
1563 if (local_err) {
1564 g_free(new_block);
1565 error_propagate(errp, local_err);
1566 return -1;
1567 }
1568 return addr;
1569 }
1570 #endif
1571
1572 static
1573 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1574 void (*resized)(const char*,
1575 uint64_t length,
1576 void *host),
1577 void *host, bool resizeable,
1578 MemoryRegion *mr, Error **errp)
1579 {
1580 RAMBlock *new_block;
1581 ram_addr_t addr;
1582 Error *local_err = NULL;
1583
1584 size = TARGET_PAGE_ALIGN(size);
1585 max_size = TARGET_PAGE_ALIGN(max_size);
1586 new_block = g_malloc0(sizeof(*new_block));
1587 new_block->mr = mr;
1588 new_block->resized = resized;
1589 new_block->used_length = size;
1590 new_block->max_length = max_size;
1591 assert(max_size >= size);
1592 new_block->fd = -1;
1593 new_block->host = host;
1594 if (host) {
1595 new_block->flags |= RAM_PREALLOC;
1596 }
1597 if (resizeable) {
1598 new_block->flags |= RAM_RESIZEABLE;
1599 }
1600 addr = ram_block_add(new_block, &local_err);
1601 if (local_err) {
1602 g_free(new_block);
1603 error_propagate(errp, local_err);
1604 return -1;
1605 }
1606 return addr;
1607 }
1608
1609 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1610 MemoryRegion *mr, Error **errp)
1611 {
1612 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1613 }
1614
1615 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1616 {
1617 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1618 }
1619
1620 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1621 void (*resized)(const char*,
1622 uint64_t length,
1623 void *host),
1624 MemoryRegion *mr, Error **errp)
1625 {
1626 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1627 }
1628
1629 void qemu_ram_free_from_ptr(ram_addr_t addr)
1630 {
1631 RAMBlock *block;
1632
1633 qemu_mutex_lock_ramlist();
1634 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1635 if (addr == block->offset) {
1636 QLIST_REMOVE_RCU(block, next);
1637 ram_list.mru_block = NULL;
1638 /* Write list before version */
1639 smp_wmb();
1640 ram_list.version++;
1641 g_free_rcu(block, rcu);
1642 break;
1643 }
1644 }
1645 qemu_mutex_unlock_ramlist();
1646 }
1647
1648 static void reclaim_ramblock(RAMBlock *block)
1649 {
1650 if (block->flags & RAM_PREALLOC) {
1651 ;
1652 } else if (xen_enabled()) {
1653 xen_invalidate_map_cache_entry(block->host);
1654 #ifndef _WIN32
1655 } else if (block->fd >= 0) {
1656 munmap(block->host, block->max_length);
1657 close(block->fd);
1658 #endif
1659 } else {
1660 qemu_anon_ram_free(block->host, block->max_length);
1661 }
1662 g_free(block);
1663 }
1664
1665 void qemu_ram_free(ram_addr_t addr)
1666 {
1667 RAMBlock *block;
1668
1669 qemu_mutex_lock_ramlist();
1670 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1671 if (addr == block->offset) {
1672 QLIST_REMOVE_RCU(block, next);
1673 ram_list.mru_block = NULL;
1674 /* Write list before version */
1675 smp_wmb();
1676 ram_list.version++;
1677 call_rcu(block, reclaim_ramblock, rcu);
1678 break;
1679 }
1680 }
1681 qemu_mutex_unlock_ramlist();
1682 }
1683
1684 #ifndef _WIN32
1685 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1686 {
1687 RAMBlock *block;
1688 ram_addr_t offset;
1689 int flags;
1690 void *area, *vaddr;
1691
1692 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1693 offset = addr - block->offset;
1694 if (offset < block->max_length) {
1695 vaddr = ramblock_ptr(block, offset);
1696 if (block->flags & RAM_PREALLOC) {
1697 ;
1698 } else if (xen_enabled()) {
1699 abort();
1700 } else {
1701 flags = MAP_FIXED;
1702 if (block->fd >= 0) {
1703 flags |= (block->flags & RAM_SHARED ?
1704 MAP_SHARED : MAP_PRIVATE);
1705 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1706 flags, block->fd, offset);
1707 } else {
1708 /*
1709 * Remap needs to match alloc. Accelerators that
1710 * set phys_mem_alloc never remap. If they did,
1711 * we'd need a remap hook here.
1712 */
1713 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1714
1715 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1716 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1717 flags, -1, 0);
1718 }
1719 if (area != vaddr) {
1720 fprintf(stderr, "Could not remap addr: "
1721 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1722 length, addr);
1723 exit(1);
1724 }
1725 memory_try_enable_merging(vaddr, length);
1726 qemu_ram_setup_dump(vaddr, length);
1727 }
1728 }
1729 }
1730 }
1731 #endif /* !_WIN32 */
1732
1733 int qemu_get_ram_fd(ram_addr_t addr)
1734 {
1735 RAMBlock *block;
1736 int fd;
1737
1738 rcu_read_lock();
1739 block = qemu_get_ram_block(addr);
1740 fd = block->fd;
1741 rcu_read_unlock();
1742 return fd;
1743 }
1744
1745 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1746 {
1747 RAMBlock *block;
1748 void *ptr;
1749
1750 rcu_read_lock();
1751 block = qemu_get_ram_block(addr);
1752 ptr = ramblock_ptr(block, 0);
1753 rcu_read_unlock();
1754 return ptr;
1755 }
1756
1757 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1758 * This should not be used for general purpose DMA. Use address_space_map
1759 * or address_space_rw instead. For local memory (e.g. video ram) that the
1760 * device owns, use memory_region_get_ram_ptr.
1761 *
1762 * By the time this function returns, the returned pointer is not protected
1763 * by RCU anymore. If the caller is not within an RCU critical section and
1764 * does not hold the iothread lock, it must have other means of protecting the
1765 * pointer, such as a reference to the region that includes the incoming
1766 * ram_addr_t.
1767 */
1768 void *qemu_get_ram_ptr(ram_addr_t addr)
1769 {
1770 RAMBlock *block;
1771 void *ptr;
1772
1773 rcu_read_lock();
1774 block = qemu_get_ram_block(addr);
1775
1776 if (xen_enabled() && block->host == NULL) {
1777 /* We need to check if the requested address is in the RAM
1778 * because we don't want to map the entire memory in QEMU.
1779 * In that case just map until the end of the page.
1780 */
1781 if (block->offset == 0) {
1782 ptr = xen_map_cache(addr, 0, 0);
1783 goto unlock;
1784 }
1785
1786 block->host = xen_map_cache(block->offset, block->max_length, 1);
1787 }
1788 ptr = ramblock_ptr(block, addr - block->offset);
1789
1790 unlock:
1791 rcu_read_unlock();
1792 return ptr;
1793 }
1794
1795 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1796 * but takes a size argument.
