search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
kvm-all: PAGE_SIZE should be real host page size
[qemu/ar7.git] / exec.c
blob53a4b8c6f47889fe3ce5579edb57766625030987
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53 #include "sysemu/replay.h"
54
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
57
58 #include "qemu/range.h"
59 #ifndef _WIN32
60 #include "qemu/mmap-alloc.h"
61 #endif
62
63 //#define DEBUG_SUBPAGE
64
65 #if !defined(CONFIG_USER_ONLY)
66 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
67 * are protected by the ramlist lock.
68 */
69 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
70
71 static MemoryRegion *system_memory;
72 static MemoryRegion *system_io;
73
74 AddressSpace address_space_io;
75 AddressSpace address_space_memory;
76
77 MemoryRegion io_mem_rom, io_mem_notdirty;
78 static MemoryRegion io_mem_unassigned;
79
80 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
81 #define RAM_PREALLOC (1 << 0)
82
83 /* RAM is mmap-ed with MAP_SHARED */
84 #define RAM_SHARED (1 << 1)
85
86 /* Only a portion of RAM (used_length) is actually used, and migrated.
87 * This used_length size can change across reboots.
88 */
89 #define RAM_RESIZEABLE (1 << 2)
90
91 #endif
92
93 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
94 /* current CPU in the current thread. It is only valid inside
95 cpu_exec() */
96 __thread CPUState *current_cpu;
97 /* 0 = Do not count executed instructions.
98 1 = Precise instruction counting.
99 2 = Adaptive rate instruction counting. */
100 int use_icount;
101
102 #if !defined(CONFIG_USER_ONLY)
103
104 typedef struct PhysPageEntry PhysPageEntry;
105
106 struct PhysPageEntry {
107 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
108 uint32_t skip : 6;
109 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
110 uint32_t ptr : 26;
111 };
112
113 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
114
115 /* Size of the L2 (and L3, etc) page tables. */
116 #define ADDR_SPACE_BITS 64
117
118 #define P_L2_BITS 9
119 #define P_L2_SIZE (1 << P_L2_BITS)
120
121 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
122
123 typedef PhysPageEntry Node[P_L2_SIZE];
124
125 typedef struct PhysPageMap {
126 struct rcu_head rcu;
127
128 unsigned sections_nb;
129 unsigned sections_nb_alloc;
130 unsigned nodes_nb;
131 unsigned nodes_nb_alloc;
132 Node *nodes;
133 MemoryRegionSection *sections;
134 } PhysPageMap;
135
136 struct AddressSpaceDispatch {
137 struct rcu_head rcu;
138
139 /* This is a multi-level map on the physical address space.
140 * The bottom level has pointers to MemoryRegionSections.
141 */
142 PhysPageEntry phys_map;
143 PhysPageMap map;
144 AddressSpace *as;
145 };
146
147 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
148 typedef struct subpage_t {
149 MemoryRegion iomem;
150 AddressSpace *as;
151 hwaddr base;
152 uint16_t sub_section[TARGET_PAGE_SIZE];
153 } subpage_t;
154
155 #define PHYS_SECTION_UNASSIGNED 0
156 #define PHYS_SECTION_NOTDIRTY 1
157 #define PHYS_SECTION_ROM 2
158 #define PHYS_SECTION_WATCH 3
159
160 static void io_mem_init(void);
161 static void memory_map_init(void);
162 static void tcg_commit(MemoryListener *listener);
163
164 static MemoryRegion io_mem_watch;
165
166 /**
167 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
168 * @cpu: the CPU whose AddressSpace this is
169 * @as: the AddressSpace itself
170 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
171 * @tcg_as_listener: listener for tracking changes to the AddressSpace
172 */
173 struct CPUAddressSpace {
174 CPUState *cpu;
175 AddressSpace *as;
176 struct AddressSpaceDispatch *memory_dispatch;
177 MemoryListener tcg_as_listener;
178 };
179
180 #endif
181
182 #if !defined(CONFIG_USER_ONLY)
183
184 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
185 {
186 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
187 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
188 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
189 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
190 }
191 }
192
193 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
194 {
195 unsigned i;
196 uint32_t ret;
197 PhysPageEntry e;
198 PhysPageEntry *p;
199
200 ret = map->nodes_nb++;
201 p = map->nodes[ret];
202 assert(ret != PHYS_MAP_NODE_NIL);
203 assert(ret != map->nodes_nb_alloc);
204
205 e.skip = leaf ? 0 : 1;
206 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
207 for (i = 0; i < P_L2_SIZE; ++i) {
208 memcpy(&p[i], &e, sizeof(e));
209 }
210 return ret;
211 }
212
213 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
214 hwaddr *index, hwaddr *nb, uint16_t leaf,
215 int level)
216 {
217 PhysPageEntry *p;
218 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
219
220 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
221 lp->ptr = phys_map_node_alloc(map, level == 0);
222 }
223 p = map->nodes[lp->ptr];
224 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
225
226 while (*nb && lp < &p[P_L2_SIZE]) {
227 if ((*index & (step - 1)) == 0 && *nb >= step) {
228 lp->skip = 0;
229 lp->ptr = leaf;
230 *index += step;
231 *nb -= step;
232 } else {
233 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
234 }
235 ++lp;
236 }
237 }
238
239 static void phys_page_set(AddressSpaceDispatch *d,
240 hwaddr index, hwaddr nb,
241 uint16_t leaf)
242 {
243 /* Wildly overreserve - it doesn't matter much. */
244 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
245
246 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
247 }
248
249 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
250 * and update our entry so we can skip it and go directly to the destination.
251 */
252 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
253 {
254 unsigned valid_ptr = P_L2_SIZE;
255 int valid = 0;
256 PhysPageEntry *p;
257 int i;
258
259 if (lp->ptr == PHYS_MAP_NODE_NIL) {
260 return;
261 }
262
263 p = nodes[lp->ptr];
264 for (i = 0; i < P_L2_SIZE; i++) {
265 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
266 continue;
267 }
268
269 valid_ptr = i;
270 valid++;
271 if (p[i].skip) {
272 phys_page_compact(&p[i], nodes, compacted);
273 }
274 }
275
276 /* We can only compress if there's only one child. */
277 if (valid != 1) {
278 return;
279 }
280
281 assert(valid_ptr < P_L2_SIZE);
282
283 /* Don't compress if it won't fit in the # of bits we have. */
284 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
285 return;
286 }
287
288 lp->ptr = p[valid_ptr].ptr;
289 if (!p[valid_ptr].skip) {
290 /* If our only child is a leaf, make this a leaf. */
291 /* By design, we should have made this node a leaf to begin with so we
292 * should never reach here.
293 * But since it's so simple to handle this, let's do it just in case we
294 * change this rule.
