search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'qemu/master'
[qemu/ar7.git] / exec.c
blob060a13ceaf07a0a9e7e7e0beea2a63db75bc7a37
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifdef _WIN32
21 #include <windows.h>
22 #else
23 #include <sys/types.h>
24 #include <sys/mman.h>
25 #endif
26
27 #include "qemu-common.h"
28 #include "cpu.h"
29 #include "tcg.h"
30 #include "hw/hw.h"
31 #include "hw/qdev.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "sysemu/sysemu.h"
35 #include "hw/xen/xen.h"
36 #include "qemu/timer.h"
37 #include "qemu/config-file.h"
38 #include "exec/memory.h"
39 #include "sysemu/dma.h"
40 #include "exec/address-spaces.h"
41 #if defined(CONFIG_USER_ONLY)
42 #include <qemu.h>
43 #else /* !CONFIG_USER_ONLY */
44 #include "sysemu/xen-mapcache.h"
45 #include "trace.h"
46 #endif
47 #include "exec/cpu-all.h"
48
49 #include "exec/cputlb.h"
50 #include "translate-all.h"
51
52 #include "exec/memory-internal.h"
53 #include "exec/ram_addr.h"
54 #include "qemu/cache-utils.h"
55
56 #include "qemu/range.h"
57
58 //#define DEBUG_SUBPAGE
59
60 #if !defined(CONFIG_USER_ONLY)
61 static bool in_migration;
62
63 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
64
65 static MemoryRegion *system_memory;
66 static MemoryRegion *system_io;
67
68 AddressSpace address_space_io;
69 AddressSpace address_space_memory;
70
71 MemoryRegion io_mem_rom, io_mem_notdirty;
72 static MemoryRegion io_mem_unassigned;
73
74 #endif
75
76 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
77 /* current CPU in the current thread. It is only valid inside
78 cpu_exec() */
79 DEFINE_TLS(CPUState *, current_cpu);
80 /* 0 = Do not count executed instructions.
81 1 = Precise instruction counting.
82 2 = Adaptive rate instruction counting. */
83 int use_icount;
84
85 #if !defined(CONFIG_USER_ONLY)
86
87 typedef struct PhysPageEntry PhysPageEntry;
88
89 struct PhysPageEntry {
90 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
91 uint32_t skip : 6;
92 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
93 uint32_t ptr : 26;
94 };
95
96 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
97
98 /* Size of the L2 (and L3, etc) page tables. */
99 #define ADDR_SPACE_BITS 64
100
101 #define P_L2_BITS 9
102 #define P_L2_SIZE (1 << P_L2_BITS)
103
104 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
105
106 typedef PhysPageEntry Node[P_L2_SIZE];
107
108 typedef struct PhysPageMap {
109 unsigned sections_nb;
110 unsigned sections_nb_alloc;
111 unsigned nodes_nb;
112 unsigned nodes_nb_alloc;
113 Node *nodes;
114 MemoryRegionSection *sections;
115 } PhysPageMap;
116
117 struct AddressSpaceDispatch {
118 /* This is a multi-level map on the physical address space.
119 * The bottom level has pointers to MemoryRegionSections.
120 */
121 PhysPageEntry phys_map;
122 PhysPageMap map;
123 AddressSpace *as;
124 };
125
126 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
127 typedef struct subpage_t {
128 MemoryRegion iomem;
129 AddressSpace *as;
130 hwaddr base;
131 uint16_t sub_section[TARGET_PAGE_SIZE];
132 } subpage_t;
133
134 #define PHYS_SECTION_UNASSIGNED 0
135 #define PHYS_SECTION_NOTDIRTY 1
136 #define PHYS_SECTION_ROM 2
137 #define PHYS_SECTION_WATCH 3
138
139 static void io_mem_init(void);
140 static void memory_map_init(void);
141
142 static MemoryRegion io_mem_watch;
143 #endif
144
145 #if !defined(CONFIG_USER_ONLY)
146
147 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
148 {
149 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
150 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
151 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
152 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
153 }
154 }
155
156 static uint32_t phys_map_node_alloc(PhysPageMap *map)
157 {
158 unsigned i;
159 uint32_t ret;
160
161 ret = map->nodes_nb++;
162 assert(ret != PHYS_MAP_NODE_NIL);
163 assert(ret != map->nodes_nb_alloc);
164 for (i = 0; i < P_L2_SIZE; ++i) {
165 map->nodes[ret][i].skip = 1;
166 map->nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
167 }
168 return ret;
169 }
170
171 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
172 hwaddr *index, hwaddr *nb, uint16_t leaf,
173 int level)
174 {
175 PhysPageEntry *p;
176 int i;
177 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
178
179 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
180 lp->ptr = phys_map_node_alloc(map);
181 p = map->nodes[lp->ptr];
182 if (level == 0) {
183 for (i = 0; i < P_L2_SIZE; i++) {
184 p[i].skip = 0;
185 p[i].ptr = PHYS_SECTION_UNASSIGNED;
186 }
187 }
188 } else {
189 p = map->nodes[lp->ptr];
190 }
191 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
192
193 while (*nb && lp < &p[P_L2_SIZE]) {
194 if ((*index & (step - 1)) == 0 && *nb >= step) {
195 lp->skip = 0;
196 lp->ptr = leaf;
197 *index += step;
198 *nb -= step;
199 } else {
200 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
201 }
202 ++lp;
203 }
204 }
205
206 static void phys_page_set(AddressSpaceDispatch *d,
207 hwaddr index, hwaddr nb,
208 uint16_t leaf)
209 {
210 /* Wildly overreserve - it doesn't matter much. */
211 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
212
213 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
214 }
215
216 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
217 * and update our entry so we can skip it and go directly to the destination.
218 */
219 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
220 {
221 unsigned valid_ptr = P_L2_SIZE;
222 int valid = 0;
223 PhysPageEntry *p;
224 int i;
225
226 if (lp->ptr == PHYS_MAP_NODE_NIL) {
227 return;
228 }
229
230 p = nodes[lp->ptr];
231 for (i = 0; i < P_L2_SIZE; i++) {
232 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
233 continue;
234 }
235
236 valid_ptr = i;
237 valid++;
238 if (p[i].skip) {
239 phys_page_compact(&p[i], nodes, compacted);
240 }
241 }
242
243 /* We can only compress if there's only one child. */
244 if (valid != 1) {
245 return;
246 }
247
248 assert(valid_ptr < P_L2_SIZE);
249
250 /* Don't compress if it won't fit in the # of bits we have. */
251 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
252 return;
253 }
254
255 lp->ptr = p[valid_ptr].ptr;
256 if (!p[valid_ptr].skip) {
257 /* If our only child is a leaf, make this a leaf. */
258 /* By design, we should have made this node a leaf to begin with so we
259 * should never reach here.
260 * But since it's so simple to handle this, let's do it just in case we
261 * change this rule.
