search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tcg: Move tci_tb_ptr to -common
[qemu/ar7.git] / exec.c
blob07dfeae4d802f69348bcfb2b498cbf2969c83421
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "exec/cputlb.h"
53 #include "translate-all.h"
54
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
57
58 #include "qemu/range.h"
59
60 //#define DEBUG_SUBPAGE
61
62 #if !defined(CONFIG_USER_ONLY)
63 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
64 * are protected by the ramlist lock.
65 */
66 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
67
68 static MemoryRegion *system_memory;
69 static MemoryRegion *system_io;
70
71 AddressSpace address_space_io;
72 AddressSpace address_space_memory;
73
74 MemoryRegion io_mem_rom, io_mem_notdirty;
75 static MemoryRegion io_mem_unassigned;
76
77 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
78 #define RAM_PREALLOC (1 << 0)
79
80 /* RAM is mmap-ed with MAP_SHARED */
81 #define RAM_SHARED (1 << 1)
82
83 /* Only a portion of RAM (used_length) is actually used, and migrated.
84 * This used_length size can change across reboots.
85 */
86 #define RAM_RESIZEABLE (1 << 2)
87
88 #endif
89
90 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
91 /* current CPU in the current thread. It is only valid inside
92 cpu_exec() */
93 __thread CPUState *current_cpu;
94 /* 0 = Do not count executed instructions.
95 1 = Precise instruction counting.
96 2 = Adaptive rate instruction counting. */
97 int use_icount;
98
99 #if !defined(CONFIG_USER_ONLY)
100
101 typedef struct PhysPageEntry PhysPageEntry;
102
103 struct PhysPageEntry {
104 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
105 uint32_t skip : 6;
106 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
107 uint32_t ptr : 26;
108 };
109
110 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
111
112 /* Size of the L2 (and L3, etc) page tables. */
113 #define ADDR_SPACE_BITS 64
114
115 #define P_L2_BITS 9
116 #define P_L2_SIZE (1 << P_L2_BITS)
117
118 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
119
120 typedef PhysPageEntry Node[P_L2_SIZE];
121
122 typedef struct PhysPageMap {
123 struct rcu_head rcu;
124
125 unsigned sections_nb;
126 unsigned sections_nb_alloc;
127 unsigned nodes_nb;
128 unsigned nodes_nb_alloc;
129 Node *nodes;
130 MemoryRegionSection *sections;
131 } PhysPageMap;
132
133 struct AddressSpaceDispatch {
134 struct rcu_head rcu;
135
136 /* This is a multi-level map on the physical address space.
137 * The bottom level has pointers to MemoryRegionSections.
138 */
139 PhysPageEntry phys_map;
140 PhysPageMap map;
141 AddressSpace *as;
142 };
143
144 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
145 typedef struct subpage_t {
146 MemoryRegion iomem;
147 AddressSpace *as;
148 hwaddr base;
149 uint16_t sub_section[TARGET_PAGE_SIZE];
150 } subpage_t;
151
152 #define PHYS_SECTION_UNASSIGNED 0
153 #define PHYS_SECTION_NOTDIRTY 1
154 #define PHYS_SECTION_ROM 2
155 #define PHYS_SECTION_WATCH 3
156
157 static void io_mem_init(void);
158 static void memory_map_init(void);
159 static void tcg_commit(MemoryListener *listener);
160
161 static MemoryRegion io_mem_watch;
162 #endif
163
164 #if !defined(CONFIG_USER_ONLY)
165
166 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
167 {
168 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
170 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
171 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
172 }
173 }
174
175 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
176 {
177 unsigned i;
178 uint32_t ret;
179 PhysPageEntry e;
180 PhysPageEntry *p;
181
182 ret = map->nodes_nb++;
183 p = map->nodes[ret];
184 assert(ret != PHYS_MAP_NODE_NIL);
185 assert(ret != map->nodes_nb_alloc);
186
187 e.skip = leaf ? 0 : 1;
188 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
189 for (i = 0; i < P_L2_SIZE; ++i) {
190 memcpy(&p[i], &e, sizeof(e));
191 }
192 return ret;
193 }
194
195 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
196 hwaddr *index, hwaddr *nb, uint16_t leaf,
197 int level)
198 {
199 PhysPageEntry *p;
200 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
201
202 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
203 lp->ptr = phys_map_node_alloc(map, level == 0);
204 }
205 p = map->nodes[lp->ptr];
206 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
207
208 while (*nb && lp < &p[P_L2_SIZE]) {
209 if ((*index & (step - 1)) == 0 && *nb >= step) {
210 lp->skip = 0;
211 lp->ptr = leaf;
212 *index += step;
213 *nb -= step;
214 } else {
215 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
216 }
217 ++lp;
218 }
219 }
220
221 static void phys_page_set(AddressSpaceDispatch *d,
222 hwaddr index, hwaddr nb,
223 uint16_t leaf)
224 {
225 /* Wildly overreserve - it doesn't matter much. */
226 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
227
228 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
229 }
230
231 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
232 * and update our entry so we can skip it and go directly to the destination.
233 */
234 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
235 {
236 unsigned valid_ptr = P_L2_SIZE;
237 int valid = 0;
238 PhysPageEntry *p;
239 int i;
240
241 if (lp->ptr == PHYS_MAP_NODE_NIL) {
242 return;
243 }
244
245 p = nodes[lp->ptr];
246 for (i = 0; i < P_L2_SIZE; i++) {
247 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
248 continue;
249 }
250
251 valid_ptr = i;
252 valid++;
253 if (p[i].skip) {
254 phys_page_compact(&p[i], nodes, compacted);
255 }
256 }
257
258 /* We can only compress if there's only one child. */
259 if (valid != 1) {
260 return;
261 }
262
263 assert(valid_ptr < P_L2_SIZE);
264
265 /* Don't compress if it won't fit in the # of bits we have. */
266 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
267 return;
268 }
269
270 lp->ptr = p[valid_ptr].ptr;
271 if (!p[valid_ptr].skip) {
272 /* If our only child is a leaf, make this a leaf. */
273 /* By design, we should have made this node a leaf to begin with so we
274 * should never reach here.
275 * But since it's so simple to handle this, let's do it just in case we
276 * change this rule.
277 */
278 lp->skip = 0;
279 } else {
280 lp->skip += p[valid_ptr].skip;
281 }
282 }
283
284 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
285 {
286 DECLARE_BITMAP(compacted, nodes_nb);
287
288 if (d->phys_map.skip) {
289 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
290 }
291 }
292
293 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
294 Node *nodes, MemoryRegionSection *sections)
295 {
296 PhysPageEntry *p;
297 hwaddr index = addr >> TARGET_PAGE_BITS;
298 int i;
299
300 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
301 if (lp.ptr == PHYS_MAP_NODE_NIL) {
302 return &sections[PHYS_SECTION_UNASSIGNED];
303 }
304 p = nodes[lp.ptr];
305 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
306 }
307
308 if (sections[lp.ptr].size.hi ||
309 range_covers_byte(sections[lp.ptr].offset_within_address_space,
310 sections[lp.ptr].size.lo, addr)) {
311 return &sections[lp.ptr];
312 } else {
313 return &sections[PHYS_SECTION_UNASSIGNED];
314 }
315 }
316
317 bool memory_region_is_unassigned(MemoryRegion *mr)
318 {
319 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
320 && mr != &io_mem_watch;
321 }
322
323 /* Called from RCU critical section */
324 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
325 hwaddr addr,
326 bool resolve_subpage)
327 {
328 MemoryRegionSection *section;
329 subpage_t *subpage;
330
331 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
332 if (resolve_subpage && section->mr->subpage) {
333 subpage = container_of(section->mr, subpage_t, iomem);
334 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
335 }
336 return section;
337 }
338
339 /* Called from RCU critical section */
340 static MemoryRegionSection *
341 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
342 hwaddr *plen, bool resolve_subpage)
343 {
344 MemoryRegionSection *section;
345 MemoryRegion *mr;
346 Int128 diff;
347
348 section = address_space_lookup_region(d, addr, resolve_subpage);
349 /* Compute offset within MemoryRegionSection */
350 addr -= section->offset_within_address_space;
351
352 /* Compute offset within MemoryRegion */
353 *xlat = addr + section->offset_within_region;
354
355 mr = section->mr;
356
357 /* MMIO registers can be expected to perform full-width accesses based only
358 * on their address, without considering adjacent registers that could
359 * decode to completely different MemoryRegions. When such registers
360 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
361 * regions overlap wildly. For this reason we cannot clamp the accesses
362 * here.
363 *
364 * If the length is small (as is the case for address_space_ldl/stl),
365 * everything works fine. If the incoming length is large, however,
366 * the caller really has to do the clamping through memory_access_size.
