search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
target-arm/arm-powerctl: wake up sleeping CPUs
[qemu/ar7.git] / exec.c
blobab3062936701479cb1c1435b93889aa9e33a330e
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #ifndef _WIN32
22 #endif
23
24 #include "qemu/cutils.h"
25 #include "cpu.h"
26 #include "exec/exec-all.h"
27 #include "tcg.h"
28 #include "hw/qdev-core.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #include "hw/xen/xen.h"
32 #endif
33 #include "sysemu/kvm.h"
34 #include "sysemu/sysemu.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "qemu/error-report.h"
38 #if defined(CONFIG_USER_ONLY)
39 #include "qemu.h"
40 #else /* !CONFIG_USER_ONLY */
41 #include "hw/hw.h"
42 #include "exec/memory.h"
43 #include "exec/ioport.h"
44 #include "sysemu/dma.h"
45 #include "exec/address-spaces.h"
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53 #include "sysemu/replay.h"
54
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
57 #include "exec/log.h"
58
59 #include "migration/vmstate.h"
60
61 #include "qemu/range.h"
62 #ifndef _WIN32
63 #include "qemu/mmap-alloc.h"
64 #endif
65
66 //#define DEBUG_SUBPAGE
67
68 #if !defined(CONFIG_USER_ONLY)
69 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
70 * are protected by the ramlist lock.
71 */
72 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
73
74 static MemoryRegion *system_memory;
75 static MemoryRegion *system_io;
76
77 AddressSpace address_space_io;
78 AddressSpace address_space_memory;
79
80 MemoryRegion io_mem_rom, io_mem_notdirty;
81 static MemoryRegion io_mem_unassigned;
82
83 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
84 #define RAM_PREALLOC (1 << 0)
85
86 /* RAM is mmap-ed with MAP_SHARED */
87 #define RAM_SHARED (1 << 1)
88
89 /* Only a portion of RAM (used_length) is actually used, and migrated.
90 * This used_length size can change across reboots.
91 */
92 #define RAM_RESIZEABLE (1 << 2)
93
94 #endif
95
96 #ifdef TARGET_PAGE_BITS_VARY
97 int target_page_bits;
98 bool target_page_bits_decided;
99 #endif
100
101 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
102 /* current CPU in the current thread. It is only valid inside
103 cpu_exec() */
104 __thread CPUState *current_cpu;
105 /* 0 = Do not count executed instructions.
106 1 = Precise instruction counting.
107 2 = Adaptive rate instruction counting. */
108 int use_icount;
109
110 bool set_preferred_target_page_bits(int bits)
111 {
112 /* The target page size is the lowest common denominator for all
113 * the CPUs in the system, so we can only make it smaller, never
114 * larger. And we can't make it smaller once we've committed to
115 * a particular size.
116 */
117 #ifdef TARGET_PAGE_BITS_VARY
118 assert(bits >= TARGET_PAGE_BITS_MIN);
119 if (target_page_bits == 0 || target_page_bits > bits) {
120 if (target_page_bits_decided) {
121 return false;
122 }
123 target_page_bits = bits;
124 }
125 #endif
126 return true;
127 }
128
129 #if !defined(CONFIG_USER_ONLY)
130
131 static void finalize_target_page_bits(void)
132 {
133 #ifdef TARGET_PAGE_BITS_VARY
134 if (target_page_bits == 0) {
135 target_page_bits = TARGET_PAGE_BITS_MIN;
136 }
137 target_page_bits_decided = true;
138 #endif
139 }
140
141 typedef struct PhysPageEntry PhysPageEntry;
142
143 struct PhysPageEntry {
144 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
145 uint32_t skip : 6;
146 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
147 uint32_t ptr : 26;
148 };
149
150 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
151
152 /* Size of the L2 (and L3, etc) page tables. */
153 #define ADDR_SPACE_BITS 64
154
155 #define P_L2_BITS 9
156 #define P_L2_SIZE (1 << P_L2_BITS)
157
158 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
159
160 typedef PhysPageEntry Node[P_L2_SIZE];
161
162 typedef struct PhysPageMap {
163 struct rcu_head rcu;
164
165 unsigned sections_nb;
166 unsigned sections_nb_alloc;
167 unsigned nodes_nb;
168 unsigned nodes_nb_alloc;
169 Node *nodes;
170 MemoryRegionSection *sections;
171 } PhysPageMap;
172
173 struct AddressSpaceDispatch {
174 struct rcu_head rcu;
175
176 MemoryRegionSection *mru_section;
177 /* This is a multi-level map on the physical address space.
178 * The bottom level has pointers to MemoryRegionSections.
179 */
180 PhysPageEntry phys_map;
181 PhysPageMap map;
182 AddressSpace *as;
183 };
184
185 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
186 typedef struct subpage_t {
187 MemoryRegion iomem;
188 AddressSpace *as;
189 hwaddr base;
190 uint16_t sub_section[];
191 } subpage_t;
192
193 #define PHYS_SECTION_UNASSIGNED 0
194 #define PHYS_SECTION_NOTDIRTY 1
195 #define PHYS_SECTION_ROM 2
196 #define PHYS_SECTION_WATCH 3
197
198 static void io_mem_init(void);
199 static void memory_map_init(void);
200 static void tcg_commit(MemoryListener *listener);
201
202 static MemoryRegion io_mem_watch;
203
204 /**
205 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
206 * @cpu: the CPU whose AddressSpace this is
207 * @as: the AddressSpace itself
208 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
209 * @tcg_as_listener: listener for tracking changes to the AddressSpace
210 */
211 struct CPUAddressSpace {
212 CPUState *cpu;
213 AddressSpace *as;
214 struct AddressSpaceDispatch *memory_dispatch;
215 MemoryListener tcg_as_listener;
216 };
217
218 #endif
219
220 #if !defined(CONFIG_USER_ONLY)
221
222 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
223 {
224 static unsigned alloc_hint = 16;
225 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
226 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, alloc_hint);
227 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
228 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
229 alloc_hint = map->nodes_nb_alloc;
230 }
231 }
232
233 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
234 {
235 unsigned i;
236 uint32_t ret;
237 PhysPageEntry e;
238 PhysPageEntry *p;
239
240 ret = map->nodes_nb++;
241 p = map->nodes[ret];
242 assert(ret != PHYS_MAP_NODE_NIL);
243 assert(ret != map->nodes_nb_alloc);
244
245 e.skip = leaf ? 0 : 1;
246 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
247 for (i = 0; i < P_L2_SIZE; ++i) {
248 memcpy(&p[i], &e, sizeof(e));
249 }
250 return ret;
251 }
252
253 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
254 hwaddr *index, hwaddr *nb, uint16_t leaf,
255 int level)
256 {
257 PhysPageEntry *p;
258 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
259
260 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
261 lp->ptr = phys_map_node_alloc(map, level == 0);
262 }
263 p = map->nodes[lp->ptr];
264 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
265
266 while (*nb && lp < &p[P_L2_SIZE]) {
267 if ((*index & (step - 1)) == 0 && *nb >= step) {
268 lp->skip = 0;
269 lp->ptr = leaf;
270 *index += step;
271 *nb -= step;
272 } else {
273 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
274 }
275 ++lp;
276 }
277 }
278
279 static void phys_page_set(AddressSpaceDispatch *d,
280 hwaddr index, hwaddr nb,
281 uint16_t leaf)
282 {
283 /* Wildly overreserve - it doesn't matter much. */
284 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
285
286 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
287 }
288
289 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
290 * and update our entry so we can skip it and go directly to the destination.
291 */
292 static void phys_page_compact(PhysPageEntry *lp, Node *nodes)
293 {
294 unsigned valid_ptr = P_L2_SIZE;
295 int valid = 0;
296 PhysPageEntry *p;
297 int i;
298
299 if (lp->ptr == PHYS_MAP_NODE_NIL) {
300 return;
301 }
302
303 p = nodes[lp->ptr];
304 for (i = 0; i < P_L2_SIZE; i++) {
305 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
306 continue;
307 }
308
309 valid_ptr = i;
310 valid++;
311 if (p[i].skip) {
312 phys_page_compact(&p[i], nodes);
313 }
314 }
315
316 /* We can only compress if there's only one child. */
317 if (valid != 1) {
318 return;
319 }
320
321 assert(valid_ptr < P_L2_SIZE);
322
323 /* Don't compress if it won't fit in the # of bits we have. */
324 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
325 return;
326 }
327
328 lp->ptr = p[valid_ptr].ptr;
329 if (!p[valid_ptr].skip) {
330 /* If our only child is a leaf, make this a leaf. */
331 /* By design, we should have made this node a leaf to begin with so we
332 * should never reach here.
333 * But since it's so simple to handle this, let's do it just in case we
334 * change this rule.
335 */
336 lp->skip = 0;
337 } else {
338 lp->skip += p[valid_ptr].skip;
339 }
340 }
341
342 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
343 {
344 if (d->phys_map.skip) {
345 phys_page_compact(&d->phys_map, d->map.nodes);
346 }
347 }
348
349 static inline bool section_covers_addr(const MemoryRegionSection *section,
350 hwaddr addr)
351 {
352 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
353 * the section must cover the entire address space.
354 */
355 return int128_gethi(section->size) ||
356 range_covers_byte(section->offset_within_address_space,
357 int128_getlo(section->size), addr);
358 }
359
360 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
361 Node *nodes, MemoryRegionSection *sections)
362 {
363 PhysPageEntry *p;
364 hwaddr index = addr >> TARGET_PAGE_BITS;
365 int i;
366
367 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
368 if (lp.ptr == PHYS_MAP_NODE_NIL) {
369 return &sections[PHYS_SECTION_UNASSIGNED];
370 }
371 p = nodes[lp.ptr];
372 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
373 }
374
375 if (section_covers_addr(&sections[lp.ptr], addr)) {
376 return &sections[lp.ptr];
377 } else {
378 return &sections[PHYS_SECTION_UNASSIGNED];
379 }
380 }
381
382 bool memory_region_is_unassigned(MemoryRegion *mr)
383 {
384 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
385 && mr != &io_mem_watch;
386 }
387
388 /* Called from RCU critical section */
389 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
390 hwaddr addr,
391 bool resolve_subpage)
392 {
393 MemoryRegionSection *section = atomic_read(&d->mru_section);
394 subpage_t *subpage;
395 bool update;
396
397 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
398 section_covers_addr(section, addr)) {
399 update = false;
400 } else {
401 section = phys_page_find(d->phys_map, addr, d->map.nodes,
402 d->map.sections);
403 update = true;
404 }
405 if (resolve_subpage && section->mr->subpage) {
406 subpage = container_of(section->mr, subpage_t, iomem);
407 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
408 }
409 if (update) {
410 atomic_set(&d->mru_section, section);
411 }
412 return section;
413 }
414
415 /* Called from RCU critical section */
416 static MemoryRegionSection *
417 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
418 hwaddr *plen, bool resolve_subpage)
419 {
420 MemoryRegionSection *section;
421 MemoryRegion *mr;
422 Int128 diff;
423
424 section = address_space_lookup_region(d, addr, resolve_subpage);
425 /* Compute offset within MemoryRegionSection */
426 addr -= section->offset_within_address_space;
427
428 /* Compute offset within MemoryRegion */
429 *xlat = addr + section->offset_within_region;
430
431 mr = section->mr;
432
433 /* MMIO registers can be expected to perform full-width accesses based only
434 * on their address, without considering adjacent registers that could
435 * decode to completely different MemoryRegions. When such registers
436 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
437 * regions overlap wildly. For this reason we cannot clamp the accesses
438 * here.
439 *
440 * If the length is small (as is the case for address_space_ldl/stl),
441 * everything works fine. If the incoming length is large, however,
442 * the caller really has to do the clamping through memory_access_size.
