2 * mmap support for qemu
4 * Copyright (c) 2003 Fabrice Bellard
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
25 #include <sys/types.h>
28 #include <linux/mman.h>
29 #include <linux/unistd.h>
32 #include "qemu-common.h"
33 #include "translate-all.h"
37 static pthread_mutex_t mmap_mutex
= PTHREAD_MUTEX_INITIALIZER
;
38 static __thread
int mmap_lock_count
;
42 if (mmap_lock_count
++ == 0) {
43 pthread_mutex_lock(&mmap_mutex
);
47 void mmap_unlock(void)
49 if (--mmap_lock_count
== 0) {
50 pthread_mutex_unlock(&mmap_mutex
);
54 /* Grab lock to make sure things are in a consistent state after fork(). */
55 void mmap_fork_start(void)
59 pthread_mutex_lock(&mmap_mutex
);
62 void mmap_fork_end(int child
)
65 pthread_mutex_init(&mmap_mutex
, NULL
);
67 pthread_mutex_unlock(&mmap_mutex
);
70 /* NOTE: all the constants are the HOST ones, but addresses are target. */
71 int target_mprotect(abi_ulong start
, abi_ulong len
, int prot
)
73 abi_ulong end
, host_start
, host_end
, addr
;
77 printf("mprotect: start=0x" TARGET_ABI_FMT_lx
78 "len=0x" TARGET_ABI_FMT_lx
" prot=%c%c%c\n", start
, len
,
79 prot
& PROT_READ
? 'r' : '-',
80 prot
& PROT_WRITE
? 'w' : '-',
81 prot
& PROT_EXEC
? 'x' : '-');
84 if ((start
& ~TARGET_PAGE_MASK
) != 0)
86 len
= TARGET_PAGE_ALIGN(len
);
90 prot
&= PROT_READ
| PROT_WRITE
| PROT_EXEC
;
95 host_start
= start
& qemu_host_page_mask
;
96 host_end
= HOST_PAGE_ALIGN(end
);
97 if (start
> host_start
) {
98 /* handle host page containing start */
100 for(addr
= host_start
; addr
< start
; addr
+= TARGET_PAGE_SIZE
) {
101 prot1
|= page_get_flags(addr
);
103 if (host_end
== host_start
+ qemu_host_page_size
) {
104 for(addr
= end
; addr
< host_end
; addr
+= TARGET_PAGE_SIZE
) {
105 prot1
|= page_get_flags(addr
);
109 ret
= mprotect(g2h(host_start
), qemu_host_page_size
, prot1
& PAGE_BITS
);
112 host_start
+= qemu_host_page_size
;
114 if (end
< host_end
) {
116 for(addr
= end
; addr
< host_end
; addr
+= TARGET_PAGE_SIZE
) {
117 prot1
|= page_get_flags(addr
);
119 ret
= mprotect(g2h(host_end
- qemu_host_page_size
), qemu_host_page_size
,
123 host_end
-= qemu_host_page_size
;
126 /* handle the pages in the middle */
127 if (host_start
< host_end
) {
128 ret
= mprotect(g2h(host_start
), host_end
- host_start
, prot
);
132 page_set_flags(start
, start
+ len
, prot
| PAGE_VALID
);
140 /* map an incomplete host page */
141 static int mmap_frag(abi_ulong real_start
,
142 abi_ulong start
, abi_ulong end
,
143 int prot
, int flags
, int fd
, abi_ulong offset
)
145 abi_ulong real_end
, addr
;
149 real_end
= real_start
+ qemu_host_page_size
;
150 host_start
= g2h(real_start
);
152 /* get the protection of the target pages outside the mapping */
154 for(addr
= real_start
; addr
< real_end
; addr
++) {
155 if (addr
< start
|| addr
>= end
)
156 prot1
|= page_get_flags(addr
);
160 /* no page was there, so we allocate one */
