search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
slirp: Fix non blocking connect for w32
[qemu/ar7.git] / exec.c
blobeecadceff01d8dfcad17ed37d3007ae856644152
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "exec/cputlb.h"
53 #include "translate-all.h"
54
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
57
58 #include "qemu/range.h"
59
60 //#define DEBUG_SUBPAGE
61
62 #if !defined(CONFIG_USER_ONLY)
63 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
64 * are protected by the ramlist lock.
65 */
66 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
67
68 static MemoryRegion *system_memory;
69 static MemoryRegion *system_io;
70
71 AddressSpace address_space_io;
72 AddressSpace address_space_memory;
73
74 MemoryRegion io_mem_rom, io_mem_notdirty;
75 static MemoryRegion io_mem_unassigned;
76
77 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
78 #define RAM_PREALLOC (1 << 0)
79
80 /* RAM is mmap-ed with MAP_SHARED */
81 #define RAM_SHARED (1 << 1)
82
83 /* Only a portion of RAM (used_length) is actually used, and migrated.
84 * This used_length size can change across reboots.
85 */
86 #define RAM_RESIZEABLE (1 << 2)
87
88 #endif
89
90 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
91 /* current CPU in the current thread. It is only valid inside
92 cpu_exec() */
93 DEFINE_TLS(CPUState *, current_cpu);
94 /* 0 = Do not count executed instructions.
95 1 = Precise instruction counting.
96 2 = Adaptive rate instruction counting. */
97 int use_icount;
98
99 #if !defined(CONFIG_USER_ONLY)
100
101 typedef struct PhysPageEntry PhysPageEntry;
102
103 struct PhysPageEntry {
104 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
105 uint32_t skip : 6;
106 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
107 uint32_t ptr : 26;
108 };
109
110 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
111
112 /* Size of the L2 (and L3, etc) page tables. */
113 #define ADDR_SPACE_BITS 64
114
115 #define P_L2_BITS 9
116 #define P_L2_SIZE (1 << P_L2_BITS)
117
118 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
119
120 typedef PhysPageEntry Node[P_L2_SIZE];
121
122 typedef struct PhysPageMap {
123 struct rcu_head rcu;
124
125 unsigned sections_nb;
126 unsigned sections_nb_alloc;
127 unsigned nodes_nb;
128 unsigned nodes_nb_alloc;
129 Node *nodes;
130 MemoryRegionSection *sections;
131 } PhysPageMap;
132
133 struct AddressSpaceDispatch {
134 struct rcu_head rcu;
135
136 /* This is a multi-level map on the physical address space.
137 * The bottom level has pointers to MemoryRegionSections.
138 */
139 PhysPageEntry phys_map;
140 PhysPageMap map;
141 AddressSpace *as;
142 };
143
144 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
145 typedef struct subpage_t {
146 MemoryRegion iomem;
147 AddressSpace *as;
148 hwaddr base;
149 uint16_t sub_section[TARGET_PAGE_SIZE];
150 } subpage_t;
151
152 #define PHYS_SECTION_UNASSIGNED 0
153 #define PHYS_SECTION_NOTDIRTY 1
154 #define PHYS_SECTION_ROM 2
155 #define PHYS_SECTION_WATCH 3
156
157 static void io_mem_init(void);
158 static void memory_map_init(void);
159 static void tcg_commit(MemoryListener *listener);
160
161 static MemoryRegion io_mem_watch;
162 #endif
163
164 #if !defined(CONFIG_USER_ONLY)
165
166 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
167 {
168 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
170 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
171 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
172 }
173 }
174
175 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
176 {
177 unsigned i;
178 uint32_t ret;
179 PhysPageEntry e;
180 PhysPageEntry *p;
181
182 ret = map->nodes_nb++;
183 p = map->nodes[ret];
184 assert(ret != PHYS_MAP_NODE_NIL);
185 assert(ret != map->nodes_nb_alloc);
186
187 e.skip = leaf ? 0 : 1;
188 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
189 for (i = 0; i < P_L2_SIZE; ++i) {
190 memcpy(&p[i], &e, sizeof(e));
191 }
192 return ret;
193 }
194
195 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
196 hwaddr *index, hwaddr *nb, uint16_t leaf,
197 int level)
198 {
199 PhysPageEntry *p;
200 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
201
202 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
203 lp->ptr = phys_map_node_alloc(map, level == 0);
204 }
205 p = map->nodes[lp->ptr];
206 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
207
208 while (*nb && lp < &p[P_L2_SIZE]) {
209 if ((*index & (step - 1)) == 0 && *nb >= step) {
210 lp->skip = 0;
211 lp->ptr = leaf;
212 *index += step;
213 *nb -= step;
214 } else {
215 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
216 }
217 ++lp;
218 }
219 }
220
221 static void phys_page_set(AddressSpaceDispatch *d,
222 hwaddr index, hwaddr nb,
223 uint16_t leaf)
224 {
225 /* Wildly overreserve - it doesn't matter much. */
226 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
227
228 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
229 }
230
231 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
232 * and update our entry so we can skip it and go directly to the destination.
233 */
234 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
235 {
236 unsigned valid_ptr = P_L2_SIZE;
237 int valid = 0;
238 PhysPageEntry *p;
239 int i;
240
241 if (lp->ptr == PHYS_MAP_NODE_NIL) {
242 return;
243 }
244
245 p = nodes[lp->ptr];
246 for (i = 0; i < P_L2_SIZE; i++) {
247 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
248 continue;
249 }
250
251 valid_ptr = i;
252 valid++;
253 if (p[i].skip) {
254 phys_page_compact(&p[i], nodes, compacted);
255 }
256 }
257
258 /* We can only compress if there's only one child. */
259 if (valid != 1) {
260 return;
261 }
262
263 assert(valid_ptr < P_L2_SIZE);
264
265 /* Don't compress if it won't fit in the # of bits we have. */
266 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
267 return;
268 }
269
270 lp->ptr = p[valid_ptr].ptr;
271 if (!p[valid_ptr].skip) {
272 /* If our only child is a leaf, make this a leaf. */
273 /* By design, we should have made this node a leaf to begin with so we
274 * should never reach here.
275 * But since it's so simple to handle this, let's do it just in case we
276 * change this rule.
277 */
278 lp->skip = 0;
279 } else {
280 lp->skip += p[valid_ptr].skip;
281 }
282 }
283
284 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
285 {
286 DECLARE_BITMAP(compacted, nodes_nb);
287
288 if (d->phys_map.skip) {
289 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
290 }
291 }
292
293 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
294 Node *nodes, MemoryRegionSection *sections)
295 {
296 PhysPageEntry *p;
297 hwaddr index = addr >> TARGET_PAGE_BITS;
298 int i;
299
300 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
301 if (lp.ptr == PHYS_MAP_NODE_NIL) {
302 return &sections[PHYS_SECTION_UNASSIGNED];
303 }
304 p = nodes[lp.ptr];
305 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
306 }
307
308 if (sections[lp.ptr].size.hi ||
309 range_covers_byte(sections[lp.ptr].offset_within_address_space,
310 sections[lp.ptr].size.lo, addr)) {
311 return &sections[lp.ptr];
312 } else {
313 return &sections[PHYS_SECTION_UNASSIGNED];
314 }
315 }
316
317 bool memory_region_is_unassigned(MemoryRegion *mr)
318 {
319 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
320 && mr != &io_mem_watch;
321 }
322
323 /* Called from RCU critical section */
324 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
325 hwaddr addr,
326 bool resolve_subpage)
327 {
328 MemoryRegionSection *section;
329 subpage_t *subpage;
330
331 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
332 if (resolve_subpage && section->mr->subpage) {
333 subpage = container_of(section->mr, subpage_t, iomem);
334 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
335 }
336 return section;
337 }
338
339 /* Called from RCU critical section */
340 static MemoryRegionSection *
341 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
342 hwaddr *plen, bool resolve_subpage)
343 {
344 MemoryRegionSection *section;
345 MemoryRegion *mr;
346 Int128 diff;
347
348 section = address_space_lookup_region(d, addr, resolve_subpage);
349 /* Compute offset within MemoryRegionSection */
350 addr -= section->offset_within_address_space;
351
352 /* Compute offset within MemoryRegion */
353 *xlat = addr + section->offset_within_region;
354
355 mr = section->mr;
356
357 /* MMIO registers can be expected to perform full-width accesses based only
358 * on their address, without considering adjacent registers that could
359 * decode to completely different MemoryRegions. When such registers
360 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
361 * regions overlap wildly. For this reason we cannot clamp the accesses
362 * here.
363 *
364 * If the length is small (as is the case for address_space_ldl/stl),
365 * everything works fine. If the incoming length is large, however,
366 * the caller really has to do the clamping through memory_access_size.