295 */
296 lp->skip = 0;
297 } else {
298 lp->skip += p[valid_ptr].skip;
299 }
300 }
301
302 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
303 {
304 DECLARE_BITMAP(compacted, nodes_nb);
305
306 if (d->phys_map.skip) {
307 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
308 }
309 }
310
311 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
312 Node *nodes, MemoryRegionSection *sections)
313 {
314 PhysPageEntry *p;
315 hwaddr index = addr >> TARGET_PAGE_BITS;
316 int i;
317
318 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
319 if (lp.ptr == PHYS_MAP_NODE_NIL) {
320 return &sections[PHYS_SECTION_UNASSIGNED];
321 }
322 p = nodes[lp.ptr];
323 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
324 }
325
326 if (sections[lp.ptr].size.hi ||
327 range_covers_byte(sections[lp.ptr].offset_within_address_space,
328 sections[lp.ptr].size.lo, addr)) {
329 return &sections[lp.ptr];
330 } else {
331 return &sections[PHYS_SECTION_UNASSIGNED];
332 }
333 }
334
335 bool memory_region_is_unassigned(MemoryRegion *mr)
336 {
337 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
338 && mr != &io_mem_watch;
339 }
340
341 /* Called from RCU critical section */
342 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
343 hwaddr addr,
344 bool resolve_subpage)
345 {
346 MemoryRegionSection *section;
347 subpage_t *subpage;
348
349 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
350 if (resolve_subpage && section->mr->subpage) {
351 subpage = container_of(section->mr, subpage_t, iomem);
352 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
353 }
354 return section;
355 }
356
357 /* Called from RCU critical section */
358 static MemoryRegionSection *
359 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
360 hwaddr *plen, bool resolve_subpage)
361 {
362 MemoryRegionSection *section;
363 MemoryRegion *mr;
364 Int128 diff;
365
366 section = address_space_lookup_region(d, addr, resolve_subpage);
367 /* Compute offset within MemoryRegionSection */
368 addr -= section->offset_within_address_space;
369
370 /* Compute offset within MemoryRegion */
371 *xlat = addr + section->offset_within_region;
372
373 mr = section->mr;
374
375 /* MMIO registers can be expected to perform full-width accesses based only
376 * on their address, without considering adjacent registers that could
377 * decode to completely different MemoryRegions. When such registers
378 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
379 * regions overlap wildly. For this reason we cannot clamp the accesses
380 * here.
381 *
382 * If the length is small (as is the case for address_space_ldl/stl),
383 * everything works fine. If the incoming length is large, however,
384 * the caller really has to do the clamping through memory_access_size.
385 */
386 if (memory_region_is_ram(mr)) {
387 diff = int128_sub(section->size, int128_make64(addr));
388 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
389 }
390 return section;
391 }
392
393 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
394 {
395 if (memory_region_is_ram(mr)) {
396 return !(is_write && mr->readonly);
397 }
398 if (memory_region_is_romd(mr)) {
399 return !is_write;
400 }
401
402 return false;
403 }
404
405 /* Called from RCU critical section */
406 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
407 hwaddr *xlat, hwaddr *plen,
408 bool is_write)
409 {
410 IOMMUTLBEntry iotlb;
411 MemoryRegionSection *section;
412 MemoryRegion *mr;
413
414 for (;;) {
415 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
416 section = address_space_translate_internal(d, addr, &addr, plen, true);
417 mr = section->mr;
418
419 if (!mr->iommu_ops) {
420 break;
421 }
422
423 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
424 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
425 | (addr & iotlb.addr_mask));
426 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
427 if (!(iotlb.perm & (1 << is_write))) {
428 mr = &io_mem_unassigned;
429 break;
430 }
431
432 as = iotlb.target_as;
433 }
434
435 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
436 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
437 *plen = MIN(page, *plen);
438 }
439
440 *xlat = addr;
441 return mr;
442 }
443
444 /* Called from RCU critical section */
445 MemoryRegionSection *
446 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
447 hwaddr *xlat, hwaddr *plen)
448 {
449 MemoryRegionSection *section;
450 section = address_space_translate_internal(cpu->cpu_ases[0].memory_dispatch,
451 addr, xlat, plen, false);
452
453 assert(!section->mr->iommu_ops);
454 return section;
455 }
456 #endif
457
458 #if !defined(CONFIG_USER_ONLY)
459
460 static int cpu_common_post_load(void *opaque, int version_id)
461 {
462 CPUState *cpu = opaque;
463
464 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
465 version_id is increased. */
466 cpu->interrupt_request &= ~0x01;
467 tlb_flush(cpu, 1);
468
469 return 0;
470 }
471
472 static int cpu_common_pre_load(void *opaque)
473 {
474 CPUState *cpu = opaque;
475
476 cpu->exception_index = -1;
477
478 return 0;
479 }
480
481 static bool cpu_common_exception_index_needed(void *opaque)
482 {
483 CPUState *cpu = opaque;
484
485 return tcg_enabled() && cpu->exception_index != -1;
486 }
487
488 static const VMStateDescription vmstate_cpu_common_exception_index = {
489 .name = "cpu_common/exception_index",
490 .version_id = 1,
491 .minimum_version_id = 1,
492 .needed = cpu_common_exception_index_needed,
493 .fields = (VMStateField[]) {
494 VMSTATE_INT32(exception_index, CPUState),
495 VMSTATE_END_OF_LIST()
496 }
497 };
498
499 static bool cpu_common_crash_occurred_needed(void *opaque)
500 {
501 CPUState *cpu = opaque;
502
503 return cpu->crash_occurred;
504 }
505
506 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
507 .name = "cpu_common/crash_occurred",
508 .version_id = 1,
509 .minimum_version_id = 1,
510 .needed = cpu_common_crash_occurred_needed,
511 .fields = (VMStateField[]) {
512 VMSTATE_BOOL(crash_occurred, CPUState),
513 VMSTATE_END_OF_LIST()
514 }
515 };
516
517 const VMStateDescription vmstate_cpu_common = {
518 .name = "cpu_common",
519 .version_id = 1,
520 .minimum_version_id = 1,
521 .pre_load = cpu_common_pre_load,
522 .post_load = cpu_common_post_load,
523 .fields = (VMStateField[]) {
524 VMSTATE_UINT32(halted, CPUState),
525 VMSTATE_UINT32(interrupt_request, CPUState),
526 VMSTATE_END_OF_LIST()
527 },
528 .subsections = (const VMStateDescription*[]) {
529 &vmstate_cpu_common_exception_index,
530 &vmstate_cpu_common_crash_occurred,
531 NULL
532 }
533 };
534
535 #endif
536
537 CPUState *qemu_get_cpu(int index)
538 {
539 CPUState *cpu;
540
541 CPU_FOREACH(cpu) {
542 if (cpu->cpu_index == index) {
543 return cpu;
544 }
545 }
546
547 return NULL;
548 }
549
550 #if !defined(CONFIG_USER_ONLY)
551 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
552 {
553 /* We only support one address space per cpu at the moment. */
554 assert(cpu->as == as);
555
556 if (cpu->cpu_ases) {
557 /* We've already registered the listener for our only AS */
558 return;
559 }
560
561 cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
562 cpu->cpu_ases[0].cpu = cpu;
563 cpu->cpu_ases[0].as = as;
564 cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
565 memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as);
566 }
567 #endif
568
569 #ifndef CONFIG_USER_ONLY
570 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