161 void *p
= mmap(host_start
, qemu_host_page_size
, prot
,
162 flags
| MAP_ANONYMOUS
, -1, 0);
169 prot_new
= prot
| prot1
;
170 if (!(flags
& MAP_ANONYMOUS
)) {
171 /* msync() won't work here, so we return an error if write is
172 possible while it is a shared mapping */
173 if ((flags
& MAP_TYPE
) == MAP_SHARED
&&
177 /* adjust protection to be able to read */
178 if (!(prot1
& PROT_WRITE
))
179 mprotect(host_start
, qemu_host_page_size
, prot1
| PROT_WRITE
);
181 /* read the corresponding file data */
182 if (pread(fd
, g2h(start
), end
- start
, offset
) == -1)
185 /* put final protection */
186 if (prot_new
!= (prot1
| PROT_WRITE
))
187 mprotect(host_start
, qemu_host_page_size
, prot_new
);
189 /* just update the protection */
190 if (prot_new
!= prot1
) {
191 mprotect(host_start
, qemu_host_page_size
, prot_new
);
197 #if HOST_LONG_BITS == 64 && TARGET_ABI_BITS == 64
198 # define TASK_UNMAPPED_BASE (1ul << 38)
199 #elif defined(__CYGWIN__)
200 /* Cygwin doesn't have a whole lot of address space. */
201 # define TASK_UNMAPPED_BASE 0x18000000
203 # define TASK_UNMAPPED_BASE 0x40000000
205 abi_ulong mmap_next_start
= TASK_UNMAPPED_BASE
;
207 unsigned long last_brk
;
209 /* Subroutine of mmap_find_vma, used when we have pre-allocated a chunk
210 of guest address space. */
211 static abi_ulong
mmap_find_vma_reserved(abi_ulong start
, abi_ulong size
)
218 if (size
> reserved_va
) {
219 return (abi_ulong
)-1;
222 size
= HOST_PAGE_ALIGN(size
);
223 end_addr
= start
+ size
;
224 if (end_addr
> reserved_va
) {
225 end_addr
= reserved_va
;
227 addr
= end_addr
- qemu_host_page_size
;
230 if (addr
> end_addr
) {
232 return (abi_ulong
)-1;
234 end_addr
= reserved_va
;
235 addr
= end_addr
- qemu_host_page_size
;
239 prot
= page_get_flags(addr
);
243 if (addr
+ size
== end_addr
) {
246 addr
-= qemu_host_page_size
;
249 if (start
== mmap_next_start
) {
250 mmap_next_start
= addr
;
257 * Find and reserve a free memory area of size 'size'. The search
259 * It must be called with mmap_lock() held.
260 * Return -1 if error.
262 abi_ulong
mmap_find_vma(abi_ulong start
, abi_ulong size
)
268 /* If 'start' == 0, then a default start address is used. */
270 start
= mmap_next_start
;
272 start
&= qemu_host_page_mask
;
275 size
= HOST_PAGE_ALIGN(size
);
278 return mmap_find_vma_reserved(start
, size
);
282 wrapped
= repeat
= 0;
285 for (;; prev
= ptr
) {
287 * Reserve needed memory area to avoid a race.
288 * It should be discarded using:
289 * - mmap() with MAP_FIXED flag
290 * - mremap() with MREMAP_FIXED flag
291 * - shmat() with SHM_REMAP flag
293 ptr
= mmap(g2h(addr
), size
, PROT_NONE
,
294 MAP_ANONYMOUS
|MAP_PRIVATE
|MAP_NORESERVE
, -1, 0);
296 /* ENOMEM, if host address space has no memory */
297 if (ptr
== MAP_FAILED
) {
298 return (abi_ulong
)-1;
301 /* Count the number of sequential returns of the same address.
