search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
memory: call begin, log_start and commit when registering a new listener
[qemu/ar7.git] / exec.c
blob819ecc3d64ef8104fb19a56a9aa0b601eeef77d1
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53
54 #include "exec/memory-internal.h"
55 #include "exec/ram_addr.h"
56
57 #include "qemu/range.h"
58 #ifndef _WIN32
59 #include "qemu/mmap-alloc.h"
60 #endif
61
62 //#define DEBUG_SUBPAGE
63
64 #if !defined(CONFIG_USER_ONLY)
65 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
66 * are protected by the ramlist lock.
67 */
68 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
69
70 static MemoryRegion *system_memory;
71 static MemoryRegion *system_io;
72
73 AddressSpace address_space_io;
74 AddressSpace address_space_memory;
75
76 MemoryRegion io_mem_rom, io_mem_notdirty;
77 static MemoryRegion io_mem_unassigned;
78
79 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
80 #define RAM_PREALLOC (1 << 0)
81
82 /* RAM is mmap-ed with MAP_SHARED */
83 #define RAM_SHARED (1 << 1)
84
85 /* Only a portion of RAM (used_length) is actually used, and migrated.
86 * This used_length size can change across reboots.
87 */
88 #define RAM_RESIZEABLE (1 << 2)
89
90 /* RAM is backed by an mmapped file.
91 */
92 #define RAM_FILE (1 << 3)
93 #endif
94
95 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
96 /* current CPU in the current thread. It is only valid inside
97 cpu_exec() */
98 __thread CPUState *current_cpu;
99 /* 0 = Do not count executed instructions.
100 1 = Precise instruction counting.
101 2 = Adaptive rate instruction counting. */
102 int use_icount;
103
104 #if !defined(CONFIG_USER_ONLY)
105
106 typedef struct PhysPageEntry PhysPageEntry;
107
108 struct PhysPageEntry {
109 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
110 uint32_t skip : 6;
111 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
112 uint32_t ptr : 26;
113 };
114
115 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
116
117 /* Size of the L2 (and L3, etc) page tables. */
118 #define ADDR_SPACE_BITS 64
119
120 #define P_L2_BITS 9
121 #define P_L2_SIZE (1 << P_L2_BITS)
122
123 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
124
125 typedef PhysPageEntry Node[P_L2_SIZE];
126
127 typedef struct PhysPageMap {
128 struct rcu_head rcu;
129
130 unsigned sections_nb;
131 unsigned sections_nb_alloc;
132 unsigned nodes_nb;
133 unsigned nodes_nb_alloc;
134 Node *nodes;
135 MemoryRegionSection *sections;
136 } PhysPageMap;
137
138 struct AddressSpaceDispatch {
139 struct rcu_head rcu;
140
141 /* This is a multi-level map on the physical address space.
142 * The bottom level has pointers to MemoryRegionSections.
143 */
144 PhysPageEntry phys_map;
145 PhysPageMap map;
146 AddressSpace *as;
147 };
148
149 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
150 typedef struct subpage_t {
151 MemoryRegion iomem;
152 AddressSpace *as;
153 hwaddr base;
154 uint16_t sub_section[TARGET_PAGE_SIZE];
155 } subpage_t;
156
157 #define PHYS_SECTION_UNASSIGNED 0
158 #define PHYS_SECTION_NOTDIRTY 1
159 #define PHYS_SECTION_ROM 2
160 #define PHYS_SECTION_WATCH 3
161
162 static void io_mem_init(void);
163 static void memory_map_init(void);
164 static void tcg_commit(MemoryListener *listener);
165
166 static MemoryRegion io_mem_watch;
167
168 /**
169 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
170 * @cpu: the CPU whose AddressSpace this is
171 * @as: the AddressSpace itself
172 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
173 * @tcg_as_listener: listener for tracking changes to the AddressSpace
174 */
175 struct CPUAddressSpace {
176 CPUState *cpu;
177 AddressSpace *as;
178 struct AddressSpaceDispatch *memory_dispatch;
179 MemoryListener tcg_as_listener;
180 };
181
182 #endif
183
184 #if !defined(CONFIG_USER_ONLY)
185
186 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
187 {
188 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
189 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
190 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
191 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
192 }
193 }
194
195 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
196 {
197 unsigned i;
198 uint32_t ret;
199 PhysPageEntry e;
200 PhysPageEntry *p;
201
202 ret = map->nodes_nb++;
203 p = map->nodes[ret];
204 assert(ret != PHYS_MAP_NODE_NIL);
205 assert(ret != map->nodes_nb_alloc);
206
207 e.skip = leaf ? 0 : 1;
208 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
209 for (i = 0; i < P_L2_SIZE; ++i) {
210 memcpy(&p[i], &e, sizeof(e));
211 }
212 return ret;
213 }
214
215 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
216 hwaddr *index, hwaddr *nb, uint16_t leaf,
217 int level)
218 {
219 PhysPageEntry *p;
220 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
221
222 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
223 lp->ptr = phys_map_node_alloc(map, level == 0);
224 }
225 p = map->nodes[lp->ptr];
226 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
227
228 while (*nb && lp < &p[P_L2_SIZE]) {
229 if ((*index & (step - 1)) == 0 && *nb >= step) {
230 lp->skip = 0;
231 lp->ptr = leaf;
232 *index += step;
233 *nb -= step;
234 } else {
235 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
236 }
237 ++lp;
238 }
239 }
240
241 static void phys_page_set(AddressSpaceDispatch *d,
242 hwaddr index, hwaddr nb,
243 uint16_t leaf)
244 {
245 /* Wildly overreserve - it doesn't matter much. */
246 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
247
248 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
249 }
250
251 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
252 * and update our entry so we can skip it and go directly to the destination.
253 */
254 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
255 {
256 unsigned valid_ptr = P_L2_SIZE;
257 int valid = 0;
258 PhysPageEntry *p;
259 int i;
260
261 if (lp->ptr == PHYS_MAP_NODE_NIL) {
262 return;
263 }
264
265 p = nodes[lp->ptr];
266 for (i = 0; i < P_L2_SIZE; i++) {
267 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
268 continue;
269 }
270
271 valid_ptr = i;
272 valid++;
273 if (p[i].skip) {
274 phys_page_compact(&p[i], nodes, compacted);
275 }
276 }
277
278 /* We can only compress if there's only one child. */
279 if (valid != 1) {
280 return;
281 }
282
283 assert(valid_ptr < P_L2_SIZE);
284
285 /* Don't compress if it won't fit in the # of bits we have. */
286 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
287 return;
288 }
289
290 lp->ptr = p[valid_ptr].ptr;
291 if (!p[valid_ptr].skip) {
292 /* If our only child is a leaf, make this a leaf. */
293 /* By design, we should have made this node a leaf to begin with so we
294 * should never reach here.
295 * But since it's so simple to handle this, let's do it just in case we
296 * change this rule.
297 */
298 lp->skip = 0;
299 } else {
300 lp->skip += p[valid_ptr].skip;
301 }
302 }
303
304 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
305 {
306 DECLARE_BITMAP(compacted, nodes_nb);
307
308 if (d->phys_map.skip) {
309 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
310 }
311 }
312
313 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
314 Node *nodes, MemoryRegionSection *sections)
315 {
316 PhysPageEntry *p;
317 hwaddr index = addr >> TARGET_PAGE_BITS;
318 int i;
319
320 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
321 if (lp.ptr == PHYS_MAP_NODE_NIL) {
322 return &sections[PHYS_SECTION_UNASSIGNED];
323 }
324 p = nodes[lp.ptr];
325 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
326 }
327
328 if (sections[lp.ptr].size.hi ||
329 range_covers_byte(sections[lp.ptr].offset_within_address_space,
330 sections[lp.ptr].size.lo, addr)) {
331 return &sections[lp.ptr];
332 } else {
333 return &sections[PHYS_SECTION_UNASSIGNED];
334 }
335 }
336
337 bool memory_region_is_unassigned(MemoryRegion *mr)
338 {
339 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
340 && mr != &io_mem_watch;
341 }
342
343 /* Called from RCU critical section */
344 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
345 hwaddr addr,
346 bool resolve_subpage)
347 {
348 MemoryRegionSection *section;
349 subpage_t *subpage;
350
351 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
352 if (resolve_subpage && section->mr->subpage) {
353 subpage = container_of(section->mr, subpage_t, iomem);
354 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
355 }
356 return section;
357 }
358
359 /* Called from RCU critical section */
360 static MemoryRegionSection *
361 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
362 hwaddr *plen, bool resolve_subpage)
363 {
364 MemoryRegionSection *section;
365 MemoryRegion *mr;
366 Int128 diff;
367
368 section = address_space_lookup_region(d, addr, resolve_subpage);
369 /* Compute offset within MemoryRegionSection */
370 addr -= section->offset_within_address_space;
371
372 /* Compute offset within MemoryRegion */
373 *xlat = addr + section->offset_within_region;
374
375 mr = section->mr;
376
377 /* MMIO registers can be expected to perform full-width accesses based only
378 * on their address, without considering adjacent registers that could
379 * decode to completely different MemoryRegions. When such registers
380 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
381 * regions overlap wildly. For this reason we cannot clamp the accesses
382 * here.
383 *
384 * If the length is small (as is the case for address_space_ldl/stl),
385 * everything works fine. If the incoming length is large, however,
386 * the caller really has to do the clamping through memory_access_size.
