search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
exec: Factor out section_covers_addr
[qemu/ar7.git] / exec.c
blob9279af5eabcb99a61655dfd0d490ed83cb624101
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "qemu/osdep.h"
20 #ifndef _WIN32
21 #include <sys/mman.h>
22 #endif
23
24 #include "qemu-common.h"
25 #include "cpu.h"
26 #include "tcg.h"
27 #include "hw/hw.h"
28 #if !defined(CONFIG_USER_ONLY)
29 #include "hw/boards.h"
30 #endif
31 #include "hw/qdev.h"
32 #include "sysemu/kvm.h"
33 #include "sysemu/sysemu.h"
34 #include "hw/xen/xen.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "qemu/error-report.h"
38 #include "exec/memory.h"
39 #include "sysemu/dma.h"
40 #include "exec/address-spaces.h"
41 #if defined(CONFIG_USER_ONLY)
42 #include <qemu.h>
43 #else /* !CONFIG_USER_ONLY */
44 #include "sysemu/xen-mapcache.h"
45 #include "trace.h"
46 #endif
47 #include "exec/cpu-all.h"
48 #include "qemu/rcu_queue.h"
49 #include "qemu/main-loop.h"
50 #include "translate-all.h"
51 #include "sysemu/replay.h"
52
53 #include "exec/memory-internal.h"
54 #include "exec/ram_addr.h"
55 #include "exec/log.h"
56
57 #include "qemu/range.h"
58 #ifndef _WIN32
59 #include "qemu/mmap-alloc.h"
60 #endif
61
62 //#define DEBUG_SUBPAGE
63
64 #if !defined(CONFIG_USER_ONLY)
65 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
66 * are protected by the ramlist lock.
67 */
68 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
69
70 static MemoryRegion *system_memory;
71 static MemoryRegion *system_io;
72
73 AddressSpace address_space_io;
74 AddressSpace address_space_memory;
75
76 MemoryRegion io_mem_rom, io_mem_notdirty;
77 static MemoryRegion io_mem_unassigned;
78
79 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
80 #define RAM_PREALLOC (1 << 0)
81
82 /* RAM is mmap-ed with MAP_SHARED */
83 #define RAM_SHARED (1 << 1)
84
85 /* Only a portion of RAM (used_length) is actually used, and migrated.
86 * This used_length size can change across reboots.
87 */
88 #define RAM_RESIZEABLE (1 << 2)
89
90 #endif
91
92 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
93 /* current CPU in the current thread. It is only valid inside
94 cpu_exec() */
95 __thread CPUState *current_cpu;
96 /* 0 = Do not count executed instructions.
97 1 = Precise instruction counting.
98 2 = Adaptive rate instruction counting. */
99 int use_icount;
100
101 #if !defined(CONFIG_USER_ONLY)
102
103 typedef struct PhysPageEntry PhysPageEntry;
104
105 struct PhysPageEntry {
106 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
107 uint32_t skip : 6;
108 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
109 uint32_t ptr : 26;
110 };
111
112 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
113
114 /* Size of the L2 (and L3, etc) page tables. */
115 #define ADDR_SPACE_BITS 64
116
117 #define P_L2_BITS 9
118 #define P_L2_SIZE (1 << P_L2_BITS)
119
120 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
121
122 typedef PhysPageEntry Node[P_L2_SIZE];
123
124 typedef struct PhysPageMap {
125 struct rcu_head rcu;
126
127 unsigned sections_nb;
128 unsigned sections_nb_alloc;
129 unsigned nodes_nb;
130 unsigned nodes_nb_alloc;
131 Node *nodes;
132 MemoryRegionSection *sections;
133 } PhysPageMap;
134
135 struct AddressSpaceDispatch {
136 struct rcu_head rcu;
137
138 /* This is a multi-level map on the physical address space.
139 * The bottom level has pointers to MemoryRegionSections.
140 */
141 PhysPageEntry phys_map;
142 PhysPageMap map;
143 AddressSpace *as;
144 };
145
146 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
147 typedef struct subpage_t {
148 MemoryRegion iomem;
149 AddressSpace *as;
150 hwaddr base;
151 uint16_t sub_section[TARGET_PAGE_SIZE];
152 } subpage_t;
153
154 #define PHYS_SECTION_UNASSIGNED 0
155 #define PHYS_SECTION_NOTDIRTY 1
156 #define PHYS_SECTION_ROM 2
157 #define PHYS_SECTION_WATCH 3
158
159 static void io_mem_init(void);
160 static void memory_map_init(void);
161 static void tcg_commit(MemoryListener *listener);
162
163 static MemoryRegion io_mem_watch;
164
165 /**
166 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
167 * @cpu: the CPU whose AddressSpace this is
168 * @as: the AddressSpace itself
169 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
170 * @tcg_as_listener: listener for tracking changes to the AddressSpace
171 */
172 struct CPUAddressSpace {
173 CPUState *cpu;
174 AddressSpace *as;
175 struct AddressSpaceDispatch *memory_dispatch;
176 MemoryListener tcg_as_listener;
177 };
178
179 #endif
180
181 #if !defined(CONFIG_USER_ONLY)
182
183 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
184 {
185 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
186 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
187 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
188 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
189 }
190 }
191
192 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
193 {
194 unsigned i;
195 uint32_t ret;
196 PhysPageEntry e;
197 PhysPageEntry *p;
198
199 ret = map->nodes_nb++;
200 p = map->nodes[ret];
201 assert(ret != PHYS_MAP_NODE_NIL);
202 assert(ret != map->nodes_nb_alloc);
203
204 e.skip = leaf ? 0 : 1;
205 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
206 for (i = 0; i < P_L2_SIZE; ++i) {
207 memcpy(&p[i], &e, sizeof(e));
208 }
209 return ret;
210 }
211
212 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
213 hwaddr *index, hwaddr *nb, uint16_t leaf,
214 int level)
215 {
216 PhysPageEntry *p;
217 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
218
219 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
220 lp->ptr = phys_map_node_alloc(map, level == 0);
221 }
222 p = map->nodes[lp->ptr];
223 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
224
225 while (*nb && lp < &p[P_L2_SIZE]) {
226 if ((*index & (step - 1)) == 0 && *nb >= step) {
227 lp->skip = 0;
228 lp->ptr = leaf;
229 *index += step;
230 *nb -= step;
231 } else {
232 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
233 }
234 ++lp;
235 }
236 }
237
238 static void phys_page_set(AddressSpaceDispatch *d,
239 hwaddr index, hwaddr nb,
240 uint16_t leaf)
241 {
242 /* Wildly overreserve - it doesn't matter much. */
243 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
244
245 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
246 }
247
248 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
249 * and update our entry so we can skip it and go directly to the destination.
250 */
251 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
252 {
253 unsigned valid_ptr = P_L2_SIZE;
254 int valid = 0;
255 PhysPageEntry *p;
256 int i;
257
258 if (lp->ptr == PHYS_MAP_NODE_NIL) {
259 return;
260 }
261
262 p = nodes[lp->ptr];
263 for (i = 0; i < P_L2_SIZE; i++) {
264 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
265 continue;
266 }
267
268 valid_ptr = i;
269 valid++;
270 if (p[i].skip) {
271 phys_page_compact(&p[i], nodes, compacted);
272 }
273 }
274
275 /* We can only compress if there's only one child. */
276 if (valid != 1) {
277 return;
278 }
279
280 assert(valid_ptr < P_L2_SIZE);
281
282 /* Don't compress if it won't fit in the # of bits we have. */
283 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
284 return;
285 }
286
287 lp->ptr = p[valid_ptr].ptr;
288 if (!p[valid_ptr].skip) {
289 /* If our only child is a leaf, make this a leaf. */
290 /* By design, we should have made this node a leaf to begin with so we
291 * should never reach here.
292 * But since it's so simple to handle this, let's do it just in case we
293 * change this rule.
294 */
295 lp->skip = 0;
296 } else {
297 lp->skip += p[valid_ptr].skip;
298 }
299 }
300
301 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
302 {
303 DECLARE_BITMAP(compacted, nodes_nb);
304
305 if (d->phys_map.skip) {
306 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
307 }
308 }
309
310 static inline bool section_covers_addr(const MemoryRegionSection *section,
311 hwaddr addr)
312 {
313 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
314 * the section must cover the entire address space.
315 */
316 return section->size.hi ||
317 range_covers_byte(section->offset_within_address_space,
318 section->size.lo, addr);
319 }
320
321 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
322 Node *nodes, MemoryRegionSection *sections)
323 {
324 PhysPageEntry *p;
325 hwaddr index = addr >> TARGET_PAGE_BITS;
326 int i;
327
328 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
329 if (lp.ptr == PHYS_MAP_NODE_NIL) {
330 return &sections[PHYS_SECTION_UNASSIGNED];
331 }
332 p = nodes[lp.ptr];
333 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
334 }
335
336 if (section_covers_addr(&sections[lp.ptr], addr)) {
337 return &sections[lp.ptr];
338 } else {
339 return &sections[PHYS_SECTION_UNASSIGNED];
340 }
341 }
342
343 bool memory_region_is_unassigned(MemoryRegion *mr)
344 {
345 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
346 && mr != &io_mem_watch;
347 }
348
349 /* Called from RCU critical section */
350 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
351 hwaddr addr,
352 bool resolve_subpage)
353 {
354 MemoryRegionSection *section;
355 subpage_t *subpage;
356
357 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
358 if (resolve_subpage && section->mr->subpage) {
359 subpage = container_of(section->mr, subpage_t, iomem);
360 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
361 }
362 return section;
363 }
364
365 /* Called from RCU critical section */
366 static MemoryRegionSection *
367 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
368 hwaddr *plen, bool resolve_subpage)
369 {
370 MemoryRegionSection *section;
371 MemoryRegion *mr;
372 Int128 diff;
373
374 section = address_space_lookup_region(d, addr, resolve_subpage);
375 /* Compute offset within MemoryRegionSection */
376 addr -= section->offset_within_address_space;
377
378 /* Compute offset within MemoryRegion */
379 *xlat = addr + section->offset_within_region;
380
381 mr = section->mr;
382
383 /* MMIO registers can be expected to perform full-width accesses based only
384 * on their address, without considering adjacent registers that could
385 * decode to completely different MemoryRegions. When such registers
386 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
387 * regions overlap wildly. For this reason we cannot clamp the accesses
388 * here.
389 *
390 * If the length is small (as is the case for address_space_ldl/stl),
391 * everything works fine. If the incoming length is large, however,
392 * the caller really has to do the clamping through memory_access_size.