1797 *
1798 * By the time this function returns, the returned pointer is not protected
1799 * by RCU anymore. If the caller is not within an RCU critical section and
1800 * does not hold the iothread lock, it must have other means of protecting the
1801 * pointer, such as a reference to the region that includes the incoming
1802 * ram_addr_t.
1803 */
1804 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1805 {
1806 void *ptr;
1807 if (*size == 0) {
1808 return NULL;
1809 }
1810 if (xen_enabled()) {
1811 return xen_map_cache(addr, *size, 1);
1812 } else {
1813 RAMBlock *block;
1814 rcu_read_lock();
1815 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1816 if (addr - block->offset < block->max_length) {
1817 if (addr - block->offset + *size > block->max_length)
1818 *size = block->max_length - addr + block->offset;
1819 ptr = ramblock_ptr(block, addr - block->offset);
1820 rcu_read_unlock();
1821 return ptr;
1822 }
1823 }
1824
1825 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1826 abort();
1827 }
1828 }
1829
1830 /* Some of the softmmu routines need to translate from a host pointer
1831 * (typically a TLB entry) back to a ram offset.
1832 *
1833 * By the time this function returns, the returned pointer is not protected
1834 * by RCU anymore. If the caller is not within an RCU critical section and
1835 * does not hold the iothread lock, it must have other means of protecting the
1836 * pointer, such as a reference to the region that includes the incoming
1837 * ram_addr_t.
1838 */
1839 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1840 {
1841 RAMBlock *block;
1842 uint8_t *host = ptr;
1843 MemoryRegion *mr;
1844
1845 if (xen_enabled()) {
1846 rcu_read_lock();
1847 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1848 mr = qemu_get_ram_block(*ram_addr)->mr;
1849 rcu_read_unlock();
1850 return mr;
1851 }
1852
1853 rcu_read_lock();
1854 block = atomic_rcu_read(&ram_list.mru_block);
1855 if (block && block->host && host - block->host < block->max_length) {
1856 goto found;
1857 }
1858
1859 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1860 /* This case append when the block is not mapped. */
1861 if (block->host == NULL) {
1862 continue;
1863 }
1864 if (host - block->host < block->max_length) {
1865 goto found;
1866 }
1867 }
1868
1869 rcu_read_unlock();
1870 return NULL;
1871
1872 found:
1873 *ram_addr = block->offset + (host - block->host);
1874 mr = block->mr;
1875 rcu_read_unlock();
1876 return mr;
1877 }
1878
1879 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1880 uint64_t val, unsigned size)
1881 {
1882 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1883 tb_invalidate_phys_page_fast(ram_addr, size);
1884 }
1885 switch (size) {
1886 case 1:
1887 stb_p(qemu_get_ram_ptr(ram_addr), val);
1888 break;
1889 case 2:
1890 stw_p(qemu_get_ram_ptr(ram_addr), val);
1891 break;
1892 case 4:
1893 stl_p(qemu_get_ram_ptr(ram_addr), val);
1894 break;
1895 default:
1896 abort();
1897 }
1898 /* Set both VGA and migration bits for simplicity and to remove
1899 * the notdirty callback faster.
1900 */
1901 cpu_physical_memory_set_dirty_range(ram_addr, size,
1902 DIRTY_CLIENTS_NOCODE);
1903 /* we remove the notdirty callback only if the code has been
1904 flushed */
1905 if (!cpu_physical_memory_is_clean(ram_addr)) {
1906 CPUArchState *env = current_cpu->env_ptr;
1907 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1908 }
1909 }
1910
1911 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1912 unsigned size, bool is_write)
1913 {
1914 return is_write;
1915 }
1916
1917 static const MemoryRegionOps notdirty_mem_ops = {
1918 .write = notdirty_mem_write,
1919 .valid.accepts = notdirty_mem_accepts,
1920 .endianness = DEVICE_NATIVE_ENDIAN,
1921 };
1922
1923 /* Generate a debug exception if a watchpoint has been hit. */
1924 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1925 {
1926 CPUState *cpu = current_cpu;
1927 CPUArchState *env = cpu->env_ptr;
1928 target_ulong pc, cs_base;
1929 target_ulong vaddr;
1930 CPUWatchpoint *wp;
1931 int cpu_flags;
1932
1933 if (cpu->watchpoint_hit) {
1934 /* We re-entered the check after replacing the TB. Now raise
1935 * the debug interrupt so that is will trigger after the
1936 * current instruction. */
1937 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1938 return;
1939 }
1940 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1941 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1942 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1943 && (wp->flags & flags)) {
1944 if (flags == BP_MEM_READ) {
1945 wp->flags |= BP_WATCHPOINT_HIT_READ;
1946 } else {
1947 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1948 }
1949 wp->hitaddr = vaddr;
1950 wp->hitattrs = attrs;
1951 if (!cpu->watchpoint_hit) {
1952 cpu->watchpoint_hit = wp;
1953 tb_check_watchpoint(cpu);
1954 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1955 cpu->exception_index = EXCP_DEBUG;
1956 cpu_loop_exit(cpu);
1957 } else {
1958 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1959 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1960 cpu_resume_from_signal(cpu, NULL);
1961 }
1962 }
1963 } else {
1964 wp->flags &= ~BP_WATCHPOINT_HIT;
1965 }
1966 }
1967 }
1968
1969 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1970 so these check for a hit then pass through to the normal out-of-line
1971 phys routines. */
1972 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
1973 unsigned size, MemTxAttrs attrs)
1974 {
1975 MemTxResult res;
1976 uint64_t data;
1977
1978 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1979 switch (size) {
1980 case 1:
1981 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
1982 break;
1983 case 2:
1984 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
1985 break;
1986 case 4:
1987 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
1988 break;
1989 default: abort();
1990 }
1991 *pdata = data;
1992 return res;
1993 }
1994
1995 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
1996 uint64_t val, unsigned size,
1997 MemTxAttrs attrs)
1998 {
1999 MemTxResult res;
2000
2001 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2002 switch (size) {
2003 case 1:
2004 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2005 break;
2006 case 2:
2007 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2008 break;
2009 case 4:
2010 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2011 break;
2012 default: abort();
2013 }
2014 return res;
2015 }
2016
2017 static const MemoryRegionOps watch_mem_ops = {
2018 .read_with_attrs = watch_mem_read,