387 */
388 if (memory_region_is_ram(mr)) {
389 diff = int128_sub(section->size, int128_make64(addr));
390 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
391 }
392 return section;
393 }
394
395 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
396 {
397 if (memory_region_is_ram(mr)) {
398 return !(is_write && mr->readonly);
399 }
400 if (memory_region_is_romd(mr)) {
401 return !is_write;
402 }
403
404 return false;
405 }
406
407 /* Called from RCU critical section */
408 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
409 hwaddr *xlat, hwaddr *plen,
410 bool is_write)
411 {
412 IOMMUTLBEntry iotlb;
413 MemoryRegionSection *section;
414 MemoryRegion *mr;
415
416 for (;;) {
417 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
418 section = address_space_translate_internal(d, addr, &addr, plen, true);
419 mr = section->mr;
420
421 if (!mr->iommu_ops) {
422 break;
423 }
424
425 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
426 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
427 | (addr & iotlb.addr_mask));
428 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
429 if (!(iotlb.perm & (1 << is_write))) {
430 mr = &io_mem_unassigned;
431 break;
432 }
433
434 as = iotlb.target_as;
435 }
436
437 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
438 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
439 *plen = MIN(page, *plen);
440 }
441
442 *xlat = addr;
443 return mr;
444 }
445
446 /* Called from RCU critical section */
447 MemoryRegionSection *
448 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
449 hwaddr *xlat, hwaddr *plen)
450 {
451 MemoryRegionSection *section;
452 section = address_space_translate_internal(cpu->cpu_ases[0].memory_dispatch,
453 addr, xlat, plen, false);
454
455 assert(!section->mr->iommu_ops);
456 return section;
457 }
458 #endif
459
460 #if !defined(CONFIG_USER_ONLY)
461
462 static int cpu_common_post_load(void *opaque, int version_id)
463 {
464 CPUState *cpu = opaque;
465
466 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
467 version_id is increased. */
468 cpu->interrupt_request &= ~0x01;
469 tlb_flush(cpu, 1);
470
471 return 0;
472 }
473
474 static int cpu_common_pre_load(void *opaque)
475 {
476 CPUState *cpu = opaque;
477
478 cpu->exception_index = -1;
479
480 return 0;
481 }
482
483 static bool cpu_common_exception_index_needed(void *opaque)
484 {
485 CPUState *cpu = opaque;
486
487 return tcg_enabled() && cpu->exception_index != -1;
488 }
489
490 static const VMStateDescription vmstate_cpu_common_exception_index = {
491 .name = "cpu_common/exception_index",
492 .version_id = 1,
493 .minimum_version_id = 1,
494 .needed = cpu_common_exception_index_needed,
495 .fields = (VMStateField[]) {
496 VMSTATE_INT32(exception_index, CPUState),
497 VMSTATE_END_OF_LIST()
498 }
499 };
500
501 static bool cpu_common_crash_occurred_needed(void *opaque)
502 {
503 CPUState *cpu = opaque;
504
505 return cpu->crash_occurred;
506 }
507
508 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
509 .name = "cpu_common/crash_occurred",
510 .version_id = 1,
511 .minimum_version_id = 1,
512 .needed = cpu_common_crash_occurred_needed,
513 .fields = (VMStateField[]) {
514 VMSTATE_BOOL(crash_occurred, CPUState),
515 VMSTATE_END_OF_LIST()
516 }
517 };
518
519 const VMStateDescription vmstate_cpu_common = {
520 .name = "cpu_common",
521 .version_id = 1,
522 .minimum_version_id = 1,
523 .pre_load = cpu_common_pre_load,
524 .post_load = cpu_common_post_load,
525 .fields = (VMStateField[]) {
526 VMSTATE_UINT32(halted, CPUState),
527 VMSTATE_UINT32(interrupt_request, CPUState),
528 VMSTATE_END_OF_LIST()
529 },
530 .subsections = (const VMStateDescription*[]) {
531 &vmstate_cpu_common_exception_index,
532 &vmstate_cpu_common_crash_occurred,
533 NULL
534 }
535 };
536
537 #endif
538
539 CPUState *qemu_get_cpu(int index)
540 {
541 CPUState *cpu;
542
543 CPU_FOREACH(cpu) {
544 if (cpu->cpu_index == index) {
545 return cpu;
546 }
547 }
548
549 return NULL;
550 }
551
552 #if !defined(CONFIG_USER_ONLY)
553 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
554 {
555 /* We only support one address space per cpu at the moment. */
556 assert(cpu->as == as);
557
558 if (cpu->cpu_ases) {
559 /* We've already registered the listener for our only AS */
560 return;
561 }
562
563 cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
564 cpu->cpu_ases[0].cpu = cpu;
565 cpu->cpu_ases[0].as = as;
566 cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
567 memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as);
568 }
569 #endif
570
571 #ifndef CONFIG_USER_ONLY
572 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
573
574 static int cpu_get_free_index(Error **errp)
575 {
576 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
577
578 if (cpu >= MAX_CPUMASK_BITS) {
579 error_setg(errp, "Trying to use more CPUs than max of %d",
580 MAX_CPUMASK_BITS);
581 return -1;
582 }
583
584 bitmap_set(cpu_index_map, cpu, 1);
585 return cpu;
586 }
587
588 void cpu_exec_exit(CPUState *cpu)
589 {
590 if (cpu->cpu_index == -1) {
591 /* cpu_index was never allocated by this @cpu or was already freed. */
592 return;
593 }
594
595 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
596 cpu->cpu_index = -1;
597 }
598 #else
599
600 static int cpu_get_free_index(Error **errp)
601 {
602 CPUState *some_cpu;
603 int cpu_index = 0;
604
605 CPU_FOREACH(some_cpu) {
606 cpu_index++;
607 }
608 return cpu_index;
609 }
610
611 void cpu_exec_exit(CPUState *cpu)
612 {
613 }
614 #endif
615
616 void cpu_exec_init(CPUState *cpu, Error **errp)
617 {
618 CPUClass *cc = CPU_GET_CLASS(cpu);
619 int cpu_index;
620 Error *local_err = NULL;
621
622 #ifndef CONFIG_USER_ONLY
623 cpu->as = &address_space_memory;
624 cpu->thread_id = qemu_get_thread_id();
625 #endif
626
627 #if defined(CONFIG_USER_ONLY)
628 cpu_list_lock();
629 #endif
630 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
631 if (local_err) {
632 error_propagate(errp, local_err);
633 #if defined(CONFIG_USER_ONLY)
634 cpu_list_unlock();
635 #endif
636 return;
637 }
638 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
639 #if defined(CONFIG_USER_ONLY)
640 cpu_list_unlock();
641 #endif
642 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
643 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
644 }
645 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
646 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
647 cpu_save, cpu_load, cpu->env_ptr);
648 assert(cc->vmsd == NULL);
649 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
650 #endif
651 if (cc->vmsd != NULL) {
652 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
653 }
654 }
655
656 #if defined(CONFIG_USER_ONLY)
657 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
658 {
659 tb_invalidate_phys_page_range(pc, pc + 1, 0);
660 }
661 #else
662 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
663 {
664 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
665 if (phys != -1) {
666 tb_invalidate_phys_addr(cpu->as,
667 phys | (pc & ~TARGET_PAGE_MASK));
668 }
669 }
670 #endif
671
672 #if defined(CONFIG_USER_ONLY)
673 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
674
675 {
676 }
677
678 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
679 int flags)
680 {
681 return -ENOSYS;
682 }
683
684 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
685 {
686 }
687
688 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
689 int flags, CPUWatchpoint **watchpoint)
690 {
691 return -ENOSYS;
692 }
693 #else
694 /* Add a watchpoint. */
695 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
696 int flags, CPUWatchpoint **watchpoint)
697 {
698 CPUWatchpoint *wp;
699
700 /* forbid ranges which are empty or run off the end of the address space */
701 if (len == 0 || (addr + len - 1) < addr) {
702 error_report("tried to set invalid watchpoint at %"
703 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
704 return -EINVAL;
705 }
706 wp = g_malloc(sizeof(*wp));
707
708 wp->vaddr = addr;
709 wp->len = len;
710 wp->flags = flags;
711
712 /* keep all GDB-injected watchpoints in front */
713 if (flags & BP_GDB) {
714 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
715 } else {
716 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
717 }
718
719 tlb_flush_page(cpu, addr);
720
721 if (watchpoint)
722 *watchpoint = wp;
723 return 0;
724 }
725
726 /* Remove a specific watchpoint. */
727 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
728 int flags)
729 {
730 CPUWatchpoint *wp;
731
732 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
733 if (addr == wp->vaddr && len == wp->len
734 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
735 cpu_watchpoint_remove_by_ref(cpu, wp);
736 return 0;
737 }
738 }
739 return -ENOENT;
740 }
741
742 /* Remove a specific watchpoint by reference. */
743 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
744 {
745 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
746
747 tlb_flush_page(cpu, watchpoint->vaddr);
748
749 g_free(watchpoint);
750 }
751
752 /* Remove all matching watchpoints. */
753 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
754 {
755 CPUWatchpoint *wp, *next;
756
757 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
758 if (wp->flags & mask) {
759 cpu_watchpoint_remove_by_ref(cpu, wp);
760 }
761 }
762 }
763
764 /* Return true if this watchpoint address matches the specified
765 * access (ie the address range covered by the watchpoint overlaps
766 * partially or completely with the address range covered by the
767 * access).
768 */
769 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
770 vaddr addr,
771 vaddr len)
772 {
773 /* We know the lengths are non-zero, but a little caution is
774 * required to avoid errors in the case where the range ends
775 * exactly at the top of the address space and so addr + len
776 * wraps round to zero.
777 */
778 vaddr wpend = wp->vaddr + wp->len - 1;
779 vaddr addrend = addr + len - 1;
780
781 return !(addr > wpend || wp->vaddr > addrend);
782 }
783
784 #endif
785
786 /* Add a breakpoint. */
787 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
788 CPUBreakpoint **breakpoint)
789 {
790 CPUBreakpoint *bp;
791
792 bp = g_malloc(sizeof(*bp));
793
794 bp->pc = pc;
795 bp->flags = flags;
796
797 /* keep all GDB-injected breakpoints in front */
798 if (flags & BP_GDB) {
799 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
800 } else {
801 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
802 }
803
804 breakpoint_invalidate(cpu, pc);
805
806 if (breakpoint) {
807 *breakpoint = bp;
808 }
809 return 0;
810 }
811
812 /* Remove a specific breakpoint. */
813 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
814 {
815 CPUBreakpoint *bp;
816
817 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
818 if (bp->pc == pc && bp->flags == flags) {
819 cpu_breakpoint_remove_by_ref(cpu, bp);
820 return 0;
821 }
822 }
823 return -ENOENT;
824 }
825
826 /* Remove a specific breakpoint by reference. */
827 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
828 {
829 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
830
831 breakpoint_invalidate(cpu, breakpoint->pc);
832
833 g_free(breakpoint);
834 }
835
836 /* Remove all matching breakpoints. */
837 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
838 {
839 CPUBreakpoint *bp, *next;
840
841 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
842 if (bp->flags & mask) {
843 cpu_breakpoint_remove_by_ref(cpu, bp);
844 }
845 }
846 }
847
848 /* enable or disable single step mode. EXCP_DEBUG is returned by the
849 CPU loop after each instruction */
850 void cpu_single_step(CPUState *cpu, int enabled)
851 {
852 if (cpu->singlestep_enabled != enabled) {
853 cpu->singlestep_enabled = enabled;
854 if (kvm_enabled()) {
855 kvm_update_guest_debug(cpu, 0);
856 } else {
857 /* must flush all the translated code to avoid inconsistencies */
858 /* XXX: only flush what is necessary */
859 tb_flush(cpu);
860 }
861 }
862 }
863
864 void cpu_abort(CPUState *cpu, const char *fmt, ...)
865 {
866 va_list ap;
867 va_list ap2;
868
869 va_start(ap, fmt);
870 va_copy(ap2, ap);
871 fprintf(stderr, "qemu: fatal: ");
872 vfprintf(stderr, fmt, ap);
873 fprintf(stderr, "\n");
874 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
875 if (qemu_log_enabled()) {
876 qemu_log("qemu: fatal: ");
877 qemu_log_vprintf(fmt, ap2);
878 qemu_log("\n");
879 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
880 qemu_log_flush();
881 qemu_log_close();
882 }
883 va_end(ap2);
884 va_end(ap);
885 #if defined(CONFIG_USER_ONLY)
886 {
887 struct sigaction act;
888 sigfillset(&act.sa_mask);
889 act.sa_handler = SIG_DFL;
890 sigaction(SIGABRT, &act, NULL);
891 }
892 #endif
893 abort();
894 }
895
896 #if !defined(CONFIG_USER_ONLY)
897 /* Called from RCU critical section */
898 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
899 {
900 RAMBlock *block;
901
902 block = atomic_rcu_read(&ram_list.mru_block);
903 if (block && addr - block->offset < block->max_length) {
904 goto found;
905 }
906 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
907 if (addr - block->offset < block->max_length) {
908 goto found;
909 }
910 }
911
912 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
913 abort();
914
915 found:
916 /* It is safe to write mru_block outside the iothread lock. This
917 * is what happens:
918 *
919 * mru_block = xxx
920 * rcu_read_unlock()
921 * xxx removed from list
922 * rcu_read_lock()
923 * read mru_block
924 * mru_block = NULL;
925 * call_rcu(reclaim_ramblock, xxx);
926 * rcu_read_unlock()
927 *
928 * atomic_rcu_set is not needed here. The block was already published
929 * when it was placed into the list. Here we're just making an extra
930 * copy of the pointer.
