search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'qemu/master'
[qemu/ar7.git] / exec.c
blob9589d67726182e61843a91548d26db34ac702eb1
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53
54 #include "exec/memory-internal.h"
55 #include "exec/ram_addr.h"
56
57 #include "qemu/range.h"
58
59 //#define DEBUG_SUBPAGE
60
61 #if !defined(CONFIG_USER_ONLY)
62 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
63 * are protected by the ramlist lock.
64 */
65 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
66
67 static MemoryRegion *system_memory;
68 static MemoryRegion *system_io;
69
70 AddressSpace address_space_io;
71 AddressSpace address_space_memory;
72
73 MemoryRegion io_mem_rom, io_mem_notdirty;
74 static MemoryRegion io_mem_unassigned;
75
76 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
77 #define RAM_PREALLOC (1 << 0)
78
79 /* RAM is mmap-ed with MAP_SHARED */
80 #define RAM_SHARED (1 << 1)
81
82 /* Only a portion of RAM (used_length) is actually used, and migrated.
83 * This used_length size can change across reboots.
84 */
85 #define RAM_RESIZEABLE (1 << 2)
86
87 #endif
88
89 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
90 /* current CPU in the current thread. It is only valid inside
91 cpu_exec() */
92 __thread CPUState *current_cpu;
93 /* 0 = Do not count executed instructions.
94 1 = Precise instruction counting.
95 2 = Adaptive rate instruction counting. */
96 int use_icount;
97
98 #if !defined(CONFIG_USER_ONLY)
99
100 typedef struct PhysPageEntry PhysPageEntry;
101
102 struct PhysPageEntry {
103 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
104 uint32_t skip : 6;
105 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
106 uint32_t ptr : 26;
107 };
108
109 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
110
111 /* Size of the L2 (and L3, etc) page tables. */
112 #define ADDR_SPACE_BITS 64
113
114 #define P_L2_BITS 9
115 #define P_L2_SIZE (1 << P_L2_BITS)
116
117 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
118
119 typedef PhysPageEntry Node[P_L2_SIZE];
120
121 typedef struct PhysPageMap {
122 struct rcu_head rcu;
123
124 unsigned sections_nb;
125 unsigned sections_nb_alloc;
126 unsigned nodes_nb;
127 unsigned nodes_nb_alloc;
128 Node *nodes;
129 MemoryRegionSection *sections;
130 } PhysPageMap;
131
132 struct AddressSpaceDispatch {
133 struct rcu_head rcu;
134
135 /* This is a multi-level map on the physical address space.
136 * The bottom level has pointers to MemoryRegionSections.
137 */
138 PhysPageEntry phys_map;
139 PhysPageMap map;
140 AddressSpace *as;
141 };
142
143 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
144 typedef struct subpage_t {
145 MemoryRegion iomem;
146 AddressSpace *as;
147 hwaddr base;
148 uint16_t sub_section[TARGET_PAGE_SIZE];
149 } subpage_t;
150
151 #define PHYS_SECTION_UNASSIGNED 0
152 #define PHYS_SECTION_NOTDIRTY 1
153 #define PHYS_SECTION_ROM 2
154 #define PHYS_SECTION_WATCH 3
155
156 static void io_mem_init(void);
157 static void memory_map_init(void);
158 static void tcg_commit(MemoryListener *listener);
159
160 static MemoryRegion io_mem_watch;
161 #endif
162
163 #if !defined(CONFIG_USER_ONLY)
164
165 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
166 {
167 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
168 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
170 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
171 }
172 }
173
174 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
175 {
176 unsigned i;
177 uint32_t ret;
178 PhysPageEntry e;
179 PhysPageEntry *p;
180
181 ret = map->nodes_nb++;
182 p = map->nodes[ret];
183 assert(ret != PHYS_MAP_NODE_NIL);
184 assert(ret != map->nodes_nb_alloc);
185
186 e.skip = leaf ? 0 : 1;
187 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
188 for (i = 0; i < P_L2_SIZE; ++i) {
189 memcpy(&p[i], &e, sizeof(e));
190 }
191 return ret;
192 }
193
194 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
195 hwaddr *index, hwaddr *nb, uint16_t leaf,
196 int level)
197 {
198 PhysPageEntry *p;
199 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
200
201 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
202 lp->ptr = phys_map_node_alloc(map, level == 0);
203 }
204 p = map->nodes[lp->ptr];
205 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
206
207 while (*nb && lp < &p[P_L2_SIZE]) {
208 if ((*index & (step - 1)) == 0 && *nb >= step) {
209 lp->skip = 0;
210 lp->ptr = leaf;
211 *index += step;
212 *nb -= step;
213 } else {
214 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
215 }
216 ++lp;
217 }
218 }
219
220 static void phys_page_set(AddressSpaceDispatch *d,
221 hwaddr index, hwaddr nb,
222 uint16_t leaf)
223 {
224 /* Wildly overreserve - it doesn't matter much. */
225 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
226
227 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
228 }
229
230 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
231 * and update our entry so we can skip it and go directly to the destination.
232 */
233 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
234 {
235 unsigned valid_ptr = P_L2_SIZE;
236 int valid = 0;
237 PhysPageEntry *p;
238 int i;
239
240 if (lp->ptr == PHYS_MAP_NODE_NIL) {
241 return;
242 }
243
244 p = nodes[lp->ptr];
245 for (i = 0; i < P_L2_SIZE; i++) {
246 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
247 continue;
248 }
249
250 valid_ptr = i;
251 valid++;
252 if (p[i].skip) {
253 phys_page_compact(&p[i], nodes, compacted);
254 }
255 }
256
257 /* We can only compress if there's only one child. */
258 if (valid != 1) {
259 return;
260 }
261
262 assert(valid_ptr < P_L2_SIZE);
263
264 /* Don't compress if it won't fit in the # of bits we have. */
265 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
266 return;
267 }
268
269 lp->ptr = p[valid_ptr].ptr;
270 if (!p[valid_ptr].skip) {
271 /* If our only child is a leaf, make this a leaf. */
272 /* By design, we should have made this node a leaf to begin with so we
273 * should never reach here.
274 * But since it's so simple to handle this, let's do it just in case we
275 * change this rule.
276 */
277 lp->skip = 0;
278 } else {
279 lp->skip += p[valid_ptr].skip;
280 }
281 }
282
283 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
284 {
285 DECLARE_BITMAP(compacted, nodes_nb);
286
287 if (d->phys_map.skip) {
288 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
289 }
290 }
291
292 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
293 Node *nodes, MemoryRegionSection *sections)
294 {
295 PhysPageEntry *p;
296 hwaddr index = addr >> TARGET_PAGE_BITS;
297 int i;
298
299 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
300 if (lp.ptr == PHYS_MAP_NODE_NIL) {
301 return &sections[PHYS_SECTION_UNASSIGNED];
302 }
303 p = nodes[lp.ptr];
304 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
305 }
306
307 if (sections[lp.ptr].size.hi ||
308 range_covers_byte(sections[lp.ptr].offset_within_address_space,
309 sections[lp.ptr].size.lo, addr)) {
310 return &sections[lp.ptr];
311 } else {
312 return &sections[PHYS_SECTION_UNASSIGNED];
313 }
314 }
315
316 bool memory_region_is_unassigned(MemoryRegion *mr)
317 {
318 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
319 && mr != &io_mem_watch;
320 }
321
322 /* Called from RCU critical section */
323 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
324 hwaddr addr,
325 bool resolve_subpage)
326 {
327 MemoryRegionSection *section;
328 subpage_t *subpage;
329
330 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
331 if (resolve_subpage && section->mr->subpage) {
332 subpage = container_of(section->mr, subpage_t, iomem);
333 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
334 }
335 return section;
336 }
337
338 /* Called from RCU critical section */
339 static MemoryRegionSection *
340 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
341 hwaddr *plen, bool resolve_subpage)
342 {
343 MemoryRegionSection *section;
344 MemoryRegion *mr;
345 Int128 diff;
346
347 section = address_space_lookup_region(d, addr, resolve_subpage);
348 /* Compute offset within MemoryRegionSection */
349 addr -= section->offset_within_address_space;
350
351 /* Compute offset within MemoryRegion */
352 *xlat = addr + section->offset_within_region;
353
354 mr = section->mr;
355
356 /* MMIO registers can be expected to perform full-width accesses based only
357 * on their address, without considering adjacent registers that could
358 * decode to completely different MemoryRegions. When such registers
359 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
360 * regions overlap wildly. For this reason we cannot clamp the accesses
361 * here.
362 *
363 * If the length is small (as is the case for address_space_ldl/stl),
364 * everything works fine. If the incoming length is large, however,
365 * the caller really has to do the clamping through memory_access_size.