571
572 static int cpu_get_free_index(Error **errp)
573 {
574 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
575
576 if (cpu >= MAX_CPUMASK_BITS) {
577 error_setg(errp, "Trying to use more CPUs than max of %d",
578 MAX_CPUMASK_BITS);
579 return -1;
580 }
581
582 bitmap_set(cpu_index_map, cpu, 1);
583 return cpu;
584 }
585
586 void cpu_exec_exit(CPUState *cpu)
587 {
588 if (cpu->cpu_index == -1) {
589 /* cpu_index was never allocated by this @cpu or was already freed. */
590 return;
591 }
592
593 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
594 cpu->cpu_index = -1;
595 }
596 #else
597
598 static int cpu_get_free_index(Error **errp)
599 {
600 CPUState *some_cpu;
601 int cpu_index = 0;
602
603 CPU_FOREACH(some_cpu) {
604 cpu_index++;
605 }
606 return cpu_index;
607 }
608
609 void cpu_exec_exit(CPUState *cpu)
610 {
611 }
612 #endif
613
614 void cpu_exec_init(CPUState *cpu, Error **errp)
615 {
616 CPUClass *cc = CPU_GET_CLASS(cpu);
617 int cpu_index;
618 Error *local_err = NULL;
619
620 #ifndef CONFIG_USER_ONLY
621 cpu->as = &address_space_memory;
622 cpu->thread_id = qemu_get_thread_id();
623 #endif
624
625 #if defined(CONFIG_USER_ONLY)
626 cpu_list_lock();
627 #endif
628 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
629 if (local_err) {
630 error_propagate(errp, local_err);
631 #if defined(CONFIG_USER_ONLY)
632 cpu_list_unlock();
633 #endif
634 return;
635 }
636 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
637 #if defined(CONFIG_USER_ONLY)
638 cpu_list_unlock();
639 #endif
640 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
641 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
642 }
643 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
644 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
645 cpu_save, cpu_load, cpu->env_ptr);
646 assert(cc->vmsd == NULL);
647 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
648 #endif
649 if (cc->vmsd != NULL) {
650 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
651 }
652 }
653
654 #if defined(CONFIG_USER_ONLY)
655 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
656 {
657 tb_invalidate_phys_page_range(pc, pc + 1, 0);
658 }
659 #else
660 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
661 {
662 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
663 if (phys != -1) {
664 tb_invalidate_phys_addr(cpu->as,
665 phys | (pc & ~TARGET_PAGE_MASK));
666 }
667 }
668 #endif
669
670 #if defined(CONFIG_USER_ONLY)
671 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
672
673 {
674 }
675
676 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
677 int flags)
678 {
679 return -ENOSYS;
680 }
681
682 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
683 {
684 }
685
686 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
687 int flags, CPUWatchpoint **watchpoint)
688 {
689 return -ENOSYS;
690 }
691 #else
692 /* Add a watchpoint. */
693 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
694 int flags, CPUWatchpoint **watchpoint)
695 {
696 CPUWatchpoint *wp;
697
698 /* forbid ranges which are empty or run off the end of the address space */
699 if (len == 0 || (addr + len - 1) < addr) {
700 error_report("tried to set invalid watchpoint at %"
701 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
702 return -EINVAL;
703 }
704 wp = g_malloc(sizeof(*wp));
705
706 wp->vaddr = addr;
707 wp->len = len;
708 wp->flags = flags;
709
710 /* keep all GDB-injected watchpoints in front */
711 if (flags & BP_GDB) {
712 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
713 } else {
714 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
715 }
716
717 tlb_flush_page(cpu, addr);
718
719 if (watchpoint)
720 *watchpoint = wp;
721 return 0;
722 }
723
724 /* Remove a specific watchpoint. */
725 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
726 int flags)
727 {
728 CPUWatchpoint *wp;
729
730 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
731 if (addr == wp->vaddr && len == wp->len
732 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
733 cpu_watchpoint_remove_by_ref(cpu, wp);
734 return 0;
735 }
736 }
737 return -ENOENT;
738 }
739
740 /* Remove a specific watchpoint by reference. */
741 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
742 {
743 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
744
745 tlb_flush_page(cpu, watchpoint->vaddr);
746
747 g_free(watchpoint);
748 }
749
750 /* Remove all matching watchpoints. */
751 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
752 {
753 CPUWatchpoint *wp, *next;
754
755 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
756 if (wp->flags & mask) {
757 cpu_watchpoint_remove_by_ref(cpu, wp);
758 }
759 }
760 }
761
762 /* Return true if this watchpoint address matches the specified
763 * access (ie the address range covered by the watchpoint overlaps
764 * partially or completely with the address range covered by the
765 * access).
766 */
767 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
768 vaddr addr,
769 vaddr len)
770 {
771 /* We know the lengths are non-zero, but a little caution is
772 * required to avoid errors in the case where the range ends
773 * exactly at the top of the address space and so addr + len
774 * wraps round to zero.
775 */
776 vaddr wpend = wp->vaddr + wp->len - 1;
777 vaddr addrend = addr + len - 1;
778
779 return !(addr > wpend || wp->vaddr > addrend);
780 }
781
782 #endif
783
784 /* Add a breakpoint. */
785 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
786 CPUBreakpoint **breakpoint)
787 {
788 CPUBreakpoint *bp;
789
790 bp = g_malloc(sizeof(*bp));
791
792 bp->pc = pc;
793 bp->flags = flags;
794
795 /* keep all GDB-injected breakpoints in front */
796 if (flags & BP_GDB) {
797 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
798 } else {
799 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
800 }
801
802 breakpoint_invalidate(cpu, pc);
803
804 if (breakpoint) {
805 *breakpoint = bp;
806 }
807 return 0;
808 }
809
810 /* Remove a specific breakpoint. */
811 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
812 {
813 CPUBreakpoint *bp;
814
815 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
816 if (bp->pc == pc && bp->flags == flags) {
817 cpu_breakpoint_remove_by_ref(cpu, bp);
818 return 0;
819 }
820 }
821 return -ENOENT;
822 }
823
824 /* Remove a specific breakpoint by reference. */
825 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
826 {
827 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
828
829 breakpoint_invalidate(cpu, breakpoint->pc);
830
831 g_free(breakpoint);
832 }
833
834 /* Remove all matching breakpoints. */
835 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
836 {
837 CPUBreakpoint *bp, *next;
838
839 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
840 if (bp->flags & mask) {
841 cpu_breakpoint_remove_by_ref(cpu, bp);
842 }
843 }
844 }
845
846 /* enable or disable single step mode. EXCP_DEBUG is returned by the
847 CPU loop after each instruction */
848 void cpu_single_step(CPUState *cpu, int enabled)
849 {
850 if (cpu->singlestep_enabled != enabled) {
851 cpu->singlestep_enabled = enabled;
852 if (kvm_enabled()) {
853 kvm_update_guest_debug(cpu, 0);
854 } else {
855 /* must flush all the translated code to avoid inconsistencies */
856 /* XXX: only flush what is necessary */
857 tb_flush(cpu);
858 }
859 }
860 }
861
862 void cpu_abort(CPUState *cpu, const char *fmt, ...)