262 */
263 lp->skip = 0;
264 } else {
265 lp->skip += p[valid_ptr].skip;
266 }
267 }
268
269 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
270 {
271 DECLARE_BITMAP(compacted, nodes_nb);
272
273 if (d->phys_map.skip) {
274 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
275 }
276 }
277
278 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
279 Node *nodes, MemoryRegionSection *sections)
280 {
281 PhysPageEntry *p;
282 hwaddr index = addr >> TARGET_PAGE_BITS;
283 int i;
284
285 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
286 if (lp.ptr == PHYS_MAP_NODE_NIL) {
287 return &sections[PHYS_SECTION_UNASSIGNED];
288 }
289 p = nodes[lp.ptr];
290 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
291 }
292
293 if (sections[lp.ptr].size.hi ||
294 range_covers_byte(sections[lp.ptr].offset_within_address_space,
295 sections[lp.ptr].size.lo, addr)) {
296 return &sections[lp.ptr];
297 } else {
298 return &sections[PHYS_SECTION_UNASSIGNED];
299 }
300 }
301
302 bool memory_region_is_unassigned(MemoryRegion *mr)
303 {
304 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
305 && mr != &io_mem_watch;
306 }
307
308 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
309 hwaddr addr,
310 bool resolve_subpage)
311 {
312 MemoryRegionSection *section;
313 subpage_t *subpage;
314
315 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
316 if (resolve_subpage && section->mr->subpage) {
317 subpage = container_of(section->mr, subpage_t, iomem);
318 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
319 }
320 return section;
321 }
322
323 static MemoryRegionSection *
324 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
325 hwaddr *plen, bool resolve_subpage)
326 {
327 MemoryRegionSection *section;
328 Int128 diff;
329
330 section = address_space_lookup_region(d, addr, resolve_subpage);
331 /* Compute offset within MemoryRegionSection */
332 addr -= section->offset_within_address_space;
333
334 /* Compute offset within MemoryRegion */
335 *xlat = addr + section->offset_within_region;
336
337 diff = int128_sub(section->mr->size, int128_make64(addr));
338 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
339 return section;
340 }
341
342 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
343 hwaddr *xlat, hwaddr *plen,
344 bool is_write)
345 {
346 IOMMUTLBEntry iotlb;
347 MemoryRegionSection *section;
348 MemoryRegion *mr;
349 hwaddr len = *plen;
350
351 for (;;) {
352 section = address_space_translate_internal(as->dispatch, addr, &addr, plen, true);
353 mr = section->mr;
354
355 if (!mr->iommu_ops) {
356 break;
357 }
358
359 iotlb = mr->iommu_ops->translate(mr, addr);
360 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
361 | (addr & iotlb.addr_mask));
362 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
363 if (!(iotlb.perm & (1 << is_write))) {
364 mr = &io_mem_unassigned;
365 break;
366 }
367
368 as = iotlb.target_as;
369 }
370
371 *plen = len;
372 *xlat = addr;
373 return mr;
374 }
375
376 MemoryRegionSection *
377 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
378 hwaddr *plen)
379 {
380 MemoryRegionSection *section;
381 section = address_space_translate_internal(as->dispatch, addr, xlat, plen, false);
382
383 assert(!section->mr->iommu_ops);
384 return section;
385 }
386 #endif
387
388 void cpu_exec_init_all(void)
389 {
390 #if !defined(CONFIG_USER_ONLY)
391 qemu_mutex_init(&ram_list.mutex);
392 memory_map_init();
393 io_mem_init();
394 #endif
395 }
396
397 #if !defined(CONFIG_USER_ONLY)
398
399 static int cpu_common_post_load(void *opaque, int version_id)
400 {
401 CPUState *cpu = opaque;
402
403 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
404 version_id is increased. */
405 cpu->interrupt_request &= ~0x01;
406 tlb_flush(cpu->env_ptr, 1);
407
408 return 0;
409 }
410
411 const VMStateDescription vmstate_cpu_common = {
412 .name = "cpu_common",
413 .version_id = 1,
414 .minimum_version_id = 1,
415 .minimum_version_id_old = 1,
416 .post_load = cpu_common_post_load,
417 .fields = (VMStateField []) {
418 VMSTATE_UINT32(halted, CPUState),
419 VMSTATE_UINT32(interrupt_request, CPUState),
420 VMSTATE_END_OF_LIST()
421 }
422 };
423
424 #endif
425
426 CPUState *qemu_get_cpu(int index)
427 {
428 CPUState *cpu;
429
430 CPU_FOREACH(cpu) {
431 if (cpu->cpu_index == index) {
432 return cpu;
433 }
434 }
435
436 return NULL;
437 }
438
439 void cpu_exec_init(CPUArchState *env)
440 {
441 CPUState *cpu = ENV_GET_CPU(env);
442 CPUClass *cc = CPU_GET_CLASS(cpu);
443 CPUState *some_cpu;
444 int cpu_index;
445
446 #ifdef TARGET_WORDS_BIGENDIAN
447 env->bigendian = 1;
448 #else
449 env->bigendian = 0;
450 #endif
451
452 #if defined(CONFIG_USER_ONLY)
453 cpu_list_lock();
454 #endif
455 cpu_index = 0;
456 CPU_FOREACH(some_cpu) {
457 cpu_index++;
458 }
459 cpu->cpu_index = cpu_index;
460 cpu->numa_node = 0;
461 QTAILQ_INIT(&env->breakpoints);
462 QTAILQ_INIT(&env->watchpoints);
463 #ifndef CONFIG_USER_ONLY
464 cpu->thread_id = qemu_get_thread_id();
465 #endif
466 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
467 #if defined(CONFIG_USER_ONLY)
468 cpu_list_unlock();
469 #endif
470 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
471 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
472 }
473 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
474 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
475 cpu_save, cpu_load, env);
476 assert(cc->vmsd == NULL);
477 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
478 #endif
479 if (cc->vmsd != NULL) {
480 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
481 }
482 }
483
484 #if defined(TARGET_HAS_ICE)
485 #if defined(CONFIG_USER_ONLY)
486 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
487 {
488 tb_invalidate_phys_page_range(pc, pc + 1, 0);
489 }
490 #else
491 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
492 {
493 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
494 if (phys != -1) {
495 tb_invalidate_phys_addr(phys | (pc & ~TARGET_PAGE_MASK));
496 }
497 }
498 #endif
499 #endif /* TARGET_HAS_ICE */
500
501 #if defined(CONFIG_USER_ONLY)
502 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
503
504 {
505 }
506
507 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
508 int flags, CPUWatchpoint **watchpoint)
509 {
510 return -ENOSYS;
511 }
512 #else
513 /* Add a watchpoint. */
514 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
515 int flags, CPUWatchpoint **watchpoint)
516 {
517 target_ulong len_mask = ~(len - 1);
518 CPUWatchpoint *wp;
519
520 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
521 if ((len & (len - 1)) || (addr & ~len_mask) ||
522 len == 0 || len > TARGET_PAGE_SIZE) {
523 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
524 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
525 return -EINVAL;
526 }
527 wp = g_malloc(sizeof(*wp));
528
529 wp->vaddr = addr;
530 wp->len_mask = len_mask;
531 wp->flags = flags;
532
533 /* keep all GDB-injected watchpoints in front */
534 if (flags & BP_GDB)
535 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
536 else
537 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
538
539 tlb_flush_page(env, addr);
540
541 if (watchpoint)
542 *watchpoint = wp;
543 return 0;
544 }
545
546 /* Remove a specific watchpoint. */
547 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
548 int flags)
549 {
550 target_ulong len_mask = ~(len - 1);
551 CPUWatchpoint *wp;
552
553 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
554 if (addr == wp->vaddr && len_mask == wp->len_mask
555 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
556 cpu_watchpoint_remove_by_ref(env, wp);
557 return 0;
558 }
559 }
560 return -ENOENT;
561 }
562
563 /* Remove a specific watchpoint by reference. */
564 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
565 {
566 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
567
568 tlb_flush_page(env, watchpoint->vaddr);
569
570 g_free(watchpoint);
571 }
572
573 /* Remove all matching watchpoints. */
574 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
575 {
576 CPUWatchpoint *wp, *next;
577
578 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
579 if (wp->flags & mask)
580 cpu_watchpoint_remove_by_ref(env, wp);
581 }
582 }
583 #endif
584
585 /* Add a breakpoint. */
586 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
587 CPUBreakpoint **breakpoint)
588 {
589 #if defined(TARGET_HAS_ICE)
590 CPUBreakpoint *bp;
591
592 bp = g_malloc(sizeof(*bp));
593
594 bp->pc = pc;
595 bp->flags = flags;
596
597 /* keep all GDB-injected breakpoints in front */
598 if (flags & BP_GDB) {
599 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
600 } else {
601 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
602 }
603
604 breakpoint_invalidate(ENV_GET_CPU(env), pc);
605
606 if (breakpoint) {
607 *breakpoint = bp;
608 }
609 return 0;
610 #else
611 return -ENOSYS;
612 #endif
613 }
614
615 /* Remove a specific breakpoint. */
616 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
617 {
618 #if defined(TARGET_HAS_ICE)
619 CPUBreakpoint *bp;
620
621 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
622 if (bp->pc == pc && bp->flags == flags) {
623 cpu_breakpoint_remove_by_ref(env, bp);
624 return 0;
625 }
626 }
627 return -ENOENT;
628 #else
629 return -ENOSYS;
630 #endif
631 }
632
633 /* Remove a specific breakpoint by reference. */
634 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
635 {
636 #if defined(TARGET_HAS_ICE)
637 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
638
639 breakpoint_invalidate(ENV_GET_CPU(env), breakpoint->pc);
640
641 g_free(breakpoint);
642 #endif
643 }
644
645 /* Remove all matching breakpoints. */
646 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
647 {
648 #if defined(TARGET_HAS_ICE)
649 CPUBreakpoint *bp, *next;
650
651 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
652 if (bp->flags & mask)
653 cpu_breakpoint_remove_by_ref(env, bp);
654 }
655 #endif
656 }
657
658 /* enable or disable single step mode. EXCP_DEBUG is returned by the
659 CPU loop after each instruction */
660 void cpu_single_step(CPUState *cpu, int enabled)
661 {
662 #if defined(TARGET_HAS_ICE)
663 if (cpu->singlestep_enabled != enabled) {
664 cpu->singlestep_enabled = enabled;
665 if (kvm_enabled()) {
666 kvm_update_guest_debug(cpu, 0);
667 } else {
668 /* must flush all the translated code to avoid inconsistencies */
669 /* XXX: only flush what is necessary */
670 CPUArchState *env = cpu->env_ptr;
671 tb_flush(env);
672 }
673 }
674 #endif
675 }
676
677 void QEMU_NORETURN cpu_abort(CPUArchState *env, const char *fmt, ...)