366 */
367 if (memory_region_is_ram(mr)) {
368 diff = int128_sub(section->size, int128_make64(addr));
369 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
370 }
371 return section;
372 }
373
374 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
375 {
376 if (memory_region_is_ram(mr)) {
377 return !(is_write && mr->readonly);
378 }
379 if (memory_region_is_romd(mr)) {
380 return !is_write;
381 }
382
383 return false;
384 }
385
386 /* Called from RCU critical section */
387 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
388 hwaddr *xlat, hwaddr *plen,
389 bool is_write)
390 {
391 IOMMUTLBEntry iotlb;
392 MemoryRegionSection *section;
393 MemoryRegion *mr;
394
395 for (;;) {
396 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
397 section = address_space_translate_internal(d, addr, &addr, plen, true);
398 mr = section->mr;
399
400 if (!mr->iommu_ops) {
401 break;
402 }
403
404 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
405 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
406 | (addr & iotlb.addr_mask));
407 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
408 if (!(iotlb.perm & (1 << is_write))) {
409 mr = &io_mem_unassigned;
410 break;
411 }
412
413 as = iotlb.target_as;
414 }
415
416 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
417 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
418 *plen = MIN(page, *plen);
419 }
420
421 *xlat = addr;
422 return mr;
423 }
424
425 /* Called from RCU critical section */
426 MemoryRegionSection *
427 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
428 hwaddr *xlat, hwaddr *plen)
429 {
430 MemoryRegionSection *section;
431 section = address_space_translate_internal(cpu->memory_dispatch,
432 addr, xlat, plen, false);
433
434 assert(!section->mr->iommu_ops);
435 return section;
436 }
437 #endif
438
439 #if !defined(CONFIG_USER_ONLY)
440
441 static int cpu_common_post_load(void *opaque, int version_id)
442 {
443 CPUState *cpu = opaque;
444
445 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
446 version_id is increased. */
447 cpu->interrupt_request &= ~0x01;
448 tlb_flush(cpu, 1);
449
450 return 0;
451 }
452
453 static int cpu_common_pre_load(void *opaque)
454 {
455 CPUState *cpu = opaque;
456
457 cpu->exception_index = -1;
458
459 return 0;
460 }
461
462 static bool cpu_common_exception_index_needed(void *opaque)
463 {
464 CPUState *cpu = opaque;
465
466 return tcg_enabled() && cpu->exception_index != -1;
467 }
468
469 static const VMStateDescription vmstate_cpu_common_exception_index = {
470 .name = "cpu_common/exception_index",
471 .version_id = 1,
472 .minimum_version_id = 1,
473 .needed = cpu_common_exception_index_needed,
474 .fields = (VMStateField[]) {
475 VMSTATE_INT32(exception_index, CPUState),
476 VMSTATE_END_OF_LIST()
477 }
478 };
479
480 static bool cpu_common_crash_occurred_needed(void *opaque)
481 {
482 CPUState *cpu = opaque;
483
484 return cpu->crash_occurred;
485 }
486
487 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
488 .name = "cpu_common/crash_occurred",
489 .version_id = 1,
490 .minimum_version_id = 1,
491 .needed = cpu_common_crash_occurred_needed,
492 .fields = (VMStateField[]) {
493 VMSTATE_BOOL(crash_occurred, CPUState),
494 VMSTATE_END_OF_LIST()
495 }
496 };
497
498 const VMStateDescription vmstate_cpu_common = {
499 .name = "cpu_common",
500 .version_id = 1,
501 .minimum_version_id = 1,
502 .pre_load = cpu_common_pre_load,
503 .post_load = cpu_common_post_load,
504 .fields = (VMStateField[]) {
505 VMSTATE_UINT32(halted, CPUState),
506 VMSTATE_UINT32(interrupt_request, CPUState),
507 VMSTATE_END_OF_LIST()
508 },
509 .subsections = (const VMStateDescription*[]) {
510 &vmstate_cpu_common_exception_index,
511 &vmstate_cpu_common_crash_occurred,
512 NULL
513 }
514 };
515
516 #endif
517
518 CPUState *qemu_get_cpu(int index)
519 {
520 CPUState *cpu;
521
522 CPU_FOREACH(cpu) {
523 if (cpu->cpu_index == index) {
524 return cpu;
525 }
526 }
527
528 return NULL;
529 }
530
531 #if !defined(CONFIG_USER_ONLY)
532 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
533 {
534 /* We only support one address space per cpu at the moment. */
535 assert(cpu->as == as);
536
537 if (cpu->tcg_as_listener) {
538 memory_listener_unregister(cpu->tcg_as_listener);
539 } else {
540 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
541 }
542 cpu->tcg_as_listener->commit = tcg_commit;
543 memory_listener_register(cpu->tcg_as_listener, as);
544 }
545 #endif
546
547 #ifndef CONFIG_USER_ONLY
548 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
549
550 static int cpu_get_free_index(Error **errp)
551 {
552 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
553
554 if (cpu >= MAX_CPUMASK_BITS) {
555 error_setg(errp, "Trying to use more CPUs than max of %d",
556 MAX_CPUMASK_BITS);
557 return -1;
558 }
559
560 bitmap_set(cpu_index_map, cpu, 1);
561 return cpu;
562 }
563
564 void cpu_exec_exit(CPUState *cpu)
565 {
566 if (cpu->cpu_index == -1) {
567 /* cpu_index was never allocated by this @cpu or was already freed. */
568 return;
569 }
570
571 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
572 cpu->cpu_index = -1;
573 }
574 #else
575
576 static int cpu_get_free_index(Error **errp)
577 {
578 CPUState *some_cpu;
579 int cpu_index = 0;
580
581 CPU_FOREACH(some_cpu) {
582 cpu_index++;
583 }
584 return cpu_index;
585 }
586
587 void cpu_exec_exit(CPUState *cpu)
588 {
589 }
590 #endif
591
592 void cpu_exec_init(CPUState *cpu, Error **errp)
593 {
594 CPUClass *cc = CPU_GET_CLASS(cpu);
595 int cpu_index;
596 Error *local_err = NULL;
597
598 #ifdef TARGET_WORDS_BIGENDIAN
599 cpu->bigendian = true;
600 #else
601 cpu->bigendian = false;
602 #endif
603
604 #ifndef CONFIG_USER_ONLY
605 cpu->as = &address_space_memory;
606 cpu->thread_id = qemu_get_thread_id();
607 cpu_reload_memory_map(cpu);
608 #endif
609
610 #if defined(CONFIG_USER_ONLY)
611 cpu_list_lock();
612 #endif
613 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
614 if (local_err) {
615 error_propagate(errp, local_err);
616 #if defined(CONFIG_USER_ONLY)
617 cpu_list_unlock();
618 #endif
619 return;
620 }
621 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
622 #if defined(CONFIG_USER_ONLY)
623 cpu_list_unlock();
624 #endif
625 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
626 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
627 }
628 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
629 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
630 cpu_save, cpu_load, cpu->env_ptr);
631 assert(cc->vmsd == NULL);
632 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
633 #endif
634 if (cc->vmsd != NULL) {
635 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
636 }
637 }
638
639 #if defined(CONFIG_USER_ONLY)
640 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
641 {
642 tb_invalidate_phys_page_range(pc, pc + 1, 0);
643 }
644 #else
645 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
646 {
647 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
648 if (phys != -1) {
649 tb_invalidate_phys_addr(cpu->as,
650 phys | (pc & ~TARGET_PAGE_MASK));
651 }
652 }
653 #endif
654
655 #if defined(CONFIG_USER_ONLY)
656 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
657
658 {
659 }
660
661 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
662 int flags)
663 {
664 return -ENOSYS;
665 }
666
667 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
668 {
669 }
670
671 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
672 int flags, CPUWatchpoint **watchpoint)
673 {
674 return -ENOSYS;
675 }
676 #else
677 /* Add a watchpoint. */
678 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
679 int flags, CPUWatchpoint **watchpoint)
680 {
681 CPUWatchpoint *wp;
682
683 /* forbid ranges which are empty or run off the end of the address space */
684 if (len == 0 || (addr + len - 1) < addr) {
685 error_report("tried to set invalid watchpoint at %"
686 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
687 return -EINVAL;
688 }
689 wp = g_malloc(sizeof(*wp));
690
691 wp->vaddr = addr;
692 wp->len = len;
693 wp->flags = flags;
694
695 /* keep all GDB-injected watchpoints in front */
696 if (flags & BP_GDB) {
697 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
698 } else {
699 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
700 }
701
702 tlb_flush_page(cpu, addr);
703
704 if (watchpoint)
705 *watchpoint = wp;
706 return 0;
707 }
708
709 /* Remove a specific watchpoint. */
710 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
711 int flags)
712 {
713 CPUWatchpoint *wp;
714
715 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
716 if (addr == wp->vaddr && len == wp->len
717 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
718 cpu_watchpoint_remove_by_ref(cpu, wp);
719 return 0;
720 }
721 }
722 return -ENOENT;
723 }
724
725 /* Remove a specific watchpoint by reference. */
726 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
727 {
728 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
729
730 tlb_flush_page(cpu, watchpoint->vaddr);
731
732 g_free(watchpoint);
733 }
734
735 /* Remove all matching watchpoints. */
736 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
737 {
738 CPUWatchpoint *wp, *next;
739
740 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
741 if (wp->flags & mask) {
742 cpu_watchpoint_remove_by_ref(cpu, wp);
743 }
744 }
745 }
746
747 /* Return true if this watchpoint address matches the specified
748 * access (ie the address range covered by the watchpoint overlaps
749 * partially or completely with the address range covered by the
750 * access).
751 */
752 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
753 vaddr addr,
754 vaddr len)
755 {
756 /* We know the lengths are non-zero, but a little caution is
757 * required to avoid errors in the case where the range ends
758 * exactly at the top of the address space and so addr + len
759 * wraps round to zero.
760 */
761 vaddr wpend = wp->vaddr + wp->len - 1;
762 vaddr addrend = addr + len - 1;
763
764 return !(addr > wpend || wp->vaddr > addrend);
765 }
766
767 #endif
768
769 /* Add a breakpoint. */
770 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
771 CPUBreakpoint **breakpoint)
772 {
773 CPUBreakpoint *bp;
774
775 bp = g_malloc(sizeof(*bp));
776
777 bp->pc = pc;
778 bp->flags = flags;
779
780 /* keep all GDB-injected breakpoints in front */
781 if (flags & BP_GDB) {
782 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
783 } else {
784 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
785 }
786
787 breakpoint_invalidate(cpu, pc);
788
789 if (breakpoint) {
790 *breakpoint = bp;
791 }
792 return 0;
793 }
794
795 /* Remove a specific breakpoint. */
796 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
797 {
798 CPUBreakpoint *bp;
799
800 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
801 if (bp->pc == pc && bp->flags == flags) {
802 cpu_breakpoint_remove_by_ref(cpu, bp);
803 return 0;
804 }
805 }
806 return -ENOENT;
807 }
808
809 /* Remove a specific breakpoint by reference. */
810 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
811 {
812 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
813
814 breakpoint_invalidate(cpu, breakpoint->pc);
815
816 g_free(breakpoint);
817 }
818
819 /* Remove all matching breakpoints. */
820 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
821 {
822 CPUBreakpoint *bp, *next;
823
824 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
825 if (bp->flags & mask) {
826 cpu_breakpoint_remove_by_ref(cpu, bp);
827 }
828 }
829 }
830
831 /* enable or disable single step mode. EXCP_DEBUG is returned by the
832 CPU loop after each instruction */
833 void cpu_single_step(CPUState *cpu, int enabled)
834 {
835 if (cpu->singlestep_enabled != enabled) {
836 cpu->singlestep_enabled = enabled;
837 if (kvm_enabled()) {
838 kvm_update_guest_debug(cpu, 0);
839 } else {
840 /* must flush all the translated code to avoid inconsistencies */
841 /* XXX: only flush what is necessary */
842 tb_flush(cpu);
843 }
844 }
845 }
846
847 void QEMU_NORETURN cpu_abort(CPUState *cpu, const char *fmt, ...)
848 {
849 va_list ap;
850 va_list ap2;
851
852 va_start(ap, fmt);
853 va_copy(ap2, ap);
854 fprintf(stderr, "qemu: fatal: ");
855 vfprintf(stderr, fmt, ap);
856 fprintf(stderr, "\n");
857 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
858 if (qemu_log_enabled()) {
859 qemu_log("qemu: fatal: ");
860 qemu_log_vprintf(fmt, ap2);
861 qemu_log("\n");
862 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
863 qemu_log_flush();
864 qemu_log_close();
865 }
866 va_end(ap2);
867 va_end(ap);
868 #if defined(CONFIG_USER_ONLY)
869 {
870 struct sigaction act;
871 sigfillset(&act.sa_mask);
872 act.sa_handler = SIG_DFL;
873 sigaction(SIGABRT, &act, NULL);
874 }
875 #endif
876 abort();
877 }
878
879 #if !defined(CONFIG_USER_ONLY)
880 /* Called from RCU critical section */
881 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
882 {
883 RAMBlock *block;
884
885 block = atomic_rcu_read(&ram_list.mru_block);
886 if (block && addr - block->offset < block->max_length) {
887 goto found;
888 }
889 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
890 if (addr - block->offset < block->max_length) {
891 goto found;
892 }
893 }
894
895 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
896 abort();
897
898 found:
899 /* It is safe to write mru_block outside the iothread lock. This
900 * is what happens:
901 *
902 * mru_block = xxx
903 * rcu_read_unlock()
904 * xxx removed from list
905 * rcu_read_lock()
906 * read mru_block
907 * mru_block = NULL;
908 * call_rcu(reclaim_ramblock, xxx);
909 * rcu_read_unlock()
910 *
911 * atomic_rcu_set is not needed here. The block was already published
912 * when it was placed into the list. Here we're just making an extra
913 * copy of the pointer.
