search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
exec.c: Remove static allocation of sub_section of sub_page
[qemu/ar7.git] / exec.c
blob93128fd19a40ccc269cb2a70bcb76c1b34b5056a
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #ifndef _WIN32
22 #endif
23
24 #include "qemu/cutils.h"
25 #include "cpu.h"
26 #include "exec/exec-all.h"
27 #include "tcg.h"
28 #include "hw/qdev-core.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #include "hw/xen/xen.h"
32 #endif
33 #include "sysemu/kvm.h"
34 #include "sysemu/sysemu.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "qemu/error-report.h"
38 #if defined(CONFIG_USER_ONLY)
39 #include "qemu.h"
40 #else /* !CONFIG_USER_ONLY */
41 #include "hw/hw.h"
42 #include "exec/memory.h"
43 #include "exec/ioport.h"
44 #include "sysemu/dma.h"
45 #include "exec/address-spaces.h"
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53 #include "sysemu/replay.h"
54
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
57 #include "exec/log.h"
58
59 #include "migration/vmstate.h"
60
61 #include "qemu/range.h"
62 #ifndef _WIN32
63 #include "qemu/mmap-alloc.h"
64 #endif
65
66 //#define DEBUG_SUBPAGE
67
68 #if !defined(CONFIG_USER_ONLY)
69 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
70 * are protected by the ramlist lock.
71 */
72 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
73
74 static MemoryRegion *system_memory;
75 static MemoryRegion *system_io;
76
77 AddressSpace address_space_io;
78 AddressSpace address_space_memory;
79
80 MemoryRegion io_mem_rom, io_mem_notdirty;
81 static MemoryRegion io_mem_unassigned;
82
83 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
84 #define RAM_PREALLOC (1 << 0)
85
86 /* RAM is mmap-ed with MAP_SHARED */
87 #define RAM_SHARED (1 << 1)
88
89 /* Only a portion of RAM (used_length) is actually used, and migrated.
90 * This used_length size can change across reboots.
91 */
92 #define RAM_RESIZEABLE (1 << 2)
93
94 #endif
95
96 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
97 /* current CPU in the current thread. It is only valid inside
98 cpu_exec() */
99 __thread CPUState *current_cpu;
100 /* 0 = Do not count executed instructions.
101 1 = Precise instruction counting.
102 2 = Adaptive rate instruction counting. */
103 int use_icount;
104
105 #if !defined(CONFIG_USER_ONLY)
106
107 typedef struct PhysPageEntry PhysPageEntry;
108
109 struct PhysPageEntry {
110 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
111 uint32_t skip : 6;
112 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
113 uint32_t ptr : 26;
114 };
115
116 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
117
118 /* Size of the L2 (and L3, etc) page tables. */
119 #define ADDR_SPACE_BITS 64
120
121 #define P_L2_BITS 9
122 #define P_L2_SIZE (1 << P_L2_BITS)
123
124 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
125
126 typedef PhysPageEntry Node[P_L2_SIZE];
127
128 typedef struct PhysPageMap {
129 struct rcu_head rcu;
130
131 unsigned sections_nb;
132 unsigned sections_nb_alloc;
133 unsigned nodes_nb;
134 unsigned nodes_nb_alloc;
135 Node *nodes;
136 MemoryRegionSection *sections;
137 } PhysPageMap;
138
139 struct AddressSpaceDispatch {
140 struct rcu_head rcu;
141
142 MemoryRegionSection *mru_section;
143 /* This is a multi-level map on the physical address space.
144 * The bottom level has pointers to MemoryRegionSections.
145 */
146 PhysPageEntry phys_map;
147 PhysPageMap map;
148 AddressSpace *as;
149 };
150
151 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
152 typedef struct subpage_t {
153 MemoryRegion iomem;
154 AddressSpace *as;
155 hwaddr base;
156 uint16_t sub_section[];
157 } subpage_t;
158
159 #define PHYS_SECTION_UNASSIGNED 0
160 #define PHYS_SECTION_NOTDIRTY 1
161 #define PHYS_SECTION_ROM 2
162 #define PHYS_SECTION_WATCH 3
163
164 static void io_mem_init(void);
165 static void memory_map_init(void);
166 static void tcg_commit(MemoryListener *listener);
167
168 static MemoryRegion io_mem_watch;
169
170 /**
171 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
172 * @cpu: the CPU whose AddressSpace this is
173 * @as: the AddressSpace itself
174 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
175 * @tcg_as_listener: listener for tracking changes to the AddressSpace
176 */
177 struct CPUAddressSpace {
178 CPUState *cpu;
179 AddressSpace *as;
180 struct AddressSpaceDispatch *memory_dispatch;
181 MemoryListener tcg_as_listener;
182 };
183
184 #endif
185
186 #if !defined(CONFIG_USER_ONLY)
187
188 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
189 {
190 static unsigned alloc_hint = 16;
191 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
192 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, alloc_hint);
193 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
194 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
195 alloc_hint = map->nodes_nb_alloc;
196 }
197 }
198
199 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
200 {
201 unsigned i;
202 uint32_t ret;
203 PhysPageEntry e;
204 PhysPageEntry *p;
205
206 ret = map->nodes_nb++;
207 p = map->nodes[ret];
208 assert(ret != PHYS_MAP_NODE_NIL);
209 assert(ret != map->nodes_nb_alloc);
210
211 e.skip = leaf ? 0 : 1;
212 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
213 for (i = 0; i < P_L2_SIZE; ++i) {
214 memcpy(&p[i], &e, sizeof(e));
215 }
216 return ret;
217 }
218
219 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
220 hwaddr *index, hwaddr *nb, uint16_t leaf,
221 int level)
222 {
223 PhysPageEntry *p;
224 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
225
226 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
227 lp->ptr = phys_map_node_alloc(map, level == 0);
228 }
229 p = map->nodes[lp->ptr];
230 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
231
232 while (*nb && lp < &p[P_L2_SIZE]) {
233 if ((*index & (step - 1)) == 0 && *nb >= step) {
234 lp->skip = 0;
235 lp->ptr = leaf;
236 *index += step;
237 *nb -= step;
238 } else {
239 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
240 }
241 ++lp;
242 }
243 }
244
245 static void phys_page_set(AddressSpaceDispatch *d,
246 hwaddr index, hwaddr nb,
247 uint16_t leaf)
248 {
249 /* Wildly overreserve - it doesn't matter much. */
250 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
251
252 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
253 }
254
255 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
256 * and update our entry so we can skip it and go directly to the destination.
257 */
258 static void phys_page_compact(PhysPageEntry *lp, Node *nodes)
259 {
260 unsigned valid_ptr = P_L2_SIZE;
261 int valid = 0;
262 PhysPageEntry *p;
263 int i;
264
265 if (lp->ptr == PHYS_MAP_NODE_NIL) {
266 return;
267 }
268
269 p = nodes[lp->ptr];
270 for (i = 0; i < P_L2_SIZE; i++) {
271 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
272 continue;
273 }
274
275 valid_ptr = i;
276 valid++;
277 if (p[i].skip) {
278 phys_page_compact(&p[i], nodes);
279 }
280 }
281
282 /* We can only compress if there's only one child. */
283 if (valid != 1) {
284 return;
285 }
286
287 assert(valid_ptr < P_L2_SIZE);
288
289 /* Don't compress if it won't fit in the # of bits we have. */
290 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
291 return;
292 }
293
294 lp->ptr = p[valid_ptr].ptr;
295 if (!p[valid_ptr].skip) {
296 /* If our only child is a leaf, make this a leaf. */
297 /* By design, we should have made this node a leaf to begin with so we
298 * should never reach here.
299 * But since it's so simple to handle this, let's do it just in case we
300 * change this rule.
301 */
302 lp->skip = 0;
303 } else {
304 lp->skip += p[valid_ptr].skip;
305 }
306 }
307
308 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
309 {
310 if (d->phys_map.skip) {
311 phys_page_compact(&d->phys_map, d->map.nodes);
312 }
313 }
314
315 static inline bool section_covers_addr(const MemoryRegionSection *section,
316 hwaddr addr)
317 {
318 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
319 * the section must cover the entire address space.
320 */
321 return section->size.hi ||
322 range_covers_byte(section->offset_within_address_space,
323 section->size.lo, addr);
324 }
325
326 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
327 Node *nodes, MemoryRegionSection *sections)
328 {
329 PhysPageEntry *p;
330 hwaddr index = addr >> TARGET_PAGE_BITS;
331 int i;
332
333 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
334 if (lp.ptr == PHYS_MAP_NODE_NIL) {
335 return &sections[PHYS_SECTION_UNASSIGNED];
336 }
337 p = nodes[lp.ptr];
338 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
339 }
340
341 if (section_covers_addr(&sections[lp.ptr], addr)) {
342 return &sections[lp.ptr];
343 } else {
344 return &sections[PHYS_SECTION_UNASSIGNED];
345 }
346 }
347
348 bool memory_region_is_unassigned(MemoryRegion *mr)
349 {
350 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
351 && mr != &io_mem_watch;
352 }
353
354 /* Called from RCU critical section */
355 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
356 hwaddr addr,
357 bool resolve_subpage)
358 {
359 MemoryRegionSection *section = atomic_read(&d->mru_section);
360 subpage_t *subpage;
361 bool update;
362
363 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
364 section_covers_addr(section, addr)) {
365 update = false;
366 } else {
367 section = phys_page_find(d->phys_map, addr, d->map.nodes,
368 d->map.sections);
369 update = true;
370 }
371 if (resolve_subpage && section->mr->subpage) {
372 subpage = container_of(section->mr, subpage_t, iomem);
373 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
374 }
375 if (update) {
376 atomic_set(&d->mru_section, section);
377 }
378 return section;
379 }
380
381 /* Called from RCU critical section */
382 static MemoryRegionSection *
383 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
384 hwaddr *plen, bool resolve_subpage)
385 {
386 MemoryRegionSection *section;
387 MemoryRegion *mr;
388 Int128 diff;
389
390 section = address_space_lookup_region(d, addr, resolve_subpage);
391 /* Compute offset within MemoryRegionSection */
392 addr -= section->offset_within_address_space;
393
394 /* Compute offset within MemoryRegion */
395 *xlat = addr + section->offset_within_region;
396
397 mr = section->mr;
398
399 /* MMIO registers can be expected to perform full-width accesses based only
400 * on their address, without considering adjacent registers that could
401 * decode to completely different MemoryRegions. When such registers
402 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
403 * regions overlap wildly. For this reason we cannot clamp the accesses
404 * here.
405 *
406 * If the length is small (as is the case for address_space_ldl/stl),
407 * everything works fine. If the incoming length is large, however,
408 * the caller really has to do the clamping through memory_access_size.