678 {
679 CPUState *cpu = ENV_GET_CPU(env);
680 va_list ap;
681 va_list ap2;
682
683 va_start(ap, fmt);
684 va_copy(ap2, ap);
685 fprintf(stderr, "qemu: fatal: ");
686 vfprintf(stderr, fmt, ap);
687 fprintf(stderr, "\n");
688 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
689 if (qemu_log_enabled()) {
690 qemu_log("qemu: fatal: ");
691 qemu_log_vprintf(fmt, ap2);
692 qemu_log("\n");
693 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
694 qemu_log_flush();
695 qemu_log_close();
696 }
697 va_end(ap2);
698 va_end(ap);
699 #if defined(CONFIG_USER_ONLY)
700 {
701 struct sigaction act;
702 sigfillset(&act.sa_mask);
703 act.sa_handler = SIG_DFL;
704 sigaction(SIGABRT, &act, NULL);
705 }
706 #endif
707 abort();
708 }
709
710 #if !defined(CONFIG_USER_ONLY)
711 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
712 {
713 RAMBlock *block;
714
715 /* The list is protected by the iothread lock here. */
716 block = ram_list.mru_block;
717 if (block && addr - block->offset < block->length) {
718 goto found;
719 }
720 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
721 if (addr - block->offset < block->length) {
722 goto found;
723 }
724 }
725
726 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
727 abort();
728
729 found:
730 ram_list.mru_block = block;
731 return block;
732 }
733
734 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
735 {
736 ram_addr_t start1;
737 RAMBlock *block;
738 ram_addr_t end;
739
740 end = TARGET_PAGE_ALIGN(start + length);
741 start &= TARGET_PAGE_MASK;
742
743 block = qemu_get_ram_block(start);
744 assert(block == qemu_get_ram_block(end - 1));
745 start1 = (uintptr_t)block->host + (start - block->offset);
746 cpu_tlb_reset_dirty_all(start1, length);
747 }
748
749 /* Note: start and end must be within the same ram block. */
750 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t length,
751 unsigned client)
752 {
753 if (length == 0)
754 return;
755 cpu_physical_memory_clear_dirty_range(start, length, client);
756
757 if (tcg_enabled()) {
758 tlb_reset_dirty_range_all(start, length);
759 }
760 }
761
762 static void cpu_physical_memory_set_dirty_tracking(bool enable)
763 {
764 in_migration = enable;
765 }
766
767 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
768 MemoryRegionSection *section,
769 target_ulong vaddr,
770 hwaddr paddr, hwaddr xlat,
771 int prot,
772 target_ulong *address)
773 {
774 hwaddr iotlb;
775 CPUWatchpoint *wp;
776
777 if (memory_region_is_ram(section->mr)) {
778 /* Normal RAM. */
779 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
780 + xlat;
781 if (!section->readonly) {
782 iotlb |= PHYS_SECTION_NOTDIRTY;
783 } else {
784 iotlb |= PHYS_SECTION_ROM;
785 }
786 } else {
787 iotlb = section - address_space_memory.dispatch->map.sections;
788 iotlb += xlat;
789 }
790
791 /* Make accesses to pages with watchpoints go via the
792 watchpoint trap routines. */
793 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
794 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
795 /* Avoid trapping reads of pages with a write breakpoint. */
796 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
797 iotlb = PHYS_SECTION_WATCH + paddr;
798 *address |= TLB_MMIO;
799 break;
800 }
801 }
802 }
803
804 return iotlb;
805 }
806 #endif /* defined(CONFIG_USER_ONLY) */
807
808 #if !defined(CONFIG_USER_ONLY)
809
810 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
811 uint16_t section);
812 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
813
814 static void *(*phys_mem_alloc)(size_t size) = qemu_anon_ram_alloc;
815
816 /*
817 * Set a custom physical guest memory alloator.
818 * Accelerators with unusual needs may need this. Hopefully, we can
819 * get rid of it eventually.
820 */
821 void phys_mem_set_alloc(void *(*alloc)(size_t))
822 {
823 phys_mem_alloc = alloc;
824 }
825
826 static uint16_t phys_section_add(PhysPageMap *map,
827 MemoryRegionSection *section)
828 {
829 /* The physical section number is ORed with a page-aligned
830 * pointer to produce the iotlb entries. Thus it should
831 * never overflow into the page-aligned value.
832 */
833 assert(map->sections_nb < TARGET_PAGE_SIZE);
834
835 if (map->sections_nb == map->sections_nb_alloc) {
836 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
837 map->sections = g_renew(MemoryRegionSection, map->sections,
838 map->sections_nb_alloc);
839 }
840 map->sections[map->sections_nb] = *section;
841 memory_region_ref(section->mr);
842 return map->sections_nb++;
843 }
844
845 static void phys_section_destroy(MemoryRegion *mr)
846 {
847 memory_region_unref(mr);
848
849 if (mr->subpage) {
850 subpage_t *subpage = container_of(mr, subpage_t, iomem);
851 memory_region_destroy(&subpage->iomem);
852 g_free(subpage);
853 }
854 }
855
856 static void phys_sections_free(PhysPageMap *map)
857 {
858 while (map->sections_nb > 0) {
859 MemoryRegionSection *section = &map->sections[--map->sections_nb];
860 phys_section_destroy(section->mr);
861 }
862 g_free(map->sections);
863 g_free(map->nodes);
864 }
865
866 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
867 {
868 subpage_t *subpage;
869 hwaddr base = section->offset_within_address_space
870 & TARGET_PAGE_MASK;
871 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
872 d->map.nodes, d->map.sections);
873 MemoryRegionSection subsection = {
874 .offset_within_address_space = base,
875 .size = int128_make64(TARGET_PAGE_SIZE),
876 };
877 hwaddr start, end;
878
879 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
880
881 if (!(existing->mr->subpage)) {
882 subpage = subpage_init(d->as, base);
883 subsection.mr = &subpage->iomem;
884 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
885 phys_section_add(&d->map, &subsection));
886 } else {
887 subpage = container_of(existing->mr, subpage_t, iomem);
888 }
889 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
890 end = start + int128_get64(section->size) - 1;
891 subpage_register(subpage, start, end,
892 phys_section_add(&d->map, section));
893 }
894
895
896 static void register_multipage(AddressSpaceDispatch *d,
897 MemoryRegionSection *section)
898 {
899 hwaddr start_addr = section->offset_within_address_space;
900 uint16_t section_index = phys_section_add(&d->map, section);
901 uint64_t num_pages = int128_get64(int128_rshift(section->size,
902 TARGET_PAGE_BITS));
903
904 assert(num_pages);
905 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
906 }
907
908 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
909 {
910 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
911 AddressSpaceDispatch *d = as->next_dispatch;
912 MemoryRegionSection now = *section, remain = *section;
913 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
914
915 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
916 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
917 - now.offset_within_address_space;
918
919 now.size = int128_min(int128_make64(left), now.size);
920 register_subpage(d, &now);
921 } else {
922 now.size = int128_zero();
923 }
924 while (int128_ne(remain.size, now.size)) {
925 remain.size = int128_sub(remain.size, now.size);
926 remain.offset_within_address_space += int128_get64(now.size);
927 remain.offset_within_region += int128_get64(now.size);
928 now = remain;
929 if (int128_lt(remain.size, page_size)) {
930 register_subpage(d, &now);
931 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
932 now.size = page_size;
933 register_subpage(d, &now);
934 } else {
935 now.size = int128_and(now.size, int128_neg(page_size));
936 register_multipage(d, &now);
937 }
938 }
939 }
940
941 void qemu_flush_coalesced_mmio_buffer(void)
942 {
943 if (kvm_enabled())
944 kvm_flush_coalesced_mmio_buffer();
945 }
946
947 void qemu_mutex_lock_ramlist(void)
948 {
949 qemu_mutex_lock(&ram_list.mutex);
950 }
951
952 void qemu_mutex_unlock_ramlist(void)
953 {
954 qemu_mutex_unlock(&ram_list.mutex);
955 }
956
957 #ifdef __linux__
958
959 #include <sys/vfs.h>
960
961 #define HUGETLBFS_MAGIC 0x958458f6
962
963 static long gethugepagesize(const char *path)
964 {
965 struct statfs fs;
966 int ret;
967
968 do {
969 ret = statfs(path, &fs);
970 } while (ret != 0 && errno == EINTR);
971
972 if (ret != 0) {
973 perror(path);
974 return 0;
975 }
976
977 if (fs.f_type != HUGETLBFS_MAGIC)
978 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
979
980 return fs.f_bsize;
981 }
982
983 static sigjmp_buf sigjump;
984
985 static void sigbus_handler(int signal)
986 {
987 siglongjmp(sigjump, 1);
988 }
989
990 static void *file_ram_alloc(RAMBlock *block,
991 ram_addr_t memory,
992 const char *path)
993 {
994 char *filename;
995 char *sanitized_name;
996 char *c;
997 void * volatile area;
998 int fd;
999 uintptr_t hpagesize;
1000
1001 hpagesize = gethugepagesize(path);
1002 if (!hpagesize) {
1003 return NULL;
1004 }
1005
1006 if (memory < hpagesize) {
1007 return NULL;
1008 }
1009
1010 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1011 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
1012 return NULL;
1013 }
1014
1015 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1016 sanitized_name = g_strdup(block->mr->name);
1017 for (c = sanitized_name; *c != '\0'; c++) {
1018 if (*c == '/')
1019 *c = '_';
1020 }
1021
1022 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1023 sanitized_name);
1024 g_free(sanitized_name);
1025
1026 fd = mkstemp(filename);
1027 if (fd < 0) {
1028 perror("unable to create backing store for hugepages");
1029 g_free(filename);
1030 return NULL;
1031 }
1032 unlink(filename);
1033 g_free(filename);
1034
1035 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1036
1037 /*
1038 * ftruncate is not supported by hugetlbfs in older
1039 * hosts, so don't bother bailing out on errors.
1040 * If anything goes wrong with it under other filesystems,
1041 * mmap will fail.