914 */
915 ram_list.mru_block = block;
916 return block;
917 }
918
919 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
920 {
921 CPUState *cpu;
922 ram_addr_t start1;
923 RAMBlock *block;
924 ram_addr_t end;
925
926 end = TARGET_PAGE_ALIGN(start + length);
927 start &= TARGET_PAGE_MASK;
928
929 rcu_read_lock();
930 block = qemu_get_ram_block(start);
931 assert(block == qemu_get_ram_block(end - 1));
932 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
933 CPU_FOREACH(cpu) {
934 tlb_reset_dirty(cpu, start1, length);
935 }
936 rcu_read_unlock();
937 }
938
939 /* Note: start and end must be within the same ram block. */
940 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
941 ram_addr_t length,
942 unsigned client)
943 {
944 unsigned long end, page;
945 bool dirty;
946
947 if (length == 0) {
948 return false;
949 }
950
951 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
952 page = start >> TARGET_PAGE_BITS;
953 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
954 page, end - page);
955
956 if (dirty && tcg_enabled()) {
957 tlb_reset_dirty_range_all(start, length);
958 }
959
960 return dirty;
961 }
962
963 /* Called from RCU critical section */
964 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
965 MemoryRegionSection *section,
966 target_ulong vaddr,
967 hwaddr paddr, hwaddr xlat,
968 int prot,
969 target_ulong *address)
970 {
971 hwaddr iotlb;
972 CPUWatchpoint *wp;
973
974 if (memory_region_is_ram(section->mr)) {
975 /* Normal RAM. */
976 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
977 + xlat;
978 if (!section->readonly) {
979 iotlb |= PHYS_SECTION_NOTDIRTY;
980 } else {
981 iotlb |= PHYS_SECTION_ROM;
982 }
983 } else {
984 AddressSpaceDispatch *d;
985
986 d = atomic_rcu_read(&section->address_space->dispatch);
987 iotlb = section - d->map.sections;
988 iotlb += xlat;
989 }
990
991 /* Make accesses to pages with watchpoints go via the
992 watchpoint trap routines. */
993 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
994 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
995 /* Avoid trapping reads of pages with a write breakpoint. */
996 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
997 iotlb = PHYS_SECTION_WATCH + paddr;
998 *address |= TLB_MMIO;
999 break;
1000 }
1001 }
1002 }
1003
1004 return iotlb;
1005 }
1006 #endif /* defined(CONFIG_USER_ONLY) */
1007
1008 #if !defined(CONFIG_USER_ONLY)
1009
1010 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1011 uint16_t section);
1012 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1013
1014 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1015 qemu_anon_ram_alloc;
1016
1017 /*
1018 * Set a custom physical guest memory alloator.
1019 * Accelerators with unusual needs may need this. Hopefully, we can
1020 * get rid of it eventually.
1021 */
1022 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1023 {
1024 phys_mem_alloc = alloc;
1025 }
1026
1027 static uint16_t phys_section_add(PhysPageMap *map,
1028 MemoryRegionSection *section)
1029 {
1030 /* The physical section number is ORed with a page-aligned
1031 * pointer to produce the iotlb entries. Thus it should
1032 * never overflow into the page-aligned value.
1033 */
1034 assert(map->sections_nb < TARGET_PAGE_SIZE);
1035
1036 if (map->sections_nb == map->sections_nb_alloc) {
1037 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1038 map->sections = g_renew(MemoryRegionSection, map->sections,
1039 map->sections_nb_alloc);
1040 }
1041 map->sections[map->sections_nb] = *section;
1042 memory_region_ref(section->mr);
1043 return map->sections_nb++;
1044 }
1045
1046 static void phys_section_destroy(MemoryRegion *mr)
1047 {
1048 memory_region_unref(mr);
1049
1050 if (mr->subpage) {
1051 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1052 object_unref(OBJECT(&subpage->iomem));
1053 g_free(subpage);
1054 }
1055 }
1056
1057 static void phys_sections_free(PhysPageMap *map)
1058 {
1059 while (map->sections_nb > 0) {
1060 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1061 phys_section_destroy(section->mr);
1062 }
1063 g_free(map->sections);
1064 g_free(map->nodes);
1065 }
1066
1067 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1068 {
1069 subpage_t *subpage;
1070 hwaddr base = section->offset_within_address_space
1071 & TARGET_PAGE_MASK;
1072 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1073 d->map.nodes, d->map.sections);
1074 MemoryRegionSection subsection = {
1075 .offset_within_address_space = base,
1076 .size = int128_make64(TARGET_PAGE_SIZE),
1077 };
1078 hwaddr start, end;
1079
1080 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1081
1082 if (!(existing->mr->subpage)) {
1083 subpage = subpage_init(d->as, base);
1084 subsection.address_space = d->as;
1085 subsection.mr = &subpage->iomem;
1086 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1087 phys_section_add(&d->map, &subsection));
1088 } else {
1089 subpage = container_of(existing->mr, subpage_t, iomem);
1090 }
1091 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1092 end = start + int128_get64(section->size) - 1;
1093 subpage_register(subpage, start, end,
1094 phys_section_add(&d->map, section));
1095 }
1096
1097
1098 static void register_multipage(AddressSpaceDispatch *d,
1099 MemoryRegionSection *section)
1100 {
1101 hwaddr start_addr = section->offset_within_address_space;
1102 uint16_t section_index = phys_section_add(&d->map, section);
1103 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1104 TARGET_PAGE_BITS));
1105
1106 assert(num_pages);
1107 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1108 }
1109
1110 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1111 {
1112 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1113 AddressSpaceDispatch *d = as->next_dispatch;
1114 MemoryRegionSection now = *section, remain = *section;
1115 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1116
1117 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1118 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1119 - now.offset_within_address_space;
1120
1121 now.size = int128_min(int128_make64(left), now.size);
1122 register_subpage(d, &now);
1123 } else {
1124 now.size = int128_zero();
1125 }
1126 while (int128_ne(remain.size, now.size)) {
1127 remain.size = int128_sub(remain.size, now.size);
1128 remain.offset_within_address_space += int128_get64(now.size);
1129 remain.offset_within_region += int128_get64(now.size);
1130 now = remain;
1131 if (int128_lt(remain.size, page_size)) {
1132 register_subpage(d, &now);
1133 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1134 now.size = page_size;
1135 register_subpage(d, &now);
1136 } else {
1137 now.size = int128_and(now.size, int128_neg(page_size));
1138 register_multipage(d, &now);
1139 }
1140 }
1141 }
1142
1143 void qemu_flush_coalesced_mmio_buffer(void)
1144 {
1145 if (kvm_enabled())
1146 kvm_flush_coalesced_mmio_buffer();
1147 }
1148
1149 void qemu_mutex_lock_ramlist(void)
1150 {
1151 qemu_mutex_lock(&ram_list.mutex);
1152 }
1153
1154 void qemu_mutex_unlock_ramlist(void)
1155 {
1156 qemu_mutex_unlock(&ram_list.mutex);
1157 }
1158
1159 #ifdef __linux__
1160
1161 #include <sys/vfs.h>
1162
1163 #define HUGETLBFS_MAGIC 0x958458f6
1164
1165 static long gethugepagesize(const char *path, Error **errp)
1166 {
1167 struct statfs fs;
1168 int ret;
1169
1170 do {
1171 ret = statfs(path, &fs);
1172 } while (ret != 0 && errno == EINTR);
1173
1174 if (ret != 0) {
1175 error_setg_errno(errp, errno, "failed to get page size of file %s",
1176 path);
1177 return 0;
1178 }
1179
1180 if (fs.f_type != HUGETLBFS_MAGIC)
1181 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1182
1183 return fs.f_bsize;
1184 }
1185
1186 static void *file_ram_alloc(RAMBlock *block,
1187 ram_addr_t memory,
1188 const char *path,
1189 Error **errp)
1190 {
1191 char *filename;
1192 char *sanitized_name;
1193 char *c;
1194 void * volatile area = NULL;
1195 int fd;
1196 uint64_t hpagesize;
1197 Error *local_err = NULL;
1198
1199 hpagesize = gethugepagesize(path, &local_err);
1200 if (local_err) {
1201 error_propagate(errp, local_err);
1202 goto error;
1203 }
1204 block->mr->align = hpagesize;
1205
1206 if (memory < hpagesize) {
1207 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1208 "or larger than huge page size 0x%" PRIx64,
1209 memory, hpagesize);
1210 goto error;
1211 }
1212
1213 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1214 error_setg(errp,
1215 "host lacks kvm mmu notifiers, -mem-path unsupported");
1216 goto error;
1217 }
1218
1219 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1220 sanitized_name = g_strdup(memory_region_name(block->mr));
1221 for (c = sanitized_name; *c != '\0'; c++) {
1222 if (*c == '/')
1223 *c = '_';
1224 }
1225
1226 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1227 sanitized_name);
1228 g_free(sanitized_name);
1229
1230 fd = mkstemp(filename);
1231 if (fd < 0) {
1232 error_setg_errno(errp, errno,
1233 "unable to create backing store for hugepages");
1234 g_free(filename);
1235 goto error;
1236 }
1237 unlink(filename);
1238 g_free(filename);
1239
1240 memory = ROUND_UP(memory, hpagesize);
1241
1242 /*
1243 * ftruncate is not supported by hugetlbfs in older
1244 * hosts, so don't bother bailing out on errors.
1245 * If anything goes wrong with it under other filesystems,
1246 * mmap will fail.
1247 */
1248 if (ftruncate(fd, memory)) {
1249 perror("ftruncate");
1250 }
1251
1252 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1253 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1254 fd, 0);
1255 if (area == MAP_FAILED) {
1256 error_setg_errno(errp, errno,
1257 "unable to map backing store for hugepages");
1258 close(fd);
1259 goto error;
1260 }
1261
1262 if (mem_prealloc) {
1263 os_mem_prealloc(fd, area, memory);
1264 }
1265
1266 block->fd = fd;
1267 return area;
1268
1269 error:
1270 if (mem_prealloc) {
1271 error_report("%s", error_get_pretty(*errp));
1272 exit(1);
1273 }
1274 return NULL;
1275 }
1276 #endif
1277
1278 /* Called with the ramlist lock held. */
1279 static ram_addr_t find_ram_offset(ram_addr_t size)
1280 {
1281 RAMBlock *block, *next_block;
1282 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1283
1284 assert(size != 0); /* it would hand out same offset multiple times */
1285
1286 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1287 return 0;
1288 }
1289
1290 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1291 ram_addr_t end, next = RAM_ADDR_MAX;
1292
1293 end = block->offset + block->max_length;
1294
1295 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1296 if (next_block->offset >= end) {
1297 next = MIN(next, next_block->offset);
1298 }
1299 }
1300 if (next - end >= size && next - end < mingap) {
1301 offset = end;
1302 mingap = next - end;
1303 }
1304 }
1305
1306 if (offset == RAM_ADDR_MAX) {
1307 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1308 (uint64_t)size);
1309 abort();
1310 }
1311
1312 return offset;
1313 }
1314
1315 ram_addr_t last_ram_offset(void)
1316 {
1317 RAMBlock *block;
1318 ram_addr_t last = 0;
1319
1320 rcu_read_lock();
1321 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1322 last = MAX(last, block->offset + block->max_length);
1323 }
1324 rcu_read_unlock();
1325 return last;
1326 }
1327
1328 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1329 {
1330 int ret;
1331
1332 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1333 if (!machine_dump_guest_core(current_machine)) {
1334 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1335 if (ret) {
1336 perror("qemu_madvise");
1337 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1338 "but dump_guest_core=off specified\n");
1339 }
1340 }
1341 }
1342
1343 /* Called within an RCU critical section, or while the ramlist lock
1344 * is held.
1345 */
1346 static RAMBlock *find_ram_block(ram_addr_t addr)
1347 {
1348 RAMBlock *block;
1349
1350 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1351 if (block->offset == addr) {
1352 return block;
1353 }
1354 }
1355
1356 return NULL;
1357 }
1358
1359 /* Called with iothread lock held. */
1360 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1361 {
1362 RAMBlock *new_block, *block;
1363
1364 rcu_read_lock();
1365 new_block = find_ram_block(addr);
1366 assert(new_block);
1367 assert(!new_block->idstr[0]);
1368
1369 if (dev) {
1370 char *id = qdev_get_dev_path(dev);
1371 if (id) {
1372 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1373 g_free(id);
1374 }
1375 }
1376 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1377
1378 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1379 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1380 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1381 new_block->idstr);
1382 abort();
1383 }
1384 }
1385 rcu_read_unlock();
1386 }
1387
1388 /* Called with iothread lock held. */
1389 void qemu_ram_unset_idstr(ram_addr_t addr)
1390 {
1391 RAMBlock *block;
1392
1393 /* FIXME: arch_init.c assumes that this is not called throughout
1394 * migration. Ignore the problem since hot-unplug during migration
1395 * does not work anyway.