302 This is used to modify the search algorithm below. */
303 repeat
= (ptr
== prev
? repeat
+ 1 : 0);
305 if (h2g_valid(ptr
+ size
- 1)) {
308 if ((addr
& ~TARGET_PAGE_MASK
) == 0) {
310 if (start
== mmap_next_start
&& addr
>= TASK_UNMAPPED_BASE
) {
311 mmap_next_start
= addr
+ size
;
316 /* The address is not properly aligned for the target. */
319 /* Assume the result that the kernel gave us is the
320 first with enough free space, so start again at the
321 next higher target page. */
322 addr
= TARGET_PAGE_ALIGN(addr
);
325 /* Sometimes the kernel decides to perform the allocation
326 at the top end of memory instead. */
327 addr
&= TARGET_PAGE_MASK
;
330 /* Start over at low memory. */
334 /* Fail. This unaligned block must the last. */
339 /* Since the result the kernel gave didn't fit, start
340 again at low memory. If any repetition, fail. */
341 addr
= (repeat
? -1 : 0);
344 /* Unmap and try again. */
347 /* ENOMEM if we checked the whole of the target address space. */
348 if (addr
== (abi_ulong
)-1) {
349 return (abi_ulong
)-1;
350 } else if (addr
== 0) {
352 return (abi_ulong
)-1;
355 /* Don't actually use 0 when wrapping, instead indicate
356 that we'd truly like an allocation in low memory. */
357 addr
= (mmap_min_addr
> TARGET_PAGE_SIZE
358 ? TARGET_PAGE_ALIGN(mmap_min_addr
)
360 } else if (wrapped
&& addr
>= start
) {
361 return (abi_ulong
)-1;
366 /* NOTE: all the constants are the HOST ones */
367 abi_long
target_mmap(abi_ulong start
, abi_ulong len
, int prot
,
368 int flags
, int fd
, abi_ulong offset
)
370 abi_ulong ret
, end
, real_start
, real_end
, retaddr
, host_offset
, host_len
;
375 printf("mmap: start=0x" TARGET_ABI_FMT_lx
376 " len=0x" TARGET_ABI_FMT_lx
" prot=%c%c%c flags=",
378 prot
& PROT_READ
? 'r' : '-',
379 prot
& PROT_WRITE
? 'w' : '-',
380 prot
& PROT_EXEC
? 'x' : '-');
381 if (flags
& MAP_FIXED
)
382 printf("MAP_FIXED ");
383 if (flags
& MAP_ANONYMOUS
)
385 switch(flags
& MAP_TYPE
) {
387 printf("MAP_PRIVATE ");
390 printf("MAP_SHARED ");
393 printf("[MAP_TYPE=0x%x] ", flags
& MAP_TYPE
);
396 printf("fd=%d offset=" TARGET_ABI_FMT_lx
"\n", fd
, offset
);
400 if (offset
& ~TARGET_PAGE_MASK
) {
405 len
= TARGET_PAGE_ALIGN(len
);
408 real_start
= start
& qemu_host_page_mask
;
409 host_offset
= offset
& qemu_host_page_mask
;
411 /* If the user is asking for the kernel to find a location, do that
412 before we truncate the length for mapping files below. */
413 if (!(flags
& MAP_FIXED
)) {
414 host_len
= len
+ offset
- host_offset
;
415 host_len
= HOST_PAGE_ALIGN(host_len
);
416 start
= mmap_find_vma(real_start
, host_len
);
417 if (start
== (abi_ulong
)-1) {
423 /* When mapping files into a memory area larger than the file, accesses
424 to pages beyond the file size will cause a SIGBUS.
426 For example, if mmaping a file of 100 bytes on a host with 4K pages
427 emulating a target with 8K pages, the target expects to be able to
428 access the first 8K. But the host will trap us on any access beyond
431 When emulating a target with a larger page-size than the hosts, we
432 may need to truncate file maps at EOF and add extra anonymous pages
433 up to the targets page boundary. */
435 if ((qemu_real_host_page_size
< TARGET_PAGE_SIZE
)
436 && !(flags
& MAP_ANONYMOUS
)) {
439 if (fstat (fd
, &sb
) == -1)
442 /* Are we trying to create a map beyond EOF?. */
443 if (offset
+ len
> sb
.st_size
) {
444 /* If so, truncate the file map at eof aligned with
445 the hosts real pagesize. Additional anonymous maps
446 will be created beyond EOF. */
447 len
= (sb
.st_size
- offset
);
448 len
+= qemu_real_host_page_size
- 1;
449 len
&= ~(qemu_real_host_page_size
- 1);
453 if (!(flags
& MAP_FIXED
)) {
454 unsigned long host_start
;
457 host_len
= len
+ offset
- host_offset
;
458 host_len
= HOST_PAGE_ALIGN(host_len
);
460 /* Note: we prefer to control the mapping address. It is
461 especially important if qemu_host_page_size >
462 qemu_real_host_page_size */
463 p
= mmap(g2h(start
), host_len
, prot
,
464 flags
| MAP_FIXED
| MAP_ANONYMOUS
, -1, 0);
467 /* update start so that it points to the file position at 'offset' */
468 host_start
= (unsigned long)p
;
469 if (!(flags
& MAP_ANONYMOUS
)) {
470 p
= mmap(g2h(start
), len
, prot
,
471 flags
| MAP_FIXED
, fd
, host_offset
);
472 if (p
== MAP_FAILED
) {
473 munmap(g2h(start
), host_len
);
476 host_start
+= offset
- host_offset
;
478 start
= h2g(host_start
);
480 if (start
& ~TARGET_PAGE_MASK
) {
485 real_end
= HOST_PAGE_ALIGN(end
);
488 * Test if requested memory area fits target address space
489 * It can fail only on 64-bit host with 32-bit target.