1042 */
1043 if (ftruncate(fd, memory))
1044 perror("ftruncate");
1045
1046 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
1047 if (area == MAP_FAILED) {
1048 perror("file_ram_alloc: can't mmap RAM pages");
1049 close(fd);
1050 return (NULL);
1051 }
1052
1053 if (mem_prealloc) {
1054 int ret, i;
1055 struct sigaction act, oldact;
1056 sigset_t set, oldset;
1057
1058 memset(&act, 0, sizeof(act));
1059 act.sa_handler = &sigbus_handler;
1060 act.sa_flags = 0;
1061
1062 ret = sigaction(SIGBUS, &act, &oldact);
1063 if (ret) {
1064 perror("file_ram_alloc: failed to install signal handler");
1065 exit(1);
1066 }
1067
1068 /* unblock SIGBUS */
1069 sigemptyset(&set);
1070 sigaddset(&set, SIGBUS);
1071 pthread_sigmask(SIG_UNBLOCK, &set, &oldset);
1072
1073 if (sigsetjmp(sigjump, 1)) {
1074 fprintf(stderr, "file_ram_alloc: failed to preallocate pages\n");
1075 exit(1);
1076 }
1077
1078 /* MAP_POPULATE silently ignores failures */
1079 for (i = 0; i < (memory/hpagesize); i++) {
1080 memset(area + (hpagesize*i), 0, 1);
1081 }
1082
1083 ret = sigaction(SIGBUS, &oldact, NULL);
1084 if (ret) {
1085 perror("file_ram_alloc: failed to reinstall signal handler");
1086 exit(1);
1087 }
1088
1089 pthread_sigmask(SIG_SETMASK, &oldset, NULL);
1090 }
1091
1092 block->fd = fd;
1093 return area;
1094 }
1095 #else
1096 static void *file_ram_alloc(RAMBlock *block,
1097 ram_addr_t memory,
1098 const char *path)
1099 {
1100 fprintf(stderr, "-mem-path not supported on this host\n");
1101 exit(1);
1102 }
1103 #endif
1104
1105 static ram_addr_t find_ram_offset(ram_addr_t size)
1106 {
1107 RAMBlock *block, *next_block;
1108 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1109
1110 assert(size != 0); /* it would hand out same offset multiple times */
1111
1112 if (QTAILQ_EMPTY(&ram_list.blocks))
1113 return 0;
1114
1115 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1116 ram_addr_t end, next = RAM_ADDR_MAX;
1117
1118 end = block->offset + block->length;
1119
1120 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1121 if (next_block->offset >= end) {
1122 next = MIN(next, next_block->offset);
1123 }
1124 }
1125 if (next - end >= size && next - end < mingap) {
1126 offset = end;
1127 mingap = next - end;
1128 }
1129 }
1130
1131 if (offset == RAM_ADDR_MAX) {
1132 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1133 (uint64_t)size);
1134 abort();
1135 }
1136
1137 return offset;
1138 }
1139
1140 ram_addr_t last_ram_offset(void)
1141 {
1142 RAMBlock *block;
1143 ram_addr_t last = 0;
1144
1145 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1146 last = MAX(last, block->offset + block->length);
1147
1148 return last;
1149 }
1150
1151 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1152 {
1153 int ret;
1154
1155 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1156 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1157 "dump-guest-core", true)) {
1158 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1159 if (ret) {
1160 perror("qemu_madvise");
1161 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1162 "but dump_guest_core=off specified\n");
1163 }
1164 }
1165 }
1166
1167 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1168 {
1169 RAMBlock *new_block, *block;
1170
1171 new_block = NULL;
1172 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1173 if (block->offset == addr) {
1174 new_block = block;
1175 break;
1176 }
1177 }
1178 assert(new_block);
1179 assert(!new_block->idstr[0]);
1180
1181 if (dev) {
1182 char *id = qdev_get_dev_path(dev);
1183 if (id) {
1184 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1185 g_free(id);
1186 }
1187 }
1188 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1189
1190 /* This assumes the iothread lock is taken here too. */
1191 qemu_mutex_lock_ramlist();
1192 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1193 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1194 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1195 new_block->idstr);
1196 abort();
1197 }
1198 }
1199 qemu_mutex_unlock_ramlist();
1200 }
1201
1202 static int memory_try_enable_merging(void *addr, size_t len)
1203 {
1204 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
1205 /* disabled by the user */
1206 return 0;
1207 }
1208
1209 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1210 }
1211
1212 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1213 MemoryRegion *mr)
1214 {
1215 RAMBlock *block, *new_block;
1216 ram_addr_t old_ram_size, new_ram_size;
1217
1218 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1219
1220 size = TARGET_PAGE_ALIGN(size);
1221 new_block = g_malloc0(sizeof(*new_block));
1222 new_block->fd = -1;
1223
1224 /* This assumes the iothread lock is taken here too. */
1225 qemu_mutex_lock_ramlist();
1226 new_block->mr = mr;
1227 new_block->offset = find_ram_offset(size);
1228 if (host) {
1229 new_block->host = host;
1230 new_block->flags |= RAM_PREALLOC_MASK;
1231 } else if (xen_enabled()) {
1232 if (mem_path) {
1233 fprintf(stderr, "-mem-path not supported with Xen\n");
1234 exit(1);
1235 }
1236 xen_ram_alloc(new_block->offset, size, mr);
1237 } else {
1238 if (mem_path) {
1239 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1240 /*
1241 * file_ram_alloc() needs to allocate just like
1242 * phys_mem_alloc, but we haven't bothered to provide
1243 * a hook there.
1244 */
1245 fprintf(stderr,
1246 "-mem-path not supported with this accelerator\n");
1247 exit(1);
1248 }
1249 new_block->host = file_ram_alloc(new_block, size, mem_path);
1250 }
1251 if (!new_block->host) {
1252 new_block->host = phys_mem_alloc(size);
1253 if (!new_block->host) {
1254 fprintf(stderr, "Cannot set up guest memory '%s': %s\n",
1255 new_block->mr->name, strerror(errno));
1256 exit(1);
1257 }
1258 memory_try_enable_merging(new_block->host, size);
1259 }
1260 }
1261 new_block->length = size;
1262
1263 /* Keep the list sorted from biggest to smallest block. */
1264 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1265 if (block->length < new_block->length) {
1266 break;
1267 }
1268 }
1269 if (block) {
1270 QTAILQ_INSERT_BEFORE(block, new_block, next);
1271 } else {
1272 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1273 }
1274 ram_list.mru_block = NULL;
1275
1276 ram_list.version++;
1277 qemu_mutex_unlock_ramlist();
1278
1279 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1280
1281 if (new_ram_size > old_ram_size) {
1282 int i;
1283 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1284 ram_list.dirty_memory[i] =
1285 bitmap_zero_extend(ram_list.dirty_memory[i],
1286 old_ram_size, new_ram_size);
1287 }
1288 }
1289 cpu_physical_memory_set_dirty_range(new_block->offset, size);
1290
1291 qemu_ram_setup_dump(new_block->host, size);
1292 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1293 qemu_madvise(new_block->host, size, QEMU_MADV_DONTFORK);
1294
1295 if (kvm_enabled())
1296 kvm_setup_guest_memory(new_block->host, size);
1297
1298 return new_block->offset;
1299 }
1300
1301 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1302 {
1303 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1304 }
1305
1306 void qemu_ram_free_from_ptr(ram_addr_t addr)
1307 {
1308 RAMBlock *block;
1309
1310 /* This assumes the iothread lock is taken here too. */
1311 qemu_mutex_lock_ramlist();
1312 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1313 if (addr == block->offset) {
1314 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1315 ram_list.mru_block = NULL;
1316 ram_list.version++;
1317 g_free(block);
1318 break;
1319 }
1320 }
1321 qemu_mutex_unlock_ramlist();
1322 }
1323
1324 void qemu_ram_free(ram_addr_t addr)
1325 {
1326 RAMBlock *block;
1327
1328 /* This assumes the iothread lock is taken here too. */
1329 qemu_mutex_lock_ramlist();
1330 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1331 if (addr == block->offset) {
1332 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1333 ram_list.mru_block = NULL;
1334 ram_list.version++;
1335 if (block->flags & RAM_PREALLOC_MASK) {
1336 ;
1337 } else if (xen_enabled()) {
1338 xen_invalidate_map_cache_entry(block->host);
1339 #ifndef _WIN32
1340 } else if (block->fd >= 0) {
1341 munmap(block->host, block->length);
1342 close(block->fd);
1343 #endif
1344 } else {
1345 qemu_anon_ram_free(block->host, block->length);
1346 }
1347 g_free(block);
1348 break;
1349 }
1350 }
1351 qemu_mutex_unlock_ramlist();
1352
1353 }
1354
1355 #ifndef _WIN32
1356 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1357 {
1358 RAMBlock *block;
1359 ram_addr_t offset;
1360 int flags;
1361 void *area, *vaddr;
1362
1363 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1364 offset = addr - block->offset;
1365 if (offset < block->length) {
1366 vaddr = block->host + offset;
1367 if (block->flags & RAM_PREALLOC_MASK) {
1368 ;
1369 } else if (xen_enabled()) {
1370 abort();
1371 } else {
1372 flags = MAP_FIXED;
1373 munmap(vaddr, length);
1374 if (block->fd >= 0) {
1375 #ifdef MAP_POPULATE
1376 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1377 MAP_PRIVATE;
1378 #else
1379 flags |= MAP_PRIVATE;
1380 #endif
1381 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1382 flags, block->fd, offset);
1383 } else {
1384 /*
1385 * Remap needs to match alloc. Accelerators that
1386 * set phys_mem_alloc never remap. If they did,
1387 * we'd need a remap hook here.
1388 */
1389 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1390
1391 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1392 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1393 flags, -1, 0);
1394 }
1395 if (area != vaddr) {
1396 fprintf(stderr, "Could not remap addr: "
1397 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1398 length, addr);
1399 exit(1);
1400 }
1401 memory_try_enable_merging(vaddr, length);
1402 qemu_ram_setup_dump(vaddr, length);
1403 }
1404 return;
1405 }
1406 }
1407 }
1408 #endif /* !_WIN32 */
1409
1410 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1411 With the exception of the softmmu code in this file, this should
1412 only be used for local memory (e.g. video ram) that the device owns,
1413 and knows it isn't going to access beyond the end of the block.
1414
1415 It should not be used for general purpose DMA.
1416 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1417 */
1418 void *qemu_get_ram_ptr(ram_addr_t addr)
1419 {
1420 RAMBlock *block = qemu_get_ram_block(addr);
1421
1422 if (xen_enabled()) {
1423 /* We need to check if the requested address is in the RAM
1424 * because we don't want to map the entire memory in QEMU.
1425 * In that case just map until the end of the page.