367 */
368 if (memory_region_is_ram(mr)) {
369 diff = int128_sub(section->size, int128_make64(addr));
370 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
371 }
372 return section;
373 }
374
375 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
376 {
377 if (memory_region_is_ram(mr)) {
378 return !(is_write && mr->readonly);
379 }
380 if (memory_region_is_romd(mr)) {
381 return !is_write;
382 }
383
384 return false;
385 }
386
387 /* Called from RCU critical section */
388 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
389 hwaddr *xlat, hwaddr *plen,
390 bool is_write)
391 {
392 IOMMUTLBEntry iotlb;
393 MemoryRegionSection *section;
394 MemoryRegion *mr;
395
396 for (;;) {
397 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
398 section = address_space_translate_internal(d, addr, &addr, plen, true);
399 mr = section->mr;
400
401 if (!mr->iommu_ops) {
402 break;
403 }
404
405 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
406 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
407 | (addr & iotlb.addr_mask));
408 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
409 if (!(iotlb.perm & (1 << is_write))) {
410 mr = &io_mem_unassigned;
411 break;
412 }
413
414 as = iotlb.target_as;
415 }
416
417 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
418 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
419 *plen = MIN(page, *plen);
420 }
421
422 *xlat = addr;
423 return mr;
424 }
425
426 /* Called from RCU critical section */
427 MemoryRegionSection *
428 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
429 hwaddr *xlat, hwaddr *plen)
430 {
431 MemoryRegionSection *section;
432 section = address_space_translate_internal(cpu->memory_dispatch,
433 addr, xlat, plen, false);
434
435 assert(!section->mr->iommu_ops);
436 return section;
437 }
438 #endif
439
440 #if !defined(CONFIG_USER_ONLY)
441
442 static int cpu_common_post_load(void *opaque, int version_id)
443 {
444 CPUState *cpu = opaque;
445
446 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
447 version_id is increased. */
448 cpu->interrupt_request &= ~0x01;
449 tlb_flush(cpu, 1);
450
451 return 0;
452 }
453
454 static int cpu_common_pre_load(void *opaque)
455 {
456 CPUState *cpu = opaque;
457
458 cpu->exception_index = -1;
459
460 return 0;
461 }
462
463 static bool cpu_common_exception_index_needed(void *opaque)
464 {
465 CPUState *cpu = opaque;
466
467 return tcg_enabled() && cpu->exception_index != -1;
468 }
469
470 static const VMStateDescription vmstate_cpu_common_exception_index = {
471 .name = "cpu_common/exception_index",
472 .version_id = 1,
473 .minimum_version_id = 1,
474 .needed = cpu_common_exception_index_needed,
475 .fields = (VMStateField[]) {
476 VMSTATE_INT32(exception_index, CPUState),
477 VMSTATE_END_OF_LIST()
478 }
479 };
480
481 const VMStateDescription vmstate_cpu_common = {
482 .name = "cpu_common",
483 .version_id = 1,
484 .minimum_version_id = 1,
485 .pre_load = cpu_common_pre_load,
486 .post_load = cpu_common_post_load,
487 .fields = (VMStateField[]) {
488 VMSTATE_UINT32(halted, CPUState),
489 VMSTATE_UINT32(interrupt_request, CPUState),
490 VMSTATE_END_OF_LIST()
491 },
492 .subsections = (const VMStateDescription*[]) {
493 &vmstate_cpu_common_exception_index,
494 NULL
495 }
496 };
497
498 #endif
499
500 CPUState *qemu_get_cpu(int index)
501 {
502 CPUState *cpu;
503
504 CPU_FOREACH(cpu) {
505 if (cpu->cpu_index == index) {
506 return cpu;
507 }
508 }
509
510 return NULL;
511 }
512
513 #if !defined(CONFIG_USER_ONLY)
514 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
515 {
516 /* We only support one address space per cpu at the moment. */
517 assert(cpu->as == as);
518
519 if (cpu->tcg_as_listener) {
520 memory_listener_unregister(cpu->tcg_as_listener);
521 } else {
522 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
523 }
524 cpu->tcg_as_listener->commit = tcg_commit;
525 memory_listener_register(cpu->tcg_as_listener, as);
526 }
527 #endif
528
529 #ifndef CONFIG_USER_ONLY
530 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
531
532 static int cpu_get_free_index(Error **errp)
533 {
534 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
535
536 if (cpu >= MAX_CPUMASK_BITS) {
537 error_setg(errp, "Trying to use more CPUs than max of %d",
538 MAX_CPUMASK_BITS);
539 return -1;
540 }
541
542 bitmap_set(cpu_index_map, cpu, 1);
543 return cpu;
544 }
545
546 void cpu_exec_exit(CPUState *cpu)
547 {
548 if (cpu->cpu_index == -1) {
549 /* cpu_index was never allocated by this @cpu or was already freed. */
550 return;
551 }
552
553 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
554 cpu->cpu_index = -1;
555 }
556 #else
557
558 static int cpu_get_free_index(Error **errp)
559 {
560 CPUState *some_cpu;
561 int cpu_index = 0;
562
563 CPU_FOREACH(some_cpu) {
564 cpu_index++;
565 }
566 return cpu_index;
567 }
568
569 void cpu_exec_exit(CPUState *cpu)
570 {
571 }
572 #endif
573
574 void cpu_exec_init(CPUState *cpu, Error **errp)
575 {
576 CPUClass *cc = CPU_GET_CLASS(cpu);
577 int cpu_index;
578 Error *local_err = NULL;
579
580 #ifdef TARGET_WORDS_BIGENDIAN
581 cpu->bigendian = true;
582 #else
583 cpu->bigendian = false;
584 #endif
585
586 #ifndef CONFIG_USER_ONLY
587 cpu->as = &address_space_memory;
588 cpu->thread_id = qemu_get_thread_id();
589 cpu_reload_memory_map(cpu);
590 #endif
591
592 #if defined(CONFIG_USER_ONLY)
593 cpu_list_lock();
594 #endif
595 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
596 if (local_err) {
597 error_propagate(errp, local_err);
598 #if defined(CONFIG_USER_ONLY)
599 cpu_list_unlock();
600 #endif
601 return;
602 }
603 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
604 #if defined(CONFIG_USER_ONLY)
605 cpu_list_unlock();
606 #endif
607 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
608 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
609 }
610 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
611 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
612 cpu_save, cpu_load, cpu->env_ptr);
613 assert(cc->vmsd == NULL);
614 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
615 #endif
616 if (cc->vmsd != NULL) {
617 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
618 }
619 }
620
621 #if defined(CONFIG_USER_ONLY)
622 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
623 {
624 tb_invalidate_phys_page_range(pc, pc + 1, 0);
625 }
626 #else
627 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
628 {
629 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
630 if (phys != -1) {
631 tb_invalidate_phys_addr(cpu->as,
632 phys | (pc & ~TARGET_PAGE_MASK));
633 }
634 }
635 #endif
636
637 #if defined(CONFIG_USER_ONLY)
638 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
639
640 {
641 }
642
643 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
644 int flags)
645 {
646 return -ENOSYS;
647 }
648
649 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
650 {
651 }
652
653 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
654 int flags, CPUWatchpoint **watchpoint)
655 {
656 return -ENOSYS;
657 }
658 #else
659 /* Add a watchpoint. */
660 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
661 int flags, CPUWatchpoint **watchpoint)
662 {
663 CPUWatchpoint *wp;
664
665 /* forbid ranges which are empty or run off the end of the address space */
666 if (len == 0 || (addr + len - 1) < addr) {
667 error_report("tried to set invalid watchpoint at %"
668 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
669 return -EINVAL;
670 }
671 wp = g_malloc(sizeof(*wp));
672
673 wp->vaddr = addr;
674 wp->len = len;
675 wp->flags = flags;
676
677 /* keep all GDB-injected watchpoints in front */
678 if (flags & BP_GDB) {
679 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
680 } else {
681 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
682 }
683
684 tlb_flush_page(cpu, addr);
685
686 if (watchpoint)
687 *watchpoint = wp;
688 return 0;
689 }
690
691 /* Remove a specific watchpoint. */
692 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
693 int flags)
694 {
695 CPUWatchpoint *wp;
696
697 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
698 if (addr == wp->vaddr && len == wp->len
699 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
700 cpu_watchpoint_remove_by_ref(cpu, wp);
701 return 0;
702 }
703 }
704 return -ENOENT;
705 }
706
707 /* Remove a specific watchpoint by reference. */
708 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
709 {
710 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
711
712 tlb_flush_page(cpu, watchpoint->vaddr);
713
714 g_free(watchpoint);
715 }
716
717 /* Remove all matching watchpoints. */
718 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
719 {
720 CPUWatchpoint *wp, *next;
721
722 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
723 if (wp->flags & mask) {
724 cpu_watchpoint_remove_by_ref(cpu, wp);
725 }
726 }
727 }
728
729 /* Return true if this watchpoint address matches the specified
730 * access (ie the address range covered by the watchpoint overlaps
731 * partially or completely with the address range covered by the
732 * access).
733 */
734 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
735 vaddr addr,
736 vaddr len)
737 {
738 /* We know the lengths are non-zero, but a little caution is
739 * required to avoid errors in the case where the range ends
740 * exactly at the top of the address space and so addr + len
741 * wraps round to zero.
742 */
743 vaddr wpend = wp->vaddr + wp->len - 1;
744 vaddr addrend = addr + len - 1;
745
746 return !(addr > wpend || wp->vaddr > addrend);
747 }
748
749 #endif
750
751 /* Add a breakpoint. */
752 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
753 CPUBreakpoint **breakpoint)
754 {
755 CPUBreakpoint *bp;
756
757 bp = g_malloc(sizeof(*bp));
758
759 bp->pc = pc;
760 bp->flags = flags;
761
762 /* keep all GDB-injected breakpoints in front */
763 if (flags & BP_GDB) {
764 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
765 } else {
766 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
767 }
768
769 breakpoint_invalidate(cpu, pc);
770
771 if (breakpoint) {
772 *breakpoint = bp;
773 }
774 return 0;
775 }
776
777 /* Remove a specific breakpoint. */
778 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
779 {
780 CPUBreakpoint *bp;
781
782 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
783 if (bp->pc == pc && bp->flags == flags) {
784 cpu_breakpoint_remove_by_ref(cpu, bp);
785 return 0;
786 }
787 }
788 return -ENOENT;
789 }
790
791 /* Remove a specific breakpoint by reference. */
792 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
793 {
794 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
795
796 breakpoint_invalidate(cpu, breakpoint->pc);
797
798 g_free(breakpoint);
799 }
800
801 /* Remove all matching breakpoints. */
802 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
803 {
804 CPUBreakpoint *bp, *next;
805
806 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
807 if (bp->flags & mask) {
808 cpu_breakpoint_remove_by_ref(cpu, bp);
809 }
810 }
811 }
812
813 /* enable or disable single step mode. EXCP_DEBUG is returned by the
814 CPU loop after each instruction */
815 void cpu_single_step(CPUState *cpu, int enabled)
816 {
817 if (cpu->singlestep_enabled != enabled) {
818 cpu->singlestep_enabled = enabled;
819 if (kvm_enabled()) {
820 kvm_update_guest_debug(cpu, 0);
821 } else {
822 /* must flush all the translated code to avoid inconsistencies */
823 /* XXX: only flush what is necessary */
824 tb_flush(cpu);
825 }
826 }
827 }
828
829 void QEMU_NORETURN cpu_abort(CPUState *cpu, const char *fmt, ...)
830 {
831 va_list ap;
832 va_list ap2;
833
834 va_start(ap, fmt);
835 va_copy(ap2, ap);
836 fprintf(stderr, "qemu: fatal: ");
837 vfprintf(stderr, fmt, ap);
838 fprintf(stderr, "\n");
839 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
840 if (qemu_log_enabled()) {
841 qemu_log("qemu: fatal: ");
842 qemu_log_vprintf(fmt, ap2);
843 qemu_log("\n");
844 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
845 qemu_log_flush();
846 qemu_log_close();
847 }
848 va_end(ap2);
849 va_end(ap);
850 #if defined(CONFIG_USER_ONLY)
851 {
852 struct sigaction act;
853 sigfillset(&act.sa_mask);
854 act.sa_handler = SIG_DFL;
855 sigaction(SIGABRT, &act, NULL);
856 }
857 #endif
858 abort();
859 }
860
861 #if !defined(CONFIG_USER_ONLY)
862 /* Called from RCU critical section */
863 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
864 {
865 RAMBlock *block;
866
867 block = atomic_rcu_read(&ram_list.mru_block);
868 if (block && addr - block->offset < block->max_length) {
869 goto found;
870 }
871 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
872 if (addr - block->offset < block->max_length) {
873 goto found;
874 }
875 }
876
877 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
878 abort();
879
880 found:
881 /* It is safe to write mru_block outside the iothread lock. This
882 * is what happens:
883 *
884 * mru_block = xxx
885 * rcu_read_unlock()
886 * xxx removed from list
887 * rcu_read_lock()
888 * read mru_block
889 * mru_block = NULL;
890 * call_rcu(reclaim_ramblock, xxx);
891 * rcu_read_unlock()
892 *
893 * atomic_rcu_set is not needed here. The block was already published
894 * when it was placed into the list. Here we're just making an extra
895 * copy of the pointer.
896 */
897 ram_list.mru_block = block;
898 return block;
899 }
900
901 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
902 {
903 ram_addr_t start1;
904 RAMBlock *block;
905 ram_addr_t end;
906
907 end = TARGET_PAGE_ALIGN(start + length);
908 start &= TARGET_PAGE_MASK;
909
910 rcu_read_lock();
911 block = qemu_get_ram_block(start);
912 assert(block == qemu_get_ram_block(end - 1));
913 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
914 cpu_tlb_reset_dirty_all(start1, length);
915 rcu_read_unlock();
916 }
917
918 /* Note: start and end must be within the same ram block. */
919 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
920 ram_addr_t length,
921 unsigned client)
922 {
923 unsigned long end, page;
924 bool dirty;
925
926 if (length == 0) {
927 return false;
928 }
929
930 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
931 page = start >> TARGET_PAGE_BITS;
932 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
933 page, end - page);
934
935 if (dirty && tcg_enabled()) {
936 tlb_reset_dirty_range_all(start, length);
937 }
938
939 return dirty;
940 }
941
942 /* Called from RCU critical section */
943 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
944 MemoryRegionSection *section,
945 target_ulong vaddr,
946 hwaddr paddr, hwaddr xlat,
947 int prot,
948 target_ulong *address)
949 {
950 hwaddr iotlb;
951 CPUWatchpoint *wp;
952
953 if (memory_region_is_ram(section->mr)) {
954 /* Normal RAM. */
955 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
956 + xlat;
957 if (!section->readonly) {
958 iotlb |= PHYS_SECTION_NOTDIRTY;
959 } else {
960 iotlb |= PHYS_SECTION_ROM;
961 }
962 } else {
963 AddressSpaceDispatch *d;
964
965 d = atomic_rcu_read(&section->address_space->dispatch);
966 iotlb = section - d->map.sections;
967 iotlb += xlat;
968 }
969
970 /* Make accesses to pages with watchpoints go via the
971 watchpoint trap routines. */
972 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
973 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
974 /* Avoid trapping reads of pages with a write breakpoint. */
975 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
976 iotlb = PHYS_SECTION_WATCH + paddr;
977 *address |= TLB_MMIO;
978 break;
979 }
980 }
981 }
982
983 return iotlb;
984 }
985 #endif /* defined(CONFIG_USER_ONLY) */
986
987 #if !defined(CONFIG_USER_ONLY)
988
989 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
990 uint16_t section);
991 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
992
993 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
994 qemu_anon_ram_alloc;
995
996 /*
997 * Set a custom physical guest memory alloator.