863 {
864 va_list ap;
865 va_list ap2;
866
867 va_start(ap, fmt);
868 va_copy(ap2, ap);
869 fprintf(stderr, "qemu: fatal: ");
870 vfprintf(stderr, fmt, ap);
871 fprintf(stderr, "\n");
872 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
873 if (qemu_log_enabled()) {
874 qemu_log("qemu: fatal: ");
875 qemu_log_vprintf(fmt, ap2);
876 qemu_log("\n");
877 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
878 qemu_log_flush();
879 qemu_log_close();
880 }
881 va_end(ap2);
882 va_end(ap);
883 replay_finish();
884 #if defined(CONFIG_USER_ONLY)
885 {
886 struct sigaction act;
887 sigfillset(&act.sa_mask);
888 act.sa_handler = SIG_DFL;
889 sigaction(SIGABRT, &act, NULL);
890 }
891 #endif
892 abort();
893 }
894
895 #if !defined(CONFIG_USER_ONLY)
896 /* Called from RCU critical section */
897 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
898 {
899 RAMBlock *block;
900
901 block = atomic_rcu_read(&ram_list.mru_block);
902 if (block && addr - block->offset < block->max_length) {
903 return block;
904 }
905 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
906 if (addr - block->offset < block->max_length) {
907 goto found;
908 }
909 }
910
911 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
912 abort();
913
914 found:
915 /* It is safe to write mru_block outside the iothread lock. This
916 * is what happens:
917 *
918 * mru_block = xxx
919 * rcu_read_unlock()
920 * xxx removed from list
921 * rcu_read_lock()
922 * read mru_block
923 * mru_block = NULL;
924 * call_rcu(reclaim_ramblock, xxx);
925 * rcu_read_unlock()
926 *
927 * atomic_rcu_set is not needed here. The block was already published
928 * when it was placed into the list. Here we're just making an extra
929 * copy of the pointer.
930 */
931 ram_list.mru_block = block;
932 return block;
933 }
934
935 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
936 {
937 CPUState *cpu;
938 ram_addr_t start1;
939 RAMBlock *block;
940 ram_addr_t end;
941
942 end = TARGET_PAGE_ALIGN(start + length);
943 start &= TARGET_PAGE_MASK;
944
945 rcu_read_lock();
946 block = qemu_get_ram_block(start);
947 assert(block == qemu_get_ram_block(end - 1));
948 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
949 CPU_FOREACH(cpu) {
950 tlb_reset_dirty(cpu, start1, length);
951 }
952 rcu_read_unlock();
953 }
954
955 /* Note: start and end must be within the same ram block. */
956 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
957 ram_addr_t length,
958 unsigned client)
959 {
960 unsigned long end, page;
961 bool dirty;
962
963 if (length == 0) {
964 return false;
965 }
966
967 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
968 page = start >> TARGET_PAGE_BITS;
969 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
970 page, end - page);
971
972 if (dirty && tcg_enabled()) {
973 tlb_reset_dirty_range_all(start, length);
974 }
975
976 return dirty;
977 }
978
979 /* Called from RCU critical section */
980 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
981 MemoryRegionSection *section,
982 target_ulong vaddr,
983 hwaddr paddr, hwaddr xlat,
984 int prot,
985 target_ulong *address)
986 {
987 hwaddr iotlb;
988 CPUWatchpoint *wp;
989
990 if (memory_region_is_ram(section->mr)) {
991 /* Normal RAM. */
992 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
993 + xlat;
994 if (!section->readonly) {
995 iotlb |= PHYS_SECTION_NOTDIRTY;
996 } else {
997 iotlb |= PHYS_SECTION_ROM;
998 }
999 } else {
1000 AddressSpaceDispatch *d;
1001
1002 d = atomic_rcu_read(&section->address_space->dispatch);
1003 iotlb = section - d->map.sections;
1004 iotlb += xlat;
1005 }
1006
1007 /* Make accesses to pages with watchpoints go via the
1008 watchpoint trap routines. */
1009 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1010 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1011 /* Avoid trapping reads of pages with a write breakpoint. */
1012 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1013 iotlb = PHYS_SECTION_WATCH + paddr;
1014 *address |= TLB_MMIO;
1015 break;
1016 }
1017 }
1018 }
1019
1020 return iotlb;
1021 }
1022 #endif /* defined(CONFIG_USER_ONLY) */
1023
1024 #if !defined(CONFIG_USER_ONLY)
1025
1026 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1027 uint16_t section);
1028 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1029
1030 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1031 qemu_anon_ram_alloc;
1032
1033 /*
1034 * Set a custom physical guest memory alloator.
1035 * Accelerators with unusual needs may need this. Hopefully, we can
1036 * get rid of it eventually.
1037 */
1038 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1039 {
1040 phys_mem_alloc = alloc;
1041 }
1042
1043 static uint16_t phys_section_add(PhysPageMap *map,
1044 MemoryRegionSection *section)
1045 {
1046 /* The physical section number is ORed with a page-aligned
1047 * pointer to produce the iotlb entries. Thus it should
1048 * never overflow into the page-aligned value.