1426 */
1427 if (block->offset == 0) {
1428 return xen_map_cache(addr, 0, 0);
1429 } else if (block->host == NULL) {
1430 block->host =
1431 xen_map_cache(block->offset, block->length, 1);
1432 }
1433 }
1434 return block->host + (addr - block->offset);
1435 }
1436
1437 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1438 * but takes a size argument */
1439 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1440 {
1441 if (*size == 0) {
1442 return NULL;
1443 }
1444 if (xen_enabled()) {
1445 return xen_map_cache(addr, *size, 1);
1446 } else {
1447 RAMBlock *block;
1448
1449 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1450 if (addr - block->offset < block->length) {
1451 if (addr - block->offset + *size > block->length)
1452 *size = block->length - addr + block->offset;
1453 return block->host + (addr - block->offset);
1454 }
1455 }
1456
1457 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1458 abort();
1459 }
1460 }
1461
1462 /* Some of the softmmu routines need to translate from a host pointer
1463 (typically a TLB entry) back to a ram offset. */
1464 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1465 {
1466 RAMBlock *block;
1467 uint8_t *host = ptr;
1468
1469 if (xen_enabled()) {
1470 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1471 return qemu_get_ram_block(*ram_addr)->mr;
1472 }
1473
1474 block = ram_list.mru_block;
1475 if (block && block->host && host - block->host < block->length) {
1476 goto found;
1477 }
1478
1479 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1480 /* This case append when the block is not mapped. */
1481 if (block->host == NULL) {
1482 continue;
1483 }
1484 if (host - block->host < block->length) {
1485 goto found;
1486 }
1487 }
1488
1489 return NULL;
1490
1491 found:
1492 *ram_addr = block->offset + (host - block->host);
1493 return block->mr;
1494 }
1495
1496 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1497 uint64_t val, unsigned size)
1498 {
1499 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1500 tb_invalidate_phys_page_fast(ram_addr, size);
1501 }
1502 switch (size) {
1503 case 1:
1504 stb_p(qemu_get_ram_ptr(ram_addr), val);
1505 break;
1506 case 2:
1507 stw_p(qemu_get_ram_ptr(ram_addr), val);
1508 break;
1509 case 4:
1510 stl_p(qemu_get_ram_ptr(ram_addr), val);
1511 break;
1512 default:
1513 abort();
1514 }
1515 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_MIGRATION);
1516 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_VGA);
1517 /* we remove the notdirty callback only if the code has been
1518 flushed */
1519 if (!cpu_physical_memory_is_clean(ram_addr)) {
1520 CPUArchState *env = current_cpu->env_ptr;
1521 tlb_set_dirty(env, env->mem_io_vaddr);
1522 }
1523 }
1524
1525 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1526 unsigned size, bool is_write)
1527 {
1528 return is_write;
1529 }
1530
1531 static const MemoryRegionOps notdirty_mem_ops = {
1532 .write = notdirty_mem_write,
1533 .valid.accepts = notdirty_mem_accepts,
1534 .endianness = DEVICE_NATIVE_ENDIAN,
1535 };
1536
1537 /* Generate a debug exception if a watchpoint has been hit. */
1538 static void check_watchpoint(int offset, int len_mask, int flags)
1539 {
1540 CPUArchState *env = current_cpu->env_ptr;
1541 target_ulong pc, cs_base;
1542 target_ulong vaddr;
1543 CPUWatchpoint *wp;
1544 int cpu_flags;
1545
1546 if (env->watchpoint_hit) {
1547 /* We re-entered the check after replacing the TB. Now raise
1548 * the debug interrupt so that is will trigger after the
1549 * current instruction. */
1550 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1551 return;
1552 }
1553 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1554 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1555 if ((vaddr == (wp->vaddr & len_mask) ||
1556 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1557 wp->flags |= BP_WATCHPOINT_HIT;
1558 if (!env->watchpoint_hit) {
1559 env->watchpoint_hit = wp;
1560 tb_check_watchpoint(env);
1561 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1562 env->exception_index = EXCP_DEBUG;
1563 cpu_loop_exit(env);
1564 } else {
1565 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1566 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1567 cpu_resume_from_signal(env, NULL);
1568 }
1569 }
1570 } else {
1571 wp->flags &= ~BP_WATCHPOINT_HIT;
1572 }
1573 }
1574 }
1575
1576 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1577 so these check for a hit then pass through to the normal out-of-line
1578 phys routines. */
1579 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1580 unsigned size)
1581 {
1582 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1583 switch (size) {
1584 case 1: return ldub_phys(addr);
1585 case 2: return lduw_phys(addr);
1586 case 4: return ldl_phys(addr);
1587 default: abort();
1588 }
1589 }
1590
1591 static void watch_mem_write(void *opaque, hwaddr addr,
1592 uint64_t val, unsigned size)
1593 {
1594 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1595 switch (size) {
1596 case 1:
1597 stb_phys(addr, val);
1598 break;
1599 case 2:
1600 stw_phys(addr, val);
1601 break;
1602 case 4:
1603 stl_phys(addr, val);
1604 break;
1605 default: abort();
1606 }
1607 }
1608
1609 static const MemoryRegionOps watch_mem_ops = {
1610 .read = watch_mem_read,
1611 .write = watch_mem_write,
1612 .endianness = DEVICE_NATIVE_ENDIAN,
1613 };
1614
1615 static uint64_t subpage_read(void *opaque, hwaddr addr,
1616 unsigned len)
1617 {
1618 subpage_t *subpage = opaque;
1619 uint8_t buf[4];
1620
1621 #if defined(DEBUG_SUBPAGE)
1622 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1623 subpage, len, addr);
1624 #endif
1625 address_space_read(subpage->as, addr + subpage->base, buf, len);
1626 switch (len) {
1627 case 1:
1628 return ldub_p(buf);
1629 case 2:
1630 return lduw_p(buf);
1631 case 4:
1632 return ldl_p(buf);
1633 default:
1634 abort();
1635 }
1636 }
1637
1638 static void subpage_write(void *opaque, hwaddr addr,
1639 uint64_t value, unsigned len)
1640 {
1641 subpage_t *subpage = opaque;
1642 uint8_t buf[4];
1643
1644 #if defined(DEBUG_SUBPAGE)
1645 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1646 " value %"PRIx64"\n",
1647 __func__, subpage, len, addr, value);
1648 #endif
1649 switch (len) {
1650 case 1:
1651 stb_p(buf, value);
1652 break;
1653 case 2:
1654 stw_p(buf, value);
1655 break;
1656 case 4:
1657 stl_p(buf, value);
1658 break;
1659 default:
1660 abort();
1661 }
1662 address_space_write(subpage->as, addr + subpage->base, buf, len);
1663 }
1664
1665 static bool subpage_accepts(void *opaque, hwaddr addr,
1666 unsigned len, bool is_write)
1667 {
1668 subpage_t *subpage = opaque;
1669 #if defined(DEBUG_SUBPAGE)
1670 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
1671 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1672 #endif
1673
1674 return address_space_access_valid(subpage->as, addr + subpage->base,
1675 len, is_write);
1676 }
1677
1678 static const MemoryRegionOps subpage_ops = {
1679 .read = subpage_read,
1680 .write = subpage_write,
1681 .valid.accepts = subpage_accepts,
1682 .endianness = DEVICE_NATIVE_ENDIAN,
1683 };
1684
1685 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1686 uint16_t section)
1687 {
1688 int idx, eidx;
1689
1690 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1691 return -1;
1692 idx = SUBPAGE_IDX(start);
1693 eidx = SUBPAGE_IDX(end);
1694 #if defined(DEBUG_SUBPAGE)
1695 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
1696 __func__, mmio, start, end, idx, eidx, section);
1697 #endif
1698 for (; idx <= eidx; idx++) {
1699 mmio->sub_section[idx] = section;
1700 }
1701
1702 return 0;
1703 }
1704
1705 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1706 {
1707 subpage_t *mmio;
1708
1709 mmio = g_malloc0(sizeof(subpage_t));
1710
1711 mmio->as = as;
1712 mmio->base = base;
1713 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
1714 "subpage", TARGET_PAGE_SIZE);
1715 mmio->iomem.subpage = true;
1716 #if defined(DEBUG_SUBPAGE)
1717 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
1718 mmio, base, TARGET_PAGE_SIZE);
1719 #endif
1720 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
1721
1722 return mmio;
1723 }
1724
1725 static uint16_t dummy_section(PhysPageMap *map, MemoryRegion *mr)
1726 {
1727 MemoryRegionSection section = {
1728 .mr = mr,
1729 .offset_within_address_space = 0,
1730 .offset_within_region = 0,
1731 .size = int128_2_64(),
1732 };
1733
1734 return phys_section_add(map, &section);
1735 }
1736
1737 MemoryRegion *iotlb_to_region(hwaddr index)
1738 {
1739 return address_space_memory.dispatch->map.sections[
1740 index & ~TARGET_PAGE_MASK].mr;
1741 }
1742
1743 static void io_mem_init(void)
1744 {
1745 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1746 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1747 "unassigned", UINT64_MAX);
1748 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1749 "notdirty", UINT64_MAX);
1750 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1751 "watch", UINT64_MAX);
1752 }
1753
1754 static void mem_begin(MemoryListener *listener)
1755 {
1756 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1757 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
1758 uint16_t n;
1759
1760 n = dummy_section(&d->map, &io_mem_unassigned);
1761 assert(n == PHYS_SECTION_UNASSIGNED);
1762 n = dummy_section(&d->map, &io_mem_notdirty);
1763 assert(n == PHYS_SECTION_NOTDIRTY);
1764 n = dummy_section(&d->map, &io_mem_rom);
1765 assert(n == PHYS_SECTION_ROM);
1766 n = dummy_section(&d->map, &io_mem_watch);