931 */
932 ram_list.mru_block = block;
933 return block;
934 }
935
936 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
937 {
938 CPUState *cpu;
939 ram_addr_t start1;
940 RAMBlock *block;
941 ram_addr_t end;
942
943 end = TARGET_PAGE_ALIGN(start + length);
944 start &= TARGET_PAGE_MASK;
945
946 rcu_read_lock();
947 block = qemu_get_ram_block(start);
948 assert(block == qemu_get_ram_block(end - 1));
949 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
950 CPU_FOREACH(cpu) {
951 tlb_reset_dirty(cpu, start1, length);
952 }
953 rcu_read_unlock();
954 }
955
956 /* Note: start and end must be within the same ram block. */
957 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
958 ram_addr_t length,
959 unsigned client)
960 {
961 unsigned long end, page;
962 bool dirty;
963
964 if (length == 0) {
965 return false;
966 }
967
968 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
969 page = start >> TARGET_PAGE_BITS;
970 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
971 page, end - page);
972
973 if (dirty && tcg_enabled()) {
974 tlb_reset_dirty_range_all(start, length);
975 }
976
977 return dirty;
978 }
979
980 /* Called from RCU critical section */
981 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
982 MemoryRegionSection *section,
983 target_ulong vaddr,
984 hwaddr paddr, hwaddr xlat,
985 int prot,
986 target_ulong *address)
987 {
988 hwaddr iotlb;
989 CPUWatchpoint *wp;
990
991 if (memory_region_is_ram(section->mr)) {
992 /* Normal RAM. */
993 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
994 + xlat;
995 if (!section->readonly) {
996 iotlb |= PHYS_SECTION_NOTDIRTY;
997 } else {
998 iotlb |= PHYS_SECTION_ROM;
999 }
1000 } else {
1001 AddressSpaceDispatch *d;
1002
1003 d = atomic_rcu_read(&section->address_space->dispatch);
1004 iotlb = section - d->map.sections;
1005 iotlb += xlat;
1006 }
1007
1008 /* Make accesses to pages with watchpoints go via the
1009 watchpoint trap routines. */
1010 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1011 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1012 /* Avoid trapping reads of pages with a write breakpoint. */
1013 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1014 iotlb = PHYS_SECTION_WATCH + paddr;
1015 *address |= TLB_MMIO;
1016 break;
1017 }
1018 }
1019 }
1020
1021 return iotlb;
1022 }
1023 #endif /* defined(CONFIG_USER_ONLY) */
1024
1025 #if !defined(CONFIG_USER_ONLY)
1026
1027 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1028 uint16_t section);
1029 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1030
1031 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1032 qemu_anon_ram_alloc;
1033
1034 /*
1035 * Set a custom physical guest memory alloator.
1036 * Accelerators with unusual needs may need this. Hopefully, we can
1037 * get rid of it eventually.
1038 */
1039 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1040 {
1041 phys_mem_alloc = alloc;
1042 }
1043
1044 static uint16_t phys_section_add(PhysPageMap *map,
1045 MemoryRegionSection *section)
1046 {
1047 /* The physical section number is ORed with a page-aligned
1048 * pointer to produce the iotlb entries. Thus it should
1049 * never overflow into the page-aligned value.
1050 */
1051 assert(map->sections_nb < TARGET_PAGE_SIZE);
1052
1053 if (map->sections_nb == map->sections_nb_alloc) {
1054 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1055 map->sections = g_renew(MemoryRegionSection, map->sections,
1056 map->sections_nb_alloc);
1057 }
1058 map->sections[map->sections_nb] = *section;
1059 memory_region_ref(section->mr);
1060 return map->sections_nb++;
1061 }
1062
1063 static void phys_section_destroy(MemoryRegion *mr)
1064 {
1065 memory_region_unref(mr);
1066
1067 if (mr->subpage) {
1068 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1069 object_unref(OBJECT(&subpage->iomem));
1070 g_free(subpage);
1071 }
1072 }
1073
1074 static void phys_sections_free(PhysPageMap *map)
1075 {
1076 while (map->sections_nb > 0) {
1077 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1078 phys_section_destroy(section->mr);
1079 }
1080 g_free(map->sections);
1081 g_free(map->nodes);
1082 }
1083
1084 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1085 {
1086 subpage_t *subpage;
1087 hwaddr base = section->offset_within_address_space
1088 & TARGET_PAGE_MASK;
1089 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1090 d->map.nodes, d->map.sections);
1091 MemoryRegionSection subsection = {
1092 .offset_within_address_space = base,
1093 .size = int128_make64(TARGET_PAGE_SIZE),
1094 };
1095 hwaddr start, end;
1096
1097 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1098
1099 if (!(existing->mr->subpage)) {
1100 subpage = subpage_init(d->as, base);
1101 subsection.address_space = d->as;
1102 subsection.mr = &subpage->iomem;
1103 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1104 phys_section_add(&d->map, &subsection));
1105 } else {
1106 subpage = container_of(existing->mr, subpage_t, iomem);
1107 }
1108 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1109 end = start + int128_get64(section->size) - 1;
1110 subpage_register(subpage, start, end,
1111 phys_section_add(&d->map, section));
1112 }
1113
1114
1115 static void register_multipage(AddressSpaceDispatch *d,
1116 MemoryRegionSection *section)
1117 {
1118 hwaddr start_addr = section->offset_within_address_space;
1119 uint16_t section_index = phys_section_add(&d->map, section);
1120 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1121 TARGET_PAGE_BITS));
1122
1123 assert(num_pages);
1124 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1125 }
1126
1127 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1128 {
1129 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1130 AddressSpaceDispatch *d = as->next_dispatch;
1131 MemoryRegionSection now = *section, remain = *section;
1132 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1133
1134 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1135 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1136 - now.offset_within_address_space;
1137
1138 now.size = int128_min(int128_make64(left), now.size);
1139 register_subpage(d, &now);
1140 } else {
1141 now.size = int128_zero();
1142 }
1143 while (int128_ne(remain.size, now.size)) {
1144 remain.size = int128_sub(remain.size, now.size);
1145 remain.offset_within_address_space += int128_get64(now.size);
1146 remain.offset_within_region += int128_get64(now.size);
1147 now = remain;
1148 if (int128_lt(remain.size, page_size)) {
1149 register_subpage(d, &now);
1150 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1151 now.size = page_size;
1152 register_subpage(d, &now);
1153 } else {
1154 now.size = int128_and(now.size, int128_neg(page_size));
1155 register_multipage(d, &now);
1156 }
1157 }
1158 }
1159
1160 void qemu_flush_coalesced_mmio_buffer(void)
1161 {
1162 if (kvm_enabled())
1163 kvm_flush_coalesced_mmio_buffer();
1164 }
1165
1166 void qemu_mutex_lock_ramlist(void)
1167 {
1168 qemu_mutex_lock(&ram_list.mutex);
1169 }
1170
1171 void qemu_mutex_unlock_ramlist(void)
1172 {
1173 qemu_mutex_unlock(&ram_list.mutex);
1174 }
1175
1176 #ifdef __linux__
1177
1178 #include <sys/vfs.h>
1179
1180 #define HUGETLBFS_MAGIC 0x958458f6
1181
1182 static long gethugepagesize(const char *path, Error **errp)
1183 {
1184 struct statfs fs;
1185 int ret;
1186
1187 do {
1188 ret = statfs(path, &fs);
1189 } while (ret != 0 && errno == EINTR);
1190
1191 if (ret != 0) {
1192 error_setg_errno(errp, errno, "failed to get page size of file %s",
1193 path);
1194 return 0;
1195 }
1196
1197 if (fs.f_type != HUGETLBFS_MAGIC)
1198 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1199
1200 return fs.f_bsize;
1201 }
1202
1203 static void *file_ram_alloc(RAMBlock *block,
1204 ram_addr_t memory,
1205 const char *path,
1206 Error **errp)
1207 {
1208 char *filename;
1209 char *sanitized_name;
1210 char *c;
1211 void *area;
1212 int fd;
1213 uint64_t hpagesize;
1214 Error *local_err = NULL;
1215
1216 hpagesize = gethugepagesize(path, &local_err);
1217 if (local_err) {
1218 error_propagate(errp, local_err);
1219 goto error;
1220 }
1221 block->mr->align = hpagesize;
1222
1223 if (memory < hpagesize) {
1224 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1225 "or larger than huge page size 0x%" PRIx64,
1226 memory, hpagesize);
1227 goto error;
1228 }
1229
1230 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1231 error_setg(errp,
1232 "host lacks kvm mmu notifiers, -mem-path unsupported");
1233 goto error;
1234 }
1235
1236 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1237 sanitized_name = g_strdup(memory_region_name(block->mr));
1238 for (c = sanitized_name; *c != '\0'; c++) {
1239 if (*c == '/')
1240 *c = '_';
1241 }
1242
1243 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1244 sanitized_name);
1245 g_free(sanitized_name);
1246
1247 fd = mkstemp(filename);
1248 if (fd < 0) {
1249 error_setg_errno(errp, errno,
1250 "unable to create backing store for hugepages");
1251 g_free(filename);
1252 goto error;
1253 }
1254 unlink(filename);
1255 g_free(filename);
1256
1257 memory = ROUND_UP(memory, hpagesize);
1258
1259 /*
1260 * ftruncate is not supported by hugetlbfs in older
1261 * hosts, so don't bother bailing out on errors.
1262 * If anything goes wrong with it under other filesystems,
1263 * mmap will fail.
1264 */
1265 if (ftruncate(fd, memory)) {
1266 perror("ftruncate");
1267 }
1268
1269 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
1270 if (area == MAP_FAILED) {
1271 error_setg_errno(errp, errno,
1272 "unable to map backing store for hugepages");
1273 close(fd);
1274 goto error;
1275 }
1276
1277 if (mem_prealloc) {
1278 os_mem_prealloc(fd, area, memory);
1279 }
1280
1281 block->fd = fd;
1282 return area;
1283
1284 error:
1285 return NULL;
1286 }
1287 #endif
1288
1289 /* Called with the ramlist lock held. */
1290 static ram_addr_t find_ram_offset(ram_addr_t size)
1291 {
1292 RAMBlock *block, *next_block;
1293 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1294
1295 assert(size != 0); /* it would hand out same offset multiple times */
1296
1297 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1298 return 0;
1299 }
1300
1301 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1302 ram_addr_t end, next = RAM_ADDR_MAX;
1303
1304 end = block->offset + block->max_length;
1305
1306 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1307 if (next_block->offset >= end) {
1308 next = MIN(next, next_block->offset);
1309 }
1310 }
1311 if (next - end >= size && next - end < mingap) {
1312 offset = end;
1313 mingap = next - end;
1314 }
1315 }
1316
1317 if (offset == RAM_ADDR_MAX) {
1318 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1319 (uint64_t)size);
1320 abort();
1321 }
1322
1323 return offset;
1324 }
1325
1326 ram_addr_t last_ram_offset(void)
1327 {
1328 RAMBlock *block;
1329 ram_addr_t last = 0;
1330
1331 rcu_read_lock();
1332 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1333 last = MAX(last, block->offset + block->max_length);
1334 }
1335 rcu_read_unlock();
1336 return last;
1337 }
1338
1339 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1340 {
1341 int ret;
1342
1343 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1344 if (!machine_dump_guest_core(current_machine)) {
1345 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1346 if (ret) {
1347 perror("qemu_madvise");
1348 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1349 "but dump_guest_core=off specified\n");
1350 }
1351 }
1352 }
1353
1354 /* Called within an RCU critical section, or while the ramlist lock
1355 * is held.
1356 */
1357 static RAMBlock *find_ram_block(ram_addr_t addr)
1358 {
1359 RAMBlock *block;
1360
1361 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1362 if (block->offset == addr) {
1363 return block;
1364 }
1365 }
1366
1367 return NULL;
1368 }
1369
1370 /* Called with iothread lock held. */
1371 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1372 {
1373 RAMBlock *new_block, *block;
1374
1375 rcu_read_lock();
1376 new_block = find_ram_block(addr);
1377 assert(new_block);
1378 assert(!new_block->idstr[0]);
1379
1380 if (dev) {
1381 char *id = qdev_get_dev_path(dev);
1382 if (id) {
1383 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1384 g_free(id);
1385 }
1386 }
1387 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1388
1389 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1390 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1391 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1392 new_block->idstr);
1393 abort();
1394 }
1395 }
1396 rcu_read_unlock();
1397 }
1398
1399 /* Called with iothread lock held. */
1400 void qemu_ram_unset_idstr(ram_addr_t addr)
1401 {
1402 RAMBlock *block;
1403
1404 /* FIXME: arch_init.c assumes that this is not called throughout
1405 * migration. Ignore the problem since hot-unplug during migration
1406 * does not work anyway.