1049 */
1050 assert(map->sections_nb < TARGET_PAGE_SIZE);
1051
1052 if (map->sections_nb == map->sections_nb_alloc) {
1053 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1054 map->sections = g_renew(MemoryRegionSection, map->sections,
1055 map->sections_nb_alloc);
1056 }
1057 map->sections[map->sections_nb] = *section;
1058 memory_region_ref(section->mr);
1059 return map->sections_nb++;
1060 }
1061
1062 static void phys_section_destroy(MemoryRegion *mr)
1063 {
1064 bool have_sub_page = mr->subpage;
1065
1066 memory_region_unref(mr);
1067
1068 if (have_sub_page) {
1069 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1070 object_unref(OBJECT(&subpage->iomem));
1071 g_free(subpage);
1072 }
1073 }
1074
1075 static void phys_sections_free(PhysPageMap *map)
1076 {
1077 while (map->sections_nb > 0) {
1078 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1079 phys_section_destroy(section->mr);
1080 }
1081 g_free(map->sections);
1082 g_free(map->nodes);
1083 }
1084
1085 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1086 {
1087 subpage_t *subpage;
1088 hwaddr base = section->offset_within_address_space
1089 & TARGET_PAGE_MASK;
1090 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1091 d->map.nodes, d->map.sections);
1092 MemoryRegionSection subsection = {
1093 .offset_within_address_space = base,
1094 .size = int128_make64(TARGET_PAGE_SIZE),
1095 };
1096 hwaddr start, end;
1097
1098 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1099
1100 if (!(existing->mr->subpage)) {
1101 subpage = subpage_init(d->as, base);
1102 subsection.address_space = d->as;
1103 subsection.mr = &subpage->iomem;
1104 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1105 phys_section_add(&d->map, &subsection));
1106 } else {
1107 subpage = container_of(existing->mr, subpage_t, iomem);
1108 }
1109 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1110 end = start + int128_get64(section->size) - 1;
1111 subpage_register(subpage, start, end,
1112 phys_section_add(&d->map, section));
1113 }
1114
1115
1116 static void register_multipage(AddressSpaceDispatch *d,
1117 MemoryRegionSection *section)
1118 {
1119 hwaddr start_addr = section->offset_within_address_space;
1120 uint16_t section_index = phys_section_add(&d->map, section);
1121 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1122 TARGET_PAGE_BITS));
1123
1124 assert(num_pages);
1125 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1126 }
1127
1128 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1129 {
1130 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1131 AddressSpaceDispatch *d = as->next_dispatch;
1132 MemoryRegionSection now = *section, remain = *section;
1133 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1134
1135 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1136 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1137 - now.offset_within_address_space;
1138
1139 now.size = int128_min(int128_make64(left), now.size);
1140 register_subpage(d, &now);
1141 } else {
1142 now.size = int128_zero();
1143 }
1144 while (int128_ne(remain.size, now.size)) {
1145 remain.size = int128_sub(remain.size, now.size);
1146 remain.offset_within_address_space += int128_get64(now.size);
1147 remain.offset_within_region += int128_get64(now.size);
1148 now = remain;
1149 if (int128_lt(remain.size, page_size)) {
1150 register_subpage(d, &now);
1151 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1152 now.size = page_size;
1153 register_subpage(d, &now);
1154 } else {
1155 now.size = int128_and(now.size, int128_neg(page_size));
1156 register_multipage(d, &now);
1157 }
1158 }
1159 }
1160
1161 void qemu_flush_coalesced_mmio_buffer(void)
1162 {
1163 if (kvm_enabled())
1164 kvm_flush_coalesced_mmio_buffer();
1165 }
1166
1167 void qemu_mutex_lock_ramlist(void)
1168 {
1169 qemu_mutex_lock(&ram_list.mutex);
1170 }
1171
1172 void qemu_mutex_unlock_ramlist(void)
1173 {
1174 qemu_mutex_unlock(&ram_list.mutex);
1175 }
1176
1177 #ifdef __linux__
1178
1179 #include <sys/vfs.h>
1180
1181 #define HUGETLBFS_MAGIC 0x958458f6
1182
1183 static long gethugepagesize(const char *path, Error **errp)
1184 {
1185 struct statfs fs;
1186 int ret;
1187
1188 do {
1189 ret = statfs(path, &fs);
1190 } while (ret != 0 && errno == EINTR);
1191
1192 if (ret != 0) {
1193 error_setg_errno(errp, errno, "failed to get page size of file %s",
1194 path);
1195 return 0;
1196 }
1197
1198 return fs.f_bsize;
1199 }
1200
1201 static void *file_ram_alloc(RAMBlock *block,
1202 ram_addr_t memory,
1203 const char *path,
1204 Error **errp)
1205 {
1206 struct stat st;
1207 char *filename;
1208 char *sanitized_name;
1209 char *c;
1210 void *area;
1211 int fd;
1212 uint64_t hpagesize;
1213 Error *local_err = NULL;
1214
1215 hpagesize = gethugepagesize(path, &local_err);
1216 if (local_err) {
1217 error_propagate(errp, local_err);
1218 goto error;
1219 }
1220 block->mr->align = hpagesize;
1221
1222 if (memory < hpagesize) {
1223 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1224 "or larger than huge page size 0x%" PRIx64,
1225 memory, hpagesize);
1226 goto error;
1227 }
1228
1229 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1230 error_setg(errp,
1231 "host lacks kvm mmu notifiers, -mem-path unsupported");
1232 goto error;
1233 }
1234
1235 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1236 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1237 sanitized_name = g_strdup(memory_region_name(block->mr));
1238 for (c = sanitized_name; *c != '\0'; c++) {
1239 if (*c == '/') {
1240 *c = '_';
1241 }
1242 }
1243
1244 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1245 sanitized_name);
1246 g_free(sanitized_name);
1247
1248 fd = mkstemp(filename);
1249 if (fd >= 0) {
1250 unlink(filename);
1251 }
1252 g_free(filename);
1253 } else {
1254 fd = open(path, O_RDWR | O_CREAT, 0644);
1255 }
1256
1257 if (fd < 0) {
1258 error_setg_errno(errp, errno,
1259 "unable to create backing store for hugepages");
1260 goto error;
1261 }
1262
1263 memory = ROUND_UP(memory, hpagesize);
1264
1265 /*
1266 * ftruncate is not supported by hugetlbfs in older
1267 * hosts, so don't bother bailing out on errors.
1268 * If anything goes wrong with it under other filesystems,
1269 * mmap will fail.
