search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'qemu/master'
[qemu/ar7.git] / exec.c
blobc8ac09ed8020ef0976828318d6c258af30ccf125
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #include "hw/qdev.h"
30 #include "qemu/osdep.h"
31 #include "sysemu/kvm.h"
32 #include "sysemu/sysemu.h"
33 #include "hw/xen/xen.h"
34 #include "qemu/timer.h"
35 #include "qemu/config-file.h"
36 #include "qemu/error-report.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
41 #include <qemu.h>
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
44 #include "trace.h"
45 #endif
46 #include "exec/cpu-all.h"
47
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
50
51 #include "exec/memory-internal.h"
52 #include "exec/ram_addr.h"
53
54 #include "qemu/range.h"
55
56 //#define DEBUG_SUBPAGE
57
58 #if !defined(CONFIG_USER_ONLY)
59 static bool in_migration;
60
61 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
62
63 static MemoryRegion *system_memory;
64 static MemoryRegion *system_io;
65
66 AddressSpace address_space_io;
67 AddressSpace address_space_memory;
68
69 MemoryRegion io_mem_rom, io_mem_notdirty;
70 static MemoryRegion io_mem_unassigned;
71
72 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
73 #define RAM_PREALLOC (1 << 0)
74
75 /* RAM is mmap-ed with MAP_SHARED */
76 #define RAM_SHARED (1 << 1)
77
78 #endif
79
80 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
81 /* current CPU in the current thread. It is only valid inside
82 cpu_exec() */
83 DEFINE_TLS(CPUState *, current_cpu);
84 /* 0 = Do not count executed instructions.
85 1 = Precise instruction counting.
86 2 = Adaptive rate instruction counting. */
87 int use_icount;
88
89 #if !defined(CONFIG_USER_ONLY)
90
91 typedef struct PhysPageEntry PhysPageEntry;
92
93 struct PhysPageEntry {
94 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
95 uint32_t skip : 6;
96 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
97 uint32_t ptr : 26;
98 };
99
100 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
101
102 /* Size of the L2 (and L3, etc) page tables. */
103 #define ADDR_SPACE_BITS 64
104
105 #define P_L2_BITS 9
106 #define P_L2_SIZE (1 << P_L2_BITS)
107
108 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
109
110 typedef PhysPageEntry Node[P_L2_SIZE];
111
112 typedef struct PhysPageMap {
113 unsigned sections_nb;
114 unsigned sections_nb_alloc;
115 unsigned nodes_nb;
116 unsigned nodes_nb_alloc;
117 Node *nodes;
118 MemoryRegionSection *sections;
119 } PhysPageMap;
120
121 struct AddressSpaceDispatch {
122 /* This is a multi-level map on the physical address space.
123 * The bottom level has pointers to MemoryRegionSections.
124 */
125 PhysPageEntry phys_map;
126 PhysPageMap map;
127 AddressSpace *as;
128 };
129
130 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
131 typedef struct subpage_t {
132 MemoryRegion iomem;
133 AddressSpace *as;
134 hwaddr base;
135 uint16_t sub_section[TARGET_PAGE_SIZE];
136 } subpage_t;
137
138 #define PHYS_SECTION_UNASSIGNED 0
139 #define PHYS_SECTION_NOTDIRTY 1
140 #define PHYS_SECTION_ROM 2
141 #define PHYS_SECTION_WATCH 3
142
143 static void io_mem_init(void);
144 static void memory_map_init(void);
145 static void tcg_commit(MemoryListener *listener);
146
147 static MemoryRegion io_mem_watch;
148 #endif
149
150 #if !defined(CONFIG_USER_ONLY)
151
152 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
153 {
154 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
155 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
156 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
157 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
158 }
159 }
160
161 static uint32_t phys_map_node_alloc(PhysPageMap *map)
162 {
163 unsigned i;
164 uint32_t ret;
165
166 ret = map->nodes_nb++;
167 assert(ret != PHYS_MAP_NODE_NIL);
168 assert(ret != map->nodes_nb_alloc);
169 for (i = 0; i < P_L2_SIZE; ++i) {
170 map->nodes[ret][i].skip = 1;
171 map->nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
172 }
173 return ret;
174 }
175
176 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
177 hwaddr *index, hwaddr *nb, uint16_t leaf,
178 int level)
179 {
180 PhysPageEntry *p;
181 int i;
182 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
183
184 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
185 lp->ptr = phys_map_node_alloc(map);
186 p = map->nodes[lp->ptr];
187 if (level == 0) {
188 for (i = 0; i < P_L2_SIZE; i++) {
189 p[i].skip = 0;
190 p[i].ptr = PHYS_SECTION_UNASSIGNED;
191 }
192 }
193 } else {
194 p = map->nodes[lp->ptr];
195 }
196 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
197
198 while (*nb && lp < &p[P_L2_SIZE]) {
199 if ((*index & (step - 1)) == 0 && *nb >= step) {
200 lp->skip = 0;
201 lp->ptr = leaf;
202 *index += step;
203 *nb -= step;
204 } else {
205 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
206 }
207 ++lp;
208 }
209 }
210
211 static void phys_page_set(AddressSpaceDispatch *d,
212 hwaddr index, hwaddr nb,
213 uint16_t leaf)
214 {
215 /* Wildly overreserve - it doesn't matter much. */
216 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
217
218 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
219 }
220
221 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
222 * and update our entry so we can skip it and go directly to the destination.
223 */
224 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
225 {
226 unsigned valid_ptr = P_L2_SIZE;
227 int valid = 0;
228 PhysPageEntry *p;
229 int i;
230
231 if (lp->ptr == PHYS_MAP_NODE_NIL) {
232 return;
233 }
234
235 p = nodes[lp->ptr];
236 for (i = 0; i < P_L2_SIZE; i++) {
237 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
238 continue;
239 }
240
241 valid_ptr = i;
242 valid++;
243 if (p[i].skip) {
244 phys_page_compact(&p[i], nodes, compacted);
245 }
246 }
247
248 /* We can only compress if there's only one child. */
249 if (valid != 1) {
250 return;
251 }
252
253 assert(valid_ptr < P_L2_SIZE);
254
255 /* Don't compress if it won't fit in the # of bits we have. */
256 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
257 return;
258 }
259
260 lp->ptr = p[valid_ptr].ptr;
261 if (!p[valid_ptr].skip) {
262 /* If our only child is a leaf, make this a leaf. */
263 /* By design, we should have made this node a leaf to begin with so we
264 * should never reach here.
265 * But since it's so simple to handle this, let's do it just in case we
266 * change this rule.
267 */
268 lp->skip = 0;
269 } else {
270 lp->skip += p[valid_ptr].skip;
271 }
272 }
273
274 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
275 {
276 DECLARE_BITMAP(compacted, nodes_nb);
277
278 if (d->phys_map.skip) {
279 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
280 }
281 }
282
283 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
284 Node *nodes, MemoryRegionSection *sections)
285 {
286 PhysPageEntry *p;
287 hwaddr index = addr >> TARGET_PAGE_BITS;
288 int i;
289
290 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
291 if (lp.ptr == PHYS_MAP_NODE_NIL) {
292 return &sections[PHYS_SECTION_UNASSIGNED];
293 }
294 p = nodes[lp.ptr];
295 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
296 }
297
298 if (sections[lp.ptr].size.hi ||
299 range_covers_byte(sections[lp.ptr].offset_within_address_space,
300 sections[lp.ptr].size.lo, addr)) {
301 return &sections[lp.ptr];
302 } else {
303 return &sections[PHYS_SECTION_UNASSIGNED];
304 }
305 }
306
307 bool memory_region_is_unassigned(MemoryRegion *mr)
308 {
309 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
310 && mr != &io_mem_watch;
311 }
312
313 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
314 hwaddr addr,
315 bool resolve_subpage)
316 {
317 MemoryRegionSection *section;
318 subpage_t *subpage;
319
320 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
321 if (resolve_subpage && section->mr->subpage) {
322 subpage = container_of(section->mr, subpage_t, iomem);
323 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
324 }
325 return section;
326 }
327
328 static MemoryRegionSection *
329 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
330 hwaddr *plen, bool resolve_subpage)
331 {
332 MemoryRegionSection *section;
333 Int128 diff;
334
335 section = address_space_lookup_region(d, addr, resolve_subpage);
336 /* Compute offset within MemoryRegionSection */
337 addr -= section->offset_within_address_space;
338
339 /* Compute offset within MemoryRegion */
340 *xlat = addr + section->offset_within_region;
341
342 diff = int128_sub(section->mr->size, int128_make64(addr));
343 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
344 return section;
345 }
346
347 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
348 {
349 if (memory_region_is_ram(mr)) {
350 return !(is_write && mr->readonly);
351 }
352 if (memory_region_is_romd(mr)) {
353 return !is_write;
354 }
355
356 return false;
357 }
358
359 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
360 hwaddr *xlat, hwaddr *plen,