2019 .write_with_attrs = watch_mem_write,
2020 .endianness = DEVICE_NATIVE_ENDIAN,
2021 };
2022
2023 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2024 unsigned len, MemTxAttrs attrs)
2025 {
2026 subpage_t *subpage = opaque;
2027 uint8_t buf[8];
2028 MemTxResult res;
2029
2030 #if defined(DEBUG_SUBPAGE)
2031 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2032 subpage, len, addr);
2033 #endif
2034 res = address_space_read(subpage->as, addr + subpage->base,
2035 attrs, buf, len);
2036 if (res) {
2037 return res;
2038 }
2039 switch (len) {
2040 case 1:
2041 *data = ldub_p(buf);
2042 return MEMTX_OK;
2043 case 2:
2044 *data = lduw_p(buf);
2045 return MEMTX_OK;
2046 case 4:
2047 *data = ldl_p(buf);
2048 return MEMTX_OK;
2049 case 8:
2050 *data = ldq_p(buf);
2051 return MEMTX_OK;
2052 default:
2053 abort();
2054 }
2055 }
2056
2057 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2058 uint64_t value, unsigned len, MemTxAttrs attrs)
2059 {
2060 subpage_t *subpage = opaque;
2061 uint8_t buf[8];
2062
2063 #if defined(DEBUG_SUBPAGE)
2064 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2065 " value %"PRIx64"\n",
2066 __func__, subpage, len, addr, value);
2067 #endif
2068 switch (len) {
2069 case 1:
2070 stb_p(buf, value);
2071 break;
2072 case 2:
2073 stw_p(buf, value);
2074 break;
2075 case 4:
2076 stl_p(buf, value);
2077 break;
2078 case 8:
2079 stq_p(buf, value);
2080 break;
2081 default:
2082 abort();
2083 }
2084 return address_space_write(subpage->as, addr + subpage->base,
2085 attrs, buf, len);
2086 }
2087
2088 static bool subpage_accepts(void *opaque, hwaddr addr,
2089 unsigned len, bool is_write)
2090 {
2091 subpage_t *subpage = opaque;
2092 #if defined(DEBUG_SUBPAGE)
2093 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2094 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2095 #endif
2096
2097 return address_space_access_valid(subpage->as, addr + subpage->base,
2098 len, is_write);
2099 }
2100
2101 static const MemoryRegionOps subpage_ops = {
2102 .read_with_attrs = subpage_read,
2103 .write_with_attrs = subpage_write,
2104 .impl.min_access_size = 1,
2105 .impl.max_access_size = 8,
2106 .valid.min_access_size = 1,
2107 .valid.max_access_size = 8,
2108 .valid.accepts = subpage_accepts,
2109 .endianness = DEVICE_NATIVE_ENDIAN,
2110 };
2111
2112 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2113 uint16_t section)
2114 {
2115 int idx, eidx;
2116
2117 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2118 return -1;
2119 idx = SUBPAGE_IDX(start);
2120 eidx = SUBPAGE_IDX(end);
2121 #if defined(DEBUG_SUBPAGE)
2122 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2123 __func__, mmio, start, end, idx, eidx, section);
2124 #endif
2125 for (; idx <= eidx; idx++) {
2126 mmio->sub_section[idx] = section;
2127 }
2128
2129 return 0;
2130 }
2131
2132 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2133 {
2134 subpage_t *mmio;
2135
2136 mmio = g_malloc0(sizeof(subpage_t));
2137
2138 mmio->as = as;
2139 mmio->base = base;
2140 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2141 NULL, TARGET_PAGE_SIZE);
2142 mmio->iomem.subpage = true;
2143 #if defined(DEBUG_SUBPAGE)
2144 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2145 mmio, base, TARGET_PAGE_SIZE);
2146 #endif
2147 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2148
2149 return mmio;
2150 }
2151
2152 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2153 MemoryRegion *mr)
2154 {
2155 assert(as);
2156 MemoryRegionSection section = {
2157 .address_space = as,
2158 .mr = mr,
2159 .offset_within_address_space = 0,
2160 .offset_within_region = 0,
2161 .size = int128_2_64(),
2162 };
2163
2164 return phys_section_add(map, &section);
2165 }
2166
2167 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2168 {
2169 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2170 MemoryRegionSection *sections = d->map.sections;
2171
2172 return sections[index & ~TARGET_PAGE_MASK].mr;
2173 }
2174
2175 static void io_mem_init(void)
2176 {
2177 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2178 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2179 NULL, UINT64_MAX);
2180 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2181 NULL, UINT64_MAX);
2182 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2183 NULL, UINT64_MAX);
2184 }
2185
2186 static void mem_begin(MemoryListener *listener)
2187 {
2188 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2189 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2190 uint16_t n;
2191
2192 n = dummy_section(&d->map, as, &io_mem_unassigned);
2193 assert(n == PHYS_SECTION_UNASSIGNED);
2194 n = dummy_section(&d->map, as, &io_mem_notdirty);
2195 assert(n == PHYS_SECTION_NOTDIRTY);
2196 n = dummy_section(&d->map, as, &io_mem_rom);
2197 assert(n == PHYS_SECTION_ROM);
2198 n = dummy_section(&d->map, as, &io_mem_watch);
2199 assert(n == PHYS_SECTION_WATCH);
2200
2201 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2202 d->as = as;
2203 as->next_dispatch = d;
2204 }
2205
2206 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2207 {
2208 phys_sections_free(&d->map);
2209 g_free(d);
2210 }
2211
2212 static void mem_commit(MemoryListener *listener)
2213 {
2214 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2215 AddressSpaceDispatch *cur = as->dispatch;
2216 AddressSpaceDispatch *next = as->next_dispatch;
2217
2218 phys_page_compact_all(next, next->map.nodes_nb);
2219
2220 atomic_rcu_set(&as->dispatch, next);
2221 if (cur) {
2222 call_rcu(cur, address_space_dispatch_free, rcu);
2223 }
2224 }
2225
2226 static void tcg_commit(MemoryListener *listener)
2227 {
2228 CPUState *cpu;
2229
2230 /* since each CPU stores ram addresses in its TLB cache, we must
2231 reset the modified entries */
2232 /* XXX: slow ! */
2233 CPU_FOREACH(cpu) {
2234 /* FIXME: Disentangle the cpu.h circular files deps so we can
2235 directly get the right CPU from listener. */
2236 if (cpu->tcg_as_listener != listener) {
2237 continue;
2238 }
2239 cpu_reload_memory_map(cpu);
2240 }
2241 }
2242
2243 void address_space_init_dispatch(AddressSpace *as)
2244 {
2245 as->dispatch = NULL;
2246 as->dispatch_listener = (MemoryListener) {
2247 .begin = mem_begin,
2248 .commit = mem_commit,
2249 .region_add = mem_add,
2250 .region_nop = mem_add,
2251 .priority = 0,
2252 };
2253 memory_listener_register(&as->dispatch_listener, as);
2254 }
2255
2256 void address_space_unregister(AddressSpace *as)
2257 {
2258 memory_listener_unregister(&as->dispatch_listener);
2259 }
2260
2261 void address_space_destroy_dispatch(AddressSpace *as)
2262 {
2263 AddressSpaceDispatch *d = as->dispatch;