1396 */
1397
1398 rcu_read_lock();
1399 block = find_ram_block(addr);
1400 if (block) {
1401 memset(block->idstr, 0, sizeof(block->idstr));
1402 }
1403 rcu_read_unlock();
1404 }
1405
1406 static int memory_try_enable_merging(void *addr, size_t len)
1407 {
1408 if (!machine_mem_merge(current_machine)) {
1409 /* disabled by the user */
1410 return 0;
1411 }
1412
1413 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1414 }
1415
1416 /* Only legal before guest might have detected the memory size: e.g. on
1417 * incoming migration, or right after reset.
1418 *
1419 * As memory core doesn't know how is memory accessed, it is up to
1420 * resize callback to update device state and/or add assertions to detect
1421 * misuse, if necessary.
1422 */
1423 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1424 {
1425 RAMBlock *block = find_ram_block(base);
1426
1427 assert(block);
1428
1429 newsize = TARGET_PAGE_ALIGN(newsize);
1430
1431 if (block->used_length == newsize) {
1432 return 0;
1433 }
1434
1435 if (!(block->flags & RAM_RESIZEABLE)) {
1436 error_setg_errno(errp, EINVAL,
1437 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1438 " in != 0x" RAM_ADDR_FMT, block->idstr,
1439 newsize, block->used_length);
1440 return -EINVAL;
1441 }
1442
1443 if (block->max_length < newsize) {
1444 error_setg_errno(errp, EINVAL,
1445 "Length too large: %s: 0x" RAM_ADDR_FMT
1446 " > 0x" RAM_ADDR_FMT, block->idstr,
1447 newsize, block->max_length);
1448 return -EINVAL;
1449 }
1450
1451 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1452 block->used_length = newsize;
1453 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1454 DIRTY_CLIENTS_ALL);
1455 memory_region_set_size(block->mr, newsize);
1456 if (block->resized) {
1457 block->resized(block->idstr, newsize, block->host);
1458 }
1459 return 0;
1460 }
1461
1462 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1463 {
1464 RAMBlock *block;
1465 RAMBlock *last_block = NULL;
1466 ram_addr_t old_ram_size, new_ram_size;
1467
1468 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1469
1470 qemu_mutex_lock_ramlist();
1471 new_block->offset = find_ram_offset(new_block->max_length);
1472
1473 if (!new_block->host) {
1474 if (xen_enabled()) {
1475 xen_ram_alloc(new_block->offset, new_block->max_length,
1476 new_block->mr);
1477 } else {
1478 new_block->host = phys_mem_alloc(new_block->max_length,
1479 &new_block->mr->align);
1480 if (!new_block->host) {
1481 error_setg_errno(errp, errno,
1482 "cannot set up guest memory '%s'",
1483 memory_region_name(new_block->mr));
1484 qemu_mutex_unlock_ramlist();
1485 return -1;
1486 }
1487 memory_try_enable_merging(new_block->host, new_block->max_length);
1488 }
1489 }
1490
1491 new_ram_size = MAX(old_ram_size,
1492 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1493 if (new_ram_size > old_ram_size) {
1494 migration_bitmap_extend(old_ram_size, new_ram_size);
1495 }
1496 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1497 * QLIST (which has an RCU-friendly variant) does not have insertion at
1498 * tail, so save the last element in last_block.
1499 */
1500 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1501 last_block = block;
1502 if (block->max_length < new_block->max_length) {
1503 break;
1504 }
1505 }
1506 if (block) {
1507 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1508 } else if (last_block) {
1509 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1510 } else { /* list is empty */
1511 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1512 }
1513 ram_list.mru_block = NULL;
1514
1515 /* Write list before version */
1516 smp_wmb();
1517 ram_list.version++;
1518 qemu_mutex_unlock_ramlist();
1519
1520 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1521
1522 if (new_ram_size > old_ram_size) {
1523 int i;
1524
1525 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1526 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1527 ram_list.dirty_memory[i] =
1528 bitmap_zero_extend(ram_list.dirty_memory[i],
1529 old_ram_size, new_ram_size);
1530 }
1531 }
1532 cpu_physical_memory_set_dirty_range(new_block->offset,
1533 new_block->used_length,
1534 DIRTY_CLIENTS_ALL);
1535
1536 if (new_block->host) {
1537 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1538 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1539 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1540 if (kvm_enabled()) {
1541 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1542 }
1543 }
1544
1545 return new_block->offset;
1546 }
1547
1548 #ifdef __linux__
1549 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1550 bool share, const char *mem_path,
1551 Error **errp)
1552 {
1553 RAMBlock *new_block;
1554 ram_addr_t addr;
1555 Error *local_err = NULL;
1556
1557 if (xen_enabled()) {
1558 error_setg(errp, "-mem-path not supported with Xen");
1559 return -1;
1560 }
1561
1562 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1563 /*
1564 * file_ram_alloc() needs to allocate just like
1565 * phys_mem_alloc, but we haven't bothered to provide
1566 * a hook there.
1567 */
1568 error_setg(errp,
1569 "-mem-path not supported with this accelerator");
1570 return -1;
1571 }
1572
1573 size = TARGET_PAGE_ALIGN(size);
1574 new_block = g_malloc0(sizeof(*new_block));
1575 new_block->mr = mr;
1576 new_block->used_length = size;
1577 new_block->max_length = size;
1578 new_block->flags = share ? RAM_SHARED : 0;
1579 new_block->host = file_ram_alloc(new_block, size,
1580 mem_path, errp);
1581 if (!new_block->host) {
1582 g_free(new_block);
1583 return -1;
1584 }
1585
1586 addr = ram_block_add(new_block, &local_err);
1587 if (local_err) {
1588 g_free(new_block);
1589 error_propagate(errp, local_err);
1590 return -1;
1591 }
1592 return addr;
1593 }
1594 #endif
1595
1596 static
1597 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1598 void (*resized)(const char*,
1599 uint64_t length,
1600 void *host),
1601 void *host, bool resizeable,
1602 MemoryRegion *mr, Error **errp)
1603 {
1604 RAMBlock *new_block;
1605 ram_addr_t addr;
1606 Error *local_err = NULL;
1607
1608 size = TARGET_PAGE_ALIGN(size);
1609 max_size = TARGET_PAGE_ALIGN(max_size);
1610 new_block = g_malloc0(sizeof(*new_block));
1611 new_block->mr = mr;
1612 new_block->resized = resized;
1613 new_block->used_length = size;
1614 new_block->max_length = max_size;
1615 assert(max_size >= size);
1616 new_block->fd = -1;
1617 new_block->host = host;
1618 if (host) {
1619 new_block->flags |= RAM_PREALLOC;
1620 }
1621 if (resizeable) {
1622 new_block->flags |= RAM_RESIZEABLE;
1623 }
1624 addr = ram_block_add(new_block, &local_err);
1625 if (local_err) {
1626 g_free(new_block);
1627 error_propagate(errp, local_err);
1628 return -1;
1629 }
1630 return addr;
1631 }
1632
1633 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1634 MemoryRegion *mr, Error **errp)
1635 {
1636 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1637 }
1638
1639 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1640 {
1641 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1642 }
1643
1644 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1645 void (*resized)(const char*,
1646 uint64_t length,
1647 void *host),
1648 MemoryRegion *mr, Error **errp)
1649 {
1650 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1651 }
1652
1653 void qemu_ram_free_from_ptr(ram_addr_t addr)
1654 {
1655 RAMBlock *block;
1656
1657 qemu_mutex_lock_ramlist();
1658 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1659 if (addr == block->offset) {
1660 QLIST_REMOVE_RCU(block, next);
1661 ram_list.mru_block = NULL;
1662 /* Write list before version */
1663 smp_wmb();
1664 ram_list.version++;
1665 g_free_rcu(block, rcu);
1666 break;
1667 }
1668 }
1669 qemu_mutex_unlock_ramlist();
1670 }
1671
1672 static void reclaim_ramblock(RAMBlock *block)
1673 {
1674 if (block->flags & RAM_PREALLOC) {
1675 ;
1676 } else if (xen_enabled()) {
1677 xen_invalidate_map_cache_entry(block->host);
1678 #ifndef _WIN32
1679 } else if (block->fd >= 0) {
1680 munmap(block->host, block->max_length);
1681 close(block->fd);
1682 #endif
1683 } else {
1684 qemu_anon_ram_free(block->host, block->max_length);
1685 }
1686 g_free(block);
1687 }
1688
1689 void qemu_ram_free(ram_addr_t addr)
1690 {
1691 RAMBlock *block;
1692
1693 qemu_mutex_lock_ramlist();
1694 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1695 if (addr == block->offset) {
1696 QLIST_REMOVE_RCU(block, next);
1697 ram_list.mru_block = NULL;
1698 /* Write list before version */
1699 smp_wmb();
1700 ram_list.version++;
1701 call_rcu(block, reclaim_ramblock, rcu);
1702 break;
1703 }
1704 }
1705 qemu_mutex_unlock_ramlist();
1706 }
1707
1708 #ifndef _WIN32
1709 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1710 {
1711 RAMBlock *block;
1712 ram_addr_t offset;
1713 int flags;
1714 void *area, *vaddr;
1715
1716 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1717 offset = addr - block->offset;
1718 if (offset < block->max_length) {
1719 vaddr = ramblock_ptr(block, offset);
1720 if (block->flags & RAM_PREALLOC) {
1721 ;
1722 } else if (xen_enabled()) {
1723 abort();
1724 } else {
1725 flags = MAP_FIXED;
1726 if (block->fd >= 0) {
1727 flags |= (block->flags & RAM_SHARED ?
1728 MAP_SHARED : MAP_PRIVATE);
1729 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1730 flags, block->fd, offset);
1731 } else {
1732 /*
1733 * Remap needs to match alloc. Accelerators that
1734 * set phys_mem_alloc never remap. If they did,
1735 * we'd need a remap hook here.
1736 */
1737 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1738
1739 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1740 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1741 flags, -1, 0);
1742 }
1743 if (area != vaddr) {
1744 fprintf(stderr, "Could not remap addr: "
1745 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1746 length, addr);
1747 exit(1);
1748 }
1749 memory_try_enable_merging(vaddr, length);
1750 qemu_ram_setup_dump(vaddr, length);
1751 }
1752 }
1753 }
1754 }
1755 #endif /* !_WIN32 */
1756
1757 int qemu_get_ram_fd(ram_addr_t addr)
1758 {
1759 RAMBlock *block;
1760 int fd;
1761
1762 rcu_read_lock();
1763 block = qemu_get_ram_block(addr);
1764 fd = block->fd;
1765 rcu_read_unlock();
1766 return fd;
1767 }
1768
1769 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1770 {
1771 RAMBlock *block;
1772 void *ptr;
1773
1774 rcu_read_lock();
1775 block = qemu_get_ram_block(addr);
1776 ptr = ramblock_ptr(block, 0);
1777 rcu_read_unlock();
1778 return ptr;
1779 }
1780
1781 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1782 * This should not be used for general purpose DMA. Use address_space_map
1783 * or address_space_rw instead. For local memory (e.g. video ram) that the
1784 * device owns, use memory_region_get_ram_ptr.
1785 *
1786 * By the time this function returns, the returned pointer is not protected
1787 * by RCU anymore. If the caller is not within an RCU critical section and
1788 * does not hold the iothread lock, it must have other means of protecting the
1789 * pointer, such as a reference to the region that includes the incoming
1790 * ram_addr_t.
1791 */
1792 void *qemu_get_ram_ptr(ram_addr_t addr)
1793 {
1794 RAMBlock *block;
1795 void *ptr;
1796
1797 rcu_read_lock();
1798 block = qemu_get_ram_block(addr);
1799
1800 if (xen_enabled() && block->host == NULL) {
1801 /* We need to check if the requested address is in the RAM
1802 * because we don't want to map the entire memory in QEMU.
1803 * In that case just map until the end of the page.
