search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tcg: Define and use new tlb_hit() and tlb_hit_page() functions
[qemu/ar7.git] / accel / tcg / cputlb.c
blobadb711963bf9797008506db02e43f8c433837d01
1 /*
2 * Common CPU TLB handling
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "qemu/osdep.h"
21 #include "qemu/main-loop.h"
22 #include "cpu.h"
23 #include "exec/exec-all.h"
24 #include "exec/memory.h"
25 #include "exec/address-spaces.h"
26 #include "exec/cpu_ldst.h"
27 #include "exec/cputlb.h"
28 #include "exec/memory-internal.h"
29 #include "exec/ram_addr.h"
30 #include "tcg/tcg.h"
31 #include "qemu/error-report.h"
32 #include "exec/log.h"
33 #include "exec/helper-proto.h"
34 #include "qemu/atomic.h"
35
36 /* DEBUG defines, enable DEBUG_TLB_LOG to log to the CPU_LOG_MMU target */
37 /* #define DEBUG_TLB */
38 /* #define DEBUG_TLB_LOG */
39
40 #ifdef DEBUG_TLB
41 # define DEBUG_TLB_GATE 1
42 # ifdef DEBUG_TLB_LOG
43 # define DEBUG_TLB_LOG_GATE 1
44 # else
45 # define DEBUG_TLB_LOG_GATE 0
46 # endif
47 #else
48 # define DEBUG_TLB_GATE 0
49 # define DEBUG_TLB_LOG_GATE 0
50 #endif
51
52 #define tlb_debug(fmt, ...) do { \
53 if (DEBUG_TLB_LOG_GATE) { \
54 qemu_log_mask(CPU_LOG_MMU, "%s: " fmt, __func__, \
55 ## __VA_ARGS__); \
56 } else if (DEBUG_TLB_GATE) { \
57 fprintf(stderr, "%s: " fmt, __func__, ## __VA_ARGS__); \
58 } \
59 } while (0)
60
61 #define assert_cpu_is_self(this_cpu) do { \
62 if (DEBUG_TLB_GATE) { \
63 g_assert(!cpu->created || qemu_cpu_is_self(cpu)); \
64 } \
65 } while (0)
66
67 /* run_on_cpu_data.target_ptr should always be big enough for a
68 * target_ulong even on 32 bit builds */
69 QEMU_BUILD_BUG_ON(sizeof(target_ulong) > sizeof(run_on_cpu_data));
70
71 /* We currently can't handle more than 16 bits in the MMUIDX bitmask.
72 */
73 QEMU_BUILD_BUG_ON(NB_MMU_MODES > 16);
74 #define ALL_MMUIDX_BITS ((1 << NB_MMU_MODES) - 1)
75
76 /* flush_all_helper: run fn across all cpus
77 *
78 * If the wait flag is set then the src cpu's helper will be queued as
79 * "safe" work and the loop exited creating a synchronisation point
80 * where all queued work will be finished before execution starts
81 * again.
82 */
83 static void flush_all_helper(CPUState *src, run_on_cpu_func fn,
84 run_on_cpu_data d)
85 {
86 CPUState *cpu;
87
88 CPU_FOREACH(cpu) {
89 if (cpu != src) {
90 async_run_on_cpu(cpu, fn, d);
91 }
92 }
93 }
94
95 size_t tlb_flush_count(void)
96 {
97 CPUState *cpu;
98 size_t count = 0;
99
100 CPU_FOREACH(cpu) {
101 CPUArchState *env = cpu->env_ptr;
102
103 count += atomic_read(&env->tlb_flush_count);
104 }
105 return count;
106 }
107
108 /* This is OK because CPU architectures generally permit an
109 * implementation to drop entries from the TLB at any time, so
110 * flushing more entries than required is only an efficiency issue,
111 * not a correctness issue.
112 */
113 static void tlb_flush_nocheck(CPUState *cpu)
114 {
115 CPUArchState *env = cpu->env_ptr;
116
117 /* The QOM tests will trigger tlb_flushes without setting up TCG
118 * so we bug out here in that case.
119 */
120 if (!tcg_enabled()) {
121 return;
122 }
123
124 assert_cpu_is_self(cpu);
125 atomic_set(&env->tlb_flush_count, env->tlb_flush_count + 1);
126 tlb_debug("(count: %zu)\n", tlb_flush_count());
127
128 memset(env->tlb_table, -1, sizeof(env->tlb_table));
129 memset(env->tlb_v_table, -1, sizeof(env->tlb_v_table));
130 cpu_tb_jmp_cache_clear(cpu);
131
132 env->vtlb_index = 0;
133 env->tlb_flush_addr = -1;
134 env->tlb_flush_mask = 0;
135
136 atomic_mb_set(&cpu->pending_tlb_flush, 0);
137 }
138
139 static void tlb_flush_global_async_work(CPUState *cpu, run_on_cpu_data data)
140 {
141 tlb_flush_nocheck(cpu);
142 }
143
144 void tlb_flush(CPUState *cpu)
145 {
146 if (cpu->created && !qemu_cpu_is_self(cpu)) {
147 if (atomic_mb_read(&cpu->pending_tlb_flush) != ALL_MMUIDX_BITS) {
148 atomic_mb_set(&cpu->pending_tlb_flush, ALL_MMUIDX_BITS);
149 async_run_on_cpu(cpu, tlb_flush_global_async_work,
150 RUN_ON_CPU_NULL);
151 }
152 } else {
153 tlb_flush_nocheck(cpu);
154 }
155 }
156
157 void tlb_flush_all_cpus(CPUState *src_cpu)
158 {
159 const run_on_cpu_func fn = tlb_flush_global_async_work;
160 flush_all_helper(src_cpu, fn, RUN_ON_CPU_NULL);
161 fn(src_cpu, RUN_ON_CPU_NULL);
162 }
163
164 void tlb_flush_all_cpus_synced(CPUState *src_cpu)
165 {
166 const run_on_cpu_func fn = tlb_flush_global_async_work;
167 flush_all_helper(src_cpu, fn, RUN_ON_CPU_NULL);
168 async_safe_run_on_cpu(src_cpu, fn, RUN_ON_CPU_NULL);
169 }
170
171 static void tlb_flush_by_mmuidx_async_work(CPUState *cpu, run_on_cpu_data data)
172 {
173 CPUArchState *env = cpu->env_ptr;
174 unsigned long mmu_idx_bitmask = data.host_int;
175 int mmu_idx;
176
177 assert_cpu_is_self(cpu);