1407 */
1408
1409 rcu_read_lock();
1410 block = find_ram_block(addr);
1411 if (block) {
1412 memset(block->idstr, 0, sizeof(block->idstr));
1413 }
1414 rcu_read_unlock();
1415 }
1416
1417 static int memory_try_enable_merging(void *addr, size_t len)
1418 {
1419 if (!machine_mem_merge(current_machine)) {
1420 /* disabled by the user */
1421 return 0;
1422 }
1423
1424 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1425 }
1426
1427 /* Only legal before guest might have detected the memory size: e.g. on
1428 * incoming migration, or right after reset.
1429 *
1430 * As memory core doesn't know how is memory accessed, it is up to
1431 * resize callback to update device state and/or add assertions to detect
1432 * misuse, if necessary.
1433 */
1434 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1435 {
1436 RAMBlock *block = find_ram_block(base);
1437
1438 assert(block);
1439
1440 newsize = TARGET_PAGE_ALIGN(newsize);
1441
1442 if (block->used_length == newsize) {
1443 return 0;
1444 }
1445
1446 if (!(block->flags & RAM_RESIZEABLE)) {
1447 error_setg_errno(errp, EINVAL,
1448 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1449 " in != 0x" RAM_ADDR_FMT, block->idstr,
1450 newsize, block->used_length);
1451 return -EINVAL;
1452 }
1453
1454 if (block->max_length < newsize) {
1455 error_setg_errno(errp, EINVAL,
1456 "Length too large: %s: 0x" RAM_ADDR_FMT
1457 " > 0x" RAM_ADDR_FMT, block->idstr,
1458 newsize, block->max_length);
1459 return -EINVAL;
1460 }
1461
1462 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1463 block->used_length = newsize;
1464 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1465 DIRTY_CLIENTS_ALL);
1466 memory_region_set_size(block->mr, newsize);
1467 if (block->resized) {
1468 block->resized(block->idstr, newsize, block->host);
1469 }
1470 return 0;
1471 }
1472
1473 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1474 {
1475 RAMBlock *block;
1476 RAMBlock *last_block = NULL;
1477 ram_addr_t old_ram_size, new_ram_size;
1478
1479 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1480
1481 qemu_mutex_lock_ramlist();
1482 new_block->offset = find_ram_offset(new_block->max_length);
1483
1484 if (!new_block->host) {
1485 if (xen_enabled()) {
1486 xen_ram_alloc(new_block->offset, new_block->max_length,
1487 new_block->mr);
1488 } else {
1489 new_block->host = phys_mem_alloc(new_block->max_length,
1490 &new_block->mr->align);
1491 if (!new_block->host) {
1492 error_setg_errno(errp, errno,
1493 "cannot set up guest memory '%s'",
1494 memory_region_name(new_block->mr));
1495 qemu_mutex_unlock_ramlist();
1496 return -1;
1497 }
1498 memory_try_enable_merging(new_block->host, new_block->max_length);
1499 }
1500 }
1501
1502 new_ram_size = MAX(old_ram_size,
1503 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1504 if (new_ram_size > old_ram_size) {
1505 migration_bitmap_extend(old_ram_size, new_ram_size);
1506 }
1507 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1508 * QLIST (which has an RCU-friendly variant) does not have insertion at
1509 * tail, so save the last element in last_block.
1510 */
1511 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1512 last_block = block;
1513 if (block->max_length < new_block->max_length) {
1514 break;
1515 }
1516 }
1517 if (block) {
1518 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1519 } else if (last_block) {
1520 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1521 } else { /* list is empty */
1522 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1523 }
1524 ram_list.mru_block = NULL;
1525
1526 /* Write list before version */
1527 smp_wmb();
1528 ram_list.version++;
1529 qemu_mutex_unlock_ramlist();
1530
1531 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1532
1533 if (new_ram_size > old_ram_size) {
1534 int i;
1535
1536 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1537 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1538 ram_list.dirty_memory[i] =
1539 bitmap_zero_extend(ram_list.dirty_memory[i],
1540 old_ram_size, new_ram_size);
1541 }
1542 }
1543 cpu_physical_memory_set_dirty_range(new_block->offset,
1544 new_block->used_length,
1545 DIRTY_CLIENTS_ALL);
1546
1547 if (new_block->host) {
1548 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1549 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1550 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1551 if (kvm_enabled()) {
1552 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1553 }
1554 }
1555
1556 return new_block->offset;
1557 }
1558
1559 #ifdef __linux__
1560 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1561 bool share, const char *mem_path,
1562 Error **errp)
1563 {
1564 RAMBlock *new_block;
1565 ram_addr_t addr;
1566 Error *local_err = NULL;
1567
1568 if (xen_enabled()) {
1569 error_setg(errp, "-mem-path not supported with Xen");
1570 return -1;
1571 }
1572
1573 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1574 /*
1575 * file_ram_alloc() needs to allocate just like
1576 * phys_mem_alloc, but we haven't bothered to provide
1577 * a hook there.
1578 */
1579 error_setg(errp,
1580 "-mem-path not supported with this accelerator");
1581 return -1;
1582 }
1583
1584 size = TARGET_PAGE_ALIGN(size);
1585 new_block = g_malloc0(sizeof(*new_block));
1586 new_block->mr = mr;
1587 new_block->used_length = size;
1588 new_block->max_length = size;
1589 new_block->flags = share ? RAM_SHARED : 0;
1590 new_block->flags |= RAM_FILE;
1591 new_block->host = file_ram_alloc(new_block, size,
1592 mem_path, errp);
1593 if (!new_block->host) {
1594 g_free(new_block);
1595 return -1;
1596 }
1597
1598 addr = ram_block_add(new_block, &local_err);
1599 if (local_err) {
1600 g_free(new_block);
1601 error_propagate(errp, local_err);
1602 return -1;
1603 }
1604 return addr;
1605 }
1606 #endif
1607
1608 static
1609 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1610 void (*resized)(const char*,
1611 uint64_t length,
1612 void *host),
1613 void *host, bool resizeable,
1614 MemoryRegion *mr, Error **errp)
1615 {
1616 RAMBlock *new_block;
1617 ram_addr_t addr;
1618 Error *local_err = NULL;
1619
1620 size = TARGET_PAGE_ALIGN(size);
1621 max_size = TARGET_PAGE_ALIGN(max_size);
1622 new_block = g_malloc0(sizeof(*new_block));
1623 new_block->mr = mr;
1624 new_block->resized = resized;
1625 new_block->used_length = size;
1626 new_block->max_length = max_size;
1627 assert(max_size >= size);
1628 new_block->fd = -1;
1629 new_block->host = host;
1630 if (host) {
1631 new_block->flags |= RAM_PREALLOC;
1632 }
1633 if (resizeable) {
1634 new_block->flags |= RAM_RESIZEABLE;
1635 }
1636 addr = ram_block_add(new_block, &local_err);
1637 if (local_err) {
1638 g_free(new_block);
1639 error_propagate(errp, local_err);
1640 return -1;
1641 }
1642 return addr;
1643 }
1644
1645 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1646 MemoryRegion *mr, Error **errp)
1647 {
1648 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1649 }
1650
1651 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1652 {
1653 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1654 }
1655
1656 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1657 void (*resized)(const char*,
1658 uint64_t length,
1659 void *host),
1660 MemoryRegion *mr, Error **errp)
1661 {
1662 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1663 }
1664
1665 void qemu_ram_free_from_ptr(ram_addr_t addr)
1666 {
1667 RAMBlock *block;
1668
1669 qemu_mutex_lock_ramlist();
1670 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1671 if (addr == block->offset) {
1672 QLIST_REMOVE_RCU(block, next);
1673 ram_list.mru_block = NULL;
1674 /* Write list before version */
1675 smp_wmb();
1676 ram_list.version++;
1677 g_free_rcu(block, rcu);
1678 break;
1679 }
1680 }
1681 qemu_mutex_unlock_ramlist();
1682 }
1683
1684 static void reclaim_ramblock(RAMBlock *block)
1685 {
1686 if (block->flags & RAM_PREALLOC) {
1687 ;
1688 } else if (xen_enabled()) {
1689 xen_invalidate_map_cache_entry(block->host);
1690 #ifndef _WIN32
1691 } else if (block->fd >= 0) {
1692 if (block->flags & RAM_FILE) {
1693 qemu_ram_munmap(block->host, block->max_length);
1694 } else {
1695 munmap(block->host, block->max_length);
1696 }
1697 close(block->fd);
1698 #endif
1699 } else {
1700 qemu_anon_ram_free(block->host, block->max_length);
1701 }
1702 g_free(block);
1703 }
1704
1705 void qemu_ram_free(ram_addr_t addr)
1706 {
1707 RAMBlock *block;
1708
1709 qemu_mutex_lock_ramlist();
1710 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1711 if (addr == block->offset) {
1712 QLIST_REMOVE_RCU(block, next);
1713 ram_list.mru_block = NULL;
1714 /* Write list before version */
1715 smp_wmb();
1716 ram_list.version++;
1717 call_rcu(block, reclaim_ramblock, rcu);
1718 break;
1719 }
1720 }
1721 qemu_mutex_unlock_ramlist();
1722 }
1723
1724 #ifndef _WIN32
1725 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1726 {
1727 RAMBlock *block;
1728 ram_addr_t offset;
1729 int flags;
1730 void *area, *vaddr;
1731
1732 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1733 offset = addr - block->offset;
1734 if (offset < block->max_length) {
1735 vaddr = ramblock_ptr(block, offset);
1736 if (block->flags & RAM_PREALLOC) {
1737 ;
1738 } else if (xen_enabled()) {
1739 abort();
1740 } else {
1741 flags = MAP_FIXED;
1742 if (block->fd >= 0) {
1743 flags |= (block->flags & RAM_SHARED ?
1744 MAP_SHARED : MAP_PRIVATE);
1745 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1746 flags, block->fd, offset);
1747 } else {
1748 /*
1749 * Remap needs to match alloc. Accelerators that
1750 * set phys_mem_alloc never remap. If they did,
1751 * we'd need a remap hook here.
1752 */
1753 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1754
1755 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1756 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1757 flags, -1, 0);
1758 }
1759 if (area != vaddr) {
1760 fprintf(stderr, "Could not remap addr: "
1761 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1762 length, addr);
1763 exit(1);
1764 }
1765 memory_try_enable_merging(vaddr, length);
1766 qemu_ram_setup_dump(vaddr, length);
1767 }
1768 }
1769 }
1770 }
1771 #endif /* !_WIN32 */
1772
1773 int qemu_get_ram_fd(ram_addr_t addr)
1774 {
1775 RAMBlock *block;
1776 int fd;
1777
1778 rcu_read_lock();
1779 block = qemu_get_ram_block(addr);
1780 fd = block->fd;
1781 rcu_read_unlock();
1782 return fd;
1783 }
1784
1785 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1786 {
1787 RAMBlock *block;
1788 void *ptr;
1789
1790 rcu_read_lock();
1791 block = qemu_get_ram_block(addr);
1792 ptr = ramblock_ptr(block, 0);
1793 rcu_read_unlock();
1794 return ptr;
1795 }
1796
1797 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1798 * This should not be used for general purpose DMA. Use address_space_map
1799 * or address_space_rw instead. For local memory (e.g. video ram) that the
1800 * device owns, use memory_region_get_ram_ptr.
1801 *
1802 * By the time this function returns, the returned pointer is not protected
1803 * by RCU anymore. If the caller is not within an RCU critical section and
1804 * does not hold the iothread lock, it must have other means of protecting the
1805 * pointer, such as a reference to the region that includes the incoming
1806 * ram_addr_t.
1807 */
1808 void *qemu_get_ram_ptr(ram_addr_t addr)
1809 {
1810 RAMBlock *block;
1811 void *ptr;
1812
1813 rcu_read_lock();
1814 block = qemu_get_ram_block(addr);
1815
1816 if (xen_enabled() && block->host == NULL) {
1817 /* We need to check if the requested address is in the RAM
1818 * because we don't want to map the entire memory in QEMU.