443 */
444 if (memory_region_is_ram(mr)) {
445 diff = int128_sub(section->size, int128_make64(addr));
446 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
447 }
448 return section;
449 }
450
451 /* Called from RCU critical section */
452 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
453 hwaddr *xlat, hwaddr *plen,
454 bool is_write)
455 {
456 IOMMUTLBEntry iotlb;
457 MemoryRegionSection *section;
458 MemoryRegion *mr;
459
460 for (;;) {
461 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
462 section = address_space_translate_internal(d, addr, &addr, plen, true);
463 mr = section->mr;
464
465 if (!mr->iommu_ops) {
466 break;
467 }
468
469 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
470 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
471 | (addr & iotlb.addr_mask));
472 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
473 if (!(iotlb.perm & (1 << is_write))) {
474 mr = &io_mem_unassigned;
475 break;
476 }
477
478 as = iotlb.target_as;
479 }
480
481 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
482 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
483 *plen = MIN(page, *plen);
484 }
485
486 *xlat = addr;
487 return mr;
488 }
489
490 /* Called from RCU critical section */
491 MemoryRegionSection *
492 address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
493 hwaddr *xlat, hwaddr *plen)
494 {
495 MemoryRegionSection *section;
496 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
497
498 section = address_space_translate_internal(d, addr, xlat, plen, false);
499
500 assert(!section->mr->iommu_ops);
501 return section;
502 }
503 #endif
504
505 #if !defined(CONFIG_USER_ONLY)
506
507 static int cpu_common_post_load(void *opaque, int version_id)
508 {
509 CPUState *cpu = opaque;
510
511 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
512 version_id is increased. */
513 cpu->interrupt_request &= ~0x01;
514 tlb_flush(cpu, 1);
515
516 return 0;
517 }
518
519 static int cpu_common_pre_load(void *opaque)
520 {
521 CPUState *cpu = opaque;
522
523 cpu->exception_index = -1;
524
525 return 0;
526 }
527
528 static bool cpu_common_exception_index_needed(void *opaque)
529 {
530 CPUState *cpu = opaque;
531
532 return tcg_enabled() && cpu->exception_index != -1;
533 }
534
535 static const VMStateDescription vmstate_cpu_common_exception_index = {
536 .name = "cpu_common/exception_index",
537 .version_id = 1,
538 .minimum_version_id = 1,
539 .needed = cpu_common_exception_index_needed,
540 .fields = (VMStateField[]) {
541 VMSTATE_INT32(exception_index, CPUState),
542 VMSTATE_END_OF_LIST()
543 }
544 };
545
546 static bool cpu_common_crash_occurred_needed(void *opaque)
547 {
548 CPUState *cpu = opaque;
549
550 return cpu->crash_occurred;
551 }
552
553 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
554 .name = "cpu_common/crash_occurred",
555 .version_id = 1,
556 .minimum_version_id = 1,
557 .needed = cpu_common_crash_occurred_needed,
558 .fields = (VMStateField[]) {
559 VMSTATE_BOOL(crash_occurred, CPUState),
560 VMSTATE_END_OF_LIST()
561 }
562 };
563
564 const VMStateDescription vmstate_cpu_common = {
565 .name = "cpu_common",
566 .version_id = 1,
567 .minimum_version_id = 1,
568 .pre_load = cpu_common_pre_load,
569 .post_load = cpu_common_post_load,
570 .fields = (VMStateField[]) {
571 VMSTATE_UINT32(halted, CPUState),
572 VMSTATE_UINT32(interrupt_request, CPUState),
573 VMSTATE_END_OF_LIST()
574 },
575 .subsections = (const VMStateDescription*[]) {
576 &vmstate_cpu_common_exception_index,
577 &vmstate_cpu_common_crash_occurred,
578 NULL
579 }
580 };
581
582 #endif
583
584 CPUState *qemu_get_cpu(int index)
585 {
586 CPUState *cpu;
587
588 CPU_FOREACH(cpu) {
589 if (cpu->cpu_index == index) {
590 return cpu;
591 }
592 }
593
594 return NULL;
595 }
596
597 #if !defined(CONFIG_USER_ONLY)
598 void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
599 {
600 CPUAddressSpace *newas;
601
602 /* Target code should have set num_ases before calling us */
603 assert(asidx < cpu->num_ases);
604
605 if (asidx == 0) {
606 /* address space 0 gets the convenience alias */
607 cpu->as = as;
608 }
609
610 /* KVM cannot currently support multiple address spaces. */
611 assert(asidx == 0 || !kvm_enabled());
612
613 if (!cpu->cpu_ases) {
614 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
615 }
616
617 newas = &cpu->cpu_ases[asidx];
618 newas->cpu = cpu;
619 newas->as = as;
620 if (tcg_enabled()) {
621 newas->tcg_as_listener.commit = tcg_commit;
622 memory_listener_register(&newas->tcg_as_listener, as);
623 }
624 }
625
626 AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
627 {
628 /* Return the AddressSpace corresponding to the specified index */
629 return cpu->cpu_ases[asidx].as;
630 }
631 #endif
632
633 void cpu_exec_unrealizefn(CPUState *cpu)
634 {
635 CPUClass *cc = CPU_GET_CLASS(cpu);
636
637 cpu_list_remove(cpu);
638
639 if (cc->vmsd != NULL) {
640 vmstate_unregister(NULL, cc->vmsd, cpu);
641 }
642 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
643 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
644 }
645 }
646
647 void cpu_exec_initfn(CPUState *cpu)
648 {
649 cpu->as = NULL;
650 cpu->num_ases = 0;
651
652 #ifndef CONFIG_USER_ONLY
653 cpu->thread_id = qemu_get_thread_id();
654
655 /* This is a softmmu CPU object, so create a property for it
656 * so users can wire up its memory. (This can't go in qom/cpu.c
657 * because that file is compiled only once for both user-mode
658 * and system builds.) The default if no link is set up is to use
659 * the system address space.
660 */
661 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
662 (Object **)&cpu->memory,
663 qdev_prop_allow_set_link_before_realize,
664 OBJ_PROP_LINK_UNREF_ON_RELEASE,
665 &error_abort);
666 cpu->memory = system_memory;
667 object_ref(OBJECT(cpu->memory));
668 #endif
669 }
670
671 void cpu_exec_realizefn(CPUState *cpu, Error **errp)
672 {
673 CPUClass *cc ATTRIBUTE_UNUSED = CPU_GET_CLASS(cpu);
674
675 cpu_list_add(cpu);
676
677 #ifndef CONFIG_USER_ONLY
678 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
679 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
680 }
681 if (cc->vmsd != NULL) {
682 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
683 }
684 #endif
685 }
686
687 #if defined(CONFIG_USER_ONLY)
688 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
689 {
690 tb_invalidate_phys_page_range(pc, pc + 1, 0);
691 }
692 #else
693 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
694 {
695 MemTxAttrs attrs;
696 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
697 int asidx = cpu_asidx_from_attrs(cpu, attrs);
698 if (phys != -1) {
699 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
700 phys | (pc & ~TARGET_PAGE_MASK));
701 }
702 }
703 #endif
704
705 #if defined(CONFIG_USER_ONLY)
706 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
707
708 {
709 }
710
711 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
712 int flags)
713 {
714 return -ENOSYS;
715 }
716
717 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
718 {
719 }
720
721 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
722 int flags, CPUWatchpoint **watchpoint)
723 {
724 return -ENOSYS;
725 }
726 #else
727 /* Add a watchpoint. */
728 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
729 int flags, CPUWatchpoint **watchpoint)
730 {
731 CPUWatchpoint *wp;
732
733 /* forbid ranges which are empty or run off the end of the address space */
734 if (len == 0 || (addr + len - 1) < addr) {
735 error_report("tried to set invalid watchpoint at %"
736 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
737 return -EINVAL;
738 }
739 wp = g_malloc(sizeof(*wp));
740
741 wp->vaddr = addr;
742 wp->len = len;
743 wp->flags = flags;
744
745 /* keep all GDB-injected watchpoints in front */
746 if (flags & BP_GDB) {
747 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
748 } else {
749 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
750 }
751
752 tlb_flush_page(cpu, addr);
753
754 if (watchpoint)
755 *watchpoint = wp;
756 return 0;
757 }
758
759 /* Remove a specific watchpoint. */
760 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
761 int flags)
762 {
763 CPUWatchpoint *wp;
764
765 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
766 if (addr == wp->vaddr && len == wp->len
767 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
768 cpu_watchpoint_remove_by_ref(cpu, wp);
769 return 0;
770 }
771 }
772 return -ENOENT;
773 }
774
775 /* Remove a specific watchpoint by reference. */
776 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
777 {
778 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
779
780 tlb_flush_page(cpu, watchpoint->vaddr);
781
782 g_free(watchpoint);
783 }
784
785 /* Remove all matching watchpoints. */
786 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
787 {
788 CPUWatchpoint *wp, *next;
789
790 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
791 if (wp->flags & mask) {
792 cpu_watchpoint_remove_by_ref(cpu, wp);
793 }
794 }
795 }
796
797 /* Return true if this watchpoint address matches the specified
798 * access (ie the address range covered by the watchpoint overlaps
799 * partially or completely with the address range covered by the
800 * access).
801 */
802 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
803 vaddr addr,
804 vaddr len)
805 {
806 /* We know the lengths are non-zero, but a little caution is
807 * required to avoid errors in the case where the range ends
808 * exactly at the top of the address space and so addr + len
809 * wraps round to zero.
810 */
811 vaddr wpend = wp->vaddr + wp->len - 1;
812 vaddr addrend = addr + len - 1;
813
814 return !(addr > wpend || wp->vaddr > addrend);
815 }
816
817 #endif
818
819 /* Add a breakpoint. */
820 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
821 CPUBreakpoint **breakpoint)
822 {
823 CPUBreakpoint *bp;
824
825 bp = g_malloc(sizeof(*bp));
826
827 bp->pc = pc;
828 bp->flags = flags;
829
830 /* keep all GDB-injected breakpoints in front */
831 if (flags & BP_GDB) {
832 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
833 } else {
834 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
835 }
836
837 breakpoint_invalidate(cpu, pc);
838
839 if (breakpoint) {
840 *breakpoint = bp;
841 }
842 return 0;
843 }
844
845 /* Remove a specific breakpoint. */
846 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
847 {
848 CPUBreakpoint *bp;
849
850 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
851 if (bp->pc == pc && bp->flags == flags) {
852 cpu_breakpoint_remove_by_ref(cpu, bp);
853 return 0;
854 }
855 }
856 return -ENOENT;
857 }
858
859 /* Remove a specific breakpoint by reference. */
860 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
861 {
862 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
863
864 breakpoint_invalidate(cpu, breakpoint->pc);
865
866 g_free(breakpoint);
867 }
868
869 /* Remove all matching breakpoints. */
870 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
871 {
872 CPUBreakpoint *bp, *next;
873
874 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
875 if (bp->flags & mask) {
876 cpu_breakpoint_remove_by_ref(cpu, bp);
877 }
878 }
879 }
880
881 /* enable or disable single step mode. EXCP_DEBUG is returned by the
882 CPU loop after each instruction */
883 void cpu_single_step(CPUState *cpu, int enabled)
884 {
885 if (cpu->singlestep_enabled != enabled) {
886 cpu->singlestep_enabled = enabled;
887 if (kvm_enabled()) {
888 kvm_update_guest_debug(cpu, 0);
889 } else {
890 /* must flush all the translated code to avoid inconsistencies */
891 /* XXX: only flush what is necessary */
892 tb_flush(cpu);
893 }
894 }
895 }
896
897 void cpu_abort(CPUState *cpu, const char *fmt, ...)
898 {
899 va_list ap;
900 va_list ap2;
901
902 va_start(ap, fmt);
903 va_copy(ap2, ap);
904 fprintf(stderr, "qemu: fatal: ");
905 vfprintf(stderr, fmt, ap);
906 fprintf(stderr, "\n");
907 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
908 if (qemu_log_separate()) {
909 qemu_log("qemu: fatal: ");
910 qemu_log_vprintf(fmt, ap2);
911 qemu_log("\n");
912 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
913 qemu_log_flush();
914 qemu_log_close();
915 }
916 va_end(ap2);
917 va_end(ap);
918 replay_finish();
919 #if defined(CONFIG_USER_ONLY)
920 {
921 struct sigaction act;
922 sigfillset(&act.sa_mask);
923 act.sa_handler = SIG_DFL;
924 sigaction(SIGABRT, &act, NULL);
925 }
926 #endif
927 abort();
928 }
929
930 #if !defined(CONFIG_USER_ONLY)
931 /* Called from RCU critical section */
932 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
933 {
934 RAMBlock *block;
935
936 block = atomic_rcu_read(&ram_list.mru_block);
937 if (block && addr - block->offset < block->max_length) {
938 return block;
939 }
940 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
941 if (addr - block->offset < block->max_length) {
942 goto found;
943 }
944 }
945
946 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
947 abort();
948
949 found:
950 /* It is safe to write mru_block outside the iothread lock. This
951 * is what happens:
952 *
953 * mru_block = xxx
954 * rcu_read_unlock()
955 * xxx removed from list
956 * rcu_read_lock()
957 * read mru_block
958 * mru_block = NULL;
959 * call_rcu(reclaim_ramblock, xxx);
960 * rcu_read_unlock()
961 *
962 * atomic_rcu_set is not needed here. The block was already published
963 * when it was placed into the list. Here we're just making an extra
964 * copy of the pointer.