490 * On any other target/host host mmap() handles this error correctly.
492 if ((unsigned long)start
+ len
- 1 > (abi_ulong
) -1) {
497 /* worst case: we cannot map the file because the offset is not
498 aligned, so we read it */
499 if (!(flags
& MAP_ANONYMOUS
) &&
500 (offset
& ~qemu_host_page_mask
) != (start
& ~qemu_host_page_mask
)) {
501 /* msync() won't work here, so we return an error if write is
502 possible while it is a shared mapping */
503 if ((flags
& MAP_TYPE
) == MAP_SHARED
&&
504 (prot
& PROT_WRITE
)) {
508 retaddr
= target_mmap(start
, len
, prot
| PROT_WRITE
,
509 MAP_FIXED
| MAP_PRIVATE
| MAP_ANONYMOUS
,
513 if (pread(fd
, g2h(start
), len
, offset
) == -1)
515 if (!(prot
& PROT_WRITE
)) {
516 ret
= target_mprotect(start
, len
, prot
);
525 /* handle the start of the mapping */
526 if (start
> real_start
) {
527 if (real_end
== real_start
+ qemu_host_page_size
) {
528 /* one single host page */
529 ret
= mmap_frag(real_start
, start
, end
,
530 prot
, flags
, fd
, offset
);
535 ret
= mmap_frag(real_start
, start
, real_start
+ qemu_host_page_size
,
536 prot
, flags
, fd
, offset
);
539 real_start
+= qemu_host_page_size
;
541 /* handle the end of the mapping */
542 if (end
< real_end
) {
543 ret
= mmap_frag(real_end
- qemu_host_page_size
,
544 real_end
- qemu_host_page_size
, real_end
,
546 offset
+ real_end
- qemu_host_page_size
- start
);
549 real_end
-= qemu_host_page_size
;
552 /* map the middle (easier) */
553 if (real_start
< real_end
) {
555 unsigned long offset1
;
556 if (flags
& MAP_ANONYMOUS
)
559 offset1
= offset
+ real_start
- start
;
560 p
= mmap(g2h(real_start
), real_end
- real_start
,
561 prot
, flags
, fd
, offset1
);
567 page_set_flags(start
, start
+ len
, prot
| PAGE_VALID
);
570 printf("ret=0x" TARGET_ABI_FMT_lx
"\n", start
);
574 tb_invalidate_phys_range(start
, start
+ len
);
582 static void mmap_reserve(abi_ulong start
, abi_ulong size
)
584 abi_ulong real_start
;
590 real_start
= start
& qemu_host_page_mask
;
591 real_end
= HOST_PAGE_ALIGN(start
+ size
);
593 if (start
> real_start
) {
594 /* handle host page containing start */
596 for (addr
= real_start
; addr
< start
; addr
+= TARGET_PAGE_SIZE
) {
597 prot
|= page_get_flags(addr
);
599 if (real_end
== real_start
+ qemu_host_page_size
) {
600 for (addr
= end
; addr
< real_end
; addr
+= TARGET_PAGE_SIZE
) {
601 prot
|= page_get_flags(addr
);
606 real_start
+= qemu_host_page_size
;
608 if (end
< real_end
) {
610 for (addr
= end
; addr
< real_end
; addr
+= TARGET_PAGE_SIZE
) {
611 prot
|= page_get_flags(addr
);
614 real_end
-= qemu_host_page_size
;
616 if (real_start
!= real_end
) {
617 mmap(g2h(real_start
), real_end
- real_start
, PROT_NONE
,
618 MAP_FIXED
| MAP_ANONYMOUS
| MAP_PRIVATE
| MAP_NORESERVE
,
623 int target_munmap(abi_ulong start
, abi_ulong len
)
625 abi_ulong end
, real_start
, real_end
, addr
;
629 printf("munmap: start=0x" TARGET_ABI_FMT_lx