1819 * In that case just map until the end of the page.
1820 */
1821 if (block->offset == 0) {
1822 ptr = xen_map_cache(addr, 0, 0);
1823 goto unlock;
1824 }
1825
1826 block->host = xen_map_cache(block->offset, block->max_length, 1);
1827 }
1828 ptr = ramblock_ptr(block, addr - block->offset);
1829
1830 unlock:
1831 rcu_read_unlock();
1832 return ptr;
1833 }
1834
1835 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1836 * but takes a size argument.
1837 *
1838 * By the time this function returns, the returned pointer is not protected
1839 * by RCU anymore. If the caller is not within an RCU critical section and
1840 * does not hold the iothread lock, it must have other means of protecting the
1841 * pointer, such as a reference to the region that includes the incoming
1842 * ram_addr_t.
1843 */
1844 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1845 {
1846 void *ptr;
1847 if (*size == 0) {
1848 return NULL;
1849 }
1850 if (xen_enabled()) {
1851 return xen_map_cache(addr, *size, 1);
1852 } else {
1853 RAMBlock *block;
1854 rcu_read_lock();
1855 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1856 if (addr - block->offset < block->max_length) {
1857 if (addr - block->offset + *size > block->max_length)
1858 *size = block->max_length - addr + block->offset;
1859 ptr = ramblock_ptr(block, addr - block->offset);
1860 rcu_read_unlock();
1861 return ptr;
1862 }
1863 }
1864
1865 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1866 abort();
1867 }
1868 }
1869
1870 /* Some of the softmmu routines need to translate from a host pointer
1871 * (typically a TLB entry) back to a ram offset.
1872 *
1873 * By the time this function returns, the returned pointer is not protected
1874 * by RCU anymore. If the caller is not within an RCU critical section and
1875 * does not hold the iothread lock, it must have other means of protecting the
1876 * pointer, such as a reference to the region that includes the incoming
1877 * ram_addr_t.
1878 */
1879 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1880 {
1881 RAMBlock *block;
1882 uint8_t *host = ptr;
1883 MemoryRegion *mr;
1884
1885 if (xen_enabled()) {
1886 rcu_read_lock();
1887 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1888 mr = qemu_get_ram_block(*ram_addr)->mr;
1889 rcu_read_unlock();
1890 return mr;
1891 }
1892
1893 rcu_read_lock();
1894 block = atomic_rcu_read(&ram_list.mru_block);
1895 if (block && block->host && host - block->host < block->max_length) {
1896 goto found;
1897 }
1898
1899 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1900 /* This case append when the block is not mapped. */
1901 if (block->host == NULL) {
1902 continue;
1903 }
1904 if (host - block->host < block->max_length) {
1905 goto found;
1906 }
1907 }
1908
1909 rcu_read_unlock();
1910 return NULL;
1911
1912 found:
1913 *ram_addr = block->offset + (host - block->host);
1914 mr = block->mr;
1915 rcu_read_unlock();
1916 return mr;
1917 }
1918
1919 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1920 uint64_t val, unsigned size)
1921 {
1922 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1923 tb_invalidate_phys_page_fast(ram_addr, size);
1924 }
1925 switch (size) {
1926 case 1:
1927 stb_p(qemu_get_ram_ptr(ram_addr), val);
1928 break;
1929 case 2:
1930 stw_p(qemu_get_ram_ptr(ram_addr), val);
1931 break;
1932 case 4:
1933 stl_p(qemu_get_ram_ptr(ram_addr), val);
1934 break;
1935 default:
1936 abort();
1937 }
1938 /* Set both VGA and migration bits for simplicity and to remove
1939 * the notdirty callback faster.
1940 */
1941 cpu_physical_memory_set_dirty_range(ram_addr, size,
1942 DIRTY_CLIENTS_NOCODE);
1943 /* we remove the notdirty callback only if the code has been
1944 flushed */
1945 if (!cpu_physical_memory_is_clean(ram_addr)) {
1946 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1947 }
1948 }
1949
1950 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1951 unsigned size, bool is_write)
1952 {
1953 return is_write;
1954 }
1955
1956 static const MemoryRegionOps notdirty_mem_ops = {
1957 .write = notdirty_mem_write,
1958 .valid.accepts = notdirty_mem_accepts,
1959 .endianness = DEVICE_NATIVE_ENDIAN,
1960 };
1961
1962 /* Generate a debug exception if a watchpoint has been hit. */
1963 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1964 {
1965 CPUState *cpu = current_cpu;
1966 CPUArchState *env = cpu->env_ptr;
1967 target_ulong pc, cs_base;
1968 target_ulong vaddr;
1969 CPUWatchpoint *wp;
1970 int cpu_flags;
1971
1972 if (cpu->watchpoint_hit) {
1973 /* We re-entered the check after replacing the TB. Now raise
1974 * the debug interrupt so that is will trigger after the
1975 * current instruction. */
1976 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1977 return;
1978 }
1979 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1980 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1981 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1982 && (wp->flags & flags)) {
1983 if (flags == BP_MEM_READ) {
1984 wp->flags |= BP_WATCHPOINT_HIT_READ;
1985 } else {
1986 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1987 }
1988 wp->hitaddr = vaddr;
1989 wp->hitattrs = attrs;
1990 if (!cpu->watchpoint_hit) {
1991 cpu->watchpoint_hit = wp;
1992 tb_check_watchpoint(cpu);
1993 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1994 cpu->exception_index = EXCP_DEBUG;
1995 cpu_loop_exit(cpu);
1996 } else {
1997 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1998 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1999 cpu_resume_from_signal(cpu, NULL);
2000 }
2001 }
2002 } else {
2003 wp->flags &= ~BP_WATCHPOINT_HIT;
2004 }
2005 }
2006 }
2007
2008 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2009 so these check for a hit then pass through to the normal out-of-line
2010 phys routines. */
2011 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2012 unsigned size, MemTxAttrs attrs)
2013 {
2014 MemTxResult res;
2015 uint64_t data;
2016
2017 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2018 switch (size) {
2019 case 1:
2020 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2021 break;
2022 case 2:
2023 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2024 break;
2025 case 4:
2026 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2027 break;
2028 default: abort();
2029 }
2030 *pdata = data;
2031 return res;
2032 }
2033
2034 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2035 uint64_t val, unsigned size,
2036 MemTxAttrs attrs)
2037 {
2038 MemTxResult res;
2039
2040 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2041 switch (size) {
2042 case 1:
2043 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2044 break;
2045 case 2:
2046 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2047 break;
2048 case 4:
2049 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2050 break;
2051 default: abort();
2052 }
2053 return res;
2054 }
2055
2056 static const MemoryRegionOps watch_mem_ops = {
2057 .read_with_attrs = watch_mem_read,
2058 .write_with_attrs = watch_mem_write,
2059 .endianness = DEVICE_NATIVE_ENDIAN,
2060 };
2061
2062 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2063 unsigned len, MemTxAttrs attrs)
2064 {
2065 subpage_t *subpage = opaque;
2066 uint8_t buf[8];
2067 MemTxResult res;
2068
2069 #if defined(DEBUG_SUBPAGE)
2070 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2071 subpage, len, addr);
2072 #endif
2073 res = address_space_read(subpage->as, addr + subpage->base,
2074 attrs, buf, len);
2075 if (res) {
2076 return res;
2077 }
2078 switch (len) {
2079 case 1:
2080 *data = ldub_p(buf);
2081 return MEMTX_OK;
2082 case 2:
2083 *data = lduw_p(buf);
2084 return MEMTX_OK;
2085 case 4:
2086 *data = ldl_p(buf);
2087 return MEMTX_OK;
2088 case 8:
2089 *data = ldq_p(buf);
2090 return MEMTX_OK;
2091 default:
2092 abort();
2093 }
2094 }
2095
2096 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2097 uint64_t value, unsigned len, MemTxAttrs attrs)
2098 {
2099 subpage_t *subpage = opaque;
2100 uint8_t buf[8];
2101
2102 #if defined(DEBUG_SUBPAGE)
2103 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2104 " value %"PRIx64"\n",
2105 __func__, subpage, len, addr, value);
2106 #endif
2107 switch (len) {
2108 case 1:
2109 stb_p(buf, value);
2110 break;
2111 case 2:
2112 stw_p(buf, value);
2113 break;
2114 case 4:
2115 stl_p(buf, value);
2116 break;
2117 case 8:
2118 stq_p(buf, value);
2119 break;
2120 default:
2121 abort();
2122 }
2123 return address_space_write(subpage->as, addr + subpage->base,
2124 attrs, buf, len);
2125 }
2126
2127 static bool subpage_accepts(void *opaque, hwaddr addr,
2128 unsigned len, bool is_write)
2129 {
2130 subpage_t *subpage = opaque;
2131 #if defined(DEBUG_SUBPAGE)
2132 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2133 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2134 #endif
2135
2136 return address_space_access_valid(subpage->as, addr + subpage->base,
2137 len, is_write);
2138 }
2139
2140 static const MemoryRegionOps subpage_ops = {
2141 .read_with_attrs = subpage_read,
2142 .write_with_attrs = subpage_write,
2143 .impl.min_access_size = 1,
2144 .impl.max_access_size = 8,
2145 .valid.min_access_size = 1,
2146 .valid.max_access_size = 8,
2147 .valid.accepts = subpage_accepts,
2148 .endianness = DEVICE_NATIVE_ENDIAN,
2149 };
2150
2151 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2152 uint16_t section)
2153 {
2154 int idx, eidx;
2155
2156 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2157 return -1;
2158 idx = SUBPAGE_IDX(start);
2159 eidx = SUBPAGE_IDX(end);
2160 #if defined(DEBUG_SUBPAGE)
2161 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2162 __func__, mmio, start, end, idx, eidx, section);
2163 #endif
2164 for (; idx <= eidx; idx++) {
2165 mmio->sub_section[idx] = section;
2166 }
2167
2168 return 0;
2169 }
2170
2171 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2172 {
2173 subpage_t *mmio;
2174
2175 mmio = g_malloc0(sizeof(subpage_t));
2176
2177 mmio->as = as;
2178 mmio->base = base;
2179 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2180 NULL, TARGET_PAGE_SIZE);
2181 mmio->iomem.subpage = true;
2182 #if defined(DEBUG_SUBPAGE)
2183 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2184 mmio, base, TARGET_PAGE_SIZE);
2185 #endif
2186 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2187
2188 return mmio;
2189 }
2190
2191 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2192 MemoryRegion *mr)
2193 {
2194 assert(as);
2195 MemoryRegionSection section = {
2196 .address_space = as,
2197 .mr = mr,
2198 .offset_within_address_space = 0,
2199 .offset_within_region = 0,
2200 .size = int128_2_64(),
2201 };
2202
2203 return phys_section_add(map, &section);
2204 }
2205
2206 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2207 {
2208 CPUAddressSpace *cpuas = &cpu->cpu_ases[0];
2209 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2210 MemoryRegionSection *sections = d->map.sections;
2211
2212 return sections[index & ~TARGET_PAGE_MASK].mr;
2213 }
2214
2215 static void io_mem_init(void)
2216 {
2217 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2218 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2219 NULL, UINT64_MAX);
2220 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2221 NULL, UINT64_MAX);
2222 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2223 NULL, UINT64_MAX);
2224 }
2225
2226 static void mem_begin(MemoryListener *listener)
2227 {
2228 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2229 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2230 uint16_t n;
2231
2232 n = dummy_section(&d->map, as, &io_mem_unassigned);
2233 assert(n == PHYS_SECTION_UNASSIGNED);
2234 n = dummy_section(&d->map, as, &io_mem_notdirty);
2235 assert(n == PHYS_SECTION_NOTDIRTY);
2236 n = dummy_section(&d->map, as, &io_mem_rom);
2237 assert(n == PHYS_SECTION_ROM);
2238 n = dummy_section(&d->map, as, &io_mem_watch);
2239 assert(n == PHYS_SECTION_WATCH);
2240
2241 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2242 d->as = as;
2243 as->next_dispatch = d;
2244 }
2245
2246 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2247 {
2248 phys_sections_free(&d->map);
2249 g_free(d);
2250 }
2251
2252 static void mem_commit(MemoryListener *listener)
2253 {
2254 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2255 AddressSpaceDispatch *cur = as->dispatch;
2256 AddressSpaceDispatch *next = as->next_dispatch;
2257
2258 phys_page_compact_all(next, next->map.nodes_nb);
2259
2260 atomic_rcu_set(&as->dispatch, next);
2261 if (cur) {
2262 call_rcu(cur, address_space_dispatch_free, rcu);
2263 }
2264 }
2265
2266 static void tcg_commit(MemoryListener *listener)
2267 {
2268 CPUAddressSpace *cpuas;
2269 AddressSpaceDispatch *d;
2270
2271 /* since each CPU stores ram addresses in its TLB cache, we must
2272 reset the modified entries */
2273 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2274 cpu_reloading_memory_map();
2275 /* The CPU and TLB are protected by the iothread lock.