998 * Accelerators with unusual needs may need this. Hopefully, we can
999 * get rid of it eventually.
1000 */
1001 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1002 {
1003 phys_mem_alloc = alloc;
1004 }
1005
1006 static uint16_t phys_section_add(PhysPageMap *map,
1007 MemoryRegionSection *section)
1008 {
1009 /* The physical section number is ORed with a page-aligned
1010 * pointer to produce the iotlb entries. Thus it should
1011 * never overflow into the page-aligned value.
1012 */
1013 assert(map->sections_nb < TARGET_PAGE_SIZE);
1014
1015 if (map->sections_nb == map->sections_nb_alloc) {
1016 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1017 map->sections = g_renew(MemoryRegionSection, map->sections,
1018 map->sections_nb_alloc);
1019 }
1020 map->sections[map->sections_nb] = *section;
1021 memory_region_ref(section->mr);
1022 return map->sections_nb++;
1023 }
1024
1025 static void phys_section_destroy(MemoryRegion *mr)
1026 {
1027 memory_region_unref(mr);
1028
1029 if (mr->subpage) {
1030 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1031 object_unref(OBJECT(&subpage->iomem));
1032 g_free(subpage);
1033 }
1034 }
1035
1036 static void phys_sections_free(PhysPageMap *map)
1037 {
1038 while (map->sections_nb > 0) {
1039 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1040 phys_section_destroy(section->mr);
1041 }
1042 g_free(map->sections);
1043 g_free(map->nodes);
1044 }
1045
1046 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1047 {
1048 subpage_t *subpage;
1049 hwaddr base = section->offset_within_address_space
1050 & TARGET_PAGE_MASK;
1051 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1052 d->map.nodes, d->map.sections);
1053 MemoryRegionSection subsection = {
1054 .offset_within_address_space = base,
1055 .size = int128_make64(TARGET_PAGE_SIZE),
1056 };
1057 hwaddr start, end;
1058
1059 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1060
1061 if (!(existing->mr->subpage)) {
1062 subpage = subpage_init(d->as, base);
1063 subsection.address_space = d->as;
1064 subsection.mr = &subpage->iomem;
1065 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1066 phys_section_add(&d->map, &subsection));
1067 } else {
1068 subpage = container_of(existing->mr, subpage_t, iomem);
1069 }
1070 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1071 end = start + int128_get64(section->size) - 1;
1072 subpage_register(subpage, start, end,
1073 phys_section_add(&d->map, section));
1074 }
1075
1076
1077 static void register_multipage(AddressSpaceDispatch *d,
1078 MemoryRegionSection *section)
1079 {
1080 hwaddr start_addr = section->offset_within_address_space;
1081 uint16_t section_index = phys_section_add(&d->map, section);
1082 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1083 TARGET_PAGE_BITS));
1084
1085 assert(num_pages);
1086 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1087 }
1088
1089 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1090 {
1091 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1092 AddressSpaceDispatch *d = as->next_dispatch;
1093 MemoryRegionSection now = *section, remain = *section;
1094 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1095
1096 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1097 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1098 - now.offset_within_address_space;
1099
1100 now.size = int128_min(int128_make64(left), now.size);
1101 register_subpage(d, &now);
1102 } else {
1103 now.size = int128_zero();
1104 }
1105 while (int128_ne(remain.size, now.size)) {
1106 remain.size = int128_sub(remain.size, now.size);
1107 remain.offset_within_address_space += int128_get64(now.size);
1108 remain.offset_within_region += int128_get64(now.size);
1109 now = remain;
1110 if (int128_lt(remain.size, page_size)) {
1111 register_subpage(d, &now);
1112 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1113 now.size = page_size;
1114 register_subpage(d, &now);
1115 } else {
1116 now.size = int128_and(now.size, int128_neg(page_size));
1117 register_multipage(d, &now);
1118 }
1119 }
1120 }
1121
1122 void qemu_flush_coalesced_mmio_buffer(void)
1123 {
1124 if (kvm_enabled())
1125 kvm_flush_coalesced_mmio_buffer();
1126 }
1127
1128 void qemu_mutex_lock_ramlist(void)
1129 {
1130 qemu_mutex_lock(&ram_list.mutex);
1131 }
1132
1133 void qemu_mutex_unlock_ramlist(void)
1134 {
1135 qemu_mutex_unlock(&ram_list.mutex);
1136 }
1137
1138 #ifdef __linux__
1139
1140 #include <sys/vfs.h>
1141
1142 #define HUGETLBFS_MAGIC 0x958458f6
1143
1144 static long gethugepagesize(const char *path, Error **errp)
1145 {
1146 struct statfs fs;
1147 int ret;
1148
1149 do {
1150 ret = statfs(path, &fs);
1151 } while (ret != 0 && errno == EINTR);
1152
1153 if (ret != 0) {
1154 error_setg_errno(errp, errno, "failed to get page size of file %s",
1155 path);
1156 return 0;
1157 }
1158
1159 if (fs.f_type != HUGETLBFS_MAGIC)
1160 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1161
1162 return fs.f_bsize;
1163 }
1164
1165 static void *file_ram_alloc(RAMBlock *block,
1166 ram_addr_t memory,
1167 const char *path,
1168 Error **errp)
1169 {
1170 char *filename;
1171 char *sanitized_name;
1172 char *c;
1173 void * volatile area = NULL;
1174 int fd;
1175 uint64_t hpagesize;
1176 Error *local_err = NULL;
1177
1178 hpagesize = gethugepagesize(path, &local_err);
1179 if (local_err) {
1180 error_propagate(errp, local_err);
1181 goto error;
1182 }
1183 block->mr->align = hpagesize;
1184
1185 if (memory < hpagesize) {
1186 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1187 "or larger than huge page size 0x%" PRIx64,
1188 memory, hpagesize);
1189 goto error;
1190 }
1191
1192 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1193 error_setg(errp,
1194 "host lacks kvm mmu notifiers, -mem-path unsupported");
1195 goto error;
1196 }
1197
1198 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1199 sanitized_name = g_strdup(memory_region_name(block->mr));
1200 for (c = sanitized_name; *c != '\0'; c++) {
1201 if (*c == '/')
1202 *c = '_';
1203 }
1204
1205 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1206 sanitized_name);
1207 g_free(sanitized_name);
1208
1209 fd = mkstemp(filename);
1210 if (fd < 0) {
1211 error_setg_errno(errp, errno,
1212 "unable to create backing store for hugepages");
1213 g_free(filename);
1214 goto error;
1215 }
1216 unlink(filename);
1217 g_free(filename);
1218
1219 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1220
1221 /*
1222 * ftruncate is not supported by hugetlbfs in older
1223 * hosts, so don't bother bailing out on errors.
1224 * If anything goes wrong with it under other filesystems,
1225 * mmap will fail.
1226 */
1227 if (ftruncate(fd, memory)) {
1228 perror("ftruncate");
1229 }
1230
1231 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1232 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1233 fd, 0);
1234 if (area == MAP_FAILED) {
1235 error_setg_errno(errp, errno,
1236 "unable to map backing store for hugepages");
1237 close(fd);
1238 goto error;
1239 }
1240
1241 if (mem_prealloc) {
1242 os_mem_prealloc(fd, area, memory);
1243 }
1244
1245 block->fd = fd;
1246 return area;
1247
1248 error:
1249 if (mem_prealloc) {
1250 error_report("%s", error_get_pretty(*errp));
1251 exit(1);
1252 }
1253 return NULL;
1254 }
1255 #endif
1256
1257 /* Called with the ramlist lock held. */
1258 static ram_addr_t find_ram_offset(ram_addr_t size)
1259 {
1260 RAMBlock *block, *next_block;
1261 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1262
1263 assert(size != 0); /* it would hand out same offset multiple times */
1264
1265 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1266 return 0;
1267 }
1268
1269 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1270 ram_addr_t end, next = RAM_ADDR_MAX;
1271
1272 end = block->offset + block->max_length;
1273
1274 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1275 if (next_block->offset >= end) {
1276 next = MIN(next, next_block->offset);
1277 }
1278 }
1279 if (next - end >= size && next - end < mingap) {
1280 offset = end;
1281 mingap = next - end;
1282 }
1283 }
1284
1285 if (offset == RAM_ADDR_MAX) {
1286 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1287 (uint64_t)size);
1288 abort();
1289 }
1290
1291 return offset;
1292 }
1293
1294 ram_addr_t last_ram_offset(void)
1295 {
1296 RAMBlock *block;
1297 ram_addr_t last = 0;
1298
1299 rcu_read_lock();
1300 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1301 last = MAX(last, block->offset + block->max_length);
1302 }
1303 rcu_read_unlock();
1304 return last;
1305 }
1306
1307 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1308 {
1309 int ret;
1310
1311 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1312 if (!machine_dump_guest_core(current_machine)) {
1313 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1314 if (ret) {
1315 perror("qemu_madvise");
1316 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1317 "but dump_guest_core=off specified\n");
1318 }
1319 }
1320 }
1321
1322 /* Called within an RCU critical section, or while the ramlist lock
1323 * is held.
1324 */
1325 static RAMBlock *find_ram_block(ram_addr_t addr)
1326 {
1327 RAMBlock *block;
1328
1329 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1330 if (block->offset == addr) {
1331 return block;
1332 }
1333 }
1334
1335 return NULL;
1336 }
1337
1338 /* Called with iothread lock held. */
1339 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1340 {
1341 RAMBlock *new_block, *block;
1342
1343 rcu_read_lock();
1344 new_block = find_ram_block(addr);
1345 assert(new_block);
1346 assert(!new_block->idstr[0]);
1347
1348 if (dev) {
1349 char *id = qdev_get_dev_path(dev);
1350 if (id) {
1351 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1352 g_free(id);
1353 }
1354 }
1355 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1356
1357 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1358 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1359 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1360 new_block->idstr);
1361 abort();
1362 }
1363 }
1364 rcu_read_unlock();
1365 }
1366
1367 /* Called with iothread lock held. */
1368 void qemu_ram_unset_idstr(ram_addr_t addr)
1369 {
1370 RAMBlock *block;
1371
1372 /* FIXME: arch_init.c assumes that this is not called throughout
1373 * migration. Ignore the problem since hot-unplug during migration
1374 * does not work anyway.
1375 */
1376
1377 rcu_read_lock();
1378 block = find_ram_block(addr);
1379 if (block) {
1380 memset(block->idstr, 0, sizeof(block->idstr));
1381 }
1382 rcu_read_unlock();
1383 }
1384
1385 static int memory_try_enable_merging(void *addr, size_t len)
1386 {
1387 if (!machine_mem_merge(current_machine)) {
1388 /* disabled by the user */
1389 return 0;
1390 }
1391
1392 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1393 }
1394
1395 /* Only legal before guest might have detected the memory size: e.g. on
1396 * incoming migration, or right after reset.