2264
2265 atomic_rcu_set(&as->dispatch, NULL);
2266 if (d) {
2267 call_rcu(d, address_space_dispatch_free, rcu);
2268 }
2269 }
2270
2271 static void memory_map_init(void)
2272 {
2273 system_memory = g_malloc(sizeof(*system_memory));
2274
2275 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2276 address_space_init(&address_space_memory, system_memory, "memory");
2277
2278 system_io = g_malloc(sizeof(*system_io));
2279 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2280 65536);
2281 address_space_init(&address_space_io, system_io, "I/O");
2282 }
2283
2284 MemoryRegion *get_system_memory(void)
2285 {
2286 return system_memory;
2287 }
2288
2289 MemoryRegion *get_system_io(void)
2290 {
2291 return system_io;
2292 }
2293
2294 #endif /* !defined(CONFIG_USER_ONLY) */
2295
2296 /* physical memory access (slow version, mainly for debug) */
2297 #if defined(CONFIG_USER_ONLY)
2298 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2299 uint8_t *buf, int len, int is_write)
2300 {
2301 int l, flags;
2302 target_ulong page;
2303 void * p;
2304
2305 while (len > 0) {
2306 page = addr & TARGET_PAGE_MASK;
2307 l = (page + TARGET_PAGE_SIZE) - addr;
2308 if (l > len)
2309 l = len;
2310 flags = page_get_flags(page);
2311 if (!(flags & PAGE_VALID))
2312 return -1;
2313 if (is_write) {
2314 if (!(flags & PAGE_WRITE))
2315 return -1;
2316 /* XXX: this code should not depend on lock_user */
2317 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2318 return -1;
2319 memcpy(p, buf, l);
2320 unlock_user(p, addr, l);
2321 } else {
2322 if (!(flags & PAGE_READ))
2323 return -1;
2324 /* XXX: this code should not depend on lock_user */
2325 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2326 return -1;
2327 memcpy(buf, p, l);
2328 unlock_user(p, addr, 0);
2329 }
2330 len -= l;
2331 buf += l;
2332 addr += l;
2333 }
2334 return 0;
2335 }
2336
2337 #else
2338
2339 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2340 hwaddr length)
2341 {
2342 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2343 /* No early return if dirty_log_mask is or becomes 0, because
2344 * cpu_physical_memory_set_dirty_range will still call
2345 * xen_modified_memory.
2346 */
2347 if (dirty_log_mask) {
2348 dirty_log_mask =
2349 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2350 }
2351 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2352 tb_invalidate_phys_range(addr, addr + length);
2353 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2354 }
2355 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2356 }
2357
2358 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2359 {
2360 unsigned access_size_max = mr->ops->valid.max_access_size;
2361
2362 /* Regions are assumed to support 1-4 byte accesses unless
2363 otherwise specified. */
2364 if (access_size_max == 0) {
2365 access_size_max = 4;
2366 }
2367
2368 /* Bound the maximum access by the alignment of the address. */
2369 if (!mr->ops->impl.unaligned) {
2370 unsigned align_size_max = addr & -addr;
2371 if (align_size_max != 0 && align_size_max < access_size_max) {
2372 access_size_max = align_size_max;
2373 }
2374 }
2375
2376 /* Don't attempt accesses larger than the maximum. */
2377 if (l > access_size_max) {
2378 l = access_size_max;
2379 }
2380 if (l & (l - 1)) {
2381 l = 1 << (qemu_fls(l) - 1);
2382 }
2383
2384 return l;
2385 }
2386
2387 static bool prepare_mmio_access(MemoryRegion *mr)
2388 {
2389 bool unlocked = !qemu_mutex_iothread_locked();
2390 bool release_lock = false;
2391
2392 if (unlocked && mr->global_locking) {
2393 qemu_mutex_lock_iothread();
2394 unlocked = false;
2395 release_lock = true;
2396 }
2397 if (mr->flush_coalesced_mmio) {
2398 if (unlocked) {
2399 qemu_mutex_lock_iothread();
2400 }
2401 qemu_flush_coalesced_mmio_buffer();
2402 if (unlocked) {
2403 qemu_mutex_unlock_iothread();
2404 }
2405 }
2406
2407 return release_lock;
2408 }
2409
2410 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2411 uint8_t *buf, int len, bool is_write)
2412 {
2413 hwaddr l;
2414 uint8_t *ptr;
2415 uint64_t val;
2416 hwaddr addr1;
2417 MemoryRegion *mr;
2418 MemTxResult result = MEMTX_OK;
2419 bool release_lock = false;
2420
2421 rcu_read_lock();
2422 while (len > 0) {
2423 l = len;
2424 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2425
2426 if (is_write) {
2427 if (!memory_access_is_direct(mr, is_write)) {
2428 release_lock |= prepare_mmio_access(mr);
2429 l = memory_access_size(mr, l, addr1);
2430 /* XXX: could force current_cpu to NULL to avoid
2431 potential bugs */
2432 switch (l) {
2433 case 8:
2434 /* 64 bit write access */
2435 val = ldq_p(buf);
2436 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2437 attrs);
2438 break;
2439 case 4:
2440 /* 32 bit write access */
2441 val = ldl_p(buf);
2442 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2443 attrs);
2444 break;
2445 case 2:
2446 /* 16 bit write access */
2447 val = lduw_p(buf);
2448 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2449 attrs);
2450 break;
2451 case 1:
2452 /* 8 bit write access */
2453 val = ldub_p(buf);
2454 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2455 attrs);
2456 break;
2457 default:
2458 abort();
2459 }
2460 } else {
2461 addr1 += memory_region_get_ram_addr(mr);
2462 /* RAM case */
2463 ptr = qemu_get_ram_ptr(addr1);
2464 memcpy(ptr, buf, l);
2465 invalidate_and_set_dirty(mr, addr1, l);
2466 }
2467 } else {
2468 if (!memory_access_is_direct(mr, is_write)) {
2469 /* I/O case */
2470 release_lock |= prepare_mmio_access(mr);
2471 l = memory_access_size(mr, l, addr1);
2472 switch (l) {
2473 case 8:
2474 /* 64 bit read access */
2475 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2476 attrs);
2477 stq_p(buf, val);
2478 break;
2479 case 4:
2480 /* 32 bit read access */
2481 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2482 attrs);
2483 stl_p(buf, val);
2484 break;
2485 case 2:
2486 /* 16 bit read access */
2487 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2488 attrs);
2489 stw_p(buf, val);
2490 break;
2491 case 1:
2492 /* 8 bit read access */
2493 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2494 attrs);
2495 stb_p(buf, val);
2496 break;
2497 default:
2498 abort();
2499 }
2500 } else {
2501 /* RAM case */
2502 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2503 memcpy(buf, ptr, l);
2504 }
2505 }
2506
2507 if (release_lock) {
2508 qemu_mutex_unlock_iothread();
2509 release_lock = false;
2510 }
2511
2512 len -= l;
2513 buf += l;
2514 addr += l;
2515 }
2516 rcu_read_unlock();
2517
2518 return result;
2519 }
2520
2521 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2522 const uint8_t *buf, int len)
