search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Grammar: 'as to'->'as for'
[qemu/ar7.git] / exec.c
blobf7883d22469b61572b35e6ea7bfad1f22220b4bf
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "exec/cputlb.h"
52 #include "translate-all.h"
53
54 #include "exec/memory-internal.h"
55 #include "exec/ram_addr.h"
56
57 #include "qemu/range.h"
58
59 //#define DEBUG_SUBPAGE
60
61 #if !defined(CONFIG_USER_ONLY)
62 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
63 * are protected by the ramlist lock.
64 */
65 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
66
67 static MemoryRegion *system_memory;
68 static MemoryRegion *system_io;
69
70 AddressSpace address_space_io;
71 AddressSpace address_space_memory;
72
73 MemoryRegion io_mem_rom, io_mem_notdirty;
74 static MemoryRegion io_mem_unassigned;
75
76 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
77 #define RAM_PREALLOC (1 << 0)
78
79 /* RAM is mmap-ed with MAP_SHARED */
80 #define RAM_SHARED (1 << 1)
81
82 /* Only a portion of RAM (used_length) is actually used, and migrated.
83 * This used_length size can change across reboots.
84 */
85 #define RAM_RESIZEABLE (1 << 2)
86
87 #endif
88
89 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
90 /* current CPU in the current thread. It is only valid inside
91 cpu_exec() */
92 DEFINE_TLS(CPUState *, current_cpu);
93 /* 0 = Do not count executed instructions.
94 1 = Precise instruction counting.
95 2 = Adaptive rate instruction counting. */
96 int use_icount;
97
98 #if !defined(CONFIG_USER_ONLY)
99
100 typedef struct PhysPageEntry PhysPageEntry;
101
102 struct PhysPageEntry {
103 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
104 uint32_t skip : 6;
105 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
106 uint32_t ptr : 26;
107 };
108
109 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
110
111 /* Size of the L2 (and L3, etc) page tables. */
112 #define ADDR_SPACE_BITS 64
113
114 #define P_L2_BITS 9
115 #define P_L2_SIZE (1 << P_L2_BITS)
116
117 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
118
119 typedef PhysPageEntry Node[P_L2_SIZE];
120
121 typedef struct PhysPageMap {
122 struct rcu_head rcu;
123
124 unsigned sections_nb;
125 unsigned sections_nb_alloc;
126 unsigned nodes_nb;
127 unsigned nodes_nb_alloc;
128 Node *nodes;
129 MemoryRegionSection *sections;
130 } PhysPageMap;
131
132 struct AddressSpaceDispatch {
133 struct rcu_head rcu;
134
135 /* This is a multi-level map on the physical address space.
136 * The bottom level has pointers to MemoryRegionSections.
137 */
138 PhysPageEntry phys_map;
139 PhysPageMap map;
140 AddressSpace *as;
141 };
142
143 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
144 typedef struct subpage_t {
145 MemoryRegion iomem;
146 AddressSpace *as;
147 hwaddr base;
148 uint16_t sub_section[TARGET_PAGE_SIZE];
149 } subpage_t;
150
151 #define PHYS_SECTION_UNASSIGNED 0
152 #define PHYS_SECTION_NOTDIRTY 1
153 #define PHYS_SECTION_ROM 2
154 #define PHYS_SECTION_WATCH 3
155
156 static void io_mem_init(void);
157 static void memory_map_init(void);
158 static void tcg_commit(MemoryListener *listener);
159
160 static MemoryRegion io_mem_watch;
161 #endif
162
163 #if !defined(CONFIG_USER_ONLY)
164
165 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
166 {
167 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
168 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
170 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
171 }
172 }
173
174 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
175 {
176 unsigned i;
177 uint32_t ret;
178 PhysPageEntry e;
179 PhysPageEntry *p;
180
181 ret = map->nodes_nb++;
182 p = map->nodes[ret];
183 assert(ret != PHYS_MAP_NODE_NIL);
184 assert(ret != map->nodes_nb_alloc);
185
186 e.skip = leaf ? 0 : 1;
187 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
188 for (i = 0; i < P_L2_SIZE; ++i) {
189 memcpy(&p[i], &e, sizeof(e));
190 }
191 return ret;
192 }
193
194 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
195 hwaddr *index, hwaddr *nb, uint16_t leaf,
196 int level)
197 {
198 PhysPageEntry *p;
199 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
200
201 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
202 lp->ptr = phys_map_node_alloc(map, level == 0);
203 }
204 p = map->nodes[lp->ptr];
205 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
206
207 while (*nb && lp < &p[P_L2_SIZE]) {
208 if ((*index & (step - 1)) == 0 && *nb >= step) {
209 lp->skip = 0;
210 lp->ptr = leaf;
211 *index += step;
212 *nb -= step;
213 } else {
214 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
215 }
216 ++lp;
217 }
218 }
219
220 static void phys_page_set(AddressSpaceDispatch *d,
221 hwaddr index, hwaddr nb,
222 uint16_t leaf)
223 {
224 /* Wildly overreserve - it doesn't matter much. */
225 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
226
227 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
228 }
229
230 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
231 * and update our entry so we can skip it and go directly to the destination.
232 */
233 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
234 {
235 unsigned valid_ptr = P_L2_SIZE;
236 int valid = 0;
237 PhysPageEntry *p;
238 int i;
239
240 if (lp->ptr == PHYS_MAP_NODE_NIL) {
241 return;
242 }
243
244 p = nodes[lp->ptr];
245 for (i = 0; i < P_L2_SIZE; i++) {
246 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
247 continue;
248 }
249
250 valid_ptr = i;
251 valid++;
252 if (p[i].skip) {
253 phys_page_compact(&p[i], nodes, compacted);
254 }
255 }
256
257 /* We can only compress if there's only one child. */
258 if (valid != 1) {
259 return;
260 }
261
262 assert(valid_ptr < P_L2_SIZE);
263
264 /* Don't compress if it won't fit in the # of bits we have. */
265 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
266 return;
267 }
268
269 lp->ptr = p[valid_ptr].ptr;
270 if (!p[valid_ptr].skip) {
271 /* If our only child is a leaf, make this a leaf. */
272 /* By design, we should have made this node a leaf to begin with so we
273 * should never reach here.
274 * But since it's so simple to handle this, let's do it just in case we
275 * change this rule.
276 */
277 lp->skip = 0;
278 } else {
279 lp->skip += p[valid_ptr].skip;
280 }
281 }
282
283 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
284 {
285 DECLARE_BITMAP(compacted, nodes_nb);
286
287 if (d->phys_map.skip) {
288 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
289 }
290 }
291
292 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
293 Node *nodes, MemoryRegionSection *sections)
294 {
295 PhysPageEntry *p;
296 hwaddr index = addr >> TARGET_PAGE_BITS;
297 int i;
298
299 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
300 if (lp.ptr == PHYS_MAP_NODE_NIL) {
301 return &sections[PHYS_SECTION_UNASSIGNED];
302 }
303 p = nodes[lp.ptr];
304 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
305 }
306
307 if (sections[lp.ptr].size.hi ||
308 range_covers_byte(sections[lp.ptr].offset_within_address_space,
309 sections[lp.ptr].size.lo, addr)) {
310 return &sections[lp.ptr];
311 } else {
312 return &sections[PHYS_SECTION_UNASSIGNED];
313 }
314 }
315
316 bool memory_region_is_unassigned(MemoryRegion *mr)
317 {
318 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
319 && mr != &io_mem_watch;
320 }
321
322 /* Called from RCU critical section */
323 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
324 hwaddr addr,
325 bool resolve_subpage)
326 {
327 MemoryRegionSection *section;
328 subpage_t *subpage;
329
330 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
331 if (resolve_subpage && section->mr->subpage) {
332 subpage = container_of(section->mr, subpage_t, iomem);
333 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
334 }
335 return section;
336 }
337
338 /* Called from RCU critical section */
339 static MemoryRegionSection *
340 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
341 hwaddr *plen, bool resolve_subpage)
342 {
343 MemoryRegionSection *section;
344 MemoryRegion *mr;
345 Int128 diff;
346
347 section = address_space_lookup_region(d, addr, resolve_subpage);
348 /* Compute offset within MemoryRegionSection */
349 addr -= section->offset_within_address_space;
350
351 /* Compute offset within MemoryRegion */
352 *xlat = addr + section->offset_within_region;
353
354 mr = section->mr;
355 if (memory_region_is_ram(mr)) {
356 diff = int128_sub(section->size, int128_make64(addr));
357 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
358 }
359 return section;
360 }
361
362 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
363 {
364 if (memory_region_is_ram(mr)) {
365 return !(is_write && mr->readonly);
366 }
367 if (memory_region_is_romd(mr)) {
368 return !is_write;
369 }
370
371 return false;
372 }
373
374 /* Called from RCU critical section */
375 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
376 hwaddr *xlat, hwaddr *plen,
377 bool is_write)
378 {
379 IOMMUTLBEntry iotlb;
380 MemoryRegionSection *section;
381 MemoryRegion *mr;
382
383 for (;;) {
384 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
385 section = address_space_translate_internal(d, addr, &addr, plen, true);
386 mr = section->mr;
387
388 if (!mr->iommu_ops) {
389 break;
390 }
391
392 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
393 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
394 | (addr & iotlb.addr_mask));
395 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
396 if (!(iotlb.perm & (1 << is_write))) {
397 mr = &io_mem_unassigned;
398 break;
399 }
400
401 as = iotlb.target_as;
402 }
403
404 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
405 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
406 *plen = MIN(page, *plen);
407 }
408
409 *xlat = addr;
410 return mr;
411 }
412
413 /* Called from RCU critical section */
414 MemoryRegionSection *
415 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
416 hwaddr *xlat, hwaddr *plen)
417 {
418 MemoryRegionSection *section;
419 section = address_space_translate_internal(cpu->memory_dispatch,
420 addr, xlat, plen, false);
421
422 assert(!section->mr->iommu_ops);
423 return section;
424 }
425 #endif
426
427 #if !defined(CONFIG_USER_ONLY)
428
429 static int cpu_common_post_load(void *opaque, int version_id)
430 {
431 CPUState *cpu = opaque;
432
433 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
434 version_id is increased. */
435 cpu->interrupt_request &= ~0x01;
436 tlb_flush(cpu, 1);
437
438 return 0;
439 }
440
441 static int cpu_common_pre_load(void *opaque)
442 {
443 CPUState *cpu = opaque;
444
445 cpu->exception_index = -1;
446
447 return 0;
448 }
449
450 static bool cpu_common_exception_index_needed(void *opaque)
451 {
452 CPUState *cpu = opaque;
453
454 return tcg_enabled() && cpu->exception_index != -1;
455 }
456
457 static const VMStateDescription vmstate_cpu_common_exception_index = {
458 .name = "cpu_common/exception_index",
459 .version_id = 1,
460 .minimum_version_id = 1,
461 .needed = cpu_common_exception_index_needed,
462 .fields = (VMStateField[]) {
463 VMSTATE_INT32(exception_index, CPUState),
464 VMSTATE_END_OF_LIST()
465 }
466 };
467
468 const VMStateDescription vmstate_cpu_common = {
469 .name = "cpu_common",
470 .version_id = 1,
471 .minimum_version_id = 1,
472 .pre_load = cpu_common_pre_load,
473 .post_load = cpu_common_post_load,
474 .fields = (VMStateField[]) {
475 VMSTATE_UINT32(halted, CPUState),
476 VMSTATE_UINT32(interrupt_request, CPUState),
477 VMSTATE_END_OF_LIST()
478 },
479 .subsections = (const VMStateDescription*[]) {
480 &vmstate_cpu_common_exception_index,