178
179 tlb_debug("start: mmu_idx:0x%04lx\n", mmu_idx_bitmask);
180
181 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
182
183 if (test_bit(mmu_idx, &mmu_idx_bitmask)) {
184 tlb_debug("%d\n", mmu_idx);
185
186 memset(env->tlb_table[mmu_idx], -1, sizeof(env->tlb_table[0]));
187 memset(env->tlb_v_table[mmu_idx], -1, sizeof(env->tlb_v_table[0]));
188 }
189 }
190
191 cpu_tb_jmp_cache_clear(cpu);
192
193 tlb_debug("done\n");
194 }
195
196 void tlb_flush_by_mmuidx(CPUState *cpu, uint16_t idxmap)
197 {
198 tlb_debug("mmu_idx: 0x%" PRIx16 "\n", idxmap);
199
200 if (!qemu_cpu_is_self(cpu)) {
201 uint16_t pending_flushes = idxmap;
202 pending_flushes &= ~atomic_mb_read(&cpu->pending_tlb_flush);
203
204 if (pending_flushes) {
205 tlb_debug("reduced mmu_idx: 0x%" PRIx16 "\n", pending_flushes);
206
207 atomic_or(&cpu->pending_tlb_flush, pending_flushes);
208 async_run_on_cpu(cpu, tlb_flush_by_mmuidx_async_work,
209 RUN_ON_CPU_HOST_INT(pending_flushes));
210 }
211 } else {
212 tlb_flush_by_mmuidx_async_work(cpu,
213 RUN_ON_CPU_HOST_INT(idxmap));
214 }
215 }
216
217 void tlb_flush_by_mmuidx_all_cpus(CPUState *src_cpu, uint16_t idxmap)
218 {
219 const run_on_cpu_func fn = tlb_flush_by_mmuidx_async_work;
220
221 tlb_debug("mmu_idx: 0x%"PRIx16"\n", idxmap);
222
223 flush_all_helper(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap));
224 fn(src_cpu, RUN_ON_CPU_HOST_INT(idxmap));
225 }
226
227 void tlb_flush_by_mmuidx_all_cpus_synced(CPUState *src_cpu,
228 uint16_t idxmap)
229 {
230 const run_on_cpu_func fn = tlb_flush_by_mmuidx_async_work;
231
232 tlb_debug("mmu_idx: 0x%"PRIx16"\n", idxmap);
233
234 flush_all_helper(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap));
235 async_safe_run_on_cpu(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap));
236 }
237
238
239
240 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
241 {
242 if (tlb_hit_page(tlb_entry->addr_read, addr) ||
243 tlb_hit_page(tlb_entry->addr_write, addr) ||
244 tlb_hit_page(tlb_entry->addr_code, addr)) {
245 memset(tlb_entry, -1, sizeof(*tlb_entry));
246 }
247 }
248
249 static void tlb_flush_page_async_work(CPUState *cpu, run_on_cpu_data data)
250 {
251 CPUArchState *env = cpu->env_ptr;
252 target_ulong addr = (target_ulong) data.target_ptr;
253 int i;
254 int mmu_idx;
255
256 assert_cpu_is_self(cpu);
257
258 tlb_debug("page :" TARGET_FMT_lx "\n", addr);
259
260 /* Check if we need to flush due to large pages. */
261 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
262 tlb_debug("forcing full flush ("
263 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
264 env->tlb_flush_addr, env->tlb_flush_mask);
265
266 tlb_flush(cpu);
267 return;
268 }
269
270 addr &= TARGET_PAGE_MASK;
271 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
272 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
273 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
274 }
275
276 /* check whether there are entries that need to be flushed in the vtlb */
277 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
278 int k;
279 for (k = 0; k < CPU_VTLB_SIZE; k++) {
280 tlb_flush_entry(&env->tlb_v_table[mmu_idx][k], addr);
281 }
282 }
283
284 tb_flush_jmp_cache(cpu, addr);
285 }
286
287 void tlb_flush_page(CPUState *cpu, target_ulong addr)
288 {
289 tlb_debug("page :" TARGET_FMT_lx "\n", addr);
290
291 if (!qemu_cpu_is_self(cpu)) {
292 async_run_on_cpu(cpu, tlb_flush_page_async_work,
293 RUN_ON_CPU_TARGET_PTR(addr));
294 } else {
295 tlb_flush_page_async_work(cpu, RUN_ON_CPU_TARGET_PTR(addr));
296 }
297 }
298
299 /* As we are going to hijack the bottom bits of the page address for a
300 * mmuidx bit mask we need to fail to build if we can't do that
301 */
302 QEMU_BUILD_BUG_ON(NB_MMU_MODES > TARGET_PAGE_BITS_MIN);
303
304 static void tlb_flush_page_by_mmuidx_async_work(CPUState *cpu,
305 run_on_cpu_data data)
306 {
307 CPUArchState *env = cpu->env_ptr;
308 target_ulong addr_and_mmuidx = (target_ulong) data.target_ptr;
309 target_ulong addr = addr_and_mmuidx & TARGET_PAGE_MASK;
310 unsigned long mmu_idx_bitmap = addr_and_mmuidx & ALL_MMUIDX_BITS;
311 int page = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
312 int mmu_idx;
313 int i;
314
315 assert_cpu_is_self(cpu);
316
317 tlb_debug("page:%d addr:"TARGET_FMT_lx" mmu_idx:0x%lx\n",
318 page, addr, mmu_idx_bitmap);
319
320 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
321 if (test_bit(mmu_idx, &mmu_idx_bitmap)) {
322 tlb_flush_entry(&env->tlb_table[mmu_idx][page], addr);
323
324 /* check whether there are vltb entries that need to be flushed */
325 for (i = 0; i < CPU_VTLB_SIZE; i++) {
326 tlb_flush_entry(&env->tlb_v_table[mmu_idx][i], addr);
327 }
328 }
329 }
330
331 tb_flush_jmp_cache(cpu, addr);