2523 {
2524 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2525 }
2526
2527 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2528 uint8_t *buf, int len)
2529 {
2530 return address_space_rw(as, addr, attrs, buf, len, false);
2531 }
2532
2533
2534 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2535 int len, int is_write)
2536 {
2537 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2538 buf, len, is_write);
2539 }
2540
2541 enum write_rom_type {
2542 WRITE_DATA,
2543 FLUSH_CACHE,
2544 };
2545
2546 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2547 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2548 {
2549 hwaddr l;
2550 uint8_t *ptr;
2551 hwaddr addr1;
2552 MemoryRegion *mr;
2553
2554 rcu_read_lock();
2555 while (len > 0) {
2556 l = len;
2557 mr = address_space_translate(as, addr, &addr1, &l, true);
2558
2559 if (!(memory_region_is_ram(mr) ||
2560 memory_region_is_romd(mr))) {
2561 l = memory_access_size(mr, l, addr1);
2562 } else {
2563 addr1 += memory_region_get_ram_addr(mr);
2564 /* ROM/RAM case */
2565 ptr = qemu_get_ram_ptr(addr1);
2566 switch (type) {
2567 case WRITE_DATA:
2568 memcpy(ptr, buf, l);
2569 invalidate_and_set_dirty(mr, addr1, l);
2570 break;
2571 case FLUSH_CACHE:
2572 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2573 break;
2574 }
2575 }
2576 len -= l;
2577 buf += l;
2578 addr += l;
2579 }
2580 rcu_read_unlock();
2581 }
2582
2583 /* used for ROM loading : can write in RAM and ROM */
2584 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2585 const uint8_t *buf, int len)
2586 {
2587 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2588 }
2589
2590 void cpu_flush_icache_range(hwaddr start, int len)
2591 {
2592 /*
2593 * This function should do the same thing as an icache flush that was
2594 * triggered from within the guest. For TCG we are always cache coherent,
2595 * so there is no need to flush anything. For KVM / Xen we need to flush
2596 * the host's instruction cache at least.
2597 */
2598 if (tcg_enabled()) {
2599 return;
2600 }
2601
2602 cpu_physical_memory_write_rom_internal(&address_space_memory,
2603 start, NULL, len, FLUSH_CACHE);
2604 }
2605
2606 typedef struct {
2607 MemoryRegion *mr;
2608 void *buffer;
2609 hwaddr addr;
2610 hwaddr len;
2611 bool in_use;
2612 } BounceBuffer;
2613
2614 static BounceBuffer bounce;
2615
2616 typedef struct MapClient {
2617 QEMUBH *bh;
2618 QLIST_ENTRY(MapClient) link;
2619 } MapClient;
2620
2621 QemuMutex map_client_list_lock;
2622 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2623 = QLIST_HEAD_INITIALIZER(map_client_list);
2624
2625 static void cpu_unregister_map_client_do(MapClient *client)
2626 {
2627 QLIST_REMOVE(client, link);
2628 g_free(client);
2629 }
2630
2631 static void cpu_notify_map_clients_locked(void)
2632 {
2633 MapClient *client;
2634
2635 while (!QLIST_EMPTY(&map_client_list)) {
2636 client = QLIST_FIRST(&map_client_list);
2637 qemu_bh_schedule(client->bh);
2638 cpu_unregister_map_client_do(client);
2639 }
2640 }
2641
2642 void cpu_register_map_client(QEMUBH *bh)
2643 {
2644 MapClient *client = g_malloc(sizeof(*client));
2645
2646 qemu_mutex_lock(&map_client_list_lock);
2647 client->bh = bh;
2648 QLIST_INSERT_HEAD(&map_client_list, client, link);
2649 if (!atomic_read(&bounce.in_use)) {
2650 cpu_notify_map_clients_locked();
2651 }
2652 qemu_mutex_unlock(&map_client_list_lock);
2653 }
2654
2655 void cpu_exec_init_all(void)
2656 {
2657 qemu_mutex_init(&ram_list.mutex);
2658 memory_map_init();
2659 io_mem_init();
2660 qemu_mutex_init(&map_client_list_lock);
2661 }
2662
2663 void cpu_unregister_map_client(QEMUBH *bh)
2664 {
2665 MapClient *client;
2666
2667 qemu_mutex_lock(&map_client_list_lock);
2668 QLIST_FOREACH(client, &map_client_list, link) {
2669 if (client->bh == bh) {
2670 cpu_unregister_map_client_do(client);
2671 break;
2672 }
2673 }
2674 qemu_mutex_unlock(&map_client_list_lock);
2675 }
2676
2677 static void cpu_notify_map_clients(void)
2678 {
2679 qemu_mutex_lock(&map_client_list_lock);
2680 cpu_notify_map_clients_locked();
2681 qemu_mutex_unlock(&map_client_list_lock);
2682 }
2683
2684 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2685 {
2686 MemoryRegion *mr;
2687 hwaddr l, xlat;
2688
2689 rcu_read_lock();
2690 while (len > 0) {
2691 l = len;
2692 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2693 if (!memory_access_is_direct(mr, is_write)) {
2694 l = memory_access_size(mr, l, addr);
2695 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2696 return false;
2697 }
2698 }
2699
2700 len -= l;
2701 addr += l;
2702 }
2703 rcu_read_unlock();
2704 return true;
2705 }
2706
2707 /* Map a physical memory region into a host virtual address.
2708 * May map a subset of the requested range, given by and returned in *plen.
2709 * May return NULL if resources needed to perform the mapping are exhausted.
2710 * Use only for reads OR writes - not for read-modify-write operations.
2711 * Use cpu_register_map_client() to know when retrying the map operation is
2712 * likely to succeed.
2713 */
2714 void *address_space_map(AddressSpace *as,
2715 hwaddr addr,
2716 hwaddr *plen,
2717 bool is_write)
2718 {
2719 hwaddr len = *plen;
2720 hwaddr done = 0;
2721 hwaddr l, xlat, base;
2722 MemoryRegion *mr, *this_mr;
2723 ram_addr_t raddr;
2724
2725 if (len == 0) {
2726 return NULL;
2727 }
2728
2729 l = len;
2730 rcu_read_lock();
2731 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2732
2733 if (!memory_access_is_direct(mr, is_write)) {
2734 if (atomic_xchg(&bounce.in_use, true)) {
2735 rcu_read_unlock();
2736 return NULL;
2737 }
2738 /* Avoid unbounded allocations */
2739 l = MIN(l, TARGET_PAGE_SIZE);
2740 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2741 bounce.addr = addr;
2742 bounce.len = l;
2743
2744 memory_region_ref(mr);
2745 bounce.mr = mr;
2746 if (!is_write) {
2747 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2748 bounce.buffer, l);
2749 }
2750
2751 rcu_read_unlock();
2752 *plen = l;
2753 return bounce.buffer;
2754 }
2755
2756 base = xlat;
2757 raddr = memory_region_get_ram_addr(mr);
2758
2759 for (;;) {
2760 len -= l;
2761 addr += l;
2762 done += l;
2763 if (len == 0) {
2764 break;
2765 }
2766
2767 l = len;
2768 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2769 if (this_mr != mr || xlat != base + done) {
2770 break;
2771 }
2772 }
2773
2774 memory_region_ref(mr);
2775 rcu_read_unlock();
2776 *plen = done;
2777 return qemu_ram_ptr_length(raddr + base, plen);
2778 }
2779
2780 /* Unmaps a memory region previously mapped by address_space_map().