361 bool is_write)
362 {
363 IOMMUTLBEntry iotlb;
364 MemoryRegionSection *section;
365 MemoryRegion *mr;
366 hwaddr len = *plen;
367
368 for (;;) {
369 section = address_space_translate_internal(as->dispatch, addr, &addr, plen, true);
370 mr = section->mr;
371
372 if (!mr->iommu_ops) {
373 break;
374 }
375
376 iotlb = mr->iommu_ops->translate(mr, addr);
377 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
378 | (addr & iotlb.addr_mask));
379 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
380 if (!(iotlb.perm & (1 << is_write))) {
381 mr = &io_mem_unassigned;
382 break;
383 }
384
385 as = iotlb.target_as;
386 }
387
388 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
389 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
390 len = MIN(page, len);
391 }
392
393 *plen = len;
394 *xlat = addr;
395 return mr;
396 }
397
398 MemoryRegionSection *
399 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
400 hwaddr *plen)
401 {
402 MemoryRegionSection *section;
403 section = address_space_translate_internal(as->dispatch, addr, xlat, plen, false);
404
405 assert(!section->mr->iommu_ops);
406 return section;
407 }
408 #endif
409
410 void cpu_exec_init_all(void)
411 {
412 #if !defined(CONFIG_USER_ONLY)
413 qemu_mutex_init(&ram_list.mutex);
414 memory_map_init();
415 io_mem_init();
416 #endif
417 }
418
419 #if !defined(CONFIG_USER_ONLY)
420
421 static int cpu_common_post_load(void *opaque, int version_id)
422 {
423 CPUState *cpu = opaque;
424
425 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
426 version_id is increased. */
427 cpu->interrupt_request &= ~0x01;
428 tlb_flush(cpu, 1);
429
430 return 0;
431 }
432
433 const VMStateDescription vmstate_cpu_common = {
434 .name = "cpu_common",
435 .version_id = 1,
436 .minimum_version_id = 1,
437 .post_load = cpu_common_post_load,
438 .fields = (VMStateField[]) {
439 VMSTATE_UINT32(halted, CPUState),
440 VMSTATE_UINT32(interrupt_request, CPUState),
441 VMSTATE_END_OF_LIST()
442 }
443 };
444
445 #endif
446
447 CPUState *qemu_get_cpu(int index)
448 {
449 CPUState *cpu;
450
451 CPU_FOREACH(cpu) {
452 if (cpu->cpu_index == index) {
453 return cpu;
454 }
455 }
456
457 return NULL;
458 }
459
460 #if !defined(CONFIG_USER_ONLY)
461 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
462 {
463 /* We only support one address space per cpu at the moment. */
464 assert(cpu->as == as);
465
466 if (cpu->tcg_as_listener) {
467 memory_listener_unregister(cpu->tcg_as_listener);
468 } else {
469 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
470 }
471 cpu->tcg_as_listener->commit = tcg_commit;
472 memory_listener_register(cpu->tcg_as_listener, as);
473 }
474 #endif
475
476 void cpu_exec_init(CPUArchState *env)
477 {
478 CPUState *cpu = ENV_GET_CPU(env);
479 CPUClass *cc = CPU_GET_CLASS(cpu);
480 CPUState *some_cpu;
481 int cpu_index;
482
483 #ifdef TARGET_WORDS_BIGENDIAN
484 cpu->bigendian = true;
485 #else
486 cpu->bigendian = false;
487 #endif
488
489 #if defined(CONFIG_USER_ONLY)
490 cpu_list_lock();
491 #endif
492 cpu_index = 0;
493 CPU_FOREACH(some_cpu) {
494 cpu_index++;
495 }
496 cpu->cpu_index = cpu_index;
497 cpu->numa_node = 0;
498 QTAILQ_INIT(&cpu->breakpoints);
499 QTAILQ_INIT(&cpu->watchpoints);
500 #ifndef CONFIG_USER_ONLY
501 cpu->as = &address_space_memory;
502 cpu->thread_id = qemu_get_thread_id();
503 #endif
504 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
505 #if defined(CONFIG_USER_ONLY)
506 cpu_list_unlock();
507 #endif
508 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
509 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
510 }
511 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
512 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
513 cpu_save, cpu_load, env);
514 assert(cc->vmsd == NULL);
515 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
516 #endif
517 if (cc->vmsd != NULL) {
518 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
519 }
520 }
521
522 #if defined(TARGET_HAS_ICE)
523 #if defined(CONFIG_USER_ONLY)
524 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
525 {
526 tb_invalidate_phys_page_range(pc, pc + 1, 0);
527 }
528 #else
529 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
530 {
531 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
532 if (phys != -1) {
533 tb_invalidate_phys_addr(cpu->as,
534 phys | (pc & ~TARGET_PAGE_MASK));
535 }
536 }
537 #endif
538 #endif /* TARGET_HAS_ICE */
539
540 #if defined(CONFIG_USER_ONLY)
541 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
542
543 {
544 }
545
546 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
547 int flags, CPUWatchpoint **watchpoint)
548 {
549 return -ENOSYS;
550 }
551 #else
552 /* Add a watchpoint. */
553 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
554 int flags, CPUWatchpoint **watchpoint)
555 {
556 vaddr len_mask = ~(len - 1);
557 CPUWatchpoint *wp;
558
559 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
560 if ((len & (len - 1)) || (addr & ~len_mask) ||
561 len == 0 || len > TARGET_PAGE_SIZE) {
562 error_report("tried to set invalid watchpoint at %"
563 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
564 return -EINVAL;
565 }
566 wp = g_malloc(sizeof(*wp));
567
568 wp->vaddr = addr;
569 wp->len_mask = len_mask;
570 wp->flags = flags;
571
572 /* keep all GDB-injected watchpoints in front */
573 if (flags & BP_GDB) {
574 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
575 } else {
576 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
577 }
578
579 tlb_flush_page(cpu, addr);
580
581 if (watchpoint)
582 *watchpoint = wp;
583 return 0;
584 }
585
586 /* Remove a specific watchpoint. */
587 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
588 int flags)
589 {
590 vaddr len_mask = ~(len - 1);
591 CPUWatchpoint *wp;
592
593 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
594 if (addr == wp->vaddr && len_mask == wp->len_mask
595 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
596 cpu_watchpoint_remove_by_ref(cpu, wp);
597 return 0;
598 }
599 }
600 return -ENOENT;
601 }
602
603 /* Remove a specific watchpoint by reference. */
604 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
605 {
606 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
607
608 tlb_flush_page(cpu, watchpoint->vaddr);
609
610 g_free(watchpoint);
611 }
612
613 /* Remove all matching watchpoints. */
614 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
615 {
616 CPUWatchpoint *wp, *next;
617
618 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
619 if (wp->flags & mask) {
620 cpu_watchpoint_remove_by_ref(cpu, wp);
621 }
622 }
623 }
624 #endif
625
626 /* Add a breakpoint. */
627 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
628 CPUBreakpoint **breakpoint)
629 {
630 #if defined(TARGET_HAS_ICE)
631 CPUBreakpoint *bp;
632
633 bp = g_malloc(sizeof(*bp));
634
635 bp->pc = pc;
636 bp->flags = flags;
637
638 /* keep all GDB-injected breakpoints in front */
639 if (flags & BP_GDB) {
640 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
641 } else {
642 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
643 }
644
645 breakpoint_invalidate(cpu, pc);
646
647 if (breakpoint) {
648 *breakpoint = bp;
649 }
650 return 0;
651 #else
652 return -ENOSYS;
653 #endif
654 }
655
656 /* Remove a specific breakpoint. */
657 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
658 {
659 #if defined(TARGET_HAS_ICE)
660 CPUBreakpoint *bp;
661
662 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
663 if (bp->pc == pc && bp->flags == flags) {
664 cpu_breakpoint_remove_by_ref(cpu, bp);
665 return 0;
666 }
667 }
668 return -ENOENT;
669 #else
670 return -ENOSYS;
671 #endif
672 }
673
674 /* Remove a specific breakpoint by reference. */
675 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
676 {
677 #if defined(TARGET_HAS_ICE)
678 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
679
680 breakpoint_invalidate(cpu, breakpoint->pc);
681
682 g_free(breakpoint);
683 #endif
684 }
685
686 /* Remove all matching breakpoints. */
687 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
688 {
689 #if defined(TARGET_HAS_ICE)
690 CPUBreakpoint *bp, *next;
691
692 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
693 if (bp->flags & mask) {
694 cpu_breakpoint_remove_by_ref(cpu, bp);
695 }
696 }
697 #endif
698 }
699
700 /* enable or disable single step mode. EXCP_DEBUG is returned by the
701 CPU loop after each instruction */
702 void cpu_single_step(CPUState *cpu, int enabled)
703 {
704 #if defined(TARGET_HAS_ICE)
705 if (cpu->singlestep_enabled != enabled) {
706 cpu->singlestep_enabled = enabled;
707 if (kvm_enabled()) {
708 kvm_update_guest_debug(cpu, 0);
709 } else {
710 /* must flush all the translated code to avoid inconsistencies */
711 /* XXX: only flush what is necessary */
712 CPUArchState *env = cpu->env_ptr;
713 tb_flush(env);
714 }
715 }
716 #endif
717 }
718
719 void QEMU_NORETURN cpu_abort(CPUState *cpu, const char *fmt, ...)