393 */
394 if (memory_region_is_ram(mr)) {
395 diff = int128_sub(section->size, int128_make64(addr));
396 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
397 }
398 return section;
399 }
400
401 /* Called from RCU critical section */
402 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
403 hwaddr *xlat, hwaddr *plen,
404 bool is_write)
405 {
406 IOMMUTLBEntry iotlb;
407 MemoryRegionSection *section;
408 MemoryRegion *mr;
409
410 for (;;) {
411 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
412 section = address_space_translate_internal(d, addr, &addr, plen, true);
413 mr = section->mr;
414
415 if (!mr->iommu_ops) {
416 break;
417 }
418
419 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
420 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
421 | (addr & iotlb.addr_mask));
422 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
423 if (!(iotlb.perm & (1 << is_write))) {
424 mr = &io_mem_unassigned;
425 break;
426 }
427
428 as = iotlb.target_as;
429 }
430
431 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
432 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
433 *plen = MIN(page, *plen);
434 }
435
436 *xlat = addr;
437 return mr;
438 }
439
440 /* Called from RCU critical section */
441 MemoryRegionSection *
442 address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
443 hwaddr *xlat, hwaddr *plen)
444 {
445 MemoryRegionSection *section;
446 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
447
448 section = address_space_translate_internal(d, addr, xlat, plen, false);
449
450 assert(!section->mr->iommu_ops);
451 return section;
452 }
453 #endif
454
455 #if !defined(CONFIG_USER_ONLY)
456
457 static int cpu_common_post_load(void *opaque, int version_id)
458 {
459 CPUState *cpu = opaque;
460
461 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
462 version_id is increased. */
463 cpu->interrupt_request &= ~0x01;
464 tlb_flush(cpu, 1);
465
466 return 0;
467 }
468
469 static int cpu_common_pre_load(void *opaque)
470 {
471 CPUState *cpu = opaque;
472
473 cpu->exception_index = -1;
474
475 return 0;
476 }
477
478 static bool cpu_common_exception_index_needed(void *opaque)
479 {
480 CPUState *cpu = opaque;
481
482 return tcg_enabled() && cpu->exception_index != -1;
483 }
484
485 static const VMStateDescription vmstate_cpu_common_exception_index = {
486 .name = "cpu_common/exception_index",
487 .version_id = 1,
488 .minimum_version_id = 1,
489 .needed = cpu_common_exception_index_needed,
490 .fields = (VMStateField[]) {
491 VMSTATE_INT32(exception_index, CPUState),
492 VMSTATE_END_OF_LIST()
493 }
494 };
495
496 static bool cpu_common_crash_occurred_needed(void *opaque)
497 {
498 CPUState *cpu = opaque;
499
500 return cpu->crash_occurred;
501 }
502
503 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
504 .name = "cpu_common/crash_occurred",
505 .version_id = 1,
506 .minimum_version_id = 1,
507 .needed = cpu_common_crash_occurred_needed,
508 .fields = (VMStateField[]) {
509 VMSTATE_BOOL(crash_occurred, CPUState),
510 VMSTATE_END_OF_LIST()
511 }
512 };
513
514 const VMStateDescription vmstate_cpu_common = {
515 .name = "cpu_common",
516 .version_id = 1,
517 .minimum_version_id = 1,
518 .pre_load = cpu_common_pre_load,
519 .post_load = cpu_common_post_load,
520 .fields = (VMStateField[]) {
521 VMSTATE_UINT32(halted, CPUState),
522 VMSTATE_UINT32(interrupt_request, CPUState),
523 VMSTATE_END_OF_LIST()
524 },
525 .subsections = (const VMStateDescription*[]) {
526 &vmstate_cpu_common_exception_index,
527 &vmstate_cpu_common_crash_occurred,
528 NULL
529 }
530 };
531
532 #endif
533
534 CPUState *qemu_get_cpu(int index)
535 {
536 CPUState *cpu;
537
538 CPU_FOREACH(cpu) {
539 if (cpu->cpu_index == index) {
540 return cpu;
541 }
542 }
543
544 return NULL;
545 }
546
547 #if !defined(CONFIG_USER_ONLY)
548 void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
549 {
550 CPUAddressSpace *newas;
551
552 /* Target code should have set num_ases before calling us */
553 assert(asidx < cpu->num_ases);
554
555 if (asidx == 0) {
556 /* address space 0 gets the convenience alias */
557 cpu->as = as;
558 }
559
560 /* KVM cannot currently support multiple address spaces. */
561 assert(asidx == 0 || !kvm_enabled());
562
563 if (!cpu->cpu_ases) {
564 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
565 }
566
567 newas = &cpu->cpu_ases[asidx];
568 newas->cpu = cpu;
569 newas->as = as;
570 if (tcg_enabled()) {
571 newas->tcg_as_listener.commit = tcg_commit;
572 memory_listener_register(&newas->tcg_as_listener, as);
573 }
574 }
575
576 AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
577 {
578 /* Return the AddressSpace corresponding to the specified index */
579 return cpu->cpu_ases[asidx].as;
580 }
581 #endif
582
583 #ifndef CONFIG_USER_ONLY
584 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
585
586 static int cpu_get_free_index(Error **errp)
587 {
588 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
589
590 if (cpu >= MAX_CPUMASK_BITS) {
591 error_setg(errp, "Trying to use more CPUs than max of %d",
592 MAX_CPUMASK_BITS);
593 return -1;
594 }
595
596 bitmap_set(cpu_index_map, cpu, 1);
597 return cpu;
598 }
599
600 void cpu_exec_exit(CPUState *cpu)
601 {
602 if (cpu->cpu_index == -1) {
603 /* cpu_index was never allocated by this @cpu or was already freed. */
604 return;
605 }
606
607 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
608 cpu->cpu_index = -1;
609 }
610 #else
611
612 static int cpu_get_free_index(Error **errp)
613 {
614 CPUState *some_cpu;
615 int cpu_index = 0;
616
617 CPU_FOREACH(some_cpu) {
618 cpu_index++;
619 }
620 return cpu_index;
621 }
622
623 void cpu_exec_exit(CPUState *cpu)
624 {
625 }
626 #endif
627
628 void cpu_exec_init(CPUState *cpu, Error **errp)
629 {
630 CPUClass *cc = CPU_GET_CLASS(cpu);
631 int cpu_index;
632 Error *local_err = NULL;
633
634 cpu->as = NULL;
635 cpu->num_ases = 0;
636
637 #ifndef CONFIG_USER_ONLY
638 cpu->thread_id = qemu_get_thread_id();
639
640 /* This is a softmmu CPU object, so create a property for it
641 * so users can wire up its memory. (This can't go in qom/cpu.c
642 * because that file is compiled only once for both user-mode
643 * and system builds.) The default if no link is set up is to use
644 * the system address space.
645 */
646 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
647 (Object **)&cpu->memory,
648 qdev_prop_allow_set_link_before_realize,
649 OBJ_PROP_LINK_UNREF_ON_RELEASE,
650 &error_abort);
651 cpu->memory = system_memory;
652 object_ref(OBJECT(cpu->memory));
653 #endif
654
655 #if defined(CONFIG_USER_ONLY)
656 cpu_list_lock();
657 #endif
658 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
659 if (local_err) {
660 error_propagate(errp, local_err);
661 #if defined(CONFIG_USER_ONLY)
662 cpu_list_unlock();
663 #endif
664 return;
665 }
666 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
667 #if defined(CONFIG_USER_ONLY)
668 cpu_list_unlock();
669 #endif
670 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
671 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
672 }
673 if (cc->vmsd != NULL) {
674 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
675 }
676 }
677
678 #if defined(CONFIG_USER_ONLY)
679 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
680 {
681 tb_invalidate_phys_page_range(pc, pc + 1, 0);
682 }
683 #else
684 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
685 {
686 MemTxAttrs attrs;
687 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
688 int asidx = cpu_asidx_from_attrs(cpu, attrs);
689 if (phys != -1) {
690 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
691 phys | (pc & ~TARGET_PAGE_MASK));
692 }
693 }
694 #endif
695
696 #if defined(CONFIG_USER_ONLY)
697 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
698
699 {
700 }
701
702 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
703 int flags)
704 {
705 return -ENOSYS;
706 }
707
708 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
709 {
710 }
711
712 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
713 int flags, CPUWatchpoint **watchpoint)
714 {
715 return -ENOSYS;
716 }
717 #else
718 /* Add a watchpoint. */
719 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
720 int flags, CPUWatchpoint **watchpoint)
721 {
722 CPUWatchpoint *wp;
723
724 /* forbid ranges which are empty or run off the end of the address space */
725 if (len == 0 || (addr + len - 1) < addr) {
726 error_report("tried to set invalid watchpoint at %"
727 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
728 return -EINVAL;
729 }
730 wp = g_malloc(sizeof(*wp));
731
732 wp->vaddr = addr;
733 wp->len = len;
734 wp->flags = flags;
735
736 /* keep all GDB-injected watchpoints in front */
737 if (flags & BP_GDB) {
738 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
739 } else {
740 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
741 }
742
743 tlb_flush_page(cpu, addr);
744
745 if (watchpoint)
746 *watchpoint = wp;
747 return 0;
748 }
749
750 /* Remove a specific watchpoint. */
751 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
752 int flags)
753 {
754 CPUWatchpoint *wp;
755
756 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
757 if (addr == wp->vaddr && len == wp->len
758 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
759 cpu_watchpoint_remove_by_ref(cpu, wp);
760 return 0;
761 }
762 }
763 return -ENOENT;
764 }
765
766 /* Remove a specific watchpoint by reference. */
767 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
768 {
769 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
770
771 tlb_flush_page(cpu, watchpoint->vaddr);
772
773 g_free(watchpoint);
774 }
775
776 /* Remove all matching watchpoints. */
777 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
778 {
779 CPUWatchpoint *wp, *next;
780
781 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
782 if (wp->flags & mask) {
783 cpu_watchpoint_remove_by_ref(cpu, wp);
784 }
785 }
786 }
787
788 /* Return true if this watchpoint address matches the specified
789 * access (ie the address range covered by the watchpoint overlaps
790 * partially or completely with the address range covered by the
791 * access).
792 */
793 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
794 vaddr addr,
795 vaddr len)
796 {
797 /* We know the lengths are non-zero, but a little caution is
798 * required to avoid errors in the case where the range ends
799 * exactly at the top of the address space and so addr + len
800 * wraps round to zero.
801 */
802 vaddr wpend = wp->vaddr + wp->len - 1;
803 vaddr addrend = addr + len - 1;
804
805 return !(addr > wpend || wp->vaddr > addrend);
806 }
807
808 #endif
809
810 /* Add a breakpoint. */
811 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
812 CPUBreakpoint **breakpoint)
813 {
814 CPUBreakpoint *bp;
815
816 bp = g_malloc(sizeof(*bp));
817
818 bp->pc = pc;
819 bp->flags = flags;
820
821 /* keep all GDB-injected breakpoints in front */
822 if (flags & BP_GDB) {
823 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
824 } else {
825 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
826 }
827
828 breakpoint_invalidate(cpu, pc);
829
830 if (breakpoint) {
831 *breakpoint = bp;
832 }
833 return 0;
834 }
835
836 /* Remove a specific breakpoint. */
837 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
838 {
839 CPUBreakpoint *bp;
840
841 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
842 if (bp->pc == pc && bp->flags == flags) {
843 cpu_breakpoint_remove_by_ref(cpu, bp);
844 return 0;
845 }
846 }
847 return -ENOENT;
848 }
849
850 /* Remove a specific breakpoint by reference. */
851 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
852 {
853 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
854
855 breakpoint_invalidate(cpu, breakpoint->pc);
856
857 g_free(breakpoint);
858 }
859
860 /* Remove all matching breakpoints. */
861 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
862 {
863 CPUBreakpoint *bp, *next;
864
865 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
866 if (bp->flags & mask) {
867 cpu_breakpoint_remove_by_ref(cpu, bp);
868 }
869 }
870 }
871
872 /* enable or disable single step mode. EXCP_DEBUG is returned by the
873 CPU loop after each instruction */
874 void cpu_single_step(CPUState *cpu, int enabled)
875 {
876 if (cpu->singlestep_enabled != enabled) {
877 cpu->singlestep_enabled = enabled;
878 if (kvm_enabled()) {
879 kvm_update_guest_debug(cpu, 0);
880 } else {
881 /* must flush all the translated code to avoid inconsistencies */
882 /* XXX: only flush what is necessary */
883 tb_flush(cpu);
884 }
885 }
886 }
887
888 void cpu_abort(CPUState *cpu, const char *fmt, ...)
889 {
890 va_list ap;
891 va_list ap2;
892
893 va_start(ap, fmt);
894 va_copy(ap2, ap);
895 fprintf(stderr, "qemu: fatal: ");
896 vfprintf(stderr, fmt, ap);
897 fprintf(stderr, "\n");
898 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
899 if (qemu_log_separate()) {
900 qemu_log("qemu: fatal: ");
901 qemu_log_vprintf(fmt, ap2);
902 qemu_log("\n");
903 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
904 qemu_log_flush();
905 qemu_log_close();
906 }
907 va_end(ap2);
908 va_end(ap);
909 replay_finish();
910 #if defined(CONFIG_USER_ONLY)
911 {
912 struct sigaction act;
913 sigfillset(&act.sa_mask);
914 act.sa_handler = SIG_DFL;
915 sigaction(SIGABRT, &act, NULL);
916 }
917 #endif
918 abort();
919 }
920
921 #if !defined(CONFIG_USER_ONLY)
922 /* Called from RCU critical section */
923 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
924 {
925 RAMBlock *block;
926
927 block = atomic_rcu_read(&ram_list.mru_block);
928 if (block && addr - block->offset < block->max_length) {
929 return block;
930 }
931 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
932 if (addr - block->offset < block->max_length) {
933 goto found;
934 }
935 }
936
937 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
938 abort();
939
940 found:
941 /* It is safe to write mru_block outside the iothread lock. This
942 * is what happens:
943 *
944 * mru_block = xxx
945 * rcu_read_unlock()
946 * xxx removed from list
947 * rcu_read_lock()
948 * read mru_block
949 * mru_block = NULL;
950 * call_rcu(reclaim_ramblock, xxx);
951 * rcu_read_unlock()
952 *
953 * atomic_rcu_set is not needed here. The block was already published
954 * when it was placed into the list. Here we're just making an extra
955 * copy of the pointer.