2276 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2277 * may have split the RCU critical section.
2278 */
2279 d = atomic_rcu_read(&cpuas->as->dispatch);
2280 cpuas->memory_dispatch = d;
2281 tlb_flush(cpuas->cpu, 1);
2282 }
2283
2284 void address_space_init_dispatch(AddressSpace *as)
2285 {
2286 as->dispatch = NULL;
2287 as->dispatch_listener = (MemoryListener) {
2288 .begin = mem_begin,
2289 .commit = mem_commit,
2290 .region_add = mem_add,
2291 .region_nop = mem_add,
2292 .priority = 0,
2293 };
2294 memory_listener_register(&as->dispatch_listener, as);
2295 }
2296
2297 void address_space_unregister(AddressSpace *as)
2298 {
2299 memory_listener_unregister(&as->dispatch_listener);
2300 }
2301
2302 void address_space_destroy_dispatch(AddressSpace *as)
2303 {
2304 AddressSpaceDispatch *d = as->dispatch;
2305
2306 atomic_rcu_set(&as->dispatch, NULL);
2307 if (d) {
2308 call_rcu(d, address_space_dispatch_free, rcu);
2309 }
2310 }
2311
2312 static void memory_map_init(void)
2313 {
2314 system_memory = g_malloc(sizeof(*system_memory));
2315
2316 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2317 address_space_init(&address_space_memory, system_memory, "memory");
2318
2319 system_io = g_malloc(sizeof(*system_io));
2320 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2321 65536);
2322 address_space_init(&address_space_io, system_io, "I/O");
2323 }
2324
2325 MemoryRegion *get_system_memory(void)
2326 {
2327 return system_memory;
2328 }
2329
2330 MemoryRegion *get_system_io(void)
2331 {
2332 return system_io;
2333 }
2334
2335 #endif /* !defined(CONFIG_USER_ONLY) */
2336
2337 /* physical memory access (slow version, mainly for debug) */
2338 #if defined(CONFIG_USER_ONLY)
2339 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2340 uint8_t *buf, int len, int is_write)
2341 {
2342 int l, flags;
2343 target_ulong page;
2344 void * p;
2345
2346 while (len > 0) {
2347 page = addr & TARGET_PAGE_MASK;
2348 l = (page + TARGET_PAGE_SIZE) - addr;
2349 if (l > len)
2350 l = len;
2351 flags = page_get_flags(page);
2352 if (!(flags & PAGE_VALID))
2353 return -1;
2354 if (is_write) {
2355 if (!(flags & PAGE_WRITE))
2356 return -1;
2357 /* XXX: this code should not depend on lock_user */
2358 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2359 return -1;
2360 memcpy(p, buf, l);
2361 unlock_user(p, addr, l);
2362 } else {
2363 if (!(flags & PAGE_READ))
2364 return -1;
2365 /* XXX: this code should not depend on lock_user */
2366 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2367 return -1;
2368 memcpy(buf, p, l);
2369 unlock_user(p, addr, 0);
2370 }
2371 len -= l;
2372 buf += l;
2373 addr += l;
2374 }
2375 return 0;
2376 }
2377
2378 #else
2379
2380 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2381 hwaddr length)
2382 {
2383 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2384 /* No early return if dirty_log_mask is or becomes 0, because
2385 * cpu_physical_memory_set_dirty_range will still call
2386 * xen_modified_memory.
2387 */
2388 if (dirty_log_mask) {
2389 dirty_log_mask =
2390 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2391 }
2392 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2393 tb_invalidate_phys_range(addr, addr + length);
2394 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2395 }
2396 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2397 }
2398
2399 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2400 {
2401 unsigned access_size_max = mr->ops->valid.max_access_size;
2402
2403 /* Regions are assumed to support 1-4 byte accesses unless
2404 otherwise specified. */
2405 if (access_size_max == 0) {
2406 access_size_max = 4;
2407 }
2408
2409 /* Bound the maximum access by the alignment of the address. */
2410 if (!mr->ops->impl.unaligned) {
2411 unsigned align_size_max = addr & -addr;
2412 if (align_size_max != 0 && align_size_max < access_size_max) {
2413 access_size_max = align_size_max;
2414 }
2415 }
2416
2417 /* Don't attempt accesses larger than the maximum. */
2418 if (l > access_size_max) {
2419 l = access_size_max;
2420 }
2421 l = pow2floor(l);
2422
2423 return l;
2424 }
2425
2426 static bool prepare_mmio_access(MemoryRegion *mr)
2427 {
2428 bool unlocked = !qemu_mutex_iothread_locked();
2429 bool release_lock = false;
2430
2431 if (unlocked && mr->global_locking) {
2432 qemu_mutex_lock_iothread();
2433 unlocked = false;
2434 release_lock = true;
2435 }
2436 if (mr->flush_coalesced_mmio) {
2437 if (unlocked) {
2438 qemu_mutex_lock_iothread();
2439 }
2440 qemu_flush_coalesced_mmio_buffer();
2441 if (unlocked) {
2442 qemu_mutex_unlock_iothread();
2443 }
2444 }
2445
2446 return release_lock;
2447 }
2448
2449 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2450 uint8_t *buf, int len, bool is_write)
2451 {
2452 hwaddr l;
2453 uint8_t *ptr;
2454 uint64_t val;
2455 hwaddr addr1;
2456 MemoryRegion *mr;
2457 MemTxResult result = MEMTX_OK;
2458 bool release_lock = false;
2459
2460 rcu_read_lock();
2461 while (len > 0) {
2462 l = len;
2463 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2464
2465 if (is_write) {
2466 if (!memory_access_is_direct(mr, is_write)) {
2467 release_lock |= prepare_mmio_access(mr);
2468 l = memory_access_size(mr, l, addr1);
2469 /* XXX: could force current_cpu to NULL to avoid
2470 potential bugs */
2471 switch (l) {
2472 case 8:
2473 /* 64 bit write access */
2474 val = ldq_p(buf);
2475 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2476 attrs);
2477 break;
2478 case 4:
2479 /* 32 bit write access */
2480 val = ldl_p(buf);
2481 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2482 attrs);
2483 break;
2484 case 2:
2485 /* 16 bit write access */
2486 val = lduw_p(buf);
2487 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2488 attrs);
2489 break;
2490 case 1:
2491 /* 8 bit write access */
2492 val = ldub_p(buf);
2493 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2494 attrs);
2495 break;
2496 default:
2497 abort();
2498 }
2499 } else {
2500 addr1 += memory_region_get_ram_addr(mr);
2501 /* RAM case */
2502 ptr = qemu_get_ram_ptr(addr1);
2503 memcpy(ptr, buf, l);
2504 invalidate_and_set_dirty(mr, addr1, l);
2505 }
2506 } else {
2507 if (!memory_access_is_direct(mr, is_write)) {
2508 /* I/O case */
2509 release_lock |= prepare_mmio_access(mr);
2510 l = memory_access_size(mr, l, addr1);
2511 switch (l) {
2512 case 8:
2513 /* 64 bit read access */
2514 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2515 attrs);
2516 stq_p(buf, val);
2517 break;
2518 case 4:
2519 /* 32 bit read access */
2520 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2521 attrs);
2522 stl_p(buf, val);
2523 break;
2524 case 2:
2525 /* 16 bit read access */
2526 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2527 attrs);
2528 stw_p(buf, val);
2529 break;
2530 case 1:
2531 /* 8 bit read access */
2532 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2533 attrs);
2534 stb_p(buf, val);
2535 break;
2536 default:
2537 abort();
2538 }
2539 } else {
2540 /* RAM case */
2541 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2542 memcpy(buf, ptr, l);
2543 }
2544 }
2545
2546 if (release_lock) {
2547 qemu_mutex_unlock_iothread();
2548 release_lock = false;
2549 }
2550
2551 len -= l;
2552 buf += l;
2553 addr += l;
2554 }
2555 rcu_read_unlock();
2556
2557 return result;
2558 }
2559
2560 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2561 const uint8_t *buf, int len)
2562 {
2563 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2564 }
2565
2566 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2567 uint8_t *buf, int len)
2568 {
2569 return address_space_rw(as, addr, attrs, buf, len, false);
2570 }
2571
2572
2573 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2574 int len, int is_write)
2575 {
2576 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2577 buf, len, is_write);
2578 }
2579
2580 enum write_rom_type {
2581 WRITE_DATA,
2582 FLUSH_CACHE,
2583 };
2584
2585 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2586 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2587 {
2588 hwaddr l;
2589 uint8_t *ptr;
2590 hwaddr addr1;
2591 MemoryRegion *mr;
2592
2593 rcu_read_lock();
2594 while (len > 0) {
2595 l = len;
2596 mr = address_space_translate(as, addr, &addr1, &l, true);
2597
2598 if (!(memory_region_is_ram(mr) ||
2599 memory_region_is_romd(mr))) {
2600 l = memory_access_size(mr, l, addr1);
2601 } else {
2602 addr1 += memory_region_get_ram_addr(mr);
2603 /* ROM/RAM case */
2604 ptr = qemu_get_ram_ptr(addr1);
2605 switch (type) {
2606 case WRITE_DATA:
2607 memcpy(ptr, buf, l);
2608 invalidate_and_set_dirty(mr, addr1, l);
2609 break;
2610 case FLUSH_CACHE:
2611 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2612 break;
2613 }
2614 }
2615 len -= l;
2616 buf += l;
2617 addr += l;
2618 }
2619 rcu_read_unlock();
2620 }
2621
2622 /* used for ROM loading : can write in RAM and ROM */
2623 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2624 const uint8_t *buf, int len)
2625 {
2626 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2627 }
2628
2629 void cpu_flush_icache_range(hwaddr start, int len)
2630 {
2631 /*
2632 * This function should do the same thing as an icache flush that was
2633 * triggered from within the guest. For TCG we are always cache coherent,
2634 * so there is no need to flush anything. For KVM / Xen we need to flush
2635 * the host's instruction cache at least.