409 */
410 if (memory_region_is_ram(mr)) {
411 diff = int128_sub(section->size, int128_make64(addr));
412 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
413 }
414 return section;
415 }
416
417 /* Called from RCU critical section */
418 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
419 hwaddr *xlat, hwaddr *plen,
420 bool is_write)
421 {
422 IOMMUTLBEntry iotlb;
423 MemoryRegionSection *section;
424 MemoryRegion *mr;
425
426 for (;;) {
427 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
428 section = address_space_translate_internal(d, addr, &addr, plen, true);
429 mr = section->mr;
430
431 if (!mr->iommu_ops) {
432 break;
433 }
434
435 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
436 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
437 | (addr & iotlb.addr_mask));
438 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
439 if (!(iotlb.perm & (1 << is_write))) {
440 mr = &io_mem_unassigned;
441 break;
442 }
443
444 as = iotlb.target_as;
445 }
446
447 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
448 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
449 *plen = MIN(page, *plen);
450 }
451
452 *xlat = addr;
453 return mr;
454 }
455
456 /* Called from RCU critical section */
457 MemoryRegionSection *
458 address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
459 hwaddr *xlat, hwaddr *plen)
460 {
461 MemoryRegionSection *section;
462 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
463
464 section = address_space_translate_internal(d, addr, xlat, plen, false);
465
466 assert(!section->mr->iommu_ops);
467 return section;
468 }
469 #endif
470
471 #if !defined(CONFIG_USER_ONLY)
472
473 static int cpu_common_post_load(void *opaque, int version_id)
474 {
475 CPUState *cpu = opaque;
476
477 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
478 version_id is increased. */
479 cpu->interrupt_request &= ~0x01;
480 tlb_flush(cpu, 1);
481
482 return 0;
483 }
484
485 static int cpu_common_pre_load(void *opaque)
486 {
487 CPUState *cpu = opaque;
488
489 cpu->exception_index = -1;
490
491 return 0;
492 }
493
494 static bool cpu_common_exception_index_needed(void *opaque)
495 {
496 CPUState *cpu = opaque;
497
498 return tcg_enabled() && cpu->exception_index != -1;
499 }
500
501 static const VMStateDescription vmstate_cpu_common_exception_index = {
502 .name = "cpu_common/exception_index",
503 .version_id = 1,
504 .minimum_version_id = 1,
505 .needed = cpu_common_exception_index_needed,
506 .fields = (VMStateField[]) {
507 VMSTATE_INT32(exception_index, CPUState),
508 VMSTATE_END_OF_LIST()
509 }
510 };
511
512 static bool cpu_common_crash_occurred_needed(void *opaque)
513 {
514 CPUState *cpu = opaque;
515
516 return cpu->crash_occurred;
517 }
518
519 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
520 .name = "cpu_common/crash_occurred",
521 .version_id = 1,
522 .minimum_version_id = 1,
523 .needed = cpu_common_crash_occurred_needed,
524 .fields = (VMStateField[]) {
525 VMSTATE_BOOL(crash_occurred, CPUState),
526 VMSTATE_END_OF_LIST()
527 }
528 };
529
530 const VMStateDescription vmstate_cpu_common = {
531 .name = "cpu_common",
532 .version_id = 1,
533 .minimum_version_id = 1,
534 .pre_load = cpu_common_pre_load,
535 .post_load = cpu_common_post_load,
536 .fields = (VMStateField[]) {
537 VMSTATE_UINT32(halted, CPUState),
538 VMSTATE_UINT32(interrupt_request, CPUState),
539 VMSTATE_END_OF_LIST()
540 },
541 .subsections = (const VMStateDescription*[]) {
542 &vmstate_cpu_common_exception_index,
543 &vmstate_cpu_common_crash_occurred,
544 NULL
545 }
546 };
547
548 #endif
549
550 CPUState *qemu_get_cpu(int index)
551 {
552 CPUState *cpu;
553
554 CPU_FOREACH(cpu) {
555 if (cpu->cpu_index == index) {
556 return cpu;
557 }
558 }
559
560 return NULL;
561 }
562
563 #if !defined(CONFIG_USER_ONLY)
564 void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
565 {
566 CPUAddressSpace *newas;
567
568 /* Target code should have set num_ases before calling us */
569 assert(asidx < cpu->num_ases);
570
571 if (asidx == 0) {
572 /* address space 0 gets the convenience alias */
573 cpu->as = as;
574 }
575
576 /* KVM cannot currently support multiple address spaces. */
577 assert(asidx == 0 || !kvm_enabled());
578
579 if (!cpu->cpu_ases) {
580 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
581 }
582
583 newas = &cpu->cpu_ases[asidx];
584 newas->cpu = cpu;
585 newas->as = as;
586 if (tcg_enabled()) {
587 newas->tcg_as_listener.commit = tcg_commit;
588 memory_listener_register(&newas->tcg_as_listener, as);
589 }
590 }
591
592 AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
593 {
594 /* Return the AddressSpace corresponding to the specified index */
595 return cpu->cpu_ases[asidx].as;
596 }
597 #endif
598
599 void cpu_exec_exit(CPUState *cpu)
600 {
601 CPUClass *cc = CPU_GET_CLASS(cpu);
602
603 cpu_list_remove(cpu);
604
605 if (cc->vmsd != NULL) {
606 vmstate_unregister(NULL, cc->vmsd, cpu);
607 }
608 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
609 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
610 }
611 }
612
613 void cpu_exec_init(CPUState *cpu, Error **errp)
614 {
615 CPUClass *cc ATTRIBUTE_UNUSED = CPU_GET_CLASS(cpu);
616 Error *local_err ATTRIBUTE_UNUSED = NULL;
617
618 cpu->as = NULL;
619 cpu->num_ases = 0;
620
621 #ifndef CONFIG_USER_ONLY
622 cpu->thread_id = qemu_get_thread_id();
623
624 /* This is a softmmu CPU object, so create a property for it
625 * so users can wire up its memory. (This can't go in qom/cpu.c
626 * because that file is compiled only once for both user-mode
627 * and system builds.) The default if no link is set up is to use
628 * the system address space.
629 */
630 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
631 (Object **)&cpu->memory,
632 qdev_prop_allow_set_link_before_realize,
633 OBJ_PROP_LINK_UNREF_ON_RELEASE,
634 &error_abort);
635 cpu->memory = system_memory;
636 object_ref(OBJECT(cpu->memory));
637 #endif
638
639 cpu_list_add(cpu);
640
641 #ifndef CONFIG_USER_ONLY
642 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
643 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
644 }
645 if (cc->vmsd != NULL) {
646 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
647 }
648 #endif
649 }
650
651 #if defined(CONFIG_USER_ONLY)
652 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
653 {
654 tb_invalidate_phys_page_range(pc, pc + 1, 0);
655 }
656 #else
657 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
658 {
659 MemTxAttrs attrs;
660 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
661 int asidx = cpu_asidx_from_attrs(cpu, attrs);
662 if (phys != -1) {
663 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
664 phys | (pc & ~TARGET_PAGE_MASK));
665 }
666 }
667 #endif
668
669 #if defined(CONFIG_USER_ONLY)
670 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
671
672 {
673 }
674
675 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
676 int flags)
677 {
678 return -ENOSYS;
679 }
680
681 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
682 {
683 }
684
685 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
686 int flags, CPUWatchpoint **watchpoint)
687 {
688 return -ENOSYS;
689 }
690 #else
691 /* Add a watchpoint. */
692 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
693 int flags, CPUWatchpoint **watchpoint)
694 {
695 CPUWatchpoint *wp;
696
697 /* forbid ranges which are empty or run off the end of the address space */
698 if (len == 0 || (addr + len - 1) < addr) {
699 error_report("tried to set invalid watchpoint at %"
700 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
701 return -EINVAL;
702 }
703 wp = g_malloc(sizeof(*wp));
704
705 wp->vaddr = addr;
706 wp->len = len;
707 wp->flags = flags;
708
709 /* keep all GDB-injected watchpoints in front */
710 if (flags & BP_GDB) {
711 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
712 } else {
713 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
714 }
715
716 tlb_flush_page(cpu, addr);
717
718 if (watchpoint)
719 *watchpoint = wp;
720 return 0;
721 }
722
723 /* Remove a specific watchpoint. */
724 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
725 int flags)
726 {
727 CPUWatchpoint *wp;
728
729 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
730 if (addr == wp->vaddr && len == wp->len
731 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
732 cpu_watchpoint_remove_by_ref(cpu, wp);
733 return 0;
734 }
735 }
736 return -ENOENT;
737 }
738
739 /* Remove a specific watchpoint by reference. */
740 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
741 {
742 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
743
744 tlb_flush_page(cpu, watchpoint->vaddr);
745
746 g_free(watchpoint);
747 }
748
749 /* Remove all matching watchpoints. */
750 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
751 {
752 CPUWatchpoint *wp, *next;
753
754 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
755 if (wp->flags & mask) {
756 cpu_watchpoint_remove_by_ref(cpu, wp);
757 }
758 }
759 }
760
761 /* Return true if this watchpoint address matches the specified
762 * access (ie the address range covered by the watchpoint overlaps
763 * partially or completely with the address range covered by the
764 * access).
765 */
766 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
767 vaddr addr,
768 vaddr len)
769 {
770 /* We know the lengths are non-zero, but a little caution is
771 * required to avoid errors in the case where the range ends
772 * exactly at the top of the address space and so addr + len
773 * wraps round to zero.
774 */
775 vaddr wpend = wp->vaddr + wp->len - 1;
776 vaddr addrend = addr + len - 1;
777
778 return !(addr > wpend || wp->vaddr > addrend);
779 }
780
781 #endif
782
783 /* Add a breakpoint. */
784 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
785 CPUBreakpoint **breakpoint)
786 {
787 CPUBreakpoint *bp;
788
789 bp = g_malloc(sizeof(*bp));
790
791 bp->pc = pc;
792 bp->flags = flags;
793
794 /* keep all GDB-injected breakpoints in front */
795 if (flags & BP_GDB) {
796 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
797 } else {
798 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
799 }
800
801 breakpoint_invalidate(cpu, pc);
802
803 if (breakpoint) {
804 *breakpoint = bp;
805 }
806 return 0;
807 }
808
809 /* Remove a specific breakpoint. */
810 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
811 {
812 CPUBreakpoint *bp;
813
814 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
815 if (bp->pc == pc && bp->flags == flags) {
816 cpu_breakpoint_remove_by_ref(cpu, bp);
817 return 0;
818 }
819 }
820 return -ENOENT;
821 }
822
823 /* Remove a specific breakpoint by reference. */
824 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
825 {
826 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
827
828 breakpoint_invalidate(cpu, breakpoint->pc);
829
830 g_free(breakpoint);
831 }
832
833 /* Remove all matching breakpoints. */
834 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
835 {
836 CPUBreakpoint *bp, *next;
837
838 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
839 if (bp->flags & mask) {
840 cpu_breakpoint_remove_by_ref(cpu, bp);
841 }
842 }
843 }
844
845 /* enable or disable single step mode. EXCP_DEBUG is returned by the
846 CPU loop after each instruction */
847 void cpu_single_step(CPUState *cpu, int enabled)
848 {
849 if (cpu->singlestep_enabled != enabled) {
850 cpu->singlestep_enabled = enabled;
851 if (kvm_enabled()) {
852 kvm_update_guest_debug(cpu, 0);
853 } else {
854 /* must flush all the translated code to avoid inconsistencies */
855 /* XXX: only flush what is necessary */
856 tb_flush(cpu);
857 }
858 }
859 }
860
861 void cpu_abort(CPUState *cpu, const char *fmt, ...)
862 {
863 va_list ap;
864 va_list ap2;
865
866 va_start(ap, fmt);
867 va_copy(ap2, ap);
868 fprintf(stderr, "qemu: fatal: ");
869 vfprintf(stderr, fmt, ap);
870 fprintf(stderr, "\n");
871 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
872 if (qemu_log_separate()) {
873 qemu_log("qemu: fatal: ");
874 qemu_log_vprintf(fmt, ap2);
875 qemu_log("\n");
876 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
877 qemu_log_flush();
878 qemu_log_close();
879 }
880 va_end(ap2);
881 va_end(ap);
882 replay_finish();
883 #if defined(CONFIG_USER_ONLY)
884 {
885 struct sigaction act;
886 sigfillset(&act.sa_mask);
887 act.sa_handler = SIG_DFL;
888 sigaction(SIGABRT, &act, NULL);
889 }
890 #endif
891 abort();
892 }
893
894 #if !defined(CONFIG_USER_ONLY)
895 /* Called from RCU critical section */
896 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
897 {
898 RAMBlock *block;
899
900 block = atomic_rcu_read(&ram_list.mru_block);
901 if (block && addr - block->offset < block->max_length) {
902 return block;
903 }
904 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
905 if (addr - block->offset < block->max_length) {
906 goto found;
907 }
908 }
909
910 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
911 abort();
912
913 found:
914 /* It is safe to write mru_block outside the iothread lock. This
915 * is what happens:
916 *
917 * mru_block = xxx
918 * rcu_read_unlock()
919 * xxx removed from list
920 * rcu_read_lock()
921 * read mru_block
922 * mru_block = NULL;
923 * call_rcu(reclaim_ramblock, xxx);
924 * rcu_read_unlock()
925 *
926 * atomic_rcu_set is not needed here. The block was already published
927 * when it was placed into the list. Here we're just making an extra
928 * copy of the pointer.