956 */
957 ram_list.mru_block = block;
958 return block;
959 }
960
961 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
962 {
963 CPUState *cpu;
964 ram_addr_t start1;
965 RAMBlock *block;
966 ram_addr_t end;
967
968 end = TARGET_PAGE_ALIGN(start + length);
969 start &= TARGET_PAGE_MASK;
970
971 rcu_read_lock();
972 block = qemu_get_ram_block(start);
973 assert(block == qemu_get_ram_block(end - 1));
974 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
975 CPU_FOREACH(cpu) {
976 tlb_reset_dirty(cpu, start1, length);
977 }
978 rcu_read_unlock();
979 }
980
981 /* Note: start and end must be within the same ram block. */
982 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
983 ram_addr_t length,
984 unsigned client)
985 {
986 DirtyMemoryBlocks *blocks;
987 unsigned long end, page;
988 bool dirty = false;
989
990 if (length == 0) {
991 return false;
992 }
993
994 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
995 page = start >> TARGET_PAGE_BITS;
996
997 rcu_read_lock();
998
999 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1000
1001 while (page < end) {
1002 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1003 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1004 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1005
1006 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1007 offset, num);
1008 page += num;
1009 }
1010
1011 rcu_read_unlock();
1012
1013 if (dirty && tcg_enabled()) {
1014 tlb_reset_dirty_range_all(start, length);
1015 }
1016
1017 return dirty;
1018 }
1019
1020 /* Called from RCU critical section */
1021 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
1022 MemoryRegionSection *section,
1023 target_ulong vaddr,
1024 hwaddr paddr, hwaddr xlat,
1025 int prot,
1026 target_ulong *address)
1027 {
1028 hwaddr iotlb;
1029 CPUWatchpoint *wp;
1030
1031 if (memory_region_is_ram(section->mr)) {
1032 /* Normal RAM. */
1033 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1034 + xlat;
1035 if (!section->readonly) {
1036 iotlb |= PHYS_SECTION_NOTDIRTY;
1037 } else {
1038 iotlb |= PHYS_SECTION_ROM;
1039 }
1040 } else {
1041 AddressSpaceDispatch *d;
1042
1043 d = atomic_rcu_read(&section->address_space->dispatch);
1044 iotlb = section - d->map.sections;
1045 iotlb += xlat;
1046 }
1047
1048 /* Make accesses to pages with watchpoints go via the
1049 watchpoint trap routines. */
1050 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1051 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1052 /* Avoid trapping reads of pages with a write breakpoint. */
1053 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1054 iotlb = PHYS_SECTION_WATCH + paddr;
1055 *address |= TLB_MMIO;
1056 break;
1057 }
1058 }
1059 }
1060
1061 return iotlb;
1062 }
1063 #endif /* defined(CONFIG_USER_ONLY) */
1064
1065 #if !defined(CONFIG_USER_ONLY)
1066
1067 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1068 uint16_t section);
1069 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1070
1071 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1072 qemu_anon_ram_alloc;
1073
1074 /*
1075 * Set a custom physical guest memory alloator.
1076 * Accelerators with unusual needs may need this. Hopefully, we can
1077 * get rid of it eventually.
1078 */
1079 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1080 {
1081 phys_mem_alloc = alloc;
1082 }
1083
1084 static uint16_t phys_section_add(PhysPageMap *map,
1085 MemoryRegionSection *section)
1086 {
1087 /* The physical section number is ORed with a page-aligned
1088 * pointer to produce the iotlb entries. Thus it should
1089 * never overflow into the page-aligned value.
1090 */
1091 assert(map->sections_nb < TARGET_PAGE_SIZE);
1092
1093 if (map->sections_nb == map->sections_nb_alloc) {
1094 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1095 map->sections = g_renew(MemoryRegionSection, map->sections,
1096 map->sections_nb_alloc);
1097 }
1098 map->sections[map->sections_nb] = *section;
1099 memory_region_ref(section->mr);
1100 return map->sections_nb++;
1101 }
1102
1103 static void phys_section_destroy(MemoryRegion *mr)
1104 {
1105 bool have_sub_page = mr->subpage;
1106
1107 memory_region_unref(mr);
1108
1109 if (have_sub_page) {
1110 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1111 object_unref(OBJECT(&subpage->iomem));
1112 g_free(subpage);
1113 }
1114 }
1115
1116 static void phys_sections_free(PhysPageMap *map)
1117 {
1118 while (map->sections_nb > 0) {
1119 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1120 phys_section_destroy(section->mr);
1121 }
1122 g_free(map->sections);
1123 g_free(map->nodes);
1124 }
1125
1126 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1127 {
1128 subpage_t *subpage;
1129 hwaddr base = section->offset_within_address_space
1130 & TARGET_PAGE_MASK;
1131 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1132 d->map.nodes, d->map.sections);
1133 MemoryRegionSection subsection = {
1134 .offset_within_address_space = base,
1135 .size = int128_make64(TARGET_PAGE_SIZE),
1136 };
1137 hwaddr start, end;
1138
1139 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1140
1141 if (!(existing->mr->subpage)) {
1142 subpage = subpage_init(d->as, base);
1143 subsection.address_space = d->as;
1144 subsection.mr = &subpage->iomem;
1145 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1146 phys_section_add(&d->map, &subsection));
1147 } else {
1148 subpage = container_of(existing->mr, subpage_t, iomem);
1149 }
1150 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1151 end = start + int128_get64(section->size) - 1;
1152 subpage_register(subpage, start, end,
1153 phys_section_add(&d->map, section));
1154 }
1155
1156
1157 static void register_multipage(AddressSpaceDispatch *d,
1158 MemoryRegionSection *section)
1159 {
1160 hwaddr start_addr = section->offset_within_address_space;
1161 uint16_t section_index = phys_section_add(&d->map, section);
1162 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1163 TARGET_PAGE_BITS));
1164
1165 assert(num_pages);
1166 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1167 }
1168
1169 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1170 {
1171 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1172 AddressSpaceDispatch *d = as->next_dispatch;
1173 MemoryRegionSection now = *section, remain = *section;
1174 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1175
1176 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1177 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1178 - now.offset_within_address_space;
1179
1180 now.size = int128_min(int128_make64(left), now.size);
1181 register_subpage(d, &now);
1182 } else {
1183 now.size = int128_zero();
1184 }
1185 while (int128_ne(remain.size, now.size)) {
1186 remain.size = int128_sub(remain.size, now.size);
1187 remain.offset_within_address_space += int128_get64(now.size);
1188 remain.offset_within_region += int128_get64(now.size);
1189 now = remain;
1190 if (int128_lt(remain.size, page_size)) {
1191 register_subpage(d, &now);
1192 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1193 now.size = page_size;
1194 register_subpage(d, &now);
1195 } else {
1196 now.size = int128_and(now.size, int128_neg(page_size));
1197 register_multipage(d, &now);
1198 }
1199 }
1200 }
1201
1202 void qemu_flush_coalesced_mmio_buffer(void)
1203 {
1204 if (kvm_enabled())
1205 kvm_flush_coalesced_mmio_buffer();
1206 }
1207
1208 void qemu_mutex_lock_ramlist(void)
1209 {
1210 qemu_mutex_lock(&ram_list.mutex);
1211 }
1212
1213 void qemu_mutex_unlock_ramlist(void)
1214 {
1215 qemu_mutex_unlock(&ram_list.mutex);
1216 }
1217
1218 #ifdef __linux__
1219
1220 #include <sys/vfs.h>
1221
1222 #define HUGETLBFS_MAGIC 0x958458f6
1223
1224 static long gethugepagesize(const char *path, Error **errp)
1225 {
1226 struct statfs fs;
1227 int ret;
1228
1229 do {
1230 ret = statfs(path, &fs);
1231 } while (ret != 0 && errno == EINTR);
1232
1233 if (ret != 0) {
1234 error_setg_errno(errp, errno, "failed to get page size of file %s",
1235 path);
1236 return 0;
1237 }
1238
1239 return fs.f_bsize;
1240 }
1241
1242 static void *file_ram_alloc(RAMBlock *block,
1243 ram_addr_t memory,
1244 const char *path,
1245 Error **errp)
1246 {
1247 struct stat st;
1248 char *filename;
1249 char *sanitized_name;
1250 char *c;
1251 void *area;
1252 int fd;
1253 uint64_t hpagesize;
1254 Error *local_err = NULL;
1255
1256 hpagesize = gethugepagesize(path, &local_err);
1257 if (local_err) {
1258 error_propagate(errp, local_err);
1259 goto error;
1260 }
1261 block->mr->align = hpagesize;
1262
1263 if (memory < hpagesize) {
1264 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1265 "or larger than huge page size 0x%" PRIx64,
1266 memory, hpagesize);
1267 goto error;
1268 }
1269
1270 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1271 error_setg(errp,
1272 "host lacks kvm mmu notifiers, -mem-path unsupported");
1273 goto error;
1274 }
1275
1276 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1277 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1278 sanitized_name = g_strdup(memory_region_name(block->mr));
1279 for (c = sanitized_name; *c != '\0'; c++) {
1280 if (*c == '/') {
1281 *c = '_';
1282 }
1283 }
1284
1285 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1286 sanitized_name);
1287 g_free(sanitized_name);
1288
1289 fd = mkstemp(filename);
1290 if (fd >= 0) {
1291 unlink(filename);
1292 }
1293 g_free(filename);
1294 } else {
1295 fd = open(path, O_RDWR | O_CREAT, 0644);
1296 }
1297
1298 if (fd < 0) {
1299 error_setg_errno(errp, errno,
1300 "unable to create backing store for hugepages");
1301 goto error;
1302 }
1303
1304 memory = ROUND_UP(memory, hpagesize);
1305
1306 /*
1307 * ftruncate is not supported by hugetlbfs in older
1308 * hosts, so don't bother bailing out on errors.
1309 * If anything goes wrong with it under other filesystems,
1310 * mmap will fail.
1311 */
1312 if (ftruncate(fd, memory)) {
1313 perror("ftruncate");
1314 }
1315
1316 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
1317 if (area == MAP_FAILED) {
1318 error_setg_errno(errp, errno,
1319 "unable to map backing store for hugepages");
1320 close(fd);
1321 goto error;
1322 }
1323
1324 if (mem_prealloc) {
1325 os_mem_prealloc(fd, area, memory);
1326 }
1327
1328 block->fd = fd;
1329 return area;
1330
1331 error:
1332 return NULL;
1333 }
1334 #endif
1335
1336 /* Called with the ramlist lock held. */
1337 static ram_addr_t find_ram_offset(ram_addr_t size)
1338 {
1339 RAMBlock *block, *next_block;
1340 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1341
1342 assert(size != 0); /* it would hand out same offset multiple times */
1343
1344 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1345 return 0;
1346 }
1347
1348 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1349 ram_addr_t end, next = RAM_ADDR_MAX;
1350
1351 end = block->offset + block->max_length;
1352
1353 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1354 if (next_block->offset >= end) {
1355 next = MIN(next, next_block->offset);
1356 }
1357 }
1358 if (next - end >= size && next - end < mingap) {
1359 offset = end;
1360 mingap = next - end;
1361 }
1362 }
1363
1364 if (offset == RAM_ADDR_MAX) {
1365 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1366 (uint64_t)size);
1367 abort();
1368 }
1369
1370 return offset;
1371 }
1372
1373 ram_addr_t last_ram_offset(void)
1374 {
1375 RAMBlock *block;
1376 ram_addr_t last = 0;
1377
1378 rcu_read_lock();
1379 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1380 last = MAX(last, block->offset + block->max_length);
1381 }
1382 rcu_read_unlock();
1383 return last;
1384 }
1385
1386 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1387 {
1388 int ret;
1389
1390 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1391 if (!machine_dump_guest_core(current_machine)) {
1392 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1393 if (ret) {
1394 perror("qemu_madvise");
1395 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1396 "but dump_guest_core=off specified\n");
1397 }
1398 }
1399 }
1400
1401 /* Called within an RCU critical section, or while the ramlist lock
1402 * is held.
1403 */
1404 static RAMBlock *find_ram_block(ram_addr_t addr)
1405 {
1406 RAMBlock *block;
1407
1408 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1409 if (block->offset == addr) {
1410 return block;
1411 }
1412 }
1413
1414 return NULL;
1415 }
1416
1417 const char *qemu_ram_get_idstr(RAMBlock *rb)
1418 {
1419 return rb->idstr;
1420 }
1421
1422 /* Called with iothread lock held. */
1423 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1424 {
1425 RAMBlock *new_block, *block;
1426
1427 rcu_read_lock();
1428 new_block = find_ram_block(addr);
1429 assert(new_block);
1430 assert(!new_block->idstr[0]);
1431
1432 if (dev) {
1433 char *id = qdev_get_dev_path(dev);
1434 if (id) {
1435 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1436 g_free(id);
1437 }
1438 }
1439 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1440
1441 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1442 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1443 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1444 new_block->idstr);
1445 abort();
1446 }
1447 }
1448 rcu_read_unlock();
1449 }
1450
1451 /* Called with iothread lock held. */
1452 void qemu_ram_unset_idstr(ram_addr_t addr)
1453 {
1454 RAMBlock *block;
1455
1456 /* FIXME: arch_init.c assumes that this is not called throughout
1457 * migration. Ignore the problem since hot-unplug during migration
1458 * does not work anyway.
