search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
replay: command line options
[qemu/ar7.git] / exec.c
blobb60e2dea8b2ffdd9fd11ac7ddca7a14193fa7afe
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53 #include "sysemu/replay.h"
54
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
57
58 #include "qemu/range.h"
59 #ifndef _WIN32
60 #include "qemu/mmap-alloc.h"
61 #endif
62
63 //#define DEBUG_SUBPAGE
64
65 #if !defined(CONFIG_USER_ONLY)
66 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
67 * are protected by the ramlist lock.
68 */
69 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
70
71 static MemoryRegion *system_memory;
72 static MemoryRegion *system_io;
73
74 AddressSpace address_space_io;
75 AddressSpace address_space_memory;
76
77 MemoryRegion io_mem_rom, io_mem_notdirty;
78 static MemoryRegion io_mem_unassigned;
79
80 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
81 #define RAM_PREALLOC (1 << 0)
82
83 /* RAM is mmap-ed with MAP_SHARED */
84 #define RAM_SHARED (1 << 1)
85
86 /* Only a portion of RAM (used_length) is actually used, and migrated.
87 * This used_length size can change across reboots.
88 */
89 #define RAM_RESIZEABLE (1 << 2)
90
91 /* RAM is backed by an mmapped file.
92 */
93 #define RAM_FILE (1 << 3)
94 #endif
95
96 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
97 /* current CPU in the current thread. It is only valid inside
98 cpu_exec() */
99 __thread CPUState *current_cpu;
100 /* 0 = Do not count executed instructions.
101 1 = Precise instruction counting.
102 2 = Adaptive rate instruction counting. */
103 int use_icount;
104
105 #if !defined(CONFIG_USER_ONLY)
106
107 typedef struct PhysPageEntry PhysPageEntry;
108
109 struct PhysPageEntry {
110 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
111 uint32_t skip : 6;
112 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
113 uint32_t ptr : 26;
114 };
115
116 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
117
118 /* Size of the L2 (and L3, etc) page tables. */
119 #define ADDR_SPACE_BITS 64
120
121 #define P_L2_BITS 9
122 #define P_L2_SIZE (1 << P_L2_BITS)
123
124 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
125
126 typedef PhysPageEntry Node[P_L2_SIZE];
127
128 typedef struct PhysPageMap {
129 struct rcu_head rcu;
130
131 unsigned sections_nb;
132 unsigned sections_nb_alloc;
133 unsigned nodes_nb;
134 unsigned nodes_nb_alloc;
135 Node *nodes;
136 MemoryRegionSection *sections;
137 } PhysPageMap;
138
139 struct AddressSpaceDispatch {
140 struct rcu_head rcu;
141
142 /* This is a multi-level map on the physical address space.
143 * The bottom level has pointers to MemoryRegionSections.
144 */
145 PhysPageEntry phys_map;
146 PhysPageMap map;
147 AddressSpace *as;
148 };
149
150 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
151 typedef struct subpage_t {
152 MemoryRegion iomem;
153 AddressSpace *as;
154 hwaddr base;
155 uint16_t sub_section[TARGET_PAGE_SIZE];
156 } subpage_t;
157
158 #define PHYS_SECTION_UNASSIGNED 0
159 #define PHYS_SECTION_NOTDIRTY 1
160 #define PHYS_SECTION_ROM 2
161 #define PHYS_SECTION_WATCH 3
162
163 static void io_mem_init(void);
164 static void memory_map_init(void);
165 static void tcg_commit(MemoryListener *listener);
166
167 static MemoryRegion io_mem_watch;
168
169 /**
170 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
171 * @cpu: the CPU whose AddressSpace this is
172 * @as: the AddressSpace itself
173 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
174 * @tcg_as_listener: listener for tracking changes to the AddressSpace
175 */
176 struct CPUAddressSpace {
177 CPUState *cpu;
178 AddressSpace *as;
179 struct AddressSpaceDispatch *memory_dispatch;
180 MemoryListener tcg_as_listener;
181 };
182
183 #endif
184
185 #if !defined(CONFIG_USER_ONLY)
186
187 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
188 {
189 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
190 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
191 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
192 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
193 }
194 }
195
196 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
197 {
198 unsigned i;
199 uint32_t ret;
200 PhysPageEntry e;
201 PhysPageEntry *p;
202
203 ret = map->nodes_nb++;
204 p = map->nodes[ret];
205 assert(ret != PHYS_MAP_NODE_NIL);
206 assert(ret != map->nodes_nb_alloc);
207
208 e.skip = leaf ? 0 : 1;
209 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
210 for (i = 0; i < P_L2_SIZE; ++i) {
211 memcpy(&p[i], &e, sizeof(e));
212 }
213 return ret;
214 }
215
216 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
217 hwaddr *index, hwaddr *nb, uint16_t leaf,
218 int level)
219 {
220 PhysPageEntry *p;
221 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
222
223 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
224 lp->ptr = phys_map_node_alloc(map, level == 0);
225 }
226 p = map->nodes[lp->ptr];
227 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
228
229 while (*nb && lp < &p[P_L2_SIZE]) {
230 if ((*index & (step - 1)) == 0 && *nb >= step) {
231 lp->skip = 0;
232 lp->ptr = leaf;
233 *index += step;
234 *nb -= step;
235 } else {
236 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
237 }
238 ++lp;
239 }
240 }
241
242 static void phys_page_set(AddressSpaceDispatch *d,
243 hwaddr index, hwaddr nb,
244 uint16_t leaf)
245 {
246 /* Wildly overreserve - it doesn't matter much. */
247 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
248
249 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
250 }
251
252 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
253 * and update our entry so we can skip it and go directly to the destination.
254 */
255 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
256 {
257 unsigned valid_ptr = P_L2_SIZE;
258 int valid = 0;
259 PhysPageEntry *p;
260 int i;
261
262 if (lp->ptr == PHYS_MAP_NODE_NIL) {
263 return;
264 }
265
266 p = nodes[lp->ptr];
267 for (i = 0; i < P_L2_SIZE; i++) {
268 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
269 continue;
270 }
271
272 valid_ptr = i;
273 valid++;
274 if (p[i].skip) {
275 phys_page_compact(&p[i], nodes, compacted);
276 }
277 }
278
279 /* We can only compress if there's only one child. */
280 if (valid != 1) {
281 return;
282 }
283
284 assert(valid_ptr < P_L2_SIZE);
285
286 /* Don't compress if it won't fit in the # of bits we have. */
287 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
288 return;
289 }
290
291 lp->ptr = p[valid_ptr].ptr;
292 if (!p[valid_ptr].skip) {
293 /* If our only child is a leaf, make this a leaf. */
294 /* By design, we should have made this node a leaf to begin with so we
295 * should never reach here.
296 * But since it's so simple to handle this, let's do it just in case we
297 * change this rule.
298 */
299 lp->skip = 0;
300 } else {
301 lp->skip += p[valid_ptr].skip;
302 }
303 }
304
305 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
306 {
307 DECLARE_BITMAP(compacted, nodes_nb);
308
309 if (d->phys_map.skip) {
310 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
311 }
312 }
313
314 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
315 Node *nodes, MemoryRegionSection *sections)
316 {
317 PhysPageEntry *p;
318 hwaddr index = addr >> TARGET_PAGE_BITS;
319 int i;
320
321 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
322 if (lp.ptr == PHYS_MAP_NODE_NIL) {
323 return &sections[PHYS_SECTION_UNASSIGNED];
324 }
325 p = nodes[lp.ptr];
326 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
327 }
328
329 if (sections[lp.ptr].size.hi ||
330 range_covers_byte(sections[lp.ptr].offset_within_address_space,
331 sections[lp.ptr].size.lo, addr)) {
332 return &sections[lp.ptr];
333 } else {
334 return &sections[PHYS_SECTION_UNASSIGNED];
335 }
336 }
337
338 bool memory_region_is_unassigned(MemoryRegion *mr)
339 {
340 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
341 && mr != &io_mem_watch;
342 }
343
344 /* Called from RCU critical section */
345 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
346 hwaddr addr,
347 bool resolve_subpage)
348 {
349 MemoryRegionSection *section;
350 subpage_t *subpage;
351
352 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
353 if (resolve_subpage && section->mr->subpage) {
354 subpage = container_of(section->mr, subpage_t, iomem);
355 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
356 }
357 return section;
358 }
359
360 /* Called from RCU critical section */
361 static MemoryRegionSection *
362 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
363 hwaddr *plen, bool resolve_subpage)
364 {
365 MemoryRegionSection *section;
366 MemoryRegion *mr;
367 Int128 diff;
368
369 section = address_space_lookup_region(d, addr, resolve_subpage);
370 /* Compute offset within MemoryRegionSection */
371 addr -= section->offset_within_address_space;
372
373 /* Compute offset within MemoryRegion */
374 *xlat = addr + section->offset_within_region;
375
376 mr = section->mr;
377
378 /* MMIO registers can be expected to perform full-width accesses based only
379 * on their address, without considering adjacent registers that could
380 * decode to completely different MemoryRegions. When such registers
381 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
382 * regions overlap wildly. For this reason we cannot clamp the accesses
383 * here.
384 *
385 * If the length is small (as is the case for address_space_ldl/stl),
386 * everything works fine. If the incoming length is large, however,
387 * the caller really has to do the clamping through memory_access_size.