929 */
930 ram_list.mru_block = block;
931 return block;
932 }
933
934 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
935 {
936 CPUState *cpu;
937 ram_addr_t start1;
938 RAMBlock *block;
939 ram_addr_t end;
940
941 end = TARGET_PAGE_ALIGN(start + length);
942 start &= TARGET_PAGE_MASK;
943
944 rcu_read_lock();
945 block = qemu_get_ram_block(start);
946 assert(block == qemu_get_ram_block(end - 1));
947 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
948 CPU_FOREACH(cpu) {
949 tlb_reset_dirty(cpu, start1, length);
950 }
951 rcu_read_unlock();
952 }
953
954 /* Note: start and end must be within the same ram block. */
955 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
956 ram_addr_t length,
957 unsigned client)
958 {
959 DirtyMemoryBlocks *blocks;
960 unsigned long end, page;
961 bool dirty = false;
962
963 if (length == 0) {
964 return false;
965 }
966
967 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
968 page = start >> TARGET_PAGE_BITS;
969
970 rcu_read_lock();
971
972 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
973
974 while (page < end) {
975 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
976 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
977 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
978
979 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
980 offset, num);
981 page += num;
982 }
983
984 rcu_read_unlock();
985
986 if (dirty && tcg_enabled()) {
987 tlb_reset_dirty_range_all(start, length);
988 }
989
990 return dirty;
991 }
992
993 /* Called from RCU critical section */
994 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
995 MemoryRegionSection *section,
996 target_ulong vaddr,
997 hwaddr paddr, hwaddr xlat,
998 int prot,
999 target_ulong *address)
1000 {
1001 hwaddr iotlb;
1002 CPUWatchpoint *wp;
1003
1004 if (memory_region_is_ram(section->mr)) {
1005 /* Normal RAM. */
1006 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
1007 if (!section->readonly) {
1008 iotlb |= PHYS_SECTION_NOTDIRTY;
1009 } else {
1010 iotlb |= PHYS_SECTION_ROM;
1011 }
1012 } else {
1013 AddressSpaceDispatch *d;
1014
1015 d = atomic_rcu_read(&section->address_space->dispatch);
1016 iotlb = section - d->map.sections;
1017 iotlb += xlat;
1018 }
1019
1020 /* Make accesses to pages with watchpoints go via the
1021 watchpoint trap routines. */
1022 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1023 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1024 /* Avoid trapping reads of pages with a write breakpoint. */
1025 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1026 iotlb = PHYS_SECTION_WATCH + paddr;
1027 *address |= TLB_MMIO;
1028 break;
1029 }
1030 }
1031 }
1032
1033 return iotlb;
1034 }
1035 #endif /* defined(CONFIG_USER_ONLY) */
1036
1037 #if !defined(CONFIG_USER_ONLY)
1038
1039 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1040 uint16_t section);
1041 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1042
1043 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1044 qemu_anon_ram_alloc;
1045
1046 /*
1047 * Set a custom physical guest memory alloator.
1048 * Accelerators with unusual needs may need this. Hopefully, we can
1049 * get rid of it eventually.
1050 */
1051 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1052 {
1053 phys_mem_alloc = alloc;
1054 }
1055
1056 static uint16_t phys_section_add(PhysPageMap *map,
1057 MemoryRegionSection *section)
1058 {
1059 /* The physical section number is ORed with a page-aligned
1060 * pointer to produce the iotlb entries. Thus it should
1061 * never overflow into the page-aligned value.
1062 */
1063 assert(map->sections_nb < TARGET_PAGE_SIZE);
1064
1065 if (map->sections_nb == map->sections_nb_alloc) {
1066 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1067 map->sections = g_renew(MemoryRegionSection, map->sections,
1068 map->sections_nb_alloc);
1069 }
1070 map->sections[map->sections_nb] = *section;
1071 memory_region_ref(section->mr);
1072 return map->sections_nb++;
1073 }
1074
1075 static void phys_section_destroy(MemoryRegion *mr)
1076 {
1077 bool have_sub_page = mr->subpage;
1078
1079 memory_region_unref(mr);
1080
1081 if (have_sub_page) {
1082 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1083 object_unref(OBJECT(&subpage->iomem));
1084 g_free(subpage);
1085 }
1086 }
1087
1088 static void phys_sections_free(PhysPageMap *map)
1089 {
1090 while (map->sections_nb > 0) {
1091 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1092 phys_section_destroy(section->mr);
1093 }
1094 g_free(map->sections);
1095 g_free(map->nodes);
1096 }
1097
1098 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1099 {
1100 subpage_t *subpage;
1101 hwaddr base = section->offset_within_address_space
1102 & TARGET_PAGE_MASK;
1103 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1104 d->map.nodes, d->map.sections);
1105 MemoryRegionSection subsection = {
1106 .offset_within_address_space = base,
1107 .size = int128_make64(TARGET_PAGE_SIZE),
1108 };
1109 hwaddr start, end;
1110
1111 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1112
1113 if (!(existing->mr->subpage)) {
1114 subpage = subpage_init(d->as, base);
1115 subsection.address_space = d->as;
1116 subsection.mr = &subpage->iomem;
1117 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1118 phys_section_add(&d->map, &subsection));
1119 } else {
1120 subpage = container_of(existing->mr, subpage_t, iomem);
1121 }
1122 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1123 end = start + int128_get64(section->size) - 1;
1124 subpage_register(subpage, start, end,
1125 phys_section_add(&d->map, section));
1126 }
1127
1128
1129 static void register_multipage(AddressSpaceDispatch *d,
1130 MemoryRegionSection *section)
1131 {
1132 hwaddr start_addr = section->offset_within_address_space;
1133 uint16_t section_index = phys_section_add(&d->map, section);
1134 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1135 TARGET_PAGE_BITS));
1136
1137 assert(num_pages);
1138 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1139 }
1140
1141 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1142 {
1143 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1144 AddressSpaceDispatch *d = as->next_dispatch;
1145 MemoryRegionSection now = *section, remain = *section;
1146 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1147
1148 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1149 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1150 - now.offset_within_address_space;
1151
1152 now.size = int128_min(int128_make64(left), now.size);
1153 register_subpage(d, &now);
1154 } else {
1155 now.size = int128_zero();
1156 }
1157 while (int128_ne(remain.size, now.size)) {
1158 remain.size = int128_sub(remain.size, now.size);
1159 remain.offset_within_address_space += int128_get64(now.size);
1160 remain.offset_within_region += int128_get64(now.size);
1161 now = remain;
1162 if (int128_lt(remain.size, page_size)) {
1163 register_subpage(d, &now);
1164 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1165 now.size = page_size;
1166 register_subpage(d, &now);
1167 } else {
1168 now.size = int128_and(now.size, int128_neg(page_size));
1169 register_multipage(d, &now);
1170 }
1171 }
1172 }
1173
1174 void qemu_flush_coalesced_mmio_buffer(void)
1175 {
1176 if (kvm_enabled())
1177 kvm_flush_coalesced_mmio_buffer();
1178 }
1179
1180 void qemu_mutex_lock_ramlist(void)
1181 {
1182 qemu_mutex_lock(&ram_list.mutex);
1183 }
1184
1185 void qemu_mutex_unlock_ramlist(void)
1186 {
1187 qemu_mutex_unlock(&ram_list.mutex);
1188 }
1189
1190 #ifdef __linux__
1191 static void *file_ram_alloc(RAMBlock *block,
1192 ram_addr_t memory,
1193 const char *path,
1194 Error **errp)
1195 {
1196 bool unlink_on_error = false;
1197 char *filename;
1198 char *sanitized_name;
1199 char *c;
1200 void *area = MAP_FAILED;
1201 int fd = -1;
1202
1203 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1204 error_setg(errp,
1205 "host lacks kvm mmu notifiers, -mem-path unsupported");
1206 return NULL;
1207 }
1208
1209 for (;;) {
1210 fd = open(path, O_RDWR);
1211 if (fd >= 0) {
1212 /* @path names an existing file, use it */
1213 break;
1214 }
1215 if (errno == ENOENT) {
1216 /* @path names a file that doesn't exist, create it */
1217 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1218 if (fd >= 0) {
1219 unlink_on_error = true;
1220 break;
1221 }
1222 } else if (errno == EISDIR) {
1223 /* @path names a directory, create a file there */
1224 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1225 sanitized_name = g_strdup(memory_region_name(block->mr));
1226 for (c = sanitized_name; *c != '\0'; c++) {
1227 if (*c == '/') {
1228 *c = '_';
1229 }
1230 }
1231
1232 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1233 sanitized_name);
1234 g_free(sanitized_name);
1235
1236 fd = mkstemp(filename);
1237 if (fd >= 0) {
1238 unlink(filename);
1239 g_free(filename);
1240 break;
1241 }
1242 g_free(filename);
1243 }
1244 if (errno != EEXIST && errno != EINTR) {
1245 error_setg_errno(errp, errno,
1246 "can't open backing store %s for guest RAM",
1247 path);
1248 goto error;
1249 }
1250 /*
1251 * Try again on EINTR and EEXIST. The latter happens when
1252 * something else creates the file between our two open().
1253 */
1254 }
1255
1256 block->page_size = qemu_fd_getpagesize(fd);
1257 block->mr->align = block->page_size;
1258 #if defined(__s390x__)
1259 if (kvm_enabled()) {
1260 block->mr->align = MAX(block->mr->align, QEMU_VMALLOC_ALIGN);
1261 }
1262 #endif
1263
1264 if (memory < block->page_size) {
1265 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1266 "or larger than page size 0x%zx",
1267 memory, block->page_size);
1268 goto error;
1269 }
1270
1271 memory = ROUND_UP(memory, block->page_size);
1272
1273 /*
1274 * ftruncate is not supported by hugetlbfs in older
1275 * hosts, so don't bother bailing out on errors.
1276 * If anything goes wrong with it under other filesystems,
1277 * mmap will fail.
1278 */
1279 if (ftruncate(fd, memory)) {
1280 perror("ftruncate");
1281 }
1282
1283 area = qemu_ram_mmap(fd, memory, block->mr->align,
1284 block->flags & RAM_SHARED);
1285 if (area == MAP_FAILED) {
1286 error_setg_errno(errp, errno,
1287 "unable to map backing store for guest RAM");
1288 goto error;
1289 }
1290
1291 if (mem_prealloc) {
1292 os_mem_prealloc(fd, area, memory, errp);
1293 if (errp && *errp) {
1294 goto error;
1295 }
1296 }
1297
1298 block->fd = fd;
1299 return area;
1300
1301 error:
1302 if (area != MAP_FAILED) {
1303 qemu_ram_munmap(area, memory);
1304 }
1305 if (unlink_on_error) {
1306 unlink(path);
1307 }
1308 if (fd != -1) {
1309 close(fd);
1310 }
1311 return NULL;
1312 }
1313 #endif
1314
1315 /* Called with the ramlist lock held. */
1316 static ram_addr_t find_ram_offset(ram_addr_t size)
1317 {
1318 RAMBlock *block, *next_block;
1319 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1320
1321 assert(size != 0); /* it would hand out same offset multiple times */
1322
1323 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1324 return 0;
1325 }
1326
1327 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1328 ram_addr_t end, next = RAM_ADDR_MAX;
1329
1330 end = block->offset + block->max_length;
1331
1332 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1333 if (next_block->offset >= end) {
1334 next = MIN(next, next_block->offset);
1335 }
1336 }
1337 if (next - end >= size && next - end < mingap) {
1338 offset = end;
1339 mingap = next - end;
1340 }
1341 }
1342
1343 if (offset == RAM_ADDR_MAX) {
1344 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1345 (uint64_t)size);
1346 abort();
1347 }
1348
1349 return offset;
1350 }
1351
1352 ram_addr_t last_ram_offset(void)
1353 {
1354 RAMBlock *block;
1355 ram_addr_t last = 0;
1356
1357 rcu_read_lock();
1358 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1359 last = MAX(last, block->offset + block->max_length);
1360 }
1361 rcu_read_unlock();
1362 return last;
1363 }
1364
1365 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1366 {
1367 int ret;
1368
1369 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1370 if (!machine_dump_guest_core(current_machine)) {
1371 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1372 if (ret) {
1373 perror("qemu_madvise");
1374 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1375 "but dump_guest_core=off specified\n");
1376 }
1377 }
1378 }
1379
1380 const char *qemu_ram_get_idstr(RAMBlock *rb)
1381 {
1382 return rb->idstr;
1383 }
1384
1385 /* Called with iothread lock held. */
1386 void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
1387 {
1388 RAMBlock *block;
1389
1390 assert(new_block);
1391 assert(!new_block->idstr[0]);
1392
1393 if (dev) {
1394 char *id = qdev_get_dev_path(dev);
1395 if (id) {
1396 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1397 g_free(id);
1398 }
1399 }
1400 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1401
1402 rcu_read_lock();
1403 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1404 if (block != new_block &&
1405 !strcmp(block->idstr, new_block->idstr)) {
1406 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1407 new_block->idstr);
1408 abort();
1409 }
1410 }
1411 rcu_read_unlock();
1412 }
1413
1414 /* Called with iothread lock held. */
1415 void qemu_ram_unset_idstr(RAMBlock *block)
1416 {
1417 /* FIXME: arch_init.c assumes that this is not called throughout
1418 * migration. Ignore the problem since hot-unplug during migration
1419 * does not work anyway.