481 NULL
482 }
483 };
484
485 #endif
486
487 CPUState *qemu_get_cpu(int index)
488 {
489 CPUState *cpu;
490
491 CPU_FOREACH(cpu) {
492 if (cpu->cpu_index == index) {
493 return cpu;
494 }
495 }
496
497 return NULL;
498 }
499
500 #if !defined(CONFIG_USER_ONLY)
501 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
502 {
503 /* We only support one address space per cpu at the moment. */
504 assert(cpu->as == as);
505
506 if (cpu->tcg_as_listener) {
507 memory_listener_unregister(cpu->tcg_as_listener);
508 } else {
509 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
510 }
511 cpu->tcg_as_listener->commit = tcg_commit;
512 memory_listener_register(cpu->tcg_as_listener, as);
513 }
514 #endif
515
516 void cpu_exec_init(CPUArchState *env)
517 {
518 CPUState *cpu = ENV_GET_CPU(env);
519 CPUClass *cc = CPU_GET_CLASS(cpu);
520 CPUState *some_cpu;
521 int cpu_index;
522
523 #if defined(CONFIG_USER_ONLY)
524 cpu_list_lock();
525 #endif
526 cpu_index = 0;
527 CPU_FOREACH(some_cpu) {
528 cpu_index++;
529 }
530 cpu->cpu_index = cpu_index;
531 cpu->numa_node = 0;
532 QTAILQ_INIT(&cpu->breakpoints);
533 QTAILQ_INIT(&cpu->watchpoints);
534 #ifndef CONFIG_USER_ONLY
535 cpu->as = &address_space_memory;
536 cpu->thread_id = qemu_get_thread_id();
537 cpu_reload_memory_map(cpu);
538 #endif
539 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
540 #if defined(CONFIG_USER_ONLY)
541 cpu_list_unlock();
542 #endif
543 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
544 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
545 }
546 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
547 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
548 cpu_save, cpu_load, env);
549 assert(cc->vmsd == NULL);
550 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
551 #endif
552 if (cc->vmsd != NULL) {
553 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
554 }
555 }
556
557 #if defined(CONFIG_USER_ONLY)
558 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
559 {
560 tb_invalidate_phys_page_range(pc, pc + 1, 0);
561 }
562 #else
563 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
564 {
565 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
566 if (phys != -1) {
567 tb_invalidate_phys_addr(cpu->as,
568 phys | (pc & ~TARGET_PAGE_MASK));
569 }
570 }
571 #endif
572
573 #if defined(CONFIG_USER_ONLY)
574 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
575
576 {
577 }
578
579 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
580 int flags)
581 {
582 return -ENOSYS;
583 }
584
585 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
586 {
587 }
588
589 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
590 int flags, CPUWatchpoint **watchpoint)
591 {
592 return -ENOSYS;
593 }
594 #else
595 /* Add a watchpoint. */
596 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
597 int flags, CPUWatchpoint **watchpoint)
598 {
599 CPUWatchpoint *wp;
600
601 /* forbid ranges which are empty or run off the end of the address space */
602 if (len == 0 || (addr + len - 1) < addr) {
603 error_report("tried to set invalid watchpoint at %"
604 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
605 return -EINVAL;
606 }
607 wp = g_malloc(sizeof(*wp));
608
609 wp->vaddr = addr;
610 wp->len = len;
611 wp->flags = flags;
612
613 /* keep all GDB-injected watchpoints in front */
614 if (flags & BP_GDB) {
615 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
616 } else {
617 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
618 }
619
620 tlb_flush_page(cpu, addr);
621
622 if (watchpoint)
623 *watchpoint = wp;
624 return 0;
625 }
626
627 /* Remove a specific watchpoint. */
628 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
629 int flags)
630 {
631 CPUWatchpoint *wp;
632
633 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
634 if (addr == wp->vaddr && len == wp->len
635 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
636 cpu_watchpoint_remove_by_ref(cpu, wp);
637 return 0;
638 }
639 }
640 return -ENOENT;
641 }
642
643 /* Remove a specific watchpoint by reference. */
644 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
645 {
646 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
647
648 tlb_flush_page(cpu, watchpoint->vaddr);
649
650 g_free(watchpoint);
651 }
652
653 /* Remove all matching watchpoints. */
654 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
655 {
656 CPUWatchpoint *wp, *next;
657
658 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
659 if (wp->flags & mask) {
660 cpu_watchpoint_remove_by_ref(cpu, wp);
661 }
662 }
663 }
664
665 /* Return true if this watchpoint address matches the specified
666 * access (ie the address range covered by the watchpoint overlaps
667 * partially or completely with the address range covered by the
668 * access).
669 */
670 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
671 vaddr addr,
672 vaddr len)
673 {
674 /* We know the lengths are non-zero, but a little caution is
675 * required to avoid errors in the case where the range ends
676 * exactly at the top of the address space and so addr + len
677 * wraps round to zero.
678 */
679 vaddr wpend = wp->vaddr + wp->len - 1;
680 vaddr addrend = addr + len - 1;
681
682 return !(addr > wpend || wp->vaddr > addrend);
683 }
684
685 #endif
686
687 /* Add a breakpoint. */
688 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
689 CPUBreakpoint **breakpoint)
690 {
691 CPUBreakpoint *bp;
692
693 bp = g_malloc(sizeof(*bp));
694
695 bp->pc = pc;
696 bp->flags = flags;
697
698 /* keep all GDB-injected breakpoints in front */
699 if (flags & BP_GDB) {
700 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
701 } else {
702 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
703 }
704
705 breakpoint_invalidate(cpu, pc);
706
707 if (breakpoint) {
708 *breakpoint = bp;
709 }
710 return 0;
711 }
712
713 /* Remove a specific breakpoint. */
714 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
715 {
716 CPUBreakpoint *bp;
717
718 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
719 if (bp->pc == pc && bp->flags == flags) {
720 cpu_breakpoint_remove_by_ref(cpu, bp);
721 return 0;
722 }
723 }
724 return -ENOENT;
725 }
726
727 /* Remove a specific breakpoint by reference. */
728 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
729 {
730 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
731
732 breakpoint_invalidate(cpu, breakpoint->pc);
733
734 g_free(breakpoint);
735 }
736
737 /* Remove all matching breakpoints. */
738 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
739 {
740 CPUBreakpoint *bp, *next;
741
742 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
743 if (bp->flags & mask) {
744 cpu_breakpoint_remove_by_ref(cpu, bp);
745 }
746 }
747 }
748
749 /* enable or disable single step mode. EXCP_DEBUG is returned by the
750 CPU loop after each instruction */
751 void cpu_single_step(CPUState *cpu, int enabled)
752 {
753 if (cpu->singlestep_enabled != enabled) {
754 cpu->singlestep_enabled = enabled;
755 if (kvm_enabled()) {
756 kvm_update_guest_debug(cpu, 0);
757 } else {
758 /* must flush all the translated code to avoid inconsistencies */
759 /* XXX: only flush what is necessary */
760 CPUArchState *env = cpu->env_ptr;
761 tb_flush(env);
762 }
763 }
764 }
765
766 void cpu_abort(CPUState *cpu, const char *fmt, ...)
767 {
768 va_list ap;
769 va_list ap2;
770
771 va_start(ap, fmt);
772 va_copy(ap2, ap);
773 fprintf(stderr, "qemu: fatal: ");
774 vfprintf(stderr, fmt, ap);
775 fprintf(stderr, "\n");
776 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
777 if (qemu_log_enabled()) {
778 qemu_log("qemu: fatal: ");
779 qemu_log_vprintf(fmt, ap2);
780 qemu_log("\n");
781 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
782 qemu_log_flush();
783 qemu_log_close();
784 }
785 va_end(ap2);
786 va_end(ap);
787 #if defined(CONFIG_USER_ONLY)
788 {
789 struct sigaction act;
790 sigfillset(&act.sa_mask);
791 act.sa_handler = SIG_DFL;
792 sigaction(SIGABRT, &act, NULL);
793 }
794 #endif
795 abort();
796 }
797
798 #if !defined(CONFIG_USER_ONLY)
799 /* Called from RCU critical section */
800 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
801 {
802 RAMBlock *block;
803
804 block = atomic_rcu_read(&ram_list.mru_block);
805 if (block && addr - block->offset < block->max_length) {
806 goto found;
807 }
808 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
809 if (addr - block->offset < block->max_length) {
810 goto found;
811 }
812 }
813
814 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
815 abort();
816
817 found:
818 /* It is safe to write mru_block outside the iothread lock. This
819 * is what happens:
820 *
821 * mru_block = xxx
822 * rcu_read_unlock()
823 * xxx removed from list
824 * rcu_read_lock()
825 * read mru_block
826 * mru_block = NULL;
827 * call_rcu(reclaim_ramblock, xxx);
828 * rcu_read_unlock()
829 *
830 * atomic_rcu_set is not needed here. The block was already published
831 * when it was placed into the list. Here we're just making an extra
832 * copy of the pointer.
833 */
834 ram_list.mru_block = block;
835 return block;
836 }
837
838 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
839 {
840 ram_addr_t start1;
841 RAMBlock *block;
842 ram_addr_t end;
843
844 end = TARGET_PAGE_ALIGN(start + length);
845 start &= TARGET_PAGE_MASK;
846
847 rcu_read_lock();
848 block = qemu_get_ram_block(start);
849 assert(block == qemu_get_ram_block(end - 1));
850 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
851 cpu_tlb_reset_dirty_all(start1, length);
852 rcu_read_unlock();
853 }
854
855 /* Note: start and end must be within the same ram block. */
856 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
857 ram_addr_t length,
858 unsigned client)
859 {
860 unsigned long end, page;
861 bool dirty;
862
863 if (length == 0) {
864 return false;
865 }
866
867 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
868 page = start >> TARGET_PAGE_BITS;
869 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
870 page, end - page);
871
872 if (dirty && tcg_enabled()) {
873 tlb_reset_dirty_range_all(start, length);
874 }
875
876 return dirty;
877 }
878
879 /* Called from RCU critical section */
880 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
881 MemoryRegionSection *section,
882 target_ulong vaddr,
883 hwaddr paddr, hwaddr xlat,
884 int prot,
885 target_ulong *address)
886 {
887 hwaddr iotlb;
888 CPUWatchpoint *wp;
889
890 if (memory_region_is_ram(section->mr)) {
891 /* Normal RAM. */
892 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
893 + xlat;
894 if (!section->readonly) {
895 iotlb |= PHYS_SECTION_NOTDIRTY;
896 } else {
897 iotlb |= PHYS_SECTION_ROM;
898 }
899 } else {
900 iotlb = section - section->address_space->dispatch->map.sections;
901 iotlb += xlat;
902 }
903
904 /* Make accesses to pages with watchpoints go via the
905 watchpoint trap routines. */
906 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
907 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
908 /* Avoid trapping reads of pages with a write breakpoint. */
909 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
910 iotlb = PHYS_SECTION_WATCH + paddr;
911 *address |= TLB_MMIO;
912 break;
913 }
914 }
915 }
916
917 return iotlb;
918 }
919 #endif /* defined(CONFIG_USER_ONLY) */
920
921 #if !defined(CONFIG_USER_ONLY)
922
923 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
924 uint16_t section);
925 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
926
927 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
928 qemu_anon_ram_alloc;
929
930 /*
931 * Set a custom physical guest memory alloator.