965 */
966 ram_list.mru_block = block;
967 return block;
968 }
969
970 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
971 {
972 CPUState *cpu;
973 ram_addr_t start1;
974 RAMBlock *block;
975 ram_addr_t end;
976
977 end = TARGET_PAGE_ALIGN(start + length);
978 start &= TARGET_PAGE_MASK;
979
980 rcu_read_lock();
981 block = qemu_get_ram_block(start);
982 assert(block == qemu_get_ram_block(end - 1));
983 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
984 CPU_FOREACH(cpu) {
985 tlb_reset_dirty(cpu, start1, length);
986 }
987 rcu_read_unlock();
988 }
989
990 /* Note: start and end must be within the same ram block. */
991 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
992 ram_addr_t length,
993 unsigned client)
994 {
995 DirtyMemoryBlocks *blocks;
996 unsigned long end, page;
997 bool dirty = false;
998
999 if (length == 0) {
1000 return false;
1001 }
1002
1003 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1004 page = start >> TARGET_PAGE_BITS;
1005
1006 rcu_read_lock();
1007
1008 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1009
1010 while (page < end) {
1011 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1012 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1013 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1014
1015 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1016 offset, num);
1017 page += num;
1018 }
1019
1020 rcu_read_unlock();
1021
1022 if (dirty && tcg_enabled()) {
1023 tlb_reset_dirty_range_all(start, length);
1024 }
1025
1026 return dirty;
1027 }
1028
1029 /* Called from RCU critical section */
1030 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
1031 MemoryRegionSection *section,
1032 target_ulong vaddr,
1033 hwaddr paddr, hwaddr xlat,
1034 int prot,
1035 target_ulong *address)
1036 {
1037 hwaddr iotlb;
1038 CPUWatchpoint *wp;
1039
1040 if (memory_region_is_ram(section->mr)) {
1041 /* Normal RAM. */
1042 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
1043 if (!section->readonly) {
1044 iotlb |= PHYS_SECTION_NOTDIRTY;
1045 } else {
1046 iotlb |= PHYS_SECTION_ROM;
1047 }
1048 } else {
1049 AddressSpaceDispatch *d;
1050
1051 d = atomic_rcu_read(&section->address_space->dispatch);
1052 iotlb = section - d->map.sections;
1053 iotlb += xlat;
1054 }
1055
1056 /* Make accesses to pages with watchpoints go via the
1057 watchpoint trap routines. */
1058 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1059 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1060 /* Avoid trapping reads of pages with a write breakpoint. */
1061 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1062 iotlb = PHYS_SECTION_WATCH + paddr;
1063 *address |= TLB_MMIO;
1064 break;
1065 }
1066 }
1067 }
1068
1069 return iotlb;
1070 }
1071 #endif /* defined(CONFIG_USER_ONLY) */
1072
1073 #if !defined(CONFIG_USER_ONLY)
1074
1075 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1076 uint16_t section);
1077 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1078
1079 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1080 qemu_anon_ram_alloc;
1081
1082 /*
1083 * Set a custom physical guest memory alloator.
1084 * Accelerators with unusual needs may need this. Hopefully, we can
1085 * get rid of it eventually.
1086 */
1087 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1088 {
1089 phys_mem_alloc = alloc;
1090 }
1091
1092 static uint16_t phys_section_add(PhysPageMap *map,
1093 MemoryRegionSection *section)
1094 {
1095 /* The physical section number is ORed with a page-aligned
1096 * pointer to produce the iotlb entries. Thus it should
1097 * never overflow into the page-aligned value.
1098 */
1099 assert(map->sections_nb < TARGET_PAGE_SIZE);
1100
1101 if (map->sections_nb == map->sections_nb_alloc) {
1102 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1103 map->sections = g_renew(MemoryRegionSection, map->sections,
1104 map->sections_nb_alloc);
1105 }
1106 map->sections[map->sections_nb] = *section;
1107 memory_region_ref(section->mr);
1108 return map->sections_nb++;
1109 }
1110
1111 static void phys_section_destroy(MemoryRegion *mr)
1112 {
1113 bool have_sub_page = mr->subpage;
1114
1115 memory_region_unref(mr);
1116
1117 if (have_sub_page) {
1118 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1119 object_unref(OBJECT(&subpage->iomem));
1120 g_free(subpage);
1121 }
1122 }
1123
1124 static void phys_sections_free(PhysPageMap *map)
1125 {
1126 while (map->sections_nb > 0) {
1127 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1128 phys_section_destroy(section->mr);
1129 }
1130 g_free(map->sections);
1131 g_free(map->nodes);
1132 }
1133
1134 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1135 {
1136 subpage_t *subpage;
1137 hwaddr base = section->offset_within_address_space
1138 & TARGET_PAGE_MASK;
1139 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1140 d->map.nodes, d->map.sections);
1141 MemoryRegionSection subsection = {
1142 .offset_within_address_space = base,
1143 .size = int128_make64(TARGET_PAGE_SIZE),
1144 };
1145 hwaddr start, end;
1146
1147 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1148
1149 if (!(existing->mr->subpage)) {
1150 subpage = subpage_init(d->as, base);
1151 subsection.address_space = d->as;
1152 subsection.mr = &subpage->iomem;
1153 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1154 phys_section_add(&d->map, &subsection));
1155 } else {
1156 subpage = container_of(existing->mr, subpage_t, iomem);
1157 }
1158 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1159 end = start + int128_get64(section->size) - 1;
1160 subpage_register(subpage, start, end,
1161 phys_section_add(&d->map, section));
1162 }
1163
1164
1165 static void register_multipage(AddressSpaceDispatch *d,
1166 MemoryRegionSection *section)
1167 {
1168 hwaddr start_addr = section->offset_within_address_space;
1169 uint16_t section_index = phys_section_add(&d->map, section);
1170 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1171 TARGET_PAGE_BITS));
1172
1173 assert(num_pages);
1174 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1175 }
1176
1177 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1178 {
1179 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1180 AddressSpaceDispatch *d = as->next_dispatch;
1181 MemoryRegionSection now = *section, remain = *section;
1182 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1183
1184 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1185 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1186 - now.offset_within_address_space;
1187
1188 now.size = int128_min(int128_make64(left), now.size);
1189 register_subpage(d, &now);
1190 } else {
1191 now.size = int128_zero();
1192 }
1193 while (int128_ne(remain.size, now.size)) {
1194 remain.size = int128_sub(remain.size, now.size);
1195 remain.offset_within_address_space += int128_get64(now.size);
1196 remain.offset_within_region += int128_get64(now.size);
1197 now = remain;
1198 if (int128_lt(remain.size, page_size)) {
1199 register_subpage(d, &now);
1200 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1201 now.size = page_size;
1202 register_subpage(d, &now);
1203 } else {
1204 now.size = int128_and(now.size, int128_neg(page_size));
1205 register_multipage(d, &now);
1206 }
1207 }
1208 }
1209
1210 void qemu_flush_coalesced_mmio_buffer(void)
1211 {
1212 if (kvm_enabled())
1213 kvm_flush_coalesced_mmio_buffer();
1214 }
1215
1216 void qemu_mutex_lock_ramlist(void)
1217 {
1218 qemu_mutex_lock(&ram_list.mutex);
1219 }
1220
1221 void qemu_mutex_unlock_ramlist(void)
1222 {
1223 qemu_mutex_unlock(&ram_list.mutex);
1224 }
1225
1226 #ifdef __linux__
1227 static void *file_ram_alloc(RAMBlock *block,
1228 ram_addr_t memory,
1229 const char *path,
1230 Error **errp)
1231 {
1232 bool unlink_on_error = false;
1233 char *filename;
1234 char *sanitized_name;
1235 char *c;
1236 void *area = MAP_FAILED;
1237 int fd = -1;
1238
1239 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1240 error_setg(errp,
1241 "host lacks kvm mmu notifiers, -mem-path unsupported");
1242 return NULL;
1243 }
1244
1245 for (;;) {
1246 fd = open(path, O_RDWR);
1247 if (fd >= 0) {
1248 /* @path names an existing file, use it */
1249 break;
1250 }
1251 if (errno == ENOENT) {
1252 /* @path names a file that doesn't exist, create it */
1253 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1254 if (fd >= 0) {
1255 unlink_on_error = true;
1256 break;
1257 }
1258 } else if (errno == EISDIR) {
1259 /* @path names a directory, create a file there */
1260 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1261 sanitized_name = g_strdup(memory_region_name(block->mr));
1262 for (c = sanitized_name; *c != '\0'; c++) {
1263 if (*c == '/') {
1264 *c = '_';
1265 }
1266 }
1267
1268 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1269 sanitized_name);
1270 g_free(sanitized_name);
1271
1272 fd = mkstemp(filename);
1273 if (fd >= 0) {
1274 unlink(filename);
1275 g_free(filename);
1276 break;
1277 }
1278 g_free(filename);
1279 }
1280 if (errno != EEXIST && errno != EINTR) {
1281 error_setg_errno(errp, errno,
1282 "can't open backing store %s for guest RAM",
1283 path);
1284 goto error;
1285 }
1286 /*
1287 * Try again on EINTR and EEXIST. The latter happens when
1288 * something else creates the file between our two open().
1289 */
1290 }
1291
1292 block->page_size = qemu_fd_getpagesize(fd);
1293 block->mr->align = block->page_size;
1294 #if defined(__s390x__)
1295 if (kvm_enabled()) {
1296 block->mr->align = MAX(block->mr->align, QEMU_VMALLOC_ALIGN);
1297 }
1298 #endif
1299
1300 if (memory < block->page_size) {
1301 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1302 "or larger than page size 0x%zx",
1303 memory, block->page_size);
1304 goto error;
1305 }
1306
1307 memory = ROUND_UP(memory, block->page_size);
1308
1309 /*
1310 * ftruncate is not supported by hugetlbfs in older
1311 * hosts, so don't bother bailing out on errors.
1312 * If anything goes wrong with it under other filesystems,
1313 * mmap will fail.
1314 */
1315 if (ftruncate(fd, memory)) {
1316 perror("ftruncate");
1317 }
1318
1319 area = qemu_ram_mmap(fd, memory, block->mr->align,
1320 block->flags & RAM_SHARED);
1321 if (area == MAP_FAILED) {
1322 error_setg_errno(errp, errno,
1323 "unable to map backing store for guest RAM");
1324 goto error;
1325 }
1326
1327 if (mem_prealloc) {
1328 os_mem_prealloc(fd, area, memory, errp);
1329 if (errp && *errp) {
1330 goto error;
1331 }
1332 }
1333
1334 block->fd = fd;
1335 return area;
1336
1337 error:
1338 if (area != MAP_FAILED) {
1339 qemu_ram_munmap(area, memory);
1340 }
1341 if (unlink_on_error) {
1342 unlink(path);
1343 }
1344 if (fd != -1) {
1345 close(fd);
1346 }
1347 return NULL;
1348 }
1349 #endif
1350
1351 /* Called with the ramlist lock held. */
1352 static ram_addr_t find_ram_offset(ram_addr_t size)
1353 {
1354 RAMBlock *block, *next_block;
1355 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1356
1357 assert(size != 0); /* it would hand out same offset multiple times */
1358
1359 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1360 return 0;
1361 }
1362
1363 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1364 ram_addr_t end, next = RAM_ADDR_MAX;
1365
1366 end = block->offset + block->max_length;
1367
1368 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1369 if (next_block->offset >= end) {
1370 next = MIN(next, next_block->offset);
1371 }
1372 }
1373 if (next - end >= size && next - end < mingap) {
1374 offset = end;
1375 mingap = next - end;
1376 }
1377 }
1378
1379 if (offset == RAM_ADDR_MAX) {
1380 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1381 (uint64_t)size);
1382 abort();
1383 }
1384
1385 return offset;
1386 }
1387
1388 ram_addr_t last_ram_offset(void)
1389 {
1390 RAMBlock *block;
1391 ram_addr_t last = 0;
1392
1393 rcu_read_lock();
1394 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1395 last = MAX(last, block->offset + block->max_length);
1396 }
1397 rcu_read_unlock();
1398 return last;
1399 }
1400
1401 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1402 {
1403 int ret;
1404
1405 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1406 if (!machine_dump_guest_core(current_machine)) {
1407 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1408 if (ret) {
1409 perror("qemu_madvise");
1410 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1411 "but dump_guest_core=off specified\n");
1412 }
1413 }
1414 }
1415
1416 const char *qemu_ram_get_idstr(RAMBlock *rb)
1417 {
1418 return rb->idstr;
1419 }
1420
1421 /* Called with iothread lock held. */
1422 void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
1423 {
1424 RAMBlock *block;
1425
1426 assert(new_block);
1427 assert(!new_block->idstr[0]);
1428
1429 if (dev) {
1430 char *id = qdev_get_dev_path(dev);
1431 if (id) {
1432 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1433 g_free(id);
1434 }
1435 }
1436 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1437
1438 rcu_read_lock();
1439 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1440 if (block != new_block &&
1441 !strcmp(block->idstr, new_block->idstr)) {
1442 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1443 new_block->idstr);
1444 abort();
1445 }
1446 }
1447 rcu_read_unlock();
1448 }
1449
1450 /* Called with iothread lock held. */
1451 void qemu_ram_unset_idstr(RAMBlock *block)
1452 {
1453 /* FIXME: arch_init.c assumes that this is not called throughout
1454 * migration. Ignore the problem since hot-unplug during migration
1455 * does not work anyway.