1804 */
1805 if (block->offset == 0) {
1806 ptr = xen_map_cache(addr, 0, 0);
1807 goto unlock;
1808 }
1809
1810 block->host = xen_map_cache(block->offset, block->max_length, 1);
1811 }
1812 ptr = ramblock_ptr(block, addr - block->offset);
1813
1814 unlock:
1815 rcu_read_unlock();
1816 return ptr;
1817 }
1818
1819 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1820 * but takes a size argument.
1821 *
1822 * By the time this function returns, the returned pointer is not protected
1823 * by RCU anymore. If the caller is not within an RCU critical section and
1824 * does not hold the iothread lock, it must have other means of protecting the
1825 * pointer, such as a reference to the region that includes the incoming
1826 * ram_addr_t.
1827 */
1828 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1829 {
1830 void *ptr;
1831 if (*size == 0) {
1832 return NULL;
1833 }
1834 if (xen_enabled()) {
1835 return xen_map_cache(addr, *size, 1);
1836 } else {
1837 RAMBlock *block;
1838 rcu_read_lock();
1839 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1840 if (addr - block->offset < block->max_length) {
1841 if (addr - block->offset + *size > block->max_length)
1842 *size = block->max_length - addr + block->offset;
1843 ptr = ramblock_ptr(block, addr - block->offset);
1844 rcu_read_unlock();
1845 return ptr;
1846 }
1847 }
1848
1849 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1850 abort();
1851 }
1852 }
1853
1854 /* Some of the softmmu routines need to translate from a host pointer
1855 * (typically a TLB entry) back to a ram offset.
1856 *
1857 * By the time this function returns, the returned pointer is not protected
1858 * by RCU anymore. If the caller is not within an RCU critical section and
1859 * does not hold the iothread lock, it must have other means of protecting the
1860 * pointer, such as a reference to the region that includes the incoming
1861 * ram_addr_t.
1862 */
1863 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1864 {
1865 RAMBlock *block;
1866 uint8_t *host = ptr;
1867 MemoryRegion *mr;
1868
1869 if (xen_enabled()) {
1870 rcu_read_lock();
1871 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1872 mr = qemu_get_ram_block(*ram_addr)->mr;
1873 rcu_read_unlock();
1874 return mr;
1875 }
1876
1877 rcu_read_lock();
1878 block = atomic_rcu_read(&ram_list.mru_block);
1879 if (block && block->host && host - block->host < block->max_length) {
1880 goto found;
1881 }
1882
1883 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1884 /* This case append when the block is not mapped. */
1885 if (block->host == NULL) {
1886 continue;
1887 }
1888 if (host - block->host < block->max_length) {
1889 goto found;
1890 }
1891 }
1892
1893 rcu_read_unlock();
1894 return NULL;
1895
1896 found:
1897 *ram_addr = block->offset + (host - block->host);
1898 mr = block->mr;
1899 rcu_read_unlock();
1900 return mr;
1901 }
1902
1903 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1904 uint64_t val, unsigned size)
1905 {
1906 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1907 tb_invalidate_phys_page_fast(ram_addr, size);
1908 }
1909 switch (size) {
1910 case 1:
1911 stb_p(qemu_get_ram_ptr(ram_addr), val);
1912 break;
1913 case 2:
1914 stw_p(qemu_get_ram_ptr(ram_addr), val);
1915 break;
1916 case 4:
1917 stl_p(qemu_get_ram_ptr(ram_addr), val);
1918 break;
1919 default:
1920 abort();
1921 }
1922 /* Set both VGA and migration bits for simplicity and to remove
1923 * the notdirty callback faster.
1924 */
1925 cpu_physical_memory_set_dirty_range(ram_addr, size,
1926 DIRTY_CLIENTS_NOCODE);
1927 /* we remove the notdirty callback only if the code has been
1928 flushed */
1929 if (!cpu_physical_memory_is_clean(ram_addr)) {
1930 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1931 }
1932 }
1933
1934 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1935 unsigned size, bool is_write)
1936 {
1937 return is_write;
1938 }
1939
1940 static const MemoryRegionOps notdirty_mem_ops = {
1941 .write = notdirty_mem_write,
1942 .valid.accepts = notdirty_mem_accepts,
1943 .endianness = DEVICE_NATIVE_ENDIAN,
1944 };
1945
1946 /* Generate a debug exception if a watchpoint has been hit. */
1947 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1948 {
1949 CPUState *cpu = current_cpu;
1950 CPUArchState *env = cpu->env_ptr;
1951 target_ulong pc, cs_base;
1952 target_ulong vaddr;
1953 CPUWatchpoint *wp;
1954 int cpu_flags;
1955
1956 if (cpu->watchpoint_hit) {
1957 /* We re-entered the check after replacing the TB. Now raise
1958 * the debug interrupt so that is will trigger after the
1959 * current instruction. */
1960 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1961 return;
1962 }
1963 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1964 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1965 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1966 && (wp->flags & flags)) {
1967 if (flags == BP_MEM_READ) {
1968 wp->flags |= BP_WATCHPOINT_HIT_READ;
1969 } else {
1970 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1971 }
1972 wp->hitaddr = vaddr;
1973 wp->hitattrs = attrs;
1974 if (!cpu->watchpoint_hit) {
1975 cpu->watchpoint_hit = wp;
1976 tb_check_watchpoint(cpu);
1977 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1978 cpu->exception_index = EXCP_DEBUG;
1979 cpu_loop_exit(cpu);
1980 } else {
1981 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1982 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1983 cpu_resume_from_signal(cpu, NULL);
1984 }
1985 }
1986 } else {
1987 wp->flags &= ~BP_WATCHPOINT_HIT;
1988 }
1989 }
1990 }
1991
1992 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1993 so these check for a hit then pass through to the normal out-of-line
1994 phys routines. */
1995 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
1996 unsigned size, MemTxAttrs attrs)
1997 {
1998 MemTxResult res;
1999 uint64_t data;
2000
2001 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2002 switch (size) {
2003 case 1:
2004 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2005 break;
2006 case 2:
2007 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2008 break;
2009 case 4:
2010 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2011 break;
2012 default: abort();
2013 }
2014 *pdata = data;
2015 return res;
2016 }
2017
2018 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2019 uint64_t val, unsigned size,
2020 MemTxAttrs attrs)
2021 {
2022 MemTxResult res;
2023
2024 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2025 switch (size) {
2026 case 1:
2027 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2028 break;
2029 case 2:
2030 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2031 break;
2032 case 4:
2033 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2034 break;
2035 default: abort();
2036 }
2037 return res;
2038 }
2039
2040 static const MemoryRegionOps watch_mem_ops = {
2041 .read_with_attrs = watch_mem_read,
2042 .write_with_attrs = watch_mem_write,
2043 .endianness = DEVICE_NATIVE_ENDIAN,
2044 };
2045
2046 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2047 unsigned len, MemTxAttrs attrs)
2048 {
2049 subpage_t *subpage = opaque;
2050 uint8_t buf[8];
2051 MemTxResult res;
2052
2053 #if defined(DEBUG_SUBPAGE)
2054 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2055 subpage, len, addr);
2056 #endif
2057 res = address_space_read(subpage->as, addr + subpage->base,
2058 attrs, buf, len);
2059 if (res) {
2060 return res;
2061 }
2062 switch (len) {
2063 case 1:
2064 *data = ldub_p(buf);
2065 return MEMTX_OK;
2066 case 2:
2067 *data = lduw_p(buf);
2068 return MEMTX_OK;
2069 case 4:
2070 *data = ldl_p(buf);
2071 return MEMTX_OK;
2072 case 8:
2073 *data = ldq_p(buf);
2074 return MEMTX_OK;
2075 default:
2076 abort();
2077 }
2078 }
2079
2080 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2081 uint64_t value, unsigned len, MemTxAttrs attrs)
2082 {
2083 subpage_t *subpage = opaque;
2084 uint8_t buf[8];
2085
2086 #if defined(DEBUG_SUBPAGE)
2087 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2088 " value %"PRIx64"\n",
2089 __func__, subpage, len, addr, value);
2090 #endif
2091 switch (len) {
2092 case 1:
2093 stb_p(buf, value);
2094 break;
2095 case 2:
2096 stw_p(buf, value);
2097 break;
2098 case 4:
2099 stl_p(buf, value);
2100 break;
2101 case 8:
2102 stq_p(buf, value);
2103 break;
2104 default:
2105 abort();
2106 }
2107 return address_space_write(subpage->as, addr + subpage->base,
2108 attrs, buf, len);
2109 }
2110
2111 static bool subpage_accepts(void *opaque, hwaddr addr,
2112 unsigned len, bool is_write)
2113 {
2114 subpage_t *subpage = opaque;
2115 #if defined(DEBUG_SUBPAGE)
2116 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2117 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2118 #endif
2119
2120 return address_space_access_valid(subpage->as, addr + subpage->base,
2121 len, is_write);
2122 }
2123
2124 static const MemoryRegionOps subpage_ops = {
2125 .read_with_attrs = subpage_read,
2126 .write_with_attrs = subpage_write,
2127 .impl.min_access_size = 1,
2128 .impl.max_access_size = 8,
2129 .valid.min_access_size = 1,
2130 .valid.max_access_size = 8,
2131 .valid.accepts = subpage_accepts,
2132 .endianness = DEVICE_NATIVE_ENDIAN,
2133 };
2134
2135 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2136 uint16_t section)
2137 {
2138 int idx, eidx;
2139
2140 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2141 return -1;
2142 idx = SUBPAGE_IDX(start);
2143 eidx = SUBPAGE_IDX(end);
2144 #if defined(DEBUG_SUBPAGE)
2145 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2146 __func__, mmio, start, end, idx, eidx, section);
2147 #endif
2148 for (; idx <= eidx; idx++) {
2149 mmio->sub_section[idx] = section;
2150 }
2151
2152 return 0;
2153 }
2154
2155 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2156 {
2157 subpage_t *mmio;
2158
2159 mmio = g_malloc0(sizeof(subpage_t));
2160
2161 mmio->as = as;
2162 mmio->base = base;
2163 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2164 NULL, TARGET_PAGE_SIZE);
2165 mmio->iomem.subpage = true;
2166 #if defined(DEBUG_SUBPAGE)
2167 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2168 mmio, base, TARGET_PAGE_SIZE);
2169 #endif
2170 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2171
2172 return mmio;
2173 }
2174
2175 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2176 MemoryRegion *mr)
2177 {
2178 assert(as);
2179 MemoryRegionSection section = {
2180 .address_space = as,
2181 .mr = mr,
2182 .offset_within_address_space = 0,
2183 .offset_within_region = 0,
2184 .size = int128_2_64(),
2185 };
2186
2187 return phys_section_add(map, &section);
2188 }
2189
2190 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2191 {
2192 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2193 MemoryRegionSection *sections = d->map.sections;
2194
2195 return sections[index & ~TARGET_PAGE_MASK].mr;
2196 }
2197
2198 static void io_mem_init(void)
2199 {
2200 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2201 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2202 NULL, UINT64_MAX);