332 }
333
334 static void tlb_check_page_and_flush_by_mmuidx_async_work(CPUState *cpu,
335 run_on_cpu_data data)
336 {
337 CPUArchState *env = cpu->env_ptr;
338 target_ulong addr_and_mmuidx = (target_ulong) data.target_ptr;
339 target_ulong addr = addr_and_mmuidx & TARGET_PAGE_MASK;
340 unsigned long mmu_idx_bitmap = addr_and_mmuidx & ALL_MMUIDX_BITS;
341
342 tlb_debug("addr:"TARGET_FMT_lx" mmu_idx: %04lx\n", addr, mmu_idx_bitmap);
343
344 /* Check if we need to flush due to large pages. */
345 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
346 tlb_debug("forced full flush ("
347 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
348 env->tlb_flush_addr, env->tlb_flush_mask);
349
350 tlb_flush_by_mmuidx_async_work(cpu,
351 RUN_ON_CPU_HOST_INT(mmu_idx_bitmap));
352 } else {
353 tlb_flush_page_by_mmuidx_async_work(cpu, data);
354 }
355 }
356
357 void tlb_flush_page_by_mmuidx(CPUState *cpu, target_ulong addr, uint16_t idxmap)
358 {
359 target_ulong addr_and_mmu_idx;
360
361 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%" PRIx16 "\n", addr, idxmap);
362
363 /* This should already be page aligned */
364 addr_and_mmu_idx = addr & TARGET_PAGE_MASK;
365 addr_and_mmu_idx |= idxmap;
366
367 if (!qemu_cpu_is_self(cpu)) {
368 async_run_on_cpu(cpu, tlb_check_page_and_flush_by_mmuidx_async_work,
369 RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
370 } else {
371 tlb_check_page_and_flush_by_mmuidx_async_work(
372 cpu, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
373 }
374 }
375
376 void tlb_flush_page_by_mmuidx_all_cpus(CPUState *src_cpu, target_ulong addr,
377 uint16_t idxmap)
378 {
379 const run_on_cpu_func fn = tlb_check_page_and_flush_by_mmuidx_async_work;
380 target_ulong addr_and_mmu_idx;
381
382 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%"PRIx16"\n", addr, idxmap);
383
384 /* This should already be page aligned */
385 addr_and_mmu_idx = addr & TARGET_PAGE_MASK;
386 addr_and_mmu_idx |= idxmap;
387
388 flush_all_helper(src_cpu, fn, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
389 fn(src_cpu, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
390 }
391
392 void tlb_flush_page_by_mmuidx_all_cpus_synced(CPUState *src_cpu,
393 target_ulong addr,
394 uint16_t idxmap)
395 {
396 const run_on_cpu_func fn = tlb_check_page_and_flush_by_mmuidx_async_work;
397 target_ulong addr_and_mmu_idx;
398
399 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%"PRIx16"\n", addr, idxmap);
400
401 /* This should already be page aligned */
402 addr_and_mmu_idx = addr & TARGET_PAGE_MASK;
403 addr_and_mmu_idx |= idxmap;
404
405 flush_all_helper(src_cpu, fn, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
406 async_safe_run_on_cpu(src_cpu, fn, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
407 }
408
409 void tlb_flush_page_all_cpus(CPUState *src, target_ulong addr)
410 {
411 const run_on_cpu_func fn = tlb_flush_page_async_work;
412
413 flush_all_helper(src, fn, RUN_ON_CPU_TARGET_PTR(addr));
414 fn(src, RUN_ON_CPU_TARGET_PTR(addr));
415 }
416
417 void tlb_flush_page_all_cpus_synced(CPUState *src,
418 target_ulong addr)
419 {
420 const run_on_cpu_func fn = tlb_flush_page_async_work;
421
422 flush_all_helper(src, fn, RUN_ON_CPU_TARGET_PTR(addr));
423 async_safe_run_on_cpu(src, fn, RUN_ON_CPU_TARGET_PTR(addr));
424 }
425
426 /* update the TLBs so that writes to code in the virtual page 'addr'
427 can be detected */
428 void tlb_protect_code(ram_addr_t ram_addr)
429 {
430 cpu_physical_memory_test_and_clear_dirty(ram_addr, TARGET_PAGE_SIZE,
431 DIRTY_MEMORY_CODE);
432 }
433
434 /* update the TLB so that writes in physical page 'phys_addr' are no longer
435 tested for self modifying code */
436 void tlb_unprotect_code(ram_addr_t ram_addr)
437 {
438 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_CODE);
439 }
440
441
442 /*
443 * Dirty write flag handling
444 *
445 * When the TCG code writes to a location it looks up the address in
446 * the TLB and uses that data to compute the final address. If any of
447 * the lower bits of the address are set then the slow path is forced.
448 * There are a number of reasons to do this but for normal RAM the
449 * most usual is detecting writes to code regions which may invalidate
450 * generated code.
451 *
452 * Because we want other vCPUs to respond to changes straight away we
453 * update the te->addr_write field atomically. If the TLB entry has
454 * been changed by the vCPU in the mean time we skip the update.
455 *
456 * As this function uses atomic accesses we also need to ensure
457 * updates to tlb_entries follow the same access rules. We don't need
458 * to worry about this for oversized guests as MTTCG is disabled for
459 * them.