1459 */
1460
1461 rcu_read_lock();
1462 block = find_ram_block(addr);
1463 if (block) {
1464 memset(block->idstr, 0, sizeof(block->idstr));
1465 }
1466 rcu_read_unlock();
1467 }
1468
1469 static int memory_try_enable_merging(void *addr, size_t len)
1470 {
1471 if (!machine_mem_merge(current_machine)) {
1472 /* disabled by the user */
1473 return 0;
1474 }
1475
1476 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1477 }
1478
1479 /* Only legal before guest might have detected the memory size: e.g. on
1480 * incoming migration, or right after reset.
1481 *
1482 * As memory core doesn't know how is memory accessed, it is up to
1483 * resize callback to update device state and/or add assertions to detect
1484 * misuse, if necessary.
1485 */
1486 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1487 {
1488 RAMBlock *block = find_ram_block(base);
1489
1490 assert(block);
1491
1492 newsize = HOST_PAGE_ALIGN(newsize);
1493
1494 if (block->used_length == newsize) {
1495 return 0;
1496 }
1497
1498 if (!(block->flags & RAM_RESIZEABLE)) {
1499 error_setg_errno(errp, EINVAL,
1500 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1501 " in != 0x" RAM_ADDR_FMT, block->idstr,
1502 newsize, block->used_length);
1503 return -EINVAL;
1504 }
1505
1506 if (block->max_length < newsize) {
1507 error_setg_errno(errp, EINVAL,
1508 "Length too large: %s: 0x" RAM_ADDR_FMT
1509 " > 0x" RAM_ADDR_FMT, block->idstr,
1510 newsize, block->max_length);
1511 return -EINVAL;
1512 }
1513
1514 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1515 block->used_length = newsize;
1516 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1517 DIRTY_CLIENTS_ALL);
1518 memory_region_set_size(block->mr, newsize);
1519 if (block->resized) {
1520 block->resized(block->idstr, newsize, block->host);
1521 }
1522 return 0;
1523 }
1524
1525 /* Called with ram_list.mutex held */
1526 static void dirty_memory_extend(ram_addr_t old_ram_size,
1527 ram_addr_t new_ram_size)
1528 {
1529 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1530 DIRTY_MEMORY_BLOCK_SIZE);
1531 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1532 DIRTY_MEMORY_BLOCK_SIZE);
1533 int i;
1534
1535 /* Only need to extend if block count increased */
1536 if (new_num_blocks <= old_num_blocks) {
1537 return;
1538 }
1539
1540 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1541 DirtyMemoryBlocks *old_blocks;
1542 DirtyMemoryBlocks *new_blocks;
1543 int j;
1544
1545 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1546 new_blocks = g_malloc(sizeof(*new_blocks) +
1547 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1548
1549 if (old_num_blocks) {
1550 memcpy(new_blocks->blocks, old_blocks->blocks,
1551 old_num_blocks * sizeof(old_blocks->blocks[0]));
1552 }
1553
1554 for (j = old_num_blocks; j < new_num_blocks; j++) {
1555 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1556 }
1557
1558 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1559
1560 if (old_blocks) {
1561 g_free_rcu(old_blocks, rcu);
1562 }
1563 }
1564 }
1565
1566 static void ram_block_add(RAMBlock *new_block, Error **errp)
1567 {
1568 RAMBlock *block;
1569 RAMBlock *last_block = NULL;
1570 ram_addr_t old_ram_size, new_ram_size;
1571 Error *err = NULL;
1572
1573 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1574
1575 qemu_mutex_lock_ramlist();
1576 new_block->offset = find_ram_offset(new_block->max_length);
1577
1578 if (!new_block->host) {
1579 if (xen_enabled()) {
1580 xen_ram_alloc(new_block->offset, new_block->max_length,
1581 new_block->mr, &err);
1582 if (err) {
1583 error_propagate(errp, err);
1584 qemu_mutex_unlock_ramlist();
1585 }
1586 } else {
1587 new_block->host = phys_mem_alloc(new_block->max_length,
1588 &new_block->mr->align);
1589 if (!new_block->host) {
1590 error_setg_errno(errp, errno,
1591 "cannot set up guest memory '%s'",
1592 memory_region_name(new_block->mr));
1593 qemu_mutex_unlock_ramlist();
1594 }
1595 memory_try_enable_merging(new_block->host, new_block->max_length);
1596 }
1597 }
1598
1599 new_ram_size = MAX(old_ram_size,
1600 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1601 if (new_ram_size > old_ram_size) {
1602 migration_bitmap_extend(old_ram_size, new_ram_size);
1603 dirty_memory_extend(old_ram_size, new_ram_size);
1604 }
1605 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1606 * QLIST (which has an RCU-friendly variant) does not have insertion at
1607 * tail, so save the last element in last_block.
1608 */
1609 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1610 last_block = block;
1611 if (block->max_length < new_block->max_length) {
1612 break;
1613 }
1614 }
1615 if (block) {
1616 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1617 } else if (last_block) {
1618 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1619 } else { /* list is empty */
1620 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1621 }
1622 ram_list.mru_block = NULL;
1623
1624 /* Write list before version */
1625 smp_wmb();
1626 ram_list.version++;
1627 qemu_mutex_unlock_ramlist();
1628
1629 cpu_physical_memory_set_dirty_range(new_block->offset,
1630 new_block->used_length,
1631 DIRTY_CLIENTS_ALL);
1632
1633 if (new_block->host) {
1634 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1635 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1636 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1637 if (kvm_enabled()) {
1638 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1639 }
1640 }
1641 }
1642
1643 #ifdef __linux__
1644 RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1645 bool share, const char *mem_path,
1646 Error **errp)
1647 {
1648 RAMBlock *new_block;
1649 Error *local_err = NULL;
1650
1651 if (xen_enabled()) {
1652 error_setg(errp, "-mem-path not supported with Xen");
1653 return NULL;
1654 }
1655
1656 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1657 /*
1658 * file_ram_alloc() needs to allocate just like
1659 * phys_mem_alloc, but we haven't bothered to provide
1660 * a hook there.
1661 */
1662 error_setg(errp,
1663 "-mem-path not supported with this accelerator");
1664 return NULL;
1665 }
1666
1667 size = HOST_PAGE_ALIGN(size);
1668 new_block = g_malloc0(sizeof(*new_block));
1669 new_block->mr = mr;
1670 new_block->used_length = size;
1671 new_block->max_length = size;
1672 new_block->flags = share ? RAM_SHARED : 0;
1673 new_block->host = file_ram_alloc(new_block, size,
1674 mem_path, errp);
1675 if (!new_block->host) {
1676 g_free(new_block);
1677 return NULL;
1678 }
1679
1680 ram_block_add(new_block, &local_err);
1681 if (local_err) {
1682 g_free(new_block);
1683 error_propagate(errp, local_err);
1684 return NULL;
1685 }
1686 return new_block;
1687 }
1688 #endif
1689
1690 static
1691 RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1692 void (*resized)(const char*,
1693 uint64_t length,
1694 void *host),
1695 void *host, bool resizeable,
1696 MemoryRegion *mr, Error **errp)
1697 {
1698 RAMBlock *new_block;
1699 Error *local_err = NULL;
1700
1701 size = HOST_PAGE_ALIGN(size);
1702 max_size = HOST_PAGE_ALIGN(max_size);
1703 new_block = g_malloc0(sizeof(*new_block));
1704 new_block->mr = mr;
1705 new_block->resized = resized;
1706 new_block->used_length = size;
1707 new_block->max_length = max_size;
1708 assert(max_size >= size);
1709 new_block->fd = -1;
1710 new_block->host = host;
1711 if (host) {
1712 new_block->flags |= RAM_PREALLOC;
1713 }
1714 if (resizeable) {
1715 new_block->flags |= RAM_RESIZEABLE;
1716 }
1717 ram_block_add(new_block, &local_err);
1718 if (local_err) {
1719 g_free(new_block);
1720 error_propagate(errp, local_err);
1721 return NULL;
1722 }
1723 return new_block;
1724 }
1725
1726 RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1727 MemoryRegion *mr, Error **errp)
1728 {
1729 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1730 }
1731
1732 RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1733 {
1734 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1735 }
1736
1737 RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1738 void (*resized)(const char*,
1739 uint64_t length,
1740 void *host),
1741 MemoryRegion *mr, Error **errp)
1742 {
1743 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1744 }
1745
1746 static void reclaim_ramblock(RAMBlock *block)
1747 {
1748 if (block->flags & RAM_PREALLOC) {
1749 ;
1750 } else if (xen_enabled()) {
1751 xen_invalidate_map_cache_entry(block->host);
1752 #ifndef _WIN32
1753 } else if (block->fd >= 0) {
1754 qemu_ram_munmap(block->host, block->max_length);
1755 close(block->fd);
1756 #endif
1757 } else {
1758 qemu_anon_ram_free(block->host, block->max_length);
1759 }
1760 g_free(block);
1761 }
1762
1763 void qemu_ram_free(RAMBlock *block)
1764 {
1765 qemu_mutex_lock_ramlist();
1766 QLIST_REMOVE_RCU(block, next);
1767 ram_list.mru_block = NULL;
1768 /* Write list before version */
1769 smp_wmb();
1770 ram_list.version++;
1771 call_rcu(block, reclaim_ramblock, rcu);
1772 qemu_mutex_unlock_ramlist();
1773 }
1774
1775 #ifndef _WIN32
1776 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1777 {
1778 RAMBlock *block;
1779 ram_addr_t offset;
1780 int flags;
1781 void *area, *vaddr;
1782
1783 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1784 offset = addr - block->offset;
1785 if (offset < block->max_length) {
1786 vaddr = ramblock_ptr(block, offset);
1787 if (block->flags & RAM_PREALLOC) {
1788 ;
1789 } else if (xen_enabled()) {
1790 abort();
1791 } else {
1792 flags = MAP_FIXED;
1793 if (block->fd >= 0) {
1794 flags |= (block->flags & RAM_SHARED ?
1795 MAP_SHARED : MAP_PRIVATE);
1796 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1797 flags, block->fd, offset);
1798 } else {
1799 /*
1800 * Remap needs to match alloc. Accelerators that
1801 * set phys_mem_alloc never remap. If they did,
1802 * we'd need a remap hook here.
1803 */
1804 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1805
1806 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1807 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1808 flags, -1, 0);
1809 }
1810 if (area != vaddr) {
1811 fprintf(stderr, "Could not remap addr: "
1812 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1813 length, addr);
1814 exit(1);
1815 }
1816 memory_try_enable_merging(vaddr, length);
1817 qemu_ram_setup_dump(vaddr, length);
1818 }
1819 }
1820 }
1821 }
1822 #endif /* !_WIN32 */
1823
1824 int qemu_get_ram_fd(ram_addr_t addr)
1825 {
1826 RAMBlock *block;
1827 int fd;
1828
1829 rcu_read_lock();
1830 block = qemu_get_ram_block(addr);
1831 fd = block->fd;
1832 rcu_read_unlock();
1833 return fd;
1834 }
1835
1836 void qemu_set_ram_fd(ram_addr_t addr, int fd)
1837 {
1838 RAMBlock *block;
1839
1840 rcu_read_lock();
1841 block = qemu_get_ram_block(addr);
1842 block->fd = fd;
1843 rcu_read_unlock();
1844 }
1845
1846 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1847 {
1848 RAMBlock *block;
1849 void *ptr;
1850
1851 rcu_read_lock();
1852 block = qemu_get_ram_block(addr);
1853 ptr = ramblock_ptr(block, 0);
1854 rcu_read_unlock();
1855 return ptr;
1856 }
1857
1858 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1859 * This should not be used for general purpose DMA. Use address_space_map
1860 * or address_space_rw instead. For local memory (e.g. video ram) that the
1861 * device owns, use memory_region_get_ram_ptr.
1862 *
1863 * Called within RCU critical section.
1864 */
1865 void *qemu_get_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1866 {
1867 RAMBlock *block = ram_block;
1868
1869 if (block == NULL) {
1870 block = qemu_get_ram_block(addr);
1871 }
1872
1873 if (xen_enabled() && block->host == NULL) {
1874 /* We need to check if the requested address is in the RAM
1875 * because we don't want to map the entire memory in QEMU.
1876 * In that case just map until the end of the page.
1877 */
1878 if (block->offset == 0) {
1879 return xen_map_cache(addr, 0, 0);
1880 }
1881
1882 block->host = xen_map_cache(block->offset, block->max_length, 1);
1883 }
1884 return ramblock_ptr(block, addr - block->offset);
1885 }
1886
1887 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1888 * but takes a size argument.
1889 *
1890 * Called within RCU critical section.
1891 */
1892 static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1893 hwaddr *size)
1894 {
1895 RAMBlock *block = ram_block;
1896 ram_addr_t offset_inside_block;
1897 if (*size == 0) {
1898 return NULL;
1899 }
1900
1901 if (block == NULL) {
1902 block = qemu_get_ram_block(addr);
1903 }
1904 offset_inside_block = addr - block->offset;
1905 *size = MIN(*size, block->max_length - offset_inside_block);
1906
1907 if (xen_enabled() && block->host == NULL) {
1908 /* We need to check if the requested address is in the RAM
1909 * because we don't want to map the entire memory in QEMU.