367 */
368 if (memory_region_is_ram(mr)) {
369 diff = int128_sub(section->size, int128_make64(addr));
370 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
371 }
372 return section;
373 }
374
375 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
376 {
377 if (memory_region_is_ram(mr)) {
378 return !(is_write && mr->readonly);
379 }
380 if (memory_region_is_romd(mr)) {
381 return !is_write;
382 }
383
384 return false;
385 }
386
387 /* Called from RCU critical section */
388 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
389 hwaddr *xlat, hwaddr *plen,
390 bool is_write)
391 {
392 IOMMUTLBEntry iotlb;
393 MemoryRegionSection *section;
394 MemoryRegion *mr;
395
396 for (;;) {
397 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
398 section = address_space_translate_internal(d, addr, &addr, plen, true);
399 mr = section->mr;
400
401 if (!mr->iommu_ops) {
402 break;
403 }
404
405 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
406 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
407 | (addr & iotlb.addr_mask));
408 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
409 if (!(iotlb.perm & (1 << is_write))) {
410 mr = &io_mem_unassigned;
411 break;
412 }
413
414 as = iotlb.target_as;
415 }
416
417 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
418 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
419 *plen = MIN(page, *plen);
420 }
421
422 *xlat = addr;
423 return mr;
424 }
425
426 /* Called from RCU critical section */
427 MemoryRegionSection *
428 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
429 hwaddr *xlat, hwaddr *plen)
430 {
431 MemoryRegionSection *section;
432 section = address_space_translate_internal(cpu->memory_dispatch,
433 addr, xlat, plen, false);
434
435 assert(!section->mr->iommu_ops);
436 return section;
437 }
438 #endif
439
440 #if !defined(CONFIG_USER_ONLY)
441
442 static int cpu_common_post_load(void *opaque, int version_id)
443 {
444 CPUState *cpu = opaque;
445
446 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
447 version_id is increased. */
448 cpu->interrupt_request &= ~0x01;
449 tlb_flush(cpu, 1);
450
451 return 0;
452 }
453
454 static int cpu_common_pre_load(void *opaque)
455 {
456 CPUState *cpu = opaque;
457
458 cpu->exception_index = -1;
459
460 return 0;
461 }
462
463 static bool cpu_common_exception_index_needed(void *opaque)
464 {
465 CPUState *cpu = opaque;
466
467 return tcg_enabled() && cpu->exception_index != -1;
468 }
469
470 static const VMStateDescription vmstate_cpu_common_exception_index = {
471 .name = "cpu_common/exception_index",
472 .version_id = 1,
473 .minimum_version_id = 1,
474 .needed = cpu_common_exception_index_needed,
475 .fields = (VMStateField[]) {
476 VMSTATE_INT32(exception_index, CPUState),
477 VMSTATE_END_OF_LIST()
478 }
479 };
480
481 static bool cpu_common_crash_occurred_needed(void *opaque)
482 {
483 CPUState *cpu = opaque;
484
485 return cpu->crash_occurred;
486 }
487
488 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
489 .name = "cpu_common/crash_occurred",
490 .version_id = 1,
491 .minimum_version_id = 1,
492 .needed = cpu_common_crash_occurred_needed,
493 .fields = (VMStateField[]) {
494 VMSTATE_BOOL(crash_occurred, CPUState),
495 VMSTATE_END_OF_LIST()
496 }
497 };
498
499 const VMStateDescription vmstate_cpu_common = {
500 .name = "cpu_common",
501 .version_id = 1,
502 .minimum_version_id = 1,
503 .pre_load = cpu_common_pre_load,
504 .post_load = cpu_common_post_load,
505 .fields = (VMStateField[]) {
506 VMSTATE_UINT32(halted, CPUState),
507 VMSTATE_UINT32(interrupt_request, CPUState),
508 VMSTATE_END_OF_LIST()
509 },
510 .subsections = (const VMStateDescription*[]) {
511 &vmstate_cpu_common_exception_index,
512 &vmstate_cpu_common_crash_occurred,
513 NULL
514 }
515 };
516
517 #endif
518
519 CPUState *qemu_get_cpu(int index)
520 {
521 CPUState *cpu;
522
523 CPU_FOREACH(cpu) {
524 if (cpu->cpu_index == index) {
525 return cpu;
526 }
527 }
528
529 return NULL;
530 }
531
532 #if !defined(CONFIG_USER_ONLY)
533 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
534 {
535 /* We only support one address space per cpu at the moment. */
536 assert(cpu->as == as);
537
538 if (cpu->tcg_as_listener) {
539 memory_listener_unregister(cpu->tcg_as_listener);
540 } else {
541 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
542 }
543 cpu->tcg_as_listener->commit = tcg_commit;
544 memory_listener_register(cpu->tcg_as_listener, as);
545 }
546 #endif
547
548 #ifndef CONFIG_USER_ONLY
549 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
550
551 static int cpu_get_free_index(Error **errp)
552 {
553 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
554
555 if (cpu >= MAX_CPUMASK_BITS) {
556 error_setg(errp, "Trying to use more CPUs than max of %d",
557 MAX_CPUMASK_BITS);
558 return -1;
559 }
560
561 bitmap_set(cpu_index_map, cpu, 1);
562 return cpu;
563 }
564
565 void cpu_exec_exit(CPUState *cpu)
566 {
567 if (cpu->cpu_index == -1) {
568 /* cpu_index was never allocated by this @cpu or was already freed. */
569 return;
570 }
571
572 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
573 cpu->cpu_index = -1;
574 }
575 #else
576
577 static int cpu_get_free_index(Error **errp)
578 {
579 CPUState *some_cpu;
580 int cpu_index = 0;
581
582 CPU_FOREACH(some_cpu) {
583 cpu_index++;
584 }
585 return cpu_index;
586 }
587
588 void cpu_exec_exit(CPUState *cpu)
589 {
590 }
591 #endif
592
593 void cpu_exec_init(CPUState *cpu, Error **errp)
594 {
595 CPUClass *cc = CPU_GET_CLASS(cpu);
596 int cpu_index;
597 Error *local_err = NULL;
598
599 #ifndef CONFIG_USER_ONLY
600 cpu->as = &address_space_memory;
601 cpu->thread_id = qemu_get_thread_id();
602 cpu_reload_memory_map(cpu);
603 #endif
604
605 #if defined(CONFIG_USER_ONLY)
606 cpu_list_lock();
607 #endif
608 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
609 if (local_err) {
610 error_propagate(errp, local_err);
611 #if defined(CONFIG_USER_ONLY)
612 cpu_list_unlock();
613 #endif
614 return;
615 }
616 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
617 #if defined(CONFIG_USER_ONLY)
618 cpu_list_unlock();
619 #endif
620 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
621 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
622 }
623 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
624 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
625 cpu_save, cpu_load, cpu->env_ptr);
626 assert(cc->vmsd == NULL);
627 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
628 #endif
629 if (cc->vmsd != NULL) {
630 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
631 }
632 }
633
634 #if defined(CONFIG_USER_ONLY)
635 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
636 {
637 tb_invalidate_phys_page_range(pc, pc + 1, 0);
638 }
639 #else
640 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
641 {
642 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
643 if (phys != -1) {
644 tb_invalidate_phys_addr(cpu->as,
645 phys | (pc & ~TARGET_PAGE_MASK));
646 }
647 }
648 #endif
649
650 #if defined(CONFIG_USER_ONLY)
651 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
652
653 {
654 }
655
656 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
657 int flags)
658 {
659 return -ENOSYS;
660 }
661
662 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
663 {
664 }
665
666 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
667 int flags, CPUWatchpoint **watchpoint)
668 {
669 return -ENOSYS;
670 }
671 #else
672 /* Add a watchpoint. */
673 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
674 int flags, CPUWatchpoint **watchpoint)
675 {
676 CPUWatchpoint *wp;
677
678 /* forbid ranges which are empty or run off the end of the address space */
679 if (len == 0 || (addr + len - 1) < addr) {
680 error_report("tried to set invalid watchpoint at %"
681 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
682 return -EINVAL;
683 }
684 wp = g_malloc(sizeof(*wp));
685
686 wp->vaddr = addr;
687 wp->len = len;
688 wp->flags = flags;
689
690 /* keep all GDB-injected watchpoints in front */
691 if (flags & BP_GDB) {
692 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
693 } else {
694 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
695 }
696
697 tlb_flush_page(cpu, addr);
698
699 if (watchpoint)
700 *watchpoint = wp;
701 return 0;
702 }
703
704 /* Remove a specific watchpoint. */
705 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
706 int flags)
707 {
708 CPUWatchpoint *wp;
709
710 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
711 if (addr == wp->vaddr && len == wp->len
712 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
713 cpu_watchpoint_remove_by_ref(cpu, wp);
714 return 0;
715 }
716 }
717 return -ENOENT;
718 }
719
720 /* Remove a specific watchpoint by reference. */
721 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
722 {
723 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
724
725 tlb_flush_page(cpu, watchpoint->vaddr);
726
727 g_free(watchpoint);
728 }
729
730 /* Remove all matching watchpoints. */
731 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
732 {
733 CPUWatchpoint *wp, *next;
734
735 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
736 if (wp->flags & mask) {
737 cpu_watchpoint_remove_by_ref(cpu, wp);
738 }
739 }
740 }
741
742 /* Return true if this watchpoint address matches the specified
743 * access (ie the address range covered by the watchpoint overlaps
744 * partially or completely with the address range covered by the
745 * access).
746 */
747 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
748 vaddr addr,
749 vaddr len)
750 {
751 /* We know the lengths are non-zero, but a little caution is
752 * required to avoid errors in the case where the range ends
753 * exactly at the top of the address space and so addr + len
754 * wraps round to zero.
755 */
756 vaddr wpend = wp->vaddr + wp->len - 1;
757 vaddr addrend = addr + len - 1;
758
759 return !(addr > wpend || wp->vaddr > addrend);
760 }
761
762 #endif
763
764 /* Add a breakpoint. */
765 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
766 CPUBreakpoint **breakpoint)
767 {
768 CPUBreakpoint *bp;
769
770 bp = g_malloc(sizeof(*bp));
771
772 bp->pc = pc;
773 bp->flags = flags;
774
775 /* keep all GDB-injected breakpoints in front */
776 if (flags & BP_GDB) {
777 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
778 } else {
779 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
780 }
781
782 breakpoint_invalidate(cpu, pc);
783
784 if (breakpoint) {
785 *breakpoint = bp;
786 }
787 return 0;
788 }
789
790 /* Remove a specific breakpoint. */
791 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
792 {
793 CPUBreakpoint *bp;
794
795 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
796 if (bp->pc == pc && bp->flags == flags) {
797 cpu_breakpoint_remove_by_ref(cpu, bp);
798 return 0;
799 }
800 }
801 return -ENOENT;
802 }
803
804 /* Remove a specific breakpoint by reference. */
805 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
806 {
807 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
808
809 breakpoint_invalidate(cpu, breakpoint->pc);
810
811 g_free(breakpoint);
812 }
813
814 /* Remove all matching breakpoints. */
815 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
816 {
817 CPUBreakpoint *bp, *next;
818
819 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
820 if (bp->flags & mask) {
821 cpu_breakpoint_remove_by_ref(cpu, bp);
822 }
823 }
824 }
825
826 /* enable or disable single step mode. EXCP_DEBUG is returned by the
827 CPU loop after each instruction */
828 void cpu_single_step(CPUState *cpu, int enabled)
829 {
830 if (cpu->singlestep_enabled != enabled) {
831 cpu->singlestep_enabled = enabled;
832 if (kvm_enabled()) {
833 kvm_update_guest_debug(cpu, 0);
834 } else {
835 /* must flush all the translated code to avoid inconsistencies */
836 /* XXX: only flush what is necessary */
837 tb_flush(cpu);
838 }
839 }
840 }
841
842 void cpu_abort(CPUState *cpu, const char *fmt, ...)
843 {
844 va_list ap;
845 va_list ap2;
846
847 va_start(ap, fmt);
848 va_copy(ap2, ap);
849 fprintf(stderr, "qemu: fatal: ");
850 vfprintf(stderr, fmt, ap);
851 fprintf(stderr, "\n");
852 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
853 if (qemu_log_enabled()) {
854 qemu_log("qemu: fatal: ");
855 qemu_log_vprintf(fmt, ap2);
856 qemu_log("\n");
857 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
858 qemu_log_flush();
859 qemu_log_close();
860 }
861 va_end(ap2);
862 va_end(ap);
863 #if defined(CONFIG_USER_ONLY)
864 {
865 struct sigaction act;
866 sigfillset(&act.sa_mask);
867 act.sa_handler = SIG_DFL;
868 sigaction(SIGABRT, &act, NULL);
869 }
870 #endif
871 abort();
872 }
873
874 #if !defined(CONFIG_USER_ONLY)
875 /* Called from RCU critical section */
876 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
877 {
878 RAMBlock *block;
879
880 block = atomic_rcu_read(&ram_list.mru_block);
881 if (block && addr - block->offset < block->max_length) {
882 goto found;
883 }
884 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
885 if (addr - block->offset < block->max_length) {
886 goto found;
887 }
888 }
889
890 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
891 abort();
892
893 found:
894 /* It is safe to write mru_block outside the iothread lock. This
895 * is what happens:
896 *
897 * mru_block = xxx
898 * rcu_read_unlock()
899 * xxx removed from list
900 * rcu_read_lock()
901 * read mru_block
902 * mru_block = NULL;
903 * call_rcu(reclaim_ramblock, xxx);
904 * rcu_read_unlock()
905 *
906 * atomic_rcu_set is not needed here. The block was already published
907 * when it was placed into the list. Here we're just making an extra
908 * copy of the pointer.