932 * Accelerators with unusual needs may need this. Hopefully, we can
933 * get rid of it eventually.
934 */
935 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
936 {
937 phys_mem_alloc = alloc;
938 }
939
940 static uint16_t phys_section_add(PhysPageMap *map,
941 MemoryRegionSection *section)
942 {
943 /* The physical section number is ORed with a page-aligned
944 * pointer to produce the iotlb entries. Thus it should
945 * never overflow into the page-aligned value.
946 */
947 assert(map->sections_nb < TARGET_PAGE_SIZE);
948
949 if (map->sections_nb == map->sections_nb_alloc) {
950 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
951 map->sections = g_renew(MemoryRegionSection, map->sections,
952 map->sections_nb_alloc);
953 }
954 map->sections[map->sections_nb] = *section;
955 memory_region_ref(section->mr);
956 return map->sections_nb++;
957 }
958
959 static void phys_section_destroy(MemoryRegion *mr)
960 {
961 memory_region_unref(mr);
962
963 if (mr->subpage) {
964 subpage_t *subpage = container_of(mr, subpage_t, iomem);
965 object_unref(OBJECT(&subpage->iomem));
966 g_free(subpage);
967 }
968 }
969
970 static void phys_sections_free(PhysPageMap *map)
971 {
972 while (map->sections_nb > 0) {
973 MemoryRegionSection *section = &map->sections[--map->sections_nb];
974 phys_section_destroy(section->mr);
975 }
976 g_free(map->sections);
977 g_free(map->nodes);
978 }
979
980 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
981 {
982 subpage_t *subpage;
983 hwaddr base = section->offset_within_address_space
984 & TARGET_PAGE_MASK;
985 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
986 d->map.nodes, d->map.sections);
987 MemoryRegionSection subsection = {
988 .offset_within_address_space = base,
989 .size = int128_make64(TARGET_PAGE_SIZE),
990 };
991 hwaddr start, end;
992
993 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
994
995 if (!(existing->mr->subpage)) {
996 subpage = subpage_init(d->as, base);
997 subsection.address_space = d->as;
998 subsection.mr = &subpage->iomem;
999 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1000 phys_section_add(&d->map, &subsection));
1001 } else {
1002 subpage = container_of(existing->mr, subpage_t, iomem);
1003 }
1004 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1005 end = start + int128_get64(section->size) - 1;
1006 subpage_register(subpage, start, end,
1007 phys_section_add(&d->map, section));
1008 }
1009
1010
1011 static void register_multipage(AddressSpaceDispatch *d,
1012 MemoryRegionSection *section)
1013 {
1014 hwaddr start_addr = section->offset_within_address_space;
1015 uint16_t section_index = phys_section_add(&d->map, section);
1016 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1017 TARGET_PAGE_BITS));
1018
1019 assert(num_pages);
1020 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1021 }
1022
1023 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1024 {
1025 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1026 AddressSpaceDispatch *d = as->next_dispatch;
1027 MemoryRegionSection now = *section, remain = *section;
1028 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1029
1030 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1031 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1032 - now.offset_within_address_space;
1033
1034 now.size = int128_min(int128_make64(left), now.size);
1035 register_subpage(d, &now);
1036 } else {
1037 now.size = int128_zero();
1038 }
1039 while (int128_ne(remain.size, now.size)) {
1040 remain.size = int128_sub(remain.size, now.size);
1041 remain.offset_within_address_space += int128_get64(now.size);
1042 remain.offset_within_region += int128_get64(now.size);
1043 now = remain;
1044 if (int128_lt(remain.size, page_size)) {
1045 register_subpage(d, &now);
1046 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1047 now.size = page_size;
1048 register_subpage(d, &now);
1049 } else {
1050 now.size = int128_and(now.size, int128_neg(page_size));
1051 register_multipage(d, &now);
1052 }
1053 }
1054 }
1055
1056 void qemu_flush_coalesced_mmio_buffer(void)
1057 {
1058 if (kvm_enabled())
1059 kvm_flush_coalesced_mmio_buffer();
1060 }
1061
1062 void qemu_mutex_lock_ramlist(void)
1063 {
1064 qemu_mutex_lock(&ram_list.mutex);
1065 }
1066
1067 void qemu_mutex_unlock_ramlist(void)
1068 {
1069 qemu_mutex_unlock(&ram_list.mutex);
1070 }
1071
1072 #ifdef __linux__
1073
1074 #include <sys/vfs.h>
1075
1076 #define HUGETLBFS_MAGIC 0x958458f6
1077
1078 static long gethugepagesize(const char *path, Error **errp)
1079 {
1080 struct statfs fs;
1081 int ret;
1082
1083 do {
1084 ret = statfs(path, &fs);
1085 } while (ret != 0 && errno == EINTR);
1086
1087 if (ret != 0) {
1088 error_setg_errno(errp, errno, "failed to get page size of file %s",
1089 path);
1090 return 0;
1091 }
1092
1093 if (fs.f_type != HUGETLBFS_MAGIC)
1094 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1095
1096 return fs.f_bsize;
1097 }
1098
1099 static void *file_ram_alloc(RAMBlock *block,
1100 ram_addr_t memory,
1101 const char *path,
1102 Error **errp)
1103 {
1104 char *filename;
1105 char *sanitized_name;
1106 char *c;
1107 void *area = NULL;
1108 int fd;
1109 uint64_t hpagesize;
1110 Error *local_err = NULL;
1111
1112 hpagesize = gethugepagesize(path, &local_err);
1113 if (local_err) {
1114 error_propagate(errp, local_err);
1115 goto error;
1116 }
1117 block->mr->align = hpagesize;
1118
1119 if (memory < hpagesize) {
1120 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1121 "or larger than huge page size 0x%" PRIx64,
1122 memory, hpagesize);
1123 goto error;
1124 }
1125
1126 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1127 error_setg(errp,
1128 "host lacks kvm mmu notifiers, -mem-path unsupported");
1129 goto error;
1130 }
1131
1132 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1133 sanitized_name = g_strdup(memory_region_name(block->mr));
1134 for (c = sanitized_name; *c != '\0'; c++) {
1135 if (*c == '/')
1136 *c = '_';
1137 }
1138
1139 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1140 sanitized_name);
1141 g_free(sanitized_name);
1142
1143 fd = mkstemp(filename);
1144 if (fd < 0) {
1145 error_setg_errno(errp, errno,
1146 "unable to create backing store for hugepages");
1147 g_free(filename);
1148 goto error;
1149 }
1150 unlink(filename);
1151 g_free(filename);
1152
1153 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1154
1155 /*
1156 * ftruncate is not supported by hugetlbfs in older
1157 * hosts, so don't bother bailing out on errors.
1158 * If anything goes wrong with it under other filesystems,
1159 * mmap will fail.
1160 */
1161 if (ftruncate(fd, memory)) {
1162 perror("ftruncate");
1163 }
1164
1165 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1166 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1167 fd, 0);
1168 if (area == MAP_FAILED) {
1169 error_setg_errno(errp, errno,
1170 "unable to map backing store for hugepages");
1171 close(fd);
1172 goto error;
1173 }
1174
1175 if (mem_prealloc) {
1176 os_mem_prealloc(fd, area, memory);
1177 }
1178
1179 block->fd = fd;
1180 return area;
1181
1182 error:
1183 if (mem_prealloc) {
1184 error_report("%s", error_get_pretty(*errp));
1185 exit(1);
1186 }
1187 return NULL;
1188 }
1189 #endif
1190
1191 /* Called with the ramlist lock held. */
1192 static ram_addr_t find_ram_offset(ram_addr_t size)
1193 {
1194 RAMBlock *block, *next_block;
1195 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1196
1197 assert(size != 0); /* it would hand out same offset multiple times */
1198
1199 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1200 return 0;
1201 }
1202
1203 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1204 ram_addr_t end, next = RAM_ADDR_MAX;
1205
1206 end = block->offset + block->max_length;
1207
1208 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1209 if (next_block->offset >= end) {
1210 next = MIN(next, next_block->offset);
1211 }
1212 }
1213 if (next - end >= size && next - end < mingap) {
1214 offset = end;
1215 mingap = next - end;
1216 }
1217 }
1218
1219 if (offset == RAM_ADDR_MAX) {
1220 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1221 (uint64_t)size);
1222 abort();
1223 }
1224
1225 return offset;
1226 }
1227
1228 ram_addr_t last_ram_offset(void)
1229 {
1230 RAMBlock *block;
1231 ram_addr_t last = 0;
1232
1233 rcu_read_lock();
1234 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1235 last = MAX(last, block->offset + block->max_length);
1236 }
1237 rcu_read_unlock();
1238 return last;
1239 }
1240
1241 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1242 {
1243 int ret;
1244
1245 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1246 if (!machine_dump_guest_core(current_machine)) {
1247 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1248 if (ret) {
1249 perror("qemu_madvise");
1250 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1251 "but dump_guest_core=off specified\n");
1252 }
1253 }
1254 }
1255
1256 /* Called within an RCU critical section, or while the ramlist lock
1257 * is held.
1258 */
1259 static RAMBlock *find_ram_block(ram_addr_t addr)
1260 {
1261 RAMBlock *block;
1262
1263 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1264 if (block->offset == addr) {
1265 return block;
1266 }
1267 }
1268
1269 return NULL;
1270 }
1271
1272 /* Called with iothread lock held. */
1273 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1274 {
1275 RAMBlock *new_block, *block;
1276
1277 rcu_read_lock();
1278 new_block = find_ram_block(addr);
1279 assert(new_block);
1280 assert(!new_block->idstr[0]);
1281
1282 if (dev) {
1283 char *id = qdev_get_dev_path(dev);
1284 if (id) {
1285 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1286 g_free(id);
1287 }
1288 }
1289 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1290
1291 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1292 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1293 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1294 new_block->idstr);
1295 abort();
1296 }
1297 }
1298 rcu_read_unlock();
1299 }
1300
1301 /* Called with iothread lock held. */
1302 void qemu_ram_unset_idstr(ram_addr_t addr)
1303 {
1304 RAMBlock *block;
1305
1306 /* FIXME: arch_init.c assumes that this is not called throughout
1307 * migration. Ignore the problem since hot-unplug during migration
1308 * does not work anyway.
1309 */
1310
1311 rcu_read_lock();
1312 block = find_ram_block(addr);
1313 if (block) {
1314 memset(block->idstr, 0, sizeof(block->idstr));
1315 }
1316 rcu_read_unlock();
1317 }
1318
1319 static int memory_try_enable_merging(void *addr, size_t len)
1320 {
1321 if (!machine_mem_merge(current_machine)) {
1322 /* disabled by the user */
1323 return 0;
1324 }
1325
1326 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1327 }
1328
1329 /* Only legal before guest might have detected the memory size: e.g. on
1330 * incoming migration, or right after reset.
1331 *
1332 * As memory core doesn't know how is memory accessed, it is up to
1333 * resize callback to update device state and/or add assertions to detect
1334 * misuse, if necessary.