720 {
721 va_list ap;
722 va_list ap2;
723
724 va_start(ap, fmt);
725 va_copy(ap2, ap);
726 fprintf(stderr, "qemu: fatal: ");
727 vfprintf(stderr, fmt, ap);
728 fprintf(stderr, "\n");
729 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
730 if (qemu_log_enabled()) {
731 qemu_log("qemu: fatal: ");
732 qemu_log_vprintf(fmt, ap2);
733 qemu_log("\n");
734 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
735 qemu_log_flush();
736 qemu_log_close();
737 }
738 va_end(ap2);
739 va_end(ap);
740 #if defined(CONFIG_USER_ONLY)
741 {
742 struct sigaction act;
743 sigfillset(&act.sa_mask);
744 act.sa_handler = SIG_DFL;
745 sigaction(SIGABRT, &act, NULL);
746 }
747 #endif
748 abort();
749 }
750
751 #if !defined(CONFIG_USER_ONLY)
752 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
753 {
754 RAMBlock *block;
755
756 /* The list is protected by the iothread lock here. */
757 block = ram_list.mru_block;
758 if (block && addr - block->offset < block->length) {
759 goto found;
760 }
761 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
762 if (addr - block->offset < block->length) {
763 goto found;
764 }
765 }
766
767 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
768 abort();
769
770 found:
771 ram_list.mru_block = block;
772 return block;
773 }
774
775 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
776 {
777 ram_addr_t start1;
778 RAMBlock *block;
779 ram_addr_t end;
780
781 end = TARGET_PAGE_ALIGN(start + length);
782 start &= TARGET_PAGE_MASK;
783
784 block = qemu_get_ram_block(start);
785 assert(block == qemu_get_ram_block(end - 1));
786 start1 = (uintptr_t)block->host + (start - block->offset);
787 cpu_tlb_reset_dirty_all(start1, length);
788 }
789
790 /* Note: start and end must be within the same ram block. */
791 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t length,
792 unsigned client)
793 {
794 if (length == 0)
795 return;
796 cpu_physical_memory_clear_dirty_range(start, length, client);
797
798 if (tcg_enabled()) {
799 tlb_reset_dirty_range_all(start, length);
800 }
801 }
802
803 static void cpu_physical_memory_set_dirty_tracking(bool enable)
804 {
805 in_migration = enable;
806 }
807
808 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
809 MemoryRegionSection *section,
810 target_ulong vaddr,
811 hwaddr paddr, hwaddr xlat,
812 int prot,
813 target_ulong *address)
814 {
815 hwaddr iotlb;
816 CPUWatchpoint *wp;
817
818 if (memory_region_is_ram(section->mr)) {
819 /* Normal RAM. */
820 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
821 + xlat;
822 if (!section->readonly) {
823 iotlb |= PHYS_SECTION_NOTDIRTY;
824 } else {
825 iotlb |= PHYS_SECTION_ROM;
826 }
827 } else {
828 iotlb = section - section->address_space->dispatch->map.sections;
829 iotlb += xlat;
830 }
831
832 /* Make accesses to pages with watchpoints go via the
833 watchpoint trap routines. */
834 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
835 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
836 /* Avoid trapping reads of pages with a write breakpoint. */
837 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
838 iotlb = PHYS_SECTION_WATCH + paddr;
839 *address |= TLB_MMIO;
840 break;
841 }
842 }
843 }
844
845 return iotlb;
846 }
847 #endif /* defined(CONFIG_USER_ONLY) */
848
849 #if !defined(CONFIG_USER_ONLY)
850
851 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
852 uint16_t section);
853 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
854
855 static void *(*phys_mem_alloc)(size_t size) = qemu_anon_ram_alloc;
856
857 /*
858 * Set a custom physical guest memory alloator.
859 * Accelerators with unusual needs may need this. Hopefully, we can
860 * get rid of it eventually.
861 */
862 void phys_mem_set_alloc(void *(*alloc)(size_t))
863 {
864 phys_mem_alloc = alloc;
865 }
866
867 static uint16_t phys_section_add(PhysPageMap *map,
868 MemoryRegionSection *section)
869 {
870 /* The physical section number is ORed with a page-aligned
871 * pointer to produce the iotlb entries. Thus it should
872 * never overflow into the page-aligned value.
873 */
874 assert(map->sections_nb < TARGET_PAGE_SIZE);
875
876 if (map->sections_nb == map->sections_nb_alloc) {
877 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
878 map->sections = g_renew(MemoryRegionSection, map->sections,
879 map->sections_nb_alloc);
880 }
881 map->sections[map->sections_nb] = *section;
882 memory_region_ref(section->mr);
883 return map->sections_nb++;
884 }
885
886 static void phys_section_destroy(MemoryRegion *mr)
887 {
888 memory_region_unref(mr);
889
890 if (mr->subpage) {
891 subpage_t *subpage = container_of(mr, subpage_t, iomem);
892 object_unref(OBJECT(&subpage->iomem));
893 g_free(subpage);
894 }
895 }
896
897 static void phys_sections_free(PhysPageMap *map)
898 {
899 while (map->sections_nb > 0) {
900 MemoryRegionSection *section = &map->sections[--map->sections_nb];
901 phys_section_destroy(section->mr);
902 }
903 g_free(map->sections);
904 g_free(map->nodes);
905 }
906
907 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
908 {
909 subpage_t *subpage;
910 hwaddr base = section->offset_within_address_space
911 & TARGET_PAGE_MASK;
912 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
913 d->map.nodes, d->map.sections);
914 MemoryRegionSection subsection = {
915 .offset_within_address_space = base,
916 .size = int128_make64(TARGET_PAGE_SIZE),
917 };
918 hwaddr start, end;
919
920 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
921
922 if (!(existing->mr->subpage)) {
923 subpage = subpage_init(d->as, base);
924 subsection.address_space = d->as;
925 subsection.mr = &subpage->iomem;
926 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
927 phys_section_add(&d->map, &subsection));
928 } else {
929 subpage = container_of(existing->mr, subpage_t, iomem);
930 }
931 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
932 end = start + int128_get64(section->size) - 1;
933 subpage_register(subpage, start, end,
934 phys_section_add(&d->map, section));
935 }
936
937
938 static void register_multipage(AddressSpaceDispatch *d,
939 MemoryRegionSection *section)
940 {
941 hwaddr start_addr = section->offset_within_address_space;
942 uint16_t section_index = phys_section_add(&d->map, section);
943 uint64_t num_pages = int128_get64(int128_rshift(section->size,
944 TARGET_PAGE_BITS));
945
946 assert(num_pages);
947 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
948 }
949
950 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
951 {
952 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
953 AddressSpaceDispatch *d = as->next_dispatch;
954 MemoryRegionSection now = *section, remain = *section;
955 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
956
957 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
958 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
959 - now.offset_within_address_space;
960
961 now.size = int128_min(int128_make64(left), now.size);
962 register_subpage(d, &now);
963 } else {
964 now.size = int128_zero();
965 }
966 while (int128_ne(remain.size, now.size)) {
967 remain.size = int128_sub(remain.size, now.size);
968 remain.offset_within_address_space += int128_get64(now.size);
969 remain.offset_within_region += int128_get64(now.size);
970 now = remain;
971 if (int128_lt(remain.size, page_size)) {
972 register_subpage(d, &now);
973 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
974 now.size = page_size;
975 register_subpage(d, &now);
976 } else {
977 now.size = int128_and(now.size, int128_neg(page_size));
978 register_multipage(d, &now);
979 }
980 }
981 }
982
983 void qemu_flush_coalesced_mmio_buffer(void)
984 {
985 if (kvm_enabled())
986 kvm_flush_coalesced_mmio_buffer();
987 }
988
989 void qemu_mutex_lock_ramlist(void)
990 {
991 qemu_mutex_lock(&ram_list.mutex);
992 }
993
994 void qemu_mutex_unlock_ramlist(void)
995 {
996 qemu_mutex_unlock(&ram_list.mutex);
997 }
998
999 #ifdef __linux__
1000
1001 #include <sys/vfs.h>
1002
1003 #define HUGETLBFS_MAGIC 0x958458f6
1004
1005 static long gethugepagesize(const char *path)
1006 {
1007 struct statfs fs;
1008 int ret;
1009
1010 do {
1011 ret = statfs(path, &fs);
1012 } while (ret != 0 && errno == EINTR);
1013
1014 if (ret != 0) {
1015 perror(path);
1016 return 0;
1017 }
1018
1019 if (fs.f_type != HUGETLBFS_MAGIC)
1020 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1021
1022 return fs.f_bsize;
1023 }
1024
1025 static void *file_ram_alloc(RAMBlock *block,
1026 ram_addr_t memory,
1027 const char *path,
1028 Error **errp)
1029 {
1030 char *filename;
1031 char *sanitized_name;
1032 char *c;
1033 void * volatile area;
1034 int fd;
1035 uintptr_t hpagesize;
1036
1037 hpagesize = gethugepagesize(path);
1038 if (!hpagesize) {
1039 goto error;
1040 }
1041
1042 if (memory < hpagesize) {
1043 return NULL;
1044 }
1045
1046 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1047 error_setg(errp,
1048 "host lacks kvm mmu notifiers, -mem-path unsupported");
1049 goto error;
1050 }
1051
1052 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1053 sanitized_name = g_strdup(block->mr->name);
1054 for (c = sanitized_name; *c != '\0'; c++) {
1055 if (*c == '/')
1056 *c = '_';
1057 }
1058
1059 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1060 sanitized_name);
1061 g_free(sanitized_name);
1062
1063 fd = mkstemp(filename);
1064 if (fd < 0) {
1065 error_setg_errno(errp, errno,
1066 "unable to create backing store for hugepages");
1067 g_free(filename);
1068 goto error;
1069 }
1070 unlink(filename);
1071 g_free(filename);
1072
1073 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1074
1075 /*
1076 * ftruncate is not supported by hugetlbfs in older
1077 * hosts, so don't bother bailing out on errors.
1078 * If anything goes wrong with it under other filesystems,
1079 * mmap will fail.