1270 */
1271 if (ftruncate(fd, memory)) {
1272 perror("ftruncate");
1273 }
1274
1275 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
1276 if (area == MAP_FAILED) {
1277 error_setg_errno(errp, errno,
1278 "unable to map backing store for hugepages");
1279 close(fd);
1280 goto error;
1281 }
1282
1283 if (mem_prealloc) {
1284 os_mem_prealloc(fd, area, memory);
1285 }
1286
1287 block->fd = fd;
1288 return area;
1289
1290 error:
1291 return NULL;
1292 }
1293 #endif
1294
1295 /* Called with the ramlist lock held. */
1296 static ram_addr_t find_ram_offset(ram_addr_t size)
1297 {
1298 RAMBlock *block, *next_block;
1299 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1300
1301 assert(size != 0); /* it would hand out same offset multiple times */
1302
1303 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1304 return 0;
1305 }
1306
1307 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1308 ram_addr_t end, next = RAM_ADDR_MAX;
1309
1310 end = block->offset + block->max_length;
1311
1312 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1313 if (next_block->offset >= end) {
1314 next = MIN(next, next_block->offset);
1315 }
1316 }
1317 if (next - end >= size && next - end < mingap) {
1318 offset = end;
1319 mingap = next - end;
1320 }
1321 }
1322
1323 if (offset == RAM_ADDR_MAX) {
1324 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1325 (uint64_t)size);
1326 abort();
1327 }
1328
1329 return offset;
1330 }
1331
1332 ram_addr_t last_ram_offset(void)
1333 {
1334 RAMBlock *block;
1335 ram_addr_t last = 0;
1336
1337 rcu_read_lock();
1338 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1339 last = MAX(last, block->offset + block->max_length);
1340 }
1341 rcu_read_unlock();
1342 return last;
1343 }
1344
1345 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1346 {
1347 int ret;
1348
1349 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1350 if (!machine_dump_guest_core(current_machine)) {
1351 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1352 if (ret) {
1353 perror("qemu_madvise");
1354 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1355 "but dump_guest_core=off specified\n");
1356 }
1357 }
1358 }
1359
1360 /* Called within an RCU critical section, or while the ramlist lock
1361 * is held.
1362 */
1363 static RAMBlock *find_ram_block(ram_addr_t addr)
1364 {
1365 RAMBlock *block;
1366
1367 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1368 if (block->offset == addr) {
1369 return block;
1370 }
1371 }
1372
1373 return NULL;
1374 }
1375
1376 const char *qemu_ram_get_idstr(RAMBlock *rb)
1377 {
1378 return rb->idstr;
1379 }
1380
1381 /* Called with iothread lock held. */
1382 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1383 {
1384 RAMBlock *new_block, *block;
1385
1386 rcu_read_lock();
1387 new_block = find_ram_block(addr);
1388 assert(new_block);
1389 assert(!new_block->idstr[0]);
1390
1391 if (dev) {
1392 char *id = qdev_get_dev_path(dev);
1393 if (id) {
1394 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1395 g_free(id);
1396 }
1397 }
1398 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1399
1400 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1401 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1402 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1403 new_block->idstr);
1404 abort();
1405 }
1406 }
1407 rcu_read_unlock();
1408 }
1409
1410 /* Called with iothread lock held. */
1411 void qemu_ram_unset_idstr(ram_addr_t addr)
1412 {
1413 RAMBlock *block;
1414
1415 /* FIXME: arch_init.c assumes that this is not called throughout
1416 * migration. Ignore the problem since hot-unplug during migration
1417 * does not work anyway.
1418 */
1419
1420 rcu_read_lock();
1421 block = find_ram_block(addr);
1422 if (block) {
1423 memset(block->idstr, 0, sizeof(block->idstr));
1424 }
1425 rcu_read_unlock();
1426 }
1427
1428 static int memory_try_enable_merging(void *addr, size_t len)
1429 {
1430 if (!machine_mem_merge(current_machine)) {
1431 /* disabled by the user */
1432 return 0;
1433 }
1434
1435 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1436 }
1437
1438 /* Only legal before guest might have detected the memory size: e.g. on
1439 * incoming migration, or right after reset.
1440 *
1441 * As memory core doesn't know how is memory accessed, it is up to
1442 * resize callback to update device state and/or add assertions to detect
1443 * misuse, if necessary.
1444 */
1445 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1446 {
1447 RAMBlock *block = find_ram_block(base);
1448
1449 assert(block);
1450
1451 newsize = HOST_PAGE_ALIGN(newsize);
1452
1453 if (block->used_length == newsize) {
1454 return 0;
1455 }
1456
1457 if (!(block->flags & RAM_RESIZEABLE)) {
1458 error_setg_errno(errp, EINVAL,
1459 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1460 " in != 0x" RAM_ADDR_FMT, block->idstr,
1461 newsize, block->used_length);
1462 return -EINVAL;
1463 }
1464
1465 if (block->max_length < newsize) {
1466 error_setg_errno(errp, EINVAL,
1467 "Length too large: %s: 0x" RAM_ADDR_FMT
1468 " > 0x" RAM_ADDR_FMT, block->idstr,
1469 newsize, block->max_length);
1470 return -EINVAL;
1471 }
1472
1473 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1474 block->used_length = newsize;
1475 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1476 DIRTY_CLIENTS_ALL);
1477 memory_region_set_size(block->mr, newsize);
1478 if (block->resized) {
1479 block->resized(block->idstr, newsize, block->host);
1480 }
1481 return 0;
1482 }
1483
1484 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1485 {
1486 RAMBlock *block;
1487 RAMBlock *last_block = NULL;
1488 ram_addr_t old_ram_size, new_ram_size;
1489
1490 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1491
1492 qemu_mutex_lock_ramlist();
1493 new_block->offset = find_ram_offset(new_block->max_length);
1494
1495 if (!new_block->host) {
1496 if (xen_enabled()) {
1497 xen_ram_alloc(new_block->offset, new_block->max_length,
1498 new_block->mr);
1499 } else {
1500 new_block->host = phys_mem_alloc(new_block->max_length,
1501 &new_block->mr->align);
1502 if (!new_block->host) {
1503 error_setg_errno(errp, errno,
1504 "cannot set up guest memory '%s'",
1505 memory_region_name(new_block->mr));
1506 qemu_mutex_unlock_ramlist();
1507 return -1;
1508 }
1509 memory_try_enable_merging(new_block->host, new_block->max_length);
1510 }
1511 }
1512
1513 new_ram_size = MAX(old_ram_size,
1514 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1515 if (new_ram_size > old_ram_size) {
1516 migration_bitmap_extend(old_ram_size, new_ram_size);
1517 }
1518 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1519 * QLIST (which has an RCU-friendly variant) does not have insertion at
1520 * tail, so save the last element in last_block.