1335 */
1336 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1337 {
1338 RAMBlock *block = find_ram_block(base);
1339
1340 assert(block);
1341
1342 newsize = TARGET_PAGE_ALIGN(newsize);
1343
1344 if (block->used_length == newsize) {
1345 return 0;
1346 }
1347
1348 if (!(block->flags & RAM_RESIZEABLE)) {
1349 error_setg_errno(errp, EINVAL,
1350 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1351 " in != 0x" RAM_ADDR_FMT, block->idstr,
1352 newsize, block->used_length);
1353 return -EINVAL;
1354 }
1355
1356 if (block->max_length < newsize) {
1357 error_setg_errno(errp, EINVAL,
1358 "Length too large: %s: 0x" RAM_ADDR_FMT
1359 " > 0x" RAM_ADDR_FMT, block->idstr,
1360 newsize, block->max_length);
1361 return -EINVAL;
1362 }
1363
1364 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1365 block->used_length = newsize;
1366 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1367 DIRTY_CLIENTS_ALL);
1368 memory_region_set_size(block->mr, newsize);
1369 if (block->resized) {
1370 block->resized(block->idstr, newsize, block->host);
1371 }
1372 return 0;
1373 }
1374
1375 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1376 {
1377 RAMBlock *block;
1378 RAMBlock *last_block = NULL;
1379 ram_addr_t old_ram_size, new_ram_size;
1380
1381 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1382
1383 qemu_mutex_lock_ramlist();
1384 new_block->offset = find_ram_offset(new_block->max_length);
1385
1386 if (!new_block->host) {
1387 if (xen_enabled()) {
1388 xen_ram_alloc(new_block->offset, new_block->max_length,
1389 new_block->mr);
1390 } else {
1391 new_block->host = phys_mem_alloc(new_block->max_length,
1392 &new_block->mr->align);
1393 if (!new_block->host) {
1394 error_setg_errno(errp, errno,
1395 "cannot set up guest memory '%s'",
1396 memory_region_name(new_block->mr));
1397 qemu_mutex_unlock_ramlist();
1398 return -1;
1399 }
1400 memory_try_enable_merging(new_block->host, new_block->max_length);
1401 }
1402 }
1403
1404 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1405 * QLIST (which has an RCU-friendly variant) does not have insertion at
1406 * tail, so save the last element in last_block.
1407 */
1408 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1409 last_block = block;
1410 if (block->max_length < new_block->max_length) {
1411 break;
1412 }
1413 }
1414 if (block) {
1415 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1416 } else if (last_block) {
1417 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1418 } else { /* list is empty */
1419 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1420 }
1421 ram_list.mru_block = NULL;
1422
1423 /* Write list before version */
1424 smp_wmb();
1425 ram_list.version++;
1426 qemu_mutex_unlock_ramlist();
1427
1428 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1429
1430 if (new_ram_size > old_ram_size) {
1431 int i;
1432
1433 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1434 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1435 ram_list.dirty_memory[i] =
1436 bitmap_zero_extend(ram_list.dirty_memory[i],
1437 old_ram_size, new_ram_size);
1438 }
1439 }
1440 cpu_physical_memory_set_dirty_range(new_block->offset,
1441 new_block->used_length,
1442 DIRTY_CLIENTS_ALL);
1443
1444 if (new_block->host) {
1445 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1446 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1447 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1448 if (kvm_enabled()) {
1449 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1450 }
1451 }
1452
1453 return new_block->offset;
1454 }
1455
1456 #ifdef __linux__
1457 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1458 bool share, const char *mem_path,
1459 Error **errp)
1460 {
1461 RAMBlock *new_block;
1462 ram_addr_t addr;
1463 Error *local_err = NULL;
1464
1465 if (xen_enabled()) {
1466 error_setg(errp, "-mem-path not supported with Xen");
1467 return -1;
1468 }
1469
1470 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1471 /*
1472 * file_ram_alloc() needs to allocate just like
1473 * phys_mem_alloc, but we haven't bothered to provide
1474 * a hook there.
1475 */
1476 error_setg(errp,
1477 "-mem-path not supported with this accelerator");
1478 return -1;
1479 }
1480
1481 size = TARGET_PAGE_ALIGN(size);
1482 new_block = g_malloc0(sizeof(*new_block));
1483 new_block->mr = mr;
1484 new_block->used_length = size;
1485 new_block->max_length = size;
1486 new_block->flags = share ? RAM_SHARED : 0;
1487 new_block->host = file_ram_alloc(new_block, size,
1488 mem_path, errp);
1489 if (!new_block->host) {
1490 g_free(new_block);
1491 return -1;
1492 }
1493
1494 addr = ram_block_add(new_block, &local_err);
1495 if (local_err) {
1496 g_free(new_block);
1497 error_propagate(errp, local_err);
1498 return -1;
1499 }
1500 return addr;
1501 }
1502 #endif
1503
1504 static
1505 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1506 void (*resized)(const char*,
1507 uint64_t length,
1508 void *host),
1509 void *host, bool resizeable,
1510 MemoryRegion *mr, Error **errp)
1511 {
1512 RAMBlock *new_block;
1513 ram_addr_t addr;
1514 Error *local_err = NULL;
1515
1516 size = TARGET_PAGE_ALIGN(size);
1517 max_size = TARGET_PAGE_ALIGN(max_size);
1518 new_block = g_malloc0(sizeof(*new_block));
1519 new_block->mr = mr;
1520 new_block->resized = resized;
1521 new_block->used_length = size;
1522 new_block->max_length = max_size;
1523 assert(max_size >= size);
1524 new_block->fd = -1;
1525 new_block->host = host;
1526 if (host) {
1527 new_block->flags |= RAM_PREALLOC;
1528 }
1529 if (resizeable) {
1530 new_block->flags |= RAM_RESIZEABLE;
1531 }
1532 addr = ram_block_add(new_block, &local_err);
1533 if (local_err) {
1534 g_free(new_block);
1535 error_propagate(errp, local_err);
1536 return -1;
1537 }
1538 return addr;
1539 }
1540
1541 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1542 MemoryRegion *mr, Error **errp)
1543 {
1544 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1545 }
1546
1547 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1548 {
1549 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1550 }
1551
1552 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1553 void (*resized)(const char*,
1554 uint64_t length,
1555 void *host),
1556 MemoryRegion *mr, Error **errp)
1557 {
1558 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1559 }
1560
1561 void qemu_ram_free_from_ptr(ram_addr_t addr)
1562 {
1563 RAMBlock *block;
1564
1565 qemu_mutex_lock_ramlist();
1566 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1567 if (addr == block->offset) {
1568 QLIST_REMOVE_RCU(block, next);
1569 ram_list.mru_block = NULL;
1570 /* Write list before version */
1571 smp_wmb();
1572 ram_list.version++;
1573 g_free_rcu(block, rcu);
1574 break;
1575 }
1576 }
1577 qemu_mutex_unlock_ramlist();
1578 }
1579
1580 static void reclaim_ramblock(RAMBlock *block)
1581 {
1582 if (block->flags & RAM_PREALLOC) {
1583 ;
1584 } else if (xen_enabled()) {
1585 xen_invalidate_map_cache_entry(block->host);
1586 #ifndef _WIN32
1587 } else if (block->fd >= 0) {
1588 munmap(block->host, block->max_length);
1589 close(block->fd);
1590 #endif
1591 } else {
1592 qemu_anon_ram_free(block->host, block->max_length);
1593 }
1594 g_free(block);
1595 }
1596
1597 void qemu_ram_free(ram_addr_t addr)
1598 {
1599 RAMBlock *block;
1600
1601 qemu_mutex_lock_ramlist();
1602 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1603 if (addr == block->offset) {
1604 QLIST_REMOVE_RCU(block, next);
1605 ram_list.mru_block = NULL;
1606 /* Write list before version */
1607 smp_wmb();
1608 ram_list.version++;
1609 call_rcu(block, reclaim_ramblock, rcu);
1610 break;
1611 }
1612 }
1613 qemu_mutex_unlock_ramlist();
1614 }
1615
1616 #ifndef _WIN32
1617 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1618 {
1619 RAMBlock *block;
1620 ram_addr_t offset;
1621 int flags;
1622 void *area, *vaddr;
1623
1624 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1625 offset = addr - block->offset;
1626 if (offset < block->max_length) {
1627 vaddr = ramblock_ptr(block, offset);
1628 if (block->flags & RAM_PREALLOC) {
1629 ;
1630 } else if (xen_enabled()) {
1631 abort();
1632 } else {
1633 flags = MAP_FIXED;
1634 if (block->fd >= 0) {
1635 flags |= (block->flags & RAM_SHARED ?
1636 MAP_SHARED : MAP_PRIVATE);
1637 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1638 flags, block->fd, offset);
1639 } else {
1640 /*
1641 * Remap needs to match alloc. Accelerators that
1642 * set phys_mem_alloc never remap. If they did,
1643 * we'd need a remap hook here.
1644 */
1645 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1646
1647 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1648 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1649 flags, -1, 0);
1650 }
1651 if (area != vaddr) {
1652 fprintf(stderr, "Could not remap addr: "
1653 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1654 length, addr);
1655 exit(1);
1656 }
1657 memory_try_enable_merging(vaddr, length);
1658 qemu_ram_setup_dump(vaddr, length);
1659 }
1660 }
1661 }
1662 }
1663 #endif /* !_WIN32 */
1664
1665 int qemu_get_ram_fd(ram_addr_t addr)
1666 {
1667 RAMBlock *block;
1668 int fd;
1669
1670 rcu_read_lock();
1671 block = qemu_get_ram_block(addr);
1672 fd = block->fd;
1673 rcu_read_unlock();
1674 return fd;
1675 }
1676
1677 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1678 {
1679 RAMBlock *block;
1680 void *ptr;
1681
1682 rcu_read_lock();
1683 block = qemu_get_ram_block(addr);
1684 ptr = ramblock_ptr(block, 0);
1685 rcu_read_unlock();
1686 return ptr;
1687 }
1688
1689 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1690 * This should not be used for general purpose DMA. Use address_space_map
1691 * or address_space_rw instead. For local memory (e.g. video ram) that the
1692 * device owns, use memory_region_get_ram_ptr.
1693 *
1694 * By the time this function returns, the returned pointer is not protected
1695 * by RCU anymore. If the caller is not within an RCU critical section and
1696 * does not hold the iothread lock, it must have other means of protecting the
1697 * pointer, such as a reference to the region that includes the incoming
1698 * ram_addr_t.
1699 */
1700 void *qemu_get_ram_ptr(ram_addr_t addr)
1701 {
1702 RAMBlock *block;
1703 void *ptr;
1704
1705 rcu_read_lock();
1706 block = qemu_get_ram_block(addr);
1707
1708 if (xen_enabled() && block->host == NULL) {
1709 /* We need to check if the requested address is in the RAM
1710 * because we don't want to map the entire memory in QEMU.
1711 * In that case just map until the end of the page.
1712 */
1713 if (block->offset == 0) {
1714 ptr = xen_map_cache(addr, 0, 0);
1715 goto unlock;
1716 }
1717
1718 block->host = xen_map_cache(block->offset, block->max_length, 1);
1719 }
1720 ptr = ramblock_ptr(block, addr - block->offset);
1721
1722 unlock:
1723 rcu_read_unlock();
1724 return ptr;
1725 }
1726
1727 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1728 * but takes a size argument.