1080 */
1081 if (ftruncate(fd, memory)) {
1082 perror("ftruncate");
1083 }
1084
1085 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1086 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1087 fd, 0);
1088 if (area == MAP_FAILED) {
1089 error_setg_errno(errp, errno,
1090 "unable to map backing store for hugepages");
1091 close(fd);
1092 goto error;
1093 }
1094
1095 if (mem_prealloc) {
1096 os_mem_prealloc(fd, area, memory);
1097 }
1098
1099 block->fd = fd;
1100 return area;
1101
1102 error:
1103 if (mem_prealloc) {
1104 exit(1);
1105 }
1106 return NULL;
1107 }
1108 #endif
1109
1110 static ram_addr_t find_ram_offset(ram_addr_t size)
1111 {
1112 RAMBlock *block, *next_block;
1113 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1114
1115 assert(size != 0); /* it would hand out same offset multiple times */
1116
1117 if (QTAILQ_EMPTY(&ram_list.blocks))
1118 return 0;
1119
1120 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1121 ram_addr_t end, next = RAM_ADDR_MAX;
1122
1123 end = block->offset + block->length;
1124
1125 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1126 if (next_block->offset >= end) {
1127 next = MIN(next, next_block->offset);
1128 }
1129 }
1130 if (next - end >= size && next - end < mingap) {
1131 offset = end;
1132 mingap = next - end;
1133 }
1134 }
1135
1136 if (offset == RAM_ADDR_MAX) {
1137 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1138 (uint64_t)size);
1139 abort();
1140 }
1141
1142 return offset;
1143 }
1144
1145 ram_addr_t last_ram_offset(void)
1146 {
1147 RAMBlock *block;
1148 ram_addr_t last = 0;
1149
1150 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1151 last = MAX(last, block->offset + block->length);
1152
1153 return last;
1154 }
1155
1156 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1157 {
1158 int ret;
1159
1160 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1161 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1162 "dump-guest-core", true)) {
1163 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1164 if (ret) {
1165 perror("qemu_madvise");
1166 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1167 "but dump_guest_core=off specified\n");
1168 }
1169 }
1170 }
1171
1172 static RAMBlock *find_ram_block(ram_addr_t addr)
1173 {
1174 RAMBlock *block;
1175
1176 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1177 if (block->offset == addr) {
1178 return block;
1179 }
1180 }
1181
1182 return NULL;
1183 }
1184
1185 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1186 {
1187 RAMBlock *new_block = find_ram_block(addr);
1188 RAMBlock *block;
1189
1190 assert(new_block);
1191 assert(!new_block->idstr[0]);
1192
1193 if (dev) {
1194 char *id = qdev_get_dev_path(dev);
1195 if (id) {
1196 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1197 g_free(id);
1198 }
1199 }
1200 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1201
1202 /* This assumes the iothread lock is taken here too. */
1203 qemu_mutex_lock_ramlist();
1204 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1205 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1206 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1207 new_block->idstr);
1208 abort();
1209 }
1210 }
1211 qemu_mutex_unlock_ramlist();
1212 }
1213
1214 void qemu_ram_unset_idstr(ram_addr_t addr)
1215 {
1216 RAMBlock *block = find_ram_block(addr);
1217
1218 if (block) {
1219 memset(block->idstr, 0, sizeof(block->idstr));
1220 }
1221 }
1222
1223 static int memory_try_enable_merging(void *addr, size_t len)
1224 {
1225 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
1226 /* disabled by the user */
1227 return 0;
1228 }
1229
1230 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1231 }
1232
1233 static ram_addr_t ram_block_add(RAMBlock *new_block)
1234 {
1235 RAMBlock *block;
1236 ram_addr_t old_ram_size, new_ram_size;
1237
1238 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1239
1240 /* This assumes the iothread lock is taken here too. */
1241 qemu_mutex_lock_ramlist();
1242 new_block->offset = find_ram_offset(new_block->length);
1243
1244 if (!new_block->host) {
1245 if (xen_enabled()) {
1246 xen_ram_alloc(new_block->offset, new_block->length, new_block->mr);
1247 } else {
1248 new_block->host = phys_mem_alloc(new_block->length);
1249 if (!new_block->host) {
1250 fprintf(stderr, "Cannot set up guest memory '%s': %s\n",
1251 new_block->mr->name, strerror(errno));
1252 exit(1);
1253 }
1254 memory_try_enable_merging(new_block->host, new_block->length);
1255 }
1256 }
1257
1258 /* Keep the list sorted from biggest to smallest block. */
1259 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1260 if (block->length < new_block->length) {
1261 break;
1262 }
1263 }
1264 if (block) {
1265 QTAILQ_INSERT_BEFORE(block, new_block, next);
1266 } else {
1267 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1268 }
1269 ram_list.mru_block = NULL;
1270
1271 ram_list.version++;
1272 qemu_mutex_unlock_ramlist();
1273
1274 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1275
1276 if (new_ram_size > old_ram_size) {
1277 int i;
1278 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1279 ram_list.dirty_memory[i] =
1280 bitmap_zero_extend(ram_list.dirty_memory[i],
1281 old_ram_size, new_ram_size);
1282 }
1283 }
1284 cpu_physical_memory_set_dirty_range(new_block->offset, new_block->length);
1285
1286 qemu_ram_setup_dump(new_block->host, new_block->length);
1287 qemu_madvise(new_block->host, new_block->length, QEMU_MADV_HUGEPAGE);
1288 qemu_madvise(new_block->host, new_block->length, QEMU_MADV_DONTFORK);
1289
1290 if (kvm_enabled()) {
1291 kvm_setup_guest_memory(new_block->host, new_block->length);
1292 }
1293
1294 return new_block->offset;
1295 }
1296
1297 #ifdef __linux__
1298 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1299 bool share, const char *mem_path,
1300 Error **errp)
1301 {
1302 RAMBlock *new_block;
1303
1304 if (xen_enabled()) {
1305 error_setg(errp, "-mem-path not supported with Xen");
1306 return -1;
1307 }
1308
1309 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1310 /*
1311 * file_ram_alloc() needs to allocate just like
1312 * phys_mem_alloc, but we haven't bothered to provide
1313 * a hook there.
1314 */
1315 error_setg(errp,
1316 "-mem-path not supported with this accelerator");
1317 return -1;
1318 }
1319
1320 size = TARGET_PAGE_ALIGN(size);
1321 new_block = g_malloc0(sizeof(*new_block));
1322 new_block->mr = mr;
1323 new_block->length = size;
1324 new_block->flags = share ? RAM_SHARED : 0;
1325 new_block->host = file_ram_alloc(new_block, size,
1326 mem_path, errp);
1327 if (!new_block->host) {
1328 g_free(new_block);
1329 return -1;
1330 }
1331
1332 return ram_block_add(new_block);
1333 }
1334 #endif
1335
1336 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1337 MemoryRegion *mr)
1338 {
1339 RAMBlock *new_block;
1340
1341 size = TARGET_PAGE_ALIGN(size);
1342 new_block = g_malloc0(sizeof(*new_block));
1343 new_block->mr = mr;
1344 new_block->length = size;
1345 new_block->fd = -1;
1346 new_block->host = host;
1347 if (host) {
1348 new_block->flags |= RAM_PREALLOC;
1349 }
1350 return ram_block_add(new_block);
1351 }
1352
1353 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1354 {
1355 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1356 }
1357
1358 void qemu_ram_free_from_ptr(ram_addr_t addr)
1359 {
1360 RAMBlock *block;
1361
1362 /* This assumes the iothread lock is taken here too. */
1363 qemu_mutex_lock_ramlist();
1364 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1365 if (addr == block->offset) {
1366 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1367 ram_list.mru_block = NULL;
1368 ram_list.version++;
1369 g_free(block);
1370 break;
1371 }
1372 }
1373 qemu_mutex_unlock_ramlist();
1374 }
1375
1376 void qemu_ram_free(ram_addr_t addr)
1377 {
1378 RAMBlock *block;
1379
1380 /* This assumes the iothread lock is taken here too. */
1381 qemu_mutex_lock_ramlist();
1382 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1383 if (addr == block->offset) {
1384 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1385 ram_list.mru_block = NULL;
1386 ram_list.version++;
1387 if (block->flags & RAM_PREALLOC) {
1388 ;
1389 } else if (xen_enabled()) {
1390 xen_invalidate_map_cache_entry(block->host);
1391 #ifndef _WIN32
1392 } else if (block->fd >= 0) {
1393 munmap(block->host, block->length);
1394 close(block->fd);
1395 #endif
1396 } else {
1397 qemu_anon_ram_free(block->host, block->length);
1398 }
1399 g_free(block);
1400 break;
1401 }
1402 }
1403 qemu_mutex_unlock_ramlist();
1404
1405 }
1406
1407 #ifndef _WIN32
1408 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1409 {
1410 RAMBlock *block;
1411 ram_addr_t offset;
1412 int flags;
1413 void *area, *vaddr;
1414
1415 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1416 offset = addr - block->offset;
1417 if (offset < block->length) {
1418 vaddr = block->host + offset;
1419 if (block->flags & RAM_PREALLOC) {
1420 ;
1421 } else if (xen_enabled()) {
1422 abort();
1423 } else {
1424 flags = MAP_FIXED;
1425 munmap(vaddr, length);
1426 if (block->fd >= 0) {
1427 flags |= (block->flags & RAM_SHARED ?
1428 MAP_SHARED : MAP_PRIVATE);
1429 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1430 flags, block->fd, offset);
1431 } else {
1432 /*
1433 * Remap needs to match alloc. Accelerators that
1434 * set phys_mem_alloc never remap. If they did,
1435 * we'd need a remap hook here.
1436 */
1437 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1438
1439 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1440 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1441 flags, -1, 0);
1442 }
1443 if (area != vaddr) {
1444 fprintf(stderr, "Could not remap addr: "
1445 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1446 length, addr);
1447 exit(1);
1448 }
1449 memory_try_enable_merging(vaddr, length);
1450 qemu_ram_setup_dump(vaddr, length);
1451 }
1452 return;
1453 }
1454 }
1455 }
1456 #endif /* !_WIN32 */
1457
1458 int qemu_get_ram_fd(ram_addr_t addr)
1459 {
1460 RAMBlock *block = qemu_get_ram_block(addr);
1461
1462 return block->fd;
1463 }
1464
1465 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1466 {
1467 RAMBlock *block = qemu_get_ram_block(addr);
1468
1469 return block->host;
1470 }
1471
1472 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1473 With the exception of the softmmu code in this file, this should
1474 only be used for local memory (e.g. video ram) that the device owns,
1475 and knows it isn't going to access beyond the end of the block.