1767 assert(n == PHYS_SECTION_WATCH);
1768
1769 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
1770 d->as = as;
1771 as->next_dispatch = d;
1772 }
1773
1774 static void mem_commit(MemoryListener *listener)
1775 {
1776 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1777 AddressSpaceDispatch *cur = as->dispatch;
1778 AddressSpaceDispatch *next = as->next_dispatch;
1779
1780 phys_page_compact_all(next, next->map.nodes_nb);
1781
1782 as->dispatch = next;
1783
1784 if (cur) {
1785 phys_sections_free(&cur->map);
1786 g_free(cur);
1787 }
1788 }
1789
1790 static void tcg_commit(MemoryListener *listener)
1791 {
1792 CPUState *cpu;
1793
1794 /* since each CPU stores ram addresses in its TLB cache, we must
1795 reset the modified entries */
1796 /* XXX: slow ! */
1797 CPU_FOREACH(cpu) {
1798 CPUArchState *env = cpu->env_ptr;
1799
1800 tlb_flush(env, 1);
1801 }
1802 }
1803
1804 static void core_log_global_start(MemoryListener *listener)
1805 {
1806 cpu_physical_memory_set_dirty_tracking(true);
1807 }
1808
1809 static void core_log_global_stop(MemoryListener *listener)
1810 {
1811 cpu_physical_memory_set_dirty_tracking(false);
1812 }
1813
1814 static MemoryListener core_memory_listener = {
1815 .log_global_start = core_log_global_start,
1816 .log_global_stop = core_log_global_stop,
1817 .priority = 1,
1818 };
1819
1820 static MemoryListener tcg_memory_listener = {
1821 .commit = tcg_commit,
1822 };
1823
1824 void address_space_init_dispatch(AddressSpace *as)
1825 {
1826 as->dispatch = NULL;
1827 as->dispatch_listener = (MemoryListener) {
1828 .begin = mem_begin,
1829 .commit = mem_commit,
1830 .region_add = mem_add,
1831 .region_nop = mem_add,
1832 .priority = 0,
1833 };
1834 memory_listener_register(&as->dispatch_listener, as);
1835 }
1836
1837 void address_space_destroy_dispatch(AddressSpace *as)
1838 {
1839 AddressSpaceDispatch *d = as->dispatch;
1840
1841 memory_listener_unregister(&as->dispatch_listener);
1842 g_free(d);
1843 as->dispatch = NULL;
1844 }
1845
1846 static void memory_map_init(void)
1847 {
1848 system_memory = g_malloc(sizeof(*system_memory));
1849
1850 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
1851 address_space_init(&address_space_memory, system_memory, "memory");
1852
1853 system_io = g_malloc(sizeof(*system_io));
1854 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
1855 65536);
1856 address_space_init(&address_space_io, system_io, "I/O");
1857
1858 memory_listener_register(&core_memory_listener, &address_space_memory);
1859 if (tcg_enabled()) {
1860 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1861 }
1862 }
1863
1864 MemoryRegion *get_system_memory(void)
1865 {
1866 return system_memory;
1867 }
1868
1869 MemoryRegion *get_system_io(void)
1870 {
1871 return system_io;
1872 }
1873
1874 #endif /* !defined(CONFIG_USER_ONLY) */
1875
1876 /* physical memory access (slow version, mainly for debug) */
1877 #if defined(CONFIG_USER_ONLY)
1878 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
1879 uint8_t *buf, int len, int is_write)
1880 {
1881 int l, flags;
1882 target_ulong page;
1883 void * p;
1884
1885 while (len > 0) {
1886 page = addr & TARGET_PAGE_MASK;
1887 l = (page + TARGET_PAGE_SIZE) - addr;
1888 if (l > len)
1889 l = len;
1890 flags = page_get_flags(page);
1891 if (!(flags & PAGE_VALID))
1892 return -1;
1893 if (is_write) {
1894 if (!(flags & PAGE_WRITE))
1895 return -1;
1896 /* XXX: this code should not depend on lock_user */
1897 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1898 return -1;
1899 memcpy(p, buf, l);
1900 unlock_user(p, addr, l);
1901 } else {
1902 if (!(flags & PAGE_READ))
1903 return -1;
1904 /* XXX: this code should not depend on lock_user */
1905 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1906 return -1;
1907 memcpy(buf, p, l);
1908 unlock_user(p, addr, 0);
1909 }
1910 len -= l;
1911 buf += l;
1912 addr += l;
1913 }
1914 return 0;
1915 }
1916
1917 #else
1918
1919 static void invalidate_and_set_dirty(hwaddr addr,
1920 hwaddr length)
1921 {
1922 if (cpu_physical_memory_is_clean(addr)) {
1923 /* invalidate code */
1924 tb_invalidate_phys_page_range(addr, addr + length, 0);
1925 /* set dirty bit */
1926 cpu_physical_memory_set_dirty_flag(addr, DIRTY_MEMORY_VGA);
1927 cpu_physical_memory_set_dirty_flag(addr, DIRTY_MEMORY_MIGRATION);
1928 }
1929 xen_modified_memory(addr, length);
1930 }
1931
1932 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1933 {
1934 if (memory_region_is_ram(mr)) {
1935 return !(is_write && mr->readonly);
1936 }
1937 if (memory_region_is_romd(mr)) {
1938 return !is_write;
1939 }
1940
1941 return false;
1942 }
1943
1944 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
1945 {
1946 unsigned access_size_max = mr->ops->valid.max_access_size;
1947
1948 /* Regions are assumed to support 1-4 byte accesses unless
1949 otherwise specified. */
1950 if (access_size_max == 0) {
1951 access_size_max = 4;
1952 }
1953
1954 /* Bound the maximum access by the alignment of the address. */
1955 if (!mr->ops->impl.unaligned) {
1956 unsigned align_size_max = addr & -addr;
1957 if (align_size_max != 0 && align_size_max < access_size_max) {
1958 access_size_max = align_size_max;
1959 }
1960 }
1961
1962 /* Don't attempt accesses larger than the maximum. */
1963 if (l > access_size_max) {
1964 l = access_size_max;
1965 }
1966 if (l & (l - 1)) {
1967 l = 1 << (qemu_fls(l) - 1);
1968 }
1969
1970 return l;
1971 }
1972
1973 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1974 int len, bool is_write)
1975 {
1976 hwaddr l;
1977 uint8_t *ptr;
1978 uint64_t val;
1979 hwaddr addr1;
1980 MemoryRegion *mr;
1981 bool error = false;
1982
1983 while (len > 0) {
1984 l = len;
1985 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1986
1987 if (is_write) {
1988 if (!memory_access_is_direct(mr, is_write)) {
1989 l = memory_access_size(mr, l, addr1);
1990 /* XXX: could force current_cpu to NULL to avoid
1991 potential bugs */
1992 switch (l) {
1993 case 8:
1994 /* 64 bit write access */
1995 val = ldq_p(buf);
1996 error |= io_mem_write(mr, addr1, val, 8);
1997 break;
1998 case 4:
1999 /* 32 bit write access */
2000 val = ldl_p(buf);
2001 error |= io_mem_write(mr, addr1, val, 4);
2002 break;
2003 case 2:
2004 /* 16 bit write access */
2005 val = lduw_p(buf);
2006 error |= io_mem_write(mr, addr1, val, 2);
2007 break;
2008 case 1:
2009 /* 8 bit write access */
2010 val = ldub_p(buf);
2011 error |= io_mem_write(mr, addr1, val, 1);
2012 break;
2013 default:
2014 abort();
2015 }
2016 } else {
2017 addr1 += memory_region_get_ram_addr(mr);
2018 /* RAM case */
2019 ptr = qemu_get_ram_ptr(addr1);
2020 memcpy(ptr, buf, l);
2021 invalidate_and_set_dirty(addr1, l);
2022 }
2023 } else {
2024 if (!memory_access_is_direct(mr, is_write)) {
2025 /* I/O case */
2026 l = memory_access_size(mr, l, addr1);
2027 switch (l) {
2028 case 8:
2029 /* 64 bit read access */
2030 error |= io_mem_read(mr, addr1, &val, 8);
2031 stq_p(buf, val);
2032 break;
2033 case 4:
2034 /* 32 bit read access */
2035 error |= io_mem_read(mr, addr1, &val, 4);
2036 stl_p(buf, val);
2037 break;
2038 case 2:
2039 /* 16 bit read access */
2040 error |= io_mem_read(mr, addr1, &val, 2);
2041 stw_p(buf, val);
2042 break;
2043 case 1:
2044 /* 8 bit read access */
2045 error |= io_mem_read(mr, addr1, &val, 1);
2046 stb_p(buf, val);
2047 break;
2048 default:
2049 abort();
2050 }
2051 } else {
2052 /* RAM case */
2053 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2054 memcpy(buf, ptr, l);
2055 }
2056 }
2057 len -= l;
2058 buf += l;
2059 addr += l;
2060 }
2061
2062 return error;
2063 }
2064
2065 bool address_space_write(AddressSpace *as, hwaddr addr,
2066 const uint8_t *buf, int len)
2067 {
2068 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
2069 }
2070
2071 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
2072 {
2073 return address_space_rw(as, addr, buf, len, false);
2074 }
2075
2076
2077 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2078 int len, int is_write)
2079 {
2080 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2081 }
2082
2083 enum write_rom_type {
2084 WRITE_DATA,
2085 FLUSH_CACHE,
2086 };
2087
2088 static inline void cpu_physical_memory_write_rom_internal(
2089 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2090 {
2091 hwaddr l;
2092 uint8_t *ptr;
2093 hwaddr addr1;
2094 MemoryRegion *mr;
2095
2096 while (len > 0) {
2097 l = len;
2098 mr = address_space_translate(&address_space_memory,
2099 addr, &addr1, &l, true);
2100
2101 if (!(memory_region_is_ram(mr) ||
2102 memory_region_is_romd(mr))) {
2103 /* do nothing */
2104 } else {
2105 addr1 += memory_region_get_ram_addr(mr);
2106 /* ROM/RAM case */
2107 ptr = qemu_get_ram_ptr(addr1);
2108 switch (type) {
2109 case WRITE_DATA:
2110 memcpy(ptr, buf, l);
2111 invalidate_and_set_dirty(addr1, l);
2112 break;
2113 case FLUSH_CACHE:
2114 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2115 break;
2116 }
2117 }
2118 len -= l;
2119 buf += l;
2120 addr += l;
2121 }
2122 }
2123
2124 /* used for ROM loading : can write in RAM and ROM */
2125 void cpu_physical_memory_write_rom(hwaddr addr,
2126 const uint8_t *buf, int len)
2127 {
2128 cpu_physical_memory_write_rom_internal(addr, buf, len, WRITE_DATA);
2129 }
2130
2131 void cpu_flush_icache_range(hwaddr start, int len)
2132 {
2133 /*
2134 * This function should do the same thing as an icache flush that was
2135 * triggered from within the guest. For TCG we are always cache coherent,
2136 * so there is no need to flush anything. For KVM / Xen we need to flush
2137 * the host's instruction cache at least.