1729 *
1730 * By the time this function returns, the returned pointer is not protected
1731 * by RCU anymore. If the caller is not within an RCU critical section and
1732 * does not hold the iothread lock, it must have other means of protecting the
1733 * pointer, such as a reference to the region that includes the incoming
1734 * ram_addr_t.
1735 */
1736 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1737 {
1738 void *ptr;
1739 if (*size == 0) {
1740 return NULL;
1741 }
1742 if (xen_enabled()) {
1743 return xen_map_cache(addr, *size, 1);
1744 } else {
1745 RAMBlock *block;
1746 rcu_read_lock();
1747 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1748 if (addr - block->offset < block->max_length) {
1749 if (addr - block->offset + *size > block->max_length)
1750 *size = block->max_length - addr + block->offset;
1751 ptr = ramblock_ptr(block, addr - block->offset);
1752 rcu_read_unlock();
1753 return ptr;
1754 }
1755 }
1756
1757 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1758 abort();
1759 }
1760 }
1761
1762 /* Some of the softmmu routines need to translate from a host pointer
1763 * (typically a TLB entry) back to a ram offset.
1764 *
1765 * By the time this function returns, the returned pointer is not protected
1766 * by RCU anymore. If the caller is not within an RCU critical section and
1767 * does not hold the iothread lock, it must have other means of protecting the
1768 * pointer, such as a reference to the region that includes the incoming
1769 * ram_addr_t.
1770 */
1771 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1772 {
1773 RAMBlock *block;
1774 uint8_t *host = ptr;
1775 MemoryRegion *mr;
1776
1777 if (xen_enabled()) {
1778 rcu_read_lock();
1779 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1780 mr = qemu_get_ram_block(*ram_addr)->mr;
1781 rcu_read_unlock();
1782 return mr;
1783 }
1784
1785 rcu_read_lock();
1786 block = atomic_rcu_read(&ram_list.mru_block);
1787 if (block && block->host && host - block->host < block->max_length) {
1788 goto found;
1789 }
1790
1791 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1792 /* This case append when the block is not mapped. */
1793 if (block->host == NULL) {
1794 continue;
1795 }
1796 if (host - block->host < block->max_length) {
1797 goto found;
1798 }
1799 }
1800
1801 rcu_read_unlock();
1802 return NULL;
1803
1804 found:
1805 *ram_addr = block->offset + (host - block->host);
1806 mr = block->mr;
1807 rcu_read_unlock();
1808 return mr;
1809 }
1810
1811 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1812 uint64_t val, unsigned size)
1813 {
1814 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1815 tb_invalidate_phys_page_fast(ram_addr, size);
1816 }
1817 switch (size) {
1818 case 1:
1819 stb_p(qemu_get_ram_ptr(ram_addr), val);
1820 break;
1821 case 2:
1822 stw_p(qemu_get_ram_ptr(ram_addr), val);
1823 break;
1824 case 4:
1825 stl_p(qemu_get_ram_ptr(ram_addr), val);
1826 break;
1827 default:
1828 abort();
1829 }
1830 /* Set both VGA and migration bits for simplicity and to remove
1831 * the notdirty callback faster.
1832 */
1833 cpu_physical_memory_set_dirty_range(ram_addr, size,
1834 DIRTY_CLIENTS_NOCODE);
1835 /* we remove the notdirty callback only if the code has been
1836 flushed */
1837 if (!cpu_physical_memory_is_clean(ram_addr)) {
1838 CPUArchState *env = current_cpu->env_ptr;
1839 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1840 }
1841 }
1842
1843 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1844 unsigned size, bool is_write)
1845 {
1846 return is_write;
1847 }
1848
1849 static const MemoryRegionOps notdirty_mem_ops = {
1850 .write = notdirty_mem_write,
1851 .valid.accepts = notdirty_mem_accepts,
1852 .endianness = DEVICE_NATIVE_ENDIAN,
1853 };
1854
1855 /* Generate a debug exception if a watchpoint has been hit. */
1856 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1857 {
1858 CPUState *cpu = current_cpu;
1859 CPUArchState *env = cpu->env_ptr;
1860 target_ulong pc, cs_base;
1861 target_ulong vaddr;
1862 CPUWatchpoint *wp;
1863 int cpu_flags;
1864
1865 if (cpu->watchpoint_hit) {
1866 /* We re-entered the check after replacing the TB. Now raise
1867 * the debug interrupt so that is will trigger after the
1868 * current instruction. */
1869 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1870 return;
1871 }
1872 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1873 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1874 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1875 && (wp->flags & flags)) {
1876 if (flags == BP_MEM_READ) {
1877 wp->flags |= BP_WATCHPOINT_HIT_READ;
1878 } else {
1879 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1880 }
1881 wp->hitaddr = vaddr;
1882 wp->hitattrs = attrs;
1883 if (!cpu->watchpoint_hit) {
1884 cpu->watchpoint_hit = wp;
1885 tb_check_watchpoint(cpu);
1886 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1887 cpu->exception_index = EXCP_DEBUG;
1888 cpu_loop_exit(cpu);
1889 } else {
1890 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1891 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1892 cpu_resume_from_signal(cpu, NULL);
1893 }
1894 }
1895 } else {
1896 wp->flags &= ~BP_WATCHPOINT_HIT;
1897 }
1898 }
1899 }
1900
1901 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1902 so these check for a hit then pass through to the normal out-of-line
1903 phys routines. */
1904 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
1905 unsigned size, MemTxAttrs attrs)
1906 {
1907 MemTxResult res;
1908 uint64_t data;
1909
1910 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1911 switch (size) {
1912 case 1:
1913 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
1914 break;
1915 case 2:
1916 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
1917 break;
1918 case 4:
1919 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
1920 break;
1921 default: abort();
1922 }
1923 *pdata = data;
1924 return res;
1925 }
1926
1927 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
1928 uint64_t val, unsigned size,
1929 MemTxAttrs attrs)
1930 {
1931 MemTxResult res;
1932
1933 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1934 switch (size) {
1935 case 1:
1936 address_space_stb(&address_space_memory, addr, val, attrs, &res);
1937 break;
1938 case 2:
1939 address_space_stw(&address_space_memory, addr, val, attrs, &res);
1940 break;
1941 case 4:
1942 address_space_stl(&address_space_memory, addr, val, attrs, &res);
1943 break;
1944 default: abort();
1945 }
1946 return res;
1947 }
1948
1949 static const MemoryRegionOps watch_mem_ops = {
1950 .read_with_attrs = watch_mem_read,
1951 .write_with_attrs = watch_mem_write,
1952 .endianness = DEVICE_NATIVE_ENDIAN,
1953 };
1954
1955 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
1956 unsigned len, MemTxAttrs attrs)
1957 {
1958 subpage_t *subpage = opaque;
1959 uint8_t buf[8];
1960 MemTxResult res;
1961
1962 #if defined(DEBUG_SUBPAGE)
1963 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1964 subpage, len, addr);
1965 #endif
1966 res = address_space_read(subpage->as, addr + subpage->base,
1967 attrs, buf, len);
1968 if (res) {
1969 return res;
1970 }
1971 switch (len) {
1972 case 1:
1973 *data = ldub_p(buf);
1974 return MEMTX_OK;
1975 case 2:
1976 *data = lduw_p(buf);
1977 return MEMTX_OK;
1978 case 4:
1979 *data = ldl_p(buf);
1980 return MEMTX_OK;
1981 case 8:
1982 *data = ldq_p(buf);
1983 return MEMTX_OK;
1984 default:
1985 abort();
1986 }
1987 }
1988
1989 static MemTxResult subpage_write(void *opaque, hwaddr addr,
1990 uint64_t value, unsigned len, MemTxAttrs attrs)
1991 {
1992 subpage_t *subpage = opaque;
1993 uint8_t buf[8];
1994
1995 #if defined(DEBUG_SUBPAGE)
1996 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1997 " value %"PRIx64"\n",
1998 __func__, subpage, len, addr, value);
1999 #endif
2000 switch (len) {
2001 case 1:
2002 stb_p(buf, value);
2003 break;
2004 case 2:
2005 stw_p(buf, value);
2006 break;
2007 case 4:
2008 stl_p(buf, value);
2009 break;
2010 case 8:
2011 stq_p(buf, value);
2012 break;
2013 default:
2014 abort();
2015 }
2016 return address_space_write(subpage->as, addr + subpage->base,
2017 attrs, buf, len);
2018 }
2019
2020 static bool subpage_accepts(void *opaque, hwaddr addr,
2021 unsigned len, bool is_write)
2022 {
2023 subpage_t *subpage = opaque;
2024 #if defined(DEBUG_SUBPAGE)
2025 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2026 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2027 #endif
2028
2029 return address_space_access_valid(subpage->as, addr + subpage->base,
2030 len, is_write);
2031 }
2032
2033 static const MemoryRegionOps subpage_ops = {
2034 .read_with_attrs = subpage_read,
2035 .write_with_attrs = subpage_write,
2036 .impl.min_access_size = 1,
2037 .impl.max_access_size = 8,
2038 .valid.min_access_size = 1,
2039 .valid.max_access_size = 8,
2040 .valid.accepts = subpage_accepts,
2041 .endianness = DEVICE_NATIVE_ENDIAN,
2042 };
2043
2044 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2045 uint16_t section)
2046 {
2047 int idx, eidx;
2048
2049 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2050 return -1;
2051 idx = SUBPAGE_IDX(start);
2052 eidx = SUBPAGE_IDX(end);
2053 #if defined(DEBUG_SUBPAGE)
2054 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2055 __func__, mmio, start, end, idx, eidx, section);
2056 #endif
2057 for (; idx <= eidx; idx++) {
2058 mmio->sub_section[idx] = section;
2059 }
2060
2061 return 0;
2062 }
2063
2064 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2065 {
2066 subpage_t *mmio;
2067
2068 mmio = g_malloc0(sizeof(subpage_t));
2069
2070 mmio->as = as;
2071 mmio->base = base;
2072 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2073 NULL, TARGET_PAGE_SIZE);
2074 mmio->iomem.subpage = true;
2075 #if defined(DEBUG_SUBPAGE)
2076 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2077 mmio, base, TARGET_PAGE_SIZE);
2078 #endif
2079 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2080
2081 return mmio;
2082 }
2083
2084 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2085 MemoryRegion *mr)
2086 {
2087 assert(as);
2088 MemoryRegionSection section = {
2089 .address_space = as,
2090 .mr = mr,
2091 .offset_within_address_space = 0,
2092 .offset_within_region = 0,
2093 .size = int128_2_64(),
2094 };
2095
2096 return phys_section_add(map, &section);
2097 }
2098
2099 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2100 {
2101 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2102 MemoryRegionSection *sections = d->map.sections;
2103