1910 * In that case just map the requested area.
1911 */
1912 if (block->offset == 0) {
1913 return xen_map_cache(addr, *size, 1);
1914 }
1915
1916 block->host = xen_map_cache(block->offset, block->max_length, 1);
1917 }
1918
1919 return ramblock_ptr(block, offset_inside_block);
1920 }
1921
1922 /*
1923 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1924 * in that RAMBlock.
1925 *
1926 * ptr: Host pointer to look up
1927 * round_offset: If true round the result offset down to a page boundary
1928 * *ram_addr: set to result ram_addr
1929 * *offset: set to result offset within the RAMBlock
1930 *
1931 * Returns: RAMBlock (or NULL if not found)
1932 *
1933 * By the time this function returns, the returned pointer is not protected
1934 * by RCU anymore. If the caller is not within an RCU critical section and
1935 * does not hold the iothread lock, it must have other means of protecting the
1936 * pointer, such as a reference to the region that includes the incoming
1937 * ram_addr_t.
1938 */
1939 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1940 ram_addr_t *ram_addr,
1941 ram_addr_t *offset)
1942 {
1943 RAMBlock *block;
1944 uint8_t *host = ptr;
1945
1946 if (xen_enabled()) {
1947 rcu_read_lock();
1948 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1949 block = qemu_get_ram_block(*ram_addr);
1950 if (block) {
1951 *offset = (host - block->host);
1952 }
1953 rcu_read_unlock();
1954 return block;
1955 }
1956
1957 rcu_read_lock();
1958 block = atomic_rcu_read(&ram_list.mru_block);
1959 if (block && block->host && host - block->host < block->max_length) {
1960 goto found;
1961 }
1962
1963 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1964 /* This case append when the block is not mapped. */
1965 if (block->host == NULL) {
1966 continue;
1967 }
1968 if (host - block->host < block->max_length) {
1969 goto found;
1970 }
1971 }
1972
1973 rcu_read_unlock();
1974 return NULL;
1975
1976 found:
1977 *offset = (host - block->host);
1978 if (round_offset) {
1979 *offset &= TARGET_PAGE_MASK;
1980 }
1981 *ram_addr = block->offset + *offset;
1982 rcu_read_unlock();
1983 return block;
1984 }
1985
1986 /*
1987 * Finds the named RAMBlock
1988 *
1989 * name: The name of RAMBlock to find
1990 *
1991 * Returns: RAMBlock (or NULL if not found)
1992 */
1993 RAMBlock *qemu_ram_block_by_name(const char *name)
1994 {
1995 RAMBlock *block;
1996
1997 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1998 if (!strcmp(name, block->idstr)) {
1999 return block;
2000 }
2001 }
2002
2003 return NULL;
2004 }
2005
2006 /* Some of the softmmu routines need to translate from a host pointer
2007 (typically a TLB entry) back to a ram offset. */
2008 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
2009 {
2010 RAMBlock *block;
2011 ram_addr_t offset; /* Not used */
2012
2013 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
2014
2015 if (!block) {
2016 return NULL;
2017 }
2018
2019 return block->mr;
2020 }
2021
2022 /* Called within RCU critical section. */
2023 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
2024 uint64_t val, unsigned size)
2025 {
2026 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
2027 tb_invalidate_phys_page_fast(ram_addr, size);
2028 }
2029 switch (size) {
2030 case 1:
2031 stb_p(qemu_get_ram_ptr(NULL, ram_addr), val);
2032 break;
2033 case 2:
2034 stw_p(qemu_get_ram_ptr(NULL, ram_addr), val);
2035 break;
2036 case 4:
2037 stl_p(qemu_get_ram_ptr(NULL, ram_addr), val);
2038 break;
2039 default:
2040 abort();
2041 }
2042 /* Set both VGA and migration bits for simplicity and to remove
2043 * the notdirty callback faster.
2044 */
2045 cpu_physical_memory_set_dirty_range(ram_addr, size,
2046 DIRTY_CLIENTS_NOCODE);
2047 /* we remove the notdirty callback only if the code has been
2048 flushed */
2049 if (!cpu_physical_memory_is_clean(ram_addr)) {
2050 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
2051 }
2052 }
2053
2054 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2055 unsigned size, bool is_write)
2056 {
2057 return is_write;
2058 }
2059
2060 static const MemoryRegionOps notdirty_mem_ops = {
2061 .write = notdirty_mem_write,
2062 .valid.accepts = notdirty_mem_accepts,
2063 .endianness = DEVICE_NATIVE_ENDIAN,
2064 };
2065
2066 /* Generate a debug exception if a watchpoint has been hit. */
2067 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
2068 {
2069 CPUState *cpu = current_cpu;
2070 CPUClass *cc = CPU_GET_CLASS(cpu);
2071 CPUArchState *env = cpu->env_ptr;
2072 target_ulong pc, cs_base;
2073 target_ulong vaddr;
2074 CPUWatchpoint *wp;
2075 int cpu_flags;
2076
2077 if (cpu->watchpoint_hit) {
2078 /* We re-entered the check after replacing the TB. Now raise
2079 * the debug interrupt so that is will trigger after the
2080 * current instruction. */
2081 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2082 return;
2083 }
2084 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2085 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2086 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2087 && (wp->flags & flags)) {
2088 if (flags == BP_MEM_READ) {
2089 wp->flags |= BP_WATCHPOINT_HIT_READ;
2090 } else {
2091 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2092 }
2093 wp->hitaddr = vaddr;
2094 wp->hitattrs = attrs;
2095 if (!cpu->watchpoint_hit) {
2096 if (wp->flags & BP_CPU &&
2097 !cc->debug_check_watchpoint(cpu, wp)) {
2098 wp->flags &= ~BP_WATCHPOINT_HIT;
2099 continue;
2100 }
2101 cpu->watchpoint_hit = wp;
2102 tb_check_watchpoint(cpu);
2103 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2104 cpu->exception_index = EXCP_DEBUG;
2105 cpu_loop_exit(cpu);
2106 } else {
2107 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2108 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2109 cpu_resume_from_signal(cpu, NULL);
2110 }
2111 }
2112 } else {
2113 wp->flags &= ~BP_WATCHPOINT_HIT;
2114 }
2115 }
2116 }
2117
2118 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2119 so these check for a hit then pass through to the normal out-of-line
2120 phys routines. */
2121 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2122 unsigned size, MemTxAttrs attrs)
2123 {
2124 MemTxResult res;
2125 uint64_t data;
2126 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2127 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2128
2129 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2130 switch (size) {
2131 case 1:
2132 data = address_space_ldub(as, addr, attrs, &res);
2133 break;
2134 case 2:
2135 data = address_space_lduw(as, addr, attrs, &res);
2136 break;
2137 case 4:
2138 data = address_space_ldl(as, addr, attrs, &res);
2139 break;
2140 default: abort();
2141 }
2142 *pdata = data;
2143 return res;
2144 }
2145
2146 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2147 uint64_t val, unsigned size,
2148 MemTxAttrs attrs)
2149 {
2150 MemTxResult res;
2151 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2152 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2153
2154 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2155 switch (size) {
2156 case 1:
2157 address_space_stb(as, addr, val, attrs, &res);
2158 break;
2159 case 2:
2160 address_space_stw(as, addr, val, attrs, &res);
2161 break;
2162 case 4:
2163 address_space_stl(as, addr, val, attrs, &res);
2164 break;
2165 default: abort();
2166 }
2167 return res;
2168 }
2169
2170 static const MemoryRegionOps watch_mem_ops = {
2171 .read_with_attrs = watch_mem_read,
2172 .write_with_attrs = watch_mem_write,
2173 .endianness = DEVICE_NATIVE_ENDIAN,
2174 };
2175
2176 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2177 unsigned len, MemTxAttrs attrs)
2178 {
2179 subpage_t *subpage = opaque;
2180 uint8_t buf[8];
2181 MemTxResult res;
2182
2183 #if defined(DEBUG_SUBPAGE)
2184 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2185 subpage, len, addr);
2186 #endif
2187 res = address_space_read(subpage->as, addr + subpage->base,
2188 attrs, buf, len);
2189 if (res) {
2190 return res;
2191 }
2192 switch (len) {
2193 case 1:
2194 *data = ldub_p(buf);
2195 return MEMTX_OK;
2196 case 2:
2197 *data = lduw_p(buf);
2198 return MEMTX_OK;
2199 case 4:
2200 *data = ldl_p(buf);
2201 return MEMTX_OK;
2202 case 8:
2203 *data = ldq_p(buf);
2204 return MEMTX_OK;
2205 default:
2206 abort();
2207 }
2208 }
2209
2210 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2211 uint64_t value, unsigned len, MemTxAttrs attrs)
2212 {
2213 subpage_t *subpage = opaque;
2214 uint8_t buf[8];
2215
2216 #if defined(DEBUG_SUBPAGE)
2217 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2218 " value %"PRIx64"\n",
2219 __func__, subpage, len, addr, value);
2220 #endif
2221 switch (len) {
2222 case 1:
2223 stb_p(buf, value);
2224 break;
2225 case 2:
2226 stw_p(buf, value);
2227 break;
2228 case 4:
2229 stl_p(buf, value);
2230 break;
2231 case 8:
2232 stq_p(buf, value);
2233 break;
2234 default:
2235 abort();
2236 }
2237 return address_space_write(subpage->as, addr + subpage->base,
2238 attrs, buf, len);
2239 }
2240
2241 static bool subpage_accepts(void *opaque, hwaddr addr,
2242 unsigned len, bool is_write)
2243 {
2244 subpage_t *subpage = opaque;
2245 #if defined(DEBUG_SUBPAGE)
2246 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2247 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2248 #endif
2249
2250 return address_space_access_valid(subpage->as, addr + subpage->base,
2251 len, is_write);
2252 }
2253
2254 static const MemoryRegionOps subpage_ops = {
2255 .read_with_attrs = subpage_read,
2256 .write_with_attrs = subpage_write,
2257 .impl.min_access_size = 1,
2258 .impl.max_access_size = 8,
2259 .valid.min_access_size = 1,
2260 .valid.max_access_size = 8,
2261 .valid.accepts = subpage_accepts,
2262 .endianness = DEVICE_NATIVE_ENDIAN,
2263 };
2264
2265 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2266 uint16_t section)
2267 {
2268 int idx, eidx;
2269
2270 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2271 return -1;
2272 idx = SUBPAGE_IDX(start);
2273 eidx = SUBPAGE_IDX(end);
2274 #if defined(DEBUG_SUBPAGE)
2275 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2276 __func__, mmio, start, end, idx, eidx, section);
2277 #endif
2278 for (; idx <= eidx; idx++) {
2279 mmio->sub_section[idx] = section;
2280 }
2281
2282 return 0;
2283 }
2284
2285 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2286 {
2287 subpage_t *mmio;
2288
2289 mmio = g_malloc0(sizeof(subpage_t));
2290
2291 mmio->as = as;
2292 mmio->base = base;
2293 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2294 NULL, TARGET_PAGE_SIZE);
2295 mmio->iomem.subpage = true;
2296 #if defined(DEBUG_SUBPAGE)
2297 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2298 mmio, base, TARGET_PAGE_SIZE);
2299 #endif
2300 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2301
2302 return mmio;
2303 }
2304
2305 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2306 MemoryRegion *mr)
2307 {
2308 assert(as);
2309 MemoryRegionSection section = {
2310 .address_space = as,
2311 .mr = mr,
2312 .offset_within_address_space = 0,
2313 .offset_within_region = 0,
2314 .size = int128_2_64(),
2315 };
2316
2317 return phys_section_add(map, &section);
2318 }
2319
2320 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
2321 {
2322 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2323 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
2324 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2325 MemoryRegionSection *sections = d->map.sections;
2326
2327 return sections[index & ~TARGET_PAGE_MASK].mr;
2328 }
2329
2330 static void io_mem_init(void)
2331 {
2332 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2333 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2334 NULL, UINT64_MAX);
2335 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2336 NULL, UINT64_MAX);
2337 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2338 NULL, UINT64_MAX);
2339 }
2340
2341 static void mem_begin(MemoryListener *listener)
2342 {
2343 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2344 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2345 uint16_t n;
2346
2347 n = dummy_section(&d->map, as, &io_mem_unassigned);
2348 assert(n == PHYS_SECTION_UNASSIGNED);
2349 n = dummy_section(&d->map, as, &io_mem_notdirty);
2350 assert(n == PHYS_SECTION_NOTDIRTY);
2351 n = dummy_section(&d->map, as, &io_mem_rom);
2352 assert(n == PHYS_SECTION_ROM);
2353 n = dummy_section(&d->map, as, &io_mem_watch);
2354 assert(n == PHYS_SECTION_WATCH);
2355
2356 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2357 d->as = as;
2358 as->next_dispatch = d;
2359 }
2360
2361 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2362 {
2363 phys_sections_free(&d->map);
2364 g_free(d);
2365 }
2366
2367 static void mem_commit(MemoryListener *listener)
2368 {
2369 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2370 AddressSpaceDispatch *cur = as->dispatch;
2371 AddressSpaceDispatch *next = as->next_dispatch;
2372
2373 phys_page_compact_all(next, next->map.nodes_nb);
2374
2375 atomic_rcu_set(&as->dispatch, next);
2376 if (cur) {
2377 call_rcu(cur, address_space_dispatch_free, rcu);
2378 }
2379 }
2380
2381 static void tcg_commit(MemoryListener *listener)
2382 {
2383 CPUAddressSpace *cpuas;
2384 AddressSpaceDispatch *d;
2385
2386 /* since each CPU stores ram addresses in its TLB cache, we must
2387 reset the modified entries */
2388 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2389 cpu_reloading_memory_map();
2390 /* The CPU and TLB are protected by the iothread lock.