388 */
389 if (memory_region_is_ram(mr)) {
390 diff = int128_sub(section->size, int128_make64(addr));
391 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
392 }
393 return section;
394 }
395
396 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
397 {
398 if (memory_region_is_ram(mr)) {
399 return !(is_write && mr->readonly);
400 }
401 if (memory_region_is_romd(mr)) {
402 return !is_write;
403 }
404
405 return false;
406 }
407
408 /* Called from RCU critical section */
409 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
410 hwaddr *xlat, hwaddr *plen,
411 bool is_write)
412 {
413 IOMMUTLBEntry iotlb;
414 MemoryRegionSection *section;
415 MemoryRegion *mr;
416
417 for (;;) {
418 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
419 section = address_space_translate_internal(d, addr, &addr, plen, true);
420 mr = section->mr;
421
422 if (!mr->iommu_ops) {
423 break;
424 }
425
426 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
427 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
428 | (addr & iotlb.addr_mask));
429 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
430 if (!(iotlb.perm & (1 << is_write))) {
431 mr = &io_mem_unassigned;
432 break;
433 }
434
435 as = iotlb.target_as;
436 }
437
438 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
439 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
440 *plen = MIN(page, *plen);
441 }
442
443 *xlat = addr;
444 return mr;
445 }
446
447 /* Called from RCU critical section */
448 MemoryRegionSection *
449 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
450 hwaddr *xlat, hwaddr *plen)
451 {
452 MemoryRegionSection *section;
453 section = address_space_translate_internal(cpu->cpu_ases[0].memory_dispatch,
454 addr, xlat, plen, false);
455
456 assert(!section->mr->iommu_ops);
457 return section;
458 }
459 #endif
460
461 #if !defined(CONFIG_USER_ONLY)
462
463 static int cpu_common_post_load(void *opaque, int version_id)
464 {
465 CPUState *cpu = opaque;
466
467 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
468 version_id is increased. */
469 cpu->interrupt_request &= ~0x01;
470 tlb_flush(cpu, 1);
471
472 return 0;
473 }
474
475 static int cpu_common_pre_load(void *opaque)
476 {
477 CPUState *cpu = opaque;
478
479 cpu->exception_index = -1;
480
481 return 0;
482 }
483
484 static bool cpu_common_exception_index_needed(void *opaque)
485 {
486 CPUState *cpu = opaque;
487
488 return tcg_enabled() && cpu->exception_index != -1;
489 }
490
491 static const VMStateDescription vmstate_cpu_common_exception_index = {
492 .name = "cpu_common/exception_index",
493 .version_id = 1,
494 .minimum_version_id = 1,
495 .needed = cpu_common_exception_index_needed,
496 .fields = (VMStateField[]) {
497 VMSTATE_INT32(exception_index, CPUState),
498 VMSTATE_END_OF_LIST()
499 }
500 };
501
502 static bool cpu_common_crash_occurred_needed(void *opaque)
503 {
504 CPUState *cpu = opaque;
505
506 return cpu->crash_occurred;
507 }
508
509 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
510 .name = "cpu_common/crash_occurred",
511 .version_id = 1,
512 .minimum_version_id = 1,
513 .needed = cpu_common_crash_occurred_needed,
514 .fields = (VMStateField[]) {
515 VMSTATE_BOOL(crash_occurred, CPUState),
516 VMSTATE_END_OF_LIST()
517 }
518 };
519
520 const VMStateDescription vmstate_cpu_common = {
521 .name = "cpu_common",
522 .version_id = 1,
523 .minimum_version_id = 1,
524 .pre_load = cpu_common_pre_load,
525 .post_load = cpu_common_post_load,
526 .fields = (VMStateField[]) {
527 VMSTATE_UINT32(halted, CPUState),
528 VMSTATE_UINT32(interrupt_request, CPUState),
529 VMSTATE_END_OF_LIST()
530 },
531 .subsections = (const VMStateDescription*[]) {
532 &vmstate_cpu_common_exception_index,
533 &vmstate_cpu_common_crash_occurred,
534 NULL
535 }
536 };
537
538 #endif
539
540 CPUState *qemu_get_cpu(int index)
541 {
542 CPUState *cpu;
543
544 CPU_FOREACH(cpu) {
545 if (cpu->cpu_index == index) {
546 return cpu;
547 }
548 }
549
550 return NULL;
551 }
552
553 #if !defined(CONFIG_USER_ONLY)
554 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
555 {
556 /* We only support one address space per cpu at the moment. */
557 assert(cpu->as == as);
558
559 if (cpu->cpu_ases) {
560 /* We've already registered the listener for our only AS */
561 return;
562 }
563
564 cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
565 cpu->cpu_ases[0].cpu = cpu;
566 cpu->cpu_ases[0].as = as;
567 cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
568 memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as);
569 }
570 #endif
571
572 #ifndef CONFIG_USER_ONLY
573 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
574
575 static int cpu_get_free_index(Error **errp)
576 {
577 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
578
579 if (cpu >= MAX_CPUMASK_BITS) {
580 error_setg(errp, "Trying to use more CPUs than max of %d",
581 MAX_CPUMASK_BITS);
582 return -1;
583 }
584
585 bitmap_set(cpu_index_map, cpu, 1);
586 return cpu;
587 }
588
589 void cpu_exec_exit(CPUState *cpu)
590 {
591 if (cpu->cpu_index == -1) {
592 /* cpu_index was never allocated by this @cpu or was already freed. */
593 return;
594 }
595
596 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
597 cpu->cpu_index = -1;
598 }
599 #else
600
601 static int cpu_get_free_index(Error **errp)
602 {
603 CPUState *some_cpu;
604 int cpu_index = 0;
605
606 CPU_FOREACH(some_cpu) {
607 cpu_index++;
608 }
609 return cpu_index;
610 }
611
612 void cpu_exec_exit(CPUState *cpu)
613 {
614 }
615 #endif
616
617 void cpu_exec_init(CPUState *cpu, Error **errp)
618 {
619 CPUClass *cc = CPU_GET_CLASS(cpu);
620 int cpu_index;
621 Error *local_err = NULL;
622
623 #ifndef CONFIG_USER_ONLY
624 cpu->as = &address_space_memory;
625 cpu->thread_id = qemu_get_thread_id();
626 #endif
627
628 #if defined(CONFIG_USER_ONLY)
629 cpu_list_lock();
630 #endif
631 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
632 if (local_err) {
633 error_propagate(errp, local_err);
634 #if defined(CONFIG_USER_ONLY)
635 cpu_list_unlock();
636 #endif
637 return;
638 }
639 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
640 #if defined(CONFIG_USER_ONLY)
641 cpu_list_unlock();
642 #endif
643 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
644 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
645 }
646 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
647 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
648 cpu_save, cpu_load, cpu->env_ptr);
649 assert(cc->vmsd == NULL);
650 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
651 #endif
652 if (cc->vmsd != NULL) {
653 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
654 }
655 }
656
657 #if defined(CONFIG_USER_ONLY)
658 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
659 {
660 tb_invalidate_phys_page_range(pc, pc + 1, 0);
661 }
662 #else
663 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
664 {
665 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
666 if (phys != -1) {
667 tb_invalidate_phys_addr(cpu->as,
668 phys | (pc & ~TARGET_PAGE_MASK));
669 }
670 }
671 #endif
672
673 #if defined(CONFIG_USER_ONLY)
674 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
675
676 {
677 }
678
679 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
680 int flags)
681 {
682 return -ENOSYS;
683 }
684
685 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
686 {
687 }
688
689 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
690 int flags, CPUWatchpoint **watchpoint)
691 {
692 return -ENOSYS;
693 }
694 #else
695 /* Add a watchpoint. */
696 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
697 int flags, CPUWatchpoint **watchpoint)
698 {
699 CPUWatchpoint *wp;
700
701 /* forbid ranges which are empty or run off the end of the address space */
702 if (len == 0 || (addr + len - 1) < addr) {
703 error_report("tried to set invalid watchpoint at %"
704 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
705 return -EINVAL;
706 }
707 wp = g_malloc(sizeof(*wp));
708
709 wp->vaddr = addr;
710 wp->len = len;
711 wp->flags = flags;
712
713 /* keep all GDB-injected watchpoints in front */
714 if (flags & BP_GDB) {
715 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
716 } else {
717 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
718 }
719
720 tlb_flush_page(cpu, addr);
721
722 if (watchpoint)
723 *watchpoint = wp;
724 return 0;
725 }
726
727 /* Remove a specific watchpoint. */
728 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
729 int flags)
730 {
731 CPUWatchpoint *wp;
732
733 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
734 if (addr == wp->vaddr && len == wp->len
735 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
736 cpu_watchpoint_remove_by_ref(cpu, wp);
737 return 0;
738 }
739 }
740 return -ENOENT;
741 }
742
743 /* Remove a specific watchpoint by reference. */
744 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
745 {
746 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
747
748 tlb_flush_page(cpu, watchpoint->vaddr);
749
750 g_free(watchpoint);
751 }
752
753 /* Remove all matching watchpoints. */
754 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
755 {
756 CPUWatchpoint *wp, *next;
757
758 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
759 if (wp->flags & mask) {
760 cpu_watchpoint_remove_by_ref(cpu, wp);
761 }
762 }
763 }
764
765 /* Return true if this watchpoint address matches the specified
766 * access (ie the address range covered by the watchpoint overlaps
767 * partially or completely with the address range covered by the
768 * access).
769 */
770 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
771 vaddr addr,
772 vaddr len)
773 {
774 /* We know the lengths are non-zero, but a little caution is
775 * required to avoid errors in the case where the range ends
776 * exactly at the top of the address space and so addr + len
777 * wraps round to zero.
778 */
779 vaddr wpend = wp->vaddr + wp->len - 1;
780 vaddr addrend = addr + len - 1;
781
782 return !(addr > wpend || wp->vaddr > addrend);
783 }
784
785 #endif
786
787 /* Add a breakpoint. */
788 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
789 CPUBreakpoint **breakpoint)
790 {
791 CPUBreakpoint *bp;
792
793 bp = g_malloc(sizeof(*bp));
794
795 bp->pc = pc;
796 bp->flags = flags;
797
798 /* keep all GDB-injected breakpoints in front */
799 if (flags & BP_GDB) {
800 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
801 } else {
802 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
803 }
804
805 breakpoint_invalidate(cpu, pc);
806
807 if (breakpoint) {
808 *breakpoint = bp;
809 }
810 return 0;
811 }
812
813 /* Remove a specific breakpoint. */
814 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
815 {
816 CPUBreakpoint *bp;
817
818 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
819 if (bp->pc == pc && bp->flags == flags) {
820 cpu_breakpoint_remove_by_ref(cpu, bp);
821 return 0;
822 }
823 }
824 return -ENOENT;
825 }
826
827 /* Remove a specific breakpoint by reference. */
828 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
829 {
830 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
831
832 breakpoint_invalidate(cpu, breakpoint->pc);
833
834 g_free(breakpoint);
835 }
836
837 /* Remove all matching breakpoints. */
838 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
839 {
840 CPUBreakpoint *bp, *next;
841
842 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
843 if (bp->flags & mask) {
844 cpu_breakpoint_remove_by_ref(cpu, bp);
845 }
846 }
847 }
848
849 /* enable or disable single step mode. EXCP_DEBUG is returned by the
850 CPU loop after each instruction */
851 void cpu_single_step(CPUState *cpu, int enabled)
852 {
853 if (cpu->singlestep_enabled != enabled) {
854 cpu->singlestep_enabled = enabled;
855 if (kvm_enabled()) {
856 kvm_update_guest_debug(cpu, 0);
857 } else {
858 /* must flush all the translated code to avoid inconsistencies */
859 /* XXX: only flush what is necessary */
860 tb_flush(cpu);
861 }
862 }
863 }
864
865 void cpu_abort(CPUState *cpu, const char *fmt, ...)
866 {
867 va_list ap;
868 va_list ap2;
869
870 va_start(ap, fmt);
871 va_copy(ap2, ap);
872 fprintf(stderr, "qemu: fatal: ");
873 vfprintf(stderr, fmt, ap);
874 fprintf(stderr, "\n");
875 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
876 if (qemu_log_enabled()) {
877 qemu_log("qemu: fatal: ");
878 qemu_log_vprintf(fmt, ap2);
879 qemu_log("\n");
880 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
881 qemu_log_flush();
882 qemu_log_close();
883 }
884 va_end(ap2);
885 va_end(ap);
886 replay_finish();
887 #if defined(CONFIG_USER_ONLY)
888 {
889 struct sigaction act;
890 sigfillset(&act.sa_mask);
891 act.sa_handler = SIG_DFL;
892 sigaction(SIGABRT, &act, NULL);
893 }
894 #endif
895 abort();
896 }
897
898 #if !defined(CONFIG_USER_ONLY)
899 /* Called from RCU critical section */
900 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
901 {
902 RAMBlock *block;
903
904 block = atomic_rcu_read(&ram_list.mru_block);
905 if (block && addr - block->offset < block->max_length) {
906 goto found;
907 }
908 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
909 if (addr - block->offset < block->max_length) {
910 goto found;
911 }
912 }
913
914 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
915 abort();
916
917 found:
918 /* It is safe to write mru_block outside the iothread lock. This
919 * is what happens:
920 *
921 * mru_block = xxx
922 * rcu_read_unlock()
923 * xxx removed from list
924 * rcu_read_lock()
925 * read mru_block
926 * mru_block = NULL;
927 * call_rcu(reclaim_ramblock, xxx);
928 * rcu_read_unlock()
929 *
930 * atomic_rcu_set is not needed here. The block was already published
931 * when it was placed into the list. Here we're just making an extra
932 * copy of the pointer.