909 */
910 ram_list.mru_block = block;
911 return block;
912 }
913
914 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
915 {
916 ram_addr_t start1;
917 RAMBlock *block;
918 ram_addr_t end;
919
920 end = TARGET_PAGE_ALIGN(start + length);
921 start &= TARGET_PAGE_MASK;
922
923 rcu_read_lock();
924 block = qemu_get_ram_block(start);
925 assert(block == qemu_get_ram_block(end - 1));
926 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
927 cpu_tlb_reset_dirty_all(start1, length);
928 rcu_read_unlock();
929 }
930
931 /* Note: start and end must be within the same ram block. */
932 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
933 ram_addr_t length,
934 unsigned client)
935 {
936 unsigned long end, page;
937 bool dirty;
938
939 if (length == 0) {
940 return false;
941 }
942
943 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
944 page = start >> TARGET_PAGE_BITS;
945 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
946 page, end - page);
947
948 if (dirty && tcg_enabled()) {
949 tlb_reset_dirty_range_all(start, length);
950 }
951
952 return dirty;
953 }
954
955 /* Called from RCU critical section */
956 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
957 MemoryRegionSection *section,
958 target_ulong vaddr,
959 hwaddr paddr, hwaddr xlat,
960 int prot,
961 target_ulong *address)
962 {
963 hwaddr iotlb;
964 CPUWatchpoint *wp;
965
966 if (memory_region_is_ram(section->mr)) {
967 /* Normal RAM. */
968 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
969 + xlat;
970 if (!section->readonly) {
971 iotlb |= PHYS_SECTION_NOTDIRTY;
972 } else {
973 iotlb |= PHYS_SECTION_ROM;
974 }
975 } else {
976 AddressSpaceDispatch *d;
977
978 d = atomic_rcu_read(&section->address_space->dispatch);
979 iotlb = section - d->map.sections;
980 iotlb += xlat;
981 }
982
983 /* Make accesses to pages with watchpoints go via the
984 watchpoint trap routines. */
985 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
986 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
987 /* Avoid trapping reads of pages with a write breakpoint. */
988 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
989 iotlb = PHYS_SECTION_WATCH + paddr;
990 *address |= TLB_MMIO;
991 break;
992 }
993 }
994 }
995
996 return iotlb;
997 }
998 #endif /* defined(CONFIG_USER_ONLY) */
999
1000 #if !defined(CONFIG_USER_ONLY)
1001
1002 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1003 uint16_t section);
1004 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1005
1006 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1007 qemu_anon_ram_alloc;
1008
1009 /*
1010 * Set a custom physical guest memory alloator.
1011 * Accelerators with unusual needs may need this. Hopefully, we can
1012 * get rid of it eventually.
1013 */
1014 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1015 {
1016 phys_mem_alloc = alloc;
1017 }
1018
1019 static uint16_t phys_section_add(PhysPageMap *map,
1020 MemoryRegionSection *section)
1021 {
1022 /* The physical section number is ORed with a page-aligned
1023 * pointer to produce the iotlb entries. Thus it should
1024 * never overflow into the page-aligned value.
1025 */
1026 assert(map->sections_nb < TARGET_PAGE_SIZE);
1027
1028 if (map->sections_nb == map->sections_nb_alloc) {
1029 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1030 map->sections = g_renew(MemoryRegionSection, map->sections,
1031 map->sections_nb_alloc);
1032 }
1033 map->sections[map->sections_nb] = *section;
1034 memory_region_ref(section->mr);
1035 return map->sections_nb++;
1036 }
1037
1038 static void phys_section_destroy(MemoryRegion *mr)
1039 {
1040 memory_region_unref(mr);
1041
1042 if (mr->subpage) {
1043 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1044 object_unref(OBJECT(&subpage->iomem));
1045 g_free(subpage);
1046 }
1047 }
1048
1049 static void phys_sections_free(PhysPageMap *map)
1050 {
1051 while (map->sections_nb > 0) {
1052 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1053 phys_section_destroy(section->mr);
1054 }
1055 g_free(map->sections);
1056 g_free(map->nodes);
1057 }
1058
1059 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1060 {
1061 subpage_t *subpage;
1062 hwaddr base = section->offset_within_address_space
1063 & TARGET_PAGE_MASK;
1064 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1065 d->map.nodes, d->map.sections);
1066 MemoryRegionSection subsection = {
1067 .offset_within_address_space = base,
1068 .size = int128_make64(TARGET_PAGE_SIZE),
1069 };
1070 hwaddr start, end;
1071
1072 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1073
1074 if (!(existing->mr->subpage)) {
1075 subpage = subpage_init(d->as, base);
1076 subsection.address_space = d->as;
1077 subsection.mr = &subpage->iomem;
1078 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1079 phys_section_add(&d->map, &subsection));
1080 } else {
1081 subpage = container_of(existing->mr, subpage_t, iomem);
1082 }
1083 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1084 end = start + int128_get64(section->size) - 1;
1085 subpage_register(subpage, start, end,
1086 phys_section_add(&d->map, section));
1087 }
1088
1089
1090 static void register_multipage(AddressSpaceDispatch *d,
1091 MemoryRegionSection *section)
1092 {
1093 hwaddr start_addr = section->offset_within_address_space;
1094 uint16_t section_index = phys_section_add(&d->map, section);
1095 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1096 TARGET_PAGE_BITS));
1097
1098 assert(num_pages);
1099 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1100 }
1101
1102 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1103 {
1104 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1105 AddressSpaceDispatch *d = as->next_dispatch;
1106 MemoryRegionSection now = *section, remain = *section;
1107 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1108
1109 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1110 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1111 - now.offset_within_address_space;
1112
1113 now.size = int128_min(int128_make64(left), now.size);
1114 register_subpage(d, &now);
1115 } else {
1116 now.size = int128_zero();
1117 }
1118 while (int128_ne(remain.size, now.size)) {
1119 remain.size = int128_sub(remain.size, now.size);
1120 remain.offset_within_address_space += int128_get64(now.size);
1121 remain.offset_within_region += int128_get64(now.size);
1122 now = remain;
1123 if (int128_lt(remain.size, page_size)) {
1124 register_subpage(d, &now);
1125 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1126 now.size = page_size;
1127 register_subpage(d, &now);
1128 } else {
1129 now.size = int128_and(now.size, int128_neg(page_size));
1130 register_multipage(d, &now);
1131 }
1132 }
1133 }
1134
1135 void qemu_flush_coalesced_mmio_buffer(void)
1136 {
1137 if (kvm_enabled())
1138 kvm_flush_coalesced_mmio_buffer();
1139 }
1140
1141 void qemu_mutex_lock_ramlist(void)
1142 {
1143 qemu_mutex_lock(&ram_list.mutex);
1144 }
1145
1146 void qemu_mutex_unlock_ramlist(void)
1147 {
1148 qemu_mutex_unlock(&ram_list.mutex);
1149 }
1150
1151 #ifdef __linux__
1152
1153 #include <sys/vfs.h>
1154
1155 #define HUGETLBFS_MAGIC 0x958458f6
1156
1157 static long gethugepagesize(const char *path, Error **errp)
1158 {
1159 struct statfs fs;
1160 int ret;
1161
1162 do {
1163 ret = statfs(path, &fs);
1164 } while (ret != 0 && errno == EINTR);
1165
1166 if (ret != 0) {
1167 error_setg_errno(errp, errno, "failed to get page size of file %s",
1168 path);
1169 return 0;
1170 }
1171
1172 if (fs.f_type != HUGETLBFS_MAGIC)
1173 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1174
1175 return fs.f_bsize;
1176 }
1177
1178 static void *file_ram_alloc(RAMBlock *block,
1179 ram_addr_t memory,
1180 const char *path,
1181 Error **errp)
1182 {
1183 char *filename;
1184 char *sanitized_name;
1185 char *c;
1186 void *area = NULL;
1187 int fd;
1188 uint64_t hpagesize;
1189 Error *local_err = NULL;
1190
1191 hpagesize = gethugepagesize(path, &local_err);
1192 if (local_err) {
1193 error_propagate(errp, local_err);
1194 goto error;
1195 }
1196 block->mr->align = hpagesize;
1197
1198 if (memory < hpagesize) {
1199 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1200 "or larger than huge page size 0x%" PRIx64,
1201 memory, hpagesize);
1202 goto error;
1203 }
1204
1205 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1206 error_setg(errp,
1207 "host lacks kvm mmu notifiers, -mem-path unsupported");
1208 goto error;
1209 }
1210
1211 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1212 sanitized_name = g_strdup(memory_region_name(block->mr));
1213 for (c = sanitized_name; *c != '\0'; c++) {
1214 if (*c == '/')
1215 *c = '_';
1216 }
1217
1218 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1219 sanitized_name);
1220 g_free(sanitized_name);
1221
1222 fd = mkstemp(filename);
1223 if (fd < 0) {
1224 error_setg_errno(errp, errno,
1225 "unable to create backing store for hugepages");
1226 g_free(filename);
1227 goto error;
1228 }
1229 unlink(filename);
1230 g_free(filename);
1231
1232 memory = ROUND_UP(memory, hpagesize);
1233
1234 /*
1235 * ftruncate is not supported by hugetlbfs in older
1236 * hosts, so don't bother bailing out on errors.
1237 * If anything goes wrong with it under other filesystems,
1238 * mmap will fail.
1239 */
1240 if (ftruncate(fd, memory)) {
1241 perror("ftruncate");
1242 }
1243
1244 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1245 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1246 fd, 0);
1247 if (area == MAP_FAILED) {
1248 error_setg_errno(errp, errno,
1249 "unable to map backing store for hugepages");
1250 close(fd);
1251 goto error;
1252 }
1253
1254 if (mem_prealloc) {
1255 os_mem_prealloc(fd, area, memory);
1256 }
1257
1258 block->fd = fd;
1259 return area;
1260
1261 error:
1262 if (mem_prealloc) {
1263 error_report("%s", error_get_pretty(*errp));
1264 exit(1);
1265 }
1266 return NULL;
1267 }
1268 #endif
1269
1270 /* Called with the ramlist lock held. */
1271 static ram_addr_t find_ram_offset(ram_addr_t size)
1272 {
1273 RAMBlock *block, *next_block;
1274 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1275
1276 assert(size != 0); /* it would hand out same offset multiple times */
1277
1278 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1279 return 0;
1280 }
1281
1282 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1283 ram_addr_t end, next = RAM_ADDR_MAX;
1284
1285 end = block->offset + block->max_length;
1286
1287 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1288 if (next_block->offset >= end) {
1289 next = MIN(next, next_block->offset);
1290 }
1291 }
1292 if (next - end >= size && next - end < mingap) {
1293 offset = end;
1294 mingap = next - end;
1295 }
1296 }
1297
1298 if (offset == RAM_ADDR_MAX) {
1299 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1300 (uint64_t)size);
1301 abort();
1302 }
1303
1304 return offset;
1305 }
1306
1307 ram_addr_t last_ram_offset(void)
1308 {
1309 RAMBlock *block;
1310 ram_addr_t last = 0;
1311
1312 rcu_read_lock();
1313 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1314 last = MAX(last, block->offset + block->max_length);
1315 }
1316 rcu_read_unlock();
1317 return last;
1318 }
1319
1320 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1321 {
1322 int ret;
1323
1324 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1325 if (!machine_dump_guest_core(current_machine)) {
1326 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1327 if (ret) {
1328 perror("qemu_madvise");
1329 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1330 "but dump_guest_core=off specified\n");
1331 }
1332 }
1333 }
1334
1335 /* Called within an RCU critical section, or while the ramlist lock
1336 * is held.
1337 */
1338 static RAMBlock *find_ram_block(ram_addr_t addr)
1339 {
1340 RAMBlock *block;
1341
1342 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1343 if (block->offset == addr) {
1344 return block;
1345 }
1346 }
1347
1348 return NULL;
1349 }
1350
1351 /* Called with iothread lock held. */
1352 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1353 {
1354 RAMBlock *new_block, *block;
1355
1356 rcu_read_lock();
1357 new_block = find_ram_block(addr);
1358 assert(new_block);
1359 assert(!new_block->idstr[0]);
1360
1361 if (dev) {
1362 char *id = qdev_get_dev_path(dev);
1363 if (id) {
1364 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1365 g_free(id);
1366 }
1367 }
1368 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1369
1370 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1371 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1372 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1373 new_block->idstr);
1374 abort();
1375 }
1376 }
1377 rcu_read_unlock();
1378 }
1379
1380 /* Called with iothread lock held. */
1381 void qemu_ram_unset_idstr(ram_addr_t addr)
1382 {
1383 RAMBlock *block;
1384
1385 /* FIXME: arch_init.c assumes that this is not called throughout
1386 * migration. Ignore the problem since hot-unplug during migration
1387 * does not work anyway.