1456 */
1457 if (block) {
1458 memset(block->idstr, 0, sizeof(block->idstr));
1459 }
1460 }
1461
1462 size_t qemu_ram_pagesize(RAMBlock *rb)
1463 {
1464 return rb->page_size;
1465 }
1466
1467 static int memory_try_enable_merging(void *addr, size_t len)
1468 {
1469 if (!machine_mem_merge(current_machine)) {
1470 /* disabled by the user */
1471 return 0;
1472 }
1473
1474 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1475 }
1476
1477 /* Only legal before guest might have detected the memory size: e.g. on
1478 * incoming migration, or right after reset.
1479 *
1480 * As memory core doesn't know how is memory accessed, it is up to
1481 * resize callback to update device state and/or add assertions to detect
1482 * misuse, if necessary.
1483 */
1484 int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
1485 {
1486 assert(block);
1487
1488 newsize = HOST_PAGE_ALIGN(newsize);
1489
1490 if (block->used_length == newsize) {
1491 return 0;
1492 }
1493
1494 if (!(block->flags & RAM_RESIZEABLE)) {
1495 error_setg_errno(errp, EINVAL,
1496 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1497 " in != 0x" RAM_ADDR_FMT, block->idstr,
1498 newsize, block->used_length);
1499 return -EINVAL;
1500 }
1501
1502 if (block->max_length < newsize) {
1503 error_setg_errno(errp, EINVAL,
1504 "Length too large: %s: 0x" RAM_ADDR_FMT
1505 " > 0x" RAM_ADDR_FMT, block->idstr,
1506 newsize, block->max_length);
1507 return -EINVAL;
1508 }
1509
1510 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1511 block->used_length = newsize;
1512 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1513 DIRTY_CLIENTS_ALL);
1514 memory_region_set_size(block->mr, newsize);
1515 if (block->resized) {
1516 block->resized(block->idstr, newsize, block->host);
1517 }
1518 return 0;
1519 }
1520
1521 /* Called with ram_list.mutex held */
1522 static void dirty_memory_extend(ram_addr_t old_ram_size,
1523 ram_addr_t new_ram_size)
1524 {
1525 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1526 DIRTY_MEMORY_BLOCK_SIZE);
1527 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1528 DIRTY_MEMORY_BLOCK_SIZE);
1529 int i;
1530
1531 /* Only need to extend if block count increased */
1532 if (new_num_blocks <= old_num_blocks) {
1533 return;
1534 }
1535
1536 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1537 DirtyMemoryBlocks *old_blocks;
1538 DirtyMemoryBlocks *new_blocks;
1539 int j;
1540
1541 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1542 new_blocks = g_malloc(sizeof(*new_blocks) +
1543 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1544
1545 if (old_num_blocks) {
1546 memcpy(new_blocks->blocks, old_blocks->blocks,
1547 old_num_blocks * sizeof(old_blocks->blocks[0]));
1548 }
1549
1550 for (j = old_num_blocks; j < new_num_blocks; j++) {
1551 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1552 }
1553
1554 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1555
1556 if (old_blocks) {
1557 g_free_rcu(old_blocks, rcu);
1558 }
1559 }
1560 }
1561
1562 static void ram_block_add(RAMBlock *new_block, Error **errp)
1563 {
1564 RAMBlock *block;
1565 RAMBlock *last_block = NULL;
1566 ram_addr_t old_ram_size, new_ram_size;
1567 Error *err = NULL;
1568
1569 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1570
1571 qemu_mutex_lock_ramlist();
1572 new_block->offset = find_ram_offset(new_block->max_length);
1573
1574 if (!new_block->host) {
1575 if (xen_enabled()) {
1576 xen_ram_alloc(new_block->offset, new_block->max_length,
1577 new_block->mr, &err);
1578 if (err) {
1579 error_propagate(errp, err);
1580 qemu_mutex_unlock_ramlist();
1581 return;
1582 }
1583 } else {
1584 new_block->host = phys_mem_alloc(new_block->max_length,
1585 &new_block->mr->align);
1586 if (!new_block->host) {
1587 error_setg_errno(errp, errno,
1588 "cannot set up guest memory '%s'",
1589 memory_region_name(new_block->mr));
1590 qemu_mutex_unlock_ramlist();
1591 return;
1592 }
1593 memory_try_enable_merging(new_block->host, new_block->max_length);
1594 }
1595 }
1596
1597 new_ram_size = MAX(old_ram_size,
1598 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1599 if (new_ram_size > old_ram_size) {
1600 migration_bitmap_extend(old_ram_size, new_ram_size);
1601 dirty_memory_extend(old_ram_size, new_ram_size);
1602 }
1603 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1604 * QLIST (which has an RCU-friendly variant) does not have insertion at
1605 * tail, so save the last element in last_block.
1606 */
1607 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1608 last_block = block;
1609 if (block->max_length < new_block->max_length) {
1610 break;
1611 }
1612 }
1613 if (block) {
1614 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1615 } else if (last_block) {
1616 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1617 } else { /* list is empty */
1618 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1619 }
1620 ram_list.mru_block = NULL;
1621
1622 /* Write list before version */
1623 smp_wmb();
1624 ram_list.version++;
1625 qemu_mutex_unlock_ramlist();
1626
1627 cpu_physical_memory_set_dirty_range(new_block->offset,
1628 new_block->used_length,
1629 DIRTY_CLIENTS_ALL);
1630
1631 if (new_block->host) {
1632 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1633 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1634 /* MADV_DONTFORK is also needed by KVM in absence of synchronous MMU */
1635 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1636 }
1637 }
1638
1639 #ifdef __linux__
1640 RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1641 bool share, const char *mem_path,
1642 Error **errp)
1643 {
1644 RAMBlock *new_block;
1645 Error *local_err = NULL;
1646
1647 if (xen_enabled()) {
1648 error_setg(errp, "-mem-path not supported with Xen");
1649 return NULL;
1650 }
1651
1652 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1653 /*
1654 * file_ram_alloc() needs to allocate just like
1655 * phys_mem_alloc, but we haven't bothered to provide
1656 * a hook there.
1657 */
1658 error_setg(errp,
1659 "-mem-path not supported with this accelerator");
1660 return NULL;
1661 }
1662
1663 size = HOST_PAGE_ALIGN(size);
1664 new_block = g_malloc0(sizeof(*new_block));
1665 new_block->mr = mr;
1666 new_block->used_length = size;
1667 new_block->max_length = size;
1668 new_block->flags = share ? RAM_SHARED : 0;
1669 new_block->host = file_ram_alloc(new_block, size,
1670 mem_path, errp);
1671 if (!new_block->host) {
1672 g_free(new_block);
1673 return NULL;
1674 }
1675
1676 ram_block_add(new_block, &local_err);
1677 if (local_err) {
1678 g_free(new_block);
1679 error_propagate(errp, local_err);
1680 return NULL;
1681 }
1682 return new_block;
1683 }
1684 #endif
1685
1686 static
1687 RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1688 void (*resized)(const char*,
1689 uint64_t length,
1690 void *host),
1691 void *host, bool resizeable,
1692 MemoryRegion *mr, Error **errp)
1693 {
1694 RAMBlock *new_block;
1695 Error *local_err = NULL;
1696
1697 size = HOST_PAGE_ALIGN(size);
1698 max_size = HOST_PAGE_ALIGN(max_size);
1699 new_block = g_malloc0(sizeof(*new_block));
1700 new_block->mr = mr;
1701 new_block->resized = resized;
1702 new_block->used_length = size;
1703 new_block->max_length = max_size;
1704 assert(max_size >= size);
1705 new_block->fd = -1;
1706 new_block->page_size = getpagesize();
1707 new_block->host = host;
1708 if (host) {
1709 new_block->flags |= RAM_PREALLOC;
1710 }
1711 if (resizeable) {
1712 new_block->flags |= RAM_RESIZEABLE;
1713 }
1714 ram_block_add(new_block, &local_err);
1715 if (local_err) {
1716 g_free(new_block);
1717 error_propagate(errp, local_err);
1718 return NULL;
1719 }
1720 return new_block;
1721 }
1722
1723 RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1724 MemoryRegion *mr, Error **errp)
1725 {
1726 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1727 }
1728
1729 RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1730 {
1731 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1732 }
1733
1734 RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1735 void (*resized)(const char*,
1736 uint64_t length,
1737 void *host),
1738 MemoryRegion *mr, Error **errp)
1739 {
1740 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1741 }
1742
1743 static void reclaim_ramblock(RAMBlock *block)
1744 {
1745 if (block->flags & RAM_PREALLOC) {
1746 ;
1747 } else if (xen_enabled()) {
1748 xen_invalidate_map_cache_entry(block->host);
1749 #ifndef _WIN32
1750 } else if (block->fd >= 0) {
1751 qemu_ram_munmap(block->host, block->max_length);
1752 close(block->fd);
1753 #endif
1754 } else {
1755 qemu_anon_ram_free(block->host, block->max_length);
1756 }
1757 g_free(block);
1758 }
1759
1760 void qemu_ram_free(RAMBlock *block)
1761 {
1762 if (!block) {
1763 return;
1764 }
1765
1766 qemu_mutex_lock_ramlist();
1767 QLIST_REMOVE_RCU(block, next);
1768 ram_list.mru_block = NULL;
1769 /* Write list before version */
1770 smp_wmb();
1771 ram_list.version++;
1772 call_rcu(block, reclaim_ramblock, rcu);
1773 qemu_mutex_unlock_ramlist();
1774 }
1775
1776 #ifndef _WIN32
1777 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1778 {
1779 RAMBlock *block;
1780 ram_addr_t offset;
1781 int flags;
1782 void *area, *vaddr;
1783
1784 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1785 offset = addr - block->offset;
1786 if (offset < block->max_length) {
1787 vaddr = ramblock_ptr(block, offset);
1788 if (block->flags & RAM_PREALLOC) {
1789 ;
1790 } else if (xen_enabled()) {
1791 abort();
1792 } else {
1793 flags = MAP_FIXED;
1794 if (block->fd >= 0) {
1795 flags |= (block->flags & RAM_SHARED ?
1796 MAP_SHARED : MAP_PRIVATE);
1797 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1798 flags, block->fd, offset);
1799 } else {
1800 /*
1801 * Remap needs to match alloc. Accelerators that
1802 * set phys_mem_alloc never remap. If they did,
1803 * we'd need a remap hook here.
1804 */
1805 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1806
1807 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1808 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1809 flags, -1, 0);
1810 }
1811 if (area != vaddr) {
1812 fprintf(stderr, "Could not remap addr: "
1813 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1814 length, addr);
1815 exit(1);
1816 }
1817 memory_try_enable_merging(vaddr, length);
1818 qemu_ram_setup_dump(vaddr, length);
1819 }
1820 }
1821 }
1822 }
1823 #endif /* !_WIN32 */
1824
1825 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1826 * This should not be used for general purpose DMA. Use address_space_map
1827 * or address_space_rw instead. For local memory (e.g. video ram) that the
1828 * device owns, use memory_region_get_ram_ptr.
1829 *
1830 * Called within RCU critical section.
1831 */
1832 void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1833 {
1834 RAMBlock *block = ram_block;
1835
1836 if (block == NULL) {
1837 block = qemu_get_ram_block(addr);
1838 addr -= block->offset;
1839 }
1840
1841 if (xen_enabled() && block->host == NULL) {
1842 /* We need to check if the requested address is in the RAM
1843 * because we don't want to map the entire memory in QEMU.
1844 * In that case just map until the end of the page.
1845 */
1846 if (block->offset == 0) {
1847 return xen_map_cache(addr, 0, 0);
1848 }
1849
1850 block->host = xen_map_cache(block->offset, block->max_length, 1);
1851 }
1852 return ramblock_ptr(block, addr);
1853 }
1854
1855 /* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
1856 * but takes a size argument.
1857 *
1858 * Called within RCU critical section.
1859 */
1860 static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1861 hwaddr *size)
1862 {
1863 RAMBlock *block = ram_block;
1864 if (*size == 0) {
1865 return NULL;
1866 }
1867
1868 if (block == NULL) {
1869 block = qemu_get_ram_block(addr);
1870 addr -= block->offset;
1871 }
1872 *size = MIN(*size, block->max_length - addr);
1873
1874 if (xen_enabled() && block->host == NULL) {
1875 /* We need to check if the requested address is in the RAM
1876 * because we don't want to map the entire memory in QEMU.