2391 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2392 * may have split the RCU critical section.
2393 */
2394 d = atomic_rcu_read(&cpuas->as->dispatch);
2395 cpuas->memory_dispatch = d;
2396 tlb_flush(cpuas->cpu, 1);
2397 }
2398
2399 void address_space_init_dispatch(AddressSpace *as)
2400 {
2401 as->dispatch = NULL;
2402 as->dispatch_listener = (MemoryListener) {
2403 .begin = mem_begin,
2404 .commit = mem_commit,
2405 .region_add = mem_add,
2406 .region_nop = mem_add,
2407 .priority = 0,
2408 };
2409 memory_listener_register(&as->dispatch_listener, as);
2410 }
2411
2412 void address_space_unregister(AddressSpace *as)
2413 {
2414 memory_listener_unregister(&as->dispatch_listener);
2415 }
2416
2417 void address_space_destroy_dispatch(AddressSpace *as)
2418 {
2419 AddressSpaceDispatch *d = as->dispatch;
2420
2421 atomic_rcu_set(&as->dispatch, NULL);
2422 if (d) {
2423 call_rcu(d, address_space_dispatch_free, rcu);
2424 }
2425 }
2426
2427 static void memory_map_init(void)
2428 {
2429 system_memory = g_malloc(sizeof(*system_memory));
2430
2431 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2432 address_space_init(&address_space_memory, system_memory, "memory");
2433
2434 system_io = g_malloc(sizeof(*system_io));
2435 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2436 65536);
2437 address_space_init(&address_space_io, system_io, "I/O");
2438 }
2439
2440 MemoryRegion *get_system_memory(void)
2441 {
2442 return system_memory;
2443 }
2444
2445 MemoryRegion *get_system_io(void)
2446 {
2447 return system_io;
2448 }
2449
2450 #endif /* !defined(CONFIG_USER_ONLY) */
2451
2452 /* physical memory access (slow version, mainly for debug) */
2453 #if defined(CONFIG_USER_ONLY)
2454 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2455 uint8_t *buf, int len, int is_write)
2456 {
2457 int l, flags;
2458 target_ulong page;
2459 void * p;
2460
2461 while (len > 0) {
2462 page = addr & TARGET_PAGE_MASK;
2463 l = (page + TARGET_PAGE_SIZE) - addr;
2464 if (l > len)
2465 l = len;
2466 flags = page_get_flags(page);
2467 if (!(flags & PAGE_VALID))
2468 return -1;
2469 if (is_write) {
2470 if (!(flags & PAGE_WRITE))
2471 return -1;
2472 /* XXX: this code should not depend on lock_user */
2473 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2474 return -1;
2475 memcpy(p, buf, l);
2476 unlock_user(p, addr, l);
2477 } else {
2478 if (!(flags & PAGE_READ))
2479 return -1;
2480 /* XXX: this code should not depend on lock_user */
2481 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2482 return -1;
2483 memcpy(buf, p, l);
2484 unlock_user(p, addr, 0);
2485 }
2486 len -= l;
2487 buf += l;
2488 addr += l;
2489 }
2490 return 0;
2491 }
2492
2493 #else
2494
2495 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2496 hwaddr length)
2497 {
2498 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2499 /* No early return if dirty_log_mask is or becomes 0, because
2500 * cpu_physical_memory_set_dirty_range will still call
2501 * xen_modified_memory.
2502 */
2503 if (dirty_log_mask) {
2504 dirty_log_mask =
2505 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2506 }
2507 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2508 tb_invalidate_phys_range(addr, addr + length);
2509 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2510 }
2511 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2512 }
2513
2514 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2515 {
2516 unsigned access_size_max = mr->ops->valid.max_access_size;
2517
2518 /* Regions are assumed to support 1-4 byte accesses unless
2519 otherwise specified. */
2520 if (access_size_max == 0) {
2521 access_size_max = 4;
2522 }
2523
2524 /* Bound the maximum access by the alignment of the address. */
2525 if (!mr->ops->impl.unaligned) {
2526 unsigned align_size_max = addr & -addr;
2527 if (align_size_max != 0 && align_size_max < access_size_max) {
2528 access_size_max = align_size_max;
2529 }
2530 }
2531
2532 /* Don't attempt accesses larger than the maximum. */
2533 if (l > access_size_max) {
2534 l = access_size_max;
2535 }
2536 l = pow2floor(l);
2537
2538 return l;
2539 }
2540
2541 static bool prepare_mmio_access(MemoryRegion *mr)
2542 {
2543 bool unlocked = !qemu_mutex_iothread_locked();
2544 bool release_lock = false;
2545
2546 if (unlocked && mr->global_locking) {
2547 qemu_mutex_lock_iothread();
2548 unlocked = false;
2549 release_lock = true;
2550 }
2551 if (mr->flush_coalesced_mmio) {
2552 if (unlocked) {
2553 qemu_mutex_lock_iothread();
2554 }
2555 qemu_flush_coalesced_mmio_buffer();
2556 if (unlocked) {
2557 qemu_mutex_unlock_iothread();
2558 }
2559 }
2560
2561 return release_lock;
2562 }
2563
2564 /* Called within RCU critical section. */
2565 static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2566 MemTxAttrs attrs,
2567 const uint8_t *buf,
2568 int len, hwaddr addr1,
2569 hwaddr l, MemoryRegion *mr)
2570 {
2571 uint8_t *ptr;
2572 uint64_t val;
2573 MemTxResult result = MEMTX_OK;
2574 bool release_lock = false;
2575
2576 for (;;) {
2577 if (!memory_access_is_direct(mr, true)) {
2578 release_lock |= prepare_mmio_access(mr);
2579 l = memory_access_size(mr, l, addr1);
2580 /* XXX: could force current_cpu to NULL to avoid
2581 potential bugs */
2582 switch (l) {
2583 case 8:
2584 /* 64 bit write access */
2585 val = ldq_p(buf);
2586 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2587 attrs);
2588 break;
2589 case 4:
2590 /* 32 bit write access */
2591 val = ldl_p(buf);
2592 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2593 attrs);
2594 break;
2595 case 2:
2596 /* 16 bit write access */
2597 val = lduw_p(buf);
2598 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2599 attrs);
2600 break;
2601 case 1:
2602 /* 8 bit write access */
2603 val = ldub_p(buf);
2604 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2605 attrs);
2606 break;
2607 default:
2608 abort();
2609 }
2610 } else {
2611 addr1 += memory_region_get_ram_addr(mr);
2612 /* RAM case */
2613 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
2614 memcpy(ptr, buf, l);
2615 invalidate_and_set_dirty(mr, addr1, l);
2616 }
2617
2618 if (release_lock) {
2619 qemu_mutex_unlock_iothread();
2620 release_lock = false;
2621 }
2622
2623 len -= l;
2624 buf += l;
2625 addr += l;
2626
2627 if (!len) {
2628 break;
2629 }
2630
2631 l = len;
2632 mr = address_space_translate(as, addr, &addr1, &l, true);
2633 }
2634
2635 return result;
2636 }
2637
2638 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2639 const uint8_t *buf, int len)
2640 {
2641 hwaddr l;
2642 hwaddr addr1;
2643 MemoryRegion *mr;
2644 MemTxResult result = MEMTX_OK;
2645
2646 if (len > 0) {
2647 rcu_read_lock();
2648 l = len;
2649 mr = address_space_translate(as, addr, &addr1, &l, true);
2650 result = address_space_write_continue(as, addr, attrs, buf, len,
2651 addr1, l, mr);
2652 rcu_read_unlock();
2653 }
2654
2655 return result;
2656 }
2657
2658 /* Called within RCU critical section. */
2659 MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2660 MemTxAttrs attrs, uint8_t *buf,
2661 int len, hwaddr addr1, hwaddr l,
2662 MemoryRegion *mr)
2663 {
2664 uint8_t *ptr;
2665 uint64_t val;
2666 MemTxResult result = MEMTX_OK;
2667 bool release_lock = false;
2668
2669 for (;;) {
2670 if (!memory_access_is_direct(mr, false)) {
2671 /* I/O case */
2672 release_lock |= prepare_mmio_access(mr);
2673 l = memory_access_size(mr, l, addr1);
2674 switch (l) {
2675 case 8:
2676 /* 64 bit read access */
2677 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2678 attrs);
2679 stq_p(buf, val);
2680 break;
2681 case 4:
2682 /* 32 bit read access */
2683 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2684 attrs);
2685 stl_p(buf, val);
2686 break;
2687 case 2:
2688 /* 16 bit read access */
2689 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2690 attrs);
2691 stw_p(buf, val);
2692 break;
2693 case 1:
2694 /* 8 bit read access */
2695 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2696 attrs);
2697 stb_p(buf, val);
2698 break;
2699 default:
2700 abort();
2701 }
2702 } else {
2703 /* RAM case */
2704 ptr = qemu_get_ram_ptr(mr->ram_block,
2705 memory_region_get_ram_addr(mr) + addr1);
2706 memcpy(buf, ptr, l);
2707 }
2708
2709 if (release_lock) {
2710 qemu_mutex_unlock_iothread();
2711 release_lock = false;
2712 }
2713
2714 len -= l;
2715 buf += l;
2716 addr += l;
2717
2718 if (!len) {
2719 break;
2720 }
2721
2722 l = len;
2723 mr = address_space_translate(as, addr, &addr1, &l, false);
2724 }
2725
2726 return result;
2727 }
2728
2729 MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2730 MemTxAttrs attrs, uint8_t *buf, int len)
2731 {
2732 hwaddr l;
2733 hwaddr addr1;
2734 MemoryRegion *mr;
2735 MemTxResult result = MEMTX_OK;
2736
2737 if (len > 0) {
2738 rcu_read_lock();
2739 l = len;
2740 mr = address_space_translate(as, addr, &addr1, &l, false);
2741 result = address_space_read_continue(as, addr, attrs, buf, len,
2742 addr1, l, mr);
2743 rcu_read_unlock();
2744 }
2745
2746 return result;
2747 }
2748
2749 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2750 uint8_t *buf, int len, bool is_write)
2751 {
2752 if (is_write) {
2753 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2754 } else {
2755 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2756 }
2757 }
2758
2759 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2760 int len, int is_write)
2761 {
2762 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2763 buf, len, is_write);
2764 }
2765
2766 enum write_rom_type {
2767 WRITE_DATA,
2768 FLUSH_CACHE,
2769 };
2770
2771 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2772 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2773 {
2774 hwaddr l;
2775 uint8_t *ptr;
2776 hwaddr addr1;
2777 MemoryRegion *mr;
2778
2779 rcu_read_lock();
2780 while (len > 0) {
2781 l = len;
2782 mr = address_space_translate(as, addr, &addr1, &l, true);
2783
2784 if (!(memory_region_is_ram(mr) ||
2785 memory_region_is_romd(mr))) {
2786 l = memory_access_size(mr, l, addr1);
2787 } else {
2788 addr1 += memory_region_get_ram_addr(mr);
2789 /* ROM/RAM case */
2790 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
2791 switch (type) {
2792 case WRITE_DATA:
2793 memcpy(ptr, buf, l);
2794 invalidate_and_set_dirty(mr, addr1, l);
2795 break;
2796 case FLUSH_CACHE:
2797 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2798 break;
2799 }
2800 }
2801 len -= l;
2802 buf += l;
2803 addr += l;
2804 }
2805 rcu_read_unlock();
2806 }
2807
2808 /* used for ROM loading : can write in RAM and ROM */
2809 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2810 const uint8_t *buf, int len)
2811 {
2812 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2813 }
2814
2815 void cpu_flush_icache_range(hwaddr start, int len)
2816 {
2817 /*
2818 * This function should do the same thing as an icache flush that was
2819 * triggered from within the guest. For TCG we are always cache coherent,
2820 * so there is no need to flush anything. For KVM / Xen we need to flush
2821 * the host's instruction cache at least.