1388 */
1389
1390 rcu_read_lock();
1391 block = find_ram_block(addr);
1392 if (block) {
1393 memset(block->idstr, 0, sizeof(block->idstr));
1394 }
1395 rcu_read_unlock();
1396 }
1397
1398 static int memory_try_enable_merging(void *addr, size_t len)
1399 {
1400 if (!machine_mem_merge(current_machine)) {
1401 /* disabled by the user */
1402 return 0;
1403 }
1404
1405 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1406 }
1407
1408 /* Only legal before guest might have detected the memory size: e.g. on
1409 * incoming migration, or right after reset.
1410 *
1411 * As memory core doesn't know how is memory accessed, it is up to
1412 * resize callback to update device state and/or add assertions to detect
1413 * misuse, if necessary.
1414 */
1415 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1416 {
1417 RAMBlock *block = find_ram_block(base);
1418
1419 assert(block);
1420
1421 newsize = TARGET_PAGE_ALIGN(newsize);
1422
1423 if (block->used_length == newsize) {
1424 return 0;
1425 }
1426
1427 if (!(block->flags & RAM_RESIZEABLE)) {
1428 error_setg_errno(errp, EINVAL,
1429 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1430 " in != 0x" RAM_ADDR_FMT, block->idstr,
1431 newsize, block->used_length);
1432 return -EINVAL;
1433 }
1434
1435 if (block->max_length < newsize) {
1436 error_setg_errno(errp, EINVAL,
1437 "Length too large: %s: 0x" RAM_ADDR_FMT
1438 " > 0x" RAM_ADDR_FMT, block->idstr,
1439 newsize, block->max_length);
1440 return -EINVAL;
1441 }
1442
1443 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1444 block->used_length = newsize;
1445 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1446 DIRTY_CLIENTS_ALL);
1447 memory_region_set_size(block->mr, newsize);
1448 if (block->resized) {
1449 block->resized(block->idstr, newsize, block->host);
1450 }
1451 return 0;
1452 }
1453
1454 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1455 {
1456 RAMBlock *block;
1457 RAMBlock *last_block = NULL;
1458 ram_addr_t old_ram_size, new_ram_size;
1459
1460 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1461
1462 qemu_mutex_lock_ramlist();
1463 new_block->offset = find_ram_offset(new_block->max_length);
1464
1465 if (!new_block->host) {
1466 if (xen_enabled()) {
1467 xen_ram_alloc(new_block->offset, new_block->max_length,
1468 new_block->mr);
1469 } else {
1470 new_block->host = phys_mem_alloc(new_block->max_length,
1471 &new_block->mr->align);
1472 if (!new_block->host) {
1473 error_setg_errno(errp, errno,
1474 "cannot set up guest memory '%s'",
1475 memory_region_name(new_block->mr));
1476 qemu_mutex_unlock_ramlist();
1477 return -1;
1478 }
1479 memory_try_enable_merging(new_block->host, new_block->max_length);
1480 }
1481 }
1482
1483 new_ram_size = MAX(old_ram_size,
1484 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1485 if (new_ram_size > old_ram_size) {
1486 migration_bitmap_extend(old_ram_size, new_ram_size);
1487 }
1488 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1489 * QLIST (which has an RCU-friendly variant) does not have insertion at
1490 * tail, so save the last element in last_block.
1491 */
1492 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1493 last_block = block;
1494 if (block->max_length < new_block->max_length) {
1495 break;
1496 }
1497 }
1498 if (block) {
1499 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1500 } else if (last_block) {
1501 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1502 } else { /* list is empty */
1503 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1504 }
1505 ram_list.mru_block = NULL;
1506
1507 /* Write list before version */
1508 smp_wmb();
1509 ram_list.version++;
1510 qemu_mutex_unlock_ramlist();
1511
1512 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1513
1514 if (new_ram_size > old_ram_size) {
1515 int i;
1516
1517 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1518 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1519 ram_list.dirty_memory[i] =
1520 bitmap_zero_extend(ram_list.dirty_memory[i],
1521 old_ram_size, new_ram_size);
1522 }
1523 }
1524 cpu_physical_memory_set_dirty_range(new_block->offset,
1525 new_block->used_length,
1526 DIRTY_CLIENTS_ALL);
1527
1528 if (new_block->host) {
1529 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1530 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1531 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1532 if (kvm_enabled()) {
1533 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1534 }
1535 }
1536
1537 return new_block->offset;
1538 }
1539
1540 #ifdef __linux__
1541 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1542 bool share, const char *mem_path,
1543 Error **errp)
1544 {
1545 RAMBlock *new_block;
1546 ram_addr_t addr;
1547 Error *local_err = NULL;
1548
1549 if (xen_enabled()) {
1550 error_setg(errp, "-mem-path not supported with Xen");
1551 return -1;
1552 }
1553
1554 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1555 /*
1556 * file_ram_alloc() needs to allocate just like
1557 * phys_mem_alloc, but we haven't bothered to provide
1558 * a hook there.
1559 */
1560 error_setg(errp,
1561 "-mem-path not supported with this accelerator");
1562 return -1;
1563 }
1564
1565 size = TARGET_PAGE_ALIGN(size);
1566 new_block = g_malloc0(sizeof(*new_block));
1567 new_block->mr = mr;
1568 new_block->used_length = size;
1569 new_block->max_length = size;
1570 new_block->flags = share ? RAM_SHARED : 0;
1571 new_block->host = file_ram_alloc(new_block, size,
1572 mem_path, errp);
1573 if (!new_block->host) {
1574 g_free(new_block);
1575 return -1;
1576 }
1577
1578 addr = ram_block_add(new_block, &local_err);
1579 if (local_err) {
1580 g_free(new_block);
1581 error_propagate(errp, local_err);
1582 return -1;
1583 }
1584 return addr;
1585 }
1586 #endif
1587
1588 static
1589 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1590 void (*resized)(const char*,
1591 uint64_t length,
1592 void *host),
1593 void *host, bool resizeable,
1594 MemoryRegion *mr, Error **errp)
1595 {
1596 RAMBlock *new_block;
1597 ram_addr_t addr;
1598 Error *local_err = NULL;
1599
1600 size = TARGET_PAGE_ALIGN(size);
1601 max_size = TARGET_PAGE_ALIGN(max_size);
1602 new_block = g_malloc0(sizeof(*new_block));
1603 new_block->mr = mr;
1604 new_block->resized = resized;
1605 new_block->used_length = size;
1606 new_block->max_length = max_size;
1607 assert(max_size >= size);
1608 new_block->fd = -1;
1609 new_block->host = host;
1610 if (host) {
1611 new_block->flags |= RAM_PREALLOC;
1612 }
1613 if (resizeable) {
1614 new_block->flags |= RAM_RESIZEABLE;
1615 }
1616 addr = ram_block_add(new_block, &local_err);
1617 if (local_err) {
1618 g_free(new_block);
1619 error_propagate(errp, local_err);
1620 return -1;
1621 }
1622 return addr;
1623 }
1624
1625 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1626 MemoryRegion *mr, Error **errp)
1627 {
1628 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1629 }
1630
1631 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1632 {
1633 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1634 }
1635
1636 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1637 void (*resized)(const char*,
1638 uint64_t length,
1639 void *host),
1640 MemoryRegion *mr, Error **errp)
1641 {
1642 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1643 }
1644
1645 void qemu_ram_free_from_ptr(ram_addr_t addr)
1646 {
1647 RAMBlock *block;
1648
1649 qemu_mutex_lock_ramlist();
1650 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1651 if (addr == block->offset) {
1652 QLIST_REMOVE_RCU(block, next);
1653 ram_list.mru_block = NULL;
1654 /* Write list before version */
1655 smp_wmb();
1656 ram_list.version++;
1657 g_free_rcu(block, rcu);
1658 break;
1659 }
1660 }
1661 qemu_mutex_unlock_ramlist();
1662 }
1663
1664 static void reclaim_ramblock(RAMBlock *block)
1665 {
1666 if (block->flags & RAM_PREALLOC) {
1667 ;
1668 } else if (xen_enabled()) {
1669 xen_invalidate_map_cache_entry(block->host);
1670 #ifndef _WIN32
1671 } else if (block->fd >= 0) {
1672 munmap(block->host, block->max_length);
1673 close(block->fd);
1674 #endif
1675 } else {
1676 qemu_anon_ram_free(block->host, block->max_length);
1677 }
1678 g_free(block);
1679 }
1680
1681 void qemu_ram_free(ram_addr_t addr)
1682 {
1683 RAMBlock *block;
1684
1685 qemu_mutex_lock_ramlist();
1686 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1687 if (addr == block->offset) {
1688 QLIST_REMOVE_RCU(block, next);
1689 ram_list.mru_block = NULL;
1690 /* Write list before version */
1691 smp_wmb();
1692 ram_list.version++;
1693 call_rcu(block, reclaim_ramblock, rcu);
1694 break;
1695 }
1696 }
1697 qemu_mutex_unlock_ramlist();
1698 }
1699
1700 #ifndef _WIN32
1701 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1702 {
1703 RAMBlock *block;
1704 ram_addr_t offset;
1705 int flags;
1706 void *area, *vaddr;
1707
1708 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1709 offset = addr - block->offset;
1710 if (offset < block->max_length) {
1711 vaddr = ramblock_ptr(block, offset);
1712 if (block->flags & RAM_PREALLOC) {
1713 ;
1714 } else if (xen_enabled()) {
1715 abort();
1716 } else {
1717 flags = MAP_FIXED;
1718 if (block->fd >= 0) {
1719 flags |= (block->flags & RAM_SHARED ?
1720 MAP_SHARED : MAP_PRIVATE);
1721 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1722 flags, block->fd, offset);
1723 } else {
1724 /*
1725 * Remap needs to match alloc. Accelerators that
1726 * set phys_mem_alloc never remap. If they did,
1727 * we'd need a remap hook here.
1728 */
1729 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1730
1731 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1732 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1733 flags, -1, 0);
1734 }
1735 if (area != vaddr) {
1736 fprintf(stderr, "Could not remap addr: "
1737 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1738 length, addr);
1739 exit(1);
1740 }
1741 memory_try_enable_merging(vaddr, length);
1742 qemu_ram_setup_dump(vaddr, length);
1743 }
1744 }
1745 }
1746 }
1747 #endif /* !_WIN32 */
1748
1749 int qemu_get_ram_fd(ram_addr_t addr)
1750 {
1751 RAMBlock *block;
1752 int fd;
1753
1754 rcu_read_lock();
1755 block = qemu_get_ram_block(addr);
1756 fd = block->fd;
1757 rcu_read_unlock();
1758 return fd;
1759 }
1760
1761 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1762 {
1763 RAMBlock *block;
1764 void *ptr;
1765
1766 rcu_read_lock();
1767 block = qemu_get_ram_block(addr);
1768 ptr = ramblock_ptr(block, 0);
1769 rcu_read_unlock();
1770 return ptr;
1771 }
1772
1773 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1774 * This should not be used for general purpose DMA. Use address_space_map
1775 * or address_space_rw instead. For local memory (e.g. video ram) that the
1776 * device owns, use memory_region_get_ram_ptr.
1777 *
1778 * By the time this function returns, the returned pointer is not protected
1779 * by RCU anymore. If the caller is not within an RCU critical section and
1780 * does not hold the iothread lock, it must have other means of protecting the
1781 * pointer, such as a reference to the region that includes the incoming
1782 * ram_addr_t.
1783 */
1784 void *qemu_get_ram_ptr(ram_addr_t addr)
1785 {
1786 RAMBlock *block;
1787 void *ptr;
1788
1789 rcu_read_lock();
1790 block = qemu_get_ram_block(addr);
1791
1792 if (xen_enabled() && block->host == NULL) {
1793 /* We need to check if the requested address is in the RAM
1794 * because we don't want to map the entire memory in QEMU.
1795 * In that case just map until the end of the page.
1796 */
1797 if (block->offset == 0) {
1798 ptr = xen_map_cache(addr, 0, 0);
1799 goto unlock;
1800 }
1801
1802 block->host = xen_map_cache(block->offset, block->max_length, 1);
1803 }
1804 ptr = ramblock_ptr(block, addr - block->offset);
1805
1806 unlock:
1807 rcu_read_unlock();
1808 return ptr;
1809 }
1810
1811 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1812 * but takes a size argument.