1476
1477 It should not be used for general purpose DMA.
1478 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1479 */
1480 void *qemu_get_ram_ptr(ram_addr_t addr)
1481 {
1482 RAMBlock *block = qemu_get_ram_block(addr);
1483
1484 if (xen_enabled()) {
1485 /* We need to check if the requested address is in the RAM
1486 * because we don't want to map the entire memory in QEMU.
1487 * In that case just map until the end of the page.
1488 */
1489 if (block->offset == 0) {
1490 return xen_map_cache(addr, 0, 0);
1491 } else if (block->host == NULL) {
1492 block->host =
1493 xen_map_cache(block->offset, block->length, 1);
1494 }
1495 }
1496 return block->host + (addr - block->offset);
1497 }
1498
1499 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1500 * but takes a size argument */
1501 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1502 {
1503 if (*size == 0) {
1504 return NULL;
1505 }
1506 if (xen_enabled()) {
1507 return xen_map_cache(addr, *size, 1);
1508 } else {
1509 RAMBlock *block;
1510
1511 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1512 if (addr - block->offset < block->length) {
1513 if (addr - block->offset + *size > block->length)
1514 *size = block->length - addr + block->offset;
1515 return block->host + (addr - block->offset);
1516 }
1517 }
1518
1519 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1520 abort();
1521 }
1522 }
1523
1524 /* Some of the softmmu routines need to translate from a host pointer
1525 (typically a TLB entry) back to a ram offset. */
1526 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1527 {
1528 RAMBlock *block;
1529 uint8_t *host = ptr;
1530
1531 if (xen_enabled()) {
1532 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1533 return qemu_get_ram_block(*ram_addr)->mr;
1534 }
1535
1536 block = ram_list.mru_block;
1537 if (block && block->host && host - block->host < block->length) {
1538 goto found;
1539 }
1540
1541 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1542 /* This case append when the block is not mapped. */
1543 if (block->host == NULL) {
1544 continue;
1545 }
1546 if (host - block->host < block->length) {
1547 goto found;
1548 }
1549 }
1550
1551 return NULL;
1552
1553 found:
1554 *ram_addr = block->offset + (host - block->host);
1555 return block->mr;
1556 }
1557
1558 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1559 uint64_t val, unsigned size)
1560 {
1561 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1562 tb_invalidate_phys_page_fast(ram_addr, size);
1563 }
1564 switch (size) {
1565 case 1:
1566 stb_p(qemu_get_ram_ptr(ram_addr), val);
1567 break;
1568 case 2:
1569 stw_p(qemu_get_ram_ptr(ram_addr), val);
1570 break;
1571 case 4:
1572 stl_p(qemu_get_ram_ptr(ram_addr), val);
1573 break;
1574 default:
1575 abort();
1576 }
1577 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_MIGRATION);
1578 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_VGA);
1579 /* we remove the notdirty callback only if the code has been
1580 flushed */
1581 if (!cpu_physical_memory_is_clean(ram_addr)) {
1582 CPUArchState *env = current_cpu->env_ptr;
1583 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1584 }
1585 }
1586
1587 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1588 unsigned size, bool is_write)
1589 {
1590 return is_write;
1591 }
1592
1593 static const MemoryRegionOps notdirty_mem_ops = {
1594 .write = notdirty_mem_write,
1595 .valid.accepts = notdirty_mem_accepts,
1596 .endianness = DEVICE_NATIVE_ENDIAN,
1597 };
1598
1599 /* Generate a debug exception if a watchpoint has been hit. */
1600 static void check_watchpoint(int offset, int len_mask, int flags)
1601 {
1602 CPUState *cpu = current_cpu;
1603 CPUArchState *env = cpu->env_ptr;
1604 target_ulong pc, cs_base;
1605 target_ulong vaddr;
1606 CPUWatchpoint *wp;
1607 int cpu_flags;
1608
1609 if (cpu->watchpoint_hit) {
1610 /* We re-entered the check after replacing the TB. Now raise
1611 * the debug interrupt so that is will trigger after the
1612 * current instruction. */
1613 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1614 return;
1615 }
1616 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1617 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1618 if ((vaddr == (wp->vaddr & len_mask) ||
1619 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1620 wp->flags |= BP_WATCHPOINT_HIT;
1621 if (!cpu->watchpoint_hit) {
1622 cpu->watchpoint_hit = wp;
1623 tb_check_watchpoint(cpu);
1624 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1625 cpu->exception_index = EXCP_DEBUG;
1626 cpu_loop_exit(cpu);
1627 } else {
1628 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1629 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1630 cpu_resume_from_signal(cpu, NULL);
1631 }
1632 }
1633 } else {
1634 wp->flags &= ~BP_WATCHPOINT_HIT;
1635 }
1636 }
1637 }
1638
1639 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1640 so these check for a hit then pass through to the normal out-of-line
1641 phys routines. */
1642 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1643 unsigned size)
1644 {
1645 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1646 switch (size) {
1647 case 1: return ldub_phys(&address_space_memory, addr);
1648 case 2: return lduw_phys(&address_space_memory, addr);
1649 case 4: return ldl_phys(&address_space_memory, addr);
1650 default: abort();
1651 }
1652 }
1653
1654 static void watch_mem_write(void *opaque, hwaddr addr,
1655 uint64_t val, unsigned size)
1656 {
1657 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1658 switch (size) {
1659 case 1:
1660 stb_phys(&address_space_memory, addr, val);
1661 break;
1662 case 2:
1663 stw_phys(&address_space_memory, addr, val);
1664 break;
1665 case 4:
1666 stl_phys(&address_space_memory, addr, val);
1667 break;
1668 default: abort();
1669 }
1670 }
1671
1672 static const MemoryRegionOps watch_mem_ops = {
1673 .read = watch_mem_read,
1674 .write = watch_mem_write,
1675 .endianness = DEVICE_NATIVE_ENDIAN,
1676 };
1677
1678 static uint64_t subpage_read(void *opaque, hwaddr addr,
1679 unsigned len)
1680 {
1681 subpage_t *subpage = opaque;
1682 uint8_t buf[4];
1683
1684 #if defined(DEBUG_SUBPAGE)
1685 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1686 subpage, len, addr);
1687 #endif
1688 address_space_read(subpage->as, addr + subpage->base, buf, len);
1689 switch (len) {
1690 case 1:
1691 return ldub_p(buf);
1692 case 2:
1693 return lduw_p(buf);
1694 case 4:
1695 return ldl_p(buf);
1696 default:
1697 abort();
1698 }
1699 }
1700
1701 static void subpage_write(void *opaque, hwaddr addr,
1702 uint64_t value, unsigned len)
1703 {
1704 subpage_t *subpage = opaque;
1705 uint8_t buf[4];
1706
1707 #if defined(DEBUG_SUBPAGE)
1708 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1709 " value %"PRIx64"\n",
1710 __func__, subpage, len, addr, value);
1711 #endif
1712 switch (len) {
1713 case 1:
1714 stb_p(buf, value);
1715 break;
1716 case 2:
1717 stw_p(buf, value);
1718 break;
1719 case 4:
1720 stl_p(buf, value);
1721 break;
1722 default:
1723 abort();
1724 }
1725 address_space_write(subpage->as, addr + subpage->base, buf, len);
1726 }
1727
1728 static bool subpage_accepts(void *opaque, hwaddr addr,
1729 unsigned len, bool is_write)
1730 {
1731 subpage_t *subpage = opaque;
1732 #if defined(DEBUG_SUBPAGE)
1733 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
1734 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1735 #endif
1736
1737 return address_space_access_valid(subpage->as, addr + subpage->base,
1738 len, is_write);
1739 }
1740
1741 static const MemoryRegionOps subpage_ops = {
1742 .read = subpage_read,
1743 .write = subpage_write,
1744 .valid.accepts = subpage_accepts,
1745 .endianness = DEVICE_NATIVE_ENDIAN,
1746 };
1747
1748 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1749 uint16_t section)
1750 {
1751 int idx, eidx;
1752
1753 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1754 return -1;
1755 idx = SUBPAGE_IDX(start);
1756 eidx = SUBPAGE_IDX(end);
1757 #if defined(DEBUG_SUBPAGE)
1758 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
1759 __func__, mmio, start, end, idx, eidx, section);
1760 #endif
1761 for (; idx <= eidx; idx++) {
1762 mmio->sub_section[idx] = section;
1763 }
1764
1765 return 0;
1766 }
1767
1768 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1769 {
1770 subpage_t *mmio;
1771
1772 mmio = g_malloc0(sizeof(subpage_t));
1773
1774 mmio->as = as;
1775 mmio->base = base;
1776 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
1777 NULL, TARGET_PAGE_SIZE);
1778 mmio->iomem.subpage = true;
1779 #if defined(DEBUG_SUBPAGE)
1780 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
1781 mmio, base, TARGET_PAGE_SIZE);
1782 #endif
1783 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
1784
1785 return mmio;
1786 }
1787
1788 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
1789 MemoryRegion *mr)
1790 {
1791 assert(as);
1792 MemoryRegionSection section = {
1793 .address_space = as,
1794 .mr = mr,
1795 .offset_within_address_space = 0,
1796 .offset_within_region = 0,
1797 .size = int128_2_64(),
1798 };
1799
1800 return phys_section_add(map, &section);
1801 }
1802
1803 MemoryRegion *iotlb_to_region(AddressSpace *as, hwaddr index)
1804 {
1805 return as->dispatch->map.sections[index & ~TARGET_PAGE_MASK].mr;
1806 }
1807
1808 static void io_mem_init(void)
1809 {
1810 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
1811 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1812 NULL, UINT64_MAX);
1813 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1814 NULL, UINT64_MAX);
1815 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1816 NULL, UINT64_MAX);
1817 }
1818
1819 static void mem_begin(MemoryListener *listener)