2822 */
2823 if (tcg_enabled()) {
2824 return;
2825 }
2826
2827 cpu_physical_memory_write_rom_internal(&address_space_memory,
2828 start, NULL, len, FLUSH_CACHE);
2829 }
2830
2831 typedef struct {
2832 MemoryRegion *mr;
2833 void *buffer;
2834 hwaddr addr;
2835 hwaddr len;
2836 bool in_use;
2837 } BounceBuffer;
2838
2839 static BounceBuffer bounce;
2840
2841 typedef struct MapClient {
2842 QEMUBH *bh;
2843 QLIST_ENTRY(MapClient) link;
2844 } MapClient;
2845
2846 QemuMutex map_client_list_lock;
2847 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2848 = QLIST_HEAD_INITIALIZER(map_client_list);
2849
2850 static void cpu_unregister_map_client_do(MapClient *client)
2851 {
2852 QLIST_REMOVE(client, link);
2853 g_free(client);
2854 }
2855
2856 static void cpu_notify_map_clients_locked(void)
2857 {
2858 MapClient *client;
2859
2860 while (!QLIST_EMPTY(&map_client_list)) {
2861 client = QLIST_FIRST(&map_client_list);
2862 qemu_bh_schedule(client->bh);
2863 cpu_unregister_map_client_do(client);
2864 }
2865 }
2866
2867 void cpu_register_map_client(QEMUBH *bh)
2868 {
2869 MapClient *client = g_malloc(sizeof(*client));
2870
2871 qemu_mutex_lock(&map_client_list_lock);
2872 client->bh = bh;
2873 QLIST_INSERT_HEAD(&map_client_list, client, link);
2874 if (!atomic_read(&bounce.in_use)) {
2875 cpu_notify_map_clients_locked();
2876 }
2877 qemu_mutex_unlock(&map_client_list_lock);
2878 }
2879
2880 void cpu_exec_init_all(void)
2881 {
2882 qemu_mutex_init(&ram_list.mutex);
2883 io_mem_init();
2884 memory_map_init();
2885 qemu_mutex_init(&map_client_list_lock);
2886 }
2887
2888 void cpu_unregister_map_client(QEMUBH *bh)
2889 {
2890 MapClient *client;
2891
2892 qemu_mutex_lock(&map_client_list_lock);
2893 QLIST_FOREACH(client, &map_client_list, link) {
2894 if (client->bh == bh) {
2895 cpu_unregister_map_client_do(client);
2896 break;
2897 }
2898 }
2899 qemu_mutex_unlock(&map_client_list_lock);
2900 }
2901
2902 static void cpu_notify_map_clients(void)
2903 {
2904 qemu_mutex_lock(&map_client_list_lock);
2905 cpu_notify_map_clients_locked();
2906 qemu_mutex_unlock(&map_client_list_lock);
2907 }
2908
2909 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2910 {
2911 MemoryRegion *mr;
2912 hwaddr l, xlat;
2913
2914 rcu_read_lock();
2915 while (len > 0) {
2916 l = len;
2917 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2918 if (!memory_access_is_direct(mr, is_write)) {
2919 l = memory_access_size(mr, l, addr);
2920 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2921 return false;
2922 }
2923 }
2924
2925 len -= l;
2926 addr += l;
2927 }
2928 rcu_read_unlock();
2929 return true;
2930 }
2931
2932 /* Map a physical memory region into a host virtual address.
2933 * May map a subset of the requested range, given by and returned in *plen.
2934 * May return NULL if resources needed to perform the mapping are exhausted.
2935 * Use only for reads OR writes - not for read-modify-write operations.
2936 * Use cpu_register_map_client() to know when retrying the map operation is
2937 * likely to succeed.
2938 */
2939 void *address_space_map(AddressSpace *as,
2940 hwaddr addr,
2941 hwaddr *plen,
2942 bool is_write)
2943 {
2944 hwaddr len = *plen;
2945 hwaddr done = 0;
2946 hwaddr l, xlat, base;
2947 MemoryRegion *mr, *this_mr;
2948 ram_addr_t raddr;
2949 void *ptr;
2950
2951 if (len == 0) {
2952 return NULL;
2953 }
2954
2955 l = len;
2956 rcu_read_lock();
2957 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2958
2959 if (!memory_access_is_direct(mr, is_write)) {
2960 if (atomic_xchg(&bounce.in_use, true)) {
2961 rcu_read_unlock();
2962 return NULL;
2963 }
2964 /* Avoid unbounded allocations */
2965 l = MIN(l, TARGET_PAGE_SIZE);
2966 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2967 bounce.addr = addr;
2968 bounce.len = l;
2969
2970 memory_region_ref(mr);
2971 bounce.mr = mr;
2972 if (!is_write) {
2973 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2974 bounce.buffer, l);
2975 }
2976
2977 rcu_read_unlock();
2978 *plen = l;
2979 return bounce.buffer;
2980 }
2981
2982 base = xlat;
2983 raddr = memory_region_get_ram_addr(mr);
2984
2985 for (;;) {
2986 len -= l;
2987 addr += l;
2988 done += l;
2989 if (len == 0) {
2990 break;
2991 }
2992
2993 l = len;
2994 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2995 if (this_mr != mr || xlat != base + done) {
2996 break;
2997 }
2998 }
2999
3000 memory_region_ref(mr);
3001 *plen = done;
3002 ptr = qemu_ram_ptr_length(mr->ram_block, raddr + base, plen);
3003 rcu_read_unlock();
3004
3005 return ptr;
3006 }
3007
3008 /* Unmaps a memory region previously mapped by address_space_map().
3009 * Will also mark the memory as dirty if is_write == 1. access_len gives
3010 * the amount of memory that was actually read or written by the caller.
3011 */
3012 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3013 int is_write, hwaddr access_len)
3014 {
3015 if (buffer != bounce.buffer) {
3016 MemoryRegion *mr;
3017 ram_addr_t addr1;
3018
3019 mr = qemu_ram_addr_from_host(buffer, &addr1);
3020 assert(mr != NULL);
3021 if (is_write) {
3022 invalidate_and_set_dirty(mr, addr1, access_len);
3023 }
3024 if (xen_enabled()) {
3025 xen_invalidate_map_cache_entry(buffer);
3026 }
3027 memory_region_unref(mr);
3028 return;
3029 }
3030 if (is_write) {
3031 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3032 bounce.buffer, access_len);
3033 }
3034 qemu_vfree(bounce.buffer);
3035 bounce.buffer = NULL;
3036 memory_region_unref(bounce.mr);
3037 atomic_mb_set(&bounce.in_use, false);
3038 cpu_notify_map_clients();
3039 }
3040
3041 void *cpu_physical_memory_map(hwaddr addr,
3042 hwaddr *plen,
3043 int is_write)
3044 {
3045 return address_space_map(&address_space_memory, addr, plen, is_write);
3046 }
3047
3048 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3049 int is_write, hwaddr access_len)
3050 {
3051 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3052 }
3053
3054 /* warning: addr must be aligned */
3055 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3056 MemTxAttrs attrs,
3057 MemTxResult *result,
3058 enum device_endian endian)
3059 {
3060 uint8_t *ptr;
3061 uint64_t val;
3062 MemoryRegion *mr;
3063 hwaddr l = 4;
3064 hwaddr addr1;
3065 MemTxResult r;
3066 bool release_lock = false;
3067
3068 rcu_read_lock();
3069 mr = address_space_translate(as, addr, &addr1, &l, false);
3070 if (l < 4 || !memory_access_is_direct(mr, false)) {
3071 release_lock |= prepare_mmio_access(mr);
3072
3073 /* I/O case */
3074 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
3075 #if defined(TARGET_WORDS_BIGENDIAN)
3076 if (endian == DEVICE_LITTLE_ENDIAN) {
3077 val = bswap32(val);
3078 }
3079 #else
3080 if (endian == DEVICE_BIG_ENDIAN) {
3081 val = bswap32(val);
3082 }
3083 #endif
3084 } else {
3085 /* RAM case */
3086 ptr = qemu_get_ram_ptr(mr->ram_block,
3087 (memory_region_get_ram_addr(mr)
3088 & TARGET_PAGE_MASK)
3089 + addr1);
3090 switch (endian) {
3091 case DEVICE_LITTLE_ENDIAN:
3092 val = ldl_le_p(ptr);
3093 break;
3094 case DEVICE_BIG_ENDIAN:
3095 val = ldl_be_p(ptr);
3096 break;
3097 default:
3098 val = ldl_p(ptr);
3099 break;
3100 }
3101 r = MEMTX_OK;
3102 }
3103 if (result) {
3104 *result = r;
3105 }
3106 if (release_lock) {
3107 qemu_mutex_unlock_iothread();
3108 }
3109 rcu_read_unlock();
3110 return val;
3111 }
3112
3113 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3114 MemTxAttrs attrs, MemTxResult *result)
3115 {
3116 return address_space_ldl_internal(as, addr, attrs, result,
3117 DEVICE_NATIVE_ENDIAN);
3118 }
3119
3120 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3121 MemTxAttrs attrs, MemTxResult *result)
3122 {
3123 return address_space_ldl_internal(as, addr, attrs, result,
3124 DEVICE_LITTLE_ENDIAN);
3125 }
3126
3127 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3128 MemTxAttrs attrs, MemTxResult *result)
3129 {
3130 return address_space_ldl_internal(as, addr, attrs, result,
3131 DEVICE_BIG_ENDIAN);
3132 }
3133
3134 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
3135 {
3136 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3137 }
3138
3139 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
3140 {
3141 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3142 }
3143
3144 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
3145 {
3146 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3147 }
3148
3149 /* warning: addr must be aligned */
3150 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3151 MemTxAttrs attrs,
3152 MemTxResult *result,
3153 enum device_endian endian)
3154 {
3155 uint8_t *ptr;
3156 uint64_t val;
3157 MemoryRegion *mr;
3158 hwaddr l = 8;
3159 hwaddr addr1;
3160 MemTxResult r;
3161 bool release_lock = false;
3162
3163 rcu_read_lock();
3164 mr = address_space_translate(as, addr, &addr1, &l,
3165 false);
3166 if (l < 8 || !memory_access_is_direct(mr, false)) {
3167 release_lock |= prepare_mmio_access(mr);
3168
3169 /* I/O case */
3170 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3171 #if defined(TARGET_WORDS_BIGENDIAN)
3172 if (endian == DEVICE_LITTLE_ENDIAN) {
3173 val = bswap64(val);
3174 }
3175 #else
3176 if (endian == DEVICE_BIG_ENDIAN) {
3177 val = bswap64(val);
3178 }
3179 #endif
3180 } else {
3181 /* RAM case */
3182 ptr = qemu_get_ram_ptr(mr->ram_block,
3183 (memory_region_get_ram_addr(mr)
3184 & TARGET_PAGE_MASK)
3185 + addr1);
3186 switch (endian) {
3187 case DEVICE_LITTLE_ENDIAN:
3188 val = ldq_le_p(ptr);
3189 break;
3190 case DEVICE_BIG_ENDIAN:
3191 val = ldq_be_p(ptr);
3192 break;
3193 default:
3194 val = ldq_p(ptr);
3195 break;
3196 }
3197 r = MEMTX_OK;
3198 }
3199 if (result) {
3200 *result = r;
3201 }
3202 if (release_lock) {
3203 qemu_mutex_unlock_iothread();
3204 }
3205 rcu_read_unlock();
3206 return val;
3207 }
3208
3209 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3210 MemTxAttrs attrs, MemTxResult *result)
3211 {
3212 return address_space_ldq_internal(as, addr, attrs, result,
3213 DEVICE_NATIVE_ENDIAN);
3214 }
3215
3216 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3217 MemTxAttrs attrs, MemTxResult *result)
3218 {
3219 return address_space_ldq_internal(as, addr, attrs, result,
3220 DEVICE_LITTLE_ENDIAN);
3221 }
3222
3223 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3224 MemTxAttrs attrs, MemTxResult *result)
3225 {
3226 return address_space_ldq_internal(as, addr, attrs, result,
3227 DEVICE_BIG_ENDIAN);
3228 }
3229
3230 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3231 {
3232 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3233 }
3234
3235 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3236 {
3237 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3238 }
3239
3240 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3241 {
3242 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3243 }
3244
3245 /* XXX: optimize */
3246 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3247 MemTxAttrs attrs, MemTxResult *result)
3248 {
3249 uint8_t val;
3250 MemTxResult r;
3251
3252 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3253 if (result) {
3254 *result = r;
3255 }
3256 return val;
3257 }
3258
3259 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3260 {
3261 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3262 }
3263
3264 /* warning: addr must be aligned */
3265 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3266 hwaddr addr,
3267 MemTxAttrs attrs,
3268 MemTxResult *result,
3269 enum device_endian endian)
3270 {
3271 uint8_t *ptr;
3272 uint64_t val;
3273 MemoryRegion *mr;
3274 hwaddr l = 2;
3275 hwaddr addr1;
3276 MemTxResult r;
3277 bool release_lock = false;
3278
3279 rcu_read_lock();
3280 mr = address_space_translate(as, addr, &addr1, &l,
3281 false);
3282 if (l < 2 || !memory_access_is_direct(mr, false)) {
3283 release_lock |= prepare_mmio_access(mr);
3284
3285 /* I/O case */
3286 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3287 #if defined(TARGET_WORDS_BIGENDIAN)
3288 if (endian == DEVICE_LITTLE_ENDIAN) {
3289 val = bswap16(val);
3290 }
3291 #else