1521 */
1522 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1523 last_block = block;
1524 if (block->max_length < new_block->max_length) {
1525 break;
1526 }
1527 }
1528 if (block) {
1529 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1530 } else if (last_block) {
1531 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1532 } else { /* list is empty */
1533 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1534 }
1535 ram_list.mru_block = NULL;
1536
1537 /* Write list before version */
1538 smp_wmb();
1539 ram_list.version++;
1540 qemu_mutex_unlock_ramlist();
1541
1542 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1543
1544 if (new_ram_size > old_ram_size) {
1545 int i;
1546
1547 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1548 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1549 ram_list.dirty_memory[i] =
1550 bitmap_zero_extend(ram_list.dirty_memory[i],
1551 old_ram_size, new_ram_size);
1552 }
1553 }
1554 cpu_physical_memory_set_dirty_range(new_block->offset,
1555 new_block->used_length,
1556 DIRTY_CLIENTS_ALL);
1557
1558 if (new_block->host) {
1559 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1560 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1561 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1562 if (kvm_enabled()) {
1563 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1564 }
1565 }
1566
1567 return new_block->offset;
1568 }
1569
1570 #ifdef __linux__
1571 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1572 bool share, const char *mem_path,
1573 Error **errp)
1574 {
1575 RAMBlock *new_block;
1576 ram_addr_t addr;
1577 Error *local_err = NULL;
1578
1579 if (xen_enabled()) {
1580 error_setg(errp, "-mem-path not supported with Xen");
1581 return -1;
1582 }
1583
1584 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1585 /*
1586 * file_ram_alloc() needs to allocate just like
1587 * phys_mem_alloc, but we haven't bothered to provide
1588 * a hook there.
1589 */
1590 error_setg(errp,
1591 "-mem-path not supported with this accelerator");
1592 return -1;
1593 }
1594
1595 size = HOST_PAGE_ALIGN(size);
1596 new_block = g_malloc0(sizeof(*new_block));
1597 new_block->mr = mr;
1598 new_block->used_length = size;
1599 new_block->max_length = size;
1600 new_block->flags = share ? RAM_SHARED : 0;
1601 new_block->host = file_ram_alloc(new_block, size,
1602 mem_path, errp);
1603 if (!new_block->host) {
1604 g_free(new_block);
1605 return -1;
1606 }
1607
1608 addr = ram_block_add(new_block, &local_err);
1609 if (local_err) {
1610 g_free(new_block);
1611 error_propagate(errp, local_err);
1612 return -1;
1613 }
1614 return addr;
1615 }
1616 #endif
1617
1618 static
1619 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1620 void (*resized)(const char*,
1621 uint64_t length,
1622 void *host),
1623 void *host, bool resizeable,
1624 MemoryRegion *mr, Error **errp)
1625 {
1626 RAMBlock *new_block;
1627 ram_addr_t addr;
1628 Error *local_err = NULL;
1629
1630 size = HOST_PAGE_ALIGN(size);
1631 max_size = HOST_PAGE_ALIGN(max_size);
1632 new_block = g_malloc0(sizeof(*new_block));
1633 new_block->mr = mr;
1634 new_block->resized = resized;
1635 new_block->used_length = size;
1636 new_block->max_length = max_size;
1637 assert(max_size >= size);
1638 new_block->fd = -1;
1639 new_block->host = host;
1640 if (host) {
1641 new_block->flags |= RAM_PREALLOC;
1642 }
1643 if (resizeable) {
1644 new_block->flags |= RAM_RESIZEABLE;
1645 }
1646 addr = ram_block_add(new_block, &local_err);
1647 if (local_err) {
1648 g_free(new_block);
1649 error_propagate(errp, local_err);
1650 return -1;
1651 }
1652 return addr;
1653 }
1654
1655 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1656 MemoryRegion *mr, Error **errp)
1657 {
1658 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1659 }
1660
1661 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1662 {
1663 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1664 }
1665
1666 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1667 void (*resized)(const char*,
1668 uint64_t length,
1669 void *host),
1670 MemoryRegion *mr, Error **errp)
1671 {
1672 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1673 }
1674
1675 static void reclaim_ramblock(RAMBlock *block)
1676 {
1677 if (block->flags & RAM_PREALLOC) {
1678 ;
1679 } else if (xen_enabled()) {
1680 xen_invalidate_map_cache_entry(block->host);
1681 #ifndef _WIN32
1682 } else if (block->fd >= 0) {
1683 qemu_ram_munmap(block->host, block->max_length);
1684 close(block->fd);
1685 #endif
1686 } else {
1687 qemu_anon_ram_free(block->host, block->max_length);
1688 }
1689 g_free(block);
1690 }
1691
1692 void qemu_ram_free(ram_addr_t addr)
1693 {
1694 RAMBlock *block;
1695
1696 qemu_mutex_lock_ramlist();
1697 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1698 if (addr == block->offset) {
1699 QLIST_REMOVE_RCU(block, next);
1700 ram_list.mru_block = NULL;
1701 /* Write list before version */
1702 smp_wmb();
1703 ram_list.version++;
1704 call_rcu(block, reclaim_ramblock, rcu);
1705 break;
1706 }
1707 }
1708 qemu_mutex_unlock_ramlist();
1709 }
1710
1711 #ifndef _WIN32
1712 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1713 {
1714 RAMBlock *block;
1715 ram_addr_t offset;
1716 int flags;
1717 void *area, *vaddr;
1718
1719 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1720 offset = addr - block->offset;
1721 if (offset < block->max_length) {
1722 vaddr = ramblock_ptr(block, offset);
1723 if (block->flags & RAM_PREALLOC) {
1724 ;
1725 } else if (xen_enabled()) {
1726 abort();
1727 } else {
1728 flags = MAP_FIXED;
1729 if (block->fd >= 0) {
1730 flags |= (block->flags & RAM_SHARED ?
1731 MAP_SHARED : MAP_PRIVATE);
1732 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1733 flags, block->fd, offset);
1734 } else {
1735 /*
1736 * Remap needs to match alloc. Accelerators that
1737 * set phys_mem_alloc never remap. If they did,
1738 * we'd need a remap hook here.
1739 */
1740 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1741
1742 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1743 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1744 flags, -1, 0);
1745 }
1746 if (area != vaddr) {
1747 fprintf(stderr, "Could not remap addr: "
1748 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1749 length, addr);
1750 exit(1);
1751 }
1752 memory_try_enable_merging(vaddr, length);
1753 qemu_ram_setup_dump(vaddr, length);
1754 }
1755 }
1756 }
1757 }
1758 #endif /* !_WIN32 */
1759
1760 int qemu_get_ram_fd(ram_addr_t addr)
1761 {
1762 RAMBlock *block;
1763 int fd;
1764
1765 rcu_read_lock();
1766 block = qemu_get_ram_block(addr);
1767 fd = block->fd;
1768 rcu_read_unlock();
1769 return fd;
1770 }
1771
1772 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1773 {
1774 RAMBlock *block;
1775 void *ptr;
1776
1777 rcu_read_lock();
1778 block = qemu_get_ram_block(addr);
1779 ptr = ramblock_ptr(block, 0);
1780 rcu_read_unlock();
1781 return ptr;
1782 }
1783
1784 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1785 * This should not be used for general purpose DMA. Use address_space_map
1786 * or address_space_rw instead. For local memory (e.g. video ram) that the
1787 * device owns, use memory_region_get_ram_ptr.