1820 {
1821 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1822 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
1823 uint16_t n;
1824
1825 n = dummy_section(&d->map, as, &io_mem_unassigned);
1826 assert(n == PHYS_SECTION_UNASSIGNED);
1827 n = dummy_section(&d->map, as, &io_mem_notdirty);
1828 assert(n == PHYS_SECTION_NOTDIRTY);
1829 n = dummy_section(&d->map, as, &io_mem_rom);
1830 assert(n == PHYS_SECTION_ROM);
1831 n = dummy_section(&d->map, as, &io_mem_watch);
1832 assert(n == PHYS_SECTION_WATCH);
1833
1834 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
1835 d->as = as;
1836 as->next_dispatch = d;
1837 }
1838
1839 static void mem_commit(MemoryListener *listener)
1840 {
1841 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1842 AddressSpaceDispatch *cur = as->dispatch;
1843 AddressSpaceDispatch *next = as->next_dispatch;
1844
1845 phys_page_compact_all(next, next->map.nodes_nb);
1846
1847 as->dispatch = next;
1848
1849 if (cur) {
1850 phys_sections_free(&cur->map);
1851 g_free(cur);
1852 }
1853 }
1854
1855 static void tcg_commit(MemoryListener *listener)
1856 {
1857 CPUState *cpu;
1858
1859 /* since each CPU stores ram addresses in its TLB cache, we must
1860 reset the modified entries */
1861 /* XXX: slow ! */
1862 CPU_FOREACH(cpu) {
1863 /* FIXME: Disentangle the cpu.h circular files deps so we can
1864 directly get the right CPU from listener. */
1865 if (cpu->tcg_as_listener != listener) {
1866 continue;
1867 }
1868 tlb_flush(cpu, 1);
1869 }
1870 }
1871
1872 static void core_log_global_start(MemoryListener *listener)
1873 {
1874 cpu_physical_memory_set_dirty_tracking(true);
1875 }
1876
1877 static void core_log_global_stop(MemoryListener *listener)
1878 {
1879 cpu_physical_memory_set_dirty_tracking(false);
1880 }
1881
1882 static MemoryListener core_memory_listener = {
1883 .log_global_start = core_log_global_start,
1884 .log_global_stop = core_log_global_stop,
1885 .priority = 1,
1886 };
1887
1888 void address_space_init_dispatch(AddressSpace *as)
1889 {
1890 as->dispatch = NULL;
1891 as->dispatch_listener = (MemoryListener) {
1892 .begin = mem_begin,
1893 .commit = mem_commit,
1894 .region_add = mem_add,
1895 .region_nop = mem_add,
1896 .priority = 0,
1897 };
1898 memory_listener_register(&as->dispatch_listener, as);
1899 }
1900
1901 void address_space_destroy_dispatch(AddressSpace *as)
1902 {
1903 AddressSpaceDispatch *d = as->dispatch;
1904
1905 memory_listener_unregister(&as->dispatch_listener);
1906 g_free(d);
1907 as->dispatch = NULL;
1908 }
1909
1910 static void memory_map_init(void)
1911 {
1912 system_memory = g_malloc(sizeof(*system_memory));
1913
1914 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
1915 address_space_init(&address_space_memory, system_memory, "memory");
1916
1917 system_io = g_malloc(sizeof(*system_io));
1918 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
1919 65536);
1920 address_space_init(&address_space_io, system_io, "I/O");
1921
1922 memory_listener_register(&core_memory_listener, &address_space_memory);
1923 }
1924
1925 MemoryRegion *get_system_memory(void)
1926 {
1927 return system_memory;
1928 }
1929
1930 MemoryRegion *get_system_io(void)
1931 {
1932 return system_io;
1933 }
1934
1935 #endif /* !defined(CONFIG_USER_ONLY) */
1936
1937 /* physical memory access (slow version, mainly for debug) */
1938 #if defined(CONFIG_USER_ONLY)
1939 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
1940 uint8_t *buf, int len, int is_write)
1941 {
1942 int l, flags;
1943 target_ulong page;
1944 void * p;
1945
1946 while (len > 0) {
1947 page = addr & TARGET_PAGE_MASK;
1948 l = (page + TARGET_PAGE_SIZE) - addr;
1949 if (l > len)
1950 l = len;
1951 flags = page_get_flags(page);
1952 if (!(flags & PAGE_VALID))
1953 return -1;
1954 if (is_write) {
1955 if (!(flags & PAGE_WRITE))
1956 return -1;
1957 /* XXX: this code should not depend on lock_user */
1958 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1959 return -1;
1960 memcpy(p, buf, l);
1961 unlock_user(p, addr, l);
1962 } else {
1963 if (!(flags & PAGE_READ))
1964 return -1;
1965 /* XXX: this code should not depend on lock_user */
1966 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1967 return -1;
1968 memcpy(buf, p, l);
1969 unlock_user(p, addr, 0);
1970 }
1971 len -= l;
1972 buf += l;
1973 addr += l;
1974 }
1975 return 0;
1976 }
1977
1978 #else
1979
1980 static void invalidate_and_set_dirty(hwaddr addr,
1981 hwaddr length)
1982 {
1983 if (cpu_physical_memory_is_clean(addr)) {
1984 /* invalidate code */
1985 tb_invalidate_phys_page_range(addr, addr + length, 0);
1986 /* set dirty bit */
1987 cpu_physical_memory_set_dirty_flag(addr, DIRTY_MEMORY_VGA);
1988 cpu_physical_memory_set_dirty_flag(addr, DIRTY_MEMORY_MIGRATION);
1989 }
1990 xen_modified_memory(addr, length);
1991 }
1992
1993 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
1994 {
1995 unsigned access_size_max = mr->ops->valid.max_access_size;
1996
1997 /* Regions are assumed to support 1-4 byte accesses unless
1998 otherwise specified. */
1999 if (access_size_max == 0) {
2000 access_size_max = 4;
2001 }
2002
2003 /* Bound the maximum access by the alignment of the address. */
2004 if (!mr->ops->impl.unaligned) {
2005 unsigned align_size_max = addr & -addr;
2006 if (align_size_max != 0 && align_size_max < access_size_max) {
2007 access_size_max = align_size_max;
2008 }
2009 }
2010
2011 /* Don't attempt accesses larger than the maximum. */
2012 if (l > access_size_max) {
2013 l = access_size_max;
2014 }
2015 if (l & (l - 1)) {
2016 l = 1 << (qemu_fls(l) - 1);
2017 }
2018
2019 return l;
2020 }
2021
2022 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
2023 int len, bool is_write)
2024 {
2025 hwaddr l;
2026 uint8_t *ptr;
2027 uint64_t val;
2028 hwaddr addr1;
2029 MemoryRegion *mr;
2030 bool error = false;
2031
2032 while (len > 0) {
2033 l = len;
2034 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2035
2036 if (is_write) {
2037 if (!memory_access_is_direct(mr, is_write)) {
2038 l = memory_access_size(mr, l, addr1);
2039 /* XXX: could force current_cpu to NULL to avoid
2040 potential bugs */
2041 switch (l) {
2042 case 8:
2043 /* 64 bit write access */
2044 val = ldq_p(buf);
2045 error |= io_mem_write(mr, addr1, val, 8);
2046 break;
2047 case 4:
2048 /* 32 bit write access */
2049 val = ldl_p(buf);
2050 error |= io_mem_write(mr, addr1, val, 4);
2051 break;
2052 case 2:
2053 /* 16 bit write access */
2054 val = lduw_p(buf);
2055 error |= io_mem_write(mr, addr1, val, 2);
2056 break;
2057 case 1:
2058 /* 8 bit write access */
2059 val = ldub_p(buf);
2060 error |= io_mem_write(mr, addr1, val, 1);
2061 break;
2062 default:
2063 abort();
2064 }
2065 } else {
2066 addr1 += memory_region_get_ram_addr(mr);
2067 /* RAM case */
2068 ptr = qemu_get_ram_ptr(addr1);
2069 memcpy(ptr, buf, l);
2070 invalidate_and_set_dirty(addr1, l);
2071 }
2072 } else {
2073 if (!memory_access_is_direct(mr, is_write)) {
2074 /* I/O case */
2075 l = memory_access_size(mr, l, addr1);
2076 switch (l) {
2077 case 8:
2078 /* 64 bit read access */
2079 error |= io_mem_read(mr, addr1, &val, 8);
2080 stq_p(buf, val);
2081 break;
2082 case 4:
2083 /* 32 bit read access */
2084 error |= io_mem_read(mr, addr1, &val, 4);
2085 stl_p(buf, val);
2086 break;
2087 case 2:
2088 /* 16 bit read access */
2089 error |= io_mem_read(mr, addr1, &val, 2);
2090 stw_p(buf, val);
2091 break;
2092 case 1:
2093 /* 8 bit read access */
2094 error |= io_mem_read(mr, addr1, &val, 1);
2095 stb_p(buf, val);
2096 break;
2097 default:
2098 abort();
2099 }
2100 } else {
2101 /* RAM case */
2102 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2103 memcpy(buf, ptr, l);
2104 }
2105 }
2106 len -= l;
2107 buf += l;
2108 addr += l;
2109 }
2110
2111 return error;
2112 }
2113
2114 bool address_space_write(AddressSpace *as, hwaddr addr,
2115 const uint8_t *buf, int len)
2116 {
2117 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
2118 }
2119
2120 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
2121 {
2122 return address_space_rw(as, addr, buf, len, false);
2123 }
2124
2125
2126 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2127 int len, int is_write)
2128 {
2129 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2130 }
2131
2132 enum write_rom_type {
2133 WRITE_DATA,
2134 FLUSH_CACHE,
2135 };
2136
2137 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2138 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2139 {
2140 hwaddr l;
2141 uint8_t *ptr;
2142 hwaddr addr1;
2143 MemoryRegion *mr;
2144
2145 while (len > 0) {
2146 l = len;
2147 mr = address_space_translate(as, addr, &addr1, &l, true);
2148
2149 if (!(memory_region_is_ram(mr) ||
2150 memory_region_is_romd(mr))) {
2151 /* do nothing */
2152 } else {
2153 addr1 += memory_region_get_ram_addr(mr);
2154 /* ROM/RAM case */
2155 ptr = qemu_get_ram_ptr(addr1);
2156 switch (type) {
2157 case WRITE_DATA:
2158 memcpy(ptr, buf, l);
2159 invalidate_and_set_dirty(addr1, l);
2160 break;
2161 case FLUSH_CACHE:
2162 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2163 break;
2164 }
2165 }
2166 len -= l;
2167 buf += l;
2168 addr += l;
2169 }
2170 }
2171
2172 /* used for ROM loading : can write in RAM and ROM */
2173 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2174 const uint8_t *buf, int len)
2175 {
2176 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2177 }
2178
2179 void cpu_flush_icache_range(hwaddr start, int len)
2180 {
2181 /*
2182 * This function should do the same thing as an icache flush that was
2183 * triggered from within the guest. For TCG we are always cache coherent,
2184 * so there is no need to flush anything. For KVM / Xen we need to flush
2185 * the host's instruction cache at least.