2104 return sections[index & ~TARGET_PAGE_MASK].mr;
2105 }
2106
2107 static void io_mem_init(void)
2108 {
2109 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2110 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2111 NULL, UINT64_MAX);
2112 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2113 NULL, UINT64_MAX);
2114 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2115 NULL, UINT64_MAX);
2116 }
2117
2118 static void mem_begin(MemoryListener *listener)
2119 {
2120 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2121 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2122 uint16_t n;
2123
2124 n = dummy_section(&d->map, as, &io_mem_unassigned);
2125 assert(n == PHYS_SECTION_UNASSIGNED);
2126 n = dummy_section(&d->map, as, &io_mem_notdirty);
2127 assert(n == PHYS_SECTION_NOTDIRTY);
2128 n = dummy_section(&d->map, as, &io_mem_rom);
2129 assert(n == PHYS_SECTION_ROM);
2130 n = dummy_section(&d->map, as, &io_mem_watch);
2131 assert(n == PHYS_SECTION_WATCH);
2132
2133 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2134 d->as = as;
2135 as->next_dispatch = d;
2136 }
2137
2138 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2139 {
2140 phys_sections_free(&d->map);
2141 g_free(d);
2142 }
2143
2144 static void mem_commit(MemoryListener *listener)
2145 {
2146 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2147 AddressSpaceDispatch *cur = as->dispatch;
2148 AddressSpaceDispatch *next = as->next_dispatch;
2149
2150 phys_page_compact_all(next, next->map.nodes_nb);
2151
2152 atomic_rcu_set(&as->dispatch, next);
2153 if (cur) {
2154 call_rcu(cur, address_space_dispatch_free, rcu);
2155 }
2156 }
2157
2158 static void tcg_commit(MemoryListener *listener)
2159 {
2160 CPUState *cpu;
2161
2162 /* since each CPU stores ram addresses in its TLB cache, we must
2163 reset the modified entries */
2164 /* XXX: slow ! */
2165 CPU_FOREACH(cpu) {
2166 /* FIXME: Disentangle the cpu.h circular files deps so we can
2167 directly get the right CPU from listener. */
2168 if (cpu->tcg_as_listener != listener) {
2169 continue;
2170 }
2171 cpu_reload_memory_map(cpu);
2172 }
2173 }
2174
2175 void address_space_init_dispatch(AddressSpace *as)
2176 {
2177 as->dispatch = NULL;
2178 as->dispatch_listener = (MemoryListener) {
2179 .begin = mem_begin,
2180 .commit = mem_commit,
2181 .region_add = mem_add,
2182 .region_nop = mem_add,
2183 .priority = 0,
2184 };
2185 memory_listener_register(&as->dispatch_listener, as);
2186 }
2187
2188 void address_space_unregister(AddressSpace *as)
2189 {
2190 memory_listener_unregister(&as->dispatch_listener);
2191 }
2192
2193 void address_space_destroy_dispatch(AddressSpace *as)
2194 {
2195 AddressSpaceDispatch *d = as->dispatch;
2196
2197 atomic_rcu_set(&as->dispatch, NULL);
2198 if (d) {
2199 call_rcu(d, address_space_dispatch_free, rcu);
2200 }
2201 }
2202
2203 static void memory_map_init(void)
2204 {
2205 system_memory = g_malloc(sizeof(*system_memory));
2206
2207 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2208 address_space_init(&address_space_memory, system_memory, "memory");
2209
2210 system_io = g_malloc(sizeof(*system_io));
2211 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2212 65536);
2213 address_space_init(&address_space_io, system_io, "I/O");
2214 }
2215
2216 MemoryRegion *get_system_memory(void)
2217 {
2218 return system_memory;
2219 }
2220
2221 MemoryRegion *get_system_io(void)
2222 {
2223 return system_io;
2224 }
2225
2226 #endif /* !defined(CONFIG_USER_ONLY) */
2227
2228 /* physical memory access (slow version, mainly for debug) */
2229 #if defined(CONFIG_USER_ONLY)
2230 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2231 uint8_t *buf, int len, int is_write)
2232 {
2233 int l, flags;
2234 target_ulong page;
2235 void * p;
2236
2237 while (len > 0) {
2238 page = addr & TARGET_PAGE_MASK;
2239 l = (page + TARGET_PAGE_SIZE) - addr;
2240 if (l > len)
2241 l = len;
2242 flags = page_get_flags(page);
2243 if (!(flags & PAGE_VALID))
2244 return -1;
2245 if (is_write) {
2246 if (!(flags & PAGE_WRITE))
2247 return -1;
2248 /* XXX: this code should not depend on lock_user */
2249 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2250 return -1;
2251 memcpy(p, buf, l);
2252 unlock_user(p, addr, l);
2253 } else {
2254 if (!(flags & PAGE_READ))
2255 return -1;
2256 /* XXX: this code should not depend on lock_user */
2257 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2258 return -1;
2259 memcpy(buf, p, l);
2260 unlock_user(p, addr, 0);
2261 }
2262 len -= l;
2263 buf += l;
2264 addr += l;
2265 }
2266 return 0;
2267 }
2268
2269 #else
2270
2271 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2272 hwaddr length)
2273 {
2274 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2275 /* No early return if dirty_log_mask is or becomes 0, because
2276 * cpu_physical_memory_set_dirty_range will still call
2277 * xen_modified_memory.
2278 */
2279 if (dirty_log_mask) {
2280 dirty_log_mask =
2281 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2282 }
2283 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2284 tb_invalidate_phys_range(addr, addr + length);
2285 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2286 }
2287 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2288 }
2289
2290 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2291 {
2292 unsigned access_size_max = mr->ops->valid.max_access_size;
2293
2294 /* Regions are assumed to support 1-4 byte accesses unless
2295 otherwise specified. */
2296 if (access_size_max == 0) {
2297 access_size_max = 4;
2298 }
2299
2300 /* Bound the maximum access by the alignment of the address. */
2301 if (!mr->ops->impl.unaligned) {
2302 unsigned align_size_max = addr & -addr;
2303 if (align_size_max != 0 && align_size_max < access_size_max) {
2304 access_size_max = align_size_max;
2305 }
2306 }
2307
2308 /* Don't attempt accesses larger than the maximum. */
2309 if (l > access_size_max) {
2310 l = access_size_max;
2311 }
2312 if (l & (l - 1)) {
2313 l = 1 << (qemu_fls(l) - 1);
2314 }
2315
2316 return l;
2317 }
2318
2319 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2320 uint8_t *buf, int len, bool is_write)
2321 {
2322 hwaddr l;
2323 uint8_t *ptr;
2324 uint64_t val;
2325 hwaddr addr1;
2326 MemoryRegion *mr;
2327 MemTxResult result = MEMTX_OK;
2328
2329 rcu_read_lock();
2330 while (len > 0) {
2331 l = len;
2332 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2333
2334 if (is_write) {
2335 if (!memory_access_is_direct(mr, is_write)) {
2336 l = memory_access_size(mr, l, addr1);
2337 /* XXX: could force current_cpu to NULL to avoid
2338 potential bugs */
2339 switch (l) {
2340 case 8:
2341 /* 64 bit write access */
2342 val = ldq_p(buf);
2343 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2344 attrs);
2345 break;
2346 case 4:
2347 /* 32 bit write access */
2348 val = ldl_p(buf);
2349 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2350 attrs);
2351 break;
2352 case 2:
2353 /* 16 bit write access */
2354 val = lduw_p(buf);
2355 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2356 attrs);
2357 break;
2358 case 1:
2359 /* 8 bit write access */
2360 val = ldub_p(buf);
2361 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2362 attrs);
2363 break;
2364 default:
2365 abort();
2366 }
2367 } else {
2368 addr1 += memory_region_get_ram_addr(mr);
2369 /* RAM case */
2370 ptr = qemu_get_ram_ptr(addr1);
2371 memcpy(ptr, buf, l);
2372 invalidate_and_set_dirty(mr, addr1, l);
2373 }
2374 } else {
2375 if (!memory_access_is_direct(mr, is_write)) {
2376 /* I/O case */
2377 l = memory_access_size(mr, l, addr1);
2378 switch (l) {
2379 case 8:
2380 /* 64 bit read access */
2381 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2382 attrs);
2383 stq_p(buf, val);
2384 break;
2385 case 4:
2386 /* 32 bit read access */
2387 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2388 attrs);
2389 stl_p(buf, val);
2390 break;
2391 case 2:
2392 /* 16 bit read access */
2393 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2394 attrs);
2395 stw_p(buf, val);
2396 break;
2397 case 1:
2398 /* 8 bit read access */
2399 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2400 attrs);
2401 stb_p(buf, val);
2402 break;
2403 default:
2404 abort();
2405 }
2406 } else {
2407 /* RAM case */
2408 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2409 memcpy(buf, ptr, l);
2410 }
2411 }
2412 len -= l;
2413 buf += l;
2414 addr += l;
2415 }
2416 rcu_read_unlock();
2417
2418 return result;
2419 }
2420
2421 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2422 const uint8_t *buf, int len)
2423 {
2424 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2425 }
2426
2427 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2428 uint8_t *buf, int len)
2429 {
2430 return address_space_rw(as, addr, attrs, buf, len, false);
2431 }
2432
2433
2434 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2435 int len, int is_write)
2436 {
2437 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2438 buf, len, is_write);
2439 }
2440
2441 enum write_rom_type {
2442 WRITE_DATA,
2443 FLUSH_CACHE,
2444 };
2445
2446 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2447 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2448 {
2449 hwaddr l;
2450 uint8_t *ptr;
2451 hwaddr addr1;
2452 MemoryRegion *mr;
2453
2454 rcu_read_lock();
2455 while (len > 0) {
2456 l = len;
2457 mr = address_space_translate(as, addr, &addr1, &l, true);
2458
2459 if (!(memory_region_is_ram(mr) ||
2460 memory_region_is_romd(mr))) {
2461 /* do nothing */
2462 } else {
2463 addr1 += memory_region_get_ram_addr(mr);
2464 /* ROM/RAM case */
2465 ptr = qemu_get_ram_ptr(addr1);
2466 switch (type) {
2467 case WRITE_DATA:
2468 memcpy(ptr, buf, l);
2469 invalidate_and_set_dirty(mr, addr1, l);
2470 break;
2471 case FLUSH_CACHE:
2472 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2473 break;
2474 }
2475 }
2476 len -= l;
2477 buf += l;
2478 addr += l;
2479 }
2480 rcu_read_unlock();
2481 }
2482
2483 /* used for ROM loading : can write in RAM and ROM */
2484 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2485 const uint8_t *buf, int len)
2486 {
2487 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2488 }
2489
2490 void cpu_flush_icache_range(hwaddr start, int len)
2491 {
2492 /*
2493 * This function should do the same thing as an icache flush that was
2494 * triggered from within the guest. For TCG we are always cache coherent,
2495 * so there is no need to flush anything. For KVM / Xen we need to flush
2496 * the host's instruction cache at least.