933 */
934 ram_list.mru_block = block;
935 return block;
936 }
937
938 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
939 {
940 CPUState *cpu;
941 ram_addr_t start1;
942 RAMBlock *block;
943 ram_addr_t end;
944
945 end = TARGET_PAGE_ALIGN(start + length);
946 start &= TARGET_PAGE_MASK;
947
948 rcu_read_lock();
949 block = qemu_get_ram_block(start);
950 assert(block == qemu_get_ram_block(end - 1));
951 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
952 CPU_FOREACH(cpu) {
953 tlb_reset_dirty(cpu, start1, length);
954 }
955 rcu_read_unlock();
956 }
957
958 /* Note: start and end must be within the same ram block. */
959 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
960 ram_addr_t length,
961 unsigned client)
962 {
963 unsigned long end, page;
964 bool dirty;
965
966 if (length == 0) {
967 return false;
968 }
969
970 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
971 page = start >> TARGET_PAGE_BITS;
972 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
973 page, end - page);
974
975 if (dirty && tcg_enabled()) {
976 tlb_reset_dirty_range_all(start, length);
977 }
978
979 return dirty;
980 }
981
982 /* Called from RCU critical section */
983 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
984 MemoryRegionSection *section,
985 target_ulong vaddr,
986 hwaddr paddr, hwaddr xlat,
987 int prot,
988 target_ulong *address)
989 {
990 hwaddr iotlb;
991 CPUWatchpoint *wp;
992
993 if (memory_region_is_ram(section->mr)) {
994 /* Normal RAM. */
995 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
996 + xlat;
997 if (!section->readonly) {
998 iotlb |= PHYS_SECTION_NOTDIRTY;
999 } else {
1000 iotlb |= PHYS_SECTION_ROM;
1001 }
1002 } else {
1003 AddressSpaceDispatch *d;
1004
1005 d = atomic_rcu_read(&section->address_space->dispatch);
1006 iotlb = section - d->map.sections;
1007 iotlb += xlat;
1008 }
1009
1010 /* Make accesses to pages with watchpoints go via the
1011 watchpoint trap routines. */
1012 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1013 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1014 /* Avoid trapping reads of pages with a write breakpoint. */
1015 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1016 iotlb = PHYS_SECTION_WATCH + paddr;
1017 *address |= TLB_MMIO;
1018 break;
1019 }
1020 }
1021 }
1022
1023 return iotlb;
1024 }
1025 #endif /* defined(CONFIG_USER_ONLY) */
1026
1027 #if !defined(CONFIG_USER_ONLY)
1028
1029 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1030 uint16_t section);
1031 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1032
1033 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1034 qemu_anon_ram_alloc;
1035
1036 /*
1037 * Set a custom physical guest memory alloator.
1038 * Accelerators with unusual needs may need this. Hopefully, we can
1039 * get rid of it eventually.
1040 */
1041 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1042 {
1043 phys_mem_alloc = alloc;
1044 }
1045
1046 static uint16_t phys_section_add(PhysPageMap *map,
1047 MemoryRegionSection *section)
1048 {
1049 /* The physical section number is ORed with a page-aligned
1050 * pointer to produce the iotlb entries. Thus it should
1051 * never overflow into the page-aligned value.
1052 */
1053 assert(map->sections_nb < TARGET_PAGE_SIZE);
1054
1055 if (map->sections_nb == map->sections_nb_alloc) {
1056 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1057 map->sections = g_renew(MemoryRegionSection, map->sections,
1058 map->sections_nb_alloc);
1059 }
1060 map->sections[map->sections_nb] = *section;
1061 memory_region_ref(section->mr);
1062 return map->sections_nb++;
1063 }
1064
1065 static void phys_section_destroy(MemoryRegion *mr)
1066 {
1067 memory_region_unref(mr);
1068
1069 if (mr->subpage) {
1070 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1071 object_unref(OBJECT(&subpage->iomem));
1072 g_free(subpage);
1073 }
1074 }
1075
1076 static void phys_sections_free(PhysPageMap *map)
1077 {
1078 while (map->sections_nb > 0) {
1079 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1080 phys_section_destroy(section->mr);
1081 }
1082 g_free(map->sections);
1083 g_free(map->nodes);
1084 }
1085
1086 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1087 {
1088 subpage_t *subpage;
1089 hwaddr base = section->offset_within_address_space
1090 & TARGET_PAGE_MASK;
1091 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1092 d->map.nodes, d->map.sections);
1093 MemoryRegionSection subsection = {
1094 .offset_within_address_space = base,
1095 .size = int128_make64(TARGET_PAGE_SIZE),
1096 };
1097 hwaddr start, end;
1098
1099 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1100
1101 if (!(existing->mr->subpage)) {
1102 subpage = subpage_init(d->as, base);
1103 subsection.address_space = d->as;
1104 subsection.mr = &subpage->iomem;
1105 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1106 phys_section_add(&d->map, &subsection));
1107 } else {
1108 subpage = container_of(existing->mr, subpage_t, iomem);
1109 }
1110 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1111 end = start + int128_get64(section->size) - 1;
1112 subpage_register(subpage, start, end,
1113 phys_section_add(&d->map, section));
1114 }
1115
1116
1117 static void register_multipage(AddressSpaceDispatch *d,
1118 MemoryRegionSection *section)
1119 {
1120 hwaddr start_addr = section->offset_within_address_space;
1121 uint16_t section_index = phys_section_add(&d->map, section);
1122 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1123 TARGET_PAGE_BITS));
1124
1125 assert(num_pages);
1126 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1127 }
1128
1129 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1130 {
1131 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1132 AddressSpaceDispatch *d = as->next_dispatch;
1133 MemoryRegionSection now = *section, remain = *section;
1134 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1135
1136 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1137 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1138 - now.offset_within_address_space;
1139
1140 now.size = int128_min(int128_make64(left), now.size);
1141 register_subpage(d, &now);
1142 } else {
1143 now.size = int128_zero();
1144 }
1145 while (int128_ne(remain.size, now.size)) {
1146 remain.size = int128_sub(remain.size, now.size);
1147 remain.offset_within_address_space += int128_get64(now.size);
1148 remain.offset_within_region += int128_get64(now.size);
1149 now = remain;
1150 if (int128_lt(remain.size, page_size)) {
1151 register_subpage(d, &now);
1152 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1153 now.size = page_size;
1154 register_subpage(d, &now);
1155 } else {
1156 now.size = int128_and(now.size, int128_neg(page_size));
1157 register_multipage(d, &now);
1158 }
1159 }
1160 }
1161
1162 void qemu_flush_coalesced_mmio_buffer(void)
1163 {
1164 if (kvm_enabled())
1165 kvm_flush_coalesced_mmio_buffer();
1166 }
1167
1168 void qemu_mutex_lock_ramlist(void)
1169 {
1170 qemu_mutex_lock(&ram_list.mutex);
1171 }
1172
1173 void qemu_mutex_unlock_ramlist(void)
1174 {
1175 qemu_mutex_unlock(&ram_list.mutex);
1176 }
1177
1178 #ifdef __linux__
1179
1180 #include <sys/vfs.h>
1181
1182 #define HUGETLBFS_MAGIC 0x958458f6
1183
1184 static long gethugepagesize(const char *path, Error **errp)
1185 {
1186 struct statfs fs;
1187 int ret;
1188
1189 do {
1190 ret = statfs(path, &fs);
1191 } while (ret != 0 && errno == EINTR);
1192
1193 if (ret != 0) {
1194 error_setg_errno(errp, errno, "failed to get page size of file %s",
1195 path);
1196 return 0;
1197 }
1198
1199 if (fs.f_type != HUGETLBFS_MAGIC)
1200 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1201
1202 return fs.f_bsize;
1203 }
1204
1205 static void *file_ram_alloc(RAMBlock *block,
1206 ram_addr_t memory,
1207 const char *path,
1208 Error **errp)
1209 {
1210 char *filename;
1211 char *sanitized_name;
1212 char *c;
1213 void *area;
1214 int fd;
1215 uint64_t hpagesize;
1216 Error *local_err = NULL;
1217
1218 hpagesize = gethugepagesize(path, &local_err);
1219 if (local_err) {
1220 error_propagate(errp, local_err);
1221 goto error;
1222 }
1223 block->mr->align = hpagesize;
1224
1225 if (memory < hpagesize) {
1226 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1227 "or larger than huge page size 0x%" PRIx64,
1228 memory, hpagesize);
1229 goto error;
1230 }
1231
1232 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1233 error_setg(errp,
1234 "host lacks kvm mmu notifiers, -mem-path unsupported");
1235 goto error;
1236 }
1237
1238 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1239 sanitized_name = g_strdup(memory_region_name(block->mr));
1240 for (c = sanitized_name; *c != '\0'; c++) {
1241 if (*c == '/')
1242 *c = '_';
1243 }
1244
1245 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1246 sanitized_name);
1247 g_free(sanitized_name);
1248
1249 fd = mkstemp(filename);
1250 if (fd < 0) {
1251 error_setg_errno(errp, errno,
1252 "unable to create backing store for hugepages");
1253 g_free(filename);
1254 goto error;
1255 }
1256 unlink(filename);
1257 g_free(filename);
1258
1259 memory = ROUND_UP(memory, hpagesize);
1260
1261 /*
1262 * ftruncate is not supported by hugetlbfs in older
1263 * hosts, so don't bother bailing out on errors.
1264 * If anything goes wrong with it under other filesystems,
1265 * mmap will fail.
1266 */
1267 if (ftruncate(fd, memory)) {
1268 perror("ftruncate");
1269 }
1270
1271 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
1272 if (area == MAP_FAILED) {
1273 error_setg_errno(errp, errno,
1274 "unable to map backing store for hugepages");
1275 close(fd);
1276 goto error;
1277 }
1278
1279 if (mem_prealloc) {
1280 os_mem_prealloc(fd, area, memory);
1281 }
1282
1283 block->fd = fd;
1284 return area;
1285
1286 error:
1287 if (mem_prealloc) {
1288 error_report("%s", error_get_pretty(*errp));
1289 exit(1);
1290 }
1291 return NULL;
1292 }
1293 #endif
1294
1295 /* Called with the ramlist lock held. */
1296 static ram_addr_t find_ram_offset(ram_addr_t size)
1297 {
1298 RAMBlock *block, *next_block;
1299 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1300
1301 assert(size != 0); /* it would hand out same offset multiple times */
1302
1303 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1304 return 0;
1305 }
1306
1307 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1308 ram_addr_t end, next = RAM_ADDR_MAX;
1309
1310 end = block->offset + block->max_length;
1311
1312 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1313 if (next_block->offset >= end) {
1314 next = MIN(next, next_block->offset);
1315 }
1316 }
1317 if (next - end >= size && next - end < mingap) {
1318 offset = end;
1319 mingap = next - end;
1320 }
1321 }
1322
1323 if (offset == RAM_ADDR_MAX) {
1324 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1325 (uint64_t)size);
1326 abort();
1327 }
1328
1329 return offset;
1330 }
1331
1332 ram_addr_t last_ram_offset(void)
1333 {
1334 RAMBlock *block;
1335 ram_addr_t last = 0;
1336
1337 rcu_read_lock();
1338 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1339 last = MAX(last, block->offset + block->max_length);
1340 }
1341 rcu_read_unlock();
1342 return last;
1343 }
1344
1345 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1346 {
1347 int ret;
1348
1349 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1350 if (!machine_dump_guest_core(current_machine)) {
1351 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1352 if (ret) {
1353 perror("qemu_madvise");
1354 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1355 "but dump_guest_core=off specified\n");
1356 }
1357 }
1358 }
1359
1360 /* Called within an RCU critical section, or while the ramlist lock
1361 * is held.
1362 */
1363 static RAMBlock *find_ram_block(ram_addr_t addr)
1364 {
1365 RAMBlock *block;
1366
1367 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1368 if (block->offset == addr) {
1369 return block;
1370 }
1371 }
1372
1373 return NULL;
1374 }
1375
1376 /* Called with iothread lock held. */
1377 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1378 {
1379 RAMBlock *new_block, *block;
1380
1381 rcu_read_lock();
1382 new_block = find_ram_block(addr);
1383 assert(new_block);
1384 assert(!new_block->idstr[0]);
1385
1386 if (dev) {
1387 char *id = qdev_get_dev_path(dev);
1388 if (id) {
1389 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1390 g_free(id);
1391 }
1392 }
1393 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1394
1395 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1396 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1397 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1398 new_block->idstr);
1399 abort();
1400 }
1401 }
1402 rcu_read_unlock();
1403 }
1404
1405 /* Called with iothread lock held. */
1406 void qemu_ram_unset_idstr(ram_addr_t addr)
1407 {
1408 RAMBlock *block;
1409
1410 /* FIXME: arch_init.c assumes that this is not called throughout
1411 * migration. Ignore the problem since hot-unplug during migration
1412 * does not work anyway.