460 */
461
462 static void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry, uintptr_t start,
463 uintptr_t length)
464 {
465 #if TCG_OVERSIZED_GUEST
466 uintptr_t addr = tlb_entry->addr_write;
467
468 if ((addr & (TLB_INVALID_MASK | TLB_MMIO | TLB_NOTDIRTY)) == 0) {
469 addr &= TARGET_PAGE_MASK;
470 addr += tlb_entry->addend;
471 if ((addr - start) < length) {
472 tlb_entry->addr_write |= TLB_NOTDIRTY;
473 }
474 }
475 #else
476 /* paired with atomic_mb_set in tlb_set_page_with_attrs */
477 uintptr_t orig_addr = atomic_mb_read(&tlb_entry->addr_write);
478 uintptr_t addr = orig_addr;
479
480 if ((addr & (TLB_INVALID_MASK | TLB_MMIO | TLB_NOTDIRTY)) == 0) {
481 addr &= TARGET_PAGE_MASK;
482 addr += atomic_read(&tlb_entry->addend);
483 if ((addr - start) < length) {
484 uintptr_t notdirty_addr = orig_addr | TLB_NOTDIRTY;
485 atomic_cmpxchg(&tlb_entry->addr_write, orig_addr, notdirty_addr);
486 }
487 }
488 #endif
489 }
490
491 /* For atomic correctness when running MTTCG we need to use the right
492 * primitives when copying entries */
493 static inline void copy_tlb_helper(CPUTLBEntry *d, CPUTLBEntry *s,
494 bool atomic_set)
495 {
496 #if TCG_OVERSIZED_GUEST
497 *d = *s;
498 #else
499 if (atomic_set) {
500 d->addr_read = s->addr_read;
501 d->addr_code = s->addr_code;
502 atomic_set(&d->addend, atomic_read(&s->addend));
503 /* Pairs with flag setting in tlb_reset_dirty_range */
504 atomic_mb_set(&d->addr_write, atomic_read(&s->addr_write));
505 } else {
506 d->addr_read = s->addr_read;
507 d->addr_write = atomic_read(&s->addr_write);
508 d->addr_code = s->addr_code;
509 d->addend = atomic_read(&s->addend);
510 }
511 #endif
512 }
513
514 /* This is a cross vCPU call (i.e. another vCPU resetting the flags of
515 * the target vCPU). As such care needs to be taken that we don't
516 * dangerously race with another vCPU update. The only thing actually
517 * updated is the target TLB entry ->addr_write flags.
518 */
519 void tlb_reset_dirty(CPUState *cpu, ram_addr_t start1, ram_addr_t length)
520 {
521 CPUArchState *env;
522
523 int mmu_idx;
524
525 env = cpu->env_ptr;
526 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
527 unsigned int i;
528
529 for (i = 0; i < CPU_TLB_SIZE; i++) {
530 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
531 start1, length);
532 }
533
534 for (i = 0; i < CPU_VTLB_SIZE; i++) {
535 tlb_reset_dirty_range(&env->tlb_v_table[mmu_idx][i],
536 start1, length);
537 }
538 }
539 }
540
541 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
542 {
543 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY)) {
544 tlb_entry->addr_write = vaddr;
545 }
546 }
547
548 /* update the TLB corresponding to virtual page vaddr
549 so that it is no longer dirty */
550 void tlb_set_dirty(CPUState *cpu, target_ulong vaddr)
551 {
552 CPUArchState *env = cpu->env_ptr;
553 int i;
554 int mmu_idx;
555
556 assert_cpu_is_self(cpu);
557
558 vaddr &= TARGET_PAGE_MASK;
559 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
560 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
561 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
562 }
563
564 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
565 int k;
566 for (k = 0; k < CPU_VTLB_SIZE; k++) {
567 tlb_set_dirty1(&env->tlb_v_table[mmu_idx][k], vaddr);
568 }
569 }
570 }
571
572 /* Our TLB does not support large pages, so remember the area covered by
573 large pages and trigger a full TLB flush if these are invalidated. */
574 static void tlb_add_large_page(CPUArchState *env, target_ulong vaddr,
575 target_ulong size)
576 {
577 target_ulong mask = ~(size - 1);
578
579 if (env->tlb_flush_addr == (target_ulong)-1) {
580 env->tlb_flush_addr = vaddr & mask;
581 env->tlb_flush_mask = mask;
582 return;
583 }
584 /* Extend the existing region to include the new page.
585 This is a compromise between unnecessary flushes and the cost
586 of maintaining a full variable size TLB. */
587 mask &= env->tlb_flush_mask;
588 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
589 mask <<= 1;
590 }
591 env->tlb_flush_addr &= mask;
592 env->tlb_flush_mask = mask;
593 }
594
595 /* Add a new TLB entry. At most one entry for a given virtual address
596 * is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
597 * supplied size is only used by tlb_flush_page.
598 *
599 * Called from TCG-generated code, which is under an RCU read-side
600 * critical section.
601 */
602 void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
603 hwaddr paddr, MemTxAttrs attrs, int prot,
604 int mmu_idx, target_ulong size)
605 {
606 CPUArchState *env = cpu->env_ptr;
607 MemoryRegionSection *section;
608 unsigned int index;
609 target_ulong address;
610 target_ulong code_address;
611 uintptr_t addend;
612 CPUTLBEntry *te, *tv, tn;
613 hwaddr iotlb, xlat, sz, paddr_page;
614 target_ulong vaddr_page;
615 unsigned vidx = env->vtlb_index++ % CPU_VTLB_SIZE;
616 int asidx = cpu_asidx_from_attrs(cpu, attrs);
617
618 assert_cpu_is_self(cpu);
619
620 if (size < TARGET_PAGE_SIZE) {
621 sz = TARGET_PAGE_SIZE;
622 } else {
623 if (size > TARGET_PAGE_SIZE) {
624 tlb_add_large_page(env, vaddr, size);
625 }
626 sz = size;
627 }
628 vaddr_page = vaddr & TARGET_PAGE_MASK;
629 paddr_page = paddr & TARGET_PAGE_MASK;
630
631 section = address_space_translate_for_iotlb(cpu, asidx, paddr_page,
632 &xlat, &sz, attrs, &prot);
633 assert(sz >= TARGET_PAGE_SIZE);
634
635 tlb_debug("vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
636 " prot=%x idx=%d\n",
637 vaddr, paddr, prot, mmu_idx);
638
639 address = vaddr_page;
640 if (size < TARGET_PAGE_SIZE) {
641 /*
642 * Slow-path the TLB entries; we will repeat the MMU check and TLB
643 * fill on every access.