1877 * In that case just map the requested area.
1878 */
1879 if (block->offset == 0) {
1880 return xen_map_cache(addr, *size, 1);
1881 }
1882
1883 block->host = xen_map_cache(block->offset, block->max_length, 1);
1884 }
1885
1886 return ramblock_ptr(block, addr);
1887 }
1888
1889 /*
1890 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1891 * in that RAMBlock.
1892 *
1893 * ptr: Host pointer to look up
1894 * round_offset: If true round the result offset down to a page boundary
1895 * *ram_addr: set to result ram_addr
1896 * *offset: set to result offset within the RAMBlock
1897 *
1898 * Returns: RAMBlock (or NULL if not found)
1899 *
1900 * By the time this function returns, the returned pointer is not protected
1901 * by RCU anymore. If the caller is not within an RCU critical section and
1902 * does not hold the iothread lock, it must have other means of protecting the
1903 * pointer, such as a reference to the region that includes the incoming
1904 * ram_addr_t.
1905 */
1906 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1907 ram_addr_t *offset)
1908 {
1909 RAMBlock *block;
1910 uint8_t *host = ptr;
1911
1912 if (xen_enabled()) {
1913 ram_addr_t ram_addr;
1914 rcu_read_lock();
1915 ram_addr = xen_ram_addr_from_mapcache(ptr);
1916 block = qemu_get_ram_block(ram_addr);
1917 if (block) {
1918 *offset = ram_addr - block->offset;
1919 }
1920 rcu_read_unlock();
1921 return block;
1922 }
1923
1924 rcu_read_lock();
1925 block = atomic_rcu_read(&ram_list.mru_block);
1926 if (block && block->host && host - block->host < block->max_length) {
1927 goto found;
1928 }
1929
1930 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1931 /* This case append when the block is not mapped. */
1932 if (block->host == NULL) {
1933 continue;
1934 }
1935 if (host - block->host < block->max_length) {
1936 goto found;
1937 }
1938 }
1939
1940 rcu_read_unlock();
1941 return NULL;
1942
1943 found:
1944 *offset = (host - block->host);
1945 if (round_offset) {
1946 *offset &= TARGET_PAGE_MASK;
1947 }
1948 rcu_read_unlock();
1949 return block;
1950 }
1951
1952 /*
1953 * Finds the named RAMBlock
1954 *
1955 * name: The name of RAMBlock to find
1956 *
1957 * Returns: RAMBlock (or NULL if not found)
1958 */
1959 RAMBlock *qemu_ram_block_by_name(const char *name)
1960 {
1961 RAMBlock *block;
1962
1963 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1964 if (!strcmp(name, block->idstr)) {
1965 return block;
1966 }
1967 }
1968
1969 return NULL;
1970 }
1971
1972 /* Some of the softmmu routines need to translate from a host pointer
1973 (typically a TLB entry) back to a ram offset. */
1974 ram_addr_t qemu_ram_addr_from_host(void *ptr)
1975 {
1976 RAMBlock *block;
1977 ram_addr_t offset;
1978
1979 block = qemu_ram_block_from_host(ptr, false, &offset);
1980 if (!block) {
1981 return RAM_ADDR_INVALID;
1982 }
1983
1984 return block->offset + offset;
1985 }
1986
1987 /* Called within RCU critical section. */
1988 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1989 uint64_t val, unsigned size)
1990 {
1991 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1992 tb_invalidate_phys_page_fast(ram_addr, size);
1993 }
1994 switch (size) {
1995 case 1:
1996 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
1997 break;
1998 case 2:
1999 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
2000 break;
2001 case 4:
2002 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
2003 break;
2004 default:
2005 abort();
2006 }
2007 /* Set both VGA and migration bits for simplicity and to remove
2008 * the notdirty callback faster.
2009 */
2010 cpu_physical_memory_set_dirty_range(ram_addr, size,
2011 DIRTY_CLIENTS_NOCODE);
2012 /* we remove the notdirty callback only if the code has been
2013 flushed */
2014 if (!cpu_physical_memory_is_clean(ram_addr)) {
2015 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
2016 }
2017 }
2018
2019 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2020 unsigned size, bool is_write)
2021 {
2022 return is_write;
2023 }
2024
2025 static const MemoryRegionOps notdirty_mem_ops = {
2026 .write = notdirty_mem_write,
2027 .valid.accepts = notdirty_mem_accepts,
2028 .endianness = DEVICE_NATIVE_ENDIAN,
2029 };
2030
2031 /* Generate a debug exception if a watchpoint has been hit. */
2032 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
2033 {
2034 CPUState *cpu = current_cpu;
2035 CPUClass *cc = CPU_GET_CLASS(cpu);
2036 CPUArchState *env = cpu->env_ptr;
2037 target_ulong pc, cs_base;
2038 target_ulong vaddr;
2039 CPUWatchpoint *wp;
2040 uint32_t cpu_flags;
2041
2042 if (cpu->watchpoint_hit) {
2043 /* We re-entered the check after replacing the TB. Now raise
2044 * the debug interrupt so that is will trigger after the
2045 * current instruction. */
2046 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2047 return;
2048 }
2049 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2050 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2051 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2052 && (wp->flags & flags)) {
2053 if (flags == BP_MEM_READ) {
2054 wp->flags |= BP_WATCHPOINT_HIT_READ;
2055 } else {
2056 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2057 }
2058 wp->hitaddr = vaddr;
2059 wp->hitattrs = attrs;
2060 if (!cpu->watchpoint_hit) {
2061 if (wp->flags & BP_CPU &&
2062 !cc->debug_check_watchpoint(cpu, wp)) {
2063 wp->flags &= ~BP_WATCHPOINT_HIT;
2064 continue;
2065 }
2066 cpu->watchpoint_hit = wp;
2067
2068 /* The tb_lock will be reset when cpu_loop_exit or
2069 * cpu_loop_exit_noexc longjmp back into the cpu_exec
2070 * main loop.
2071 */
2072 tb_lock();
2073 tb_check_watchpoint(cpu);
2074 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2075 cpu->exception_index = EXCP_DEBUG;
2076 cpu_loop_exit(cpu);
2077 } else {
2078 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2079 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2080 cpu_loop_exit_noexc(cpu);
2081 }
2082 }
2083 } else {
2084 wp->flags &= ~BP_WATCHPOINT_HIT;
2085 }
2086 }
2087 }
2088
2089 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2090 so these check for a hit then pass through to the normal out-of-line
2091 phys routines. */
2092 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2093 unsigned size, MemTxAttrs attrs)
2094 {
2095 MemTxResult res;
2096 uint64_t data;
2097 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2098 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2099
2100 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2101 switch (size) {
2102 case 1:
2103 data = address_space_ldub(as, addr, attrs, &res);
2104 break;
2105 case 2:
2106 data = address_space_lduw(as, addr, attrs, &res);
2107 break;
2108 case 4:
2109 data = address_space_ldl(as, addr, attrs, &res);
2110 break;
2111 default: abort();
2112 }
2113 *pdata = data;
2114 return res;
2115 }
2116
2117 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2118 uint64_t val, unsigned size,
2119 MemTxAttrs attrs)
2120 {
2121 MemTxResult res;
2122 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2123 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2124
2125 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2126 switch (size) {
2127 case 1:
2128 address_space_stb(as, addr, val, attrs, &res);
2129 break;
2130 case 2:
2131 address_space_stw(as, addr, val, attrs, &res);
2132 break;
2133 case 4:
2134 address_space_stl(as, addr, val, attrs, &res);
2135 break;
2136 default: abort();
2137 }
2138 return res;
2139 }
2140
2141 static const MemoryRegionOps watch_mem_ops = {
2142 .read_with_attrs = watch_mem_read,
2143 .write_with_attrs = watch_mem_write,
2144 .endianness = DEVICE_NATIVE_ENDIAN,
2145 };
2146
2147 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2148 unsigned len, MemTxAttrs attrs)
2149 {
2150 subpage_t *subpage = opaque;
2151 uint8_t buf[8];
2152 MemTxResult res;
2153
2154 #if defined(DEBUG_SUBPAGE)
2155 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2156 subpage, len, addr);
2157 #endif
2158 res = address_space_read(subpage->as, addr + subpage->base,
2159 attrs, buf, len);
2160 if (res) {
2161 return res;
2162 }
2163 switch (len) {
2164 case 1:
2165 *data = ldub_p(buf);
2166 return MEMTX_OK;
2167 case 2:
2168 *data = lduw_p(buf);
2169 return MEMTX_OK;
2170 case 4:
2171 *data = ldl_p(buf);
2172 return MEMTX_OK;
2173 case 8:
2174 *data = ldq_p(buf);
2175 return MEMTX_OK;
2176 default:
2177 abort();
2178 }
2179 }
2180
2181 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2182 uint64_t value, unsigned len, MemTxAttrs attrs)
2183 {
2184 subpage_t *subpage = opaque;
2185 uint8_t buf[8];
2186
2187 #if defined(DEBUG_SUBPAGE)
2188 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2189 " value %"PRIx64"\n",
2190 __func__, subpage, len, addr, value);
2191 #endif
2192 switch (len) {
2193 case 1:
2194 stb_p(buf, value);
2195 break;
2196 case 2:
2197 stw_p(buf, value);
2198 break;
2199 case 4:
2200 stl_p(buf, value);
2201 break;
2202 case 8:
2203 stq_p(buf, value);
2204 break;
2205 default:
2206 abort();
2207 }
2208 return address_space_write(subpage->as, addr + subpage->base,
2209 attrs, buf, len);
2210 }
2211
2212 static bool subpage_accepts(void *opaque, hwaddr addr,
2213 unsigned len, bool is_write)
2214 {
2215 subpage_t *subpage = opaque;
2216 #if defined(DEBUG_SUBPAGE)
2217 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2218 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2219 #endif
2220
2221 return address_space_access_valid(subpage->as, addr + subpage->base,
2222 len, is_write);
2223 }
2224
2225 static const MemoryRegionOps subpage_ops = {
2226 .read_with_attrs = subpage_read,
2227 .write_with_attrs = subpage_write,
2228 .impl.min_access_size = 1,
2229 .impl.max_access_size = 8,
2230 .valid.min_access_size = 1,
2231 .valid.max_access_size = 8,
2232 .valid.accepts = subpage_accepts,
2233 .endianness = DEVICE_NATIVE_ENDIAN,
2234 };
2235
2236 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2237 uint16_t section)
2238 {
2239 int idx, eidx;
2240
2241 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2242 return -1;
2243 idx = SUBPAGE_IDX(start);
2244 eidx = SUBPAGE_IDX(end);
2245 #if defined(DEBUG_SUBPAGE)
2246 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2247 __func__, mmio, start, end, idx, eidx, section);
2248 #endif
2249 for (; idx <= eidx; idx++) {
2250 mmio->sub_section[idx] = section;
2251 }
2252
2253 return 0;
2254 }
2255
2256 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2257 {
2258 subpage_t *mmio;
2259
2260 mmio = g_malloc0(sizeof(subpage_t) + TARGET_PAGE_SIZE * sizeof(uint16_t));
2261 mmio->as = as;
2262 mmio->base = base;
2263 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2264 NULL, TARGET_PAGE_SIZE);
2265 mmio->iomem.subpage = true;
2266 #if defined(DEBUG_SUBPAGE)
2267 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2268 mmio, base, TARGET_PAGE_SIZE);
2269 #endif
2270 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2271
2272 return mmio;
2273 }
2274
2275 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2276 MemoryRegion *mr)
2277 {
2278 assert(as);
2279 MemoryRegionSection section = {
2280 .address_space = as,
2281 .mr = mr,
2282 .offset_within_address_space = 0,
2283 .offset_within_region = 0,
2284 .size = int128_2_64(),
2285 };
2286
2287 return phys_section_add(map, &section);
2288 }
2289
2290 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
2291 {
2292 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2293 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
2294 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2295 MemoryRegionSection *sections = d->map.sections;
2296
2297 return sections[index & ~TARGET_PAGE_MASK].mr;
2298 }
2299
2300 static void io_mem_init(void)
2301 {
2302 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2303 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2304 NULL, UINT64_MAX);
2305 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2306 NULL, UINT64_MAX);
2307 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2308 NULL, UINT64_MAX);
2309 }
2310
2311 static void mem_begin(MemoryListener *listener)
2312 {
2313 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2314 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2315 uint16_t n;
2316
2317 n = dummy_section(&d->map, as, &io_mem_unassigned);
2318 assert(n == PHYS_SECTION_UNASSIGNED);
2319 n = dummy_section(&d->map, as, &io_mem_notdirty);
2320 assert(n == PHYS_SECTION_NOTDIRTY);
2321 n = dummy_section(&d->map, as, &io_mem_rom);
2322 assert(n == PHYS_SECTION_ROM);
2323 n = dummy_section(&d->map, as, &io_mem_watch);
2324 assert(n == PHYS_SECTION_WATCH);
2325
2326 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2327 d->as = as;
2328 as->next_dispatch = d;
2329 }
2330
2331 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2332 {
2333 phys_sections_free(&d->map);
2334 g_free(d);
2335 }
2336
2337 static void mem_commit(MemoryListener *listener)
2338 {
2339 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2340 AddressSpaceDispatch *cur = as->dispatch;
2341 AddressSpaceDispatch *next = as->next_dispatch;
2342
2343 phys_page_compact_all(next, next->map.nodes_nb);
2344
2345 atomic_rcu_set(&as->dispatch, next);
2346 if (cur) {
2347 call_rcu(cur, address_space_dispatch_free, rcu);
2348 }
2349 }
2350
2351 static void tcg_commit(MemoryListener *listener)
2352 {
2353 CPUAddressSpace *cpuas;
2354 AddressSpaceDispatch *d;
2355
2356 /* since each CPU stores ram addresses in its TLB cache, we must
2357 reset the modified entries */
2358 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2359 cpu_reloading_memory_map();
2360 /* The CPU and TLB are protected by the iothread lock.