3292 if (endian == DEVICE_BIG_ENDIAN) {
3293 val = bswap16(val);
3294 }
3295 #endif
3296 } else {
3297 /* RAM case */
3298 ptr = qemu_get_ram_ptr(mr->ram_block,
3299 (memory_region_get_ram_addr(mr)
3300 & TARGET_PAGE_MASK)
3301 + addr1);
3302 switch (endian) {
3303 case DEVICE_LITTLE_ENDIAN:
3304 val = lduw_le_p(ptr);
3305 break;
3306 case DEVICE_BIG_ENDIAN:
3307 val = lduw_be_p(ptr);
3308 break;
3309 default:
3310 val = lduw_p(ptr);
3311 break;
3312 }
3313 r = MEMTX_OK;
3314 }
3315 if (result) {
3316 *result = r;
3317 }
3318 if (release_lock) {
3319 qemu_mutex_unlock_iothread();
3320 }
3321 rcu_read_unlock();
3322 return val;
3323 }
3324
3325 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3326 MemTxAttrs attrs, MemTxResult *result)
3327 {
3328 return address_space_lduw_internal(as, addr, attrs, result,
3329 DEVICE_NATIVE_ENDIAN);
3330 }
3331
3332 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3333 MemTxAttrs attrs, MemTxResult *result)
3334 {
3335 return address_space_lduw_internal(as, addr, attrs, result,
3336 DEVICE_LITTLE_ENDIAN);
3337 }
3338
3339 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3340 MemTxAttrs attrs, MemTxResult *result)
3341 {
3342 return address_space_lduw_internal(as, addr, attrs, result,
3343 DEVICE_BIG_ENDIAN);
3344 }
3345
3346 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3347 {
3348 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3349 }
3350
3351 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3352 {
3353 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3354 }
3355
3356 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3357 {
3358 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3359 }
3360
3361 /* warning: addr must be aligned. The ram page is not masked as dirty
3362 and the code inside is not invalidated. It is useful if the dirty
3363 bits are used to track modified PTEs */
3364 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3365 MemTxAttrs attrs, MemTxResult *result)
3366 {
3367 uint8_t *ptr;
3368 MemoryRegion *mr;
3369 hwaddr l = 4;
3370 hwaddr addr1;
3371 MemTxResult r;
3372 uint8_t dirty_log_mask;
3373 bool release_lock = false;
3374
3375 rcu_read_lock();
3376 mr = address_space_translate(as, addr, &addr1, &l,
3377 true);
3378 if (l < 4 || !memory_access_is_direct(mr, true)) {
3379 release_lock |= prepare_mmio_access(mr);
3380
3381 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3382 } else {
3383 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3384 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
3385 stl_p(ptr, val);
3386
3387 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3388 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3389 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3390 r = MEMTX_OK;
3391 }
3392 if (result) {
3393 *result = r;
3394 }
3395 if (release_lock) {
3396 qemu_mutex_unlock_iothread();
3397 }
3398 rcu_read_unlock();
3399 }
3400
3401 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3402 {
3403 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3404 }
3405
3406 /* warning: addr must be aligned */
3407 static inline void address_space_stl_internal(AddressSpace *as,
3408 hwaddr addr, uint32_t val,
3409 MemTxAttrs attrs,
3410 MemTxResult *result,
3411 enum device_endian endian)
3412 {
3413 uint8_t *ptr;
3414 MemoryRegion *mr;
3415 hwaddr l = 4;
3416 hwaddr addr1;
3417 MemTxResult r;
3418 bool release_lock = false;
3419
3420 rcu_read_lock();
3421 mr = address_space_translate(as, addr, &addr1, &l,
3422 true);
3423 if (l < 4 || !memory_access_is_direct(mr, true)) {
3424 release_lock |= prepare_mmio_access(mr);
3425
3426 #if defined(TARGET_WORDS_BIGENDIAN)
3427 if (endian == DEVICE_LITTLE_ENDIAN) {
3428 val = bswap32(val);
3429 }
3430 #else
3431 if (endian == DEVICE_BIG_ENDIAN) {
3432 val = bswap32(val);
3433 }
3434 #endif
3435 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3436 } else {
3437 /* RAM case */
3438 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3439 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
3440 switch (endian) {
3441 case DEVICE_LITTLE_ENDIAN:
3442 stl_le_p(ptr, val);
3443 break;
3444 case DEVICE_BIG_ENDIAN:
3445 stl_be_p(ptr, val);
3446 break;
3447 default:
3448 stl_p(ptr, val);
3449 break;
3450 }
3451 invalidate_and_set_dirty(mr, addr1, 4);
3452 r = MEMTX_OK;
3453 }
3454 if (result) {
3455 *result = r;
3456 }
3457 if (release_lock) {
3458 qemu_mutex_unlock_iothread();
3459 }
3460 rcu_read_unlock();
3461 }
3462
3463 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3464 MemTxAttrs attrs, MemTxResult *result)
3465 {
3466 address_space_stl_internal(as, addr, val, attrs, result,
3467 DEVICE_NATIVE_ENDIAN);
3468 }
3469
3470 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3471 MemTxAttrs attrs, MemTxResult *result)
3472 {
3473 address_space_stl_internal(as, addr, val, attrs, result,
3474 DEVICE_LITTLE_ENDIAN);
3475 }
3476
3477 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3478 MemTxAttrs attrs, MemTxResult *result)
3479 {
3480 address_space_stl_internal(as, addr, val, attrs, result,
3481 DEVICE_BIG_ENDIAN);
3482 }
3483
3484 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3485 {
3486 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3487 }
3488
3489 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3490 {
3491 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3492 }
3493
3494 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3495 {
3496 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3497 }
3498
3499 /* XXX: optimize */
3500 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3501 MemTxAttrs attrs, MemTxResult *result)
3502 {
3503 uint8_t v = val;
3504 MemTxResult r;
3505
3506 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3507 if (result) {
3508 *result = r;
3509 }
3510 }
3511
3512 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3513 {
3514 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3515 }
3516
3517 /* warning: addr must be aligned */
3518 static inline void address_space_stw_internal(AddressSpace *as,
3519 hwaddr addr, uint32_t val,
3520 MemTxAttrs attrs,
3521 MemTxResult *result,
3522 enum device_endian endian)
3523 {
3524 uint8_t *ptr;
3525 MemoryRegion *mr;
3526 hwaddr l = 2;
3527 hwaddr addr1;
3528 MemTxResult r;
3529 bool release_lock = false;
3530
3531 rcu_read_lock();
3532 mr = address_space_translate(as, addr, &addr1, &l, true);
3533 if (l < 2 || !memory_access_is_direct(mr, true)) {
3534 release_lock |= prepare_mmio_access(mr);
3535
3536 #if defined(TARGET_WORDS_BIGENDIAN)
3537 if (endian == DEVICE_LITTLE_ENDIAN) {
3538 val = bswap16(val);
3539 }
3540 #else
3541 if (endian == DEVICE_BIG_ENDIAN) {
3542 val = bswap16(val);
3543 }
3544 #endif
3545 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3546 } else {
3547 /* RAM case */
3548 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3549 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
3550 switch (endian) {
3551 case DEVICE_LITTLE_ENDIAN:
3552 stw_le_p(ptr, val);
3553 break;
3554 case DEVICE_BIG_ENDIAN:
3555 stw_be_p(ptr, val);
3556 break;
3557 default:
3558 stw_p(ptr, val);
3559 break;
3560 }
3561 invalidate_and_set_dirty(mr, addr1, 2);
3562 r = MEMTX_OK;
3563 }
3564 if (result) {
3565 *result = r;
3566 }
3567 if (release_lock) {
3568 qemu_mutex_unlock_iothread();
3569 }
3570 rcu_read_unlock();
3571 }
3572
3573 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3574 MemTxAttrs attrs, MemTxResult *result)
3575 {
3576 address_space_stw_internal(as, addr, val, attrs, result,
3577 DEVICE_NATIVE_ENDIAN);
3578 }
3579
3580 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3581 MemTxAttrs attrs, MemTxResult *result)
3582 {
3583 address_space_stw_internal(as, addr, val, attrs, result,
3584 DEVICE_LITTLE_ENDIAN);
3585 }
3586
3587 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3588 MemTxAttrs attrs, MemTxResult *result)
3589 {
3590 address_space_stw_internal(as, addr, val, attrs, result,
3591 DEVICE_BIG_ENDIAN);
3592 }
3593
3594 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3595 {
3596 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3597 }
3598
3599 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3600 {
3601 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3602 }
3603
3604 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3605 {
3606 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3607 }
3608
3609 /* XXX: optimize */
3610 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3611 MemTxAttrs attrs, MemTxResult *result)
3612 {
3613 MemTxResult r;
3614 val = tswap64(val);
3615 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3616 if (result) {
3617 *result = r;
3618 }
3619 }
3620
3621 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3622 MemTxAttrs attrs, MemTxResult *result)
3623 {
3624 MemTxResult r;
3625 val = cpu_to_le64(val);
3626 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3627 if (result) {
3628 *result = r;
3629 }
3630 }
3631 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3632 MemTxAttrs attrs, MemTxResult *result)
3633 {
3634 MemTxResult r;
3635 val = cpu_to_be64(val);
3636 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3637 if (result) {
3638 *result = r;
3639 }
3640 }
3641
3642 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3643 {
3644 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3645 }
3646
3647 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3648 {
3649 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3650 }
3651
3652 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3653 {
3654 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3655 }
3656
3657 /* virtual memory access for debug (includes writing to ROM) */
3658 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3659 uint8_t *buf, int len, int is_write)
3660 {
3661 int l;
3662 hwaddr phys_addr;
3663 target_ulong page;
3664
3665 while (len > 0) {
3666 int asidx;
3667 MemTxAttrs attrs;
3668
3669 page = addr & TARGET_PAGE_MASK;
3670 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3671 asidx = cpu_asidx_from_attrs(cpu, attrs);
3672 /* if no physical page mapped, return an error */
3673 if (phys_addr == -1)
3674 return -1;
3675 l = (page + TARGET_PAGE_SIZE) - addr;
3676 if (l > len)
3677 l = len;
3678 phys_addr += (addr & ~TARGET_PAGE_MASK);
3679 if (is_write) {
3680 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3681 phys_addr, buf, l);
3682 } else {
3683 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3684 MEMTXATTRS_UNSPECIFIED,
3685 buf, l, 0);
3686 }
3687 len -= l;
3688 buf += l;
3689 addr += l;
3690 }
3691 return 0;
3692 }
3693
3694 /*
3695 * Allows code that needs to deal with migration bitmaps etc to still be built
3696 * target independent.
3697 */
3698 size_t qemu_target_page_bits(void)
3699 {
3700 return TARGET_PAGE_BITS;
3701 }
3702
3703 #endif
3704
3705 /*
3706 * A helper function for the _utterly broken_ virtio device model to find out if
3707 * it's running on a big endian machine. Don't do this at home kids!
3708 */
3709 bool target_words_bigendian(void);
3710 bool target_words_bigendian(void)
3711 {
3712 #if defined(TARGET_WORDS_BIGENDIAN)
3713 return true;
3714 #else
3715 return false;
3716 #endif
3717 }
3718
3719 #ifndef CONFIG_USER_ONLY
3720 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3721 {
3722 MemoryRegion*mr;
3723 hwaddr l = 1;
3724 bool res;
3725
3726 rcu_read_lock();
3727 mr = address_space_translate(&address_space_memory,
3728 phys_addr, &phys_addr, &l, false);
3729
3730 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3731 rcu_read_unlock();
3732 return res;
3733 }
3734
3735 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3736 {
3737 RAMBlock *block;
3738 int ret = 0;
3739
3740 rcu_read_lock();
3741 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3742 ret = func(block->idstr, block->host, block->offset,
3743 block->used_length, opaque);
3744 if (ret) {
3745 break;
3746 }
3747 }
3748 rcu_read_unlock();
3749 return ret;
3750 }
3751 #endif
AR7 emulation for QEMU