644 */
645 address |= TLB_RECHECK;
646 }
647 if (!memory_region_is_ram(section->mr) &&
648 !memory_region_is_romd(section->mr)) {
649 /* IO memory case */
650 address |= TLB_MMIO;
651 addend = 0;
652 } else {
653 /* TLB_MMIO for rom/romd handled below */
654 addend = (uintptr_t)memory_region_get_ram_ptr(section->mr) + xlat;
655 }
656
657 code_address = address;
658 iotlb = memory_region_section_get_iotlb(cpu, section, vaddr_page,
659 paddr_page, xlat, prot, &address);
660
661 index = (vaddr_page >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
662 te = &env->tlb_table[mmu_idx][index];
663 /* do not discard the translation in te, evict it into a victim tlb */
664 tv = &env->tlb_v_table[mmu_idx][vidx];
665
666 /* addr_write can race with tlb_reset_dirty_range */
667 copy_tlb_helper(tv, te, true);
668
669 env->iotlb_v[mmu_idx][vidx] = env->iotlb[mmu_idx][index];
670
671 /* refill the tlb */
672 /*
673 * At this point iotlb contains a physical section number in the lower
674 * TARGET_PAGE_BITS, and either
675 * + the ram_addr_t of the page base of the target RAM (if NOTDIRTY or ROM)
676 * + the offset within section->mr of the page base (otherwise)
677 * We subtract the vaddr_page (which is page aligned and thus won't
678 * disturb the low bits) to give an offset which can be added to the
679 * (non-page-aligned) vaddr of the eventual memory access to get
680 * the MemoryRegion offset for the access. Note that the vaddr we
681 * subtract here is that of the page base, and not the same as the
682 * vaddr we add back in io_readx()/io_writex()/get_page_addr_code().
683 */
684 env->iotlb[mmu_idx][index].addr = iotlb - vaddr_page;
685 env->iotlb[mmu_idx][index].attrs = attrs;
686
687 /* Now calculate the new entry */
688 tn.addend = addend - vaddr_page;
689 if (prot & PAGE_READ) {
690 tn.addr_read = address;
691 } else {
692 tn.addr_read = -1;
693 }
694
695 if (prot & PAGE_EXEC) {
696 tn.addr_code = code_address;
697 } else {
698 tn.addr_code = -1;
699 }
700
701 tn.addr_write = -1;
702 if (prot & PAGE_WRITE) {
703 if ((memory_region_is_ram(section->mr) && section->readonly)
704 || memory_region_is_romd(section->mr)) {
705 /* Write access calls the I/O callback. */
706 tn.addr_write = address | TLB_MMIO;
707 } else if (memory_region_is_ram(section->mr)
708 && cpu_physical_memory_is_clean(
709 memory_region_get_ram_addr(section->mr) + xlat)) {
710 tn.addr_write = address | TLB_NOTDIRTY;
711 } else {
712 tn.addr_write = address;
713 }
714 if (prot & PAGE_WRITE_INV) {
715 tn.addr_write |= TLB_INVALID_MASK;
716 }
717 }
718
719 /* Pairs with flag setting in tlb_reset_dirty_range */
720 copy_tlb_helper(te, &tn, true);
721 /* atomic_mb_set(&te->addr_write, write_address); */
722 }
723
724 /* Add a new TLB entry, but without specifying the memory
725 * transaction attributes to be used.
726 */
727 void tlb_set_page(CPUState *cpu, target_ulong vaddr,
728 hwaddr paddr, int prot,
729 int mmu_idx, target_ulong size)
730 {
731 tlb_set_page_with_attrs(cpu, vaddr, paddr, MEMTXATTRS_UNSPECIFIED,
732 prot, mmu_idx, size);
733 }
734
735 static void report_bad_exec(CPUState *cpu, target_ulong addr)
736 {
737 /* Accidentally executing outside RAM or ROM is quite common for
738 * several user-error situations, so report it in a way that
739 * makes it clear that this isn't a QEMU bug and provide suggestions
740 * about what a user could do to fix things.
741 */
742 error_report("Trying to execute code outside RAM or ROM at 0x"
743 TARGET_FMT_lx, addr);
744 error_printf("This usually means one of the following happened:\n\n"
745 "(1) You told QEMU to execute a kernel for the wrong machine "
746 "type, and it crashed on startup (eg trying to run a "
747 "raspberry pi kernel on a versatilepb QEMU machine)\n"
748 "(2) You didn't give QEMU a kernel or BIOS filename at all, "
749 "and QEMU executed a ROM full of no-op instructions until "
750 "it fell off the end\n"
751 "(3) Your guest kernel has a bug and crashed by jumping "
752 "off into nowhere\n\n"
753 "This is almost always one of the first two, so check your "
754 "command line and that you are using the right type of kernel "
755 "for this machine.\n"
756 "If you think option (3) is likely then you can try debugging "
757 "your guest with the -d debug options; in particular "
758 "-d guest_errors will cause the log to include a dump of the "
759 "guest register state at this point.\n\n"
760 "Execution cannot continue; stopping here.\n\n");
761
762 /* Report also to the logs, with more detail including register dump */
763 qemu_log_mask(LOG_GUEST_ERROR, "qemu: fatal: Trying to execute code "
764 "outside RAM or ROM at 0x" TARGET_FMT_lx "\n", addr);
765 log_cpu_state_mask(LOG_GUEST_ERROR, cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
766 }
767
768 static inline ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
769 {
770 ram_addr_t ram_addr;
771
772 ram_addr = qemu_ram_addr_from_host(ptr);
773 if (ram_addr == RAM_ADDR_INVALID) {
774 error_report("Bad ram pointer %p", ptr);
775 abort();
776 }
777 return ram_addr;
778 }
779
780 static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
781 int mmu_idx,
782 target_ulong addr, uintptr_t retaddr,
783 bool recheck, int size)
784 {
785 CPUState *cpu = ENV_GET_CPU(env);
786 hwaddr mr_offset;
787 MemoryRegionSection *section;
788 MemoryRegion *mr;
789 uint64_t val;
790 bool locked = false;
791 MemTxResult r;
792
793 if (recheck) {
794 /*
795 * This is a TLB_RECHECK access, where the MMU protection
796 * covers a smaller range than a target page, and we must
797 * repeat the MMU check here. This tlb_fill() call might
798 * longjump out if this access should cause a guest exception.