1397 *
1398 * As memory core doesn't know how is memory accessed, it is up to
1399 * resize callback to update device state and/or add assertions to detect
1400 * misuse, if necessary.
1401 */
1402 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1403 {
1404 RAMBlock *block = find_ram_block(base);
1405
1406 assert(block);
1407
1408 newsize = TARGET_PAGE_ALIGN(newsize);
1409
1410 if (block->used_length == newsize) {
1411 return 0;
1412 }
1413
1414 if (!(block->flags & RAM_RESIZEABLE)) {
1415 error_setg_errno(errp, EINVAL,
1416 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1417 " in != 0x" RAM_ADDR_FMT, block->idstr,
1418 newsize, block->used_length);
1419 return -EINVAL;
1420 }
1421
1422 if (block->max_length < newsize) {
1423 error_setg_errno(errp, EINVAL,
1424 "Length too large: %s: 0x" RAM_ADDR_FMT
1425 " > 0x" RAM_ADDR_FMT, block->idstr,
1426 newsize, block->max_length);
1427 return -EINVAL;
1428 }
1429
1430 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1431 block->used_length = newsize;
1432 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1433 DIRTY_CLIENTS_ALL);
1434 memory_region_set_size(block->mr, newsize);
1435 if (block->resized) {
1436 block->resized(block->idstr, newsize, block->host);
1437 }
1438 return 0;
1439 }
1440
1441 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1442 {
1443 RAMBlock *block;
1444 RAMBlock *last_block = NULL;
1445 ram_addr_t old_ram_size, new_ram_size;
1446
1447 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1448
1449 qemu_mutex_lock_ramlist();
1450 new_block->offset = find_ram_offset(new_block->max_length);
1451
1452 if (!new_block->host) {
1453 if (xen_enabled()) {
1454 xen_ram_alloc(new_block->offset, new_block->max_length,
1455 new_block->mr);
1456 } else {
1457 new_block->host = phys_mem_alloc(new_block->max_length,
1458 &new_block->mr->align);
1459 if (!new_block->host) {
1460 error_setg_errno(errp, errno,
1461 "cannot set up guest memory '%s'",
1462 memory_region_name(new_block->mr));
1463 qemu_mutex_unlock_ramlist();
1464 return -1;
1465 }
1466 memory_try_enable_merging(new_block->host, new_block->max_length);
1467 }
1468 }
1469
1470 new_ram_size = MAX(old_ram_size,
1471 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1472 if (new_ram_size > old_ram_size) {
1473 migration_bitmap_extend(old_ram_size, new_ram_size);
1474 }
1475 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1476 * QLIST (which has an RCU-friendly variant) does not have insertion at
1477 * tail, so save the last element in last_block.
1478 */
1479 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1480 last_block = block;
1481 if (block->max_length < new_block->max_length) {
1482 break;
1483 }
1484 }
1485 if (block) {
1486 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1487 } else if (last_block) {
1488 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1489 } else { /* list is empty */
1490 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1491 }
1492 ram_list.mru_block = NULL;
1493
1494 /* Write list before version */
1495 smp_wmb();
1496 ram_list.version++;
1497 qemu_mutex_unlock_ramlist();
1498
1499 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1500
1501 if (new_ram_size > old_ram_size) {
1502 int i;
1503
1504 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1505 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1506 ram_list.dirty_memory[i] =
1507 bitmap_zero_extend(ram_list.dirty_memory[i],
1508 old_ram_size, new_ram_size);
1509 }
1510 }
1511 cpu_physical_memory_set_dirty_range(new_block->offset,
1512 new_block->used_length,
1513 DIRTY_CLIENTS_ALL);
1514
1515 if (new_block->host) {
1516 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1517 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1518 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1519 if (kvm_enabled()) {
1520 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1521 }
1522 }
1523
1524 return new_block->offset;
1525 }
1526
1527 #ifdef __linux__
1528 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1529 bool share, const char *mem_path,
1530 Error **errp)
1531 {
1532 RAMBlock *new_block;
1533 ram_addr_t addr;
1534 Error *local_err = NULL;
1535
1536 if (xen_enabled()) {
1537 error_setg(errp, "-mem-path not supported with Xen");
1538 return -1;
1539 }
1540
1541 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1542 /*
1543 * file_ram_alloc() needs to allocate just like
1544 * phys_mem_alloc, but we haven't bothered to provide
1545 * a hook there.
1546 */
1547 error_setg(errp,
1548 "-mem-path not supported with this accelerator");
1549 return -1;
1550 }
1551
1552 size = TARGET_PAGE_ALIGN(size);
1553 new_block = g_malloc0(sizeof(*new_block));
1554 new_block->mr = mr;
1555 new_block->used_length = size;
1556 new_block->max_length = size;
1557 new_block->flags = share ? RAM_SHARED : 0;
1558 new_block->host = file_ram_alloc(new_block, size,
1559 mem_path, errp);
1560 if (!new_block->host) {
1561 g_free(new_block);
1562 return -1;
1563 }
1564
1565 addr = ram_block_add(new_block, &local_err);
1566 if (local_err) {
1567 g_free(new_block);
1568 error_propagate(errp, local_err);
1569 return -1;
1570 }
1571 return addr;
1572 }
1573 #endif
1574
1575 static
1576 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1577 void (*resized)(const char*,
1578 uint64_t length,
1579 void *host),
1580 void *host, bool resizeable,
1581 MemoryRegion *mr, Error **errp)
1582 {
1583 RAMBlock *new_block;
1584 ram_addr_t addr;
1585 Error *local_err = NULL;
1586
1587 size = TARGET_PAGE_ALIGN(size);
1588 max_size = TARGET_PAGE_ALIGN(max_size);
1589 new_block = g_malloc0(sizeof(*new_block));
1590 new_block->mr = mr;
1591 new_block->resized = resized;
1592 new_block->used_length = size;
1593 new_block->max_length = max_size;
1594 assert(max_size >= size);
1595 new_block->fd = -1;
1596 new_block->host = host;
1597 if (host) {
1598 new_block->flags |= RAM_PREALLOC;
1599 }
1600 if (resizeable) {
1601 new_block->flags |= RAM_RESIZEABLE;
1602 }
1603 addr = ram_block_add(new_block, &local_err);
1604 if (local_err) {
1605 g_free(new_block);
1606 error_propagate(errp, local_err);
1607 return -1;
1608 }
1609 return addr;
1610 }
1611
1612 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1613 MemoryRegion *mr, Error **errp)
1614 {
1615 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1616 }
1617
1618 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1619 {
1620 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1621 }
1622
1623 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1624 void (*resized)(const char*,
1625 uint64_t length,
1626 void *host),
1627 MemoryRegion *mr, Error **errp)
1628 {
1629 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1630 }
1631
1632 void qemu_ram_free_from_ptr(ram_addr_t addr)
1633 {
1634 RAMBlock *block;
1635
1636 qemu_mutex_lock_ramlist();
1637 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1638 if (addr == block->offset) {
1639 QLIST_REMOVE_RCU(block, next);
1640 ram_list.mru_block = NULL;
1641 /* Write list before version */
1642 smp_wmb();
1643 ram_list.version++;
1644 g_free_rcu(block, rcu);
1645 break;
1646 }
1647 }
1648 qemu_mutex_unlock_ramlist();
1649 }
1650
1651 static void reclaim_ramblock(RAMBlock *block)
1652 {
1653 if (block->flags & RAM_PREALLOC) {
1654 ;
1655 } else if (xen_enabled()) {
1656 xen_invalidate_map_cache_entry(block->host);
1657 #ifndef _WIN32
1658 } else if (block->fd >= 0) {
1659 munmap(block->host, block->max_length);
1660 close(block->fd);
1661 #endif
1662 } else {
1663 qemu_anon_ram_free(block->host, block->max_length);
1664 }
1665 g_free(block);
1666 }
1667
1668 void qemu_ram_free(ram_addr_t addr)
1669 {
1670 RAMBlock *block;
1671
1672 qemu_mutex_lock_ramlist();
1673 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1674 if (addr == block->offset) {
1675 QLIST_REMOVE_RCU(block, next);
1676 ram_list.mru_block = NULL;
1677 /* Write list before version */
1678 smp_wmb();
1679 ram_list.version++;
1680 call_rcu(block, reclaim_ramblock, rcu);
1681 break;
1682 }
1683 }
1684 qemu_mutex_unlock_ramlist();
1685 }
1686
1687 #ifndef _WIN32
1688 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1689 {
1690 RAMBlock *block;
1691 ram_addr_t offset;
1692 int flags;
1693 void *area, *vaddr;
1694
1695 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1696 offset = addr - block->offset;
1697 if (offset < block->max_length) {
1698 vaddr = ramblock_ptr(block, offset);
1699 if (block->flags & RAM_PREALLOC) {
1700 ;
1701 } else if (xen_enabled()) {
1702 abort();
1703 } else {
1704 flags = MAP_FIXED;
1705 if (block->fd >= 0) {
1706 flags |= (block->flags & RAM_SHARED ?
1707 MAP_SHARED : MAP_PRIVATE);
1708 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1709 flags, block->fd, offset);
1710 } else {
1711 /*
1712 * Remap needs to match alloc. Accelerators that
1713 * set phys_mem_alloc never remap. If they did,
1714 * we'd need a remap hook here.
1715 */
1716 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1717
1718 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1719 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1720 flags, -1, 0);
1721 }
1722 if (area != vaddr) {
1723 fprintf(stderr, "Could not remap addr: "
1724 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1725 length, addr);
1726 exit(1);
1727 }
1728 memory_try_enable_merging(vaddr, length);
1729 qemu_ram_setup_dump(vaddr, length);
1730 }
1731 }
1732 }
1733 }
1734 #endif /* !_WIN32 */
1735
1736 int qemu_get_ram_fd(ram_addr_t addr)
1737 {
1738 RAMBlock *block;
1739 int fd;
1740
1741 rcu_read_lock();
1742 block = qemu_get_ram_block(addr);
1743 fd = block->fd;
1744 rcu_read_unlock();
1745 return fd;
1746 }
1747
1748 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1749 {
1750 RAMBlock *block;
1751 void *ptr;
1752
1753 rcu_read_lock();
1754 block = qemu_get_ram_block(addr);
1755 ptr = ramblock_ptr(block, 0);
1756 rcu_read_unlock();
1757 return ptr;
1758 }
1759
1760 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1761 * This should not be used for general purpose DMA. Use address_space_map
1762 * or address_space_rw instead. For local memory (e.g. video ram) that the
1763 * device owns, use memory_region_get_ram_ptr.
1764 *
1765 * By the time this function returns, the returned pointer is not protected
1766 * by RCU anymore. If the caller is not within an RCU critical section and
1767 * does not hold the iothread lock, it must have other means of protecting the
1768 * pointer, such as a reference to the region that includes the incoming
1769 * ram_addr_t.
1770 */
1771 void *qemu_get_ram_ptr(ram_addr_t addr)
1772 {
1773 RAMBlock *block;
1774 void *ptr;
1775
1776 rcu_read_lock();
1777 block = qemu_get_ram_block(addr);
1778
1779 if (xen_enabled() && block->host == NULL) {
1780 /* We need to check if the requested address is in the RAM
1781 * because we don't want to map the entire memory in QEMU.
1782 * In that case just map until the end of the page.
1783 */
1784 if (block->offset == 0) {
1785 ptr = xen_map_cache(addr, 0, 0);
1786 goto unlock;
1787 }
1788
1789 block->host = xen_map_cache(block->offset, block->max_length, 1);
1790 }
1791 ptr = ramblock_ptr(block, addr - block->offset);
1792
1793 unlock:
1794 rcu_read_unlock();
1795 return ptr;
1796 }
1797
1798 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1799 * but takes a size argument.