" len=0x"
630 TARGET_ABI_FMT_lx
"\n",
633 if (start
& ~TARGET_PAGE_MASK
)
635 len
= TARGET_PAGE_ALIGN(len
);
640 real_start
= start
& qemu_host_page_mask
;
641 real_end
= HOST_PAGE_ALIGN(end
);
643 if (start
> real_start
) {
644 /* handle host page containing start */
646 for(addr
= real_start
; addr
< start
; addr
+= TARGET_PAGE_SIZE
) {
647 prot
|= page_get_flags(addr
);
649 if (real_end
== real_start
+ qemu_host_page_size
) {
650 for(addr
= end
; addr
< real_end
; addr
+= TARGET_PAGE_SIZE
) {
651 prot
|= page_get_flags(addr
);
656 real_start
+= qemu_host_page_size
;
658 if (end
< real_end
) {
660 for(addr
= end
; addr
< real_end
; addr
+= TARGET_PAGE_SIZE
) {
661 prot
|= page_get_flags(addr
);
664 real_end
-= qemu_host_page_size
;
668 /* unmap what we can */
669 if (real_start
< real_end
) {
671 mmap_reserve(real_start
, real_end
- real_start
);
673 ret
= munmap(g2h(real_start
), real_end
- real_start
);
678 page_set_flags(start
, start
+ len
, 0);
679 tb_invalidate_phys_range(start
, start
+ len
);
685 abi_long
target_mremap(abi_ulong old_addr
, abi_ulong old_size
,
686 abi_ulong new_size
, unsigned long flags
,
694 if (flags
& MREMAP_FIXED
) {
695 host_addr
= (void *) syscall(__NR_mremap
, g2h(old_addr
),
700 if (reserved_va
&& host_addr
!= MAP_FAILED
) {
701 /* If new and old addresses overlap then the above mremap will
702 already have failed with EINVAL. */
703 mmap_reserve(old_addr
, old_size
);
705 } else if (flags
& MREMAP_MAYMOVE
) {
706 abi_ulong mmap_start
;
708 mmap_start
= mmap_find_vma(0, new_size
);
710 if (mmap_start
== -1) {
712 host_addr
= MAP_FAILED
;
714 host_addr
= (void *) syscall(__NR_mremap
, g2h(old_addr
),
716 flags
| MREMAP_FIXED
,
719 mmap_reserve(old_addr
, old_size
);
724 if (reserved_va
&& old_size
< new_size
) {
726 for (addr
= old_addr
+ old_size
;
727 addr
< old_addr
+ new_size
;
729 prot
|= page_get_flags(addr
);
733 host_addr
= mremap(g2h(old_addr
), old_size
, new_size
, flags
);
734 if (host_addr
!= MAP_FAILED
&& reserved_va
&& old_size
> new_size
) {
735 mmap_reserve(old_addr
+ old_size
, new_size
- old_size
);
739 host_addr
= MAP_FAILED
;
741 /* Check if address fits target address space */
742 if ((unsigned long)host_addr
+ new_size
> (abi_ulong
)-1) {
743 /* Revert mremap() changes */
744 host_addr
= mremap(g2h(old_addr
), new_size
, old_size
, flags
);
746 host_addr
= MAP_FAILED
;
750 if (host_addr
== MAP_FAILED
) {
753 new_addr
= h2g(host_addr
);
754 prot
= page_get_flags(old_addr
);
755 page_set_flags(old_addr
, old_addr
+ old_size
, 0);
756 page_set_flags(new_addr
, new_addr
+ new_size
, prot
| PAGE_VALID
);
758 tb_invalidate_phys_range(new_addr
, new_addr
+ new_size
);
763 int target_msync(abi_ulong start
, abi_ulong len
, int flags
)
767 if (start
& ~TARGET_PAGE_MASK
)
769 len
= TARGET_PAGE_ALIGN(len
);
776 start
&= qemu_host_page_mask
;
777 return msync(g2h(start
), end
- start
, flags
);