2636 */
2637 if (tcg_enabled()) {
2638 return;
2639 }
2640
2641 cpu_physical_memory_write_rom_internal(&address_space_memory,
2642 start, NULL, len, FLUSH_CACHE);
2643 }
2644
2645 typedef struct {
2646 MemoryRegion *mr;
2647 void *buffer;
2648 hwaddr addr;
2649 hwaddr len;
2650 bool in_use;
2651 } BounceBuffer;
2652
2653 static BounceBuffer bounce;
2654
2655 typedef struct MapClient {
2656 QEMUBH *bh;
2657 QLIST_ENTRY(MapClient) link;
2658 } MapClient;
2659
2660 QemuMutex map_client_list_lock;
2661 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2662 = QLIST_HEAD_INITIALIZER(map_client_list);
2663
2664 static void cpu_unregister_map_client_do(MapClient *client)
2665 {
2666 QLIST_REMOVE(client, link);
2667 g_free(client);
2668 }
2669
2670 static void cpu_notify_map_clients_locked(void)
2671 {
2672 MapClient *client;
2673
2674 while (!QLIST_EMPTY(&map_client_list)) {
2675 client = QLIST_FIRST(&map_client_list);
2676 qemu_bh_schedule(client->bh);
2677 cpu_unregister_map_client_do(client);
2678 }
2679 }
2680
2681 void cpu_register_map_client(QEMUBH *bh)
2682 {
2683 MapClient *client = g_malloc(sizeof(*client));
2684
2685 qemu_mutex_lock(&map_client_list_lock);
2686 client->bh = bh;
2687 QLIST_INSERT_HEAD(&map_client_list, client, link);
2688 if (!atomic_read(&bounce.in_use)) {
2689 cpu_notify_map_clients_locked();
2690 }
2691 qemu_mutex_unlock(&map_client_list_lock);
2692 }
2693
2694 void cpu_exec_init_all(void)
2695 {
2696 qemu_mutex_init(&ram_list.mutex);
2697 io_mem_init();
2698 memory_map_init();
2699 qemu_mutex_init(&map_client_list_lock);
2700 }
2701
2702 void cpu_unregister_map_client(QEMUBH *bh)
2703 {
2704 MapClient *client;
2705
2706 qemu_mutex_lock(&map_client_list_lock);
2707 QLIST_FOREACH(client, &map_client_list, link) {
2708 if (client->bh == bh) {
2709 cpu_unregister_map_client_do(client);
2710 break;
2711 }
2712 }
2713 qemu_mutex_unlock(&map_client_list_lock);
2714 }
2715
2716 static void cpu_notify_map_clients(void)
2717 {
2718 qemu_mutex_lock(&map_client_list_lock);
2719 cpu_notify_map_clients_locked();
2720 qemu_mutex_unlock(&map_client_list_lock);
2721 }
2722
2723 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2724 {
2725 MemoryRegion *mr;
2726 hwaddr l, xlat;
2727
2728 rcu_read_lock();
2729 while (len > 0) {
2730 l = len;
2731 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2732 if (!memory_access_is_direct(mr, is_write)) {
2733 l = memory_access_size(mr, l, addr);
2734 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2735 return false;
2736 }
2737 }
2738
2739 len -= l;
2740 addr += l;
2741 }
2742 rcu_read_unlock();
2743 return true;
2744 }
2745
2746 /* Map a physical memory region into a host virtual address.
2747 * May map a subset of the requested range, given by and returned in *plen.
2748 * May return NULL if resources needed to perform the mapping are exhausted.
2749 * Use only for reads OR writes - not for read-modify-write operations.
2750 * Use cpu_register_map_client() to know when retrying the map operation is
2751 * likely to succeed.
2752 */
2753 void *address_space_map(AddressSpace *as,
2754 hwaddr addr,
2755 hwaddr *plen,
2756 bool is_write)
2757 {
2758 hwaddr len = *plen;
2759 hwaddr done = 0;
2760 hwaddr l, xlat, base;
2761 MemoryRegion *mr, *this_mr;
2762 ram_addr_t raddr;
2763
2764 if (len == 0) {
2765 return NULL;
2766 }
2767
2768 l = len;
2769 rcu_read_lock();
2770 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2771
2772 if (!memory_access_is_direct(mr, is_write)) {
2773 if (atomic_xchg(&bounce.in_use, true)) {
2774 rcu_read_unlock();
2775 return NULL;
2776 }
2777 /* Avoid unbounded allocations */
2778 l = MIN(l, TARGET_PAGE_SIZE);
2779 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2780 bounce.addr = addr;
2781 bounce.len = l;
2782
2783 memory_region_ref(mr);
2784 bounce.mr = mr;
2785 if (!is_write) {
2786 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2787 bounce.buffer, l);
2788 }
2789
2790 rcu_read_unlock();
2791 *plen = l;
2792 return bounce.buffer;
2793 }
2794
2795 base = xlat;
2796 raddr = memory_region_get_ram_addr(mr);
2797
2798 for (;;) {
2799 len -= l;
2800 addr += l;
2801 done += l;
2802 if (len == 0) {
2803 break;
2804 }
2805
2806 l = len;
2807 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2808 if (this_mr != mr || xlat != base + done) {
2809 break;
2810 }
2811 }
2812
2813 memory_region_ref(mr);
2814 rcu_read_unlock();
2815 *plen = done;
2816 return qemu_ram_ptr_length(raddr + base, plen);
2817 }
2818
2819 /* Unmaps a memory region previously mapped by address_space_map().
2820 * Will also mark the memory as dirty if is_write == 1. access_len gives
2821 * the amount of memory that was actually read or written by the caller.
2822 */
2823 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2824 int is_write, hwaddr access_len)
2825 {
2826 if (buffer != bounce.buffer) {
2827 MemoryRegion *mr;
2828 ram_addr_t addr1;
2829
2830 mr = qemu_ram_addr_from_host(buffer, &addr1);
2831 assert(mr != NULL);
2832 if (is_write) {
2833 invalidate_and_set_dirty(mr, addr1, access_len);
2834 }
2835 if (xen_enabled()) {
2836 xen_invalidate_map_cache_entry(buffer);
2837 }
2838 memory_region_unref(mr);
2839 return;
2840 }
2841 if (is_write) {
2842 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2843 bounce.buffer, access_len);
2844 }
2845 qemu_vfree(bounce.buffer);
2846 bounce.buffer = NULL;
2847 memory_region_unref(bounce.mr);
2848 atomic_mb_set(&bounce.in_use, false);
2849 cpu_notify_map_clients();
2850 }
2851
2852 void *cpu_physical_memory_map(hwaddr addr,
2853 hwaddr *plen,
2854 int is_write)
2855 {
2856 return address_space_map(&address_space_memory, addr, plen, is_write);
2857 }
2858
2859 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2860 int is_write, hwaddr access_len)
2861 {
2862 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2863 }
2864
2865 /* warning: addr must be aligned */
2866 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2867 MemTxAttrs attrs,
2868 MemTxResult *result,
2869 enum device_endian endian)
2870 {
2871 uint8_t *ptr;
2872 uint64_t val;
2873 MemoryRegion *mr;
2874 hwaddr l = 4;
2875 hwaddr addr1;
2876 MemTxResult r;
2877 bool release_lock = false;
2878
2879 rcu_read_lock();
2880 mr = address_space_translate(as, addr, &addr1, &l, false);
2881 if (l < 4 || !memory_access_is_direct(mr, false)) {
2882 release_lock |= prepare_mmio_access(mr);
2883
2884 /* I/O case */
2885 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2886 #if defined(TARGET_WORDS_BIGENDIAN)
2887 if (endian == DEVICE_LITTLE_ENDIAN) {
2888 val = bswap32(val);
2889 }
2890 #else
2891 if (endian == DEVICE_BIG_ENDIAN) {
2892 val = bswap32(val);
2893 }
2894 #endif
2895 } else {
2896 /* RAM case */
2897 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2898 & TARGET_PAGE_MASK)
2899 + addr1);
2900 switch (endian) {
2901 case DEVICE_LITTLE_ENDIAN:
2902 val = ldl_le_p(ptr);
2903 break;
2904 case DEVICE_BIG_ENDIAN:
2905 val = ldl_be_p(ptr);
2906 break;
2907 default:
2908 val = ldl_p(ptr);
2909 break;
2910 }
2911 r = MEMTX_OK;
2912 }
2913 if (result) {
2914 *result = r;
2915 }
2916 if (release_lock) {
2917 qemu_mutex_unlock_iothread();
2918 }
2919 rcu_read_unlock();
2920 return val;
2921 }
2922
2923 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2924 MemTxAttrs attrs, MemTxResult *result)
2925 {
2926 return address_space_ldl_internal(as, addr, attrs, result,
2927 DEVICE_NATIVE_ENDIAN);
2928 }
2929
2930 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2931 MemTxAttrs attrs, MemTxResult *result)
2932 {
2933 return address_space_ldl_internal(as, addr, attrs, result,
2934 DEVICE_LITTLE_ENDIAN);
2935 }
2936
2937 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2938 MemTxAttrs attrs, MemTxResult *result)
2939 {
2940 return address_space_ldl_internal(as, addr, attrs, result,
2941 DEVICE_BIG_ENDIAN);
2942 }
2943
2944 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2945 {
2946 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2947 }
2948
2949 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2950 {
2951 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2952 }
2953
2954 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2955 {
2956 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2957 }
2958
2959 /* warning: addr must be aligned */
2960 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2961 MemTxAttrs attrs,
2962 MemTxResult *result,
2963 enum device_endian endian)
2964 {
2965 uint8_t *ptr;
2966 uint64_t val;
2967 MemoryRegion *mr;
2968 hwaddr l = 8;
2969 hwaddr addr1;
2970 MemTxResult r;
2971 bool release_lock = false;
2972
2973 rcu_read_lock();
2974 mr = address_space_translate(as, addr, &addr1, &l,
2975 false);
2976 if (l < 8 || !memory_access_is_direct(mr, false)) {
2977 release_lock |= prepare_mmio_access(mr);
2978
2979 /* I/O case */
2980 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2981 #if defined(TARGET_WORDS_BIGENDIAN)
2982 if (endian == DEVICE_LITTLE_ENDIAN) {
2983 val = bswap64(val);
2984 }
2985 #else
2986 if (endian == DEVICE_BIG_ENDIAN) {
2987 val = bswap64(val);
2988 }
2989 #endif
2990 } else {
2991 /* RAM case */
2992 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2993 & TARGET_PAGE_MASK)
2994 + addr1);
2995 switch (endian) {
2996 case DEVICE_LITTLE_ENDIAN:
2997 val = ldq_le_p(ptr);
2998 break;
2999 case DEVICE_BIG_ENDIAN:
3000 val = ldq_be_p(ptr);
3001 break;
3002 default:
3003 val = ldq_p(ptr);
3004 break;
3005 }
3006 r = MEMTX_OK;
3007 }
3008 if (result) {
3009 *result = r;
3010 }
3011 if (release_lock) {
3012 qemu_mutex_unlock_iothread();
3013 }
3014 rcu_read_unlock();
3015 return val;
3016 }
3017
3018 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3019 MemTxAttrs attrs, MemTxResult *result)
3020 {
3021 return address_space_ldq_internal(as, addr, attrs, result,
3022 DEVICE_NATIVE_ENDIAN);
3023 }
3024
3025 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3026 MemTxAttrs attrs, MemTxResult *result)
3027 {
3028 return address_space_ldq_internal(as, addr, attrs, result,
3029 DEVICE_LITTLE_ENDIAN);
3030 }
3031
3032 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3033 MemTxAttrs attrs, MemTxResult *result)
3034 {
3035 return address_space_ldq_internal(as, addr, attrs, result,
3036 DEVICE_BIG_ENDIAN);
3037 }
3038
3039 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3040 {
3041 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3042 }
3043
3044 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3045 {
3046 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3047 }
3048
3049 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3050 {
3051 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3052 }
3053
3054 /* XXX: optimize */
3055 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3056 MemTxAttrs attrs, MemTxResult *result)
3057 {
3058 uint8_t val;
3059 MemTxResult r;
3060
3061 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3062 if (result) {
3063 *result = r;
3064 }
3065 return val;
3066 }
3067
3068 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3069 {
3070 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3071 }
3072
3073 /* warning: addr must be aligned */
3074 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3075 hwaddr addr,
3076 MemTxAttrs attrs,
3077 MemTxResult *result,
3078 enum device_endian endian)
3079 {
3080 uint8_t *ptr;
3081 uint64_t val;
3082 MemoryRegion *mr;
3083 hwaddr l = 2;
3084 hwaddr addr1;
3085 MemTxResult r;
3086 bool release_lock = false;
3087
3088 rcu_read_lock();
3089 mr = address_space_translate(as, addr, &addr1, &l,
3090 false);
3091 if (l < 2 || !memory_access_is_direct(mr, false)) {
3092 release_lock |= prepare_mmio_access(mr);
3093
3094 /* I/O case */