1800 *
1801 * By the time this function returns, the returned pointer is not protected
1802 * by RCU anymore. If the caller is not within an RCU critical section and
1803 * does not hold the iothread lock, it must have other means of protecting the
1804 * pointer, such as a reference to the region that includes the incoming
1805 * ram_addr_t.
1806 */
1807 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1808 {
1809 void *ptr;
1810 if (*size == 0) {
1811 return NULL;
1812 }
1813 if (xen_enabled()) {
1814 return xen_map_cache(addr, *size, 1);
1815 } else {
1816 RAMBlock *block;
1817 rcu_read_lock();
1818 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1819 if (addr - block->offset < block->max_length) {
1820 if (addr - block->offset + *size > block->max_length)
1821 *size = block->max_length - addr + block->offset;
1822 ptr = ramblock_ptr(block, addr - block->offset);
1823 rcu_read_unlock();
1824 return ptr;
1825 }
1826 }
1827
1828 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1829 abort();
1830 }
1831 }
1832
1833 /* Some of the softmmu routines need to translate from a host pointer
1834 * (typically a TLB entry) back to a ram offset.
1835 *
1836 * By the time this function returns, the returned pointer is not protected
1837 * by RCU anymore. If the caller is not within an RCU critical section and
1838 * does not hold the iothread lock, it must have other means of protecting the
1839 * pointer, such as a reference to the region that includes the incoming
1840 * ram_addr_t.
1841 */
1842 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1843 {
1844 RAMBlock *block;
1845 uint8_t *host = ptr;
1846 MemoryRegion *mr;
1847
1848 if (xen_enabled()) {
1849 rcu_read_lock();
1850 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1851 mr = qemu_get_ram_block(*ram_addr)->mr;
1852 rcu_read_unlock();
1853 return mr;
1854 }
1855
1856 rcu_read_lock();
1857 block = atomic_rcu_read(&ram_list.mru_block);
1858 if (block && block->host && host - block->host < block->max_length) {
1859 goto found;
1860 }
1861
1862 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1863 /* This case append when the block is not mapped. */
1864 if (block->host == NULL) {
1865 continue;
1866 }
1867 if (host - block->host < block->max_length) {
1868 goto found;
1869 }
1870 }
1871
1872 rcu_read_unlock();
1873 return NULL;
1874
1875 found:
1876 *ram_addr = block->offset + (host - block->host);
1877 mr = block->mr;
1878 rcu_read_unlock();
1879 return mr;
1880 }
1881
1882 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1883 uint64_t val, unsigned size)
1884 {
1885 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1886 tb_invalidate_phys_page_fast(ram_addr, size);
1887 }
1888 switch (size) {
1889 case 1:
1890 stb_p(qemu_get_ram_ptr(ram_addr), val);
1891 break;
1892 case 2:
1893 stw_p(qemu_get_ram_ptr(ram_addr), val);
1894 break;
1895 case 4:
1896 stl_p(qemu_get_ram_ptr(ram_addr), val);
1897 break;
1898 default:
1899 abort();
1900 }
1901 /* Set both VGA and migration bits for simplicity and to remove
1902 * the notdirty callback faster.
1903 */
1904 cpu_physical_memory_set_dirty_range(ram_addr, size,
1905 DIRTY_CLIENTS_NOCODE);
1906 /* we remove the notdirty callback only if the code has been
1907 flushed */
1908 if (!cpu_physical_memory_is_clean(ram_addr)) {
1909 CPUArchState *env = current_cpu->env_ptr;
1910 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1911 }
1912 }
1913
1914 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1915 unsigned size, bool is_write)
1916 {
1917 return is_write;
1918 }
1919
1920 static const MemoryRegionOps notdirty_mem_ops = {
1921 .write = notdirty_mem_write,
1922 .valid.accepts = notdirty_mem_accepts,
1923 .endianness = DEVICE_NATIVE_ENDIAN,
1924 };
1925
1926 /* Generate a debug exception if a watchpoint has been hit. */
1927 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1928 {
1929 CPUState *cpu = current_cpu;
1930 CPUArchState *env = cpu->env_ptr;
1931 target_ulong pc, cs_base;
1932 target_ulong vaddr;
1933 CPUWatchpoint *wp;
1934 int cpu_flags;
1935
1936 if (cpu->watchpoint_hit) {
1937 /* We re-entered the check after replacing the TB. Now raise
1938 * the debug interrupt so that is will trigger after the
1939 * current instruction. */
1940 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1941 return;
1942 }
1943 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1944 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1945 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1946 && (wp->flags & flags)) {
1947 if (flags == BP_MEM_READ) {
1948 wp->flags |= BP_WATCHPOINT_HIT_READ;
1949 } else {
1950 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1951 }
1952 wp->hitaddr = vaddr;
1953 wp->hitattrs = attrs;
1954 if (!cpu->watchpoint_hit) {
1955 cpu->watchpoint_hit = wp;
1956 tb_check_watchpoint(cpu);
1957 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1958 cpu->exception_index = EXCP_DEBUG;
1959 cpu_loop_exit(cpu);
1960 } else {
1961 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1962 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1963 cpu_resume_from_signal(cpu, NULL);
1964 }
1965 }
1966 } else {
1967 wp->flags &= ~BP_WATCHPOINT_HIT;
1968 }
1969 }
1970 }
1971
1972 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1973 so these check for a hit then pass through to the normal out-of-line
1974 phys routines. */
1975 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
1976 unsigned size, MemTxAttrs attrs)
1977 {
1978 MemTxResult res;
1979 uint64_t data;
1980
1981 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1982 switch (size) {
1983 case 1:
1984 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
1985 break;
1986 case 2:
1987 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
1988 break;
1989 case 4:
1990 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
1991 break;
1992 default: abort();
1993 }
1994 *pdata = data;
1995 return res;
1996 }
1997
1998 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
1999 uint64_t val, unsigned size,
2000 MemTxAttrs attrs)
2001 {
2002 MemTxResult res;
2003
2004 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2005 switch (size) {
2006 case 1:
2007 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2008 break;
2009 case 2:
2010 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2011 break;
2012 case 4:
2013 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2014 break;
2015 default: abort();
2016 }
2017 return res;
2018 }
2019
2020 static const MemoryRegionOps watch_mem_ops = {
2021 .read_with_attrs = watch_mem_read,
2022 .write_with_attrs = watch_mem_write,
2023 .endianness = DEVICE_NATIVE_ENDIAN,
2024 };
2025
2026 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2027 unsigned len, MemTxAttrs attrs)
2028 {
2029 subpage_t *subpage = opaque;
2030 uint8_t buf[8];
2031 MemTxResult res;
2032
2033 #if defined(DEBUG_SUBPAGE)
2034 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2035 subpage, len, addr);
2036 #endif
2037 res = address_space_read(subpage->as, addr + subpage->base,
2038 attrs, buf, len);
2039 if (res) {
2040 return res;
2041 }
2042 switch (len) {
2043 case 1:
2044 *data = ldub_p(buf);
2045 return MEMTX_OK;
2046 case 2:
2047 *data = lduw_p(buf);
2048 return MEMTX_OK;
2049 case 4:
2050 *data = ldl_p(buf);
2051 return MEMTX_OK;
2052 case 8:
2053 *data = ldq_p(buf);
2054 return MEMTX_OK;
2055 default:
2056 abort();
2057 }
2058 }
2059
2060 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2061 uint64_t value, unsigned len, MemTxAttrs attrs)
2062 {
2063 subpage_t *subpage = opaque;
2064 uint8_t buf[8];
2065
2066 #if defined(DEBUG_SUBPAGE)
2067 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2068 " value %"PRIx64"\n",
2069 __func__, subpage, len, addr, value);
2070 #endif
2071 switch (len) {
2072 case 1:
2073 stb_p(buf, value);
2074 break;
2075 case 2:
2076 stw_p(buf, value);
2077 break;
2078 case 4:
2079 stl_p(buf, value);
2080 break;
2081 case 8:
2082 stq_p(buf, value);
2083 break;
2084 default:
2085 abort();
2086 }
2087 return address_space_write(subpage->as, addr + subpage->base,
2088 attrs, buf, len);
2089 }
2090
2091 static bool subpage_accepts(void *opaque, hwaddr addr,
2092 unsigned len, bool is_write)
2093 {
2094 subpage_t *subpage = opaque;
2095 #if defined(DEBUG_SUBPAGE)
2096 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2097 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2098 #endif
2099
2100 return address_space_access_valid(subpage->as, addr + subpage->base,
2101 len, is_write);
2102 }
2103
2104 static const MemoryRegionOps subpage_ops = {
2105 .read_with_attrs = subpage_read,
2106 .write_with_attrs = subpage_write,
2107 .impl.min_access_size = 1,
2108 .impl.max_access_size = 8,
2109 .valid.min_access_size = 1,
2110 .valid.max_access_size = 8,
2111 .valid.accepts = subpage_accepts,
2112 .endianness = DEVICE_NATIVE_ENDIAN,
2113 };
2114
2115 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2116 uint16_t section)
2117 {
2118 int idx, eidx;
2119
2120 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2121 return -1;
2122 idx = SUBPAGE_IDX(start);
2123 eidx = SUBPAGE_IDX(end);
2124 #if defined(DEBUG_SUBPAGE)
2125 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2126 __func__, mmio, start, end, idx, eidx, section);
2127 #endif
2128 for (; idx <= eidx; idx++) {
2129 mmio->sub_section[idx] = section;
2130 }
2131
2132 return 0;
2133 }
2134
2135 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2136 {
2137 subpage_t *mmio;
2138
2139 mmio = g_malloc0(sizeof(subpage_t));
2140
2141 mmio->as = as;
2142 mmio->base = base;
2143 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2144 NULL, TARGET_PAGE_SIZE);
2145 mmio->iomem.subpage = true;
2146 #if defined(DEBUG_SUBPAGE)
2147 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2148 mmio, base, TARGET_PAGE_SIZE);
2149 #endif
2150 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2151
2152 return mmio;
2153 }
2154
2155 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2156 MemoryRegion *mr)
2157 {
2158 assert(as);
2159 MemoryRegionSection section = {
2160 .address_space = as,
2161 .mr = mr,
2162 .offset_within_address_space = 0,
2163 .offset_within_region = 0,
2164 .size = int128_2_64(),
2165 };
2166
2167 return phys_section_add(map, &section);
2168 }
2169
2170 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2171 {
2172 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2173 MemoryRegionSection *sections = d->map.sections;
2174
2175 return sections[index & ~TARGET_PAGE_MASK].mr;
2176 }
2177
2178 static void io_mem_init(void)
2179 {
2180 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2181 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2182 NULL, UINT64_MAX);
2183 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2184 NULL, UINT64_MAX);
2185 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2186 NULL, UINT64_MAX);
2187 }
2188