1413 */
1414
1415 rcu_read_lock();
1416 block = find_ram_block(addr);
1417 if (block) {
1418 memset(block->idstr, 0, sizeof(block->idstr));
1419 }
1420 rcu_read_unlock();
1421 }
1422
1423 static int memory_try_enable_merging(void *addr, size_t len)
1424 {
1425 if (!machine_mem_merge(current_machine)) {
1426 /* disabled by the user */
1427 return 0;
1428 }
1429
1430 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1431 }
1432
1433 /* Only legal before guest might have detected the memory size: e.g. on
1434 * incoming migration, or right after reset.
1435 *
1436 * As memory core doesn't know how is memory accessed, it is up to
1437 * resize callback to update device state and/or add assertions to detect
1438 * misuse, if necessary.
1439 */
1440 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1441 {
1442 RAMBlock *block = find_ram_block(base);
1443
1444 assert(block);
1445
1446 newsize = TARGET_PAGE_ALIGN(newsize);
1447
1448 if (block->used_length == newsize) {
1449 return 0;
1450 }
1451
1452 if (!(block->flags & RAM_RESIZEABLE)) {
1453 error_setg_errno(errp, EINVAL,
1454 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1455 " in != 0x" RAM_ADDR_FMT, block->idstr,
1456 newsize, block->used_length);
1457 return -EINVAL;
1458 }
1459
1460 if (block->max_length < newsize) {
1461 error_setg_errno(errp, EINVAL,
1462 "Length too large: %s: 0x" RAM_ADDR_FMT
1463 " > 0x" RAM_ADDR_FMT, block->idstr,
1464 newsize, block->max_length);
1465 return -EINVAL;
1466 }
1467
1468 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1469 block->used_length = newsize;
1470 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1471 DIRTY_CLIENTS_ALL);
1472 memory_region_set_size(block->mr, newsize);
1473 if (block->resized) {
1474 block->resized(block->idstr, newsize, block->host);
1475 }
1476 return 0;
1477 }
1478
1479 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1480 {
1481 RAMBlock *block;
1482 RAMBlock *last_block = NULL;
1483 ram_addr_t old_ram_size, new_ram_size;
1484
1485 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1486
1487 qemu_mutex_lock_ramlist();
1488 new_block->offset = find_ram_offset(new_block->max_length);
1489
1490 if (!new_block->host) {
1491 if (xen_enabled()) {
1492 xen_ram_alloc(new_block->offset, new_block->max_length,
1493 new_block->mr);
1494 } else {
1495 new_block->host = phys_mem_alloc(new_block->max_length,
1496 &new_block->mr->align);
1497 if (!new_block->host) {
1498 error_setg_errno(errp, errno,
1499 "cannot set up guest memory '%s'",
1500 memory_region_name(new_block->mr));
1501 qemu_mutex_unlock_ramlist();
1502 return -1;
1503 }
1504 memory_try_enable_merging(new_block->host, new_block->max_length);
1505 }
1506 }
1507
1508 new_ram_size = MAX(old_ram_size,
1509 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1510 if (new_ram_size > old_ram_size) {
1511 migration_bitmap_extend(old_ram_size, new_ram_size);
1512 }
1513 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1514 * QLIST (which has an RCU-friendly variant) does not have insertion at
1515 * tail, so save the last element in last_block.
1516 */
1517 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1518 last_block = block;
1519 if (block->max_length < new_block->max_length) {
1520 break;
1521 }
1522 }
1523 if (block) {
1524 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1525 } else if (last_block) {
1526 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1527 } else { /* list is empty */
1528 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1529 }
1530 ram_list.mru_block = NULL;
1531
1532 /* Write list before version */
1533 smp_wmb();
1534 ram_list.version++;
1535 qemu_mutex_unlock_ramlist();
1536
1537 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1538
1539 if (new_ram_size > old_ram_size) {
1540 int i;
1541
1542 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1543 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1544 ram_list.dirty_memory[i] =
1545 bitmap_zero_extend(ram_list.dirty_memory[i],
1546 old_ram_size, new_ram_size);
1547 }
1548 }
1549 cpu_physical_memory_set_dirty_range(new_block->offset,
1550 new_block->used_length,
1551 DIRTY_CLIENTS_ALL);
1552
1553 if (new_block->host) {
1554 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1555 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1556 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1557 if (kvm_enabled()) {
1558 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1559 }
1560 }
1561
1562 return new_block->offset;
1563 }
1564
1565 #ifdef __linux__
1566 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1567 bool share, const char *mem_path,
1568 Error **errp)
1569 {
1570 RAMBlock *new_block;
1571 ram_addr_t addr;
1572 Error *local_err = NULL;
1573
1574 if (xen_enabled()) {
1575 error_setg(errp, "-mem-path not supported with Xen");
1576 return -1;
1577 }
1578
1579 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1580 /*
1581 * file_ram_alloc() needs to allocate just like
1582 * phys_mem_alloc, but we haven't bothered to provide
1583 * a hook there.
1584 */
1585 error_setg(errp,
1586 "-mem-path not supported with this accelerator");
1587 return -1;
1588 }
1589
1590 size = TARGET_PAGE_ALIGN(size);
1591 new_block = g_malloc0(sizeof(*new_block));
1592 new_block->mr = mr;
1593 new_block->used_length = size;
1594 new_block->max_length = size;
1595 new_block->flags = share ? RAM_SHARED : 0;
1596 new_block->flags |= RAM_FILE;
1597 new_block->host = file_ram_alloc(new_block, size,
1598 mem_path, errp);
1599 if (!new_block->host) {
1600 g_free(new_block);
1601 return -1;
1602 }
1603
1604 addr = ram_block_add(new_block, &local_err);
1605 if (local_err) {
1606 g_free(new_block);
1607 error_propagate(errp, local_err);
1608 return -1;
1609 }
1610 return addr;
1611 }
1612 #endif
1613
1614 static
1615 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1616 void (*resized)(const char*,
1617 uint64_t length,
1618 void *host),
1619 void *host, bool resizeable,
1620 MemoryRegion *mr, Error **errp)
1621 {
1622 RAMBlock *new_block;
1623 ram_addr_t addr;
1624 Error *local_err = NULL;
1625
1626 size = TARGET_PAGE_ALIGN(size);
1627 max_size = TARGET_PAGE_ALIGN(max_size);
1628 new_block = g_malloc0(sizeof(*new_block));
1629 new_block->mr = mr;
1630 new_block->resized = resized;
1631 new_block->used_length = size;
1632 new_block->max_length = max_size;
1633 assert(max_size >= size);
1634 new_block->fd = -1;
1635 new_block->host = host;
1636 if (host) {
1637 new_block->flags |= RAM_PREALLOC;
1638 }
1639 if (resizeable) {
1640 new_block->flags |= RAM_RESIZEABLE;
1641 }
1642 addr = ram_block_add(new_block, &local_err);
1643 if (local_err) {
1644 g_free(new_block);
1645 error_propagate(errp, local_err);
1646 return -1;
1647 }
1648 return addr;
1649 }
1650
1651 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1652 MemoryRegion *mr, Error **errp)
1653 {
1654 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1655 }
1656
1657 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1658 {
1659 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1660 }
1661
1662 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1663 void (*resized)(const char*,
1664 uint64_t length,
1665 void *host),
1666 MemoryRegion *mr, Error **errp)
1667 {
1668 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1669 }
1670
1671 void qemu_ram_free_from_ptr(ram_addr_t addr)
1672 {
1673 RAMBlock *block;
1674
1675 qemu_mutex_lock_ramlist();
1676 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1677 if (addr == block->offset) {
1678 QLIST_REMOVE_RCU(block, next);
1679 ram_list.mru_block = NULL;
1680 /* Write list before version */
1681 smp_wmb();
1682 ram_list.version++;
1683 g_free_rcu(block, rcu);
1684 break;
1685 }
1686 }
1687 qemu_mutex_unlock_ramlist();
1688 }
1689
1690 static void reclaim_ramblock(RAMBlock *block)
1691 {
1692 if (block->flags & RAM_PREALLOC) {
1693 ;
1694 } else if (xen_enabled()) {
1695 xen_invalidate_map_cache_entry(block->host);
1696 #ifndef _WIN32
1697 } else if (block->fd >= 0) {
1698 if (block->flags & RAM_FILE) {
1699 qemu_ram_munmap(block->host, block->max_length);
1700 } else {
1701 munmap(block->host, block->max_length);
1702 }
1703 close(block->fd);
1704 #endif
1705 } else {
1706 qemu_anon_ram_free(block->host, block->max_length);
1707 }
1708 g_free(block);
1709 }
1710
1711 void qemu_ram_free(ram_addr_t addr)
1712 {
1713 RAMBlock *block;
1714
1715 qemu_mutex_lock_ramlist();
1716 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1717 if (addr == block->offset) {
1718 QLIST_REMOVE_RCU(block, next);
1719 ram_list.mru_block = NULL;
1720 /* Write list before version */
1721 smp_wmb();
1722 ram_list.version++;
1723 call_rcu(block, reclaim_ramblock, rcu);
1724 break;
1725 }
1726 }
1727 qemu_mutex_unlock_ramlist();
1728 }
1729
1730 #ifndef _WIN32
1731 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1732 {
1733 RAMBlock *block;
1734 ram_addr_t offset;
1735 int flags;
1736 void *area, *vaddr;
1737
1738 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1739 offset = addr - block->offset;
1740 if (offset < block->max_length) {
1741 vaddr = ramblock_ptr(block, offset);
1742 if (block->flags & RAM_PREALLOC) {
1743 ;
1744 } else if (xen_enabled()) {
1745 abort();
1746 } else {
1747 flags = MAP_FIXED;
1748 if (block->fd >= 0) {
1749 flags |= (block->flags & RAM_SHARED ?
1750 MAP_SHARED : MAP_PRIVATE);
1751 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1752 flags, block->fd, offset);
1753 } else {
1754 /*
1755 * Remap needs to match alloc. Accelerators that
1756 * set phys_mem_alloc never remap. If they did,
1757 * we'd need a remap hook here.
1758 */
1759 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1760
1761 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1762 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1763 flags, -1, 0);
1764 }
1765 if (area != vaddr) {
1766 fprintf(stderr, "Could not remap addr: "
1767 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1768 length, addr);
1769 exit(1);
1770 }
1771 memory_try_enable_merging(vaddr, length);
1772 qemu_ram_setup_dump(vaddr, length);
1773 }
1774 }
1775 }
1776 }
1777 #endif /* !_WIN32 */
1778
1779 int qemu_get_ram_fd(ram_addr_t addr)
1780 {
1781 RAMBlock *block;
1782 int fd;
1783
1784 rcu_read_lock();
1785 block = qemu_get_ram_block(addr);
1786 fd = block->fd;
1787 rcu_read_unlock();
1788 return fd;
1789 }
1790
1791 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1792 {
1793 RAMBlock *block;
1794 void *ptr;
1795
1796 rcu_read_lock();
1797 block = qemu_get_ram_block(addr);
1798 ptr = ramblock_ptr(block, 0);
1799 rcu_read_unlock();
1800 return ptr;
1801 }
1802
1803 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1804 * This should not be used for general purpose DMA. Use address_space_map
1805 * or address_space_rw instead. For local memory (e.g. video ram) that the
1806 * device owns, use memory_region_get_ram_ptr.
1807 *
1808 * By the time this function returns, the returned pointer is not protected
1809 * by RCU anymore. If the caller is not within an RCU critical section and
1810 * does not hold the iothread lock, it must have other means of protecting the
1811 * pointer, such as a reference to the region that includes the incoming
1812 * ram_addr_t.
1813 */
1814 void *qemu_get_ram_ptr(ram_addr_t addr)
1815 {
1816 RAMBlock *block;
1817 void *ptr;
1818
1819 rcu_read_lock();
1820 block = qemu_get_ram_block(addr);
1821
1822 if (xen_enabled() && block->host == NULL) {
1823 /* We need to check if the requested address is in the RAM
1824 * because we don't want to map the entire memory in QEMU.