3095 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3096 #if defined(TARGET_WORDS_BIGENDIAN)
3097 if (endian == DEVICE_LITTLE_ENDIAN) {
3098 val = bswap16(val);
3099 }
3100 #else
3101 if (endian == DEVICE_BIG_ENDIAN) {
3102 val = bswap16(val);
3103 }
3104 #endif
3105 } else {
3106 /* RAM case */
3107 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3108 & TARGET_PAGE_MASK)
3109 + addr1);
3110 switch (endian) {
3111 case DEVICE_LITTLE_ENDIAN:
3112 val = lduw_le_p(ptr);
3113 break;
3114 case DEVICE_BIG_ENDIAN:
3115 val = lduw_be_p(ptr);
3116 break;
3117 default:
3118 val = lduw_p(ptr);
3119 break;
3120 }
3121 r = MEMTX_OK;
3122 }
3123 if (result) {
3124 *result = r;
3125 }
3126 if (release_lock) {
3127 qemu_mutex_unlock_iothread();
3128 }
3129 rcu_read_unlock();
3130 return val;
3131 }
3132
3133 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3134 MemTxAttrs attrs, MemTxResult *result)
3135 {
3136 return address_space_lduw_internal(as, addr, attrs, result,
3137 DEVICE_NATIVE_ENDIAN);
3138 }
3139
3140 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3141 MemTxAttrs attrs, MemTxResult *result)
3142 {
3143 return address_space_lduw_internal(as, addr, attrs, result,
3144 DEVICE_LITTLE_ENDIAN);
3145 }
3146
3147 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3148 MemTxAttrs attrs, MemTxResult *result)
3149 {
3150 return address_space_lduw_internal(as, addr, attrs, result,
3151 DEVICE_BIG_ENDIAN);
3152 }
3153
3154 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3155 {
3156 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3157 }
3158
3159 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3160 {
3161 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3162 }
3163
3164 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3165 {
3166 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3167 }
3168
3169 /* warning: addr must be aligned. The ram page is not masked as dirty
3170 and the code inside is not invalidated. It is useful if the dirty
3171 bits are used to track modified PTEs */
3172 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3173 MemTxAttrs attrs, MemTxResult *result)
3174 {
3175 uint8_t *ptr;
3176 MemoryRegion *mr;
3177 hwaddr l = 4;
3178 hwaddr addr1;
3179 MemTxResult r;
3180 uint8_t dirty_log_mask;
3181 bool release_lock = false;
3182
3183 rcu_read_lock();
3184 mr = address_space_translate(as, addr, &addr1, &l,
3185 true);
3186 if (l < 4 || !memory_access_is_direct(mr, true)) {
3187 release_lock |= prepare_mmio_access(mr);
3188
3189 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3190 } else {
3191 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3192 ptr = qemu_get_ram_ptr(addr1);
3193 stl_p(ptr, val);
3194
3195 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3196 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3197 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3198 r = MEMTX_OK;
3199 }
3200 if (result) {
3201 *result = r;
3202 }
3203 if (release_lock) {
3204 qemu_mutex_unlock_iothread();
3205 }
3206 rcu_read_unlock();
3207 }
3208
3209 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3210 {
3211 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3212 }
3213
3214 /* warning: addr must be aligned */
3215 static inline void address_space_stl_internal(AddressSpace *as,
3216 hwaddr addr, uint32_t val,
3217 MemTxAttrs attrs,
3218 MemTxResult *result,
3219 enum device_endian endian)
3220 {
3221 uint8_t *ptr;
3222 MemoryRegion *mr;
3223 hwaddr l = 4;
3224 hwaddr addr1;
3225 MemTxResult r;
3226 bool release_lock = false;
3227
3228 rcu_read_lock();
3229 mr = address_space_translate(as, addr, &addr1, &l,
3230 true);
3231 if (l < 4 || !memory_access_is_direct(mr, true)) {
3232 release_lock |= prepare_mmio_access(mr);
3233
3234 #if defined(TARGET_WORDS_BIGENDIAN)
3235 if (endian == DEVICE_LITTLE_ENDIAN) {
3236 val = bswap32(val);
3237 }
3238 #else
3239 if (endian == DEVICE_BIG_ENDIAN) {
3240 val = bswap32(val);
3241 }
3242 #endif
3243 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3244 } else {
3245 /* RAM case */
3246 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3247 ptr = qemu_get_ram_ptr(addr1);
3248 switch (endian) {
3249 case DEVICE_LITTLE_ENDIAN:
3250 stl_le_p(ptr, val);
3251 break;
3252 case DEVICE_BIG_ENDIAN:
3253 stl_be_p(ptr, val);
3254 break;
3255 default:
3256 stl_p(ptr, val);
3257 break;
3258 }
3259 invalidate_and_set_dirty(mr, addr1, 4);
3260 r = MEMTX_OK;
3261 }
3262 if (result) {
3263 *result = r;
3264 }
3265 if (release_lock) {
3266 qemu_mutex_unlock_iothread();
3267 }
3268 rcu_read_unlock();
3269 }
3270
3271 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3272 MemTxAttrs attrs, MemTxResult *result)
3273 {
3274 address_space_stl_internal(as, addr, val, attrs, result,
3275 DEVICE_NATIVE_ENDIAN);
3276 }
3277
3278 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3279 MemTxAttrs attrs, MemTxResult *result)
3280 {
3281 address_space_stl_internal(as, addr, val, attrs, result,
3282 DEVICE_LITTLE_ENDIAN);
3283 }
3284
3285 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3286 MemTxAttrs attrs, MemTxResult *result)
3287 {
3288 address_space_stl_internal(as, addr, val, attrs, result,
3289 DEVICE_BIG_ENDIAN);
3290 }
3291
3292 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3293 {
3294 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3295 }
3296
3297 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3298 {
3299 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3300 }
3301
3302 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3303 {
3304 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3305 }
3306
3307 /* XXX: optimize */
3308 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3309 MemTxAttrs attrs, MemTxResult *result)
3310 {
3311 uint8_t v = val;
3312 MemTxResult r;
3313
3314 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3315 if (result) {
3316 *result = r;
3317 }
3318 }
3319
3320 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3321 {
3322 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3323 }
3324
3325 /* warning: addr must be aligned */
3326 static inline void address_space_stw_internal(AddressSpace *as,
3327 hwaddr addr, uint32_t val,
3328 MemTxAttrs attrs,
3329 MemTxResult *result,
3330 enum device_endian endian)
3331 {
3332 uint8_t *ptr;
3333 MemoryRegion *mr;
3334 hwaddr l = 2;
3335 hwaddr addr1;
3336 MemTxResult r;
3337 bool release_lock = false;
3338
3339 rcu_read_lock();
3340 mr = address_space_translate(as, addr, &addr1, &l, true);
3341 if (l < 2 || !memory_access_is_direct(mr, true)) {
3342 release_lock |= prepare_mmio_access(mr);
3343
3344 #if defined(TARGET_WORDS_BIGENDIAN)
3345 if (endian == DEVICE_LITTLE_ENDIAN) {
3346 val = bswap16(val);
3347 }
3348 #else
3349 if (endian == DEVICE_BIG_ENDIAN) {
3350 val = bswap16(val);
3351 }
3352 #endif
3353 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3354 } else {
3355 /* RAM case */
3356 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3357 ptr = qemu_get_ram_ptr(addr1);
3358 switch (endian) {
3359 case DEVICE_LITTLE_ENDIAN:
3360 stw_le_p(ptr, val);
3361 break;
3362 case DEVICE_BIG_ENDIAN:
3363 stw_be_p(ptr, val);
3364 break;
3365 default:
3366 stw_p(ptr, val);
3367 break;
3368 }
3369 invalidate_and_set_dirty(mr, addr1, 2);
3370 r = MEMTX_OK;
3371 }
3372 if (result) {
3373 *result = r;
3374 }
3375 if (release_lock) {
3376 qemu_mutex_unlock_iothread();
3377 }
3378 rcu_read_unlock();
3379 }
3380
3381 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3382 MemTxAttrs attrs, MemTxResult *result)
3383 {
3384 address_space_stw_internal(as, addr, val, attrs, result,
3385 DEVICE_NATIVE_ENDIAN);
3386 }
3387
3388 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3389 MemTxAttrs attrs, MemTxResult *result)
3390 {
3391 address_space_stw_internal(as, addr, val, attrs, result,
3392 DEVICE_LITTLE_ENDIAN);
3393 }
3394
3395 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3396 MemTxAttrs attrs, MemTxResult *result)
3397 {
3398 address_space_stw_internal(as, addr, val, attrs, result,
3399 DEVICE_BIG_ENDIAN);
3400 }
3401
3402 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3403 {
3404 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3405 }
3406
3407 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3408 {
3409 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3410 }
3411
3412 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3413 {
3414 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3415 }
3416
3417 /* XXX: optimize */
3418 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3419 MemTxAttrs attrs, MemTxResult *result)
3420 {
3421 MemTxResult r;
3422 val = tswap64(val);
3423 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3424 if (result) {
3425 *result = r;
3426 }
3427 }
3428
3429 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3430 MemTxAttrs attrs, MemTxResult *result)
3431 {
3432 MemTxResult r;
3433 val = cpu_to_le64(val);
3434 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3435 if (result) {
3436 *result = r;
3437 }
3438 }
3439 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3440 MemTxAttrs attrs, MemTxResult *result)
3441 {
3442 MemTxResult r;
3443 val = cpu_to_be64(val);
3444 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3445 if (result) {
3446 *result = r;
3447 }
3448 }
3449
3450 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3451 {
3452 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3453 }
3454
3455 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3456 {
3457 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3458 }
3459
3460 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3461 {
3462 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3463 }
3464
3465 /* virtual memory access for debug (includes writing to ROM) */
3466 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3467 uint8_t *buf, int len, int is_write)
3468 {
3469 int l;
3470 hwaddr phys_addr;
3471 target_ulong page;
3472
3473 while (len > 0) {
3474 page = addr & TARGET_PAGE_MASK;
3475 phys_addr = cpu_get_phys_page_debug(cpu, page);
3476 /* if no physical page mapped, return an error */
3477 if (phys_addr == -1)
3478 return -1;
3479 l = (page + TARGET_PAGE_SIZE) - addr;
3480 if (l > len)
3481 l = len;
3482 phys_addr += (addr & ~TARGET_PAGE_MASK);
3483 if (is_write) {
3484 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3485 } else {
3486 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3487 buf, l, 0);
3488 }
3489 len -= l;
3490 buf += l;
3491 addr += l;
3492 }
3493 return 0;
3494 }
3495 #endif
3496
3497 /*
3498 * A helper function for the _utterly broken_ virtio device model to find out if
3499 * it's running on a big endian machine. Don't do this at home kids!
3500 */
3501 bool target_words_bigendian(void);
3502 bool target_words_bigendian(void)
3503 {
3504 #if defined(TARGET_WORDS_BIGENDIAN)
3505 return true;
3506 #else
3507 return false;
3508 #endif
3509 }
3510
3511 #ifndef CONFIG_USER_ONLY
3512 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3513 {
3514 MemoryRegion*mr;
3515 hwaddr l = 1;
3516 bool res;
3517
3518 rcu_read_lock();
3519 mr = address_space_translate(&address_space_memory,
3520 phys_addr, &phys_addr, &l, false);
3521
3522 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3523 rcu_read_unlock();
3524 return res;
3525 }
3526
3527 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3528 {
3529 RAMBlock *block;
3530 int ret = 0;
3531
3532 rcu_read_lock();
3533 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3534 ret = func(block->idstr, block->host, block->offset,
3535 block->used_length, opaque);
3536 if (ret) {
3537 break;
3538 }
3539 }
3540 rcu_read_unlock();
3541 return ret;
3542 }
3543 #endif
AR7 emulation for QEMU