1420 */
1421 if (block) {
1422 memset(block->idstr, 0, sizeof(block->idstr));
1423 }
1424 }
1425
1426 size_t qemu_ram_pagesize(RAMBlock *rb)
1427 {
1428 return rb->page_size;
1429 }
1430
1431 static int memory_try_enable_merging(void *addr, size_t len)
1432 {
1433 if (!machine_mem_merge(current_machine)) {
1434 /* disabled by the user */
1435 return 0;
1436 }
1437
1438 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1439 }
1440
1441 /* Only legal before guest might have detected the memory size: e.g. on
1442 * incoming migration, or right after reset.
1443 *
1444 * As memory core doesn't know how is memory accessed, it is up to
1445 * resize callback to update device state and/or add assertions to detect
1446 * misuse, if necessary.
1447 */
1448 int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
1449 {
1450 assert(block);
1451
1452 newsize = HOST_PAGE_ALIGN(newsize);
1453
1454 if (block->used_length == newsize) {
1455 return 0;
1456 }
1457
1458 if (!(block->flags & RAM_RESIZEABLE)) {
1459 error_setg_errno(errp, EINVAL,
1460 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1461 " in != 0x" RAM_ADDR_FMT, block->idstr,
1462 newsize, block->used_length);
1463 return -EINVAL;
1464 }
1465
1466 if (block->max_length < newsize) {
1467 error_setg_errno(errp, EINVAL,
1468 "Length too large: %s: 0x" RAM_ADDR_FMT
1469 " > 0x" RAM_ADDR_FMT, block->idstr,
1470 newsize, block->max_length);
1471 return -EINVAL;
1472 }
1473
1474 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1475 block->used_length = newsize;
1476 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1477 DIRTY_CLIENTS_ALL);
1478 memory_region_set_size(block->mr, newsize);
1479 if (block->resized) {
1480 block->resized(block->idstr, newsize, block->host);
1481 }
1482 return 0;
1483 }
1484
1485 /* Called with ram_list.mutex held */
1486 static void dirty_memory_extend(ram_addr_t old_ram_size,
1487 ram_addr_t new_ram_size)
1488 {
1489 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1490 DIRTY_MEMORY_BLOCK_SIZE);
1491 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1492 DIRTY_MEMORY_BLOCK_SIZE);
1493 int i;
1494
1495 /* Only need to extend if block count increased */
1496 if (new_num_blocks <= old_num_blocks) {
1497 return;
1498 }
1499
1500 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1501 DirtyMemoryBlocks *old_blocks;
1502 DirtyMemoryBlocks *new_blocks;
1503 int j;
1504
1505 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1506 new_blocks = g_malloc(sizeof(*new_blocks) +
1507 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1508
1509 if (old_num_blocks) {
1510 memcpy(new_blocks->blocks, old_blocks->blocks,
1511 old_num_blocks * sizeof(old_blocks->blocks[0]));
1512 }
1513
1514 for (j = old_num_blocks; j < new_num_blocks; j++) {
1515 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1516 }
1517
1518 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1519
1520 if (old_blocks) {
1521 g_free_rcu(old_blocks, rcu);
1522 }
1523 }
1524 }
1525
1526 static void ram_block_add(RAMBlock *new_block, Error **errp)
1527 {
1528 RAMBlock *block;
1529 RAMBlock *last_block = NULL;
1530 ram_addr_t old_ram_size, new_ram_size;
1531 Error *err = NULL;
1532
1533 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1534
1535 qemu_mutex_lock_ramlist();
1536 new_block->offset = find_ram_offset(new_block->max_length);
1537
1538 if (!new_block->host) {
1539 if (xen_enabled()) {
1540 xen_ram_alloc(new_block->offset, new_block->max_length,
1541 new_block->mr, &err);
1542 if (err) {
1543 error_propagate(errp, err);
1544 qemu_mutex_unlock_ramlist();
1545 return;
1546 }
1547 } else {
1548 new_block->host = phys_mem_alloc(new_block->max_length,
1549 &new_block->mr->align);
1550 if (!new_block->host) {
1551 error_setg_errno(errp, errno,
1552 "cannot set up guest memory '%s'",
1553 memory_region_name(new_block->mr));
1554 qemu_mutex_unlock_ramlist();
1555 return;
1556 }
1557 memory_try_enable_merging(new_block->host, new_block->max_length);
1558 }
1559 }
1560
1561 new_ram_size = MAX(old_ram_size,
1562 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1563 if (new_ram_size > old_ram_size) {
1564 migration_bitmap_extend(old_ram_size, new_ram_size);
1565 dirty_memory_extend(old_ram_size, new_ram_size);
1566 }
1567 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1568 * QLIST (which has an RCU-friendly variant) does not have insertion at
1569 * tail, so save the last element in last_block.
1570 */
1571 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1572 last_block = block;
1573 if (block->max_length < new_block->max_length) {
1574 break;
1575 }
1576 }
1577 if (block) {
1578 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1579 } else if (last_block) {
1580 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1581 } else { /* list is empty */
1582 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1583 }
1584 ram_list.mru_block = NULL;
1585
1586 /* Write list before version */
1587 smp_wmb();
1588 ram_list.version++;
1589 qemu_mutex_unlock_ramlist();
1590
1591 cpu_physical_memory_set_dirty_range(new_block->offset,
1592 new_block->used_length,
1593 DIRTY_CLIENTS_ALL);
1594
1595 if (new_block->host) {
1596 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1597 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1598 /* MADV_DONTFORK is also needed by KVM in absence of synchronous MMU */
1599 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1600 }
1601 }
1602
1603 #ifdef __linux__
1604 RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1605 bool share, const char *mem_path,
1606 Error **errp)
1607 {
1608 RAMBlock *new_block;
1609 Error *local_err = NULL;
1610
1611 if (xen_enabled()) {
1612 error_setg(errp, "-mem-path not supported with Xen");
1613 return NULL;
1614 }
1615
1616 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1617 /*
1618 * file_ram_alloc() needs to allocate just like
1619 * phys_mem_alloc, but we haven't bothered to provide
1620 * a hook there.
1621 */
1622 error_setg(errp,
1623 "-mem-path not supported with this accelerator");
1624 return NULL;
1625 }
1626
1627 size = HOST_PAGE_ALIGN(size);
1628 new_block = g_malloc0(sizeof(*new_block));
1629 new_block->mr = mr;
1630 new_block->used_length = size;
1631 new_block->max_length = size;
1632 new_block->flags = share ? RAM_SHARED : 0;
1633 new_block->host = file_ram_alloc(new_block, size,
1634 mem_path, errp);
1635 if (!new_block->host) {
1636 g_free(new_block);
1637 return NULL;
1638 }
1639
1640 ram_block_add(new_block, &local_err);
1641 if (local_err) {
1642 g_free(new_block);
1643 error_propagate(errp, local_err);
1644 return NULL;
1645 }
1646 return new_block;
1647 }
1648 #endif
1649
1650 static
1651 RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1652 void (*resized)(const char*,
1653 uint64_t length,
1654 void *host),
1655 void *host, bool resizeable,
1656 MemoryRegion *mr, Error **errp)
1657 {
1658 RAMBlock *new_block;
1659 Error *local_err = NULL;
1660
1661 size = HOST_PAGE_ALIGN(size);
1662 max_size = HOST_PAGE_ALIGN(max_size);
1663 new_block = g_malloc0(sizeof(*new_block));
1664 new_block->mr = mr;
1665 new_block->resized = resized;
1666 new_block->used_length = size;
1667 new_block->max_length = max_size;
1668 assert(max_size >= size);
1669 new_block->fd = -1;
1670 new_block->page_size = getpagesize();
1671 new_block->host = host;
1672 if (host) {
1673 new_block->flags |= RAM_PREALLOC;
1674 }
1675 if (resizeable) {
1676 new_block->flags |= RAM_RESIZEABLE;
1677 }
1678 ram_block_add(new_block, &local_err);
1679 if (local_err) {
1680 g_free(new_block);
1681 error_propagate(errp, local_err);
1682 return NULL;
1683 }
1684 return new_block;
1685 }
1686
1687 RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1688 MemoryRegion *mr, Error **errp)
1689 {
1690 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1691 }
1692
1693 RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1694 {
1695 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1696 }
1697
1698 RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1699 void (*resized)(const char*,
1700 uint64_t length,
1701 void *host),
1702 MemoryRegion *mr, Error **errp)
1703 {
1704 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1705 }
1706
1707 static void reclaim_ramblock(RAMBlock *block)
1708 {
1709 if (block->flags & RAM_PREALLOC) {
1710 ;
1711 } else if (xen_enabled()) {
1712 xen_invalidate_map_cache_entry(block->host);
1713 #ifndef _WIN32
1714 } else if (block->fd >= 0) {
1715 qemu_ram_munmap(block->host, block->max_length);
1716 close(block->fd);
1717 #endif
1718 } else {
1719 qemu_anon_ram_free(block->host, block->max_length);
1720 }
1721 g_free(block);
1722 }
1723
1724 void qemu_ram_free(RAMBlock *block)
1725 {
1726 if (!block) {
1727 return;
1728 }
1729
1730 qemu_mutex_lock_ramlist();
1731 QLIST_REMOVE_RCU(block, next);
1732 ram_list.mru_block = NULL;
1733 /* Write list before version */
1734 smp_wmb();
1735 ram_list.version++;
1736 call_rcu(block, reclaim_ramblock, rcu);
1737 qemu_mutex_unlock_ramlist();
1738 }
1739
1740 #ifndef _WIN32
1741 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1742 {
1743 RAMBlock *block;
1744 ram_addr_t offset;
1745 int flags;
1746 void *area, *vaddr;
1747
1748 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1749 offset = addr - block->offset;
1750 if (offset < block->max_length) {
1751 vaddr = ramblock_ptr(block, offset);
1752 if (block->flags & RAM_PREALLOC) {
1753 ;
1754 } else if (xen_enabled()) {
1755 abort();
1756 } else {
1757 flags = MAP_FIXED;
1758 if (block->fd >= 0) {
1759 flags |= (block->flags & RAM_SHARED ?
1760 MAP_SHARED : MAP_PRIVATE);
1761 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1762 flags, block->fd, offset);
1763 } else {
1764 /*
1765 * Remap needs to match alloc. Accelerators that
1766 * set phys_mem_alloc never remap. If they did,
1767 * we'd need a remap hook here.
1768 */
1769 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1770
1771 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1772 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1773 flags, -1, 0);
1774 }
1775 if (area != vaddr) {
1776 fprintf(stderr, "Could not remap addr: "
1777 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1778 length, addr);
1779 exit(1);
1780 }
1781 memory_try_enable_merging(vaddr, length);
1782 qemu_ram_setup_dump(vaddr, length);
1783 }
1784 }
1785 }
1786 }
1787 #endif /* !_WIN32 */
1788
1789 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1790 * This should not be used for general purpose DMA. Use address_space_map
1791 * or address_space_rw instead. For local memory (e.g. video ram) that the
1792 * device owns, use memory_region_get_ram_ptr.
1793 *
1794 * Called within RCU critical section.
1795 */
1796 void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1797 {
1798 RAMBlock *block = ram_block;
1799
1800 if (block == NULL) {
1801 block = qemu_get_ram_block(addr);
1802 addr -= block->offset;
1803 }
1804
1805 if (xen_enabled() && block->host == NULL) {
1806 /* We need to check if the requested address is in the RAM
1807 * because we don't want to map the entire memory in QEMU.
1808 * In that case just map until the end of the page.
1809 */
1810 if (block->offset == 0) {
1811 return xen_map_cache(addr, 0, 0);
1812 }
1813
1814 block->host = xen_map_cache(block->offset, block->max_length, 1);
1815 }
1816 return ramblock_ptr(block, addr);
1817 }
1818
1819 /* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
1820 * but takes a size argument.
1821 *
1822 * Called within RCU critical section.
1823 */
1824 static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1825 hwaddr *size)
1826 {
1827 RAMBlock *block = ram_block;
1828 if (*size == 0) {
1829 return NULL;
1830 }
1831
1832 if (block == NULL) {
1833 block = qemu_get_ram_block(addr);
1834 addr -= block->offset;
1835 }
1836 *size = MIN(*size, block->max_length - addr);
1837
1838 if (xen_enabled() && block->host == NULL) {
1839 /* We need to check if the requested address is in the RAM
1840 * because we don't want to map the entire memory in QEMU.
1841 * In that case just map the requested area.