2189 static void mem_begin(MemoryListener *listener)
2190 {
2191 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2192 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2193 uint16_t n;
2194
2195 n = dummy_section(&d->map, as, &io_mem_unassigned);
2196 assert(n == PHYS_SECTION_UNASSIGNED);
2197 n = dummy_section(&d->map, as, &io_mem_notdirty);
2198 assert(n == PHYS_SECTION_NOTDIRTY);
2199 n = dummy_section(&d->map, as, &io_mem_rom);
2200 assert(n == PHYS_SECTION_ROM);
2201 n = dummy_section(&d->map, as, &io_mem_watch);
2202 assert(n == PHYS_SECTION_WATCH);
2203
2204 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2205 d->as = as;
2206 as->next_dispatch = d;
2207 }
2208
2209 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2210 {
2211 phys_sections_free(&d->map);
2212 g_free(d);
2213 }
2214
2215 static void mem_commit(MemoryListener *listener)
2216 {
2217 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2218 AddressSpaceDispatch *cur = as->dispatch;
2219 AddressSpaceDispatch *next = as->next_dispatch;
2220
2221 phys_page_compact_all(next, next->map.nodes_nb);
2222
2223 atomic_rcu_set(&as->dispatch, next);
2224 if (cur) {
2225 call_rcu(cur, address_space_dispatch_free, rcu);
2226 }
2227 }
2228
2229 static void tcg_commit(MemoryListener *listener)
2230 {
2231 CPUState *cpu;
2232
2233 /* since each CPU stores ram addresses in its TLB cache, we must
2234 reset the modified entries */
2235 /* XXX: slow ! */
2236 CPU_FOREACH(cpu) {
2237 /* FIXME: Disentangle the cpu.h circular files deps so we can
2238 directly get the right CPU from listener. */
2239 if (cpu->tcg_as_listener != listener) {
2240 continue;
2241 }
2242 cpu_reload_memory_map(cpu);
2243 }
2244 }
2245
2246 void address_space_init_dispatch(AddressSpace *as)
2247 {
2248 as->dispatch = NULL;
2249 as->dispatch_listener = (MemoryListener) {
2250 .begin = mem_begin,
2251 .commit = mem_commit,
2252 .region_add = mem_add,
2253 .region_nop = mem_add,
2254 .priority = 0,
2255 };
2256 memory_listener_register(&as->dispatch_listener, as);
2257 }
2258
2259 void address_space_unregister(AddressSpace *as)
2260 {
2261 memory_listener_unregister(&as->dispatch_listener);
2262 }
2263
2264 void address_space_destroy_dispatch(AddressSpace *as)
2265 {
2266 AddressSpaceDispatch *d = as->dispatch;
2267
2268 atomic_rcu_set(&as->dispatch, NULL);
2269 if (d) {
2270 call_rcu(d, address_space_dispatch_free, rcu);
2271 }
2272 }
2273
2274 static void memory_map_init(void)
2275 {
2276 system_memory = g_malloc(sizeof(*system_memory));
2277
2278 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2279 address_space_init(&address_space_memory, system_memory, "memory");
2280
2281 system_io = g_malloc(sizeof(*system_io));
2282 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2283 65536);
2284 address_space_init(&address_space_io, system_io, "I/O");
2285 }
2286
2287 MemoryRegion *get_system_memory(void)
2288 {
2289 return system_memory;
2290 }
2291
2292 MemoryRegion *get_system_io(void)
2293 {
2294 return system_io;
2295 }
2296
2297 #endif /* !defined(CONFIG_USER_ONLY) */
2298
2299 /* physical memory access (slow version, mainly for debug) */
2300 #if defined(CONFIG_USER_ONLY)
2301 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2302 uint8_t *buf, int len, int is_write)
2303 {
2304 int l, flags;
2305 target_ulong page;
2306 void * p;
2307
2308 while (len > 0) {
2309 page = addr & TARGET_PAGE_MASK;
2310 l = (page + TARGET_PAGE_SIZE) - addr;
2311 if (l > len)
2312 l = len;
2313 flags = page_get_flags(page);
2314 if (!(flags & PAGE_VALID))
2315 return -1;
2316 if (is_write) {
2317 if (!(flags & PAGE_WRITE))
2318 return -1;
2319 /* XXX: this code should not depend on lock_user */
2320 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2321 return -1;
2322 memcpy(p, buf, l);
2323 unlock_user(p, addr, l);
2324 } else {
2325 if (!(flags & PAGE_READ))
2326 return -1;
2327 /* XXX: this code should not depend on lock_user */
2328 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2329 return -1;
2330 memcpy(buf, p, l);
2331 unlock_user(p, addr, 0);
2332 }
2333 len -= l;
2334 buf += l;
2335 addr += l;
2336 }
2337 return 0;
2338 }
2339
2340 #else
2341
2342 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2343 hwaddr length)
2344 {
2345 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2346 /* No early return if dirty_log_mask is or becomes 0, because
2347 * cpu_physical_memory_set_dirty_range will still call
2348 * xen_modified_memory.
2349 */
2350 if (dirty_log_mask) {
2351 dirty_log_mask =
2352 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2353 }
2354 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2355 tb_invalidate_phys_range(addr, addr + length);
2356 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2357 }
2358 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2359 }
2360
2361 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2362 {
2363 unsigned access_size_max = mr->ops->valid.max_access_size;
2364
2365 /* Regions are assumed to support 1-4 byte accesses unless
2366 otherwise specified. */
2367 if (access_size_max == 0) {
2368 access_size_max = 4;
2369 }
2370
2371 /* Bound the maximum access by the alignment of the address. */
2372 if (!mr->ops->impl.unaligned) {
2373 unsigned align_size_max = addr & -addr;
2374 if (align_size_max != 0 && align_size_max < access_size_max) {
2375 access_size_max = align_size_max;
2376 }
2377 }
2378
2379 /* Don't attempt accesses larger than the maximum. */
2380 if (l > access_size_max) {
2381 l = access_size_max;
2382 }
2383 if (l & (l - 1)) {
2384 l = 1 << (qemu_fls(l) - 1);
2385 }
2386
2387 return l;
2388 }
2389
2390 static bool prepare_mmio_access(MemoryRegion *mr)
2391 {
2392 bool unlocked = !qemu_mutex_iothread_locked();
2393 bool release_lock = false;
2394
2395 if (unlocked && mr->global_locking) {
2396 qemu_mutex_lock_iothread();
2397 unlocked = false;
2398 release_lock = true;
2399 }
2400 if (mr->flush_coalesced_mmio) {
2401 if (unlocked) {
2402 qemu_mutex_lock_iothread();
2403 }
2404 qemu_flush_coalesced_mmio_buffer();
2405 if (unlocked) {
2406 qemu_mutex_unlock_iothread();
2407 }
2408 }
2409
2410 return release_lock;
2411 }
2412
2413 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2414 uint8_t *buf, int len, bool is_write)
2415 {
2416 hwaddr l;
2417 uint8_t *ptr;
2418 uint64_t val;
2419 hwaddr addr1;
2420 MemoryRegion *mr;
2421 MemTxResult result = MEMTX_OK;
2422 bool release_lock = false;
2423
2424 rcu_read_lock();
2425 while (len > 0) {
2426 l = len;
2427 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2428
2429 if (is_write) {
2430 if (!memory_access_is_direct(mr, is_write)) {
2431 release_lock |= prepare_mmio_access(mr);
2432 l = memory_access_size(mr, l, addr1);
2433 /* XXX: could force current_cpu to NULL to avoid
2434 potential bugs */
2435 switch (l) {
2436 case 8:
2437 /* 64 bit write access */
2438 val = ldq_p(buf);
2439 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2440 attrs);
2441 break;
2442 case 4:
2443 /* 32 bit write access */
2444 val = ldl_p(buf);
2445 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2446 attrs);
2447 break;
2448 case 2:
2449 /* 16 bit write access */
2450 val = lduw_p(buf);
2451 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2452 attrs);
2453 break;
2454 case 1:
2455 /* 8 bit write access */
2456 val = ldub_p(buf);
2457 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2458 attrs);
2459 break;
2460 default:
2461 abort();
2462 }
2463 } else {
2464 addr1 += memory_region_get_ram_addr(mr);
2465 /* RAM case */
2466 ptr = qemu_get_ram_ptr(addr1);
2467 memcpy(ptr, buf, l);
2468 invalidate_and_set_dirty(mr, addr1, l);
2469 }
2470 } else {
2471 if (!memory_access_is_direct(mr, is_write)) {
2472 /* I/O case */
2473 release_lock |= prepare_mmio_access(mr);
2474 l = memory_access_size(mr, l, addr1);
2475 switch (l) {
2476 case 8:
2477 /* 64 bit read access */
2478 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2479 attrs);
2480 stq_p(buf, val);
2481 break;
2482 case 4:
2483 /* 32 bit read access */
2484 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2485 attrs);
2486 stl_p(buf, val);
2487 break;
2488 case 2:
2489 /* 16 bit read access */
2490 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2491 attrs);
2492 stw_p(buf, val);
2493 break;
2494 case 1:
2495 /* 8 bit read access */
2496 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2497 attrs);
2498 stb_p(buf, val);
2499 break;
2500 default:
2501 abort();
2502 }
2503 } else {
2504 /* RAM case */
2505 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2506 memcpy(buf, ptr, l);
2507 }
2508 }
2509
2510 if (release_lock) {
2511 qemu_mutex_unlock_iothread();
2512 release_lock = false;
2513 }
2514
2515 len -= l;
2516 buf += l;
2517 addr += l;
2518 }
2519 rcu_read_unlock();
2520
2521 return result;
2522 }
2523
2524 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2525 const uint8_t *buf, int len)
2526 {
2527 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2528 }
2529
2530 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2531 uint8_t *buf, int len)
2532 {
2533 return address_space_rw(as, addr, attrs, buf, len, false);
2534 }
2535
2536
2537 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2538 int len, int is_write)
2539 {
2540 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2541 buf, len, is_write);
2542 }
2543
2544 enum write_rom_type {
2545 WRITE_DATA,
2546 FLUSH_CACHE,
2547 };
2548
2549 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2550 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2551 {
2552 hwaddr l;
2553 uint8_t *ptr;
2554 hwaddr addr1;
2555 MemoryRegion *mr;
2556
2557 rcu_read_lock();
2558 while (len > 0) {
2559 l = len;
2560 mr = address_space_translate(as, addr, &addr1, &l, true);
2561
2562 if (!(memory_region_is_ram(mr) ||
2563 memory_region_is_romd(mr))) {
2564 l = memory_access_size(mr, l, addr1);
2565 } else {
2566 addr1 += memory_region_get_ram_addr(mr);
2567 /* ROM/RAM case */
2568 ptr = qemu_get_ram_ptr(addr1);
2569 switch (type) {
2570 case WRITE_DATA:
2571 memcpy(ptr, buf, l);
2572 invalidate_and_set_dirty(mr, addr1, l);
2573 break;
2574 case FLUSH_CACHE:
2575 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2576 break;
2577 }
2578 }
2579 len -= l;
2580 buf += l;
2581 addr += l;
2582 }
2583 rcu_read_unlock();
2584 }
2585
2586 /* used for ROM loading : can write in RAM and ROM */
2587 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2588 const uint8_t *buf, int len)
2589 {
2590 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2591 }
2592
2593 void cpu_flush_icache_range(hwaddr start, int len)
2594 {
2595 /*
2596 * This function should do the same thing as an icache flush that was
2597 * triggered from within the guest. For TCG we are always cache coherent,
2598 * so there is no need to flush anything. For KVM / Xen we need to flush
2599 * the host's instruction cache at least.