2186 */
2187 if (tcg_enabled()) {
2188 return;
2189 }
2190
2191 cpu_physical_memory_write_rom_internal(&address_space_memory,
2192 start, NULL, len, FLUSH_CACHE);
2193 }
2194
2195 typedef struct {
2196 MemoryRegion *mr;
2197 void *buffer;
2198 hwaddr addr;
2199 hwaddr len;
2200 } BounceBuffer;
2201
2202 static BounceBuffer bounce;
2203
2204 typedef struct MapClient {
2205 void *opaque;
2206 void (*callback)(void *opaque);
2207 QLIST_ENTRY(MapClient) link;
2208 } MapClient;
2209
2210 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2211 = QLIST_HEAD_INITIALIZER(map_client_list);
2212
2213 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2214 {
2215 MapClient *client = g_malloc(sizeof(*client));
2216
2217 client->opaque = opaque;
2218 client->callback = callback;
2219 QLIST_INSERT_HEAD(&map_client_list, client, link);
2220 return client;
2221 }
2222
2223 static void cpu_unregister_map_client(void *_client)
2224 {
2225 MapClient *client = (MapClient *)_client;
2226
2227 QLIST_REMOVE(client, link);
2228 g_free(client);
2229 }
2230
2231 static void cpu_notify_map_clients(void)
2232 {
2233 MapClient *client;
2234
2235 while (!QLIST_EMPTY(&map_client_list)) {
2236 client = QLIST_FIRST(&map_client_list);
2237 client->callback(client->opaque);
2238 cpu_unregister_map_client(client);
2239 }
2240 }
2241
2242 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2243 {
2244 MemoryRegion *mr;
2245 hwaddr l, xlat;
2246
2247 while (len > 0) {
2248 l = len;
2249 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2250 if (!memory_access_is_direct(mr, is_write)) {
2251 l = memory_access_size(mr, l, addr);
2252 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2253 return false;
2254 }
2255 }
2256
2257 len -= l;
2258 addr += l;
2259 }
2260 return true;
2261 }
2262
2263 /* Map a physical memory region into a host virtual address.
2264 * May map a subset of the requested range, given by and returned in *plen.
2265 * May return NULL if resources needed to perform the mapping are exhausted.
2266 * Use only for reads OR writes - not for read-modify-write operations.
2267 * Use cpu_register_map_client() to know when retrying the map operation is
2268 * likely to succeed.
2269 */
2270 void *address_space_map(AddressSpace *as,
2271 hwaddr addr,
2272 hwaddr *plen,
2273 bool is_write)
2274 {
2275 hwaddr len = *plen;
2276 hwaddr done = 0;
2277 hwaddr l, xlat, base;
2278 MemoryRegion *mr, *this_mr;
2279 ram_addr_t raddr;
2280
2281 if (len == 0) {
2282 return NULL;
2283 }
2284
2285 l = len;
2286 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2287 if (!memory_access_is_direct(mr, is_write)) {
2288 if (bounce.buffer) {
2289 return NULL;
2290 }
2291 /* Avoid unbounded allocations */
2292 l = MIN(l, TARGET_PAGE_SIZE);
2293 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2294 bounce.addr = addr;
2295 bounce.len = l;
2296
2297 memory_region_ref(mr);
2298 bounce.mr = mr;
2299 if (!is_write) {
2300 address_space_read(as, addr, bounce.buffer, l);
2301 }
2302
2303 *plen = l;
2304 return bounce.buffer;
2305 }
2306
2307 base = xlat;
2308 raddr = memory_region_get_ram_addr(mr);
2309
2310 for (;;) {
2311 len -= l;
2312 addr += l;
2313 done += l;
2314 if (len == 0) {
2315 break;
2316 }
2317
2318 l = len;
2319 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2320 if (this_mr != mr || xlat != base + done) {
2321 break;
2322 }
2323 }
2324
2325 memory_region_ref(mr);
2326 *plen = done;
2327 return qemu_ram_ptr_length(raddr + base, plen);
2328 }
2329
2330 /* Unmaps a memory region previously mapped by address_space_map().
2331 * Will also mark the memory as dirty if is_write == 1. access_len gives
2332 * the amount of memory that was actually read or written by the caller.
2333 */
2334 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2335 int is_write, hwaddr access_len)
2336 {
2337 if (buffer != bounce.buffer) {
2338 MemoryRegion *mr;
2339 ram_addr_t addr1;
2340
2341 mr = qemu_ram_addr_from_host(buffer, &addr1);
2342 assert(mr != NULL);
2343 if (is_write) {
2344 while (access_len) {
2345 unsigned l;
2346 l = TARGET_PAGE_SIZE;
2347 if (l > access_len)
2348 l = access_len;
2349 invalidate_and_set_dirty(addr1, l);
2350 addr1 += l;
2351 access_len -= l;
2352 }
2353 }
2354 if (xen_enabled()) {
2355 xen_invalidate_map_cache_entry(buffer);
2356 }
2357 memory_region_unref(mr);
2358 return;
2359 }
2360 if (is_write) {
2361 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2362 }
2363 qemu_vfree(bounce.buffer);
2364 bounce.buffer = NULL;
2365 memory_region_unref(bounce.mr);
2366 cpu_notify_map_clients();
2367 }
2368
2369 void *cpu_physical_memory_map(hwaddr addr,
2370 hwaddr *plen,
2371 int is_write)
2372 {
2373 return address_space_map(&address_space_memory, addr, plen, is_write);
2374 }
2375
2376 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2377 int is_write, hwaddr access_len)
2378 {
2379 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2380 }
2381
2382 /* warning: addr must be aligned */
2383 static inline uint32_t ldl_phys_internal(AddressSpace *as, hwaddr addr,
2384 enum device_endian endian)
2385 {
2386 uint8_t *ptr;
2387 uint64_t val;
2388 MemoryRegion *mr;
2389 hwaddr l = 4;
2390 hwaddr addr1;
2391
2392 mr = address_space_translate(as, addr, &addr1, &l, false);
2393 if (l < 4 || !memory_access_is_direct(mr, false)) {
2394 /* I/O case */
2395 io_mem_read(mr, addr1, &val, 4);
2396 #if defined(TARGET_WORDS_BIGENDIAN)
2397 if (endian == DEVICE_LITTLE_ENDIAN) {
2398 val = bswap32(val);
2399 }
2400 #else
2401 if (endian == DEVICE_BIG_ENDIAN) {
2402 val = bswap32(val);
2403 }
2404 #endif
2405 } else {
2406 /* RAM case */
2407 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2408 & TARGET_PAGE_MASK)
2409 + addr1);
2410 switch (endian) {
2411 case DEVICE_LITTLE_ENDIAN:
2412 val = ldl_le_p(ptr);
2413 break;
2414 case DEVICE_BIG_ENDIAN:
2415 val = ldl_be_p(ptr);
2416 break;
2417 default:
2418 val = ldl_p(ptr);
2419 break;
2420 }
2421 }
2422 return val;
2423 }
2424
2425 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2426 {
2427 return ldl_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2428 }
2429
2430 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2431 {
2432 return ldl_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2433 }
2434
2435 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2436 {
2437 return ldl_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2438 }
2439
2440 /* warning: addr must be aligned */
2441 static inline uint64_t ldq_phys_internal(AddressSpace *as, hwaddr addr,
2442 enum device_endian endian)
2443 {
2444 uint8_t *ptr;
2445 uint64_t val;
2446 MemoryRegion *mr;
2447 hwaddr l = 8;
2448 hwaddr addr1;
2449
2450 mr = address_space_translate(as, addr, &addr1, &l,
2451 false);
2452 if (l < 8 || !memory_access_is_direct(mr, false)) {
2453 /* I/O case */
2454 io_mem_read(mr, addr1, &val, 8);
2455 #if defined(TARGET_WORDS_BIGENDIAN)
2456 if (endian == DEVICE_LITTLE_ENDIAN) {
2457 val = bswap64(val);
2458 }
2459 #else
2460 if (endian == DEVICE_BIG_ENDIAN) {
2461 val = bswap64(val);
2462 }
2463 #endif
2464 } else {
2465 /* RAM case */
2466 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2467 & TARGET_PAGE_MASK)
2468 + addr1);
2469 switch (endian) {
2470 case DEVICE_LITTLE_ENDIAN:
2471 val = ldq_le_p(ptr);
2472 break;
2473 case DEVICE_BIG_ENDIAN:
2474 val = ldq_be_p(ptr);
2475 break;
2476 default:
2477 val = ldq_p(ptr);
2478 break;
2479 }
2480 }
2481 return val;
2482 }
2483
2484 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
2485 {
2486 return ldq_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2487 }
2488
2489 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
2490 {
2491 return ldq_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2492 }
2493
2494 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
2495 {
2496 return ldq_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2497 }
2498
2499 /* XXX: optimize */
2500 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