2203 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2204 NULL, UINT64_MAX);
2205 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2206 NULL, UINT64_MAX);
2207 }
2208
2209 static void mem_begin(MemoryListener *listener)
2210 {
2211 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2212 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2213 uint16_t n;
2214
2215 n = dummy_section(&d->map, as, &io_mem_unassigned);
2216 assert(n == PHYS_SECTION_UNASSIGNED);
2217 n = dummy_section(&d->map, as, &io_mem_notdirty);
2218 assert(n == PHYS_SECTION_NOTDIRTY);
2219 n = dummy_section(&d->map, as, &io_mem_rom);
2220 assert(n == PHYS_SECTION_ROM);
2221 n = dummy_section(&d->map, as, &io_mem_watch);
2222 assert(n == PHYS_SECTION_WATCH);
2223
2224 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2225 d->as = as;
2226 as->next_dispatch = d;
2227 }
2228
2229 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2230 {
2231 phys_sections_free(&d->map);
2232 g_free(d);
2233 }
2234
2235 static void mem_commit(MemoryListener *listener)
2236 {
2237 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2238 AddressSpaceDispatch *cur = as->dispatch;
2239 AddressSpaceDispatch *next = as->next_dispatch;
2240
2241 phys_page_compact_all(next, next->map.nodes_nb);
2242
2243 atomic_rcu_set(&as->dispatch, next);
2244 if (cur) {
2245 call_rcu(cur, address_space_dispatch_free, rcu);
2246 }
2247 }
2248
2249 static void tcg_commit(MemoryListener *listener)
2250 {
2251 CPUState *cpu;
2252
2253 /* since each CPU stores ram addresses in its TLB cache, we must
2254 reset the modified entries */
2255 /* XXX: slow ! */
2256 CPU_FOREACH(cpu) {
2257 /* FIXME: Disentangle the cpu.h circular files deps so we can
2258 directly get the right CPU from listener. */
2259 if (cpu->tcg_as_listener != listener) {
2260 continue;
2261 }
2262 cpu_reload_memory_map(cpu);
2263 }
2264 }
2265
2266 void address_space_init_dispatch(AddressSpace *as)
2267 {
2268 as->dispatch = NULL;
2269 as->dispatch_listener = (MemoryListener) {
2270 .begin = mem_begin,
2271 .commit = mem_commit,
2272 .region_add = mem_add,
2273 .region_nop = mem_add,
2274 .priority = 0,
2275 };
2276 memory_listener_register(&as->dispatch_listener, as);
2277 }
2278
2279 void address_space_unregister(AddressSpace *as)
2280 {
2281 memory_listener_unregister(&as->dispatch_listener);
2282 }
2283
2284 void address_space_destroy_dispatch(AddressSpace *as)
2285 {
2286 AddressSpaceDispatch *d = as->dispatch;
2287
2288 atomic_rcu_set(&as->dispatch, NULL);
2289 if (d) {
2290 call_rcu(d, address_space_dispatch_free, rcu);
2291 }
2292 }
2293
2294 static void memory_map_init(void)
2295 {
2296 system_memory = g_malloc(sizeof(*system_memory));
2297
2298 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2299 address_space_init(&address_space_memory, system_memory, "memory");
2300
2301 system_io = g_malloc(sizeof(*system_io));
2302 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2303 65536);
2304 address_space_init(&address_space_io, system_io, "I/O");
2305 }
2306
2307 MemoryRegion *get_system_memory(void)
2308 {
2309 return system_memory;
2310 }
2311
2312 MemoryRegion *get_system_io(void)
2313 {
2314 return system_io;
2315 }
2316
2317 #endif /* !defined(CONFIG_USER_ONLY) */
2318
2319 /* physical memory access (slow version, mainly for debug) */
2320 #if defined(CONFIG_USER_ONLY)
2321 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2322 uint8_t *buf, int len, int is_write)
2323 {
2324 int l, flags;
2325 target_ulong page;
2326 void * p;
2327
2328 while (len > 0) {
2329 page = addr & TARGET_PAGE_MASK;
2330 l = (page + TARGET_PAGE_SIZE) - addr;
2331 if (l > len)
2332 l = len;
2333 flags = page_get_flags(page);
2334 if (!(flags & PAGE_VALID))
2335 return -1;
2336 if (is_write) {
2337 if (!(flags & PAGE_WRITE))
2338 return -1;
2339 /* XXX: this code should not depend on lock_user */
2340 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2341 return -1;
2342 memcpy(p, buf, l);
2343 unlock_user(p, addr, l);
2344 } else {
2345 if (!(flags & PAGE_READ))
2346 return -1;
2347 /* XXX: this code should not depend on lock_user */
2348 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2349 return -1;
2350 memcpy(buf, p, l);
2351 unlock_user(p, addr, 0);
2352 }
2353 len -= l;
2354 buf += l;
2355 addr += l;
2356 }
2357 return 0;
2358 }
2359
2360 #else
2361
2362 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2363 hwaddr length)
2364 {
2365 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2366 /* No early return if dirty_log_mask is or becomes 0, because
2367 * cpu_physical_memory_set_dirty_range will still call
2368 * xen_modified_memory.
2369 */
2370 if (dirty_log_mask) {
2371 dirty_log_mask =
2372 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2373 }
2374 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2375 tb_invalidate_phys_range(addr, addr + length);
2376 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2377 }
2378 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2379 }
2380
2381 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2382 {
2383 unsigned access_size_max = mr->ops->valid.max_access_size;
2384
2385 /* Regions are assumed to support 1-4 byte accesses unless
2386 otherwise specified. */
2387 if (access_size_max == 0) {
2388 access_size_max = 4;
2389 }
2390
2391 /* Bound the maximum access by the alignment of the address. */
2392 if (!mr->ops->impl.unaligned) {
2393 unsigned align_size_max = addr & -addr;
2394 if (align_size_max != 0 && align_size_max < access_size_max) {
2395 access_size_max = align_size_max;
2396 }
2397 }
2398
2399 /* Don't attempt accesses larger than the maximum. */
2400 if (l > access_size_max) {
2401 l = access_size_max;
2402 }
2403 l = pow2floor(l);
2404
2405 return l;
2406 }
2407
2408 static bool prepare_mmio_access(MemoryRegion *mr)
2409 {
2410 bool unlocked = !qemu_mutex_iothread_locked();
2411 bool release_lock = false;
2412
2413 if (unlocked && mr->global_locking) {
2414 qemu_mutex_lock_iothread();
2415 unlocked = false;
2416 release_lock = true;
2417 }
2418 if (mr->flush_coalesced_mmio) {
2419 if (unlocked) {
2420 qemu_mutex_lock_iothread();
2421 }
2422 qemu_flush_coalesced_mmio_buffer();
2423 if (unlocked) {
2424 qemu_mutex_unlock_iothread();
2425 }
2426 }
2427
2428 return release_lock;
2429 }
2430
2431 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2432 uint8_t *buf, int len, bool is_write)
2433 {
2434 hwaddr l;
2435 uint8_t *ptr;
2436 uint64_t val;
2437 hwaddr addr1;
2438 MemoryRegion *mr;
2439 MemTxResult result = MEMTX_OK;
2440 bool release_lock = false;
2441
2442 rcu_read_lock();
2443 while (len > 0) {
2444 l = len;
2445 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2446
2447 if (is_write) {
2448 if (!memory_access_is_direct(mr, is_write)) {
2449 release_lock |= prepare_mmio_access(mr);
2450 l = memory_access_size(mr, l, addr1);
2451 /* XXX: could force current_cpu to NULL to avoid
2452 potential bugs */
2453 switch (l) {
2454 case 8:
2455 /* 64 bit write access */
2456 val = ldq_p(buf);
2457 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2458 attrs);
2459 break;
2460 case 4:
2461 /* 32 bit write access */
2462 val = ldl_p(buf);
2463 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2464 attrs);
2465 break;
2466 case 2:
2467 /* 16 bit write access */
2468 val = lduw_p(buf);
2469 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2470 attrs);
2471 break;
2472 case 1:
2473 /* 8 bit write access */
2474 val = ldub_p(buf);
2475 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2476 attrs);
2477 break;
2478 default:
2479 abort();
2480 }
2481 } else {
2482 addr1 += memory_region_get_ram_addr(mr);
2483 /* RAM case */
2484 ptr = qemu_get_ram_ptr(addr1);
2485 memcpy(ptr, buf, l);
2486 invalidate_and_set_dirty(mr, addr1, l);
2487 }
2488 } else {
2489 if (!memory_access_is_direct(mr, is_write)) {
2490 /* I/O case */
2491 release_lock |= prepare_mmio_access(mr);
2492 l = memory_access_size(mr, l, addr1);
2493 switch (l) {
2494 case 8:
2495 /* 64 bit read access */
2496 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2497 attrs);
2498 stq_p(buf, val);
2499 break;
2500 case 4:
2501 /* 32 bit read access */
2502 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2503 attrs);
2504 stl_p(buf, val);
2505 break;
2506 case 2:
2507 /* 16 bit read access */
2508 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2509 attrs);
2510 stw_p(buf, val);
2511 break;
2512 case 1:
2513 /* 8 bit read access */
2514 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2515 attrs);
2516 stb_p(buf, val);
2517 break;
2518 default:
2519 abort();
2520 }
2521 } else {
2522 /* RAM case */
2523 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2524 memcpy(buf, ptr, l);
2525 }
2526 }
2527
2528 if (release_lock) {
2529 qemu_mutex_unlock_iothread();
2530 release_lock = false;
2531 }
2532
2533 len -= l;
2534 buf += l;
2535 addr += l;
2536 }
2537 rcu_read_unlock();
2538
2539 return result;
2540 }
2541
2542 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2543 const uint8_t *buf, int len)
2544 {
2545 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2546 }
2547
2548 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2549 uint8_t *buf, int len)
2550 {
2551 return address_space_rw(as, addr, attrs, buf, len, false);
2552 }
2553
2554
2555 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2556 int len, int is_write)
2557 {
2558 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2559 buf, len, is_write);
2560 }
2561
2562 enum write_rom_type {
2563 WRITE_DATA,
2564 FLUSH_CACHE,
2565 };
2566
2567 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2568 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2569 {
2570 hwaddr l;
2571 uint8_t *ptr;
2572 hwaddr addr1;
2573 MemoryRegion *mr;
2574
2575 rcu_read_lock();
2576 while (len > 0) {
2577 l = len;
2578 mr = address_space_translate(as, addr, &addr1, &l, true);
2579
2580 if (!(memory_region_is_ram(mr) ||
2581 memory_region_is_romd(mr))) {
2582 l = memory_access_size(mr, l, addr1);
2583 } else {
2584 addr1 += memory_region_get_ram_addr(mr);
2585 /* ROM/RAM case */
2586 ptr = qemu_get_ram_ptr(addr1);
2587 switch (type) {
2588 case WRITE_DATA:
2589 memcpy(ptr, buf, l);
2590 invalidate_and_set_dirty(mr, addr1, l);
2591 break;
2592 case FLUSH_CACHE:
2593 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2594 break;
2595 }
2596 }
2597 len -= l;
2598 buf += l;
2599 addr += l;
2600 }
2601 rcu_read_unlock();
2602 }
2603
2604 /* used for ROM loading : can write in RAM and ROM */
2605 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2606 const uint8_t *buf, int len)
2607 {
2608 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2609 }
2610
2611 void cpu_flush_icache_range(hwaddr start, int len)
2612 {
2613 /*
2614 * This function should do the same thing as an icache flush that was
2615 * triggered from within the guest. For TCG we are always cache coherent,
2616 * so there is no need to flush anything. For KVM / Xen we need to flush
2617 * the host's instruction cache at least.