2600 */
2601 if (tcg_enabled()) {
2602 return;
2603 }
2604
2605 cpu_physical_memory_write_rom_internal(&address_space_memory,
2606 start, NULL, len, FLUSH_CACHE);
2607 }
2608
2609 typedef struct {
2610 MemoryRegion *mr;
2611 void *buffer;
2612 hwaddr addr;
2613 hwaddr len;
2614 bool in_use;
2615 } BounceBuffer;
2616
2617 static BounceBuffer bounce;
2618
2619 typedef struct MapClient {
2620 QEMUBH *bh;
2621 QLIST_ENTRY(MapClient) link;
2622 } MapClient;
2623
2624 QemuMutex map_client_list_lock;
2625 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2626 = QLIST_HEAD_INITIALIZER(map_client_list);
2627
2628 static void cpu_unregister_map_client_do(MapClient *client)
2629 {
2630 QLIST_REMOVE(client, link);
2631 g_free(client);
2632 }
2633
2634 static void cpu_notify_map_clients_locked(void)
2635 {
2636 MapClient *client;
2637
2638 while (!QLIST_EMPTY(&map_client_list)) {
2639 client = QLIST_FIRST(&map_client_list);
2640 qemu_bh_schedule(client->bh);
2641 cpu_unregister_map_client_do(client);
2642 }
2643 }
2644
2645 void cpu_register_map_client(QEMUBH *bh)
2646 {
2647 MapClient *client = g_malloc(sizeof(*client));
2648
2649 qemu_mutex_lock(&map_client_list_lock);
2650 client->bh = bh;
2651 QLIST_INSERT_HEAD(&map_client_list, client, link);
2652 if (!atomic_read(&bounce.in_use)) {
2653 cpu_notify_map_clients_locked();
2654 }
2655 qemu_mutex_unlock(&map_client_list_lock);
2656 }
2657
2658 void cpu_exec_init_all(void)
2659 {
2660 qemu_mutex_init(&ram_list.mutex);
2661 memory_map_init();
2662 io_mem_init();
2663 qemu_mutex_init(&map_client_list_lock);
2664 }
2665
2666 void cpu_unregister_map_client(QEMUBH *bh)
2667 {
2668 MapClient *client;
2669
2670 qemu_mutex_lock(&map_client_list_lock);
2671 QLIST_FOREACH(client, &map_client_list, link) {
2672 if (client->bh == bh) {
2673 cpu_unregister_map_client_do(client);
2674 break;
2675 }
2676 }
2677 qemu_mutex_unlock(&map_client_list_lock);
2678 }
2679
2680 static void cpu_notify_map_clients(void)
2681 {
2682 qemu_mutex_lock(&map_client_list_lock);
2683 cpu_notify_map_clients_locked();
2684 qemu_mutex_unlock(&map_client_list_lock);
2685 }
2686
2687 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2688 {
2689 MemoryRegion *mr;
2690 hwaddr l, xlat;
2691
2692 rcu_read_lock();
2693 while (len > 0) {
2694 l = len;
2695 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2696 if (!memory_access_is_direct(mr, is_write)) {
2697 l = memory_access_size(mr, l, addr);
2698 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2699 return false;
2700 }
2701 }
2702
2703 len -= l;
2704 addr += l;
2705 }
2706 rcu_read_unlock();
2707 return true;
2708 }
2709
2710 /* Map a physical memory region into a host virtual address.
2711 * May map a subset of the requested range, given by and returned in *plen.
2712 * May return NULL if resources needed to perform the mapping are exhausted.
2713 * Use only for reads OR writes - not for read-modify-write operations.
2714 * Use cpu_register_map_client() to know when retrying the map operation is
2715 * likely to succeed.
2716 */
2717 void *address_space_map(AddressSpace *as,
2718 hwaddr addr,
2719 hwaddr *plen,
2720 bool is_write)
2721 {
2722 hwaddr len = *plen;
2723 hwaddr done = 0;
2724 hwaddr l, xlat, base;
2725 MemoryRegion *mr, *this_mr;
2726 ram_addr_t raddr;
2727
2728 if (len == 0) {
2729 return NULL;
2730 }
2731
2732 l = len;
2733 rcu_read_lock();
2734 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2735
2736 if (!memory_access_is_direct(mr, is_write)) {
2737 if (atomic_xchg(&bounce.in_use, true)) {
2738 rcu_read_unlock();
2739 return NULL;
2740 }
2741 /* Avoid unbounded allocations */
2742 l = MIN(l, TARGET_PAGE_SIZE);
2743 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2744 bounce.addr = addr;
2745 bounce.len = l;
2746
2747 memory_region_ref(mr);
2748 bounce.mr = mr;
2749 if (!is_write) {
2750 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2751 bounce.buffer, l);
2752 }
2753
2754 rcu_read_unlock();
2755 *plen = l;
2756 return bounce.buffer;
2757 }
2758
2759 base = xlat;
2760 raddr = memory_region_get_ram_addr(mr);
2761
2762 for (;;) {
2763 len -= l;
2764 addr += l;
2765 done += l;
2766 if (len == 0) {
2767 break;
2768 }
2769
2770 l = len;
2771 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2772 if (this_mr != mr || xlat != base + done) {
2773 break;
2774 }
2775 }
2776
2777 memory_region_ref(mr);
2778 rcu_read_unlock();
2779 *plen = done;
2780 return qemu_ram_ptr_length(raddr + base, plen);
2781 }
2782
2783 /* Unmaps a memory region previously mapped by address_space_map().
2784 * Will also mark the memory as dirty if is_write == 1. access_len gives
2785 * the amount of memory that was actually read or written by the caller.
2786 */
2787 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2788 int is_write, hwaddr access_len)
2789 {
2790 if (buffer != bounce.buffer) {
2791 MemoryRegion *mr;
2792 ram_addr_t addr1;
2793
2794 mr = qemu_ram_addr_from_host(buffer, &addr1);
2795 assert(mr != NULL);
2796 if (is_write) {
2797 invalidate_and_set_dirty(mr, addr1, access_len);
2798 }
2799 if (xen_enabled()) {
2800 xen_invalidate_map_cache_entry(buffer);
2801 }
2802 memory_region_unref(mr);
2803 return;
2804 }
2805 if (is_write) {
2806 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2807 bounce.buffer, access_len);
2808 }
2809 qemu_vfree(bounce.buffer);
2810 bounce.buffer = NULL;
2811 memory_region_unref(bounce.mr);
2812 atomic_mb_set(&bounce.in_use, false);
2813 cpu_notify_map_clients();
2814 }
2815
2816 void *cpu_physical_memory_map(hwaddr addr,
2817 hwaddr *plen,
2818 int is_write)
2819 {
2820 return address_space_map(&address_space_memory, addr, plen, is_write);
2821 }
2822
2823 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2824 int is_write, hwaddr access_len)
2825 {
2826 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2827 }
2828
2829 /* warning: addr must be aligned */
2830 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2831 MemTxAttrs attrs,
2832 MemTxResult *result,
2833 enum device_endian endian)
2834 {
2835 uint8_t *ptr;
2836 uint64_t val;
2837 MemoryRegion *mr;
2838 hwaddr l = 4;
2839 hwaddr addr1;
2840 MemTxResult r;
2841 bool release_lock = false;
2842
2843 rcu_read_lock();
2844 mr = address_space_translate(as, addr, &addr1, &l, false);
2845 if (l < 4 || !memory_access_is_direct(mr, false)) {
2846 release_lock |= prepare_mmio_access(mr);
2847
2848 /* I/O case */
2849 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2850 #if defined(TARGET_WORDS_BIGENDIAN)
2851 if (endian == DEVICE_LITTLE_ENDIAN) {
2852 val = bswap32(val);
2853 }
2854 #else
2855 if (endian == DEVICE_BIG_ENDIAN) {
2856 val = bswap32(val);
2857 }
2858 #endif
2859 } else {
2860 /* RAM case */
2861 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2862 & TARGET_PAGE_MASK)
2863 + addr1);
2864 switch (endian) {
2865 case DEVICE_LITTLE_ENDIAN:
2866 val = ldl_le_p(ptr);
2867 break;
2868 case DEVICE_BIG_ENDIAN:
2869 val = ldl_be_p(ptr);
2870 break;
2871 default:
2872 val = ldl_p(ptr);
2873 break;
2874 }
2875 r = MEMTX_OK;
2876 }
2877 if (result) {
2878 *result = r;
2879 }
2880 if (release_lock) {
2881 qemu_mutex_unlock_iothread();
2882 }
2883 rcu_read_unlock();
2884 return val;
2885 }
2886
2887 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2888 MemTxAttrs attrs, MemTxResult *result)
2889 {
2890 return address_space_ldl_internal(as, addr, attrs, result,
2891 DEVICE_NATIVE_ENDIAN);
2892 }
2893
2894 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2895 MemTxAttrs attrs, MemTxResult *result)
2896 {
2897 return address_space_ldl_internal(as, addr, attrs, result,
2898 DEVICE_LITTLE_ENDIAN);
2899 }
2900
2901 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2902 MemTxAttrs attrs, MemTxResult *result)
2903 {
2904 return address_space_ldl_internal(as, addr, attrs, result,
2905 DEVICE_BIG_ENDIAN);
2906 }
2907
2908 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2909 {
2910 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2911 }
2912
2913 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2914 {
2915 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2916 }
2917
2918 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2919 {
2920 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2921 }
2922
2923 /* warning: addr must be aligned */
2924 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2925 MemTxAttrs attrs,
2926 MemTxResult *result,
2927 enum device_endian endian)
2928 {
2929 uint8_t *ptr;
2930 uint64_t val;
2931 MemoryRegion *mr;
2932 hwaddr l = 8;
2933 hwaddr addr1;
2934 MemTxResult r;
2935 bool release_lock = false;
2936
2937 rcu_read_lock();
2938 mr = address_space_translate(as, addr, &addr1, &l,
2939 false);
2940 if (l < 8 || !memory_access_is_direct(mr, false)) {
2941 release_lock |= prepare_mmio_access(mr);
2942
2943 /* I/O case */
2944 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2945 #if defined(TARGET_WORDS_BIGENDIAN)
2946 if (endian == DEVICE_LITTLE_ENDIAN) {
2947 val = bswap64(val);
2948 }
2949 #else
2950 if (endian == DEVICE_BIG_ENDIAN) {
2951 val = bswap64(val);
2952 }
2953 #endif
2954 } else {
2955 /* RAM case */
2956 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2957 & TARGET_PAGE_MASK)
2958 + addr1);
2959 switch (endian) {
2960 case DEVICE_LITTLE_ENDIAN:
2961 val = ldq_le_p(ptr);
2962 break;
2963 case DEVICE_BIG_ENDIAN:
2964 val = ldq_be_p(ptr);
2965 break;
2966 default:
2967 val = ldq_p(ptr);
2968 break;
2969 }
2970 r = MEMTX_OK;
2971 }
2972 if (result) {
2973 *result = r;
2974 }
2975 if (release_lock) {
2976 qemu_mutex_unlock_iothread();
2977 }
2978 rcu_read_unlock();
2979 return val;
2980 }
2981
2982 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
2983 MemTxAttrs attrs, MemTxResult *result)
2984 {
2985 return address_space_ldq_internal(as, addr, attrs, result,
2986 DEVICE_NATIVE_ENDIAN);
2987 }
2988
2989 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
2990 MemTxAttrs attrs, MemTxResult *result)
2991 {
2992 return address_space_ldq_internal(as, addr, attrs, result,
2993 DEVICE_LITTLE_ENDIAN);
2994 }
2995
2996 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
2997 MemTxAttrs attrs, MemTxResult *result)
2998 {
2999 return address_space_ldq_internal(as, addr, attrs, result,
3000 DEVICE_BIG_ENDIAN);
3001 }
3002
3003 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3004 {
3005 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3006 }
3007
3008 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3009 {
3010 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3011 }
3012
3013 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3014 {
3015 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3016 }
3017
3018 /* XXX: optimize */
3019 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3020 MemTxAttrs attrs, MemTxResult *result)
3021 {
3022 uint8_t val;
3023 MemTxResult r;
3024
3025 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3026 if (result) {
3027 *result = r;
3028 }
3029 return val;
3030 }
3031
3032 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3033 {
3034 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3035 }
3036
3037 /* warning: addr must be aligned */
3038 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3039 hwaddr addr,
3040 MemTxAttrs attrs,
3041 MemTxResult *result,
3042 enum device_endian endian)
3043 {
3044 uint8_t *ptr;
3045 uint64_t val;
3046 MemoryRegion *mr;
3047 hwaddr l = 2;
3048 hwaddr addr1;
3049 MemTxResult r;
3050 bool release_lock = false;
3051
3052 rcu_read_lock();
3053 mr = address_space_translate(as, addr, &addr1, &l,
3054 false);
3055 if (l < 2 || !memory_access_is_direct(mr, false)) {
3056 release_lock |= prepare_mmio_access(mr);
3057
3058 /* I/O case */