1842 */
1843 if (block->offset == 0) {
1844 return xen_map_cache(addr, *size, 1);
1845 }
1846
1847 block->host = xen_map_cache(block->offset, block->max_length, 1);
1848 }
1849
1850 return ramblock_ptr(block, addr);
1851 }
1852
1853 /*
1854 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1855 * in that RAMBlock.
1856 *
1857 * ptr: Host pointer to look up
1858 * round_offset: If true round the result offset down to a page boundary
1859 * *ram_addr: set to result ram_addr
1860 * *offset: set to result offset within the RAMBlock
1861 *
1862 * Returns: RAMBlock (or NULL if not found)
1863 *
1864 * By the time this function returns, the returned pointer is not protected
1865 * by RCU anymore. If the caller is not within an RCU critical section and
1866 * does not hold the iothread lock, it must have other means of protecting the
1867 * pointer, such as a reference to the region that includes the incoming
1868 * ram_addr_t.
1869 */
1870 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1871 ram_addr_t *offset)
1872 {
1873 RAMBlock *block;
1874 uint8_t *host = ptr;
1875
1876 if (xen_enabled()) {
1877 ram_addr_t ram_addr;
1878 rcu_read_lock();
1879 ram_addr = xen_ram_addr_from_mapcache(ptr);
1880 block = qemu_get_ram_block(ram_addr);
1881 if (block) {
1882 *offset = ram_addr - block->offset;
1883 }
1884 rcu_read_unlock();
1885 return block;
1886 }
1887
1888 rcu_read_lock();
1889 block = atomic_rcu_read(&ram_list.mru_block);
1890 if (block && block->host && host - block->host < block->max_length) {
1891 goto found;
1892 }
1893
1894 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1895 /* This case append when the block is not mapped. */
1896 if (block->host == NULL) {
1897 continue;
1898 }
1899 if (host - block->host < block->max_length) {
1900 goto found;
1901 }
1902 }
1903
1904 rcu_read_unlock();
1905 return NULL;
1906
1907 found:
1908 *offset = (host - block->host);
1909 if (round_offset) {
1910 *offset &= TARGET_PAGE_MASK;
1911 }
1912 rcu_read_unlock();
1913 return block;
1914 }
1915
1916 /*
1917 * Finds the named RAMBlock
1918 *
1919 * name: The name of RAMBlock to find
1920 *
1921 * Returns: RAMBlock (or NULL if not found)
1922 */
1923 RAMBlock *qemu_ram_block_by_name(const char *name)
1924 {
1925 RAMBlock *block;
1926
1927 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1928 if (!strcmp(name, block->idstr)) {
1929 return block;
1930 }
1931 }
1932
1933 return NULL;
1934 }
1935
1936 /* Some of the softmmu routines need to translate from a host pointer
1937 (typically a TLB entry) back to a ram offset. */
1938 ram_addr_t qemu_ram_addr_from_host(void *ptr)
1939 {
1940 RAMBlock *block;
1941 ram_addr_t offset;
1942
1943 block = qemu_ram_block_from_host(ptr, false, &offset);
1944 if (!block) {
1945 return RAM_ADDR_INVALID;
1946 }
1947
1948 return block->offset + offset;
1949 }
1950
1951 /* Called within RCU critical section. */
1952 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1953 uint64_t val, unsigned size)
1954 {
1955 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1956 tb_invalidate_phys_page_fast(ram_addr, size);
1957 }
1958 switch (size) {
1959 case 1:
1960 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
1961 break;
1962 case 2:
1963 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
1964 break;
1965 case 4:
1966 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
1967 break;
1968 default:
1969 abort();
1970 }
1971 /* Set both VGA and migration bits for simplicity and to remove
1972 * the notdirty callback faster.
1973 */
1974 cpu_physical_memory_set_dirty_range(ram_addr, size,
1975 DIRTY_CLIENTS_NOCODE);
1976 /* we remove the notdirty callback only if the code has been
1977 flushed */
1978 if (!cpu_physical_memory_is_clean(ram_addr)) {
1979 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1980 }
1981 }
1982
1983 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1984 unsigned size, bool is_write)
1985 {
1986 return is_write;
1987 }
1988
1989 static const MemoryRegionOps notdirty_mem_ops = {
1990 .write = notdirty_mem_write,
1991 .valid.accepts = notdirty_mem_accepts,
1992 .endianness = DEVICE_NATIVE_ENDIAN,
1993 };
1994
1995 /* Generate a debug exception if a watchpoint has been hit. */
1996 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1997 {
1998 CPUState *cpu = current_cpu;
1999 CPUClass *cc = CPU_GET_CLASS(cpu);
2000 CPUArchState *env = cpu->env_ptr;
2001 target_ulong pc, cs_base;
2002 target_ulong vaddr;
2003 CPUWatchpoint *wp;
2004 uint32_t cpu_flags;
2005
2006 if (cpu->watchpoint_hit) {
2007 /* We re-entered the check after replacing the TB. Now raise
2008 * the debug interrupt so that is will trigger after the
2009 * current instruction. */
2010 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2011 return;
2012 }
2013 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2014 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2015 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2016 && (wp->flags & flags)) {
2017 if (flags == BP_MEM_READ) {
2018 wp->flags |= BP_WATCHPOINT_HIT_READ;
2019 } else {
2020 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2021 }
2022 wp->hitaddr = vaddr;
2023 wp->hitattrs = attrs;
2024 if (!cpu->watchpoint_hit) {
2025 if (wp->flags & BP_CPU &&
2026 !cc->debug_check_watchpoint(cpu, wp)) {
2027 wp->flags &= ~BP_WATCHPOINT_HIT;
2028 continue;
2029 }
2030 cpu->watchpoint_hit = wp;
2031 tb_check_watchpoint(cpu);
2032 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2033 cpu->exception_index = EXCP_DEBUG;
2034 cpu_loop_exit(cpu);
2035 } else {
2036 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2037 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2038 cpu_loop_exit_noexc(cpu);
2039 }
2040 }
2041 } else {
2042 wp->flags &= ~BP_WATCHPOINT_HIT;
2043 }
2044 }
2045 }
2046
2047 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2048 so these check for a hit then pass through to the normal out-of-line
2049 phys routines. */
2050 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2051 unsigned size, MemTxAttrs attrs)
2052 {
2053 MemTxResult res;
2054 uint64_t data;
2055 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2056 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2057
2058 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2059 switch (size) {
2060 case 1:
2061 data = address_space_ldub(as, addr, attrs, &res);
2062 break;
2063 case 2:
2064 data = address_space_lduw(as, addr, attrs, &res);
2065 break;
2066 case 4:
2067 data = address_space_ldl(as, addr, attrs, &res);
2068 break;
2069 default: abort();
2070 }
2071 *pdata = data;
2072 return res;
2073 }
2074
2075 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2076 uint64_t val, unsigned size,
2077 MemTxAttrs attrs)
2078 {
2079 MemTxResult res;
2080 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2081 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2082
2083 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2084 switch (size) {
2085 case 1:
2086 address_space_stb(as, addr, val, attrs, &res);
2087 break;
2088 case 2:
2089 address_space_stw(as, addr, val, attrs, &res);
2090 break;
2091 case 4:
2092 address_space_stl(as, addr, val, attrs, &res);
2093 break;
2094 default: abort();
2095 }
2096 return res;
2097 }
2098
2099 static const MemoryRegionOps watch_mem_ops = {
2100 .read_with_attrs = watch_mem_read,
2101 .write_with_attrs = watch_mem_write,
2102 .endianness = DEVICE_NATIVE_ENDIAN,
2103 };
2104
2105 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2106 unsigned len, MemTxAttrs attrs)
2107 {
2108 subpage_t *subpage = opaque;
2109 uint8_t buf[8];
2110 MemTxResult res;
2111
2112 #if defined(DEBUG_SUBPAGE)
2113 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2114 subpage, len, addr);
2115 #endif
2116 res = address_space_read(subpage->as, addr + subpage->base,
2117 attrs, buf, len);
2118 if (res) {
2119 return res;
2120 }
2121 switch (len) {
2122 case 1:
2123 *data = ldub_p(buf);
2124 return MEMTX_OK;
2125 case 2:
2126 *data = lduw_p(buf);
2127 return MEMTX_OK;
2128 case 4:
2129 *data = ldl_p(buf);
2130 return MEMTX_OK;
2131 case 8:
2132 *data = ldq_p(buf);
2133 return MEMTX_OK;
2134 default:
2135 abort();
2136 }
2137 }
2138
2139 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2140 uint64_t value, unsigned len, MemTxAttrs attrs)
2141 {
2142 subpage_t *subpage = opaque;
2143 uint8_t buf[8];
2144
2145 #if defined(DEBUG_SUBPAGE)
2146 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2147 " value %"PRIx64"\n",
2148 __func__, subpage, len, addr, value);
2149 #endif
2150 switch (len) {
2151 case 1:
2152 stb_p(buf, value);
2153 break;
2154 case 2:
2155 stw_p(buf, value);
2156 break;
2157 case 4:
2158 stl_p(buf, value);
2159 break;
2160 case 8:
2161 stq_p(buf, value);
2162 break;
2163 default:
2164 abort();
2165 }
2166 return address_space_write(subpage->as, addr + subpage->base,
2167 attrs, buf, len);
2168 }
2169
2170 static bool subpage_accepts(void *opaque, hwaddr addr,
2171 unsigned len, bool is_write)
2172 {
2173 subpage_t *subpage = opaque;
2174 #if defined(DEBUG_SUBPAGE)
2175 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2176 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2177 #endif
2178
2179 return address_space_access_valid(subpage->as, addr + subpage->base,
2180 len, is_write);
2181 }
2182
2183 static const MemoryRegionOps subpage_ops = {
2184 .read_with_attrs = subpage_read,
2185 .write_with_attrs = subpage_write,
2186 .impl.min_access_size = 1,
2187 .impl.max_access_size = 8,
2188 .valid.min_access_size = 1,
2189 .valid.max_access_size = 8,
2190 .valid.accepts = subpage_accepts,
2191 .endianness = DEVICE_NATIVE_ENDIAN,
2192 };
2193
2194 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2195 uint16_t section)
2196 {
2197 int idx, eidx;
2198
2199 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2200 return -1;
2201 idx = SUBPAGE_IDX(start);
2202 eidx = SUBPAGE_IDX(end);
2203 #if defined(DEBUG_SUBPAGE)
2204 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2205 __func__, mmio, start, end, idx, eidx, section);
2206 #endif
2207 for (; idx <= eidx; idx++) {
2208 mmio->sub_section[idx] = section;
2209 }
2210
2211 return 0;
2212 }
2213
2214 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2215 {
2216 subpage_t *mmio;
2217
2218 mmio = g_malloc0(sizeof(subpage_t) + TARGET_PAGE_SIZE * sizeof(uint16_t));
2219 mmio->as = as;
2220 mmio->base = base;
2221 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2222 NULL, TARGET_PAGE_SIZE);
2223 mmio->iomem.subpage = true;
2224 #if defined(DEBUG_SUBPAGE)
2225 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2226 mmio, base, TARGET_PAGE_SIZE);
2227 #endif
2228 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2229
2230 return mmio;
2231 }
2232
2233 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2234 MemoryRegion *mr)
2235 {
2236 assert(as);
2237 MemoryRegionSection section = {
2238 .address_space = as,
2239 .mr = mr,
2240 .offset_within_address_space = 0,
2241 .offset_within_region = 0,
2242 .size = int128_2_64(),
2243 };
2244
2245 return phys_section_add(map, &section);
2246 }
2247
2248 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
2249 {
2250 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2251 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
2252 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2253 MemoryRegionSection *sections = d->map.sections;
2254
2255 return sections[index & ~TARGET_PAGE_MASK].mr;
2256 }
2257
2258 static void io_mem_init(void)
2259 {
2260 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2261 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2262 NULL, UINT64_MAX);
2263 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2264 NULL, UINT64_MAX);
2265 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2266 NULL, UINT64_MAX);
2267 }
2268
2269 static void mem_begin(MemoryListener *listener)
2270 {
2271 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2272 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2273 uint16_t n;
2274
2275 n = dummy_section(&d->map, as, &io_mem_unassigned);
2276 assert(n == PHYS_SECTION_UNASSIGNED);
2277 n = dummy_section(&d->map, as, &io_mem_notdirty);
2278 assert(n == PHYS_SECTION_NOTDIRTY);
2279 n = dummy_section(&d->map, as, &io_mem_rom);
2280 assert(n == PHYS_SECTION_ROM);
2281 n = dummy_section(&d->map, as, &io_mem_watch);
2282 assert(n == PHYS_SECTION_WATCH);
2283
2284 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2285 d->as = as;
2286 as->next_dispatch = d;
2287 }
2288
2289 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2290 {
2291 phys_sections_free(&d->map);
2292 g_free(d);
2293 }
2294
2295 static void mem_commit(MemoryListener *listener)
2296 {
2297 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2298 AddressSpaceDispatch *cur = as->dispatch;
2299 AddressSpaceDispatch *next = as->next_dispatch;
2300
2301 phys_page_compact_all(next, next->map.nodes_nb);
2302
2303 atomic_rcu_set(&as->dispatch, next);
2304 if (cur) {
2305 call_rcu(cur, address_space_dispatch_free, rcu);
2306 }
2307 }
2308
2309 static void tcg_commit(MemoryListener *listener)
2310 {
2311 CPUAddressSpace *cpuas;
2312 AddressSpaceDispatch *d;
2313
2314 /* since each CPU stores ram addresses in its TLB cache, we must
2315 reset the modified entries */
2316 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2317 cpu_reloading_memory_map();
2318 /* The CPU and TLB are protected by the iothread lock.