2618 */
2619 if (tcg_enabled()) {
2620 return;
2621 }
2622
2623 cpu_physical_memory_write_rom_internal(&address_space_memory,
2624 start, NULL, len, FLUSH_CACHE);
2625 }
2626
2627 typedef struct {
2628 MemoryRegion *mr;
2629 void *buffer;
2630 hwaddr addr;
2631 hwaddr len;
2632 bool in_use;
2633 } BounceBuffer;
2634
2635 static BounceBuffer bounce;
2636
2637 typedef struct MapClient {
2638 QEMUBH *bh;
2639 QLIST_ENTRY(MapClient) link;
2640 } MapClient;
2641
2642 QemuMutex map_client_list_lock;
2643 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2644 = QLIST_HEAD_INITIALIZER(map_client_list);
2645
2646 static void cpu_unregister_map_client_do(MapClient *client)
2647 {
2648 QLIST_REMOVE(client, link);
2649 g_free(client);
2650 }
2651
2652 static void cpu_notify_map_clients_locked(void)
2653 {
2654 MapClient *client;
2655
2656 while (!QLIST_EMPTY(&map_client_list)) {
2657 client = QLIST_FIRST(&map_client_list);
2658 qemu_bh_schedule(client->bh);
2659 cpu_unregister_map_client_do(client);
2660 }
2661 }
2662
2663 void cpu_register_map_client(QEMUBH *bh)
2664 {
2665 MapClient *client = g_malloc(sizeof(*client));
2666
2667 qemu_mutex_lock(&map_client_list_lock);
2668 client->bh = bh;
2669 QLIST_INSERT_HEAD(&map_client_list, client, link);
2670 if (!atomic_read(&bounce.in_use)) {
2671 cpu_notify_map_clients_locked();
2672 }
2673 qemu_mutex_unlock(&map_client_list_lock);
2674 }
2675
2676 void cpu_exec_init_all(void)
2677 {
2678 qemu_mutex_init(&ram_list.mutex);
2679 memory_map_init();
2680 io_mem_init();
2681 qemu_mutex_init(&map_client_list_lock);
2682 }
2683
2684 void cpu_unregister_map_client(QEMUBH *bh)
2685 {
2686 MapClient *client;
2687
2688 qemu_mutex_lock(&map_client_list_lock);
2689 QLIST_FOREACH(client, &map_client_list, link) {
2690 if (client->bh == bh) {
2691 cpu_unregister_map_client_do(client);
2692 break;
2693 }
2694 }
2695 qemu_mutex_unlock(&map_client_list_lock);
2696 }
2697
2698 static void cpu_notify_map_clients(void)
2699 {
2700 qemu_mutex_lock(&map_client_list_lock);
2701 cpu_notify_map_clients_locked();
2702 qemu_mutex_unlock(&map_client_list_lock);
2703 }
2704
2705 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2706 {
2707 MemoryRegion *mr;
2708 hwaddr l, xlat;
2709
2710 rcu_read_lock();
2711 while (len > 0) {
2712 l = len;
2713 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2714 if (!memory_access_is_direct(mr, is_write)) {
2715 l = memory_access_size(mr, l, addr);
2716 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2717 return false;
2718 }
2719 }
2720
2721 len -= l;
2722 addr += l;
2723 }
2724 rcu_read_unlock();
2725 return true;
2726 }
2727
2728 /* Map a physical memory region into a host virtual address.
2729 * May map a subset of the requested range, given by and returned in *plen.
2730 * May return NULL if resources needed to perform the mapping are exhausted.
2731 * Use only for reads OR writes - not for read-modify-write operations.
2732 * Use cpu_register_map_client() to know when retrying the map operation is
2733 * likely to succeed.
2734 */
2735 void *address_space_map(AddressSpace *as,
2736 hwaddr addr,
2737 hwaddr *plen,
2738 bool is_write)
2739 {
2740 hwaddr len = *plen;
2741 hwaddr done = 0;
2742 hwaddr l, xlat, base;
2743 MemoryRegion *mr, *this_mr;
2744 ram_addr_t raddr;
2745
2746 if (len == 0) {
2747 return NULL;
2748 }
2749
2750 l = len;
2751 rcu_read_lock();
2752 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2753
2754 if (!memory_access_is_direct(mr, is_write)) {
2755 if (atomic_xchg(&bounce.in_use, true)) {
2756 rcu_read_unlock();
2757 return NULL;
2758 }
2759 /* Avoid unbounded allocations */
2760 l = MIN(l, TARGET_PAGE_SIZE);
2761 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2762 bounce.addr = addr;
2763 bounce.len = l;
2764
2765 memory_region_ref(mr);
2766 bounce.mr = mr;
2767 if (!is_write) {
2768 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2769 bounce.buffer, l);
2770 }
2771
2772 rcu_read_unlock();
2773 *plen = l;
2774 return bounce.buffer;
2775 }
2776
2777 base = xlat;
2778 raddr = memory_region_get_ram_addr(mr);
2779
2780 for (;;) {
2781 len -= l;
2782 addr += l;
2783 done += l;
2784 if (len == 0) {
2785 break;
2786 }
2787
2788 l = len;
2789 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2790 if (this_mr != mr || xlat != base + done) {
2791 break;
2792 }
2793 }
2794
2795 memory_region_ref(mr);
2796 rcu_read_unlock();
2797 *plen = done;
2798 return qemu_ram_ptr_length(raddr + base, plen);
2799 }
2800
2801 /* Unmaps a memory region previously mapped by address_space_map().
2802 * Will also mark the memory as dirty if is_write == 1. access_len gives
2803 * the amount of memory that was actually read or written by the caller.
2804 */
2805 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2806 int is_write, hwaddr access_len)
2807 {
2808 if (buffer != bounce.buffer) {
2809 MemoryRegion *mr;
2810 ram_addr_t addr1;
2811
2812 mr = qemu_ram_addr_from_host(buffer, &addr1);
2813 assert(mr != NULL);
2814 if (is_write) {
2815 invalidate_and_set_dirty(mr, addr1, access_len);
2816 }
2817 if (xen_enabled()) {
2818 xen_invalidate_map_cache_entry(buffer);
2819 }
2820 memory_region_unref(mr);
2821 return;
2822 }
2823 if (is_write) {
2824 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2825 bounce.buffer, access_len);
2826 }
2827 qemu_vfree(bounce.buffer);
2828 bounce.buffer = NULL;
2829 memory_region_unref(bounce.mr);
2830 atomic_mb_set(&bounce.in_use, false);
2831 cpu_notify_map_clients();
2832 }
2833
2834 void *cpu_physical_memory_map(hwaddr addr,
2835 hwaddr *plen,
2836 int is_write)
2837 {
2838 return address_space_map(&address_space_memory, addr, plen, is_write);
2839 }
2840
2841 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2842 int is_write, hwaddr access_len)
2843 {
2844 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2845 }
2846
2847 /* warning: addr must be aligned */
2848 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2849 MemTxAttrs attrs,
2850 MemTxResult *result,
2851 enum device_endian endian)
2852 {
2853 uint8_t *ptr;
2854 uint64_t val;
2855 MemoryRegion *mr;
2856 hwaddr l = 4;
2857 hwaddr addr1;
2858 MemTxResult r;
2859 bool release_lock = false;
2860
2861 rcu_read_lock();
2862 mr = address_space_translate(as, addr, &addr1, &l, false);
2863 if (l < 4 || !memory_access_is_direct(mr, false)) {
2864 release_lock |= prepare_mmio_access(mr);
2865
2866 /* I/O case */
2867 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2868 #if defined(TARGET_WORDS_BIGENDIAN)
2869 if (endian == DEVICE_LITTLE_ENDIAN) {
2870 val = bswap32(val);
2871 }
2872 #else
2873 if (endian == DEVICE_BIG_ENDIAN) {
2874 val = bswap32(val);
2875 }
2876 #endif
2877 } else {
2878 /* RAM case */
2879 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2880 & TARGET_PAGE_MASK)
2881 + addr1);
2882 switch (endian) {
2883 case DEVICE_LITTLE_ENDIAN:
2884 val = ldl_le_p(ptr);
2885 break;
2886 case DEVICE_BIG_ENDIAN:
2887 val = ldl_be_p(ptr);
2888 break;
2889 default:
2890 val = ldl_p(ptr);
2891 break;
2892 }
2893 r = MEMTX_OK;
2894 }
2895 if (result) {
2896 *result = r;
2897 }
2898 if (release_lock) {
2899 qemu_mutex_unlock_iothread();
2900 }
2901 rcu_read_unlock();
2902 return val;
2903 }
2904
2905 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2906 MemTxAttrs attrs, MemTxResult *result)
2907 {
2908 return address_space_ldl_internal(as, addr, attrs, result,
2909 DEVICE_NATIVE_ENDIAN);
2910 }
2911
2912 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2913 MemTxAttrs attrs, MemTxResult *result)
2914 {
2915 return address_space_ldl_internal(as, addr, attrs, result,
2916 DEVICE_LITTLE_ENDIAN);
2917 }
2918
2919 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2920 MemTxAttrs attrs, MemTxResult *result)
2921 {
2922 return address_space_ldl_internal(as, addr, attrs, result,
2923 DEVICE_BIG_ENDIAN);
2924 }
2925
2926 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2927 {
2928 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2929 }
2930
2931 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2932 {
2933 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2934 }
2935
2936 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2937 {
2938 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2939 }
2940
2941 /* warning: addr must be aligned */
2942 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2943 MemTxAttrs attrs,
2944 MemTxResult *result,
2945 enum device_endian endian)
2946 {
2947 uint8_t *ptr;
2948 uint64_t val;
2949 MemoryRegion *mr;
2950 hwaddr l = 8;
2951 hwaddr addr1;
2952 MemTxResult r;
2953 bool release_lock = false;
2954
2955 rcu_read_lock();
2956 mr = address_space_translate(as, addr, &addr1, &l,
2957 false);
2958 if (l < 8 || !memory_access_is_direct(mr, false)) {
2959 release_lock |= prepare_mmio_access(mr);
2960
2961 /* I/O case */
2962 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2963 #if defined(TARGET_WORDS_BIGENDIAN)
2964 if (endian == DEVICE_LITTLE_ENDIAN) {
2965 val = bswap64(val);
2966 }
2967 #else
2968 if (endian == DEVICE_BIG_ENDIAN) {
2969 val = bswap64(val);
2970 }
2971 #endif
2972 } else {
2973 /* RAM case */
2974 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2975 & TARGET_PAGE_MASK)
2976 + addr1);
2977 switch (endian) {
2978 case DEVICE_LITTLE_ENDIAN:
2979 val = ldq_le_p(ptr);
2980 break;
2981 case DEVICE_BIG_ENDIAN:
2982 val = ldq_be_p(ptr);
2983 break;
2984 default:
2985 val = ldq_p(ptr);
2986 break;
2987 }
2988 r = MEMTX_OK;
2989 }
2990 if (result) {
2991 *result = r;
2992 }
2993 if (release_lock) {
2994 qemu_mutex_unlock_iothread();
2995 }
2996 rcu_read_unlock();
2997 return val;
2998 }
2999
3000 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3001 MemTxAttrs attrs, MemTxResult *result)
3002 {
3003 return address_space_ldq_internal(as, addr, attrs, result,
3004 DEVICE_NATIVE_ENDIAN);
3005 }
3006
3007 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3008 MemTxAttrs attrs, MemTxResult *result)
3009 {
3010 return address_space_ldq_internal(as, addr, attrs, result,
3011 DEVICE_LITTLE_ENDIAN);
3012 }
3013
3014 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3015 MemTxAttrs attrs, MemTxResult *result)
3016 {
3017 return address_space_ldq_internal(as, addr, attrs, result,
3018 DEVICE_BIG_ENDIAN);
3019 }
3020
3021 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3022 {
3023 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3024 }
3025
3026 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3027 {
3028 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3029 }
3030
3031 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3032 {
3033 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3034 }
3035
3036 /* XXX: optimize */
3037 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3038 MemTxAttrs attrs, MemTxResult *result)
3039 {
3040 uint8_t val;
3041 MemTxResult r;
3042
3043 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3044 if (result) {
3045 *result = r;
3046 }
3047 return val;
3048 }
3049
3050 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3051 {
3052 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3053 }
3054
3055 /* warning: addr must be aligned */
3056 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3057 hwaddr addr,
3058 MemTxAttrs attrs,
3059 MemTxResult *result,
3060 enum device_endian endian)
3061 {
3062 uint8_t *ptr;
3063 uint64_t val;
3064 MemoryRegion *mr;
3065 hwaddr l = 2;
3066 hwaddr addr1;
3067 MemTxResult r;
3068 bool release_lock = false;
3069
3070 rcu_read_lock();
3071 mr = address_space_translate(as, addr, &addr1, &l,
3072 false);
3073 if (l < 2 || !memory_access_is_direct(mr, false)) {
3074 release_lock |= prepare_mmio_access(mr);
3075
3076 /* I/O case */