799 */
800 int index;
801 target_ulong tlb_addr;
802
803 tlb_fill(cpu, addr, size, MMU_DATA_LOAD, mmu_idx, retaddr);
804
805 index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
806 tlb_addr = env->tlb_table[mmu_idx][index].addr_read;
807 if (!(tlb_addr & ~(TARGET_PAGE_MASK | TLB_RECHECK))) {
808 /* RAM access */
809 uintptr_t haddr = addr + env->tlb_table[mmu_idx][index].addend;
810
811 return ldn_p((void *)haddr, size);
812 }
813 /* Fall through for handling IO accesses */
814 }
815
816 section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
817 mr = section->mr;
818 mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
819 cpu->mem_io_pc = retaddr;
820 if (mr != &io_mem_rom && mr != &io_mem_notdirty && !cpu->can_do_io) {
821 cpu_io_recompile(cpu, retaddr);
822 }
823
824 cpu->mem_io_vaddr = addr;
825
826 if (mr->global_locking && !qemu_mutex_iothread_locked()) {
827 qemu_mutex_lock_iothread();
828 locked = true;
829 }
830 r = memory_region_dispatch_read(mr, mr_offset,
831 &val, size, iotlbentry->attrs);
832 if (r != MEMTX_OK) {
833 hwaddr physaddr = mr_offset +
834 section->offset_within_address_space -
835 section->offset_within_region;
836
837 cpu_transaction_failed(cpu, physaddr, addr, size, MMU_DATA_LOAD,
838 mmu_idx, iotlbentry->attrs, r, retaddr);
839 }
840 if (locked) {
841 qemu_mutex_unlock_iothread();
842 }
843
844 return val;
845 }
846
847 static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
848 int mmu_idx,
849 uint64_t val, target_ulong addr,
850 uintptr_t retaddr, bool recheck, int size)
851 {
852 CPUState *cpu = ENV_GET_CPU(env);
853 hwaddr mr_offset;
854 MemoryRegionSection *section;
855 MemoryRegion *mr;
856 bool locked = false;
857 MemTxResult r;
858
859 if (recheck) {
860 /*
861 * This is a TLB_RECHECK access, where the MMU protection
862 * covers a smaller range than a target page, and we must
863 * repeat the MMU check here. This tlb_fill() call might
864 * longjump out if this access should cause a guest exception.
865 */
866 int index;
867 target_ulong tlb_addr;
868
869 tlb_fill(cpu, addr, size, MMU_DATA_STORE, mmu_idx, retaddr);
870
871 index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
872 tlb_addr = env->tlb_table[mmu_idx][index].addr_write;
873 if (!(tlb_addr & ~(TARGET_PAGE_MASK | TLB_RECHECK))) {
874 /* RAM access */
875 uintptr_t haddr = addr + env->tlb_table[mmu_idx][index].addend;
876
877 stn_p((void *)haddr, size, val);
878 return;
879 }
880 /* Fall through for handling IO accesses */
881 }
882
883 section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
884 mr = section->mr;
885 mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
886 if (mr != &io_mem_rom && mr != &io_mem_notdirty && !cpu->can_do_io) {
887 cpu_io_recompile(cpu, retaddr);
888 }
889 cpu->mem_io_vaddr = addr;
890 cpu->mem_io_pc = retaddr;
891
892 if (mr->global_locking && !qemu_mutex_iothread_locked()) {
893 qemu_mutex_lock_iothread();
894 locked = true;
895 }
896 r = memory_region_dispatch_write(mr, mr_offset,
897 val, size, iotlbentry->attrs);
898 if (r != MEMTX_OK) {
899 hwaddr physaddr = mr_offset +
900 section->offset_within_address_space -
901 section->offset_within_region;
902
903 cpu_transaction_failed(cpu, physaddr, addr, size, MMU_DATA_STORE,
904 mmu_idx, iotlbentry->attrs, r, retaddr);
905 }
906 if (locked) {
907 qemu_mutex_unlock_iothread();
908 }
909 }
910
911 /* Return true if ADDR is present in the victim tlb, and has been copied
912 back to the main tlb. */
913 static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index,
914 size_t elt_ofs, target_ulong page)
915 {
916 size_t vidx;
917 for (vidx = 0; vidx < CPU_VTLB_SIZE; ++vidx) {
918 CPUTLBEntry *vtlb = &env->tlb_v_table[mmu_idx][vidx];
919 target_ulong cmp = *(target_ulong *)((uintptr_t)vtlb + elt_ofs);
920
921 if (cmp == page) {
922 /* Found entry in victim tlb, swap tlb and iotlb. */
923 CPUTLBEntry tmptlb, *tlb = &env->tlb_table[mmu_idx][index];
924
925 copy_tlb_helper(&tmptlb, tlb, false);
926 copy_tlb_helper(tlb, vtlb, true);
927 copy_tlb_helper(vtlb, &tmptlb, true);
928
929 CPUIOTLBEntry tmpio, *io = &env->iotlb[mmu_idx][index];
930 CPUIOTLBEntry *vio = &env->iotlb_v[mmu_idx][vidx];
931 tmpio = *io; *io = *vio; *vio = tmpio;
932 return true;
933 }
934 }
935 return false;
936 }
937
938 /* Macro to call the above, with local variables from the use context. */
939 #define VICTIM_TLB_HIT(TY, ADDR) \
940 victim_tlb_hit(env, mmu_idx, index, offsetof(CPUTLBEntry, TY), \
941 (ADDR) & TARGET_PAGE_MASK)
942
943 /* NOTE: this function can trigger an exception */
944 /* NOTE2: the returned address is not exactly the physical address: it
945 * is actually a ram_addr_t (in system mode; the user mode emulation
946 * version of this function returns a guest virtual address).