2319 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2320 * may have split the RCU critical section.
2321 */
2322 d = atomic_rcu_read(&cpuas->as->dispatch);
2323 cpuas->memory_dispatch = d;
2324 tlb_flush(cpuas->cpu, 1);
2325 }
2326
2327 void address_space_init_dispatch(AddressSpace *as)
2328 {
2329 as->dispatch = NULL;
2330 as->dispatch_listener = (MemoryListener) {
2331 .begin = mem_begin,
2332 .commit = mem_commit,
2333 .region_add = mem_add,
2334 .region_nop = mem_add,
2335 .priority = 0,
2336 };
2337 memory_listener_register(&as->dispatch_listener, as);
2338 }
2339
2340 void address_space_unregister(AddressSpace *as)
2341 {
2342 memory_listener_unregister(&as->dispatch_listener);
2343 }
2344
2345 void address_space_destroy_dispatch(AddressSpace *as)
2346 {
2347 AddressSpaceDispatch *d = as->dispatch;
2348
2349 atomic_rcu_set(&as->dispatch, NULL);
2350 if (d) {
2351 call_rcu(d, address_space_dispatch_free, rcu);
2352 }
2353 }
2354
2355 static void memory_map_init(void)
2356 {
2357 system_memory = g_malloc(sizeof(*system_memory));
2358
2359 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2360 address_space_init(&address_space_memory, system_memory, "memory");
2361
2362 system_io = g_malloc(sizeof(*system_io));
2363 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2364 65536);
2365 address_space_init(&address_space_io, system_io, "I/O");
2366 }
2367
2368 MemoryRegion *get_system_memory(void)
2369 {
2370 return system_memory;
2371 }
2372
2373 MemoryRegion *get_system_io(void)
2374 {
2375 return system_io;
2376 }
2377
2378 #endif /* !defined(CONFIG_USER_ONLY) */
2379
2380 /* physical memory access (slow version, mainly for debug) */
2381 #if defined(CONFIG_USER_ONLY)
2382 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2383 uint8_t *buf, int len, int is_write)
2384 {
2385 int l, flags;
2386 target_ulong page;
2387 void * p;
2388
2389 while (len > 0) {
2390 page = addr & TARGET_PAGE_MASK;
2391 l = (page + TARGET_PAGE_SIZE) - addr;
2392 if (l > len)
2393 l = len;
2394 flags = page_get_flags(page);
2395 if (!(flags & PAGE_VALID))
2396 return -1;
2397 if (is_write) {
2398 if (!(flags & PAGE_WRITE))
2399 return -1;
2400 /* XXX: this code should not depend on lock_user */
2401 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2402 return -1;
2403 memcpy(p, buf, l);
2404 unlock_user(p, addr, l);
2405 } else {
2406 if (!(flags & PAGE_READ))
2407 return -1;
2408 /* XXX: this code should not depend on lock_user */
2409 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2410 return -1;
2411 memcpy(buf, p, l);
2412 unlock_user(p, addr, 0);
2413 }
2414 len -= l;
2415 buf += l;
2416 addr += l;
2417 }
2418 return 0;
2419 }
2420
2421 #else
2422
2423 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2424 hwaddr length)
2425 {
2426 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2427 addr += memory_region_get_ram_addr(mr);
2428
2429 /* No early return if dirty_log_mask is or becomes 0, because
2430 * cpu_physical_memory_set_dirty_range will still call
2431 * xen_modified_memory.
2432 */
2433 if (dirty_log_mask) {
2434 dirty_log_mask =
2435 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2436 }
2437 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2438 tb_invalidate_phys_range(addr, addr + length);
2439 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2440 }
2441 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2442 }
2443
2444 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2445 {
2446 unsigned access_size_max = mr->ops->valid.max_access_size;
2447
2448 /* Regions are assumed to support 1-4 byte accesses unless
2449 otherwise specified. */
2450 if (access_size_max == 0) {
2451 access_size_max = 4;
2452 }
2453
2454 /* Bound the maximum access by the alignment of the address. */
2455 if (!mr->ops->impl.unaligned) {
2456 unsigned align_size_max = addr & -addr;
2457 if (align_size_max != 0 && align_size_max < access_size_max) {
2458 access_size_max = align_size_max;
2459 }
2460 }
2461
2462 /* Don't attempt accesses larger than the maximum. */
2463 if (l > access_size_max) {
2464 l = access_size_max;
2465 }
2466 l = pow2floor(l);
2467
2468 return l;
2469 }
2470
2471 static bool prepare_mmio_access(MemoryRegion *mr)
2472 {
2473 bool unlocked = !qemu_mutex_iothread_locked();
2474 bool release_lock = false;
2475
2476 if (unlocked && mr->global_locking) {
2477 qemu_mutex_lock_iothread();
2478 unlocked = false;
2479 release_lock = true;
2480 }
2481 if (mr->flush_coalesced_mmio) {
2482 if (unlocked) {
2483 qemu_mutex_lock_iothread();
2484 }
2485 qemu_flush_coalesced_mmio_buffer();
2486 if (unlocked) {
2487 qemu_mutex_unlock_iothread();
2488 }
2489 }
2490
2491 return release_lock;
2492 }
2493
2494 /* Called within RCU critical section. */
2495 static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2496 MemTxAttrs attrs,
2497 const uint8_t *buf,
2498 int len, hwaddr addr1,
2499 hwaddr l, MemoryRegion *mr)
2500 {
2501 uint8_t *ptr;
2502 uint64_t val;
2503 MemTxResult result = MEMTX_OK;
2504 bool release_lock = false;
2505
2506 for (;;) {
2507 if (!memory_access_is_direct(mr, true)) {
2508 release_lock |= prepare_mmio_access(mr);
2509 l = memory_access_size(mr, l, addr1);
2510 /* XXX: could force current_cpu to NULL to avoid
2511 potential bugs */
2512 switch (l) {
2513 case 8:
2514 /* 64 bit write access */
2515 val = ldq_p(buf);
2516 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2517 attrs);
2518 break;
2519 case 4:
2520 /* 32 bit write access */
2521 val = ldl_p(buf);
2522 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2523 attrs);
2524 break;
2525 case 2:
2526 /* 16 bit write access */
2527 val = lduw_p(buf);
2528 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2529 attrs);
2530 break;
2531 case 1:
2532 /* 8 bit write access */
2533 val = ldub_p(buf);
2534 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2535 attrs);
2536 break;
2537 default:
2538 abort();
2539 }
2540 } else {
2541 /* RAM case */
2542 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
2543 memcpy(ptr, buf, l);
2544 invalidate_and_set_dirty(mr, addr1, l);
2545 }
2546
2547 if (release_lock) {
2548 qemu_mutex_unlock_iothread();
2549 release_lock = false;
2550 }
2551
2552 len -= l;
2553 buf += l;
2554 addr += l;
2555
2556 if (!len) {
2557 break;
2558 }
2559
2560 l = len;
2561 mr = address_space_translate(as, addr, &addr1, &l, true);
2562 }
2563
2564 return result;
2565 }
2566
2567 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2568 const uint8_t *buf, int len)
2569 {
2570 hwaddr l;
2571 hwaddr addr1;
2572 MemoryRegion *mr;
2573 MemTxResult result = MEMTX_OK;
2574
2575 if (len > 0) {
2576 rcu_read_lock();
2577 l = len;
2578 mr = address_space_translate(as, addr, &addr1, &l, true);
2579 result = address_space_write_continue(as, addr, attrs, buf, len,
2580 addr1, l, mr);
2581 rcu_read_unlock();
2582 }
2583
2584 return result;
2585 }
2586
2587 /* Called within RCU critical section. */
2588 MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2589 MemTxAttrs attrs, uint8_t *buf,
2590 int len, hwaddr addr1, hwaddr l,
2591 MemoryRegion *mr)
2592 {
2593 uint8_t *ptr;
2594 uint64_t val;
2595 MemTxResult result = MEMTX_OK;
2596 bool release_lock = false;
2597
2598 for (;;) {
2599 if (!memory_access_is_direct(mr, false)) {
2600 /* I/O case */
2601 release_lock |= prepare_mmio_access(mr);
2602 l = memory_access_size(mr, l, addr1);
2603 switch (l) {
2604 case 8:
2605 /* 64 bit read access */
2606 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2607 attrs);
2608 stq_p(buf, val);
2609 break;
2610 case 4:
2611 /* 32 bit read access */
2612 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2613 attrs);
2614 stl_p(buf, val);
2615 break;
2616 case 2:
2617 /* 16 bit read access */
2618 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2619 attrs);
2620 stw_p(buf, val);
2621 break;
2622 case 1:
2623 /* 8 bit read access */
2624 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2625 attrs);
2626 stb_p(buf, val);
2627 break;
2628 default:
2629 abort();
2630 }
2631 } else {
2632 /* RAM case */
2633 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
2634 memcpy(buf, ptr, l);
2635 }
2636
2637 if (release_lock) {
2638 qemu_mutex_unlock_iothread();
2639 release_lock = false;
2640 }
2641
2642 len -= l;
2643 buf += l;
2644 addr += l;
2645
2646 if (!len) {
2647 break;
2648 }
2649
2650 l = len;
2651 mr = address_space_translate(as, addr, &addr1, &l, false);
2652 }
2653
2654 return result;
2655 }
2656
2657 MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2658 MemTxAttrs attrs, uint8_t *buf, int len)
2659 {
2660 hwaddr l;
2661 hwaddr addr1;
2662 MemoryRegion *mr;
2663 MemTxResult result = MEMTX_OK;
2664
2665 if (len > 0) {
2666 rcu_read_lock();
2667 l = len;
2668 mr = address_space_translate(as, addr, &addr1, &l, false);
2669 result = address_space_read_continue(as, addr, attrs, buf, len,
2670 addr1, l, mr);
2671 rcu_read_unlock();
2672 }
2673
2674 return result;
2675 }
2676
2677 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2678 uint8_t *buf, int len, bool is_write)
2679 {
2680 if (is_write) {
2681 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2682 } else {
2683 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2684 }
2685 }
2686
2687 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2688 int len, int is_write)
2689 {
2690 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2691 buf, len, is_write);
2692 }
2693
2694 enum write_rom_type {
2695 WRITE_DATA,
2696 FLUSH_CACHE,
2697 };
2698
2699 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2700 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2701 {
2702 hwaddr l;
2703 uint8_t *ptr;
2704 hwaddr addr1;
2705 MemoryRegion *mr;
2706
2707 rcu_read_lock();
2708 while (len > 0) {
2709 l = len;
2710 mr = address_space_translate(as, addr, &addr1, &l, true);
2711
2712 if (!(memory_region_is_ram(mr) ||
2713 memory_region_is_romd(mr))) {
2714 l = memory_access_size(mr, l, addr1);
2715 } else {
2716 /* ROM/RAM case */
2717 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
2718 switch (type) {
2719 case WRITE_DATA:
2720 memcpy(ptr, buf, l);
2721 invalidate_and_set_dirty(mr, addr1, l);
2722 break;
2723 case FLUSH_CACHE:
2724 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2725 break;
2726 }
2727 }
2728 len -= l;
2729 buf += l;
2730 addr += l;
2731 }
2732 rcu_read_unlock();
2733 }
2734
2735 /* used for ROM loading : can write in RAM and ROM */
2736 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2737 const uint8_t *buf, int len)
2738 {
2739 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2740 }
2741
2742 void cpu_flush_icache_range(hwaddr start, int len)
2743 {
2744 /*
2745 * This function should do the same thing as an icache flush that was
2746 * triggered from within the guest. For TCG we are always cache coherent,
2747 * so there is no need to flush anything. For KVM / Xen we need to flush
2748 * the host's instruction cache at least.