2501 {
2502 uint8_t val;
2503 address_space_rw(as, addr, &val, 1, 0);
2504 return val;
2505 }
2506
2507 /* warning: addr must be aligned */
2508 static inline uint32_t lduw_phys_internal(AddressSpace *as, hwaddr addr,
2509 enum device_endian endian)
2510 {
2511 uint8_t *ptr;
2512 uint64_t val;
2513 MemoryRegion *mr;
2514 hwaddr l = 2;
2515 hwaddr addr1;
2516
2517 mr = address_space_translate(as, addr, &addr1, &l,
2518 false);
2519 if (l < 2 || !memory_access_is_direct(mr, false)) {
2520 /* I/O case */
2521 io_mem_read(mr, addr1, &val, 2);
2522 #if defined(TARGET_WORDS_BIGENDIAN)
2523 if (endian == DEVICE_LITTLE_ENDIAN) {
2524 val = bswap16(val);
2525 }
2526 #else
2527 if (endian == DEVICE_BIG_ENDIAN) {
2528 val = bswap16(val);
2529 }
2530 #endif
2531 } else {
2532 /* RAM case */
2533 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2534 & TARGET_PAGE_MASK)
2535 + addr1);
2536 switch (endian) {
2537 case DEVICE_LITTLE_ENDIAN:
2538 val = lduw_le_p(ptr);
2539 break;
2540 case DEVICE_BIG_ENDIAN:
2541 val = lduw_be_p(ptr);
2542 break;
2543 default:
2544 val = lduw_p(ptr);
2545 break;
2546 }
2547 }
2548 return val;
2549 }
2550
2551 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
2552 {
2553 return lduw_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2554 }
2555
2556 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
2557 {
2558 return lduw_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2559 }
2560
2561 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
2562 {
2563 return lduw_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2564 }
2565
2566 /* warning: addr must be aligned. The ram page is not masked as dirty
2567 and the code inside is not invalidated. It is useful if the dirty
2568 bits are used to track modified PTEs */
2569 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
2570 {
2571 uint8_t *ptr;
2572 MemoryRegion *mr;
2573 hwaddr l = 4;
2574 hwaddr addr1;
2575
2576 mr = address_space_translate(as, addr, &addr1, &l,
2577 true);
2578 if (l < 4 || !memory_access_is_direct(mr, true)) {
2579 io_mem_write(mr, addr1, val, 4);
2580 } else {
2581 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2582 ptr = qemu_get_ram_ptr(addr1);
2583 stl_p(ptr, val);
2584
2585 if (unlikely(in_migration)) {
2586 if (cpu_physical_memory_is_clean(addr1)) {
2587 /* invalidate code */
2588 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2589 /* set dirty bit */
2590 cpu_physical_memory_set_dirty_flag(addr1,
2591 DIRTY_MEMORY_MIGRATION);
2592 cpu_physical_memory_set_dirty_flag(addr1, DIRTY_MEMORY_VGA);
2593 }
2594 }
2595 }
2596 }
2597
2598 /* warning: addr must be aligned */
2599 static inline void stl_phys_internal(AddressSpace *as,
2600 hwaddr addr, uint32_t val,
2601 enum device_endian endian)
2602 {
2603 uint8_t *ptr;
2604 MemoryRegion *mr;
2605 hwaddr l = 4;
2606 hwaddr addr1;
2607
2608 mr = address_space_translate(as, addr, &addr1, &l,
2609 true);
2610 if (l < 4 || !memory_access_is_direct(mr, true)) {
2611 #if defined(TARGET_WORDS_BIGENDIAN)
2612 if (endian == DEVICE_LITTLE_ENDIAN) {
2613 val = bswap32(val);
2614 }
2615 #else
2616 if (endian == DEVICE_BIG_ENDIAN) {
2617 val = bswap32(val);
2618 }
2619 #endif
2620 io_mem_write(mr, addr1, val, 4);
2621 } else {
2622 /* RAM case */
2623 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2624 ptr = qemu_get_ram_ptr(addr1);
2625 switch (endian) {
2626 case DEVICE_LITTLE_ENDIAN:
2627 stl_le_p(ptr, val);
2628 break;
2629 case DEVICE_BIG_ENDIAN:
2630 stl_be_p(ptr, val);
2631 break;
2632 default:
2633 stl_p(ptr, val);
2634 break;
2635 }
2636 invalidate_and_set_dirty(addr1, 4);
2637 }
2638 }
2639
2640 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2641 {
2642 stl_phys_internal(as, addr, val, DEVICE_NATIVE_ENDIAN);
2643 }
2644
2645 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2646 {
2647 stl_phys_internal(as, addr, val, DEVICE_LITTLE_ENDIAN);
2648 }
2649
2650 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2651 {
2652 stl_phys_internal(as, addr, val, DEVICE_BIG_ENDIAN);
2653 }
2654
2655 /* XXX: optimize */
2656 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2657 {
2658 uint8_t v = val;
2659 address_space_rw(as, addr, &v, 1, 1);
2660 }
2661
2662 /* warning: addr must be aligned */
2663 static inline void stw_phys_internal(AddressSpace *as,
2664 hwaddr addr, uint32_t val,
2665 enum device_endian endian)
2666 {
2667 uint8_t *ptr;
2668 MemoryRegion *mr;
2669 hwaddr l = 2;
2670 hwaddr addr1;
2671
2672 mr = address_space_translate(as, addr, &addr1, &l, true);
2673 if (l < 2 || !memory_access_is_direct(mr, true)) {
2674 #if defined(TARGET_WORDS_BIGENDIAN)
2675 if (endian == DEVICE_LITTLE_ENDIAN) {
2676 val = bswap16(val);
2677 }
2678 #else
2679 if (endian == DEVICE_BIG_ENDIAN) {
2680 val = bswap16(val);
2681 }
2682 #endif
2683 io_mem_write(mr, addr1, val, 2);
2684 } else {
2685 /* RAM case */
2686 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2687 ptr = qemu_get_ram_ptr(addr1);
2688 switch (endian) {
2689 case DEVICE_LITTLE_ENDIAN:
2690 stw_le_p(ptr, val);
2691 break;
2692 case DEVICE_BIG_ENDIAN:
2693 stw_be_p(ptr, val);
2694 break;
2695 default:
2696 stw_p(ptr, val);
2697 break;
2698 }
2699 invalidate_and_set_dirty(addr1, 2);
2700 }
2701 }
2702
2703 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2704 {
2705 stw_phys_internal(as, addr, val, DEVICE_NATIVE_ENDIAN);
2706 }
2707
2708 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2709 {
2710 stw_phys_internal(as, addr, val, DEVICE_LITTLE_ENDIAN);
2711 }
2712
2713 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2714 {
2715 stw_phys_internal(as, addr, val, DEVICE_BIG_ENDIAN);
2716 }
2717
2718 /* XXX: optimize */
2719 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
2720 {
2721 val = tswap64(val);
2722 address_space_rw(as, addr, (void *) &val, 8, 1);
2723 }
2724
2725 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
2726 {
2727 val = cpu_to_le64(val);
2728 address_space_rw(as, addr, (void *) &val, 8, 1);
2729 }
2730
2731 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
2732 {
2733 val = cpu_to_be64(val);
2734 address_space_rw(as, addr, (void *) &val, 8, 1);
2735 }
2736
2737 /* virtual memory access for debug (includes writing to ROM) */
2738 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2739 uint8_t *buf, int len, int is_write)
2740 {
2741 int l;
2742 hwaddr phys_addr;
2743 target_ulong page;
2744
2745 while (len > 0) {
2746 page = addr & TARGET_PAGE_MASK;
2747 phys_addr = cpu_get_phys_page_debug(cpu, page);
2748 /* if no physical page mapped, return an error */
2749 if (phys_addr == -1)
2750 return -1;
2751 l = (page + TARGET_PAGE_SIZE) - addr;
2752 if (l > len)
2753 l = len;
2754 phys_addr += (addr & ~TARGET_PAGE_MASK);
2755 if (is_write) {
2756 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
2757 } else {
2758 address_space_rw(cpu->as, phys_addr, buf, l, 0);
2759 }
2760 len -= l;
2761 buf += l;
2762 addr += l;
2763 }
2764 return 0;
2765 }
2766 #endif
2767
2768 /*
2769 * A helper function for the _utterly broken_ virtio device model to find out if
2770 * it's running on a big endian machine. Don't do this at home kids!
2771 */
2772 bool target_words_bigendian(void);
2773 bool target_words_bigendian(void)
2774 {
2775 #if defined(TARGET_WORDS_BIGENDIAN)
2776 return true;
2777 #else
2778 return false;
2779 #endif
2780 }
2781
2782 #ifndef CONFIG_USER_ONLY
2783 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2784 {
2785 MemoryRegion*mr;
2786 hwaddr l = 1;
2787
2788 mr = address_space_translate(&address_space_memory,
2789 phys_addr, &phys_addr, &l, false);
2790
2791 return !(memory_region_is_ram(mr) ||
2792 memory_region_is_romd(mr));
2793 }
2794
2795 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2796 {
2797 RAMBlock *block;
2798
2799 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2800 func(block->host, block->offset, block->length, opaque);
2801 }
2802 }
2803 #endif
AR7 emulation for QEMU