1825 * In that case just map until the end of the page.
1826 */
1827 if (block->offset == 0) {
1828 ptr = xen_map_cache(addr, 0, 0);
1829 goto unlock;
1830 }
1831
1832 block->host = xen_map_cache(block->offset, block->max_length, 1);
1833 }
1834 ptr = ramblock_ptr(block, addr - block->offset);
1835
1836 unlock:
1837 rcu_read_unlock();
1838 return ptr;
1839 }
1840
1841 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1842 * but takes a size argument.
1843 *
1844 * By the time this function returns, the returned pointer is not protected
1845 * by RCU anymore. If the caller is not within an RCU critical section and
1846 * does not hold the iothread lock, it must have other means of protecting the
1847 * pointer, such as a reference to the region that includes the incoming
1848 * ram_addr_t.
1849 */
1850 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1851 {
1852 void *ptr;
1853 if (*size == 0) {
1854 return NULL;
1855 }
1856 if (xen_enabled()) {
1857 return xen_map_cache(addr, *size, 1);
1858 } else {
1859 RAMBlock *block;
1860 rcu_read_lock();
1861 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1862 if (addr - block->offset < block->max_length) {
1863 if (addr - block->offset + *size > block->max_length)
1864 *size = block->max_length - addr + block->offset;
1865 ptr = ramblock_ptr(block, addr - block->offset);
1866 rcu_read_unlock();
1867 return ptr;
1868 }
1869 }
1870
1871 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1872 abort();
1873 }
1874 }
1875
1876 /* Some of the softmmu routines need to translate from a host pointer
1877 * (typically a TLB entry) back to a ram offset.
1878 *
1879 * By the time this function returns, the returned pointer is not protected
1880 * by RCU anymore. If the caller is not within an RCU critical section and
1881 * does not hold the iothread lock, it must have other means of protecting the
1882 * pointer, such as a reference to the region that includes the incoming
1883 * ram_addr_t.
1884 */
1885 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1886 {
1887 RAMBlock *block;
1888 uint8_t *host = ptr;
1889 MemoryRegion *mr;
1890
1891 if (xen_enabled()) {
1892 rcu_read_lock();
1893 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1894 mr = qemu_get_ram_block(*ram_addr)->mr;
1895 rcu_read_unlock();
1896 return mr;
1897 }
1898
1899 rcu_read_lock();
1900 block = atomic_rcu_read(&ram_list.mru_block);
1901 if (block && block->host && host - block->host < block->max_length) {
1902 goto found;
1903 }
1904
1905 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1906 /* This case append when the block is not mapped. */
1907 if (block->host == NULL) {
1908 continue;
1909 }
1910 if (host - block->host < block->max_length) {
1911 goto found;
1912 }
1913 }
1914
1915 rcu_read_unlock();
1916 return NULL;
1917
1918 found:
1919 *ram_addr = block->offset + (host - block->host);
1920 mr = block->mr;
1921 rcu_read_unlock();
1922 return mr;
1923 }
1924
1925 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1926 uint64_t val, unsigned size)
1927 {
1928 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1929 tb_invalidate_phys_page_fast(ram_addr, size);
1930 }
1931 switch (size) {
1932 case 1:
1933 stb_p(qemu_get_ram_ptr(ram_addr), val);
1934 break;
1935 case 2:
1936 stw_p(qemu_get_ram_ptr(ram_addr), val);
1937 break;
1938 case 4:
1939 stl_p(qemu_get_ram_ptr(ram_addr), val);
1940 break;
1941 default:
1942 abort();
1943 }
1944 /* Set both VGA and migration bits for simplicity and to remove
1945 * the notdirty callback faster.
1946 */
1947 cpu_physical_memory_set_dirty_range(ram_addr, size,
1948 DIRTY_CLIENTS_NOCODE);
1949 /* we remove the notdirty callback only if the code has been
1950 flushed */
1951 if (!cpu_physical_memory_is_clean(ram_addr)) {
1952 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1953 }
1954 }
1955
1956 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1957 unsigned size, bool is_write)
1958 {
1959 return is_write;
1960 }
1961
1962 static const MemoryRegionOps notdirty_mem_ops = {
1963 .write = notdirty_mem_write,
1964 .valid.accepts = notdirty_mem_accepts,
1965 .endianness = DEVICE_NATIVE_ENDIAN,
1966 };
1967
1968 /* Generate a debug exception if a watchpoint has been hit. */
1969 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1970 {
1971 CPUState *cpu = current_cpu;
1972 CPUArchState *env = cpu->env_ptr;
1973 target_ulong pc, cs_base;
1974 target_ulong vaddr;
1975 CPUWatchpoint *wp;
1976 int cpu_flags;
1977
1978 if (cpu->watchpoint_hit) {
1979 /* We re-entered the check after replacing the TB. Now raise
1980 * the debug interrupt so that is will trigger after the
1981 * current instruction. */
1982 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1983 return;
1984 }
1985 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1986 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1987 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1988 && (wp->flags & flags)) {
1989 if (flags == BP_MEM_READ) {
1990 wp->flags |= BP_WATCHPOINT_HIT_READ;
1991 } else {
1992 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1993 }
1994 wp->hitaddr = vaddr;
1995 wp->hitattrs = attrs;
1996 if (!cpu->watchpoint_hit) {
1997 cpu->watchpoint_hit = wp;
1998 tb_check_watchpoint(cpu);
1999 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2000 cpu->exception_index = EXCP_DEBUG;
2001 cpu_loop_exit(cpu);
2002 } else {
2003 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2004 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2005 cpu_resume_from_signal(cpu, NULL);
2006 }
2007 }
2008 } else {
2009 wp->flags &= ~BP_WATCHPOINT_HIT;
2010 }
2011 }
2012 }
2013
2014 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2015 so these check for a hit then pass through to the normal out-of-line
2016 phys routines. */
2017 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2018 unsigned size, MemTxAttrs attrs)
2019 {
2020 MemTxResult res;
2021 uint64_t data;
2022
2023 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2024 switch (size) {
2025 case 1:
2026 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2027 break;
2028 case 2:
2029 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2030 break;
2031 case 4:
2032 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2033 break;
2034 default: abort();
2035 }
2036 *pdata = data;
2037 return res;
2038 }
2039
2040 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2041 uint64_t val, unsigned size,
2042 MemTxAttrs attrs)
2043 {
2044 MemTxResult res;
2045
2046 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2047 switch (size) {
2048 case 1:
2049 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2050 break;
2051 case 2:
2052 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2053 break;
2054 case 4:
2055 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2056 break;
2057 default: abort();
2058 }
2059 return res;
2060 }
2061
2062 static const MemoryRegionOps watch_mem_ops = {
2063 .read_with_attrs = watch_mem_read,
2064 .write_with_attrs = watch_mem_write,
2065 .endianness = DEVICE_NATIVE_ENDIAN,
2066 };
2067
2068 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2069 unsigned len, MemTxAttrs attrs)
2070 {
2071 subpage_t *subpage = opaque;
2072 uint8_t buf[8];
2073 MemTxResult res;
2074
2075 #if defined(DEBUG_SUBPAGE)
2076 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2077 subpage, len, addr);
2078 #endif
2079 res = address_space_read(subpage->as, addr + subpage->base,
2080 attrs, buf, len);
2081 if (res) {
2082 return res;
2083 }
2084 switch (len) {
2085 case 1:
2086 *data = ldub_p(buf);
2087 return MEMTX_OK;
2088 case 2:
2089 *data = lduw_p(buf);
2090 return MEMTX_OK;
2091 case 4:
2092 *data = ldl_p(buf);
2093 return MEMTX_OK;
2094 case 8:
2095 *data = ldq_p(buf);
2096 return MEMTX_OK;
2097 default:
2098 abort();
2099 }
2100 }
2101
2102 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2103 uint64_t value, unsigned len, MemTxAttrs attrs)
2104 {
2105 subpage_t *subpage = opaque;
2106 uint8_t buf[8];
2107
2108 #if defined(DEBUG_SUBPAGE)
2109 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2110 " value %"PRIx64"\n",
2111 __func__, subpage, len, addr, value);
2112 #endif
2113 switch (len) {
2114 case 1:
2115 stb_p(buf, value);
2116 break;
2117 case 2:
2118 stw_p(buf, value);
2119 break;
2120 case 4:
2121 stl_p(buf, value);
2122 break;
2123 case 8:
2124 stq_p(buf, value);
2125 break;
2126 default:
2127 abort();
2128 }
2129 return address_space_write(subpage->as, addr + subpage->base,
2130 attrs, buf, len);
2131 }
2132
2133 static bool subpage_accepts(void *opaque, hwaddr addr,
2134 unsigned len, bool is_write)
2135 {
2136 subpage_t *subpage = opaque;
2137 #if defined(DEBUG_SUBPAGE)
2138 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2139 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2140 #endif
2141
2142 return address_space_access_valid(subpage->as, addr + subpage->base,
2143 len, is_write);
2144 }
2145
2146 static const MemoryRegionOps subpage_ops = {
2147 .read_with_attrs = subpage_read,
2148 .write_with_attrs = subpage_write,
2149 .impl.min_access_size = 1,
2150 .impl.max_access_size = 8,
2151 .valid.min_access_size = 1,
2152 .valid.max_access_size = 8,
2153 .valid.accepts = subpage_accepts,
2154 .endianness = DEVICE_NATIVE_ENDIAN,
2155 };
2156
2157 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2158 uint16_t section)
2159 {
2160 int idx, eidx;
2161
2162 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2163 return -1;
2164 idx = SUBPAGE_IDX(start);
2165 eidx = SUBPAGE_IDX(end);
2166 #if defined(DEBUG_SUBPAGE)
2167 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2168 __func__, mmio, start, end, idx, eidx, section);
2169 #endif
2170 for (; idx <= eidx; idx++) {
2171 mmio->sub_section[idx] = section;
2172 }
2173
2174 return 0;
2175 }
2176
2177 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2178 {
2179 subpage_t *mmio;
2180
2181 mmio = g_malloc0(sizeof(subpage_t));
2182
2183 mmio->as = as;
2184 mmio->base = base;
2185 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2186 NULL, TARGET_PAGE_SIZE);
2187 mmio->iomem.subpage = true;
2188 #if defined(DEBUG_SUBPAGE)
2189 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2190 mmio, base, TARGET_PAGE_SIZE);
2191 #endif
2192 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2193
2194 return mmio;
2195 }
2196
2197 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2198 MemoryRegion *mr)
2199 {
2200 assert(as);
2201 MemoryRegionSection section = {
2202 .address_space = as,
2203 .mr = mr,
2204 .offset_within_address_space = 0,
2205 .offset_within_region = 0,
2206 .size = int128_2_64(),
2207 };
2208
2209 return phys_section_add(map, &section);
2210 }
2211
2212 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2213 {
2214 CPUAddressSpace *cpuas = &cpu->cpu_ases[0];
2215 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2216 MemoryRegionSection *sections = d->map.sections;
2217
2218 return sections[index & ~TARGET_PAGE_MASK].mr;
2219 }
2220
2221 static void io_mem_init(void)
2222 {
2223 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2224 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2225 NULL, UINT64_MAX);
2226 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2227 NULL, UINT64_MAX);
2228 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2229 NULL, UINT64_MAX);
2230 }
2231
2232 static void mem_begin(MemoryListener *listener)
2233 {
2234 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2235 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2236 uint16_t n;
2237
2238 n = dummy_section(&d->map, as, &io_mem_unassigned);
2239 assert(n == PHYS_SECTION_UNASSIGNED);
2240 n = dummy_section(&d->map, as, &io_mem_notdirty);
2241 assert(n == PHYS_SECTION_NOTDIRTY);
2242 n = dummy_section(&d->map, as, &io_mem_rom);
2243 assert(n == PHYS_SECTION_ROM);
2244 n = dummy_section(&d->map, as, &io_mem_watch);
2245 assert(n == PHYS_SECTION_WATCH);
2246
2247 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2248 d->as = as;
2249 as->next_dispatch = d;
2250 }
2251
2252 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2253 {
2254 phys_sections_free(&d->map);
2255 g_free(d);
2256 }
2257
2258 static void mem_commit(MemoryListener *listener)
2259 {
2260 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2261 AddressSpaceDispatch *cur = as->dispatch;
2262 AddressSpaceDispatch *next = as->next_dispatch;
2263
2264 phys_page_compact_all(next, next->map.nodes_nb);
2265
2266 atomic_rcu_set(&as->dispatch, next);
2267 if (cur) {
2268 call_rcu(cur, address_space_dispatch_free, rcu);
2269 }
2270 }
2271
2272 static void tcg_commit(MemoryListener *listener)
2273 {
2274 CPUAddressSpace *cpuas;
2275 AddressSpaceDispatch *d;
2276
2277 /* since each CPU stores ram addresses in its TLB cache, we must
2278 reset the modified entries */
2279 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2280 cpu_reloading_memory_map();
2281 /* The CPU and TLB are protected by the iothread lock.