2497 */
2498 if (tcg_enabled()) {
2499 return;
2500 }
2501
2502 cpu_physical_memory_write_rom_internal(&address_space_memory,
2503 start, NULL, len, FLUSH_CACHE);
2504 }
2505
2506 typedef struct {
2507 MemoryRegion *mr;
2508 void *buffer;
2509 hwaddr addr;
2510 hwaddr len;
2511 bool in_use;
2512 } BounceBuffer;
2513
2514 static BounceBuffer bounce;
2515
2516 typedef struct MapClient {
2517 QEMUBH *bh;
2518 QLIST_ENTRY(MapClient) link;
2519 } MapClient;
2520
2521 QemuMutex map_client_list_lock;
2522 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2523 = QLIST_HEAD_INITIALIZER(map_client_list);
2524
2525 static void cpu_unregister_map_client_do(MapClient *client)
2526 {
2527 QLIST_REMOVE(client, link);
2528 g_free(client);
2529 }
2530
2531 static void cpu_notify_map_clients_locked(void)
2532 {
2533 MapClient *client;
2534
2535 while (!QLIST_EMPTY(&map_client_list)) {
2536 client = QLIST_FIRST(&map_client_list);
2537 qemu_bh_schedule(client->bh);
2538 cpu_unregister_map_client_do(client);
2539 }
2540 }
2541
2542 void cpu_register_map_client(QEMUBH *bh)
2543 {
2544 MapClient *client = g_malloc(sizeof(*client));
2545
2546 qemu_mutex_lock(&map_client_list_lock);
2547 client->bh = bh;
2548 QLIST_INSERT_HEAD(&map_client_list, client, link);
2549 if (!atomic_read(&bounce.in_use)) {
2550 cpu_notify_map_clients_locked();
2551 }
2552 qemu_mutex_unlock(&map_client_list_lock);
2553 }
2554
2555 void cpu_exec_init_all(void)
2556 {
2557 qemu_mutex_init(&ram_list.mutex);
2558 memory_map_init();
2559 io_mem_init();
2560 qemu_mutex_init(&map_client_list_lock);
2561 }
2562
2563 void cpu_unregister_map_client(QEMUBH *bh)
2564 {
2565 MapClient *client;
2566
2567 qemu_mutex_lock(&map_client_list_lock);
2568 QLIST_FOREACH(client, &map_client_list, link) {
2569 if (client->bh == bh) {
2570 cpu_unregister_map_client_do(client);
2571 break;
2572 }
2573 }
2574 qemu_mutex_unlock(&map_client_list_lock);
2575 }
2576
2577 static void cpu_notify_map_clients(void)
2578 {
2579 qemu_mutex_lock(&map_client_list_lock);
2580 cpu_notify_map_clients_locked();
2581 qemu_mutex_unlock(&map_client_list_lock);
2582 }
2583
2584 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2585 {
2586 MemoryRegion *mr;
2587 hwaddr l, xlat;
2588
2589 rcu_read_lock();
2590 while (len > 0) {
2591 l = len;
2592 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2593 if (!memory_access_is_direct(mr, is_write)) {
2594 l = memory_access_size(mr, l, addr);
2595 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2596 return false;
2597 }
2598 }
2599
2600 len -= l;
2601 addr += l;
2602 }
2603 rcu_read_unlock();
2604 return true;
2605 }
2606
2607 /* Map a physical memory region into a host virtual address.
2608 * May map a subset of the requested range, given by and returned in *plen.
2609 * May return NULL if resources needed to perform the mapping are exhausted.
2610 * Use only for reads OR writes - not for read-modify-write operations.
2611 * Use cpu_register_map_client() to know when retrying the map operation is
2612 * likely to succeed.
2613 */
2614 void *address_space_map(AddressSpace *as,
2615 hwaddr addr,
2616 hwaddr *plen,
2617 bool is_write)
2618 {
2619 hwaddr len = *plen;
2620 hwaddr done = 0;
2621 hwaddr l, xlat, base;
2622 MemoryRegion *mr, *this_mr;
2623 ram_addr_t raddr;
2624
2625 if (len == 0) {
2626 return NULL;
2627 }
2628
2629 l = len;
2630 rcu_read_lock();
2631 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2632
2633 if (!memory_access_is_direct(mr, is_write)) {
2634 if (atomic_xchg(&bounce.in_use, true)) {
2635 rcu_read_unlock();
2636 return NULL;
2637 }
2638 /* Avoid unbounded allocations */
2639 l = MIN(l, TARGET_PAGE_SIZE);
2640 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2641 bounce.addr = addr;
2642 bounce.len = l;
2643
2644 memory_region_ref(mr);
2645 bounce.mr = mr;
2646 if (!is_write) {
2647 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2648 bounce.buffer, l);
2649 }
2650
2651 rcu_read_unlock();
2652 *plen = l;
2653 return bounce.buffer;
2654 }
2655
2656 base = xlat;
2657 raddr = memory_region_get_ram_addr(mr);
2658
2659 for (;;) {
2660 len -= l;
2661 addr += l;
2662 done += l;
2663 if (len == 0) {
2664 break;
2665 }
2666
2667 l = len;
2668 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2669 if (this_mr != mr || xlat != base + done) {
2670 break;
2671 }
2672 }
2673
2674 memory_region_ref(mr);
2675 rcu_read_unlock();
2676 *plen = done;
2677 return qemu_ram_ptr_length(raddr + base, plen);
2678 }
2679
2680 /* Unmaps a memory region previously mapped by address_space_map().
2681 * Will also mark the memory as dirty if is_write == 1. access_len gives
2682 * the amount of memory that was actually read or written by the caller.
2683 */
2684 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2685 int is_write, hwaddr access_len)
2686 {
2687 if (buffer != bounce.buffer) {
2688 MemoryRegion *mr;
2689 ram_addr_t addr1;
2690
2691 mr = qemu_ram_addr_from_host(buffer, &addr1);
2692 assert(mr != NULL);
2693 if (is_write) {
2694 invalidate_and_set_dirty(mr, addr1, access_len);
2695 }
2696 if (xen_enabled()) {
2697 xen_invalidate_map_cache_entry(buffer);
2698 }
2699 memory_region_unref(mr);
2700 return;
2701 }
2702 if (is_write) {
2703 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2704 bounce.buffer, access_len);
2705 }
2706 qemu_vfree(bounce.buffer);
2707 bounce.buffer = NULL;
2708 memory_region_unref(bounce.mr);
2709 atomic_mb_set(&bounce.in_use, false);
2710 cpu_notify_map_clients();
2711 }
2712
2713 void *cpu_physical_memory_map(hwaddr addr,
2714 hwaddr *plen,
2715 int is_write)
2716 {
2717 return address_space_map(&address_space_memory, addr, plen, is_write);
2718 }
2719
2720 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2721 int is_write, hwaddr access_len)
2722 {
2723 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2724 }
2725
2726 /* warning: addr must be aligned */
2727 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2728 MemTxAttrs attrs,
2729 MemTxResult *result,
2730 enum device_endian endian)
2731 {
2732 uint8_t *ptr;
2733 uint64_t val;
2734 MemoryRegion *mr;
2735 hwaddr l = 4;
2736 hwaddr addr1;
2737 MemTxResult r;
2738
2739 rcu_read_lock();
2740 mr = address_space_translate(as, addr, &addr1, &l, false);
2741 if (l < 4 || !memory_access_is_direct(mr, false)) {
2742 /* I/O case */
2743 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2744 #if defined(TARGET_WORDS_BIGENDIAN)
2745 if (endian == DEVICE_LITTLE_ENDIAN) {
2746 val = bswap32(val);
2747 }
2748 #else
2749 if (endian == DEVICE_BIG_ENDIAN) {
2750 val = bswap32(val);
2751 }
2752 #endif
2753 } else {
2754 /* RAM case */
2755 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2756 & TARGET_PAGE_MASK)
2757 + addr1);
2758 switch (endian) {
2759 case DEVICE_LITTLE_ENDIAN:
2760 val = ldl_le_p(ptr);
2761 break;
2762 case DEVICE_BIG_ENDIAN:
2763 val = ldl_be_p(ptr);
2764 break;
2765 default:
2766 val = ldl_p(ptr);
2767 break;
2768 }
2769 r = MEMTX_OK;
2770 }
2771 if (result) {
2772 *result = r;
2773 }
2774 rcu_read_unlock();
2775 return val;
2776 }
2777
2778 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2779 MemTxAttrs attrs, MemTxResult *result)
2780 {
2781 return address_space_ldl_internal(as, addr, attrs, result,
2782 DEVICE_NATIVE_ENDIAN);
2783 }
2784
2785 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2786 MemTxAttrs attrs, MemTxResult *result)
2787 {
2788 return address_space_ldl_internal(as, addr, attrs, result,
2789 DEVICE_LITTLE_ENDIAN);
2790 }
2791
2792 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2793 MemTxAttrs attrs, MemTxResult *result)
2794 {
2795 return address_space_ldl_internal(as, addr, attrs, result,
2796 DEVICE_BIG_ENDIAN);
2797 }
2798
2799 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2800 {
2801 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2802 }
2803
2804 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2805 {
2806 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2807 }
2808
2809 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2810 {
2811 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2812 }
2813
2814 /* warning: addr must be aligned */
2815 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2816 MemTxAttrs attrs,
2817 MemTxResult *result,
2818 enum device_endian endian)
2819 {
2820 uint8_t *ptr;
2821 uint64_t val;
2822 MemoryRegion *mr;
2823 hwaddr l = 8;
2824 hwaddr addr1;
2825 MemTxResult r;
2826
2827 rcu_read_lock();
2828 mr = address_space_translate(as, addr, &addr1, &l,
2829 false);
2830 if (l < 8 || !memory_access_is_direct(mr, false)) {
2831 /* I/O case */
2832 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2833 #if defined(TARGET_WORDS_BIGENDIAN)
2834 if (endian == DEVICE_LITTLE_ENDIAN) {
2835 val = bswap64(val);
2836 }
2837 #else
2838 if (endian == DEVICE_BIG_ENDIAN) {
2839 val = bswap64(val);
2840 }
2841 #endif
2842 } else {
2843 /* RAM case */
2844 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2845 & TARGET_PAGE_MASK)
2846 + addr1);
2847 switch (endian) {
2848 case DEVICE_LITTLE_ENDIAN:
2849 val = ldq_le_p(ptr);
2850 break;
2851 case DEVICE_BIG_ENDIAN:
2852 val = ldq_be_p(ptr);
2853 break;
2854 default:
2855 val = ldq_p(ptr);
2856 break;
2857 }
2858 r = MEMTX_OK;
2859 }
2860 if (result) {
2861 *result = r;
2862 }
2863 rcu_read_unlock();
2864 return val;
2865 }
2866
2867 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
2868 MemTxAttrs attrs, MemTxResult *result)
2869 {
2870 return address_space_ldq_internal(as, addr, attrs, result,
2871 DEVICE_NATIVE_ENDIAN);
2872 }
2873
2874 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
2875 MemTxAttrs attrs, MemTxResult *result)
2876 {
2877 return address_space_ldq_internal(as, addr, attrs, result,
2878 DEVICE_LITTLE_ENDIAN);
2879 }
2880
2881 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
2882 MemTxAttrs attrs, MemTxResult *result)
2883 {
2884 return address_space_ldq_internal(as, addr, attrs, result,
2885 DEVICE_BIG_ENDIAN);
2886 }
2887
2888 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
2889 {
2890 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2891 }
2892
2893 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
2894 {
2895 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2896 }
2897
2898 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
2899 {
2900 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2901 }
2902
2903 /* XXX: optimize */
2904 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
2905 MemTxAttrs attrs, MemTxResult *result)
2906 {
2907 uint8_t val;
2908 MemTxResult r;
2909
2910 r = address_space_rw(as, addr, attrs, &val, 1, 0);
2911 if (result) {
2912 *result = r;
2913 }
2914 return val;
2915 }
2916
2917 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
2918 {
2919 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2920 }
2921
2922 /* warning: addr must be aligned */
2923 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
2924 hwaddr addr,
2925 MemTxAttrs attrs,
2926 MemTxResult *result,
2927 enum device_endian endian)
2928 {
2929 uint8_t *ptr;
2930 uint64_t val;
2931 MemoryRegion *mr;
2932 hwaddr l = 2;
2933 hwaddr addr1;
2934 MemTxResult r;
2935
2936 rcu_read_lock();
2937 mr = address_space_translate(as, addr, &addr1, &l,
2938 false);