1813 *
1814 * By the time this function returns, the returned pointer is not protected
1815 * by RCU anymore. If the caller is not within an RCU critical section and
1816 * does not hold the iothread lock, it must have other means of protecting the
1817 * pointer, such as a reference to the region that includes the incoming
1818 * ram_addr_t.
1819 */
1820 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1821 {
1822 void *ptr;
1823 if (*size == 0) {
1824 return NULL;
1825 }
1826 if (xen_enabled()) {
1827 return xen_map_cache(addr, *size, 1);
1828 } else {
1829 RAMBlock *block;
1830 rcu_read_lock();
1831 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1832 if (addr - block->offset < block->max_length) {
1833 if (addr - block->offset + *size > block->max_length)
1834 *size = block->max_length - addr + block->offset;
1835 ptr = ramblock_ptr(block, addr - block->offset);
1836 rcu_read_unlock();
1837 return ptr;
1838 }
1839 }
1840
1841 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1842 abort();
1843 }
1844 }
1845
1846 /* Some of the softmmu routines need to translate from a host pointer
1847 * (typically a TLB entry) back to a ram offset.
1848 *
1849 * By the time this function returns, the returned pointer is not protected
1850 * by RCU anymore. If the caller is not within an RCU critical section and
1851 * does not hold the iothread lock, it must have other means of protecting the
1852 * pointer, such as a reference to the region that includes the incoming
1853 * ram_addr_t.
1854 */
1855 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1856 {
1857 RAMBlock *block;
1858 uint8_t *host = ptr;
1859 MemoryRegion *mr;
1860
1861 if (xen_enabled()) {
1862 rcu_read_lock();
1863 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1864 mr = qemu_get_ram_block(*ram_addr)->mr;
1865 rcu_read_unlock();
1866 return mr;
1867 }
1868
1869 rcu_read_lock();
1870 block = atomic_rcu_read(&ram_list.mru_block);
1871 if (block && block->host && host - block->host < block->max_length) {
1872 goto found;
1873 }
1874
1875 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1876 /* This case append when the block is not mapped. */
1877 if (block->host == NULL) {
1878 continue;
1879 }
1880 if (host - block->host < block->max_length) {
1881 goto found;
1882 }
1883 }
1884
1885 rcu_read_unlock();
1886 return NULL;
1887
1888 found:
1889 *ram_addr = block->offset + (host - block->host);
1890 mr = block->mr;
1891 rcu_read_unlock();
1892 return mr;
1893 }
1894
1895 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1896 uint64_t val, unsigned size)
1897 {
1898 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1899 tb_invalidate_phys_page_fast(ram_addr, size);
1900 }
1901 switch (size) {
1902 case 1:
1903 stb_p(qemu_get_ram_ptr(ram_addr), val);
1904 break;
1905 case 2:
1906 stw_p(qemu_get_ram_ptr(ram_addr), val);
1907 break;
1908 case 4:
1909 stl_p(qemu_get_ram_ptr(ram_addr), val);
1910 break;
1911 default:
1912 abort();
1913 }
1914 /* Set both VGA and migration bits for simplicity and to remove
1915 * the notdirty callback faster.
1916 */
1917 cpu_physical_memory_set_dirty_range(ram_addr, size,
1918 DIRTY_CLIENTS_NOCODE);
1919 /* we remove the notdirty callback only if the code has been
1920 flushed */
1921 if (!cpu_physical_memory_is_clean(ram_addr)) {
1922 CPUArchState *env = current_cpu->env_ptr;
1923 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1924 }
1925 }
1926
1927 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1928 unsigned size, bool is_write)
1929 {
1930 return is_write;
1931 }
1932
1933 static const MemoryRegionOps notdirty_mem_ops = {
1934 .write = notdirty_mem_write,
1935 .valid.accepts = notdirty_mem_accepts,
1936 .endianness = DEVICE_NATIVE_ENDIAN,
1937 };
1938
1939 /* Generate a debug exception if a watchpoint has been hit. */
1940 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1941 {
1942 CPUState *cpu = current_cpu;
1943 CPUArchState *env = cpu->env_ptr;
1944 target_ulong pc, cs_base;
1945 target_ulong vaddr;
1946 CPUWatchpoint *wp;
1947 int cpu_flags;
1948
1949 if (cpu->watchpoint_hit) {
1950 /* We re-entered the check after replacing the TB. Now raise
1951 * the debug interrupt so that is will trigger after the
1952 * current instruction. */
1953 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1954 return;
1955 }
1956 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1957 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1958 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1959 && (wp->flags & flags)) {
1960 if (flags == BP_MEM_READ) {
1961 wp->flags |= BP_WATCHPOINT_HIT_READ;
1962 } else {
1963 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1964 }
1965 wp->hitaddr = vaddr;
1966 wp->hitattrs = attrs;
1967 if (!cpu->watchpoint_hit) {
1968 cpu->watchpoint_hit = wp;
1969 tb_check_watchpoint(cpu);
1970 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1971 cpu->exception_index = EXCP_DEBUG;
1972 cpu_loop_exit(cpu);
1973 } else {
1974 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1975 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1976 cpu_resume_from_signal(cpu, NULL);
1977 }
1978 }
1979 } else {
1980 wp->flags &= ~BP_WATCHPOINT_HIT;
1981 }
1982 }
1983 }
1984
1985 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1986 so these check for a hit then pass through to the normal out-of-line
1987 phys routines. */
1988 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
1989 unsigned size, MemTxAttrs attrs)
1990 {
1991 MemTxResult res;
1992 uint64_t data;
1993
1994 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1995 switch (size) {
1996 case 1:
1997 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
1998 break;
1999 case 2:
2000 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2001 break;
2002 case 4:
2003 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2004 break;
2005 default: abort();
2006 }
2007 *pdata = data;
2008 return res;
2009 }
2010
2011 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2012 uint64_t val, unsigned size,
2013 MemTxAttrs attrs)
2014 {
2015 MemTxResult res;
2016
2017 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2018 switch (size) {
2019 case 1:
2020 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2021 break;
2022 case 2:
2023 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2024 break;
2025 case 4:
2026 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2027 break;
2028 default: abort();
2029 }
2030 return res;
2031 }
2032
2033 static const MemoryRegionOps watch_mem_ops = {
2034 .read_with_attrs = watch_mem_read,
2035 .write_with_attrs = watch_mem_write,
2036 .endianness = DEVICE_NATIVE_ENDIAN,
2037 };
2038
2039 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2040 unsigned len, MemTxAttrs attrs)
2041 {
2042 subpage_t *subpage = opaque;
2043 uint8_t buf[8];
2044 MemTxResult res;
2045
2046 #if defined(DEBUG_SUBPAGE)
2047 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2048 subpage, len, addr);
2049 #endif
2050 res = address_space_read(subpage->as, addr + subpage->base,
2051 attrs, buf, len);
2052 if (res) {
2053 return res;
2054 }
2055 switch (len) {
2056 case 1:
2057 *data = ldub_p(buf);
2058 return MEMTX_OK;
2059 case 2:
2060 *data = lduw_p(buf);
2061 return MEMTX_OK;
2062 case 4:
2063 *data = ldl_p(buf);
2064 return MEMTX_OK;
2065 case 8:
2066 *data = ldq_p(buf);
2067 return MEMTX_OK;
2068 default:
2069 abort();
2070 }
2071 }
2072
2073 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2074 uint64_t value, unsigned len, MemTxAttrs attrs)
2075 {
2076 subpage_t *subpage = opaque;
2077 uint8_t buf[8];
2078
2079 #if defined(DEBUG_SUBPAGE)
2080 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2081 " value %"PRIx64"\n",
2082 __func__, subpage, len, addr, value);
2083 #endif
2084 switch (len) {
2085 case 1:
2086 stb_p(buf, value);
2087 break;
2088 case 2:
2089 stw_p(buf, value);
2090 break;
2091 case 4:
2092 stl_p(buf, value);
2093 break;
2094 case 8:
2095 stq_p(buf, value);
2096 break;
2097 default:
2098 abort();
2099 }
2100 return address_space_write(subpage->as, addr + subpage->base,
2101 attrs, buf, len);
2102 }
2103
2104 static bool subpage_accepts(void *opaque, hwaddr addr,
2105 unsigned len, bool is_write)
2106 {
2107 subpage_t *subpage = opaque;
2108 #if defined(DEBUG_SUBPAGE)
2109 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2110 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2111 #endif
2112
2113 return address_space_access_valid(subpage->as, addr + subpage->base,
2114 len, is_write);
2115 }
2116
2117 static const MemoryRegionOps subpage_ops = {
2118 .read_with_attrs = subpage_read,
2119 .write_with_attrs = subpage_write,
2120 .impl.min_access_size = 1,
2121 .impl.max_access_size = 8,
2122 .valid.min_access_size = 1,
2123 .valid.max_access_size = 8,
2124 .valid.accepts = subpage_accepts,
2125 .endianness = DEVICE_NATIVE_ENDIAN,
2126 };
2127
2128 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2129 uint16_t section)
2130 {
2131 int idx, eidx;
2132
2133 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2134 return -1;
2135 idx = SUBPAGE_IDX(start);
2136 eidx = SUBPAGE_IDX(end);
2137 #if defined(DEBUG_SUBPAGE)
2138 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2139 __func__, mmio, start, end, idx, eidx, section);
2140 #endif
2141 for (; idx <= eidx; idx++) {
2142 mmio->sub_section[idx] = section;
2143 }
2144
2145 return 0;
2146 }
2147
2148 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2149 {
2150 subpage_t *mmio;
2151
2152 mmio = g_malloc0(sizeof(subpage_t));
2153
2154 mmio->as = as;
2155 mmio->base = base;
2156 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2157 NULL, TARGET_PAGE_SIZE);
2158 mmio->iomem.subpage = true;
2159 #if defined(DEBUG_SUBPAGE)
2160 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2161 mmio, base, TARGET_PAGE_SIZE);
2162 #endif
2163 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2164
2165 return mmio;
2166 }
2167
2168 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2169 MemoryRegion *mr)
2170 {
2171 assert(as);
2172 MemoryRegionSection section = {
2173 .address_space = as,
2174 .mr = mr,
2175 .offset_within_address_space = 0,
2176 .offset_within_region = 0,
2177 .size = int128_2_64(),
2178 };
2179
2180 return phys_section_add(map, &section);
2181 }
2182
2183 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2184 {
2185 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2186 MemoryRegionSection *sections = d->map.sections;
2187
2188 return sections[index & ~TARGET_PAGE_MASK].mr;
2189 }
2190
2191 static void io_mem_init(void)
2192 {
2193 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2194 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2195 NULL, UINT64_MAX);
2196 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2197 NULL, UINT64_MAX);
2198 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2199 NULL, UINT64_MAX);