2282 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2283 * may have split the RCU critical section.
2284 */
2285 d = atomic_rcu_read(&cpuas->as->dispatch);
2286 cpuas->memory_dispatch = d;
2287 tlb_flush(cpuas->cpu, 1);
2288 }
2289
2290 void address_space_init_dispatch(AddressSpace *as)
2291 {
2292 as->dispatch = NULL;
2293 as->dispatch_listener = (MemoryListener) {
2294 .begin = mem_begin,
2295 .commit = mem_commit,
2296 .region_add = mem_add,
2297 .region_nop = mem_add,
2298 .priority = 0,
2299 };
2300 memory_listener_register(&as->dispatch_listener, as);
2301 }
2302
2303 void address_space_unregister(AddressSpace *as)
2304 {
2305 memory_listener_unregister(&as->dispatch_listener);
2306 }
2307
2308 void address_space_destroy_dispatch(AddressSpace *as)
2309 {
2310 AddressSpaceDispatch *d = as->dispatch;
2311
2312 atomic_rcu_set(&as->dispatch, NULL);
2313 if (d) {
2314 call_rcu(d, address_space_dispatch_free, rcu);
2315 }
2316 }
2317
2318 static void memory_map_init(void)
2319 {
2320 system_memory = g_malloc(sizeof(*system_memory));
2321
2322 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2323 address_space_init(&address_space_memory, system_memory, "memory");
2324
2325 system_io = g_malloc(sizeof(*system_io));
2326 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2327 65536);
2328 address_space_init(&address_space_io, system_io, "I/O");
2329 }
2330
2331 MemoryRegion *get_system_memory(void)
2332 {
2333 return system_memory;
2334 }
2335
2336 MemoryRegion *get_system_io(void)
2337 {
2338 return system_io;
2339 }
2340
2341 #endif /* !defined(CONFIG_USER_ONLY) */
2342
2343 /* physical memory access (slow version, mainly for debug) */
2344 #if defined(CONFIG_USER_ONLY)
2345 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2346 uint8_t *buf, int len, int is_write)
2347 {
2348 int l, flags;
2349 target_ulong page;
2350 void * p;
2351
2352 while (len > 0) {
2353 page = addr & TARGET_PAGE_MASK;
2354 l = (page + TARGET_PAGE_SIZE) - addr;
2355 if (l > len)
2356 l = len;
2357 flags = page_get_flags(page);
2358 if (!(flags & PAGE_VALID))
2359 return -1;
2360 if (is_write) {
2361 if (!(flags & PAGE_WRITE))
2362 return -1;
2363 /* XXX: this code should not depend on lock_user */
2364 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2365 return -1;
2366 memcpy(p, buf, l);
2367 unlock_user(p, addr, l);
2368 } else {
2369 if (!(flags & PAGE_READ))
2370 return -1;
2371 /* XXX: this code should not depend on lock_user */
2372 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2373 return -1;
2374 memcpy(buf, p, l);
2375 unlock_user(p, addr, 0);
2376 }
2377 len -= l;
2378 buf += l;
2379 addr += l;
2380 }
2381 return 0;
2382 }
2383
2384 #else
2385
2386 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2387 hwaddr length)
2388 {
2389 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2390 /* No early return if dirty_log_mask is or becomes 0, because
2391 * cpu_physical_memory_set_dirty_range will still call
2392 * xen_modified_memory.
2393 */
2394 if (dirty_log_mask) {
2395 dirty_log_mask =
2396 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2397 }
2398 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2399 tb_invalidate_phys_range(addr, addr + length);
2400 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2401 }
2402 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2403 }
2404
2405 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2406 {
2407 unsigned access_size_max = mr->ops->valid.max_access_size;
2408
2409 /* Regions are assumed to support 1-4 byte accesses unless
2410 otherwise specified. */
2411 if (access_size_max == 0) {
2412 access_size_max = 4;
2413 }
2414
2415 /* Bound the maximum access by the alignment of the address. */
2416 if (!mr->ops->impl.unaligned) {
2417 unsigned align_size_max = addr & -addr;
2418 if (align_size_max != 0 && align_size_max < access_size_max) {
2419 access_size_max = align_size_max;
2420 }
2421 }
2422
2423 /* Don't attempt accesses larger than the maximum. */
2424 if (l > access_size_max) {
2425 l = access_size_max;
2426 }
2427 l = pow2floor(l);
2428
2429 return l;
2430 }
2431
2432 static bool prepare_mmio_access(MemoryRegion *mr)
2433 {
2434 bool unlocked = !qemu_mutex_iothread_locked();
2435 bool release_lock = false;
2436
2437 if (unlocked && mr->global_locking) {
2438 qemu_mutex_lock_iothread();
2439 unlocked = false;
2440 release_lock = true;
2441 }
2442 if (mr->flush_coalesced_mmio) {
2443 if (unlocked) {
2444 qemu_mutex_lock_iothread();
2445 }
2446 qemu_flush_coalesced_mmio_buffer();
2447 if (unlocked) {
2448 qemu_mutex_unlock_iothread();
2449 }
2450 }
2451
2452 return release_lock;
2453 }
2454
2455 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2456 uint8_t *buf, int len, bool is_write)
2457 {
2458 hwaddr l;
2459 uint8_t *ptr;
2460 uint64_t val;
2461 hwaddr addr1;
2462 MemoryRegion *mr;
2463 MemTxResult result = MEMTX_OK;
2464 bool release_lock = false;
2465
2466 rcu_read_lock();
2467 while (len > 0) {
2468 l = len;
2469 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2470
2471 if (is_write) {
2472 if (!memory_access_is_direct(mr, is_write)) {
2473 release_lock |= prepare_mmio_access(mr);
2474 l = memory_access_size(mr, l, addr1);
2475 /* XXX: could force current_cpu to NULL to avoid
2476 potential bugs */
2477 switch (l) {
2478 case 8:
2479 /* 64 bit write access */
2480 val = ldq_p(buf);
2481 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2482 attrs);
2483 break;
2484 case 4:
2485 /* 32 bit write access */
2486 val = ldl_p(buf);
2487 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2488 attrs);
2489 break;
2490 case 2:
2491 /* 16 bit write access */
2492 val = lduw_p(buf);
2493 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2494 attrs);
2495 break;
2496 case 1:
2497 /* 8 bit write access */
2498 val = ldub_p(buf);
2499 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2500 attrs);
2501 break;
2502 default:
2503 abort();
2504 }
2505 } else {
2506 addr1 += memory_region_get_ram_addr(mr);
2507 /* RAM case */
2508 ptr = qemu_get_ram_ptr(addr1);
2509 memcpy(ptr, buf, l);
2510 invalidate_and_set_dirty(mr, addr1, l);
2511 }
2512 } else {
2513 if (!memory_access_is_direct(mr, is_write)) {
2514 /* I/O case */
2515 release_lock |= prepare_mmio_access(mr);
2516 l = memory_access_size(mr, l, addr1);
2517 switch (l) {
2518 case 8:
2519 /* 64 bit read access */
2520 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2521 attrs);
2522 stq_p(buf, val);
2523 break;
2524 case 4:
2525 /* 32 bit read access */
2526 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2527 attrs);
2528 stl_p(buf, val);
2529 break;
2530 case 2:
2531 /* 16 bit read access */
2532 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2533 attrs);
2534 stw_p(buf, val);
2535 break;
2536 case 1:
2537 /* 8 bit read access */
2538 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2539 attrs);
2540 stb_p(buf, val);
2541 break;
2542 default:
2543 abort();
2544 }
2545 } else {
2546 /* RAM case */
2547 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2548 memcpy(buf, ptr, l);
2549 }
2550 }
2551
2552 if (release_lock) {
2553 qemu_mutex_unlock_iothread();
2554 release_lock = false;
2555 }
2556
2557 len -= l;
2558 buf += l;
2559 addr += l;
2560 }
2561 rcu_read_unlock();
2562
2563 return result;
2564 }
2565
2566 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2567 const uint8_t *buf, int len)
2568 {
2569 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2570 }
2571
2572 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2573 uint8_t *buf, int len)
2574 {
2575 return address_space_rw(as, addr, attrs, buf, len, false);
2576 }
2577
2578
2579 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2580 int len, int is_write)
2581 {
2582 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2583 buf, len, is_write);
2584 }
2585
2586 enum write_rom_type {
2587 WRITE_DATA,
2588 FLUSH_CACHE,
2589 };
2590
2591 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2592 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2593 {
2594 hwaddr l;
2595 uint8_t *ptr;
2596 hwaddr addr1;
2597 MemoryRegion *mr;
2598
2599 rcu_read_lock();
2600 while (len > 0) {
2601 l = len;
2602 mr = address_space_translate(as, addr, &addr1, &l, true);
2603
2604 if (!(memory_region_is_ram(mr) ||
2605 memory_region_is_romd(mr))) {
2606 l = memory_access_size(mr, l, addr1);
2607 } else {
2608 addr1 += memory_region_get_ram_addr(mr);
2609 /* ROM/RAM case */
2610 ptr = qemu_get_ram_ptr(addr1);
2611 switch (type) {
2612 case WRITE_DATA:
2613 memcpy(ptr, buf, l);
2614 invalidate_and_set_dirty(mr, addr1, l);
2615 break;
2616 case FLUSH_CACHE:
2617 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2618 break;
2619 }
2620 }
2621 len -= l;
2622 buf += l;
2623 addr += l;
2624 }
2625 rcu_read_unlock();
2626 }
2627
2628 /* used for ROM loading : can write in RAM and ROM */
2629 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2630 const uint8_t *buf, int len)
2631 {
2632 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2633 }
2634
2635 void cpu_flush_icache_range(hwaddr start, int len)
2636 {
2637 /*
2638 * This function should do the same thing as an icache flush that was
2639 * triggered from within the guest. For TCG we are always cache coherent,
2640 * so there is no need to flush anything. For KVM / Xen we need to flush
2641 * the host's instruction cache at least.