947 */
948 tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
949 {
950 int mmu_idx, index;
951 void *p;
952 MemoryRegion *mr;
953 MemoryRegionSection *section;
954 CPUState *cpu = ENV_GET_CPU(env);
955 CPUIOTLBEntry *iotlbentry;
956 hwaddr physaddr, mr_offset;
957
958 index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
959 mmu_idx = cpu_mmu_index(env, true);
960 if (unlikely(env->tlb_table[mmu_idx][index].addr_code !=
961 (addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK)))) {
962 if (!VICTIM_TLB_HIT(addr_read, addr)) {
963 tlb_fill(ENV_GET_CPU(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0);
964 }
965 }
966
967 if (unlikely(env->tlb_table[mmu_idx][index].addr_code & TLB_RECHECK)) {
968 /*
969 * This is a TLB_RECHECK access, where the MMU protection
970 * covers a smaller range than a target page, and we must
971 * repeat the MMU check here. This tlb_fill() call might
972 * longjump out if this access should cause a guest exception.
973 */
974 int index;
975 target_ulong tlb_addr;
976
977 tlb_fill(cpu, addr, 0, MMU_INST_FETCH, mmu_idx, 0);
978
979 index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
980 tlb_addr = env->tlb_table[mmu_idx][index].addr_code;
981 if (!(tlb_addr & ~(TARGET_PAGE_MASK | TLB_RECHECK))) {
982 /* RAM access. We can't handle this, so for now just stop */
983 cpu_abort(cpu, "Unable to handle guest executing from RAM within "
984 "a small MPU region at 0x" TARGET_FMT_lx, addr);
985 }
986 /*
987 * Fall through to handle IO accesses (which will almost certainly
988 * also result in failure)
989 */
990 }
991
992 iotlbentry = &env->iotlb[mmu_idx][index];
993 section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
994 mr = section->mr;
995 if (memory_region_is_unassigned(mr)) {
996 qemu_mutex_lock_iothread();
997 if (memory_region_request_mmio_ptr(mr, addr)) {
998 qemu_mutex_unlock_iothread();
999 /* A MemoryRegion is potentially added so re-run the
1000 * get_page_addr_code.
1001 */
1002 return get_page_addr_code(env, addr);
1003 }
1004 qemu_mutex_unlock_iothread();
1005
1006 /* Give the new-style cpu_transaction_failed() hook first chance
1007 * to handle this.
1008 * This is not the ideal place to detect and generate CPU
1009 * exceptions for instruction fetch failure (for instance
1010 * we don't know the length of the access that the CPU would
1011 * use, and it would be better to go ahead and try the access
1012 * and use the MemTXResult it produced). However it is the
1013 * simplest place we have currently available for the check.
1014 */
1015 mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
1016 physaddr = mr_offset +
1017 section->offset_within_address_space -
1018 section->offset_within_region;
1019 cpu_transaction_failed(cpu, physaddr, addr, 0, MMU_INST_FETCH, mmu_idx,
1020 iotlbentry->attrs, MEMTX_DECODE_ERROR, 0);
1021
1022 cpu_unassigned_access(cpu, addr, false, true, 0, 4);
1023 /* The CPU's unassigned access hook might have longjumped out
1024 * with an exception. If it didn't (or there was no hook) then
1025 * we can't proceed further.
1026 */
1027 report_bad_exec(cpu, addr);
1028 exit(1);
1029 }
1030 p = (void *)((uintptr_t)addr + env->tlb_table[mmu_idx][index].addend);
1031 return qemu_ram_addr_from_host_nofail(p);
1032 }
1033
1034 /* Probe for whether the specified guest write access is permitted.
1035 * If it is not permitted then an exception will be taken in the same
1036 * way as if this were a real write access (and we will not return).
1037 * Otherwise the function will return, and there will be a valid
1038 * entry in the TLB for this access.
1039 */
1040 void probe_write(CPUArchState *env, target_ulong addr, int size, int mmu_idx,
1041 uintptr_t retaddr)
1042 {
1043 int index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1044 target_ulong tlb_addr = env->tlb_table[mmu_idx][index].addr_write;
1045
1046 if (!tlb_hit(tlb_addr, addr)) {
1047 /* TLB entry is for a different page */
1048 if (!VICTIM_TLB_HIT(addr_write, addr)) {
1049 tlb_fill(ENV_GET_CPU(env), addr, size, MMU_DATA_STORE,
1050 mmu_idx, retaddr);
1051 }
1052 }
1053 }
1054
1055 /* Probe for a read-modify-write atomic operation. Do not allow unaligned
1056 * operations, or io operations to proceed. Return the host address. */
1057 static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
1058 TCGMemOpIdx oi, uintptr_t retaddr,
1059 NotDirtyInfo *ndi)
1060 {
1061 size_t mmu_idx = get_mmuidx(oi);
1062 size_t index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1063 CPUTLBEntry *tlbe = &env->tlb_table[mmu_idx][index];
1064 target_ulong tlb_addr = tlbe->addr_write;
1065 TCGMemOp mop = get_memop(oi);
1066 int a_bits = get_alignment_bits(mop);
1067 int s_bits = mop & MO_SIZE;
1068 void *hostaddr;
1069
1070 /* Adjust the given return address. */
1071 retaddr -= GETPC_ADJ;
1072
1073 /* Enforce guest required alignment. */
1074 if (unlikely(a_bits > 0 && (addr & ((1 << a_bits) - 1)))) {
1075 /* ??? Maybe indicate atomic op to cpu_unaligned_access */
1076 cpu_unaligned_access(ENV_GET_CPU(env), addr, MMU_DATA_STORE,
1077 mmu_idx, retaddr);
1078 }
1079
1080 /* Enforce qemu required alignment. */
1081 if (unlikely(addr & ((1 << s_bits) - 1))) {
1082 /* We get here if guest alignment was not requested,
1083 or was not enforced by cpu_unaligned_access above.