2361 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2362 * may have split the RCU critical section.
2363 */
2364 d = atomic_rcu_read(&cpuas->as->dispatch);
2365 cpuas->memory_dispatch = d;
2366 tlb_flush(cpuas->cpu, 1);
2367 }
2368
2369 void address_space_init_dispatch(AddressSpace *as)
2370 {
2371 as->dispatch = NULL;
2372 as->dispatch_listener = (MemoryListener) {
2373 .begin = mem_begin,
2374 .commit = mem_commit,
2375 .region_add = mem_add,
2376 .region_nop = mem_add,
2377 .priority = 0,
2378 };
2379 memory_listener_register(&as->dispatch_listener, as);
2380 }
2381
2382 void address_space_unregister(AddressSpace *as)
2383 {
2384 memory_listener_unregister(&as->dispatch_listener);
2385 }
2386
2387 void address_space_destroy_dispatch(AddressSpace *as)
2388 {
2389 AddressSpaceDispatch *d = as->dispatch;
2390
2391 atomic_rcu_set(&as->dispatch, NULL);
2392 if (d) {
2393 call_rcu(d, address_space_dispatch_free, rcu);
2394 }
2395 }
2396
2397 static void memory_map_init(void)
2398 {
2399 system_memory = g_malloc(sizeof(*system_memory));
2400
2401 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2402 address_space_init(&address_space_memory, system_memory, "memory");
2403
2404 system_io = g_malloc(sizeof(*system_io));
2405 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2406 65536);
2407 address_space_init(&address_space_io, system_io, "I/O");
2408 }
2409
2410 MemoryRegion *get_system_memory(void)
2411 {
2412 return system_memory;
2413 }
2414
2415 MemoryRegion *get_system_io(void)
2416 {
2417 return system_io;
2418 }
2419
2420 #endif /* !defined(CONFIG_USER_ONLY) */
2421
2422 /* physical memory access (slow version, mainly for debug) */
2423 #if defined(CONFIG_USER_ONLY)
2424 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2425 uint8_t *buf, int len, int is_write)
2426 {
2427 int l, flags;
2428 target_ulong page;
2429 void * p;
2430
2431 while (len > 0) {
2432 page = addr & TARGET_PAGE_MASK;
2433 l = (page + TARGET_PAGE_SIZE) - addr;
2434 if (l > len)
2435 l = len;
2436 flags = page_get_flags(page);
2437 if (!(flags & PAGE_VALID))
2438 return -1;
2439 if (is_write) {
2440 if (!(flags & PAGE_WRITE))
2441 return -1;
2442 /* XXX: this code should not depend on lock_user */
2443 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2444 return -1;
2445 memcpy(p, buf, l);
2446 unlock_user(p, addr, l);
2447 } else {
2448 if (!(flags & PAGE_READ))
2449 return -1;
2450 /* XXX: this code should not depend on lock_user */
2451 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2452 return -1;
2453 memcpy(buf, p, l);
2454 unlock_user(p, addr, 0);
2455 }
2456 len -= l;
2457 buf += l;
2458 addr += l;
2459 }
2460 return 0;
2461 }
2462
2463 #else
2464
2465 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2466 hwaddr length)
2467 {
2468 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2469 addr += memory_region_get_ram_addr(mr);
2470
2471 /* No early return if dirty_log_mask is or becomes 0, because
2472 * cpu_physical_memory_set_dirty_range will still call
2473 * xen_modified_memory.
2474 */
2475 if (dirty_log_mask) {
2476 dirty_log_mask =
2477 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2478 }
2479 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2480 tb_invalidate_phys_range(addr, addr + length);
2481 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2482 }
2483 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2484 }
2485
2486 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2487 {
2488 unsigned access_size_max = mr->ops->valid.max_access_size;
2489
2490 /* Regions are assumed to support 1-4 byte accesses unless
2491 otherwise specified. */
2492 if (access_size_max == 0) {
2493 access_size_max = 4;
2494 }
2495
2496 /* Bound the maximum access by the alignment of the address. */
2497 if (!mr->ops->impl.unaligned) {
2498 unsigned align_size_max = addr & -addr;
2499 if (align_size_max != 0 && align_size_max < access_size_max) {
2500 access_size_max = align_size_max;
2501 }
2502 }
2503
2504 /* Don't attempt accesses larger than the maximum. */
2505 if (l > access_size_max) {
2506 l = access_size_max;
2507 }
2508 l = pow2floor(l);
2509
2510 return l;
2511 }
2512
2513 static bool prepare_mmio_access(MemoryRegion *mr)
2514 {
2515 bool unlocked = !qemu_mutex_iothread_locked();
2516 bool release_lock = false;
2517
2518 if (unlocked && mr->global_locking) {
2519 qemu_mutex_lock_iothread();
2520 unlocked = false;
2521 release_lock = true;
2522 }
2523 if (mr->flush_coalesced_mmio) {
2524 if (unlocked) {
2525 qemu_mutex_lock_iothread();
2526 }
2527 qemu_flush_coalesced_mmio_buffer();
2528 if (unlocked) {
2529 qemu_mutex_unlock_iothread();
2530 }
2531 }
2532
2533 return release_lock;
2534 }
2535
2536 /* Called within RCU critical section. */
2537 static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2538 MemTxAttrs attrs,
2539 const uint8_t *buf,
2540 int len, hwaddr addr1,
2541 hwaddr l, MemoryRegion *mr)
2542 {
2543 uint8_t *ptr;
2544 uint64_t val;
2545 MemTxResult result = MEMTX_OK;
2546 bool release_lock = false;
2547
2548 for (;;) {
2549 if (!memory_access_is_direct(mr, true)) {
2550 release_lock |= prepare_mmio_access(mr);
2551 l = memory_access_size(mr, l, addr1);
2552 /* XXX: could force current_cpu to NULL to avoid
2553 potential bugs */
2554 switch (l) {
2555 case 8:
2556 /* 64 bit write access */
2557 val = ldq_p(buf);
2558 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2559 attrs);
2560 break;
2561 case 4:
2562 /* 32 bit write access */
2563 val = ldl_p(buf);
2564 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2565 attrs);
2566 break;
2567 case 2:
2568 /* 16 bit write access */
2569 val = lduw_p(buf);
2570 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2571 attrs);
2572 break;
2573 case 1:
2574 /* 8 bit write access */
2575 val = ldub_p(buf);
2576 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2577 attrs);
2578 break;
2579 default:
2580 abort();
2581 }
2582 } else {
2583 /* RAM case */
2584 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
2585 memcpy(ptr, buf, l);
2586 invalidate_and_set_dirty(mr, addr1, l);
2587 }
2588
2589 if (release_lock) {
2590 qemu_mutex_unlock_iothread();
2591 release_lock = false;
2592 }
2593
2594 len -= l;
2595 buf += l;
2596 addr += l;
2597
2598 if (!len) {
2599 break;
2600 }
2601
2602 l = len;
2603 mr = address_space_translate(as, addr, &addr1, &l, true);
2604 }
2605
2606 return result;
2607 }
2608
2609 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2610 const uint8_t *buf, int len)
2611 {
2612 hwaddr l;
2613 hwaddr addr1;
2614 MemoryRegion *mr;
2615 MemTxResult result = MEMTX_OK;
2616
2617 if (len > 0) {
2618 rcu_read_lock();
2619 l = len;
2620 mr = address_space_translate(as, addr, &addr1, &l, true);
2621 result = address_space_write_continue(as, addr, attrs, buf, len,
2622 addr1, l, mr);
2623 rcu_read_unlock();
2624 }
2625
2626 return result;
2627 }
2628
2629 /* Called within RCU critical section. */
2630 MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2631 MemTxAttrs attrs, uint8_t *buf,
2632 int len, hwaddr addr1, hwaddr l,
2633 MemoryRegion *mr)
2634 {
2635 uint8_t *ptr;
2636 uint64_t val;
2637 MemTxResult result = MEMTX_OK;
2638 bool release_lock = false;
2639
2640 for (;;) {
2641 if (!memory_access_is_direct(mr, false)) {
2642 /* I/O case */
2643 release_lock |= prepare_mmio_access(mr);
2644 l = memory_access_size(mr, l, addr1);
2645 switch (l) {
2646 case 8:
2647 /* 64 bit read access */
2648 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2649 attrs);
2650 stq_p(buf, val);
2651 break;
2652 case 4:
2653 /* 32 bit read access */
2654 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2655 attrs);
2656 stl_p(buf, val);
2657 break;
2658 case 2:
2659 /* 16 bit read access */
2660 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2661 attrs);
2662 stw_p(buf, val);
2663 break;
2664 case 1:
2665 /* 8 bit read access */
2666 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2667 attrs);
2668 stb_p(buf, val);
2669 break;
2670 default:
2671 abort();
2672 }
2673 } else {
2674 /* RAM case */
2675 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
2676 memcpy(buf, ptr, l);
2677 }
2678
2679 if (release_lock) {
2680 qemu_mutex_unlock_iothread();
2681 release_lock = false;
2682 }
2683
2684 len -= l;
2685 buf += l;
2686 addr += l;
2687
2688 if (!len) {
2689 break;
2690 }
2691
2692 l = len;
2693 mr = address_space_translate(as, addr, &addr1, &l, false);
2694 }
2695
2696 return result;
2697 }
2698
2699 MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2700 MemTxAttrs attrs, uint8_t *buf, int len)
2701 {
2702 hwaddr l;
2703 hwaddr addr1;
2704 MemoryRegion *mr;
2705 MemTxResult result = MEMTX_OK;
2706
2707 if (len > 0) {
2708 rcu_read_lock();
2709 l = len;
2710 mr = address_space_translate(as, addr, &addr1, &l, false);
2711 result = address_space_read_continue(as, addr, attrs, buf, len,
2712 addr1, l, mr);
2713 rcu_read_unlock();
2714 }
2715
2716 return result;
2717 }
2718
2719 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2720 uint8_t *buf, int len, bool is_write)
2721 {
2722 if (is_write) {
2723 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2724 } else {
2725 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2726 }
2727 }
2728
2729 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2730 int len, int is_write)
2731 {
2732 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2733 buf, len, is_write);
2734 }
2735
2736 enum write_rom_type {
2737 WRITE_DATA,
2738 FLUSH_CACHE,
2739 };
2740
2741 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2742 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2743 {
2744 hwaddr l;
2745 uint8_t *ptr;
2746 hwaddr addr1;
2747 MemoryRegion *mr;
2748
2749 rcu_read_lock();
2750 while (len > 0) {
2751 l = len;
2752 mr = address_space_translate(as, addr, &addr1, &l, true);
2753
2754 if (!(memory_region_is_ram(mr) ||
2755 memory_region_is_romd(mr))) {
2756 l = memory_access_size(mr, l, addr1);
2757 } else {
2758 /* ROM/RAM case */
2759 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
2760 switch (type) {
2761 case WRITE_DATA:
2762 memcpy(ptr, buf, l);
2763 invalidate_and_set_dirty(mr, addr1, l);
2764 break;
2765 case FLUSH_CACHE:
2766 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2767 break;
2768 }
2769 }
2770 len -= l;
2771 buf += l;
2772 addr += l;
2773 }
2774 rcu_read_unlock();
2775 }
2776
2777 /* used for ROM loading : can write in RAM and ROM */
2778 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2779 const uint8_t *buf, int len)
2780 {
2781 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2782 }
2783
2784 void cpu_flush_icache_range(hwaddr start, int len)
2785 {
2786 /*
2787 * This function should do the same thing as an icache flush that was
2788 * triggered from within the guest. For TCG we are always cache coherent,
2789 * so there is no need to flush anything. For KVM / Xen we need to flush
2790 * the host's instruction cache at least.