2642 */
2643 if (tcg_enabled()) {
2644 return;
2645 }
2646
2647 cpu_physical_memory_write_rom_internal(&address_space_memory,
2648 start, NULL, len, FLUSH_CACHE);
2649 }
2650
2651 typedef struct {
2652 MemoryRegion *mr;
2653 void *buffer;
2654 hwaddr addr;
2655 hwaddr len;
2656 bool in_use;
2657 } BounceBuffer;
2658
2659 static BounceBuffer bounce;
2660
2661 typedef struct MapClient {
2662 QEMUBH *bh;
2663 QLIST_ENTRY(MapClient) link;
2664 } MapClient;
2665
2666 QemuMutex map_client_list_lock;
2667 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2668 = QLIST_HEAD_INITIALIZER(map_client_list);
2669
2670 static void cpu_unregister_map_client_do(MapClient *client)
2671 {
2672 QLIST_REMOVE(client, link);
2673 g_free(client);
2674 }
2675
2676 static void cpu_notify_map_clients_locked(void)
2677 {
2678 MapClient *client;
2679
2680 while (!QLIST_EMPTY(&map_client_list)) {
2681 client = QLIST_FIRST(&map_client_list);
2682 qemu_bh_schedule(client->bh);
2683 cpu_unregister_map_client_do(client);
2684 }
2685 }
2686
2687 void cpu_register_map_client(QEMUBH *bh)
2688 {
2689 MapClient *client = g_malloc(sizeof(*client));
2690
2691 qemu_mutex_lock(&map_client_list_lock);
2692 client->bh = bh;
2693 QLIST_INSERT_HEAD(&map_client_list, client, link);
2694 if (!atomic_read(&bounce.in_use)) {
2695 cpu_notify_map_clients_locked();
2696 }
2697 qemu_mutex_unlock(&map_client_list_lock);
2698 }
2699
2700 void cpu_exec_init_all(void)
2701 {
2702 qemu_mutex_init(&ram_list.mutex);
2703 memory_map_init();
2704 io_mem_init();
2705 qemu_mutex_init(&map_client_list_lock);
2706 }
2707
2708 void cpu_unregister_map_client(QEMUBH *bh)
2709 {
2710 MapClient *client;
2711
2712 qemu_mutex_lock(&map_client_list_lock);
2713 QLIST_FOREACH(client, &map_client_list, link) {
2714 if (client->bh == bh) {
2715 cpu_unregister_map_client_do(client);
2716 break;
2717 }
2718 }
2719 qemu_mutex_unlock(&map_client_list_lock);
2720 }
2721
2722 static void cpu_notify_map_clients(void)
2723 {
2724 qemu_mutex_lock(&map_client_list_lock);
2725 cpu_notify_map_clients_locked();
2726 qemu_mutex_unlock(&map_client_list_lock);
2727 }
2728
2729 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2730 {
2731 MemoryRegion *mr;
2732 hwaddr l, xlat;
2733
2734 rcu_read_lock();
2735 while (len > 0) {
2736 l = len;
2737 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2738 if (!memory_access_is_direct(mr, is_write)) {
2739 l = memory_access_size(mr, l, addr);
2740 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2741 return false;
2742 }
2743 }
2744
2745 len -= l;
2746 addr += l;
2747 }
2748 rcu_read_unlock();
2749 return true;
2750 }
2751
2752 /* Map a physical memory region into a host virtual address.
2753 * May map a subset of the requested range, given by and returned in *plen.
2754 * May return NULL if resources needed to perform the mapping are exhausted.
2755 * Use only for reads OR writes - not for read-modify-write operations.
2756 * Use cpu_register_map_client() to know when retrying the map operation is
2757 * likely to succeed.
2758 */
2759 void *address_space_map(AddressSpace *as,
2760 hwaddr addr,
2761 hwaddr *plen,
2762 bool is_write)
2763 {
2764 hwaddr len = *plen;
2765 hwaddr done = 0;
2766 hwaddr l, xlat, base;
2767 MemoryRegion *mr, *this_mr;
2768 ram_addr_t raddr;
2769
2770 if (len == 0) {
2771 return NULL;
2772 }
2773
2774 l = len;
2775 rcu_read_lock();
2776 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2777
2778 if (!memory_access_is_direct(mr, is_write)) {
2779 if (atomic_xchg(&bounce.in_use, true)) {
2780 rcu_read_unlock();
2781 return NULL;
2782 }
2783 /* Avoid unbounded allocations */
2784 l = MIN(l, TARGET_PAGE_SIZE);
2785 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2786 bounce.addr = addr;
2787 bounce.len = l;
2788
2789 memory_region_ref(mr);
2790 bounce.mr = mr;
2791 if (!is_write) {
2792 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2793 bounce.buffer, l);
2794 }
2795
2796 rcu_read_unlock();
2797 *plen = l;
2798 return bounce.buffer;
2799 }
2800
2801 base = xlat;
2802 raddr = memory_region_get_ram_addr(mr);
2803
2804 for (;;) {
2805 len -= l;
2806 addr += l;
2807 done += l;
2808 if (len == 0) {
2809 break;
2810 }
2811
2812 l = len;
2813 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2814 if (this_mr != mr || xlat != base + done) {
2815 break;
2816 }
2817 }
2818
2819 memory_region_ref(mr);
2820 rcu_read_unlock();
2821 *plen = done;
2822 return qemu_ram_ptr_length(raddr + base, plen);
2823 }
2824
2825 /* Unmaps a memory region previously mapped by address_space_map().
2826 * Will also mark the memory as dirty if is_write == 1. access_len gives
2827 * the amount of memory that was actually read or written by the caller.
2828 */
2829 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2830 int is_write, hwaddr access_len)
2831 {
2832 if (buffer != bounce.buffer) {
2833 MemoryRegion *mr;
2834 ram_addr_t addr1;
2835
2836 mr = qemu_ram_addr_from_host(buffer, &addr1);
2837 assert(mr != NULL);
2838 if (is_write) {
2839 invalidate_and_set_dirty(mr, addr1, access_len);
2840 }
2841 if (xen_enabled()) {
2842 xen_invalidate_map_cache_entry(buffer);
2843 }
2844 memory_region_unref(mr);
2845 return;
2846 }
2847 if (is_write) {
2848 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2849 bounce.buffer, access_len);
2850 }
2851 qemu_vfree(bounce.buffer);
2852 bounce.buffer = NULL;
2853 memory_region_unref(bounce.mr);
2854 atomic_mb_set(&bounce.in_use, false);
2855 cpu_notify_map_clients();
2856 }
2857
2858 void *cpu_physical_memory_map(hwaddr addr,
2859 hwaddr *plen,
2860 int is_write)
2861 {
2862 return address_space_map(&address_space_memory, addr, plen, is_write);
2863 }
2864
2865 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2866 int is_write, hwaddr access_len)
2867 {
2868 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2869 }
2870
2871 /* warning: addr must be aligned */
2872 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2873 MemTxAttrs attrs,
2874 MemTxResult *result,
2875 enum device_endian endian)
2876 {
2877 uint8_t *ptr;
2878 uint64_t val;
2879 MemoryRegion *mr;
2880 hwaddr l = 4;
2881 hwaddr addr1;
2882 MemTxResult r;
2883 bool release_lock = false;
2884
2885 rcu_read_lock();
2886 mr = address_space_translate(as, addr, &addr1, &l, false);
2887 if (l < 4 || !memory_access_is_direct(mr, false)) {
2888 release_lock |= prepare_mmio_access(mr);
2889
2890 /* I/O case */
2891 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2892 #if defined(TARGET_WORDS_BIGENDIAN)
2893 if (endian == DEVICE_LITTLE_ENDIAN) {
2894 val = bswap32(val);
2895 }
2896 #else
2897 if (endian == DEVICE_BIG_ENDIAN) {
2898 val = bswap32(val);
2899 }
2900 #endif
2901 } else {
2902 /* RAM case */
2903 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2904 & TARGET_PAGE_MASK)
2905 + addr1);
2906 switch (endian) {
2907 case DEVICE_LITTLE_ENDIAN:
2908 val = ldl_le_p(ptr);
2909 break;
2910 case DEVICE_BIG_ENDIAN:
2911 val = ldl_be_p(ptr);
2912 break;
2913 default:
2914 val = ldl_p(ptr);
2915 break;
2916 }
2917 r = MEMTX_OK;
2918 }
2919 if (result) {
2920 *result = r;
2921 }
2922 if (release_lock) {
2923 qemu_mutex_unlock_iothread();
2924 }
2925 rcu_read_unlock();
2926 return val;
2927 }
2928
2929 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2930 MemTxAttrs attrs, MemTxResult *result)
2931 {
2932 return address_space_ldl_internal(as, addr, attrs, result,
2933 DEVICE_NATIVE_ENDIAN);
2934 }
2935
2936 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2937 MemTxAttrs attrs, MemTxResult *result)
2938 {
2939 return address_space_ldl_internal(as, addr, attrs, result,
2940 DEVICE_LITTLE_ENDIAN);
2941 }
2942
2943 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2944 MemTxAttrs attrs, MemTxResult *result)
2945 {
2946 return address_space_ldl_internal(as, addr, attrs, result,
2947 DEVICE_BIG_ENDIAN);
2948 }
2949
2950 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2951 {
2952 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2953 }
2954
2955 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2956 {
2957 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2958 }
2959
2960 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2961 {
2962 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2963 }
2964
2965 /* warning: addr must be aligned */
2966 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2967 MemTxAttrs attrs,
2968 MemTxResult *result,
2969 enum device_endian endian)
2970 {
2971 uint8_t *ptr;
2972 uint64_t val;
2973 MemoryRegion *mr;
2974 hwaddr l = 8;
2975 hwaddr addr1;
2976 MemTxResult r;
2977 bool release_lock = false;
2978
2979 rcu_read_lock();
2980 mr = address_space_translate(as, addr, &addr1, &l,
2981 false);
2982 if (l < 8 || !memory_access_is_direct(mr, false)) {
2983 release_lock |= prepare_mmio_access(mr);
2984
2985 /* I/O case */
2986 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2987 #if defined(TARGET_WORDS_BIGENDIAN)
2988 if (endian == DEVICE_LITTLE_ENDIAN) {
2989 val = bswap64(val);
2990 }
2991 #else
2992 if (endian == DEVICE_BIG_ENDIAN) {
2993 val = bswap64(val);
2994 }
2995 #endif
2996 } else {
2997 /* RAM case */
2998 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2999 & TARGET_PAGE_MASK)
3000 + addr1);
3001 switch (endian) {
3002 case DEVICE_LITTLE_ENDIAN:
3003 val = ldq_le_p(ptr);
3004 break;
3005 case DEVICE_BIG_ENDIAN:
3006 val = ldq_be_p(ptr);
3007 break;
3008 default:
3009 val = ldq_p(ptr);
3010 break;
3011 }
3012 r = MEMTX_OK;
3013 }
3014 if (result) {
3015 *result = r;
3016 }
3017 if (release_lock) {
3018 qemu_mutex_unlock_iothread();
3019 }
3020 rcu_read_unlock();
3021 return val;
3022 }
3023
3024 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3025 MemTxAttrs attrs, MemTxResult *result)
3026 {
3027 return address_space_ldq_internal(as, addr, attrs, result,
3028 DEVICE_NATIVE_ENDIAN);
3029 }
3030
3031 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3032 MemTxAttrs attrs, MemTxResult *result)
3033 {
3034 return address_space_ldq_internal(as, addr, attrs, result,
3035 DEVICE_LITTLE_ENDIAN);
3036 }
3037
3038 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3039 MemTxAttrs attrs, MemTxResult *result)
3040 {
3041 return address_space_ldq_internal(as, addr, attrs, result,
3042 DEVICE_BIG_ENDIAN);
3043 }
3044
3045 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3046 {
3047 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3048 }
3049
3050 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3051 {
3052 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3053 }
3054
3055 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3056 {
3057 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3058 }
3059
3060 /* XXX: optimize */
3061 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3062 MemTxAttrs attrs, MemTxResult *result)
3063 {
3064 uint8_t val;
3065 MemTxResult r;
3066
3067 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3068 if (result) {
3069 *result = r;
3070 }
3071 return val;
3072 }
3073
3074 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3075 {
3076 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3077 }
3078
3079 /* warning: addr must be aligned */
3080 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3081 hwaddr addr,
3082 MemTxAttrs attrs,
3083 MemTxResult *result,
3084 enum device_endian endian)
3085 {
3086 uint8_t *ptr;
3087 uint64_t val;
3088 MemoryRegion *mr;
3089 hwaddr l = 2;
3090 hwaddr addr1;
3091 MemTxResult r;
3092 bool release_lock = false;
3093
3094 rcu_read_lock();
3095 mr = address_space_translate(as, addr, &addr1, &l,
3096 false);
3097 if (l < 2 || !memory_access_is_direct(mr, false)) {
3098 release_lock |= prepare_mmio_access(mr);
3099
3100 /* I/O case */