2749 */
2750 if (tcg_enabled()) {
2751 return;
2752 }
2753
2754 cpu_physical_memory_write_rom_internal(&address_space_memory,
2755 start, NULL, len, FLUSH_CACHE);
2756 }
2757
2758 typedef struct {
2759 MemoryRegion *mr;
2760 void *buffer;
2761 hwaddr addr;
2762 hwaddr len;
2763 bool in_use;
2764 } BounceBuffer;
2765
2766 static BounceBuffer bounce;
2767
2768 typedef struct MapClient {
2769 QEMUBH *bh;
2770 QLIST_ENTRY(MapClient) link;
2771 } MapClient;
2772
2773 QemuMutex map_client_list_lock;
2774 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2775 = QLIST_HEAD_INITIALIZER(map_client_list);
2776
2777 static void cpu_unregister_map_client_do(MapClient *client)
2778 {
2779 QLIST_REMOVE(client, link);
2780 g_free(client);
2781 }
2782
2783 static void cpu_notify_map_clients_locked(void)
2784 {
2785 MapClient *client;
2786
2787 while (!QLIST_EMPTY(&map_client_list)) {
2788 client = QLIST_FIRST(&map_client_list);
2789 qemu_bh_schedule(client->bh);
2790 cpu_unregister_map_client_do(client);
2791 }
2792 }
2793
2794 void cpu_register_map_client(QEMUBH *bh)
2795 {
2796 MapClient *client = g_malloc(sizeof(*client));
2797
2798 qemu_mutex_lock(&map_client_list_lock);
2799 client->bh = bh;
2800 QLIST_INSERT_HEAD(&map_client_list, client, link);
2801 if (!atomic_read(&bounce.in_use)) {
2802 cpu_notify_map_clients_locked();
2803 }
2804 qemu_mutex_unlock(&map_client_list_lock);
2805 }
2806
2807 void cpu_exec_init_all(void)
2808 {
2809 qemu_mutex_init(&ram_list.mutex);
2810 io_mem_init();
2811 memory_map_init();
2812 qemu_mutex_init(&map_client_list_lock);
2813 }
2814
2815 void cpu_unregister_map_client(QEMUBH *bh)
2816 {
2817 MapClient *client;
2818
2819 qemu_mutex_lock(&map_client_list_lock);
2820 QLIST_FOREACH(client, &map_client_list, link) {
2821 if (client->bh == bh) {
2822 cpu_unregister_map_client_do(client);
2823 break;
2824 }
2825 }
2826 qemu_mutex_unlock(&map_client_list_lock);
2827 }
2828
2829 static void cpu_notify_map_clients(void)
2830 {
2831 qemu_mutex_lock(&map_client_list_lock);
2832 cpu_notify_map_clients_locked();
2833 qemu_mutex_unlock(&map_client_list_lock);
2834 }
2835
2836 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2837 {
2838 MemoryRegion *mr;
2839 hwaddr l, xlat;
2840
2841 rcu_read_lock();
2842 while (len > 0) {
2843 l = len;
2844 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2845 if (!memory_access_is_direct(mr, is_write)) {
2846 l = memory_access_size(mr, l, addr);
2847 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2848 return false;
2849 }
2850 }
2851
2852 len -= l;
2853 addr += l;
2854 }
2855 rcu_read_unlock();
2856 return true;
2857 }
2858
2859 /* Map a physical memory region into a host virtual address.
2860 * May map a subset of the requested range, given by and returned in *plen.
2861 * May return NULL if resources needed to perform the mapping are exhausted.
2862 * Use only for reads OR writes - not for read-modify-write operations.
2863 * Use cpu_register_map_client() to know when retrying the map operation is
2864 * likely to succeed.
2865 */
2866 void *address_space_map(AddressSpace *as,
2867 hwaddr addr,
2868 hwaddr *plen,
2869 bool is_write)
2870 {
2871 hwaddr len = *plen;
2872 hwaddr done = 0;
2873 hwaddr l, xlat, base;
2874 MemoryRegion *mr, *this_mr;
2875 void *ptr;
2876
2877 if (len == 0) {
2878 return NULL;
2879 }
2880
2881 l = len;
2882 rcu_read_lock();
2883 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2884
2885 if (!memory_access_is_direct(mr, is_write)) {
2886 if (atomic_xchg(&bounce.in_use, true)) {
2887 rcu_read_unlock();
2888 return NULL;
2889 }
2890 /* Avoid unbounded allocations */
2891 l = MIN(l, TARGET_PAGE_SIZE);
2892 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2893 bounce.addr = addr;
2894 bounce.len = l;
2895
2896 memory_region_ref(mr);
2897 bounce.mr = mr;
2898 if (!is_write) {
2899 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2900 bounce.buffer, l);
2901 }
2902
2903 rcu_read_unlock();
2904 *plen = l;
2905 return bounce.buffer;
2906 }
2907
2908 base = xlat;
2909
2910 for (;;) {
2911 len -= l;
2912 addr += l;
2913 done += l;
2914 if (len == 0) {
2915 break;
2916 }
2917
2918 l = len;
2919 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2920 if (this_mr != mr || xlat != base + done) {
2921 break;
2922 }
2923 }
2924
2925 memory_region_ref(mr);
2926 *plen = done;
2927 ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);
2928 rcu_read_unlock();
2929
2930 return ptr;
2931 }
2932
2933 /* Unmaps a memory region previously mapped by address_space_map().
2934 * Will also mark the memory as dirty if is_write == 1. access_len gives
2935 * the amount of memory that was actually read or written by the caller.
2936 */
2937 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2938 int is_write, hwaddr access_len)
2939 {
2940 if (buffer != bounce.buffer) {
2941 MemoryRegion *mr;
2942 ram_addr_t addr1;
2943
2944 mr = memory_region_from_host(buffer, &addr1);
2945 assert(mr != NULL);
2946 if (is_write) {
2947 invalidate_and_set_dirty(mr, addr1, access_len);
2948 }
2949 if (xen_enabled()) {
2950 xen_invalidate_map_cache_entry(buffer);
2951 }
2952 memory_region_unref(mr);
2953 return;
2954 }
2955 if (is_write) {
2956 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2957 bounce.buffer, access_len);
2958 }
2959 qemu_vfree(bounce.buffer);
2960 bounce.buffer = NULL;
2961 memory_region_unref(bounce.mr);
2962 atomic_mb_set(&bounce.in_use, false);
2963 cpu_notify_map_clients();
2964 }
2965
2966 void *cpu_physical_memory_map(hwaddr addr,
2967 hwaddr *plen,
2968 int is_write)
2969 {
2970 return address_space_map(&address_space_memory, addr, plen, is_write);
2971 }
2972
2973 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2974 int is_write, hwaddr access_len)
2975 {
2976 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2977 }
2978
2979 /* warning: addr must be aligned */
2980 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2981 MemTxAttrs attrs,
2982 MemTxResult *result,
2983 enum device_endian endian)
2984 {
2985 uint8_t *ptr;
2986 uint64_t val;
2987 MemoryRegion *mr;
2988 hwaddr l = 4;
2989 hwaddr addr1;
2990 MemTxResult r;
2991 bool release_lock = false;
2992
2993 rcu_read_lock();
2994 mr = address_space_translate(as, addr, &addr1, &l, false);
2995 if (l < 4 || !memory_access_is_direct(mr, false)) {
2996 release_lock |= prepare_mmio_access(mr);
2997
2998 /* I/O case */
2999 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
3000 #if defined(TARGET_WORDS_BIGENDIAN)
3001 if (endian == DEVICE_LITTLE_ENDIAN) {
3002 val = bswap32(val);
3003 }
3004 #else
3005 if (endian == DEVICE_BIG_ENDIAN) {
3006 val = bswap32(val);
3007 }
3008 #endif
3009 } else {
3010 /* RAM case */
3011 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3012 switch (endian) {
3013 case DEVICE_LITTLE_ENDIAN:
3014 val = ldl_le_p(ptr);
3015 break;
3016 case DEVICE_BIG_ENDIAN:
3017 val = ldl_be_p(ptr);
3018 break;
3019 default:
3020 val = ldl_p(ptr);
3021 break;
3022 }
3023 r = MEMTX_OK;
3024 }
3025 if (result) {
3026 *result = r;
3027 }
3028 if (release_lock) {
3029 qemu_mutex_unlock_iothread();
3030 }
3031 rcu_read_unlock();
3032 return val;
3033 }
3034
3035 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3036 MemTxAttrs attrs, MemTxResult *result)
3037 {
3038 return address_space_ldl_internal(as, addr, attrs, result,
3039 DEVICE_NATIVE_ENDIAN);
3040 }
3041
3042 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3043 MemTxAttrs attrs, MemTxResult *result)
3044 {
3045 return address_space_ldl_internal(as, addr, attrs, result,
3046 DEVICE_LITTLE_ENDIAN);
3047 }
3048
3049 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3050 MemTxAttrs attrs, MemTxResult *result)
3051 {
3052 return address_space_ldl_internal(as, addr, attrs, result,
3053 DEVICE_BIG_ENDIAN);
3054 }
3055
3056 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
3057 {
3058 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3059 }
3060
3061 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
3062 {
3063 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3064 }
3065
3066 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
3067 {
3068 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3069 }
3070
3071 /* warning: addr must be aligned */
3072 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3073 MemTxAttrs attrs,
3074 MemTxResult *result,
3075 enum device_endian endian)
3076 {
3077 uint8_t *ptr;
3078 uint64_t val;
3079 MemoryRegion *mr;
3080 hwaddr l = 8;
3081 hwaddr addr1;
3082 MemTxResult r;
3083 bool release_lock = false;
3084
3085 rcu_read_lock();
3086 mr = address_space_translate(as, addr, &addr1, &l,
3087 false);
3088 if (l < 8 || !memory_access_is_direct(mr, false)) {
3089 release_lock |= prepare_mmio_access(mr);
3090
3091 /* I/O case */
3092 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3093 #if defined(TARGET_WORDS_BIGENDIAN)
3094 if (endian == DEVICE_LITTLE_ENDIAN) {
3095 val = bswap64(val);
3096 }
3097 #else
3098 if (endian == DEVICE_BIG_ENDIAN) {
3099 val = bswap64(val);
3100 }
3101 #endif
3102 } else {
3103 /* RAM case */
3104 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3105 switch (endian) {
3106 case DEVICE_LITTLE_ENDIAN:
3107 val = ldq_le_p(ptr);
3108 break;
3109 case DEVICE_BIG_ENDIAN:
3110 val = ldq_be_p(ptr);
3111 break;
3112 default:
3113 val = ldq_p(ptr);
3114 break;
3115 }
3116 r = MEMTX_OK;
3117 }
3118 if (result) {
3119 *result = r;
3120 }
3121 if (release_lock) {
3122 qemu_mutex_unlock_iothread();
3123 }
3124 rcu_read_unlock();
3125 return val;
3126 }
3127
3128 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3129 MemTxAttrs attrs, MemTxResult *result)
3130 {
3131 return address_space_ldq_internal(as, addr, attrs, result,
3132 DEVICE_NATIVE_ENDIAN);
3133 }
3134
3135 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3136 MemTxAttrs attrs, MemTxResult *result)
3137 {
3138 return address_space_ldq_internal(as, addr, attrs, result,
3139 DEVICE_LITTLE_ENDIAN);
3140 }
3141
3142 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3143 MemTxAttrs attrs, MemTxResult *result)
3144 {
3145 return address_space_ldq_internal(as, addr, attrs, result,
3146 DEVICE_BIG_ENDIAN);
3147 }
3148
3149 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3150 {
3151 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3152 }
3153
3154 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3155 {
3156 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3157 }
3158
3159 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3160 {
3161 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3162 }
3163
3164 /* XXX: optimize */
3165 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3166 MemTxAttrs attrs, MemTxResult *result)
3167 {
3168 uint8_t val;
3169 MemTxResult r;
3170
3171 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3172 if (result) {
3173 *result = r;
3174 }
3175 return val;
3176 }
3177
3178 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3179 {
3180 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3181 }
3182
3183 /* warning: addr must be aligned */
3184 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3185 hwaddr addr,
3186 MemTxAttrs attrs,
3187 MemTxResult *result,
3188 enum device_endian endian)
3189 {
3190 uint8_t *ptr;
3191 uint64_t val;
3192 MemoryRegion *mr;
3193 hwaddr l = 2;
3194 hwaddr addr1;
3195 MemTxResult r;
3196 bool release_lock = false;
3197
3198 rcu_read_lock();
3199 mr = address_space_translate(as, addr, &addr1, &l,
3200 false);
3201 if (l < 2 || !memory_access_is_direct(mr, false)) {
3202 release_lock |= prepare_mmio_access(mr);
3203
3204 /* I/O case */
3205 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3206 #if defined(TARGET_WORDS_BIGENDIAN)
3207 if (endian == DEVICE_LITTLE_ENDIAN) {
3208 val = bswap16(val);
3209 }
3210 #else