2138 */
2139 if (tcg_enabled()) {
2140 return;
2141 }
2142
2143 cpu_physical_memory_write_rom_internal(start, NULL, len, FLUSH_CACHE);
2144 }
2145
2146 typedef struct {
2147 MemoryRegion *mr;
2148 void *buffer;
2149 hwaddr addr;
2150 hwaddr len;
2151 } BounceBuffer;
2152
2153 static BounceBuffer bounce;
2154
2155 typedef struct MapClient {
2156 void *opaque;
2157 void (*callback)(void *opaque);
2158 QLIST_ENTRY(MapClient) link;
2159 } MapClient;
2160
2161 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2162 = QLIST_HEAD_INITIALIZER(map_client_list);
2163
2164 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2165 {
2166 MapClient *client = g_malloc(sizeof(*client));
2167
2168 client->opaque = opaque;
2169 client->callback = callback;
2170 QLIST_INSERT_HEAD(&map_client_list, client, link);
2171 return client;
2172 }
2173
2174 static void cpu_unregister_map_client(void *_client)
2175 {
2176 MapClient *client = (MapClient *)_client;
2177
2178 QLIST_REMOVE(client, link);
2179 g_free(client);
2180 }
2181
2182 static void cpu_notify_map_clients(void)
2183 {
2184 MapClient *client;
2185
2186 while (!QLIST_EMPTY(&map_client_list)) {
2187 client = QLIST_FIRST(&map_client_list);
2188 client->callback(client->opaque);
2189 cpu_unregister_map_client(client);
2190 }
2191 }
2192
2193 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2194 {
2195 MemoryRegion *mr;
2196 hwaddr l, xlat;
2197
2198 while (len > 0) {
2199 l = len;
2200 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2201 if (!memory_access_is_direct(mr, is_write)) {
2202 l = memory_access_size(mr, l, addr);
2203 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2204 return false;
2205 }
2206 }
2207
2208 len -= l;
2209 addr += l;
2210 }
2211 return true;
2212 }
2213
2214 /* Map a physical memory region into a host virtual address.
2215 * May map a subset of the requested range, given by and returned in *plen.
2216 * May return NULL if resources needed to perform the mapping are exhausted.
2217 * Use only for reads OR writes - not for read-modify-write operations.
2218 * Use cpu_register_map_client() to know when retrying the map operation is
2219 * likely to succeed.
2220 */
2221 void *address_space_map(AddressSpace *as,
2222 hwaddr addr,
2223 hwaddr *plen,
2224 bool is_write)
2225 {
2226 hwaddr len = *plen;
2227 hwaddr done = 0;
2228 hwaddr l, xlat, base;
2229 MemoryRegion *mr, *this_mr;
2230 ram_addr_t raddr;
2231
2232 if (len == 0) {
2233 return NULL;
2234 }
2235
2236 l = len;
2237 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2238 if (!memory_access_is_direct(mr, is_write)) {
2239 if (bounce.buffer) {
2240 return NULL;
2241 }
2242 /* Avoid unbounded allocations */
2243 l = MIN(l, TARGET_PAGE_SIZE);
2244 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2245 bounce.addr = addr;
2246 bounce.len = l;
2247
2248 memory_region_ref(mr);
2249 bounce.mr = mr;
2250 if (!is_write) {
2251 address_space_read(as, addr, bounce.buffer, l);
2252 }
2253
2254 *plen = l;
2255 return bounce.buffer;
2256 }
2257
2258 base = xlat;
2259 raddr = memory_region_get_ram_addr(mr);
2260
2261 for (;;) {
2262 len -= l;
2263 addr += l;
2264 done += l;
2265 if (len == 0) {
2266 break;
2267 }
2268
2269 l = len;
2270 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2271 if (this_mr != mr || xlat != base + done) {
2272 break;
2273 }
2274 }
2275
2276 memory_region_ref(mr);
2277 *plen = done;
2278 return qemu_ram_ptr_length(raddr + base, plen);
2279 }
2280
2281 /* Unmaps a memory region previously mapped by address_space_map().
2282 * Will also mark the memory as dirty if is_write == 1. access_len gives
2283 * the amount of memory that was actually read or written by the caller.
2284 */
2285 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2286 int is_write, hwaddr access_len)
2287 {
2288 if (buffer != bounce.buffer) {
2289 MemoryRegion *mr;
2290 ram_addr_t addr1;
2291
2292 mr = qemu_ram_addr_from_host(buffer, &addr1);
2293 assert(mr != NULL);
2294 if (is_write) {
2295 while (access_len) {
2296 unsigned l;
2297 l = TARGET_PAGE_SIZE;
2298 if (l > access_len)
2299 l = access_len;
2300 invalidate_and_set_dirty(addr1, l);
2301 addr1 += l;
2302 access_len -= l;
2303 }
2304 }
2305 if (xen_enabled()) {
2306 xen_invalidate_map_cache_entry(buffer);
2307 }
2308 memory_region_unref(mr);
2309 return;
2310 }
2311 if (is_write) {
2312 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2313 }
2314 qemu_vfree(bounce.buffer);
2315 bounce.buffer = NULL;
2316 memory_region_unref(bounce.mr);
2317 cpu_notify_map_clients();
2318 }
2319
2320 void *cpu_physical_memory_map(hwaddr addr,
2321 hwaddr *plen,
2322 int is_write)
2323 {
2324 return address_space_map(&address_space_memory, addr, plen, is_write);
2325 }
2326
2327 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2328 int is_write, hwaddr access_len)
2329 {
2330 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2331 }
2332
2333 /* warning: addr must be aligned */
2334 static inline uint32_t ldl_phys_internal(hwaddr addr,
2335 enum device_endian endian)
2336 {
2337 uint8_t *ptr;
2338 uint64_t val;
2339 MemoryRegion *mr;
2340 hwaddr l = 4;
2341 hwaddr addr1;
2342
2343 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2344 false);
2345 if (l < 4 || !memory_access_is_direct(mr, false)) {
2346 /* I/O case */
2347 io_mem_read(mr, addr1, &val, 4);
2348 #if defined(TARGET_WORDS_BIGENDIAN)
2349 if (endian == DEVICE_LITTLE_ENDIAN) {
2350 val = bswap32(val);
2351 }
2352 #else
2353 if (endian == DEVICE_BIG_ENDIAN) {
2354 val = bswap32(val);
2355 }
2356 #endif
2357 } else {
2358 /* RAM case */
2359 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2360 & TARGET_PAGE_MASK)
2361 + addr1);
2362 switch (endian) {
2363 case DEVICE_LITTLE_ENDIAN:
2364 val = ldl_le_p(ptr);
2365 break;
2366 case DEVICE_BIG_ENDIAN:
2367 val = ldl_be_p(ptr);
2368 break;
2369 default:
2370 val = ldl_p(ptr);
2371 break;
2372 }
2373 }
2374 return val;
2375 }
2376
2377 uint32_t ldl_phys(hwaddr addr)
2378 {
2379 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2380 }
2381
2382 uint32_t ldl_le_phys(hwaddr addr)
2383 {
2384 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2385 }
2386
2387 uint32_t ldl_be_phys(hwaddr addr)
2388 {
2389 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2390 }
2391
2392 /* warning: addr must be aligned */
2393 static inline uint64_t ldq_phys_internal(hwaddr addr,
2394 enum device_endian endian)
2395 {
2396 uint8_t *ptr;
2397 uint64_t val;
2398 MemoryRegion *mr;
2399 hwaddr l = 8;
2400 hwaddr addr1;
2401
2402 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2403 false);
2404 if (l < 8 || !memory_access_is_direct(mr, false)) {
2405 /* I/O case */
2406 io_mem_read(mr, addr1, &val, 8);
2407 #if defined(TARGET_WORDS_BIGENDIAN)
2408 if (endian == DEVICE_LITTLE_ENDIAN) {
2409 val = bswap64(val);
2410 }
2411 #else
2412 if (endian == DEVICE_BIG_ENDIAN) {
2413 val = bswap64(val);
2414 }
2415 #endif
2416 } else {
2417 /* RAM case */
2418 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2419 & TARGET_PAGE_MASK)
2420 + addr1);
2421 switch (endian) {
2422 case DEVICE_LITTLE_ENDIAN:
2423 val = ldq_le_p(ptr);
2424 break;
2425 case DEVICE_BIG_ENDIAN:
2426 val = ldq_be_p(ptr);
2427 break;
2428 default:
2429 val = ldq_p(ptr);
2430 break;
2431 }
2432 }
2433 return val;
2434 }
2435
2436 uint64_t ldq_phys(hwaddr addr)
2437 {
2438 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2439 }
2440
2441 uint64_t ldq_le_phys(hwaddr addr)
2442 {
2443 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2444 }
2445
2446 uint64_t ldq_be_phys(hwaddr addr)
2447 {
2448 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2449 }
2450
2451 /* XXX: optimize */