3101 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3102 #if defined(TARGET_WORDS_BIGENDIAN)
3103 if (endian == DEVICE_LITTLE_ENDIAN) {
3104 val = bswap16(val);
3105 }
3106 #else
3107 if (endian == DEVICE_BIG_ENDIAN) {
3108 val = bswap16(val);
3109 }
3110 #endif
3111 } else {
3112 /* RAM case */
3113 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3114 & TARGET_PAGE_MASK)
3115 + addr1);
3116 switch (endian) {
3117 case DEVICE_LITTLE_ENDIAN:
3118 val = lduw_le_p(ptr);
3119 break;
3120 case DEVICE_BIG_ENDIAN:
3121 val = lduw_be_p(ptr);
3122 break;
3123 default:
3124 val = lduw_p(ptr);
3125 break;
3126 }
3127 r = MEMTX_OK;
3128 }
3129 if (result) {
3130 *result = r;
3131 }
3132 if (release_lock) {
3133 qemu_mutex_unlock_iothread();
3134 }
3135 rcu_read_unlock();
3136 return val;
3137 }
3138
3139 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3140 MemTxAttrs attrs, MemTxResult *result)
3141 {
3142 return address_space_lduw_internal(as, addr, attrs, result,
3143 DEVICE_NATIVE_ENDIAN);
3144 }
3145
3146 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3147 MemTxAttrs attrs, MemTxResult *result)
3148 {
3149 return address_space_lduw_internal(as, addr, attrs, result,
3150 DEVICE_LITTLE_ENDIAN);
3151 }
3152
3153 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3154 MemTxAttrs attrs, MemTxResult *result)
3155 {
3156 return address_space_lduw_internal(as, addr, attrs, result,
3157 DEVICE_BIG_ENDIAN);
3158 }
3159
3160 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3161 {
3162 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3163 }
3164
3165 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3166 {
3167 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3168 }
3169
3170 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3171 {
3172 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3173 }
3174
3175 /* warning: addr must be aligned. The ram page is not masked as dirty
3176 and the code inside is not invalidated. It is useful if the dirty
3177 bits are used to track modified PTEs */
3178 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3179 MemTxAttrs attrs, MemTxResult *result)
3180 {
3181 uint8_t *ptr;
3182 MemoryRegion *mr;
3183 hwaddr l = 4;
3184 hwaddr addr1;
3185 MemTxResult r;
3186 uint8_t dirty_log_mask;
3187 bool release_lock = false;
3188
3189 rcu_read_lock();
3190 mr = address_space_translate(as, addr, &addr1, &l,
3191 true);
3192 if (l < 4 || !memory_access_is_direct(mr, true)) {
3193 release_lock |= prepare_mmio_access(mr);
3194
3195 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3196 } else {
3197 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3198 ptr = qemu_get_ram_ptr(addr1);
3199 stl_p(ptr, val);
3200
3201 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3202 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3203 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3204 r = MEMTX_OK;
3205 }
3206 if (result) {
3207 *result = r;
3208 }
3209 if (release_lock) {
3210 qemu_mutex_unlock_iothread();
3211 }
3212 rcu_read_unlock();
3213 }
3214
3215 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3216 {
3217 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3218 }
3219
3220 /* warning: addr must be aligned */
3221 static inline void address_space_stl_internal(AddressSpace *as,
3222 hwaddr addr, uint32_t val,
3223 MemTxAttrs attrs,
3224 MemTxResult *result,
3225 enum device_endian endian)
3226 {
3227 uint8_t *ptr;
3228 MemoryRegion *mr;
3229 hwaddr l = 4;
3230 hwaddr addr1;
3231 MemTxResult r;
3232 bool release_lock = false;
3233
3234 rcu_read_lock();
3235 mr = address_space_translate(as, addr, &addr1, &l,
3236 true);
3237 if (l < 4 || !memory_access_is_direct(mr, true)) {
3238 release_lock |= prepare_mmio_access(mr);
3239
3240 #if defined(TARGET_WORDS_BIGENDIAN)
3241 if (endian == DEVICE_LITTLE_ENDIAN) {
3242 val = bswap32(val);
3243 }
3244 #else
3245 if (endian == DEVICE_BIG_ENDIAN) {
3246 val = bswap32(val);
3247 }
3248 #endif
3249 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3250 } else {
3251 /* RAM case */
3252 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3253 ptr = qemu_get_ram_ptr(addr1);
3254 switch (endian) {
3255 case DEVICE_LITTLE_ENDIAN:
3256 stl_le_p(ptr, val);
3257 break;
3258 case DEVICE_BIG_ENDIAN:
3259 stl_be_p(ptr, val);
3260 break;
3261 default:
3262 stl_p(ptr, val);
3263 break;
3264 }
3265 invalidate_and_set_dirty(mr, addr1, 4);
3266 r = MEMTX_OK;
3267 }
3268 if (result) {
3269 *result = r;
3270 }
3271 if (release_lock) {
3272 qemu_mutex_unlock_iothread();
3273 }
3274 rcu_read_unlock();
3275 }
3276
3277 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3278 MemTxAttrs attrs, MemTxResult *result)
3279 {
3280 address_space_stl_internal(as, addr, val, attrs, result,
3281 DEVICE_NATIVE_ENDIAN);
3282 }
3283
3284 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3285 MemTxAttrs attrs, MemTxResult *result)
3286 {
3287 address_space_stl_internal(as, addr, val, attrs, result,
3288 DEVICE_LITTLE_ENDIAN);
3289 }
3290
3291 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3292 MemTxAttrs attrs, MemTxResult *result)
3293 {
3294 address_space_stl_internal(as, addr, val, attrs, result,
3295 DEVICE_BIG_ENDIAN);
3296 }
3297
3298 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3299 {
3300 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3301 }
3302
3303 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3304 {
3305 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3306 }
3307
3308 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3309 {
3310 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3311 }
3312
3313 /* XXX: optimize */
3314 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3315 MemTxAttrs attrs, MemTxResult *result)
3316 {
3317 uint8_t v = val;
3318 MemTxResult r;
3319
3320 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3321 if (result) {
3322 *result = r;
3323 }
3324 }
3325
3326 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3327 {
3328 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3329 }
3330
3331 /* warning: addr must be aligned */
3332 static inline void address_space_stw_internal(AddressSpace *as,
3333 hwaddr addr, uint32_t val,
3334 MemTxAttrs attrs,
3335 MemTxResult *result,
3336 enum device_endian endian)
3337 {
3338 uint8_t *ptr;
3339 MemoryRegion *mr;
3340 hwaddr l = 2;
3341 hwaddr addr1;
3342 MemTxResult r;
3343 bool release_lock = false;
3344
3345 rcu_read_lock();
3346 mr = address_space_translate(as, addr, &addr1, &l, true);
3347 if (l < 2 || !memory_access_is_direct(mr, true)) {
3348 release_lock |= prepare_mmio_access(mr);
3349
3350 #if defined(TARGET_WORDS_BIGENDIAN)
3351 if (endian == DEVICE_LITTLE_ENDIAN) {
3352 val = bswap16(val);
3353 }
3354 #else
3355 if (endian == DEVICE_BIG_ENDIAN) {
3356 val = bswap16(val);
3357 }
3358 #endif
3359 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3360 } else {
3361 /* RAM case */
3362 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3363 ptr = qemu_get_ram_ptr(addr1);
3364 switch (endian) {
3365 case DEVICE_LITTLE_ENDIAN:
3366 stw_le_p(ptr, val);
3367 break;
3368 case DEVICE_BIG_ENDIAN:
3369 stw_be_p(ptr, val);
3370 break;
3371 default:
3372 stw_p(ptr, val);
3373 break;
3374 }
3375 invalidate_and_set_dirty(mr, addr1, 2);
3376 r = MEMTX_OK;
3377 }
3378 if (result) {
3379 *result = r;
3380 }
3381 if (release_lock) {
3382 qemu_mutex_unlock_iothread();
3383 }
3384 rcu_read_unlock();
3385 }
3386
3387 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3388 MemTxAttrs attrs, MemTxResult *result)
3389 {
3390 address_space_stw_internal(as, addr, val, attrs, result,
3391 DEVICE_NATIVE_ENDIAN);
3392 }
3393
3394 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3395 MemTxAttrs attrs, MemTxResult *result)
3396 {
3397 address_space_stw_internal(as, addr, val, attrs, result,
3398 DEVICE_LITTLE_ENDIAN);
3399 }
3400
3401 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3402 MemTxAttrs attrs, MemTxResult *result)
3403 {
3404 address_space_stw_internal(as, addr, val, attrs, result,
3405 DEVICE_BIG_ENDIAN);
3406 }
3407
3408 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3409 {
3410 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3411 }
3412
3413 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3414 {
3415 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3416 }
3417
3418 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3419 {
3420 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3421 }
3422
3423 /* XXX: optimize */
3424 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3425 MemTxAttrs attrs, MemTxResult *result)
3426 {
3427 MemTxResult r;
3428 val = tswap64(val);
3429 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3430 if (result) {
3431 *result = r;
3432 }
3433 }
3434
3435 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3436 MemTxAttrs attrs, MemTxResult *result)
3437 {
3438 MemTxResult r;
3439 val = cpu_to_le64(val);
3440 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3441 if (result) {
3442 *result = r;
3443 }
3444 }
3445 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3446 MemTxAttrs attrs, MemTxResult *result)
3447 {
3448 MemTxResult r;
3449 val = cpu_to_be64(val);
3450 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3451 if (result) {
3452 *result = r;
3453 }
3454 }
3455
3456 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3457 {
3458 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3459 }
3460
3461 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3462 {
3463 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3464 }
3465
3466 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3467 {
3468 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3469 }
3470
3471 /* virtual memory access for debug (includes writing to ROM) */
3472 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3473 uint8_t *buf, int len, int is_write)
3474 {
3475 int l;
3476 hwaddr phys_addr;
3477 target_ulong page;
3478
3479 while (len > 0) {
3480 page = addr & TARGET_PAGE_MASK;
3481 phys_addr = cpu_get_phys_page_debug(cpu, page);
3482 /* if no physical page mapped, return an error */
3483 if (phys_addr == -1)
3484 return -1;
3485 l = (page + TARGET_PAGE_SIZE) - addr;
3486 if (l > len)
3487 l = len;
3488 phys_addr += (addr & ~TARGET_PAGE_MASK);
3489 if (is_write) {
3490 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3491 } else {
3492 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3493 buf, l, 0);
3494 }
3495 len -= l;
3496 buf += l;
3497 addr += l;
3498 }
3499 return 0;
3500 }
3501 #endif
3502
3503 /*
3504 * A helper function for the _utterly broken_ virtio device model to find out if
3505 * it's running on a big endian machine. Don't do this at home kids!
3506 */
3507 bool target_words_bigendian(void);
3508 bool target_words_bigendian(void)
3509 {
3510 #if defined(TARGET_WORDS_BIGENDIAN)
3511 return true;
3512 #else
3513 return false;
3514 #endif
3515 }
3516
3517 #ifndef CONFIG_USER_ONLY
3518 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3519 {
3520 MemoryRegion*mr;
3521 hwaddr l = 1;
3522 bool res;
3523
3524 rcu_read_lock();
3525 mr = address_space_translate(&address_space_memory,
3526 phys_addr, &phys_addr, &l, false);
3527
3528 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3529 rcu_read_unlock();
3530 return res;
3531 }
3532
3533 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3534 {
3535 RAMBlock *block;
3536 int ret = 0;
3537
3538 rcu_read_lock();
3539 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3540 ret = func(block->idstr, block->host, block->offset,
3541 block->used_length, opaque);
3542 if (ret) {
3543 break;
3544 }
3545 }
3546 rcu_read_unlock();
3547 return ret;
3548 }
3549 #endif
AR7 emulation for QEMU