3059 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3060 #if defined(TARGET_WORDS_BIGENDIAN)
3061 if (endian == DEVICE_LITTLE_ENDIAN) {
3062 val = bswap16(val);
3063 }
3064 #else
3065 if (endian == DEVICE_BIG_ENDIAN) {
3066 val = bswap16(val);
3067 }
3068 #endif
3069 } else {
3070 /* RAM case */
3071 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3072 & TARGET_PAGE_MASK)
3073 + addr1);
3074 switch (endian) {
3075 case DEVICE_LITTLE_ENDIAN:
3076 val = lduw_le_p(ptr);
3077 break;
3078 case DEVICE_BIG_ENDIAN:
3079 val = lduw_be_p(ptr);
3080 break;
3081 default:
3082 val = lduw_p(ptr);
3083 break;
3084 }
3085 r = MEMTX_OK;
3086 }
3087 if (result) {
3088 *result = r;
3089 }
3090 if (release_lock) {
3091 qemu_mutex_unlock_iothread();
3092 }
3093 rcu_read_unlock();
3094 return val;
3095 }
3096
3097 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3098 MemTxAttrs attrs, MemTxResult *result)
3099 {
3100 return address_space_lduw_internal(as, addr, attrs, result,
3101 DEVICE_NATIVE_ENDIAN);
3102 }
3103
3104 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3105 MemTxAttrs attrs, MemTxResult *result)
3106 {
3107 return address_space_lduw_internal(as, addr, attrs, result,
3108 DEVICE_LITTLE_ENDIAN);
3109 }
3110
3111 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3112 MemTxAttrs attrs, MemTxResult *result)
3113 {
3114 return address_space_lduw_internal(as, addr, attrs, result,
3115 DEVICE_BIG_ENDIAN);
3116 }
3117
3118 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3119 {
3120 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3121 }
3122
3123 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3124 {
3125 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3126 }
3127
3128 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3129 {
3130 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3131 }
3132
3133 /* warning: addr must be aligned. The ram page is not masked as dirty
3134 and the code inside is not invalidated. It is useful if the dirty
3135 bits are used to track modified PTEs */
3136 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3137 MemTxAttrs attrs, MemTxResult *result)
3138 {
3139 uint8_t *ptr;
3140 MemoryRegion *mr;
3141 hwaddr l = 4;
3142 hwaddr addr1;
3143 MemTxResult r;
3144 uint8_t dirty_log_mask;
3145 bool release_lock = false;
3146
3147 rcu_read_lock();
3148 mr = address_space_translate(as, addr, &addr1, &l,
3149 true);
3150 if (l < 4 || !memory_access_is_direct(mr, true)) {
3151 release_lock |= prepare_mmio_access(mr);
3152
3153 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3154 } else {
3155 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3156 ptr = qemu_get_ram_ptr(addr1);
3157 stl_p(ptr, val);
3158
3159 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3160 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3161 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3162 r = MEMTX_OK;
3163 }
3164 if (result) {
3165 *result = r;
3166 }
3167 if (release_lock) {
3168 qemu_mutex_unlock_iothread();
3169 }
3170 rcu_read_unlock();
3171 }
3172
3173 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3174 {
3175 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3176 }
3177
3178 /* warning: addr must be aligned */
3179 static inline void address_space_stl_internal(AddressSpace *as,
3180 hwaddr addr, uint32_t val,
3181 MemTxAttrs attrs,
3182 MemTxResult *result,
3183 enum device_endian endian)
3184 {
3185 uint8_t *ptr;
3186 MemoryRegion *mr;
3187 hwaddr l = 4;
3188 hwaddr addr1;
3189 MemTxResult r;
3190 bool release_lock = false;
3191
3192 rcu_read_lock();
3193 mr = address_space_translate(as, addr, &addr1, &l,
3194 true);
3195 if (l < 4 || !memory_access_is_direct(mr, true)) {
3196 release_lock |= prepare_mmio_access(mr);
3197
3198 #if defined(TARGET_WORDS_BIGENDIAN)
3199 if (endian == DEVICE_LITTLE_ENDIAN) {
3200 val = bswap32(val);
3201 }
3202 #else
3203 if (endian == DEVICE_BIG_ENDIAN) {
3204 val = bswap32(val);
3205 }
3206 #endif
3207 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3208 } else {
3209 /* RAM case */
3210 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3211 ptr = qemu_get_ram_ptr(addr1);
3212 switch (endian) {
3213 case DEVICE_LITTLE_ENDIAN:
3214 stl_le_p(ptr, val);
3215 break;
3216 case DEVICE_BIG_ENDIAN:
3217 stl_be_p(ptr, val);
3218 break;
3219 default:
3220 stl_p(ptr, val);
3221 break;
3222 }
3223 invalidate_and_set_dirty(mr, addr1, 4);
3224 r = MEMTX_OK;
3225 }
3226 if (result) {
3227 *result = r;
3228 }
3229 if (release_lock) {
3230 qemu_mutex_unlock_iothread();
3231 }
3232 rcu_read_unlock();
3233 }
3234
3235 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3236 MemTxAttrs attrs, MemTxResult *result)
3237 {
3238 address_space_stl_internal(as, addr, val, attrs, result,
3239 DEVICE_NATIVE_ENDIAN);
3240 }
3241
3242 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3243 MemTxAttrs attrs, MemTxResult *result)
3244 {
3245 address_space_stl_internal(as, addr, val, attrs, result,
3246 DEVICE_LITTLE_ENDIAN);
3247 }
3248
3249 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3250 MemTxAttrs attrs, MemTxResult *result)
3251 {
3252 address_space_stl_internal(as, addr, val, attrs, result,
3253 DEVICE_BIG_ENDIAN);
3254 }
3255
3256 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3257 {
3258 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3259 }
3260
3261 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3262 {
3263 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3264 }
3265
3266 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3267 {
3268 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3269 }
3270
3271 /* XXX: optimize */
3272 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3273 MemTxAttrs attrs, MemTxResult *result)
3274 {
3275 uint8_t v = val;
3276 MemTxResult r;
3277
3278 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3279 if (result) {
3280 *result = r;
3281 }
3282 }
3283
3284 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3285 {
3286 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3287 }
3288
3289 /* warning: addr must be aligned */
3290 static inline void address_space_stw_internal(AddressSpace *as,
3291 hwaddr addr, uint32_t val,
3292 MemTxAttrs attrs,
3293 MemTxResult *result,
3294 enum device_endian endian)
3295 {
3296 uint8_t *ptr;
3297 MemoryRegion *mr;
3298 hwaddr l = 2;
3299 hwaddr addr1;
3300 MemTxResult r;
3301 bool release_lock = false;
3302
3303 rcu_read_lock();
3304 mr = address_space_translate(as, addr, &addr1, &l, true);
3305 if (l < 2 || !memory_access_is_direct(mr, true)) {
3306 release_lock |= prepare_mmio_access(mr);
3307
3308 #if defined(TARGET_WORDS_BIGENDIAN)
3309 if (endian == DEVICE_LITTLE_ENDIAN) {
3310 val = bswap16(val);
3311 }
3312 #else
3313 if (endian == DEVICE_BIG_ENDIAN) {
3314 val = bswap16(val);
3315 }
3316 #endif
3317 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3318 } else {
3319 /* RAM case */
3320 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3321 ptr = qemu_get_ram_ptr(addr1);
3322 switch (endian) {
3323 case DEVICE_LITTLE_ENDIAN:
3324 stw_le_p(ptr, val);
3325 break;
3326 case DEVICE_BIG_ENDIAN:
3327 stw_be_p(ptr, val);
3328 break;
3329 default:
3330 stw_p(ptr, val);
3331 break;
3332 }
3333 invalidate_and_set_dirty(mr, addr1, 2);
3334 r = MEMTX_OK;
3335 }
3336 if (result) {
3337 *result = r;
3338 }
3339 if (release_lock) {
3340 qemu_mutex_unlock_iothread();
3341 }
3342 rcu_read_unlock();
3343 }
3344
3345 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3346 MemTxAttrs attrs, MemTxResult *result)
3347 {
3348 address_space_stw_internal(as, addr, val, attrs, result,
3349 DEVICE_NATIVE_ENDIAN);
3350 }
3351
3352 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3353 MemTxAttrs attrs, MemTxResult *result)
3354 {
3355 address_space_stw_internal(as, addr, val, attrs, result,
3356 DEVICE_LITTLE_ENDIAN);
3357 }
3358
3359 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3360 MemTxAttrs attrs, MemTxResult *result)
3361 {
3362 address_space_stw_internal(as, addr, val, attrs, result,
3363 DEVICE_BIG_ENDIAN);
3364 }
3365
3366 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3367 {
3368 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3369 }
3370
3371 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3372 {
3373 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3374 }
3375
3376 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3377 {
3378 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3379 }
3380
3381 /* XXX: optimize */
3382 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3383 MemTxAttrs attrs, MemTxResult *result)
3384 {
3385 MemTxResult r;
3386 val = tswap64(val);
3387 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3388 if (result) {
3389 *result = r;
3390 }
3391 }
3392
3393 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3394 MemTxAttrs attrs, MemTxResult *result)
3395 {
3396 MemTxResult r;
3397 val = cpu_to_le64(val);
3398 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3399 if (result) {
3400 *result = r;
3401 }
3402 }
3403 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3404 MemTxAttrs attrs, MemTxResult *result)
3405 {
3406 MemTxResult r;
3407 val = cpu_to_be64(val);
3408 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3409 if (result) {
3410 *result = r;
3411 }
3412 }
3413
3414 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3415 {
3416 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3417 }
3418
3419 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3420 {
3421 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3422 }
3423
3424 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3425 {
3426 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3427 }
3428
3429 /* virtual memory access for debug (includes writing to ROM) */
3430 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3431 uint8_t *buf, int len, int is_write)
3432 {
3433 int l;
3434 hwaddr phys_addr;
3435 target_ulong page;
3436
3437 while (len > 0) {
3438 page = addr & TARGET_PAGE_MASK;
3439 phys_addr = cpu_get_phys_page_debug(cpu, page);
3440 /* if no physical page mapped, return an error */
3441 if (phys_addr == -1)
3442 return -1;
3443 l = (page + TARGET_PAGE_SIZE) - addr;
3444 if (l > len)
3445 l = len;
3446 phys_addr += (addr & ~TARGET_PAGE_MASK);
3447 if (is_write) {
3448 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3449 } else {
3450 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3451 buf, l, 0);
3452 }
3453 len -= l;
3454 buf += l;
3455 addr += l;
3456 }
3457 return 0;
3458 }
3459 #endif
3460
3461 /*
3462 * A helper function for the _utterly broken_ virtio device model to find out if
3463 * it's running on a big endian machine. Don't do this at home kids!
3464 */
3465 bool target_words_bigendian(void);
3466 bool target_words_bigendian(void)
3467 {
3468 #if defined(TARGET_WORDS_BIGENDIAN)
3469 return true;
3470 #else
3471 return false;
3472 #endif
3473 }
3474
3475 #ifndef CONFIG_USER_ONLY
3476 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3477 {
3478 MemoryRegion*mr;
3479 hwaddr l = 1;
3480 bool res;
3481
3482 rcu_read_lock();
3483 mr = address_space_translate(&address_space_memory,
3484 phys_addr, &phys_addr, &l, false);
3485
3486 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3487 rcu_read_unlock();
3488 return res;
3489 }
3490
3491 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3492 {
3493 RAMBlock *block;
3494 int ret = 0;
3495
3496 rcu_read_lock();
3497 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3498 ret = func(block->idstr, block->host, block->offset,
3499 block->used_length, opaque);
3500 if (ret) {
3501 break;
3502 }
3503 }
3504 rcu_read_unlock();
3505 return ret;
3506 }
3507 #endif
AR7 emulation for QEMU