2200 }
2201
2202 static void mem_begin(MemoryListener *listener)
2203 {
2204 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2205 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2206 uint16_t n;
2207
2208 n = dummy_section(&d->map, as, &io_mem_unassigned);
2209 assert(n == PHYS_SECTION_UNASSIGNED);
2210 n = dummy_section(&d->map, as, &io_mem_notdirty);
2211 assert(n == PHYS_SECTION_NOTDIRTY);
2212 n = dummy_section(&d->map, as, &io_mem_rom);
2213 assert(n == PHYS_SECTION_ROM);
2214 n = dummy_section(&d->map, as, &io_mem_watch);
2215 assert(n == PHYS_SECTION_WATCH);
2216
2217 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2218 d->as = as;
2219 as->next_dispatch = d;
2220 }
2221
2222 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2223 {
2224 phys_sections_free(&d->map);
2225 g_free(d);
2226 }
2227
2228 static void mem_commit(MemoryListener *listener)
2229 {
2230 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2231 AddressSpaceDispatch *cur = as->dispatch;
2232 AddressSpaceDispatch *next = as->next_dispatch;
2233
2234 phys_page_compact_all(next, next->map.nodes_nb);
2235
2236 atomic_rcu_set(&as->dispatch, next);
2237 if (cur) {
2238 call_rcu(cur, address_space_dispatch_free, rcu);
2239 }
2240 }
2241
2242 static void tcg_commit(MemoryListener *listener)
2243 {
2244 CPUState *cpu;
2245
2246 /* since each CPU stores ram addresses in its TLB cache, we must
2247 reset the modified entries */
2248 /* XXX: slow ! */
2249 CPU_FOREACH(cpu) {
2250 /* FIXME: Disentangle the cpu.h circular files deps so we can
2251 directly get the right CPU from listener. */
2252 if (cpu->tcg_as_listener != listener) {
2253 continue;
2254 }
2255 cpu_reload_memory_map(cpu);
2256 }
2257 }
2258
2259 void address_space_init_dispatch(AddressSpace *as)
2260 {
2261 as->dispatch = NULL;
2262 as->dispatch_listener = (MemoryListener) {
2263 .begin = mem_begin,
2264 .commit = mem_commit,
2265 .region_add = mem_add,
2266 .region_nop = mem_add,
2267 .priority = 0,
2268 };
2269 memory_listener_register(&as->dispatch_listener, as);
2270 }
2271
2272 void address_space_unregister(AddressSpace *as)
2273 {
2274 memory_listener_unregister(&as->dispatch_listener);
2275 }
2276
2277 void address_space_destroy_dispatch(AddressSpace *as)
2278 {
2279 AddressSpaceDispatch *d = as->dispatch;
2280
2281 atomic_rcu_set(&as->dispatch, NULL);
2282 if (d) {
2283 call_rcu(d, address_space_dispatch_free, rcu);
2284 }
2285 }
2286
2287 static void memory_map_init(void)
2288 {
2289 system_memory = g_malloc(sizeof(*system_memory));
2290
2291 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2292 address_space_init(&address_space_memory, system_memory, "memory");
2293
2294 system_io = g_malloc(sizeof(*system_io));
2295 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2296 65536);
2297 address_space_init(&address_space_io, system_io, "I/O");
2298 }
2299
2300 MemoryRegion *get_system_memory(void)
2301 {
2302 return system_memory;
2303 }
2304
2305 MemoryRegion *get_system_io(void)
2306 {
2307 return system_io;
2308 }
2309
2310 #endif /* !defined(CONFIG_USER_ONLY) */
2311
2312 /* physical memory access (slow version, mainly for debug) */
2313 #if defined(CONFIG_USER_ONLY)
2314 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2315 uint8_t *buf, int len, int is_write)
2316 {
2317 int l, flags;
2318 target_ulong page;
2319 void * p;
2320
2321 while (len > 0) {
2322 page = addr & TARGET_PAGE_MASK;
2323 l = (page + TARGET_PAGE_SIZE) - addr;
2324 if (l > len)
2325 l = len;
2326 flags = page_get_flags(page);
2327 if (!(flags & PAGE_VALID))
2328 return -1;
2329 if (is_write) {
2330 if (!(flags & PAGE_WRITE))
2331 return -1;
2332 /* XXX: this code should not depend on lock_user */
2333 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2334 return -1;
2335 memcpy(p, buf, l);
2336 unlock_user(p, addr, l);
2337 } else {
2338 if (!(flags & PAGE_READ))
2339 return -1;
2340 /* XXX: this code should not depend on lock_user */
2341 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2342 return -1;
2343 memcpy(buf, p, l);
2344 unlock_user(p, addr, 0);
2345 }
2346 len -= l;
2347 buf += l;
2348 addr += l;
2349 }
2350 return 0;
2351 }
2352
2353 #else
2354
2355 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2356 hwaddr length)
2357 {
2358 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2359 /* No early return if dirty_log_mask is or becomes 0, because
2360 * cpu_physical_memory_set_dirty_range will still call
2361 * xen_modified_memory.
2362 */
2363 if (dirty_log_mask) {
2364 dirty_log_mask =
2365 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2366 }
2367 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2368 tb_invalidate_phys_range(addr, addr + length);
2369 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2370 }
2371 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2372 }
2373
2374 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2375 {
2376 unsigned access_size_max = mr->ops->valid.max_access_size;
2377
2378 /* Regions are assumed to support 1-4 byte accesses unless
2379 otherwise specified. */
2380 if (access_size_max == 0) {
2381 access_size_max = 4;
2382 }
2383
2384 /* Bound the maximum access by the alignment of the address. */
2385 if (!mr->ops->impl.unaligned) {
2386 unsigned align_size_max = addr & -addr;
2387 if (align_size_max != 0 && align_size_max < access_size_max) {
2388 access_size_max = align_size_max;
2389 }
2390 }
2391
2392 /* Don't attempt accesses larger than the maximum. */
2393 if (l > access_size_max) {
2394 l = access_size_max;
2395 }
2396 l = pow2floor(l);
2397
2398 return l;
2399 }
2400
2401 static bool prepare_mmio_access(MemoryRegion *mr)
2402 {
2403 bool unlocked = !qemu_mutex_iothread_locked();
2404 bool release_lock = false;
2405
2406 if (unlocked && mr->global_locking) {
2407 qemu_mutex_lock_iothread();
2408 unlocked = false;
2409 release_lock = true;
2410 }
2411 if (mr->flush_coalesced_mmio) {
2412 if (unlocked) {
2413 qemu_mutex_lock_iothread();
2414 }
2415 qemu_flush_coalesced_mmio_buffer();
2416 if (unlocked) {
2417 qemu_mutex_unlock_iothread();
2418 }
2419 }
2420
2421 return release_lock;
2422 }
2423
2424 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2425 uint8_t *buf, int len, bool is_write)
2426 {
2427 hwaddr l;
2428 uint8_t *ptr;
2429 uint64_t val;
2430 hwaddr addr1;
2431 MemoryRegion *mr;
2432 MemTxResult result = MEMTX_OK;
2433 bool release_lock = false;
2434
2435 rcu_read_lock();
2436 while (len > 0) {
2437 l = len;
2438 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2439
2440 if (is_write) {
2441 if (!memory_access_is_direct(mr, is_write)) {
2442 release_lock |= prepare_mmio_access(mr);
2443 l = memory_access_size(mr, l, addr1);
2444 /* XXX: could force current_cpu to NULL to avoid
2445 potential bugs */
2446 switch (l) {
2447 case 8:
2448 /* 64 bit write access */
2449 val = ldq_p(buf);
2450 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2451 attrs);
2452 break;
2453 case 4:
2454 /* 32 bit write access */
2455 val = ldl_p(buf);
2456 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2457 attrs);
2458 break;
2459 case 2:
2460 /* 16 bit write access */
2461 val = lduw_p(buf);
2462 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2463 attrs);
2464 break;
2465 case 1:
2466 /* 8 bit write access */
2467 val = ldub_p(buf);
2468 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2469 attrs);
2470 break;
2471 default:
2472 abort();
2473 }
2474 } else {
2475 addr1 += memory_region_get_ram_addr(mr);
2476 /* RAM case */
2477 ptr = qemu_get_ram_ptr(addr1);
2478 memcpy(ptr, buf, l);
2479 invalidate_and_set_dirty(mr, addr1, l);
2480 }
2481 } else {
2482 if (!memory_access_is_direct(mr, is_write)) {
2483 /* I/O case */
2484 release_lock |= prepare_mmio_access(mr);
2485 l = memory_access_size(mr, l, addr1);
2486 switch (l) {
2487 case 8:
2488 /* 64 bit read access */
2489 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2490 attrs);
2491 stq_p(buf, val);
2492 break;
2493 case 4:
2494 /* 32 bit read access */
2495 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2496 attrs);
2497 stl_p(buf, val);
2498 break;
2499 case 2:
2500 /* 16 bit read access */
2501 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2502 attrs);
2503 stw_p(buf, val);
2504 break;
2505 case 1:
2506 /* 8 bit read access */
2507 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2508 attrs);
2509 stb_p(buf, val);
2510 break;
2511 default:
2512 abort();
2513 }
2514 } else {
2515 /* RAM case */
2516 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2517 memcpy(buf, ptr, l);
2518 }
2519 }
2520
2521 if (release_lock) {
2522 qemu_mutex_unlock_iothread();
2523 release_lock = false;
2524 }
2525
2526 len -= l;
2527 buf += l;
2528 addr += l;
2529 }
2530 rcu_read_unlock();
2531
2532 return result;
2533 }
2534
2535 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2536 const uint8_t *buf, int len)
2537 {
2538 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2539 }
2540
2541 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2542 uint8_t *buf, int len)
2543 {
2544 return address_space_rw(as, addr, attrs, buf, len, false);
2545 }
2546
2547
2548 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2549 int len, int is_write)
2550 {
2551 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2552 buf, len, is_write);
2553 }
2554
2555 enum write_rom_type {
2556 WRITE_DATA,
2557 FLUSH_CACHE,
2558 };
2559
2560 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2561 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2562 {
2563 hwaddr l;
2564 uint8_t *ptr;
2565 hwaddr addr1;
2566 MemoryRegion *mr;
2567
2568 rcu_read_lock();
2569 while (len > 0) {
2570 l = len;
2571 mr = address_space_translate(as, addr, &addr1, &l, true);
2572
2573 if (!(memory_region_is_ram(mr) ||
2574 memory_region_is_romd(mr))) {
2575 l = memory_access_size(mr, l, addr1);
2576 } else {
2577 addr1 += memory_region_get_ram_addr(mr);
2578 /* ROM/RAM case */
2579 ptr = qemu_get_ram_ptr(addr1);
2580 switch (type) {
2581 case WRITE_DATA:
2582 memcpy(ptr, buf, l);
2583 invalidate_and_set_dirty(mr, addr1, l);
2584 break;
2585 case FLUSH_CACHE:
2586 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2587 break;
2588 }
2589 }
2590 len -= l;
2591 buf += l;
2592 addr += l;
2593 }
2594 rcu_read_unlock();
2595 }
2596
2597 /* used for ROM loading : can write in RAM and ROM */
2598 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2599 const uint8_t *buf, int len)
2600 {
2601 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2602 }
2603
2604 void cpu_flush_icache_range(hwaddr start, int len)
2605 {
2606 /*
2607 * This function should do the same thing as an icache flush that was
2608 * triggered from within the guest. For TCG we are always cache coherent,
2609 * so there is no need to flush anything. For KVM / Xen we need to flush
2610 * the host's instruction cache at least.