2781 * Will also mark the memory as dirty if is_write == 1. access_len gives
2782 * the amount of memory that was actually read or written by the caller.
2783 */
2784 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2785 int is_write, hwaddr access_len)
2786 {
2787 if (buffer != bounce.buffer) {
2788 MemoryRegion *mr;
2789 ram_addr_t addr1;
2790
2791 mr = qemu_ram_addr_from_host(buffer, &addr1);
2792 assert(mr != NULL);
2793 if (is_write) {
2794 invalidate_and_set_dirty(mr, addr1, access_len);
2795 }
2796 if (xen_enabled()) {
2797 xen_invalidate_map_cache_entry(buffer);
2798 }
2799 memory_region_unref(mr);
2800 return;
2801 }
2802 if (is_write) {
2803 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2804 bounce.buffer, access_len);
2805 }
2806 qemu_vfree(bounce.buffer);
2807 bounce.buffer = NULL;
2808 memory_region_unref(bounce.mr);
2809 atomic_mb_set(&bounce.in_use, false);
2810 cpu_notify_map_clients();
2811 }
2812
2813 void *cpu_physical_memory_map(hwaddr addr,
2814 hwaddr *plen,
2815 int is_write)
2816 {
2817 return address_space_map(&address_space_memory, addr, plen, is_write);
2818 }
2819
2820 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2821 int is_write, hwaddr access_len)
2822 {
2823 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2824 }
2825
2826 /* warning: addr must be aligned */
2827 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2828 MemTxAttrs attrs,
2829 MemTxResult *result,
2830 enum device_endian endian)
2831 {
2832 uint8_t *ptr;
2833 uint64_t val;
2834 MemoryRegion *mr;
2835 hwaddr l = 4;
2836 hwaddr addr1;
2837 MemTxResult r;
2838 bool release_lock = false;
2839
2840 rcu_read_lock();
2841 mr = address_space_translate(as, addr, &addr1, &l, false);
2842 if (l < 4 || !memory_access_is_direct(mr, false)) {
2843 release_lock |= prepare_mmio_access(mr);
2844
2845 /* I/O case */
2846 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2847 #if defined(TARGET_WORDS_BIGENDIAN)
2848 if (endian == DEVICE_LITTLE_ENDIAN) {
2849 val = bswap32(val);
2850 }
2851 #else
2852 if (endian == DEVICE_BIG_ENDIAN) {
2853 val = bswap32(val);
2854 }
2855 #endif
2856 } else {
2857 /* RAM case */
2858 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2859 & TARGET_PAGE_MASK)
2860 + addr1);
2861 switch (endian) {
2862 case DEVICE_LITTLE_ENDIAN:
2863 val = ldl_le_p(ptr);
2864 break;
2865 case DEVICE_BIG_ENDIAN:
2866 val = ldl_be_p(ptr);
2867 break;
2868 default:
2869 val = ldl_p(ptr);
2870 break;
2871 }
2872 r = MEMTX_OK;
2873 }
2874 if (result) {
2875 *result = r;
2876 }
2877 if (release_lock) {
2878 qemu_mutex_unlock_iothread();
2879 }
2880 rcu_read_unlock();
2881 return val;
2882 }
2883
2884 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2885 MemTxAttrs attrs, MemTxResult *result)
2886 {
2887 return address_space_ldl_internal(as, addr, attrs, result,
2888 DEVICE_NATIVE_ENDIAN);
2889 }
2890
2891 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2892 MemTxAttrs attrs, MemTxResult *result)
2893 {
2894 return address_space_ldl_internal(as, addr, attrs, result,
2895 DEVICE_LITTLE_ENDIAN);
2896 }
2897
2898 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2899 MemTxAttrs attrs, MemTxResult *result)
2900 {
2901 return address_space_ldl_internal(as, addr, attrs, result,
2902 DEVICE_BIG_ENDIAN);
2903 }
2904
2905 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2906 {
2907 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2908 }
2909
2910 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2911 {
2912 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2913 }
2914
2915 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2916 {
2917 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2918 }
2919
2920 /* warning: addr must be aligned */
2921 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2922 MemTxAttrs attrs,
2923 MemTxResult *result,
2924 enum device_endian endian)
2925 {
2926 uint8_t *ptr;
2927 uint64_t val;
2928 MemoryRegion *mr;
2929 hwaddr l = 8;
2930 hwaddr addr1;
2931 MemTxResult r;
2932 bool release_lock = false;
2933
2934 rcu_read_lock();
2935 mr = address_space_translate(as, addr, &addr1, &l,
2936 false);
2937 if (l < 8 || !memory_access_is_direct(mr, false)) {
2938 release_lock |= prepare_mmio_access(mr);
2939
2940 /* I/O case */
2941 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2942 #if defined(TARGET_WORDS_BIGENDIAN)
2943 if (endian == DEVICE_LITTLE_ENDIAN) {
2944 val = bswap64(val);
2945 }
2946 #else
2947 if (endian == DEVICE_BIG_ENDIAN) {
2948 val = bswap64(val);
2949 }
2950 #endif
2951 } else {
2952 /* RAM case */
2953 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2954 & TARGET_PAGE_MASK)
2955 + addr1);
2956 switch (endian) {
2957 case DEVICE_LITTLE_ENDIAN:
2958 val = ldq_le_p(ptr);
2959 break;
2960 case DEVICE_BIG_ENDIAN:
2961 val = ldq_be_p(ptr);
2962 break;
2963 default:
2964 val = ldq_p(ptr);
2965 break;
2966 }
2967 r = MEMTX_OK;
2968 }
2969 if (result) {
2970 *result = r;
2971 }
2972 if (release_lock) {
2973 qemu_mutex_unlock_iothread();
2974 }
2975 rcu_read_unlock();
2976 return val;
2977 }
2978
2979 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
2980 MemTxAttrs attrs, MemTxResult *result)
2981 {
2982 return address_space_ldq_internal(as, addr, attrs, result,
2983 DEVICE_NATIVE_ENDIAN);
2984 }
2985
2986 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
2987 MemTxAttrs attrs, MemTxResult *result)
2988 {
2989 return address_space_ldq_internal(as, addr, attrs, result,
2990 DEVICE_LITTLE_ENDIAN);
2991 }
2992
2993 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
2994 MemTxAttrs attrs, MemTxResult *result)
2995 {
2996 return address_space_ldq_internal(as, addr, attrs, result,
2997 DEVICE_BIG_ENDIAN);
2998 }
2999
3000 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3001 {
3002 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3003 }
3004
3005 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3006 {
3007 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3008 }
3009
3010 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3011 {
3012 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3013 }
3014
3015 /* XXX: optimize */
3016 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3017 MemTxAttrs attrs, MemTxResult *result)
3018 {
3019 uint8_t val;
3020 MemTxResult r;