2791 */
2792 if (tcg_enabled()) {
2793 return;
2794 }
2795
2796 cpu_physical_memory_write_rom_internal(&address_space_memory,
2797 start, NULL, len, FLUSH_CACHE);
2798 }
2799
2800 typedef struct {
2801 MemoryRegion *mr;
2802 void *buffer;
2803 hwaddr addr;
2804 hwaddr len;
2805 bool in_use;
2806 } BounceBuffer;
2807
2808 static BounceBuffer bounce;
2809
2810 typedef struct MapClient {
2811 QEMUBH *bh;
2812 QLIST_ENTRY(MapClient) link;
2813 } MapClient;
2814
2815 QemuMutex map_client_list_lock;
2816 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2817 = QLIST_HEAD_INITIALIZER(map_client_list);
2818
2819 static void cpu_unregister_map_client_do(MapClient *client)
2820 {
2821 QLIST_REMOVE(client, link);
2822 g_free(client);
2823 }
2824
2825 static void cpu_notify_map_clients_locked(void)
2826 {
2827 MapClient *client;
2828
2829 while (!QLIST_EMPTY(&map_client_list)) {
2830 client = QLIST_FIRST(&map_client_list);
2831 qemu_bh_schedule(client->bh);
2832 cpu_unregister_map_client_do(client);
2833 }
2834 }
2835
2836 void cpu_register_map_client(QEMUBH *bh)
2837 {
2838 MapClient *client = g_malloc(sizeof(*client));
2839
2840 qemu_mutex_lock(&map_client_list_lock);
2841 client->bh = bh;
2842 QLIST_INSERT_HEAD(&map_client_list, client, link);
2843 if (!atomic_read(&bounce.in_use)) {
2844 cpu_notify_map_clients_locked();
2845 }
2846 qemu_mutex_unlock(&map_client_list_lock);
2847 }
2848
2849 void cpu_exec_init_all(void)
2850 {
2851 qemu_mutex_init(&ram_list.mutex);
2852 /* The data structures we set up here depend on knowing the page size,
2853 * so no more changes can be made after this point.
2854 * In an ideal world, nothing we did before we had finished the
2855 * machine setup would care about the target page size, and we could
2856 * do this much later, rather than requiring board models to state
2857 * up front what their requirements are.
2858 */
2859 finalize_target_page_bits();
2860 io_mem_init();
2861 memory_map_init();
2862 qemu_mutex_init(&map_client_list_lock);
2863 }
2864
2865 void cpu_unregister_map_client(QEMUBH *bh)
2866 {
2867 MapClient *client;
2868
2869 qemu_mutex_lock(&map_client_list_lock);
2870 QLIST_FOREACH(client, &map_client_list, link) {
2871 if (client->bh == bh) {
2872 cpu_unregister_map_client_do(client);
2873 break;
2874 }
2875 }
2876 qemu_mutex_unlock(&map_client_list_lock);
2877 }
2878
2879 static void cpu_notify_map_clients(void)
2880 {
2881 qemu_mutex_lock(&map_client_list_lock);
2882 cpu_notify_map_clients_locked();
2883 qemu_mutex_unlock(&map_client_list_lock);
2884 }
2885
2886 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2887 {
2888 MemoryRegion *mr;
2889 hwaddr l, xlat;
2890
2891 rcu_read_lock();
2892 while (len > 0) {
2893 l = len;
2894 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2895 if (!memory_access_is_direct(mr, is_write)) {
2896 l = memory_access_size(mr, l, addr);
2897 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2898 return false;
2899 }
2900 }
2901
2902 len -= l;
2903 addr += l;
2904 }
2905 rcu_read_unlock();
2906 return true;
2907 }
2908
2909 /* Map a physical memory region into a host virtual address.
2910 * May map a subset of the requested range, given by and returned in *plen.
2911 * May return NULL if resources needed to perform the mapping are exhausted.
2912 * Use only for reads OR writes - not for read-modify-write operations.
2913 * Use cpu_register_map_client() to know when retrying the map operation is
2914 * likely to succeed.
2915 */
2916 void *address_space_map(AddressSpace *as,
2917 hwaddr addr,
2918 hwaddr *plen,
2919 bool is_write)
2920 {
2921 hwaddr len = *plen;
2922 hwaddr done = 0;
2923 hwaddr l, xlat, base;
2924 MemoryRegion *mr, *this_mr;
2925 void *ptr;
2926
2927 if (len == 0) {
2928 return NULL;
2929 }
2930
2931 l = len;
2932 rcu_read_lock();
2933 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2934
2935 if (!memory_access_is_direct(mr, is_write)) {
2936 if (atomic_xchg(&bounce.in_use, true)) {
2937 rcu_read_unlock();
2938 return NULL;
2939 }
2940 /* Avoid unbounded allocations */
2941 l = MIN(l, TARGET_PAGE_SIZE);
2942 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2943 bounce.addr = addr;
2944 bounce.len = l;
2945
2946 memory_region_ref(mr);
2947 bounce.mr = mr;
2948 if (!is_write) {
2949 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2950 bounce.buffer, l);
2951 }
2952
2953 rcu_read_unlock();
2954 *plen = l;
2955 return bounce.buffer;
2956 }
2957
2958 base = xlat;
2959
2960 for (;;) {
2961 len -= l;
2962 addr += l;
2963 done += l;
2964 if (len == 0) {
2965 break;
2966 }
2967
2968 l = len;
2969 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2970 if (this_mr != mr || xlat != base + done) {
2971 break;
2972 }
2973 }
2974
2975 memory_region_ref(mr);
2976 *plen = done;
2977 ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);
2978 rcu_read_unlock();
2979
2980 return ptr;
2981 }
2982
2983 /* Unmaps a memory region previously mapped by address_space_map().
2984 * Will also mark the memory as dirty if is_write == 1. access_len gives
2985 * the amount of memory that was actually read or written by the caller.
2986 */
2987 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2988 int is_write, hwaddr access_len)
2989 {
2990 if (buffer != bounce.buffer) {
2991 MemoryRegion *mr;
2992 ram_addr_t addr1;
2993
2994 mr = memory_region_from_host(buffer, &addr1);
2995 assert(mr != NULL);
2996 if (is_write) {
2997 invalidate_and_set_dirty(mr, addr1, access_len);
2998 }
2999 if (xen_enabled()) {
3000 xen_invalidate_map_cache_entry(buffer);
3001 }
3002 memory_region_unref(mr);
3003 return;
3004 }
3005 if (is_write) {
3006 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3007 bounce.buffer, access_len);
3008 }
3009 qemu_vfree(bounce.buffer);
3010 bounce.buffer = NULL;
3011 memory_region_unref(bounce.mr);
3012 atomic_mb_set(&bounce.in_use, false);
3013 cpu_notify_map_clients();
3014 }
3015
3016 void *cpu_physical_memory_map(hwaddr addr,
3017 hwaddr *plen,
3018 int is_write)
3019 {
3020 return address_space_map(&address_space_memory, addr, plen, is_write);
3021 }
3022
3023 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3024 int is_write, hwaddr access_len)
3025 {
3026 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3027 }
3028
3029 /* warning: addr must be aligned */
3030 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3031 MemTxAttrs attrs,
3032 MemTxResult *result,
3033 enum device_endian endian)
3034 {
3035 uint8_t *ptr;
3036 uint64_t val;
3037 MemoryRegion *mr;
3038 hwaddr l = 4;
3039 hwaddr addr1;
3040 MemTxResult r;
3041 bool release_lock = false;
3042
3043 rcu_read_lock();
3044 mr = address_space_translate(as, addr, &addr1, &l, false);
3045 if (l < 4 || !memory_access_is_direct(mr, false)) {
3046 release_lock |= prepare_mmio_access(mr);
3047
3048 /* I/O case */
3049 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
3050 #if defined(TARGET_WORDS_BIGENDIAN)
3051 if (endian == DEVICE_LITTLE_ENDIAN) {
3052 val = bswap32(val);
3053 }
3054 #else
3055 if (endian == DEVICE_BIG_ENDIAN) {
3056 val = bswap32(val);
3057 }
3058 #endif
3059 } else {
3060 /* RAM case */
3061 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3062 switch (endian) {
3063 case DEVICE_LITTLE_ENDIAN:
3064 val = ldl_le_p(ptr);
3065 break;
3066 case DEVICE_BIG_ENDIAN:
3067 val = ldl_be_p(ptr);
3068 break;
3069 default:
3070 val = ldl_p(ptr);
3071 break;
3072 }
3073 r = MEMTX_OK;
3074 }
3075 if (result) {
3076 *result = r;
3077 }
3078 if (release_lock) {
3079 qemu_mutex_unlock_iothread();
3080 }
3081 rcu_read_unlock();
3082 return val;
3083 }
3084
3085 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3086 MemTxAttrs attrs, MemTxResult *result)
3087 {
3088 return address_space_ldl_internal(as, addr, attrs, result,
3089 DEVICE_NATIVE_ENDIAN);
3090 }
3091
3092 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3093 MemTxAttrs attrs, MemTxResult *result)
3094 {
3095 return address_space_ldl_internal(as, addr, attrs, result,
3096 DEVICE_LITTLE_ENDIAN);
3097 }
3098
3099 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3100 MemTxAttrs attrs, MemTxResult *result)
3101 {
3102 return address_space_ldl_internal(as, addr, attrs, result,
3103 DEVICE_BIG_ENDIAN);
3104 }
3105
3106 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
3107 {
3108 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3109 }
3110
3111 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
3112 {
3113 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3114 }
3115
3116 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
3117 {
3118 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3119 }
3120
3121 /* warning: addr must be aligned */
3122 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3123 MemTxAttrs attrs,
3124 MemTxResult *result,
3125 enum device_endian endian)
3126 {
3127 uint8_t *ptr;
3128 uint64_t val;
3129 MemoryRegion *mr;
3130 hwaddr l = 8;
3131 hwaddr addr1;
3132 MemTxResult r;
3133 bool release_lock = false;
3134
3135 rcu_read_lock();
3136 mr = address_space_translate(as, addr, &addr1, &l,
3137 false);
3138 if (l < 8 || !memory_access_is_direct(mr, false)) {
3139 release_lock |= prepare_mmio_access(mr);
3140
3141 /* I/O case */
3142 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3143 #if defined(TARGET_WORDS_BIGENDIAN)
3144 if (endian == DEVICE_LITTLE_ENDIAN) {
3145 val = bswap64(val);
3146 }
3147 #else
3148 if (endian == DEVICE_BIG_ENDIAN) {
3149 val = bswap64(val);
3150 }
3151 #endif
3152 } else {
3153 /* RAM case */
3154 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3155 switch (endian) {
3156 case DEVICE_LITTLE_ENDIAN:
3157 val = ldq_le_p(ptr);
3158 break;
3159 case DEVICE_BIG_ENDIAN:
3160 val = ldq_be_p(ptr);
3161 break;
3162 default:
3163 val = ldq_p(ptr);
3164 break;
3165 }
3166 r = MEMTX_OK;
3167 }
3168 if (result) {
3169 *result = r;
3170 }
3171 if (release_lock) {
3172 qemu_mutex_unlock_iothread();
3173 }
3174 rcu_read_unlock();
3175 return val;
3176 }
3177
3178 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3179 MemTxAttrs attrs, MemTxResult *result)
3180 {
3181 return address_space_ldq_internal(as, addr, attrs, result,
3182 DEVICE_NATIVE_ENDIAN);
3183 }
3184
3185 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3186 MemTxAttrs attrs, MemTxResult *result)
3187 {
3188 return address_space_ldq_internal(as, addr, attrs, result,
3189 DEVICE_LITTLE_ENDIAN);
3190 }
3191
3192 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3193 MemTxAttrs attrs, MemTxResult *result)
3194 {
3195 return address_space_ldq_internal(as, addr, attrs, result,
3196 DEVICE_BIG_ENDIAN);
3197 }
3198
3199 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3200 {
3201 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3202 }
3203
3204 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3205 {
3206 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3207 }
3208
3209 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3210 {
3211 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3212 }
3213
3214 /* XXX: optimize */
3215 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3216 MemTxAttrs attrs, MemTxResult *result)
3217 {
3218 uint8_t val;
3219 MemTxResult r;
3220
3221 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3222 if (result) {
3223 *result = r;
3224 }
3225 return val;
3226 }
3227
3228 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3229 {
3230 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3231 }
3232
3233 /* warning: addr must be aligned */
3234 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3235 hwaddr addr,
3236 MemTxAttrs attrs,
3237 MemTxResult *result,
3238 enum device_endian endian)
3239 {
3240 uint8_t *ptr;
3241 uint64_t val;
3242 MemoryRegion *mr;
3243 hwaddr l = 2;
3244 hwaddr addr1;
3245 MemTxResult r;
3246 bool release_lock = false;
3247
3248 rcu_read_lock();
3249 mr = address_space_translate(as, addr, &addr1, &l,
3250 false);
3251 if (l < 2 || !memory_access_is_direct(mr, false)) {
3252 release_lock |= prepare_mmio_access(mr);