2939 if (l < 2 || !memory_access_is_direct(mr, false)) {
2940 /* I/O case */
2941 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
2942 #if defined(TARGET_WORDS_BIGENDIAN)
2943 if (endian == DEVICE_LITTLE_ENDIAN) {
2944 val = bswap16(val);
2945 }
2946 #else
2947 if (endian == DEVICE_BIG_ENDIAN) {
2948 val = bswap16(val);
2949 }
2950 #endif
2951 } else {
2952 /* RAM case */
2953 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2954 & TARGET_PAGE_MASK)
2955 + addr1);
2956 switch (endian) {
2957 case DEVICE_LITTLE_ENDIAN:
2958 val = lduw_le_p(ptr);
2959 break;
2960 case DEVICE_BIG_ENDIAN:
2961 val = lduw_be_p(ptr);
2962 break;
2963 default:
2964 val = lduw_p(ptr);
2965 break;
2966 }
2967 r = MEMTX_OK;
2968 }
2969 if (result) {
2970 *result = r;
2971 }
2972 rcu_read_unlock();
2973 return val;
2974 }
2975
2976 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
2977 MemTxAttrs attrs, MemTxResult *result)
2978 {
2979 return address_space_lduw_internal(as, addr, attrs, result,
2980 DEVICE_NATIVE_ENDIAN);
2981 }
2982
2983 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
2984 MemTxAttrs attrs, MemTxResult *result)
2985 {
2986 return address_space_lduw_internal(as, addr, attrs, result,
2987 DEVICE_LITTLE_ENDIAN);
2988 }
2989
2990 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
2991 MemTxAttrs attrs, MemTxResult *result)
2992 {
2993 return address_space_lduw_internal(as, addr, attrs, result,
2994 DEVICE_BIG_ENDIAN);
2995 }
2996
2997 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
2998 {
2999 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3000 }
3001
3002 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3003 {
3004 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3005 }
3006
3007 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3008 {
3009 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3010 }
3011
3012 /* warning: addr must be aligned. The ram page is not masked as dirty
3013 and the code inside is not invalidated. It is useful if the dirty
3014 bits are used to track modified PTEs */
3015 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3016 MemTxAttrs attrs, MemTxResult *result)
3017 {
3018 uint8_t *ptr;
3019 MemoryRegion *mr;
3020 hwaddr l = 4;
3021 hwaddr addr1;
3022 MemTxResult r;
3023 uint8_t dirty_log_mask;
3024
3025 rcu_read_lock();
3026 mr = address_space_translate(as, addr, &addr1, &l,
3027 true);
3028 if (l < 4 || !memory_access_is_direct(mr, true)) {
3029 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3030 } else {
3031 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3032 ptr = qemu_get_ram_ptr(addr1);
3033 stl_p(ptr, val);
3034
3035 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3036 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3037 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3038 r = MEMTX_OK;
3039 }
3040 if (result) {
3041 *result = r;
3042 }
3043 rcu_read_unlock();
3044 }
3045
3046 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3047 {
3048 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3049 }
3050
3051 /* warning: addr must be aligned */
3052 static inline void address_space_stl_internal(AddressSpace *as,
3053 hwaddr addr, uint32_t val,
3054 MemTxAttrs attrs,
3055 MemTxResult *result,
3056 enum device_endian endian)
3057 {
3058 uint8_t *ptr;
3059 MemoryRegion *mr;
3060 hwaddr l = 4;
3061 hwaddr addr1;
3062 MemTxResult r;
3063
3064 rcu_read_lock();
3065 mr = address_space_translate(as, addr, &addr1, &l,
3066 true);
3067 if (l < 4 || !memory_access_is_direct(mr, true)) {
3068 #if defined(TARGET_WORDS_BIGENDIAN)
3069 if (endian == DEVICE_LITTLE_ENDIAN) {
3070 val = bswap32(val);
3071 }
3072 #else
3073 if (endian == DEVICE_BIG_ENDIAN) {
3074 val = bswap32(val);
3075 }
3076 #endif
3077 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3078 } else {
3079 /* RAM case */
3080 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3081 ptr = qemu_get_ram_ptr(addr1);
3082 switch (endian) {
3083 case DEVICE_LITTLE_ENDIAN:
3084 stl_le_p(ptr, val);
3085 break;
3086 case DEVICE_BIG_ENDIAN:
3087 stl_be_p(ptr, val);
3088 break;
3089 default:
3090 stl_p(ptr, val);
3091 break;
3092 }
3093 invalidate_and_set_dirty(mr, addr1, 4);
3094 r = MEMTX_OK;
3095 }
3096 if (result) {
3097 *result = r;
3098 }
3099 rcu_read_unlock();
3100 }
3101
3102 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3103 MemTxAttrs attrs, MemTxResult *result)
3104 {
3105 address_space_stl_internal(as, addr, val, attrs, result,
3106 DEVICE_NATIVE_ENDIAN);
3107 }
3108
3109 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3110 MemTxAttrs attrs, MemTxResult *result)
3111 {
3112 address_space_stl_internal(as, addr, val, attrs, result,
3113 DEVICE_LITTLE_ENDIAN);
3114 }
3115
3116 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3117 MemTxAttrs attrs, MemTxResult *result)
3118 {
3119 address_space_stl_internal(as, addr, val, attrs, result,
3120 DEVICE_BIG_ENDIAN);
3121 }
3122
3123 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3124 {
3125 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3126 }
3127
3128 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3129 {
3130 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3131 }
3132
3133 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3134 {
3135 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3136 }
3137
3138 /* XXX: optimize */
3139 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3140 MemTxAttrs attrs, MemTxResult *result)
3141 {
3142 uint8_t v = val;
3143 MemTxResult r;
3144
3145 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3146 if (result) {
3147 *result = r;
3148 }
3149 }
3150
3151 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3152 {
3153 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3154 }
3155
3156 /* warning: addr must be aligned */
3157 static inline void address_space_stw_internal(AddressSpace *as,
3158 hwaddr addr, uint32_t val,
3159 MemTxAttrs attrs,
3160 MemTxResult *result,
3161 enum device_endian endian)
3162 {
3163 uint8_t *ptr;
3164 MemoryRegion *mr;
3165 hwaddr l = 2;
3166 hwaddr addr1;
3167 MemTxResult r;
3168
3169 rcu_read_lock();
3170 mr = address_space_translate(as, addr, &addr1, &l, true);
3171 if (l < 2 || !memory_access_is_direct(mr, true)) {
3172 #if defined(TARGET_WORDS_BIGENDIAN)
3173 if (endian == DEVICE_LITTLE_ENDIAN) {
3174 val = bswap16(val);
3175 }
3176 #else
3177 if (endian == DEVICE_BIG_ENDIAN) {
3178 val = bswap16(val);
3179 }
3180 #endif
3181 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3182 } else {
3183 /* RAM case */
3184 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3185 ptr = qemu_get_ram_ptr(addr1);
3186 switch (endian) {
3187 case DEVICE_LITTLE_ENDIAN:
3188 stw_le_p(ptr, val);
3189 break;
3190 case DEVICE_BIG_ENDIAN:
3191 stw_be_p(ptr, val);
3192 break;
3193 default:
3194 stw_p(ptr, val);
3195 break;
3196 }
3197 invalidate_and_set_dirty(mr, addr1, 2);
3198 r = MEMTX_OK;
3199 }
3200 if (result) {
3201 *result = r;
3202 }
3203 rcu_read_unlock();
3204 }
3205
3206 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3207 MemTxAttrs attrs, MemTxResult *result)
3208 {
3209 address_space_stw_internal(as, addr, val, attrs, result,
3210 DEVICE_NATIVE_ENDIAN);
3211 }
3212
3213 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3214 MemTxAttrs attrs, MemTxResult *result)
3215 {
3216 address_space_stw_internal(as, addr, val, attrs, result,
3217 DEVICE_LITTLE_ENDIAN);
3218 }
3219
3220 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3221 MemTxAttrs attrs, MemTxResult *result)
3222 {
3223 address_space_stw_internal(as, addr, val, attrs, result,
3224 DEVICE_BIG_ENDIAN);
3225 }
3226
3227 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3228 {
3229 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3230 }
3231
3232 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3233 {
3234 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3235 }
3236
3237 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3238 {
3239 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3240 }
3241
3242 /* XXX: optimize */
3243 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3244 MemTxAttrs attrs, MemTxResult *result)
3245 {
3246 MemTxResult r;
3247 val = tswap64(val);
3248 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3249 if (result) {
3250 *result = r;
3251 }
3252 }
3253
3254 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3255 MemTxAttrs attrs, MemTxResult *result)
3256 {
3257 MemTxResult r;
3258 val = cpu_to_le64(val);
3259 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3260 if (result) {
3261 *result = r;
3262 }
3263 }
3264 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3265 MemTxAttrs attrs, MemTxResult *result)
3266 {
3267 MemTxResult r;
3268 val = cpu_to_be64(val);
3269 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3270 if (result) {
3271 *result = r;
3272 }
3273 }
3274
3275 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3276 {
3277 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3278 }
3279
3280 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3281 {
3282 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3283 }
3284
3285 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3286 {
3287 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3288 }
3289
3290 /* virtual memory access for debug (includes writing to ROM) */
3291 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3292 uint8_t *buf, int len, int is_write)
3293 {
3294 int l;
3295 hwaddr phys_addr;
3296 target_ulong page;
3297
3298 while (len > 0) {
3299 page = addr & TARGET_PAGE_MASK;
3300 phys_addr = cpu_get_phys_page_debug(cpu, page);
3301 /* if no physical page mapped, return an error */
3302 if (phys_addr == -1)
3303 return -1;
3304 l = (page + TARGET_PAGE_SIZE) - addr;
3305 if (l > len)
3306 l = len;
3307 phys_addr += (addr & ~TARGET_PAGE_MASK);
3308 if (is_write) {
3309 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3310 } else {
3311 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3312 buf, l, 0);
3313 }
3314 len -= l;
3315 buf += l;
3316 addr += l;
3317 }
3318 return 0;
3319 }
3320 #endif
3321
3322 /*
3323 * A helper function for the _utterly broken_ virtio device model to find out if
3324 * it's running on a big endian machine. Don't do this at home kids!
3325 */
3326 bool target_words_bigendian(void);
3327 bool target_words_bigendian(void)
3328 {
3329 #if defined(TARGET_WORDS_BIGENDIAN)
3330 return true;
3331 #else
3332 return false;
3333 #endif
3334 }
3335
3336 #ifndef CONFIG_USER_ONLY
3337 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3338 {
3339 MemoryRegion*mr;
3340 hwaddr l = 1;
3341 bool res;
3342
3343 rcu_read_lock();
3344 mr = address_space_translate(&address_space_memory,
3345 phys_addr, &phys_addr, &l, false);
3346
3347 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3348 rcu_read_unlock();
3349 return res;
3350 }
3351
3352 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3353 {
3354 RAMBlock *block;
3355 int ret = 0;
3356
3357 rcu_read_lock();
3358 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3359 ret = func(block->idstr, block->host, block->offset,
3360 block->used_length, opaque);
3361 if (ret) {
3362 break;
3363 }
3364 }
3365 rcu_read_unlock();
3366 return ret;
3367 }
3368 #endif
AR7 emulation for QEMU