3077 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3078 #if defined(TARGET_WORDS_BIGENDIAN)
3079 if (endian == DEVICE_LITTLE_ENDIAN) {
3080 val = bswap16(val);
3081 }
3082 #else
3083 if (endian == DEVICE_BIG_ENDIAN) {
3084 val = bswap16(val);
3085 }
3086 #endif
3087 } else {
3088 /* RAM case */
3089 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3090 & TARGET_PAGE_MASK)
3091 + addr1);
3092 switch (endian) {
3093 case DEVICE_LITTLE_ENDIAN:
3094 val = lduw_le_p(ptr);
3095 break;
3096 case DEVICE_BIG_ENDIAN:
3097 val = lduw_be_p(ptr);
3098 break;
3099 default:
3100 val = lduw_p(ptr);
3101 break;
3102 }
3103 r = MEMTX_OK;
3104 }
3105 if (result) {
3106 *result = r;
3107 }
3108 if (release_lock) {
3109 qemu_mutex_unlock_iothread();
3110 }
3111 rcu_read_unlock();
3112 return val;
3113 }
3114
3115 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3116 MemTxAttrs attrs, MemTxResult *result)
3117 {
3118 return address_space_lduw_internal(as, addr, attrs, result,
3119 DEVICE_NATIVE_ENDIAN);
3120 }
3121
3122 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3123 MemTxAttrs attrs, MemTxResult *result)
3124 {
3125 return address_space_lduw_internal(as, addr, attrs, result,
3126 DEVICE_LITTLE_ENDIAN);
3127 }
3128
3129 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3130 MemTxAttrs attrs, MemTxResult *result)
3131 {
3132 return address_space_lduw_internal(as, addr, attrs, result,
3133 DEVICE_BIG_ENDIAN);
3134 }
3135
3136 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3137 {
3138 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3139 }
3140
3141 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3142 {
3143 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3144 }
3145
3146 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3147 {
3148 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3149 }
3150
3151 /* warning: addr must be aligned. The ram page is not masked as dirty
3152 and the code inside is not invalidated. It is useful if the dirty
3153 bits are used to track modified PTEs */
3154 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3155 MemTxAttrs attrs, MemTxResult *result)
3156 {
3157 uint8_t *ptr;
3158 MemoryRegion *mr;
3159 hwaddr l = 4;
3160 hwaddr addr1;
3161 MemTxResult r;
3162 uint8_t dirty_log_mask;
3163 bool release_lock = false;
3164
3165 rcu_read_lock();
3166 mr = address_space_translate(as, addr, &addr1, &l,
3167 true);
3168 if (l < 4 || !memory_access_is_direct(mr, true)) {
3169 release_lock |= prepare_mmio_access(mr);
3170
3171 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3172 } else {
3173 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3174 ptr = qemu_get_ram_ptr(addr1);
3175 stl_p(ptr, val);
3176
3177 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3178 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3179 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3180 r = MEMTX_OK;
3181 }
3182 if (result) {
3183 *result = r;
3184 }
3185 if (release_lock) {
3186 qemu_mutex_unlock_iothread();
3187 }
3188 rcu_read_unlock();
3189 }
3190
3191 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3192 {
3193 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3194 }
3195
3196 /* warning: addr must be aligned */
3197 static inline void address_space_stl_internal(AddressSpace *as,
3198 hwaddr addr, uint32_t val,
3199 MemTxAttrs attrs,
3200 MemTxResult *result,
3201 enum device_endian endian)
3202 {
3203 uint8_t *ptr;
3204 MemoryRegion *mr;
3205 hwaddr l = 4;
3206 hwaddr addr1;
3207 MemTxResult r;
3208 bool release_lock = false;
3209
3210 rcu_read_lock();
3211 mr = address_space_translate(as, addr, &addr1, &l,
3212 true);
3213 if (l < 4 || !memory_access_is_direct(mr, true)) {
3214 release_lock |= prepare_mmio_access(mr);
3215
3216 #if defined(TARGET_WORDS_BIGENDIAN)
3217 if (endian == DEVICE_LITTLE_ENDIAN) {
3218 val = bswap32(val);
3219 }
3220 #else
3221 if (endian == DEVICE_BIG_ENDIAN) {
3222 val = bswap32(val);
3223 }
3224 #endif
3225 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3226 } else {
3227 /* RAM case */
3228 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3229 ptr = qemu_get_ram_ptr(addr1);
3230 switch (endian) {
3231 case DEVICE_LITTLE_ENDIAN:
3232 stl_le_p(ptr, val);
3233 break;
3234 case DEVICE_BIG_ENDIAN:
3235 stl_be_p(ptr, val);
3236 break;
3237 default:
3238 stl_p(ptr, val);
3239 break;
3240 }
3241 invalidate_and_set_dirty(mr, addr1, 4);
3242 r = MEMTX_OK;
3243 }
3244 if (result) {
3245 *result = r;
3246 }
3247 if (release_lock) {
3248 qemu_mutex_unlock_iothread();
3249 }
3250 rcu_read_unlock();
3251 }
3252
3253 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3254 MemTxAttrs attrs, MemTxResult *result)
3255 {
3256 address_space_stl_internal(as, addr, val, attrs, result,
3257 DEVICE_NATIVE_ENDIAN);
3258 }
3259
3260 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3261 MemTxAttrs attrs, MemTxResult *result)
3262 {
3263 address_space_stl_internal(as, addr, val, attrs, result,
3264 DEVICE_LITTLE_ENDIAN);
3265 }
3266
3267 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3268 MemTxAttrs attrs, MemTxResult *result)
3269 {
3270 address_space_stl_internal(as, addr, val, attrs, result,
3271 DEVICE_BIG_ENDIAN);
3272 }
3273
3274 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3275 {
3276 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3277 }
3278
3279 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3280 {
3281 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3282 }
3283
3284 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3285 {
3286 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3287 }
3288
3289 /* XXX: optimize */
3290 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3291 MemTxAttrs attrs, MemTxResult *result)
3292 {
3293 uint8_t v = val;
3294 MemTxResult r;
3295
3296 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3297 if (result) {
3298 *result = r;
3299 }
3300 }
3301
3302 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3303 {
3304 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3305 }
3306
3307 /* warning: addr must be aligned */
3308 static inline void address_space_stw_internal(AddressSpace *as,
3309 hwaddr addr, uint32_t val,
3310 MemTxAttrs attrs,
3311 MemTxResult *result,
3312 enum device_endian endian)
3313 {
3314 uint8_t *ptr;
3315 MemoryRegion *mr;
3316 hwaddr l = 2;
3317 hwaddr addr1;
3318 MemTxResult r;
3319 bool release_lock = false;
3320
3321 rcu_read_lock();
3322 mr = address_space_translate(as, addr, &addr1, &l, true);
3323 if (l < 2 || !memory_access_is_direct(mr, true)) {
3324 release_lock |= prepare_mmio_access(mr);
3325
3326 #if defined(TARGET_WORDS_BIGENDIAN)
3327 if (endian == DEVICE_LITTLE_ENDIAN) {
3328 val = bswap16(val);
3329 }
3330 #else
3331 if (endian == DEVICE_BIG_ENDIAN) {
3332 val = bswap16(val);
3333 }
3334 #endif
3335 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3336 } else {
3337 /* RAM case */
3338 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3339 ptr = qemu_get_ram_ptr(addr1);
3340 switch (endian) {
3341 case DEVICE_LITTLE_ENDIAN:
3342 stw_le_p(ptr, val);
3343 break;
3344 case DEVICE_BIG_ENDIAN:
3345 stw_be_p(ptr, val);
3346 break;
3347 default:
3348 stw_p(ptr, val);
3349 break;
3350 }
3351 invalidate_and_set_dirty(mr, addr1, 2);
3352 r = MEMTX_OK;
3353 }
3354 if (result) {
3355 *result = r;
3356 }
3357 if (release_lock) {
3358 qemu_mutex_unlock_iothread();
3359 }
3360 rcu_read_unlock();
3361 }
3362
3363 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3364 MemTxAttrs attrs, MemTxResult *result)
3365 {
3366 address_space_stw_internal(as, addr, val, attrs, result,
3367 DEVICE_NATIVE_ENDIAN);
3368 }
3369
3370 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3371 MemTxAttrs attrs, MemTxResult *result)
3372 {
3373 address_space_stw_internal(as, addr, val, attrs, result,
3374 DEVICE_LITTLE_ENDIAN);
3375 }
3376
3377 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3378 MemTxAttrs attrs, MemTxResult *result)
3379 {
3380 address_space_stw_internal(as, addr, val, attrs, result,
3381 DEVICE_BIG_ENDIAN);
3382 }
3383
3384 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3385 {
3386 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3387 }
3388
3389 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3390 {
3391 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3392 }
3393
3394 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3395 {
3396 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3397 }
3398
3399 /* XXX: optimize */
3400 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3401 MemTxAttrs attrs, MemTxResult *result)
3402 {
3403 MemTxResult r;
3404 val = tswap64(val);
3405 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3406 if (result) {
3407 *result = r;
3408 }
3409 }
3410
3411 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3412 MemTxAttrs attrs, MemTxResult *result)
3413 {
3414 MemTxResult r;
3415 val = cpu_to_le64(val);
3416 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3417 if (result) {
3418 *result = r;
3419 }
3420 }
3421 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3422 MemTxAttrs attrs, MemTxResult *result)
3423 {
3424 MemTxResult r;
3425 val = cpu_to_be64(val);
3426 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3427 if (result) {
3428 *result = r;
3429 }
3430 }
3431
3432 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3433 {
3434 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3435 }
3436
3437 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3438 {
3439 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3440 }
3441
3442 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3443 {
3444 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3445 }
3446
3447 /* virtual memory access for debug (includes writing to ROM) */
3448 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3449 uint8_t *buf, int len, int is_write)
3450 {
3451 int l;
3452 hwaddr phys_addr;
3453 target_ulong page;
3454
3455 while (len > 0) {
3456 page = addr & TARGET_PAGE_MASK;
3457 phys_addr = cpu_get_phys_page_debug(cpu, page);
3458 /* if no physical page mapped, return an error */
3459 if (phys_addr == -1)
3460 return -1;
3461 l = (page + TARGET_PAGE_SIZE) - addr;
3462 if (l > len)
3463 l = len;
3464 phys_addr += (addr & ~TARGET_PAGE_MASK);
3465 if (is_write) {
3466 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3467 } else {
3468 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3469 buf, l, 0);
3470 }
3471 len -= l;
3472 buf += l;
3473 addr += l;
3474 }
3475 return 0;
3476 }
3477 #endif
3478
3479 /*
3480 * A helper function for the _utterly broken_ virtio device model to find out if
3481 * it's running on a big endian machine. Don't do this at home kids!
3482 */
3483 bool target_words_bigendian(void);
3484 bool target_words_bigendian(void)
3485 {
3486 #if defined(TARGET_WORDS_BIGENDIAN)
3487 return true;
3488 #else
3489 return false;
3490 #endif
3491 }
3492
3493 #ifndef CONFIG_USER_ONLY
3494 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3495 {
3496 MemoryRegion*mr;
3497 hwaddr l = 1;
3498 bool res;
3499
3500 rcu_read_lock();
3501 mr = address_space_translate(&address_space_memory,
3502 phys_addr, &phys_addr, &l, false);
3503
3504 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3505 rcu_read_unlock();
3506 return res;
3507 }
3508
3509 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3510 {
3511 RAMBlock *block;
3512 int ret = 0;
3513
3514 rcu_read_lock();
3515 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3516 ret = func(block->idstr, block->host, block->offset,
3517 block->used_length, opaque);
3518 if (ret) {
3519 break;
3520 }
3521 }
3522 rcu_read_unlock();
3523 return ret;
3524 }
3525 #endif
AR7 emulation for QEMU