3253
3254 /* I/O case */
3255 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3256 #if defined(TARGET_WORDS_BIGENDIAN)
3257 if (endian == DEVICE_LITTLE_ENDIAN) {
3258 val = bswap16(val);
3259 }
3260 #else
3261 if (endian == DEVICE_BIG_ENDIAN) {
3262 val = bswap16(val);
3263 }
3264 #endif
3265 } else {
3266 /* RAM case */
3267 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3268 switch (endian) {
3269 case DEVICE_LITTLE_ENDIAN:
3270 val = lduw_le_p(ptr);
3271 break;
3272 case DEVICE_BIG_ENDIAN:
3273 val = lduw_be_p(ptr);
3274 break;
3275 default:
3276 val = lduw_p(ptr);
3277 break;
3278 }
3279 r = MEMTX_OK;
3280 }
3281 if (result) {
3282 *result = r;
3283 }
3284 if (release_lock) {
3285 qemu_mutex_unlock_iothread();
3286 }
3287 rcu_read_unlock();
3288 return val;
3289 }
3290
3291 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3292 MemTxAttrs attrs, MemTxResult *result)
3293 {
3294 return address_space_lduw_internal(as, addr, attrs, result,
3295 DEVICE_NATIVE_ENDIAN);
3296 }
3297
3298 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3299 MemTxAttrs attrs, MemTxResult *result)
3300 {
3301 return address_space_lduw_internal(as, addr, attrs, result,
3302 DEVICE_LITTLE_ENDIAN);
3303 }
3304
3305 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3306 MemTxAttrs attrs, MemTxResult *result)
3307 {
3308 return address_space_lduw_internal(as, addr, attrs, result,
3309 DEVICE_BIG_ENDIAN);
3310 }
3311
3312 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3313 {
3314 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3315 }
3316
3317 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3318 {
3319 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3320 }
3321
3322 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3323 {
3324 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3325 }
3326
3327 /* warning: addr must be aligned. The ram page is not masked as dirty
3328 and the code inside is not invalidated. It is useful if the dirty
3329 bits are used to track modified PTEs */
3330 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3331 MemTxAttrs attrs, MemTxResult *result)
3332 {
3333 uint8_t *ptr;
3334 MemoryRegion *mr;
3335 hwaddr l = 4;
3336 hwaddr addr1;
3337 MemTxResult r;
3338 uint8_t dirty_log_mask;
3339 bool release_lock = false;
3340
3341 rcu_read_lock();
3342 mr = address_space_translate(as, addr, &addr1, &l,
3343 true);
3344 if (l < 4 || !memory_access_is_direct(mr, true)) {
3345 release_lock |= prepare_mmio_access(mr);
3346
3347 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3348 } else {
3349 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3350 stl_p(ptr, val);
3351
3352 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3353 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3354 cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
3355 4, dirty_log_mask);
3356 r = MEMTX_OK;
3357 }
3358 if (result) {
3359 *result = r;
3360 }
3361 if (release_lock) {
3362 qemu_mutex_unlock_iothread();
3363 }
3364 rcu_read_unlock();
3365 }
3366
3367 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3368 {
3369 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3370 }
3371
3372 /* warning: addr must be aligned */
3373 static inline void address_space_stl_internal(AddressSpace *as,
3374 hwaddr addr, uint32_t val,
3375 MemTxAttrs attrs,
3376 MemTxResult *result,
3377 enum device_endian endian)
3378 {
3379 uint8_t *ptr;
3380 MemoryRegion *mr;
3381 hwaddr l = 4;
3382 hwaddr addr1;
3383 MemTxResult r;
3384 bool release_lock = false;
3385
3386 rcu_read_lock();
3387 mr = address_space_translate(as, addr, &addr1, &l,
3388 true);
3389 if (l < 4 || !memory_access_is_direct(mr, true)) {
3390 release_lock |= prepare_mmio_access(mr);
3391
3392 #if defined(TARGET_WORDS_BIGENDIAN)
3393 if (endian == DEVICE_LITTLE_ENDIAN) {
3394 val = bswap32(val);
3395 }
3396 #else
3397 if (endian == DEVICE_BIG_ENDIAN) {
3398 val = bswap32(val);
3399 }
3400 #endif
3401 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3402 } else {
3403 /* RAM case */
3404 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3405 switch (endian) {
3406 case DEVICE_LITTLE_ENDIAN:
3407 stl_le_p(ptr, val);
3408 break;
3409 case DEVICE_BIG_ENDIAN:
3410 stl_be_p(ptr, val);
3411 break;
3412 default:
3413 stl_p(ptr, val);
3414 break;
3415 }
3416 invalidate_and_set_dirty(mr, addr1, 4);
3417 r = MEMTX_OK;
3418 }
3419 if (result) {
3420 *result = r;
3421 }
3422 if (release_lock) {
3423 qemu_mutex_unlock_iothread();
3424 }
3425 rcu_read_unlock();
3426 }
3427
3428 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3429 MemTxAttrs attrs, MemTxResult *result)
3430 {
3431 address_space_stl_internal(as, addr, val, attrs, result,
3432 DEVICE_NATIVE_ENDIAN);
3433 }
3434
3435 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3436 MemTxAttrs attrs, MemTxResult *result)
3437 {
3438 address_space_stl_internal(as, addr, val, attrs, result,
3439 DEVICE_LITTLE_ENDIAN);
3440 }
3441
3442 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3443 MemTxAttrs attrs, MemTxResult *result)
3444 {
3445 address_space_stl_internal(as, addr, val, attrs, result,
3446 DEVICE_BIG_ENDIAN);
3447 }
3448
3449 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3450 {
3451 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3452 }
3453
3454 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3455 {
3456 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3457 }
3458
3459 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3460 {
3461 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3462 }
3463
3464 /* XXX: optimize */
3465 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3466 MemTxAttrs attrs, MemTxResult *result)
3467 {
3468 uint8_t v = val;
3469 MemTxResult r;
3470
3471 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3472 if (result) {
3473 *result = r;
3474 }
3475 }
3476
3477 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3478 {
3479 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3480 }
3481
3482 /* warning: addr must be aligned */
3483 static inline void address_space_stw_internal(AddressSpace *as,
3484 hwaddr addr, uint32_t val,
3485 MemTxAttrs attrs,
3486 MemTxResult *result,
3487 enum device_endian endian)
3488 {
3489 uint8_t *ptr;
3490 MemoryRegion *mr;
3491 hwaddr l = 2;
3492 hwaddr addr1;
3493 MemTxResult r;
3494 bool release_lock = false;
3495
3496 rcu_read_lock();
3497 mr = address_space_translate(as, addr, &addr1, &l, true);
3498 if (l < 2 || !memory_access_is_direct(mr, true)) {
3499 release_lock |= prepare_mmio_access(mr);
3500
3501 #if defined(TARGET_WORDS_BIGENDIAN)
3502 if (endian == DEVICE_LITTLE_ENDIAN) {
3503 val = bswap16(val);
3504 }
3505 #else
3506 if (endian == DEVICE_BIG_ENDIAN) {
3507 val = bswap16(val);
3508 }
3509 #endif
3510 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3511 } else {
3512 /* RAM case */
3513 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3514 switch (endian) {
3515 case DEVICE_LITTLE_ENDIAN:
3516 stw_le_p(ptr, val);
3517 break;
3518 case DEVICE_BIG_ENDIAN:
3519 stw_be_p(ptr, val);
3520 break;
3521 default:
3522 stw_p(ptr, val);
3523 break;
3524 }
3525 invalidate_and_set_dirty(mr, addr1, 2);
3526 r = MEMTX_OK;
3527 }
3528 if (result) {
3529 *result = r;
3530 }
3531 if (release_lock) {
3532 qemu_mutex_unlock_iothread();
3533 }
3534 rcu_read_unlock();
3535 }
3536
3537 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3538 MemTxAttrs attrs, MemTxResult *result)
3539 {
3540 address_space_stw_internal(as, addr, val, attrs, result,
3541 DEVICE_NATIVE_ENDIAN);
3542 }
3543
3544 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3545 MemTxAttrs attrs, MemTxResult *result)
3546 {
3547 address_space_stw_internal(as, addr, val, attrs, result,
3548 DEVICE_LITTLE_ENDIAN);
3549 }
3550
3551 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3552 MemTxAttrs attrs, MemTxResult *result)
3553 {
3554 address_space_stw_internal(as, addr, val, attrs, result,
3555 DEVICE_BIG_ENDIAN);
3556 }
3557
3558 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3559 {
3560 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3561 }
3562
3563 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3564 {
3565 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3566 }
3567
3568 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3569 {
3570 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3571 }
3572
3573 /* XXX: optimize */
3574 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3575 MemTxAttrs attrs, MemTxResult *result)
3576 {
3577 MemTxResult r;
3578 val = tswap64(val);
3579 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3580 if (result) {
3581 *result = r;
3582 }
3583 }
3584
3585 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3586 MemTxAttrs attrs, MemTxResult *result)
3587 {
3588 MemTxResult r;
3589 val = cpu_to_le64(val);
3590 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3591 if (result) {
3592 *result = r;
3593 }
3594 }
3595 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3596 MemTxAttrs attrs, MemTxResult *result)
3597 {
3598 MemTxResult r;
3599 val = cpu_to_be64(val);
3600 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3601 if (result) {
3602 *result = r;
3603 }
3604 }
3605
3606 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3607 {
3608 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3609 }
3610
3611 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3612 {
3613 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3614 }
3615
3616 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3617 {
3618 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3619 }
3620
3621 /* virtual memory access for debug (includes writing to ROM) */
3622 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3623 uint8_t *buf, int len, int is_write)
3624 {
3625 int l;
3626 hwaddr phys_addr;
3627 target_ulong page;
3628
3629 while (len > 0) {
3630 int asidx;
3631 MemTxAttrs attrs;
3632
3633 page = addr & TARGET_PAGE_MASK;
3634 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3635 asidx = cpu_asidx_from_attrs(cpu, attrs);
3636 /* if no physical page mapped, return an error */
3637 if (phys_addr == -1)
3638 return -1;
3639 l = (page + TARGET_PAGE_SIZE) - addr;
3640 if (l > len)
3641 l = len;
3642 phys_addr += (addr & ~TARGET_PAGE_MASK);
3643 if (is_write) {
3644 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3645 phys_addr, buf, l);
3646 } else {
3647 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3648 MEMTXATTRS_UNSPECIFIED,
3649 buf, l, 0);
3650 }
3651 len -= l;
3652 buf += l;
3653 addr += l;
3654 }
3655 return 0;
3656 }
3657
3658 /*
3659 * Allows code that needs to deal with migration bitmaps etc to still be built
3660 * target independent.
3661 */
3662 size_t qemu_target_page_bits(void)
3663 {
3664 return TARGET_PAGE_BITS;
3665 }
3666
3667 #endif
3668
3669 /*
3670 * A helper function for the _utterly broken_ virtio device model to find out if
3671 * it's running on a big endian machine. Don't do this at home kids!
3672 */
3673 bool target_words_bigendian(void);
3674 bool target_words_bigendian(void)
3675 {
3676 #if defined(TARGET_WORDS_BIGENDIAN)
3677 return true;
3678 #else
3679 return false;
3680 #endif
3681 }
3682
3683 #ifndef CONFIG_USER_ONLY
3684 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3685 {
3686 MemoryRegion*mr;
3687 hwaddr l = 1;
3688 bool res;
3689
3690 rcu_read_lock();
3691 mr = address_space_translate(&address_space_memory,
3692 phys_addr, &phys_addr, &l, false);
3693
3694 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3695 rcu_read_unlock();
3696 return res;
3697 }
3698
3699 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3700 {
3701 RAMBlock *block;
3702 int ret = 0;
3703
3704 rcu_read_lock();
3705 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3706 ret = func(block->idstr, block->host, block->offset,
3707 block->used_length, opaque);
3708 if (ret) {
3709 break;
3710 }
3711 }
3712 rcu_read_unlock();
3713 return ret;
3714 }
3715 #endif
AR7 emulation for QEMU