3021
3022 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3023 if (result) {
3024 *result = r;
3025 }
3026 return val;
3027 }
3028
3029 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3030 {
3031 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3032 }
3033
3034 /* warning: addr must be aligned */
3035 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3036 hwaddr addr,
3037 MemTxAttrs attrs,
3038 MemTxResult *result,
3039 enum device_endian endian)
3040 {
3041 uint8_t *ptr;
3042 uint64_t val;
3043 MemoryRegion *mr;
3044 hwaddr l = 2;
3045 hwaddr addr1;
3046 MemTxResult r;
3047 bool release_lock = false;
3048
3049 rcu_read_lock();
3050 mr = address_space_translate(as, addr, &addr1, &l,
3051 false);
3052 if (l < 2 || !memory_access_is_direct(mr, false)) {
3053 release_lock |= prepare_mmio_access(mr);
3054
3055 /* I/O case */
3056 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3057 #if defined(TARGET_WORDS_BIGENDIAN)
3058 if (endian == DEVICE_LITTLE_ENDIAN) {
3059 val = bswap16(val);
3060 }
3061 #else
3062 if (endian == DEVICE_BIG_ENDIAN) {
3063 val = bswap16(val);
3064 }
3065 #endif
3066 } else {
3067 /* RAM case */
3068 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3069 & TARGET_PAGE_MASK)
3070 + addr1);
3071 switch (endian) {
3072 case DEVICE_LITTLE_ENDIAN:
3073 val = lduw_le_p(ptr);
3074 break;
3075 case DEVICE_BIG_ENDIAN:
3076 val = lduw_be_p(ptr);
3077 break;
3078 default:
3079 val = lduw_p(ptr);
3080 break;
3081 }
3082 r = MEMTX_OK;
3083 }
3084 if (result) {
3085 *result = r;
3086 }
3087 if (release_lock) {
3088 qemu_mutex_unlock_iothread();
3089 }
3090 rcu_read_unlock();
3091 return val;
3092 }
3093
3094 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3095 MemTxAttrs attrs, MemTxResult *result)
3096 {
3097 return address_space_lduw_internal(as, addr, attrs, result,
3098 DEVICE_NATIVE_ENDIAN);
3099 }
3100
3101 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3102 MemTxAttrs attrs, MemTxResult *result)
3103 {
3104 return address_space_lduw_internal(as, addr, attrs, result,
3105 DEVICE_LITTLE_ENDIAN);
3106 }
3107
3108 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3109 MemTxAttrs attrs, MemTxResult *result)
3110 {
3111 return address_space_lduw_internal(as, addr, attrs, result,
3112 DEVICE_BIG_ENDIAN);
3113 }
3114
3115 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3116 {
3117 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3118 }
3119
3120 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3121 {
3122 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3123 }
3124
3125 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3126 {
3127 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3128 }
3129
3130 /* warning: addr must be aligned. The ram page is not masked as dirty
3131 and the code inside is not invalidated. It is useful if the dirty
3132 bits are used to track modified PTEs */
3133 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3134 MemTxAttrs attrs, MemTxResult *result)
3135 {
3136 uint8_t *ptr;
3137 MemoryRegion *mr;
3138 hwaddr l = 4;
3139 hwaddr addr1;
3140 MemTxResult r;
3141 uint8_t dirty_log_mask;
3142 bool release_lock = false;
3143
3144 rcu_read_lock();
3145 mr = address_space_translate(as, addr, &addr1, &l,
3146 true);
3147 if (l < 4 || !memory_access_is_direct(mr, true)) {
3148 release_lock |= prepare_mmio_access(mr);
3149
3150 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3151 } else {
3152 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3153 ptr = qemu_get_ram_ptr(addr1);
3154 stl_p(ptr, val);
3155
3156 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3157 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3158 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3159 r = MEMTX_OK;
3160 }
3161 if (result) {
3162 *result = r;
3163 }
3164 if (release_lock) {
3165 qemu_mutex_unlock_iothread();
3166 }
3167 rcu_read_unlock();
3168 }
3169
3170 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3171 {
3172 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3173 }
3174
3175 /* warning: addr must be aligned */
3176 static inline void address_space_stl_internal(AddressSpace *as,
3177 hwaddr addr, uint32_t val,
3178 MemTxAttrs attrs,
3179 MemTxResult *result,
3180 enum device_endian endian)
3181 {
3182 uint8_t *ptr;
3183 MemoryRegion *mr;
3184 hwaddr l = 4;
3185 hwaddr addr1;
3186 MemTxResult r;
3187 bool release_lock = false;
3188
3189 rcu_read_lock();
3190 mr = address_space_translate(as, addr, &addr1, &l,
3191 true);
3192 if (l < 4 || !memory_access_is_direct(mr, true)) {
3193 release_lock |= prepare_mmio_access(mr);
3194
3195 #if defined(TARGET_WORDS_BIGENDIAN)
3196 if (endian == DEVICE_LITTLE_ENDIAN) {
3197 val = bswap32(val);
3198 }
3199 #else
3200 if (endian == DEVICE_BIG_ENDIAN) {
3201 val = bswap32(val);
3202 }
3203 #endif
3204 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3205 } else {
3206 /* RAM case */
3207 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3208 ptr = qemu_get_ram_ptr(addr1);
3209 switch (endian) {
3210 case DEVICE_LITTLE_ENDIAN:
3211 stl_le_p(ptr, val);
3212 break;
3213 case DEVICE_BIG_ENDIAN:
3214 stl_be_p(ptr, val);
3215 break;
3216 default:
3217 stl_p(ptr, val);
3218 break;
3219 }
3220 invalidate_and_set_dirty(mr, addr1, 4);
3221 r = MEMTX_OK;
3222 }
3223 if (result) {
3224 *result = r;
3225 }
3226 if (release_lock) {
3227 qemu_mutex_unlock_iothread();
3228 }
3229 rcu_read_unlock();
3230 }
3231
3232 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3233 MemTxAttrs attrs, MemTxResult *result)
3234 {
3235 address_space_stl_internal(as, addr, val, attrs, result,
3236 DEVICE_NATIVE_ENDIAN);
3237 }
3238
3239 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3240 MemTxAttrs attrs, MemTxResult *result)
3241 {
3242 address_space_stl_internal(as, addr, val, attrs, result,
3243 DEVICE_LITTLE_ENDIAN);
3244 }
3245
3246 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3247 MemTxAttrs attrs, MemTxResult *result)
3248 {
3249 address_space_stl_internal(as, addr, val, attrs, result,
3250 DEVICE_BIG_ENDIAN);
3251 }
3252
3253 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3254 {
3255 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3256 }
3257
3258 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3259 {