2611 */
2612 if (tcg_enabled()) {
2613 return;
2614 }
2615
2616 cpu_physical_memory_write_rom_internal(&address_space_memory,
2617 start, NULL, len, FLUSH_CACHE);
2618 }
2619
2620 typedef struct {
2621 MemoryRegion *mr;
2622 void *buffer;
2623 hwaddr addr;
2624 hwaddr len;
2625 bool in_use;
2626 } BounceBuffer;
2627
2628 static BounceBuffer bounce;
2629
2630 typedef struct MapClient {
2631 QEMUBH *bh;
2632 QLIST_ENTRY(MapClient) link;
2633 } MapClient;
2634
2635 QemuMutex map_client_list_lock;
2636 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2637 = QLIST_HEAD_INITIALIZER(map_client_list);
2638
2639 static void cpu_unregister_map_client_do(MapClient *client)
2640 {
2641 QLIST_REMOVE(client, link);
2642 g_free(client);
2643 }
2644
2645 static void cpu_notify_map_clients_locked(void)
2646 {
2647 MapClient *client;
2648
2649 while (!QLIST_EMPTY(&map_client_list)) {
2650 client = QLIST_FIRST(&map_client_list);
2651 qemu_bh_schedule(client->bh);
2652 cpu_unregister_map_client_do(client);
2653 }
2654 }
2655
2656 void cpu_register_map_client(QEMUBH *bh)
2657 {
2658 MapClient *client = g_malloc(sizeof(*client));
2659
2660 qemu_mutex_lock(&map_client_list_lock);
2661 client->bh = bh;
2662 QLIST_INSERT_HEAD(&map_client_list, client, link);
2663 if (!atomic_read(&bounce.in_use)) {
2664 cpu_notify_map_clients_locked();
2665 }
2666 qemu_mutex_unlock(&map_client_list_lock);
2667 }
2668
2669 void cpu_exec_init_all(void)
2670 {
2671 qemu_mutex_init(&ram_list.mutex);
2672 memory_map_init();
2673 io_mem_init();
2674 qemu_mutex_init(&map_client_list_lock);
2675 }
2676
2677 void cpu_unregister_map_client(QEMUBH *bh)
2678 {
2679 MapClient *client;
2680
2681 qemu_mutex_lock(&map_client_list_lock);
2682 QLIST_FOREACH(client, &map_client_list, link) {
2683 if (client->bh == bh) {
2684 cpu_unregister_map_client_do(client);
2685 break;
2686 }
2687 }
2688 qemu_mutex_unlock(&map_client_list_lock);
2689 }
2690
2691 static void cpu_notify_map_clients(void)
2692 {
2693 qemu_mutex_lock(&map_client_list_lock);
2694 cpu_notify_map_clients_locked();
2695 qemu_mutex_unlock(&map_client_list_lock);
2696 }
2697
2698 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2699 {
2700 MemoryRegion *mr;
2701 hwaddr l, xlat;
2702
2703 rcu_read_lock();
2704 while (len > 0) {
2705 l = len;
2706 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2707 if (!memory_access_is_direct(mr, is_write)) {
2708 l = memory_access_size(mr, l, addr);
2709 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2710 return false;
2711 }
2712 }
2713
2714 len -= l;
2715 addr += l;
2716 }
2717 rcu_read_unlock();
2718 return true;
2719 }
2720
2721 /* Map a physical memory region into a host virtual address.
2722 * May map a subset of the requested range, given by and returned in *plen.
2723 * May return NULL if resources needed to perform the mapping are exhausted.
2724 * Use only for reads OR writes - not for read-modify-write operations.
2725 * Use cpu_register_map_client() to know when retrying the map operation is
2726 * likely to succeed.
2727 */
2728 void *address_space_map(AddressSpace *as,
2729 hwaddr addr,
2730 hwaddr *plen,
2731 bool is_write)
2732 {
2733 hwaddr len = *plen;
2734 hwaddr done = 0;
2735 hwaddr l, xlat, base;
2736 MemoryRegion *mr, *this_mr;
2737 ram_addr_t raddr;
2738
2739 if (len == 0) {
2740 return NULL;
2741 }
2742
2743 l = len;
2744 rcu_read_lock();
2745 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2746
2747 if (!memory_access_is_direct(mr, is_write)) {
2748 if (atomic_xchg(&bounce.in_use, true)) {
2749 rcu_read_unlock();
2750 return NULL;
2751 }
2752 /* Avoid unbounded allocations */
2753 l = MIN(l, TARGET_PAGE_SIZE);
2754 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2755 bounce.addr = addr;
2756 bounce.len = l;
2757
2758 memory_region_ref(mr);
2759 bounce.mr = mr;
2760 if (!is_write) {
2761 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2762 bounce.buffer, l);
2763 }
2764
2765 rcu_read_unlock();
2766 *plen = l;
2767 return bounce.buffer;
2768 }
2769
2770 base = xlat;
2771 raddr = memory_region_get_ram_addr(mr);
2772
2773 for (;;) {
2774 len -= l;
2775 addr += l;
2776 done += l;
2777 if (len == 0) {
2778 break;
2779 }
2780
2781 l = len;
2782 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2783 if (this_mr != mr || xlat != base + done) {
2784 break;
2785 }
2786 }
2787
2788 memory_region_ref(mr);
2789 rcu_read_unlock();
2790 *plen = done;
2791 return qemu_ram_ptr_length(raddr + base, plen);
2792 }
2793
2794 /* Unmaps a memory region previously mapped by address_space_map().
2795 * Will also mark the memory as dirty if is_write == 1. access_len gives
2796 * the amount of memory that was actually read or written by the caller.
2797 */
2798 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2799 int is_write, hwaddr access_len)
2800 {
2801 if (buffer != bounce.buffer) {
2802 MemoryRegion *mr;
2803 ram_addr_t addr1;
2804
2805 mr = qemu_ram_addr_from_host(buffer, &addr1);
2806 assert(mr != NULL);
2807 if (is_write) {
2808 invalidate_and_set_dirty(mr, addr1, access_len);
2809 }
2810 if (xen_enabled()) {
2811 xen_invalidate_map_cache_entry(buffer);
2812 }
2813 memory_region_unref(mr);
2814 return;
2815 }
2816 if (is_write) {
2817 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2818 bounce.buffer, access_len);
2819 }
2820 qemu_vfree(bounce.buffer);
2821 bounce.buffer = NULL;
2822 memory_region_unref(bounce.mr);
2823 atomic_mb_set(&bounce.in_use, false);
2824 cpu_notify_map_clients();
2825 }
2826
2827 void *cpu_physical_memory_map(hwaddr addr,
2828 hwaddr *plen,
2829 int is_write)
2830 {
2831 return address_space_map(&address_space_memory, addr, plen, is_write);
2832 }
2833
2834 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2835 int is_write, hwaddr access_len)
2836 {
2837 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2838 }
2839
2840 /* warning: addr must be aligned */
2841 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2842 MemTxAttrs attrs,
2843 MemTxResult *result,
2844 enum device_endian endian)
2845 {
2846 uint8_t *ptr;
2847 uint64_t val;
2848 MemoryRegion *mr;
2849 hwaddr l = 4;
2850 hwaddr addr1;
2851 MemTxResult r;
2852 bool release_lock = false;
2853
2854 rcu_read_lock();
2855 mr = address_space_translate(as, addr, &addr1, &l, false);
2856 if (l < 4 || !memory_access_is_direct(mr, false)) {
2857 release_lock |= prepare_mmio_access(mr);
2858
2859 /* I/O case */
2860 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2861 #if defined(TARGET_WORDS_BIGENDIAN)
2862 if (endian == DEVICE_LITTLE_ENDIAN) {
2863 val = bswap32(val);
2864 }
2865 #else
2866 if (endian == DEVICE_BIG_ENDIAN) {
2867 val = bswap32(val);
2868 }
2869 #endif
2870 } else {
2871 /* RAM case */
2872 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2873 & TARGET_PAGE_MASK)
2874 + addr1);
2875 switch (endian) {
2876 case DEVICE_LITTLE_ENDIAN:
2877 val = ldl_le_p(ptr);
2878 break;
2879 case DEVICE_BIG_ENDIAN:
2880 val = ldl_be_p(ptr);
2881 break;
2882 default:
2883 val = ldl_p(ptr);
2884 break;
2885 }
2886 r = MEMTX_OK;
2887 }
2888 if (result) {
2889 *result = r;
2890 }
2891 if (release_lock) {
2892 qemu_mutex_unlock_iothread();
2893 }
2894 rcu_read_unlock();
2895 return val;
2896 }
2897
2898 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2899 MemTxAttrs attrs, MemTxResult *result)
2900 {
2901 return address_space_ldl_internal(as, addr, attrs, result,
2902 DEVICE_NATIVE_ENDIAN);
2903 }
2904
2905 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2906 MemTxAttrs attrs, MemTxResult *result)
2907 {
2908 return address_space_ldl_internal(as, addr, attrs, result,
2909 DEVICE_LITTLE_ENDIAN);
2910 }
2911
2912 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2913 MemTxAttrs attrs, MemTxResult *result)
2914 {
2915 return address_space_ldl_internal(as, addr, attrs, result,
2916 DEVICE_BIG_ENDIAN);
2917 }
2918
2919 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2920 {
2921 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2922 }
2923
2924 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2925 {
2926 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2927 }
2928
2929 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2930 {
2931 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2932 }
2933
2934 /* warning: addr must be aligned */
2935 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2936 MemTxAttrs attrs,
2937 MemTxResult *result,
2938 enum device_endian endian)
2939 {
2940 uint8_t *ptr;
2941 uint64_t val;
2942 MemoryRegion *mr;
2943 hwaddr l = 8;
2944 hwaddr addr1;
2945 MemTxResult r;
2946 bool release_lock = false;
2947
2948 rcu_read_lock();
2949 mr = address_space_translate(as, addr, &addr1, &l,
2950 false);
2951 if (l < 8 || !memory_access_is_direct(mr, false)) {
2952 release_lock |= prepare_mmio_access(mr);
2953
2954 /* I/O case */
2955 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2956 #if defined(TARGET_WORDS_BIGENDIAN)
2957 if (endian == DEVICE_LITTLE_ENDIAN) {
2958 val = bswap64(val);
2959 }
2960 #else
2961 if (endian == DEVICE_BIG_ENDIAN) {
2962 val = bswap64(val);
2963 }
2964 #endif
2965 } else {
2966 /* RAM case */
2967 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2968 & TARGET_PAGE_MASK)
2969 + addr1);
2970 switch (endian) {
2971 case DEVICE_LITTLE_ENDIAN:
2972 val = ldq_le_p(ptr);
2973 break;
2974 case DEVICE_BIG_ENDIAN:
2975 val = ldq_be_p(ptr);
2976 break;
2977 default:
2978 val = ldq_p(ptr);
2979 break;
2980 }
2981 r = MEMTX_OK;
2982 }
2983 if (result) {
2984 *result = r;
2985 }
2986 if (release_lock) {
2987 qemu_mutex_unlock_iothread();
2988 }
2989 rcu_read_unlock();
2990 return val;
2991 }
2992
2993 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
2994 MemTxAttrs attrs, MemTxResult *result)
2995 {
2996 return address_space_ldq_internal(as, addr, attrs, result,
2997 DEVICE_NATIVE_ENDIAN);
2998 }
2999
3000 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3001 MemTxAttrs attrs, MemTxResult *result)
3002 {
3003 return address_space_ldq_internal(as, addr, attrs, result,
3004 DEVICE_LITTLE_ENDIAN);
3005 }
3006
3007 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3008 MemTxAttrs attrs, MemTxResult *result)
3009 {
3010 return address_space_ldq_internal(as, addr, attrs, result,
3011 DEVICE_BIG_ENDIAN);
3012 }
3013
3014 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3015 {
3016 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3017 }
3018
3019 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3020 {
3021 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3022 }
3023
3024 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3025 {
3026 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3027 }
3028
3029 /* XXX: optimize */
3030 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3031 MemTxAttrs attrs, MemTxResult *result)
3032 {
3033 uint8_t val;
3034 MemTxResult r;
3035
3036 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3037 if (result) {
3038 *result = r;
3039 }
3040 return val;
3041 }
3042
3043 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3044 {
3045 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3046 }
3047
3048 /* warning: addr must be aligned */
3049 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3050 hwaddr addr,
3051 MemTxAttrs attrs,
3052 MemTxResult *result,
3053 enum device_endian endian)
3054 {
3055 uint8_t *ptr;
3056 uint64_t val;
3057 MemoryRegion *mr;
3058 hwaddr l = 2;
3059 hwaddr addr1;
3060 MemTxResult r;
3061 bool release_lock = false;
3062
3063 rcu_read_lock();
3064 mr = address_space_translate(as, addr, &addr1, &l,
3065 false);
3066 if (l < 2 || !memory_access_is_direct(mr, false)) {
3067 release_lock |= prepare_mmio_access(mr);
3068
3069 /* I/O case */