2452 uint32_t ldub_phys(hwaddr addr)
2453 {
2454 uint8_t val;
2455 cpu_physical_memory_read(addr, &val, 1);
2456 return val;
2457 }
2458
2459 /* warning: addr must be aligned */
2460 static inline uint32_t lduw_phys_internal(hwaddr addr,
2461 enum device_endian endian)
2462 {
2463 uint8_t *ptr;
2464 uint64_t val;
2465 MemoryRegion *mr;
2466 hwaddr l = 2;
2467 hwaddr addr1;
2468
2469 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2470 false);
2471 if (l < 2 || !memory_access_is_direct(mr, false)) {
2472 /* I/O case */
2473 io_mem_read(mr, addr1, &val, 2);
2474 #if defined(TARGET_WORDS_BIGENDIAN)
2475 if (endian == DEVICE_LITTLE_ENDIAN) {
2476 val = bswap16(val);
2477 }
2478 #else
2479 if (endian == DEVICE_BIG_ENDIAN) {
2480 val = bswap16(val);
2481 }
2482 #endif
2483 } else {
2484 /* RAM case */
2485 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2486 & TARGET_PAGE_MASK)
2487 + addr1);
2488 switch (endian) {
2489 case DEVICE_LITTLE_ENDIAN:
2490 val = lduw_le_p(ptr);
2491 break;
2492 case DEVICE_BIG_ENDIAN:
2493 val = lduw_be_p(ptr);
2494 break;
2495 default:
2496 val = lduw_p(ptr);
2497 break;
2498 }
2499 }
2500 return val;
2501 }
2502
2503 uint32_t lduw_phys(hwaddr addr)
2504 {
2505 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2506 }
2507
2508 uint32_t lduw_le_phys(hwaddr addr)
2509 {
2510 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2511 }
2512
2513 uint32_t lduw_be_phys(hwaddr addr)
2514 {
2515 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2516 }
2517
2518 /* warning: addr must be aligned. The ram page is not masked as dirty
2519 and the code inside is not invalidated. It is useful if the dirty
2520 bits are used to track modified PTEs */
2521 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2522 {
2523 uint8_t *ptr;
2524 MemoryRegion *mr;
2525 hwaddr l = 4;
2526 hwaddr addr1;
2527
2528 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2529 true);
2530 if (l < 4 || !memory_access_is_direct(mr, true)) {
2531 io_mem_write(mr, addr1, val, 4);
2532 } else {
2533 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2534 ptr = qemu_get_ram_ptr(addr1);
2535 stl_p(ptr, val);
2536
2537 if (unlikely(in_migration)) {
2538 if (cpu_physical_memory_is_clean(addr1)) {
2539 /* invalidate code */
2540 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2541 /* set dirty bit */
2542 cpu_physical_memory_set_dirty_flag(addr1,
2543 DIRTY_MEMORY_MIGRATION);
2544 cpu_physical_memory_set_dirty_flag(addr1, DIRTY_MEMORY_VGA);
2545 }
2546 }
2547 }
2548 }
2549
2550 /* warning: addr must be aligned */
2551 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2552 enum device_endian endian)
2553 {
2554 uint8_t *ptr;
2555 MemoryRegion *mr;
2556 hwaddr l = 4;
2557 hwaddr addr1;
2558
2559 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2560 true);
2561 if (l < 4 || !memory_access_is_direct(mr, true)) {
2562 #if defined(TARGET_WORDS_BIGENDIAN)
2563 if (endian == DEVICE_LITTLE_ENDIAN) {
2564 val = bswap32(val);
2565 }
2566 #else
2567 if (endian == DEVICE_BIG_ENDIAN) {
2568 val = bswap32(val);
2569 }
2570 #endif
2571 io_mem_write(mr, addr1, val, 4);
2572 } else {
2573 /* RAM case */
2574 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2575 ptr = qemu_get_ram_ptr(addr1);
2576 switch (endian) {
2577 case DEVICE_LITTLE_ENDIAN:
2578 stl_le_p(ptr, val);
2579 break;
2580 case DEVICE_BIG_ENDIAN:
2581 stl_be_p(ptr, val);
2582 break;
2583 default:
2584 stl_p(ptr, val);
2585 break;
2586 }
2587 invalidate_and_set_dirty(addr1, 4);
2588 }
2589 }
2590
2591 void stl_phys(hwaddr addr, uint32_t val)
2592 {
2593 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2594 }
2595
2596 void stl_le_phys(hwaddr addr, uint32_t val)
2597 {
2598 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2599 }
2600
2601 void stl_be_phys(hwaddr addr, uint32_t val)
2602 {
2603 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2604 }
2605
2606 /* XXX: optimize */
2607 void stb_phys(hwaddr addr, uint32_t val)
2608 {
2609 uint8_t v = val;
2610 cpu_physical_memory_write(addr, &v, 1);
2611 }
2612
2613 /* warning: addr must be aligned */
2614 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2615 enum device_endian endian)
2616 {
2617 uint8_t *ptr;
2618 MemoryRegion *mr;
2619 hwaddr l = 2;
2620 hwaddr addr1;
2621
2622 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2623 true);
2624 if (l < 2 || !memory_access_is_direct(mr, true)) {
2625 #if defined(TARGET_WORDS_BIGENDIAN)
2626 if (endian == DEVICE_LITTLE_ENDIAN) {
2627 val = bswap16(val);
2628 }
2629 #else
2630 if (endian == DEVICE_BIG_ENDIAN) {
2631 val = bswap16(val);
2632 }
2633 #endif
2634 io_mem_write(mr, addr1, val, 2);
2635 } else {
2636 /* RAM case */
2637 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2638 ptr = qemu_get_ram_ptr(addr1);
2639 switch (endian) {
2640 case DEVICE_LITTLE_ENDIAN:
2641 stw_le_p(ptr, val);
2642 break;
2643 case DEVICE_BIG_ENDIAN:
2644 stw_be_p(ptr, val);
2645 break;
2646 default:
2647 stw_p(ptr, val);
2648 break;
2649 }
2650 invalidate_and_set_dirty(addr1, 2);
2651 }
2652 }
2653
2654 void stw_phys(hwaddr addr, uint32_t val)
2655 {
2656 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2657 }
2658
2659 void stw_le_phys(hwaddr addr, uint32_t val)
2660 {
2661 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2662 }
2663
2664 void stw_be_phys(hwaddr addr, uint32_t val)
2665 {
2666 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2667 }
2668
2669 /* XXX: optimize */
2670 void stq_phys(hwaddr addr, uint64_t val)
2671 {
2672 val = tswap64(val);
2673 cpu_physical_memory_write(addr, &val, 8);
2674 }
2675
2676 void stq_le_phys(hwaddr addr, uint64_t val)
2677 {
2678 val = cpu_to_le64(val);
2679 cpu_physical_memory_write(addr, &val, 8);
2680 }
2681
2682 void stq_be_phys(hwaddr addr, uint64_t val)
2683 {
2684 val = cpu_to_be64(val);
2685 cpu_physical_memory_write(addr, &val, 8);
2686 }
2687
2688 /* virtual memory access for debug (includes writing to ROM) */
2689 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2690 uint8_t *buf, int len, int is_write)
2691 {
2692 int l;
2693 hwaddr phys_addr;
2694 target_ulong page;
2695
2696 while (len > 0) {
2697 page = addr & TARGET_PAGE_MASK;
2698 phys_addr = cpu_get_phys_page_debug(cpu, page);
2699 /* if no physical page mapped, return an error */
2700 if (phys_addr == -1)
2701 return -1;
2702 l = (page + TARGET_PAGE_SIZE) - addr;
2703 if (l > len)
2704 l = len;
2705 phys_addr += (addr & ~TARGET_PAGE_MASK);
2706 if (is_write)
2707 cpu_physical_memory_write_rom(phys_addr, buf, l);
2708 else
2709 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2710 len -= l;
2711 buf += l;
2712 addr += l;
2713 }
2714 return 0;
2715 }
2716 #endif
2717
2718 #if !defined(CONFIG_USER_ONLY)
2719
2720 /*
2721 * A helper function for the _utterly broken_ virtio device model to find out if
2722 * it's running on a big endian machine. Don't do this at home kids!
2723 */
2724 bool virtio_is_big_endian(void);
2725 bool virtio_is_big_endian(void)
2726 {
2727 #if defined(TARGET_WORDS_BIGENDIAN)
2728 return true;
2729 #else
2730 return false;
2731 #endif
2732 }
2733
2734 #endif
2735
2736 #ifndef CONFIG_USER_ONLY
2737 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2738 {
2739 MemoryRegion*mr;
2740 hwaddr l = 1;
2741
2742 mr = address_space_translate(&address_space_memory,
2743 phys_addr, &phys_addr, &l, false);
2744
2745 return !(memory_region_is_ram(mr) ||
2746 memory_region_is_romd(mr));
2747 }
2748
2749 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2750 {
2751 RAMBlock *block;
2752
2753 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2754 func(block->host, block->offset, block->length, opaque);
2755 }
2756 }
2757 #endif
AR7 emulation for QEMU