1084 We might widen the access and emulate, but for now
1085 mark an exception and exit the cpu loop. */
1086 goto stop_the_world;
1087 }
1088
1089 /* Check TLB entry and enforce page permissions. */
1090 if (!tlb_hit(tlb_addr, addr)) {
1091 if (!VICTIM_TLB_HIT(addr_write, addr)) {
1092 tlb_fill(ENV_GET_CPU(env), addr, 1 << s_bits, MMU_DATA_STORE,
1093 mmu_idx, retaddr);
1094 }
1095 tlb_addr = tlbe->addr_write & ~TLB_INVALID_MASK;
1096 }
1097
1098 /* Notice an IO access or a needs-MMU-lookup access */
1099 if (unlikely(tlb_addr & (TLB_MMIO | TLB_RECHECK))) {
1100 /* There's really nothing that can be done to
1101 support this apart from stop-the-world. */
1102 goto stop_the_world;
1103 }
1104
1105 /* Let the guest notice RMW on a write-only page. */
1106 if (unlikely(tlbe->addr_read != (tlb_addr & ~TLB_NOTDIRTY))) {
1107 tlb_fill(ENV_GET_CPU(env), addr, 1 << s_bits, MMU_DATA_LOAD,
1108 mmu_idx, retaddr);
1109 /* Since we don't support reads and writes to different addresses,
1110 and we do have the proper page loaded for write, this shouldn't
1111 ever return. But just in case, handle via stop-the-world. */
1112 goto stop_the_world;
1113 }
1114
1115 hostaddr = (void *)((uintptr_t)addr + tlbe->addend);
1116
1117 ndi->active = false;
1118 if (unlikely(tlb_addr & TLB_NOTDIRTY)) {
1119 ndi->active = true;
1120 memory_notdirty_write_prepare(ndi, ENV_GET_CPU(env), addr,
1121 qemu_ram_addr_from_host_nofail(hostaddr),
1122 1 << s_bits);
1123 }
1124
1125 return hostaddr;
1126
1127 stop_the_world:
1128 cpu_loop_exit_atomic(ENV_GET_CPU(env), retaddr);
1129 }
1130
1131 #ifdef TARGET_WORDS_BIGENDIAN
1132 # define TGT_BE(X) (X)
1133 # define TGT_LE(X) BSWAP(X)
1134 #else
1135 # define TGT_BE(X) BSWAP(X)
1136 # define TGT_LE(X) (X)
1137 #endif
1138
1139 #define MMUSUFFIX _mmu
1140
1141 #define DATA_SIZE 1
1142 #include "softmmu_template.h"
1143
1144 #define DATA_SIZE 2
1145 #include "softmmu_template.h"
1146
1147 #define DATA_SIZE 4
1148 #include "softmmu_template.h"
1149
1150 #define DATA_SIZE 8
1151 #include "softmmu_template.h"
1152
1153 /* First set of helpers allows passing in of OI and RETADDR. This makes
1154 them callable from other helpers. */
1155
1156 #define EXTRA_ARGS , TCGMemOpIdx oi, uintptr_t retaddr
1157 #define ATOMIC_NAME(X) \
1158 HELPER(glue(glue(glue(atomic_ ## X, SUFFIX), END), _mmu))
1159 #define ATOMIC_MMU_DECLS NotDirtyInfo ndi
1160 #define ATOMIC_MMU_LOOKUP atomic_mmu_lookup(env, addr, oi, retaddr, &ndi)
1161 #define ATOMIC_MMU_CLEANUP \
1162 do { \
1163 if (unlikely(ndi.active)) { \
1164 memory_notdirty_write_complete(&ndi); \
1165 } \
1166 } while (0)
1167
1168 #define DATA_SIZE 1
1169 #include "atomic_template.h"
1170
1171 #define DATA_SIZE 2
1172 #include "atomic_template.h"
1173
1174 #define DATA_SIZE 4
1175 #include "atomic_template.h"
1176
1177 #ifdef CONFIG_ATOMIC64
1178 #define DATA_SIZE 8
1179 #include "atomic_template.h"
1180 #endif
1181
1182 #ifdef CONFIG_ATOMIC128
1183 #define DATA_SIZE 16
1184 #include "atomic_template.h"
1185 #endif
1186
1187 /* Second set of helpers are directly callable from TCG as helpers. */
1188
1189 #undef EXTRA_ARGS
1190 #undef ATOMIC_NAME
1191 #undef ATOMIC_MMU_LOOKUP
1192 #define EXTRA_ARGS , TCGMemOpIdx oi
1193 #define ATOMIC_NAME(X) HELPER(glue(glue(atomic_ ## X, SUFFIX), END))
1194 #define ATOMIC_MMU_LOOKUP atomic_mmu_lookup(env, addr, oi, GETPC(), &ndi)
1195
1196 #define DATA_SIZE 1
1197 #include "atomic_template.h"
1198
1199 #define DATA_SIZE 2
1200 #include "atomic_template.h"
1201
1202 #define DATA_SIZE 4
1203 #include "atomic_template.h"
1204
1205 #ifdef CONFIG_ATOMIC64
1206 #define DATA_SIZE 8
1207 #include "atomic_template.h"
1208 #endif
1209
1210 /* Code access functions. */
1211
1212 #undef MMUSUFFIX
1213 #define MMUSUFFIX _cmmu
1214 #undef GETPC
1215 #define GETPC() ((uintptr_t)0)
1216 #define SOFTMMU_CODE_ACCESS
1217
1218 #define DATA_SIZE 1
1219 #include "softmmu_template.h"
1220
1221 #define DATA_SIZE 2
1222 #include "softmmu_template.h"
1223
1224 #define DATA_SIZE 4
1225 #include "softmmu_template.h"
1226
1227 #define DATA_SIZE 8
1228 #include "softmmu_template.h"
AR7 emulation for QEMU