3070 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3071 #if defined(TARGET_WORDS_BIGENDIAN)
3072 if (endian == DEVICE_LITTLE_ENDIAN) {
3073 val = bswap16(val);
3074 }
3075 #else
3076 if (endian == DEVICE_BIG_ENDIAN) {
3077 val = bswap16(val);
3078 }
3079 #endif
3080 } else {
3081 /* RAM case */
3082 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3083 & TARGET_PAGE_MASK)
3084 + addr1);
3085 switch (endian) {
3086 case DEVICE_LITTLE_ENDIAN:
3087 val = lduw_le_p(ptr);
3088 break;
3089 case DEVICE_BIG_ENDIAN:
3090 val = lduw_be_p(ptr);
3091 break;
3092 default:
3093 val = lduw_p(ptr);
3094 break;
3095 }
3096 r = MEMTX_OK;
3097 }
3098 if (result) {
3099 *result = r;
3100 }
3101 if (release_lock) {
3102 qemu_mutex_unlock_iothread();
3103 }
3104 rcu_read_unlock();
3105 return val;
3106 }
3107
3108 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3109 MemTxAttrs attrs, MemTxResult *result)
3110 {
3111 return address_space_lduw_internal(as, addr, attrs, result,
3112 DEVICE_NATIVE_ENDIAN);
3113 }
3114
3115 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3116 MemTxAttrs attrs, MemTxResult *result)
3117 {
3118 return address_space_lduw_internal(as, addr, attrs, result,
3119 DEVICE_LITTLE_ENDIAN);
3120 }
3121
3122 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3123 MemTxAttrs attrs, MemTxResult *result)
3124 {
3125 return address_space_lduw_internal(as, addr, attrs, result,
3126 DEVICE_BIG_ENDIAN);
3127 }
3128
3129 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3130 {
3131 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3132 }
3133
3134 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3135 {
3136 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3137 }
3138
3139 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3140 {
3141 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3142 }
3143
3144 /* warning: addr must be aligned. The ram page is not masked as dirty
3145 and the code inside is not invalidated. It is useful if the dirty
3146 bits are used to track modified PTEs */
3147 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3148 MemTxAttrs attrs, MemTxResult *result)
3149 {
3150 uint8_t *ptr;
3151 MemoryRegion *mr;
3152 hwaddr l = 4;
3153 hwaddr addr1;
3154 MemTxResult r;
3155 uint8_t dirty_log_mask;
3156 bool release_lock = false;
3157
3158 rcu_read_lock();
3159 mr = address_space_translate(as, addr, &addr1, &l,
3160 true);
3161 if (l < 4 || !memory_access_is_direct(mr, true)) {
3162 release_lock |= prepare_mmio_access(mr);
3163
3164 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3165 } else {
3166 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3167 ptr = qemu_get_ram_ptr(addr1);
3168 stl_p(ptr, val);
3169
3170 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3171 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3172 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3173 r = MEMTX_OK;
3174 }
3175 if (result) {
3176 *result = r;
3177 }
3178 if (release_lock) {
3179 qemu_mutex_unlock_iothread();
3180 }
3181 rcu_read_unlock();
3182 }
3183
3184 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3185 {
3186 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3187 }
3188
3189 /* warning: addr must be aligned */
3190 static inline void address_space_stl_internal(AddressSpace *as,
3191 hwaddr addr, uint32_t val,
3192 MemTxAttrs attrs,
3193 MemTxResult *result,
3194 enum device_endian endian)
3195 {
3196 uint8_t *ptr;
3197 MemoryRegion *mr;
3198 hwaddr l = 4;
3199 hwaddr addr1;
3200 MemTxResult r;
3201 bool release_lock = false;
3202
3203 rcu_read_lock();
3204 mr = address_space_translate(as, addr, &addr1, &l,
3205 true);
3206 if (l < 4 || !memory_access_is_direct(mr, true)) {
3207 release_lock |= prepare_mmio_access(mr);
3208
3209 #if defined(TARGET_WORDS_BIGENDIAN)
3210 if (endian == DEVICE_LITTLE_ENDIAN) {
3211 val = bswap32(val);
3212 }
3213 #else
3214 if (endian == DEVICE_BIG_ENDIAN) {
3215 val = bswap32(val);
3216 }
3217 #endif
3218 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3219 } else {
3220 /* RAM case */
3221 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3222 ptr = qemu_get_ram_ptr(addr1);
3223 switch (endian) {
3224 case DEVICE_LITTLE_ENDIAN:
3225 stl_le_p(ptr, val);
3226 break;
3227 case DEVICE_BIG_ENDIAN:
3228 stl_be_p(ptr, val);
3229 break;
3230 default:
3231 stl_p(ptr, val);
3232 break;
3233 }
3234 invalidate_and_set_dirty(mr, addr1, 4);
3235 r = MEMTX_OK;
3236 }
3237 if (result) {
3238 *result = r;
3239 }
3240 if (release_lock) {
3241 qemu_mutex_unlock_iothread();
3242 }
3243 rcu_read_unlock();
3244 }
3245
3246 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3247 MemTxAttrs attrs, MemTxResult *result)
3248 {
3249 address_space_stl_internal(as, addr, val, attrs, result,
3250 DEVICE_NATIVE_ENDIAN);
3251 }
3252
3253 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3254 MemTxAttrs attrs, MemTxResult *result)
3255 {
3256 address_space_stl_internal(as, addr, val, attrs, result,
3257 DEVICE_LITTLE_ENDIAN);
3258 }
3259
3260 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3261 MemTxAttrs attrs, MemTxResult *result)
3262 {
3263 address_space_stl_internal(as, addr, val, attrs, result,
3264 DEVICE_BIG_ENDIAN);
3265 }
3266
3267 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3268 {
3269 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3270 }
3271
3272 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3273 {
3274 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3275 }
3276
3277 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3278 {
3279 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3280 }
3281
3282 /* XXX: optimize */
3283 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3284 MemTxAttrs attrs, MemTxResult *result)
3285 {
3286 uint8_t v = val;
3287 MemTxResult r;
3288
3289 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3290 if (result) {
3291 *result = r;
3292 }
3293 }
3294
3295 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3296 {
3297 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3298 }
3299
3300 /* warning: addr must be aligned */
3301 static inline void address_space_stw_internal(AddressSpace *as,
3302 hwaddr addr, uint32_t val,
3303 MemTxAttrs attrs,
3304 MemTxResult *result,
3305 enum device_endian endian)
3306 {
3307 uint8_t *ptr;
3308 MemoryRegion *mr;
3309 hwaddr l = 2;
3310 hwaddr addr1;
3311 MemTxResult r;
3312 bool release_lock = false;
3313
3314 rcu_read_lock();
3315 mr = address_space_translate(as, addr, &addr1, &l, true);
3316 if (l < 2 || !memory_access_is_direct(mr, true)) {
3317 release_lock |= prepare_mmio_access(mr);
3318
3319 #if defined(TARGET_WORDS_BIGENDIAN)
3320 if (endian == DEVICE_LITTLE_ENDIAN) {
3321 val = bswap16(val);
3322 }
3323 #else
3324 if (endian == DEVICE_BIG_ENDIAN) {
3325 val = bswap16(val);
3326 }
3327 #endif
3328 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3329 } else {
3330 /* RAM case */
3331 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3332 ptr = qemu_get_ram_ptr(addr1);
3333 switch (endian) {
3334 case DEVICE_LITTLE_ENDIAN:
3335 stw_le_p(ptr, val);
3336 break;
3337 case DEVICE_BIG_ENDIAN:
3338 stw_be_p(ptr, val);
3339 break;
3340 default:
3341 stw_p(ptr, val);
3342 break;
3343 }
3344 invalidate_and_set_dirty(mr, addr1, 2);
3345 r = MEMTX_OK;
3346 }
3347 if (result) {
3348 *result = r;
3349 }
3350 if (release_lock) {
3351 qemu_mutex_unlock_iothread();
3352 }
3353 rcu_read_unlock();
3354 }
3355
3356 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3357 MemTxAttrs attrs, MemTxResult *result)
3358 {
3359 address_space_stw_internal(as, addr, val, attrs, result,
3360 DEVICE_NATIVE_ENDIAN);
3361 }
3362
3363 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3364 MemTxAttrs attrs, MemTxResult *result)
3365 {
3366 address_space_stw_internal(as, addr, val, attrs, result,
3367 DEVICE_LITTLE_ENDIAN);
3368 }
3369
3370 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3371 MemTxAttrs attrs, MemTxResult *result)
3372 {
3373 address_space_stw_internal(as, addr, val, attrs, result,
3374 DEVICE_BIG_ENDIAN);
3375 }
3376
3377 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3378 {
3379 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3380 }
3381
3382 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3383 {
3384 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3385 }
3386
3387 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3388 {
3389 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3390 }
3391
3392 /* XXX: optimize */
3393 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3394 MemTxAttrs attrs, MemTxResult *result)
3395 {
3396 MemTxResult r;
3397 val = tswap64(val);
3398 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3399 if (result) {
3400 *result = r;
3401 }
3402 }
3403
3404 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3405 MemTxAttrs attrs, MemTxResult *result)
3406 {
3407 MemTxResult r;
3408 val = cpu_to_le64(val);
3409 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3410 if (result) {
3411 *result = r;
3412 }
3413 }
3414 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3415 MemTxAttrs attrs, MemTxResult *result)
3416 {
3417 MemTxResult r;
3418 val = cpu_to_be64(val);
3419 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3420 if (result) {
3421 *result = r;
3422 }
3423 }
3424
3425 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3426 {
3427 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3428 }
3429
3430 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3431 {
3432 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3433 }
3434
3435 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3436 {
3437 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3438 }
3439
3440 /* virtual memory access for debug (includes writing to ROM) */
3441 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3442 uint8_t *buf, int len, int is_write)
3443 {
3444 int l;
3445 hwaddr phys_addr;
3446 target_ulong page;
3447
3448 while (len > 0) {
3449 page = addr & TARGET_PAGE_MASK;
3450 phys_addr = cpu_get_phys_page_debug(cpu, page);
3451 /* if no physical page mapped, return an error */
3452 if (phys_addr == -1)
3453 return -1;
3454 l = (page + TARGET_PAGE_SIZE) - addr;
3455 if (l > len)
3456 l = len;
3457 phys_addr += (addr & ~TARGET_PAGE_MASK);
3458 if (is_write) {
3459 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3460 } else {
3461 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3462 buf, l, 0);
3463 }
3464 len -= l;
3465 buf += l;
3466 addr += l;
3467 }
3468 return 0;
3469 }
3470 #endif
3471
3472 /*
3473 * A helper function for the _utterly broken_ virtio device model to find out if
3474 * it's running on a big endian machine. Don't do this at home kids!
3475 */
3476 bool target_words_bigendian(void);
3477 bool target_words_bigendian(void)
3478 {
3479 #if defined(TARGET_WORDS_BIGENDIAN)
3480 return true;
3481 #else
3482 return false;
3483 #endif
3484 }
3485
3486 #ifndef CONFIG_USER_ONLY
3487 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3488 {
3489 MemoryRegion*mr;
3490 hwaddr l = 1;
3491 bool res;
3492
3493 rcu_read_lock();
3494 mr = address_space_translate(&address_space_memory,
3495 phys_addr, &phys_addr, &l, false);
3496
3497 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3498 rcu_read_unlock();
3499 return res;
3500 }
3501
3502 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3503 {
3504 RAMBlock *block;
3505 int ret = 0;
3506
3507 rcu_read_lock();
3508 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3509 ret = func(block->idstr, block->host, block->offset,
3510 block->used_length, opaque);
3511 if (ret) {
3512 break;
3513 }
3514 }
3515 rcu_read_unlock();
3516 return ret;
3517 }
3518 #endif
AR7 emulation for QEMU