3260 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3261 }
3262
3263 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3264 {
3265 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3266 }
3267
3268 /* XXX: optimize */
3269 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3270 MemTxAttrs attrs, MemTxResult *result)
3271 {
3272 uint8_t v = val;
3273 MemTxResult r;
3274
3275 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3276 if (result) {
3277 *result = r;
3278 }
3279 }
3280
3281 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3282 {
3283 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3284 }
3285
3286 /* warning: addr must be aligned */
3287 static inline void address_space_stw_internal(AddressSpace *as,
3288 hwaddr addr, uint32_t val,
3289 MemTxAttrs attrs,
3290 MemTxResult *result,
3291 enum device_endian endian)
3292 {
3293 uint8_t *ptr;
3294 MemoryRegion *mr;
3295 hwaddr l = 2;
3296 hwaddr addr1;
3297 MemTxResult r;
3298 bool release_lock = false;
3299
3300 rcu_read_lock();
3301 mr = address_space_translate(as, addr, &addr1, &l, true);
3302 if (l < 2 || !memory_access_is_direct(mr, true)) {
3303 release_lock |= prepare_mmio_access(mr);
3304
3305 #if defined(TARGET_WORDS_BIGENDIAN)
3306 if (endian == DEVICE_LITTLE_ENDIAN) {
3307 val = bswap16(val);
3308 }
3309 #else
3310 if (endian == DEVICE_BIG_ENDIAN) {
3311 val = bswap16(val);
3312 }
3313 #endif
3314 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3315 } else {
3316 /* RAM case */
3317 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3318 ptr = qemu_get_ram_ptr(addr1);
3319 switch (endian) {
3320 case DEVICE_LITTLE_ENDIAN:
3321 stw_le_p(ptr, val);
3322 break;
3323 case DEVICE_BIG_ENDIAN:
3324 stw_be_p(ptr, val);
3325 break;
3326 default:
3327 stw_p(ptr, val);
3328 break;
3329 }
3330 invalidate_and_set_dirty(mr, addr1, 2);
3331 r = MEMTX_OK;
3332 }
3333 if (result) {
3334 *result = r;
3335 }
3336 if (release_lock) {
3337 qemu_mutex_unlock_iothread();
3338 }
3339 rcu_read_unlock();
3340 }
3341
3342 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3343 MemTxAttrs attrs, MemTxResult *result)
3344 {
3345 address_space_stw_internal(as, addr, val, attrs, result,
3346 DEVICE_NATIVE_ENDIAN);
3347 }
3348
3349 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3350 MemTxAttrs attrs, MemTxResult *result)
3351 {
3352 address_space_stw_internal(as, addr, val, attrs, result,
3353 DEVICE_LITTLE_ENDIAN);
3354 }
3355
3356 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3357 MemTxAttrs attrs, MemTxResult *result)
3358 {
3359 address_space_stw_internal(as, addr, val, attrs, result,
3360 DEVICE_BIG_ENDIAN);
3361 }
3362
3363 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3364 {
3365 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3366 }
3367
3368 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3369 {
3370 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3371 }
3372
3373 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3374 {
3375 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3376 }
3377
3378 /* XXX: optimize */
3379 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3380 MemTxAttrs attrs, MemTxResult *result)
3381 {
3382 MemTxResult r;
3383 val = tswap64(val);
3384 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3385 if (result) {
3386 *result = r;
3387 }
3388 }
3389
3390 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3391 MemTxAttrs attrs, MemTxResult *result)
3392 {
3393 MemTxResult r;
3394 val = cpu_to_le64(val);
3395 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3396 if (result) {
3397 *result = r;
3398 }
3399 }
3400 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3401 MemTxAttrs attrs, MemTxResult *result)
3402 {
3403 MemTxResult r;
3404 val = cpu_to_be64(val);
3405 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3406 if (result) {
3407 *result = r;
3408 }
3409 }
3410
3411 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3412 {
3413 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3414 }
3415
3416 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3417 {
3418 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3419 }
3420
3421 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3422 {
3423 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3424 }
3425
3426 /* virtual memory access for debug (includes writing to ROM) */
3427 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3428 uint8_t *buf, int len, int is_write)
3429 {
3430 int l;
3431 hwaddr phys_addr;
3432 target_ulong page;
3433
3434 while (len > 0) {
3435 page = addr & TARGET_PAGE_MASK;
3436 phys_addr = cpu_get_phys_page_debug(cpu, page);
3437 /* if no physical page mapped, return an error */
3438 if (phys_addr == -1)
3439 return -1;
3440 l = (page + TARGET_PAGE_SIZE) - addr;
3441 if (l > len)
3442 l = len;
3443 phys_addr += (addr & ~TARGET_PAGE_MASK);
3444 if (is_write) {
3445 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3446 } else {
3447 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3448 buf, l, 0);
3449 }
3450 len -= l;
3451 buf += l;
3452 addr += l;
3453 }
3454 return 0;
3455 }
3456 #endif
3457
3458 /*
3459 * A helper function for the _utterly broken_ virtio device model to find out if
3460 * it's running on a big endian machine. Don't do this at home kids!
3461 */
3462 bool target_words_bigendian(void);
3463 bool target_words_bigendian(void)
3464 {
3465 #if defined(TARGET_WORDS_BIGENDIAN)
3466 return true;
3467 #else
3468 return false;
3469 #endif
3470 }
3471
3472 #ifndef CONFIG_USER_ONLY
3473 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3474 {
3475 MemoryRegion*mr;
3476 hwaddr l = 1;
3477 bool res;
3478
3479 rcu_read_lock();
3480 mr = address_space_translate(&address_space_memory,
3481 phys_addr, &phys_addr, &l, false);
3482
3483 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3484 rcu_read_unlock();
3485 return res;
3486 }
3487
3488 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3489 {
3490 RAMBlock *block;
3491 int ret = 0;
3492
3493 rcu_read_lock();
3494 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3495 ret = func(block->idstr, block->host, block->offset,
3496 block->used_length, opaque);
3497 if (ret) {
3498 break;
3499 }
3500 }
3501 rcu_read_unlock();
3502 return ret;
3503 }
3504 #endif
AR7 emulation for QEMU