3211 if (endian == DEVICE_BIG_ENDIAN) {
3212 val = bswap16(val);
3213 }
3214 #endif
3215 } else {
3216 /* RAM case */
3217 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3218 switch (endian) {
3219 case DEVICE_LITTLE_ENDIAN:
3220 val = lduw_le_p(ptr);
3221 break;
3222 case DEVICE_BIG_ENDIAN:
3223 val = lduw_be_p(ptr);
3224 break;
3225 default:
3226 val = lduw_p(ptr);
3227 break;
3228 }
3229 r = MEMTX_OK;
3230 }
3231 if (result) {
3232 *result = r;
3233 }
3234 if (release_lock) {
3235 qemu_mutex_unlock_iothread();
3236 }
3237 rcu_read_unlock();
3238 return val;
3239 }
3240
3241 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3242 MemTxAttrs attrs, MemTxResult *result)
3243 {
3244 return address_space_lduw_internal(as, addr, attrs, result,
3245 DEVICE_NATIVE_ENDIAN);
3246 }
3247
3248 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3249 MemTxAttrs attrs, MemTxResult *result)
3250 {
3251 return address_space_lduw_internal(as, addr, attrs, result,
3252 DEVICE_LITTLE_ENDIAN);
3253 }
3254
3255 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3256 MemTxAttrs attrs, MemTxResult *result)
3257 {
3258 return address_space_lduw_internal(as, addr, attrs, result,
3259 DEVICE_BIG_ENDIAN);
3260 }
3261
3262 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3263 {
3264 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3265 }
3266
3267 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3268 {
3269 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3270 }
3271
3272 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3273 {
3274 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3275 }
3276
3277 /* warning: addr must be aligned. The ram page is not masked as dirty
3278 and the code inside is not invalidated. It is useful if the dirty
3279 bits are used to track modified PTEs */
3280 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3281 MemTxAttrs attrs, MemTxResult *result)
3282 {
3283 uint8_t *ptr;
3284 MemoryRegion *mr;
3285 hwaddr l = 4;
3286 hwaddr addr1;
3287 MemTxResult r;
3288 uint8_t dirty_log_mask;
3289 bool release_lock = false;
3290
3291 rcu_read_lock();
3292 mr = address_space_translate(as, addr, &addr1, &l,
3293 true);
3294 if (l < 4 || !memory_access_is_direct(mr, true)) {
3295 release_lock |= prepare_mmio_access(mr);
3296
3297 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3298 } else {
3299 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3300 stl_p(ptr, val);
3301
3302 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3303 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3304 cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
3305 4, dirty_log_mask);
3306 r = MEMTX_OK;
3307 }
3308 if (result) {
3309 *result = r;
3310 }
3311 if (release_lock) {
3312 qemu_mutex_unlock_iothread();
3313 }
3314 rcu_read_unlock();
3315 }
3316
3317 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3318 {
3319 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3320 }
3321
3322 /* warning: addr must be aligned */
3323 static inline void address_space_stl_internal(AddressSpace *as,
3324 hwaddr addr, uint32_t val,
3325 MemTxAttrs attrs,
3326 MemTxResult *result,
3327 enum device_endian endian)
3328 {
3329 uint8_t *ptr;
3330 MemoryRegion *mr;
3331 hwaddr l = 4;
3332 hwaddr addr1;
3333 MemTxResult r;
3334 bool release_lock = false;
3335
3336 rcu_read_lock();
3337 mr = address_space_translate(as, addr, &addr1, &l,
3338 true);
3339 if (l < 4 || !memory_access_is_direct(mr, true)) {
3340 release_lock |= prepare_mmio_access(mr);
3341
3342 #if defined(TARGET_WORDS_BIGENDIAN)
3343 if (endian == DEVICE_LITTLE_ENDIAN) {
3344 val = bswap32(val);
3345 }
3346 #else
3347 if (endian == DEVICE_BIG_ENDIAN) {
3348 val = bswap32(val);
3349 }
3350 #endif
3351 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3352 } else {
3353 /* RAM case */
3354 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3355 switch (endian) {
3356 case DEVICE_LITTLE_ENDIAN:
3357 stl_le_p(ptr, val);
3358 break;
3359 case DEVICE_BIG_ENDIAN:
3360 stl_be_p(ptr, val);
3361 break;
3362 default:
3363 stl_p(ptr, val);
3364 break;
3365 }
3366 invalidate_and_set_dirty(mr, addr1, 4);
3367 r = MEMTX_OK;
3368 }
3369 if (result) {
3370 *result = r;
3371 }
3372 if (release_lock) {
3373 qemu_mutex_unlock_iothread();
3374 }
3375 rcu_read_unlock();
3376 }
3377
3378 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3379 MemTxAttrs attrs, MemTxResult *result)
3380 {
3381 address_space_stl_internal(as, addr, val, attrs, result,
3382 DEVICE_NATIVE_ENDIAN);
3383 }
3384
3385 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3386 MemTxAttrs attrs, MemTxResult *result)
3387 {
3388 address_space_stl_internal(as, addr, val, attrs, result,
3389 DEVICE_LITTLE_ENDIAN);
3390 }
3391
3392 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3393 MemTxAttrs attrs, MemTxResult *result)
3394 {
3395 address_space_stl_internal(as, addr, val, attrs, result,
3396 DEVICE_BIG_ENDIAN);
3397 }
3398
3399 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3400 {
3401 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3402 }
3403
3404 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3405 {
3406 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3407 }
3408
3409 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3410 {
3411 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3412 }
3413
3414 /* XXX: optimize */
3415 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3416 MemTxAttrs attrs, MemTxResult *result)
3417 {
3418 uint8_t v = val;
3419 MemTxResult r;
3420
3421 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3422 if (result) {
3423 *result = r;
3424 }
3425 }
3426
3427 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3428 {
3429 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3430 }
3431
3432 /* warning: addr must be aligned */
3433 static inline void address_space_stw_internal(AddressSpace *as,
3434 hwaddr addr, uint32_t val,
3435 MemTxAttrs attrs,
3436 MemTxResult *result,
3437 enum device_endian endian)
3438 {
3439 uint8_t *ptr;
3440 MemoryRegion *mr;
3441 hwaddr l = 2;
3442 hwaddr addr1;
3443 MemTxResult r;
3444 bool release_lock = false;
3445
3446 rcu_read_lock();
3447 mr = address_space_translate(as, addr, &addr1, &l, true);
3448 if (l < 2 || !memory_access_is_direct(mr, true)) {
3449 release_lock |= prepare_mmio_access(mr);
3450
3451 #if defined(TARGET_WORDS_BIGENDIAN)
3452 if (endian == DEVICE_LITTLE_ENDIAN) {
3453 val = bswap16(val);
3454 }
3455 #else
3456 if (endian == DEVICE_BIG_ENDIAN) {
3457 val = bswap16(val);
3458 }
3459 #endif
3460 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3461 } else {
3462 /* RAM case */
3463 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3464 switch (endian) {
3465 case DEVICE_LITTLE_ENDIAN:
3466 stw_le_p(ptr, val);
3467 break;
3468 case DEVICE_BIG_ENDIAN:
3469 stw_be_p(ptr, val);
3470 break;
3471 default:
3472 stw_p(ptr, val);
3473 break;
3474 }
3475 invalidate_and_set_dirty(mr, addr1, 2);
3476 r = MEMTX_OK;
3477 }
3478 if (result) {
3479 *result = r;
3480 }
3481 if (release_lock) {
3482 qemu_mutex_unlock_iothread();
3483 }
3484 rcu_read_unlock();
3485 }
3486
3487 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3488 MemTxAttrs attrs, MemTxResult *result)
3489 {
3490 address_space_stw_internal(as, addr, val, attrs, result,
3491 DEVICE_NATIVE_ENDIAN);
3492 }
3493
3494 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3495 MemTxAttrs attrs, MemTxResult *result)
3496 {
3497 address_space_stw_internal(as, addr, val, attrs, result,
3498 DEVICE_LITTLE_ENDIAN);
3499 }
3500
3501 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3502 MemTxAttrs attrs, MemTxResult *result)
3503 {
3504 address_space_stw_internal(as, addr, val, attrs, result,
3505 DEVICE_BIG_ENDIAN);
3506 }
3507
3508 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3509 {
3510 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3511 }
3512
3513 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3514 {
3515 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3516 }
3517
3518 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3519 {
3520 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3521 }
3522
3523 /* XXX: optimize */
3524 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3525 MemTxAttrs attrs, MemTxResult *result)
3526 {
3527 MemTxResult r;
3528 val = tswap64(val);
3529 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3530 if (result) {
3531 *result = r;
3532 }
3533 }
3534
3535 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3536 MemTxAttrs attrs, MemTxResult *result)
3537 {
3538 MemTxResult r;
3539 val = cpu_to_le64(val);
3540 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3541 if (result) {
3542 *result = r;
3543 }
3544 }
3545 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3546 MemTxAttrs attrs, MemTxResult *result)
3547 {
3548 MemTxResult r;
3549 val = cpu_to_be64(val);
3550 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3551 if (result) {
3552 *result = r;
3553 }
3554 }
3555
3556 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3557 {
3558 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3559 }
3560
3561 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3562 {
3563 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3564 }
3565
3566 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3567 {
3568 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3569 }
3570
3571 /* virtual memory access for debug (includes writing to ROM) */
3572 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3573 uint8_t *buf, int len, int is_write)
3574 {
3575 int l;
3576 hwaddr phys_addr;
3577 target_ulong page;
3578
3579 while (len > 0) {
3580 int asidx;
3581 MemTxAttrs attrs;
3582
3583 page = addr & TARGET_PAGE_MASK;
3584 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3585 asidx = cpu_asidx_from_attrs(cpu, attrs);
3586 /* if no physical page mapped, return an error */
3587 if (phys_addr == -1)
3588 return -1;
3589 l = (page + TARGET_PAGE_SIZE) - addr;
3590 if (l > len)
3591 l = len;
3592 phys_addr += (addr & ~TARGET_PAGE_MASK);
3593 if (is_write) {
3594 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3595 phys_addr, buf, l);
3596 } else {
3597 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3598 MEMTXATTRS_UNSPECIFIED,
3599 buf, l, 0);
3600 }
3601 len -= l;
3602 buf += l;
3603 addr += l;
3604 }
3605 return 0;
3606 }
3607
3608 /*
3609 * Allows code that needs to deal with migration bitmaps etc to still be built
3610 * target independent.
3611 */
3612 size_t qemu_target_page_bits(void)
3613 {
3614 return TARGET_PAGE_BITS;
3615 }
3616
3617 #endif
3618
3619 /*
3620 * A helper function for the _utterly broken_ virtio device model to find out if
3621 * it's running on a big endian machine. Don't do this at home kids!
3622 */
3623 bool target_words_bigendian(void);
3624 bool target_words_bigendian(void)
3625 {
3626 #if defined(TARGET_WORDS_BIGENDIAN)
3627 return true;
3628 #else
3629 return false;
3630 #endif
3631 }
3632
3633 #ifndef CONFIG_USER_ONLY
3634 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3635 {
3636 MemoryRegion*mr;
3637 hwaddr l = 1;
3638 bool res;
3639
3640 rcu_read_lock();
3641 mr = address_space_translate(&address_space_memory,
3642 phys_addr, &phys_addr, &l, false);
3643
3644 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3645 rcu_read_unlock();
3646 return res;
3647 }
3648
3649 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3650 {
3651 RAMBlock *block;
3652 int ret = 0;
3653
3654 rcu_read_lock();
3655 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3656 ret = func(block->idstr, block->host, block->offset,
3657 block->used_length, opaque);
3658 if (ret) {
3659 break;
3660 }
3661 }
3662 rcu_read_unlock();
3663 return ret;
3664 }
3665 #endif
AR7 emulation for QEMU