1788 *
1789 * By the time this function returns, the returned pointer is not protected
1790 * by RCU anymore. If the caller is not within an RCU critical section and
1791 * does not hold the iothread lock, it must have other means of protecting the
1792 * pointer, such as a reference to the region that includes the incoming
1793 * ram_addr_t.
1794 */
1795 void *qemu_get_ram_ptr(ram_addr_t addr)
1796 {
1797 RAMBlock *block;
1798 void *ptr;
1799
1800 rcu_read_lock();
1801 block = qemu_get_ram_block(addr);
1802
1803 if (xen_enabled() && block->host == NULL) {
1804 /* We need to check if the requested address is in the RAM
1805 * because we don't want to map the entire memory in QEMU.
1806 * In that case just map until the end of the page.
1807 */
1808 if (block->offset == 0) {
1809 ptr = xen_map_cache(addr, 0, 0);
1810 goto unlock;
1811 }
1812
1813 block->host = xen_map_cache(block->offset, block->max_length, 1);
1814 }
1815 ptr = ramblock_ptr(block, addr - block->offset);
1816
1817 unlock:
1818 rcu_read_unlock();
1819 return ptr;
1820 }
1821
1822 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1823 * but takes a size argument.
1824 *
1825 * By the time this function returns, the returned pointer is not protected
1826 * by RCU anymore. If the caller is not within an RCU critical section and
1827 * does not hold the iothread lock, it must have other means of protecting the
1828 * pointer, such as a reference to the region that includes the incoming
1829 * ram_addr_t.
1830 */
1831 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1832 {
1833 void *ptr;
1834 if (*size == 0) {
1835 return NULL;
1836 }
1837 if (xen_enabled()) {
1838 return xen_map_cache(addr, *size, 1);
1839 } else {
1840 RAMBlock *block;
1841 rcu_read_lock();
1842 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1843 if (addr - block->offset < block->max_length) {
1844 if (addr - block->offset + *size > block->max_length)
1845 *size = block->max_length - addr + block->offset;
1846 ptr = ramblock_ptr(block, addr - block->offset);
1847 rcu_read_unlock();
1848 return ptr;
1849 }
1850 }
1851
1852 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1853 abort();
1854 }
1855 }
1856
1857 /*
1858 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1859 * in that RAMBlock.
1860 *
1861 * ptr: Host pointer to look up
1862 * round_offset: If true round the result offset down to a page boundary
1863 * *ram_addr: set to result ram_addr
1864 * *offset: set to result offset within the RAMBlock
1865 *
1866 * Returns: RAMBlock (or NULL if not found)
1867 *
1868 * By the time this function returns, the returned pointer is not protected
1869 * by RCU anymore. If the caller is not within an RCU critical section and
1870 * does not hold the iothread lock, it must have other means of protecting the
1871 * pointer, such as a reference to the region that includes the incoming
1872 * ram_addr_t.
1873 */
1874 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1875 ram_addr_t *ram_addr,
1876 ram_addr_t *offset)
1877 {
1878 RAMBlock *block;
1879 uint8_t *host = ptr;
1880
1881 if (xen_enabled()) {
1882 rcu_read_lock();
1883 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1884 block = qemu_get_ram_block(*ram_addr);
1885 if (block) {
1886 *offset = (host - block->host);
1887 }
1888 rcu_read_unlock();
1889 return block;
1890 }
1891
1892 rcu_read_lock();
1893 block = atomic_rcu_read(&ram_list.mru_block);
1894 if (block && block->host && host - block->host < block->max_length) {
1895 goto found;
1896 }
1897
1898 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1899 /* This case append when the block is not mapped. */
1900 if (block->host == NULL) {
1901 continue;
1902 }
1903 if (host - block->host < block->max_length) {
1904 goto found;
1905 }
1906 }
1907
1908 rcu_read_unlock();
1909 return NULL;
1910
1911 found:
1912 *offset = (host - block->host);
1913 if (round_offset) {
1914 *offset &= TARGET_PAGE_MASK;
1915 }
1916 *ram_addr = block->offset + *offset;
1917 rcu_read_unlock();
1918 return block;
1919 }
1920
1921 /*
1922 * Finds the named RAMBlock
1923 *
1924 * name: The name of RAMBlock to find
1925 *
1926 * Returns: RAMBlock (or NULL if not found)
1927 */
1928 RAMBlock *qemu_ram_block_by_name(const char *name)
1929 {
1930 RAMBlock *block;
1931
1932 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1933 if (!strcmp(name, block->idstr)) {
1934 return block;
1935 }
1936 }
1937
1938 return NULL;
1939 }
1940
1941 /* Some of the softmmu routines need to translate from a host pointer
1942 (typically a TLB entry) back to a ram offset. */
1943 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1944 {
1945 RAMBlock *block;
1946 ram_addr_t offset; /* Not used */
1947
1948 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
1949
1950 if (!block) {
1951 return NULL;
1952 }
1953
1954 return block->mr;
1955 }
1956
1957 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1958 uint64_t val, unsigned size)
1959 {
1960 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1961 tb_invalidate_phys_page_fast(ram_addr, size);
1962 }
1963 switch (size) {
1964 case 1:
1965 stb_p(qemu_get_ram_ptr(ram_addr), val);
1966 break;
1967 case 2:
1968 stw_p(qemu_get_ram_ptr(ram_addr), val);
1969 break;
1970 case 4:
1971 stl_p(qemu_get_ram_ptr(ram_addr), val);
1972 break;
1973 default:
1974 abort();
1975 }
1976 /* Set both VGA and migration bits for simplicity and to remove
1977 * the notdirty callback faster.
1978 */
1979 cpu_physical_memory_set_dirty_range(ram_addr, size,
1980 DIRTY_CLIENTS_NOCODE);
1981 /* we remove the notdirty callback only if the code has been
1982 flushed */
1983 if (!cpu_physical_memory_is_clean(ram_addr)) {
1984 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1985 }
1986 }
1987
1988 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1989 unsigned size, bool is_write)
1990 {
1991 return is_write;
1992 }
1993
1994 static const MemoryRegionOps notdirty_mem_ops = {
1995 .write = notdirty_mem_write,
1996 .valid.accepts = notdirty_mem_accepts,
1997 .endianness = DEVICE_NATIVE_ENDIAN,
1998 };
1999
2000 /* Generate a debug exception if a watchpoint has been hit. */
2001 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
2002 {
2003 CPUState *cpu = current_cpu;
2004 CPUArchState *env = cpu->env_ptr;
2005 target_ulong pc, cs_base;
2006 target_ulong vaddr;
2007 CPUWatchpoint *wp;
2008 int cpu_flags;
2009
2010 if (cpu->watchpoint_hit) {
2011 /* We re-entered the check after replacing the TB. Now raise
2012 * the debug interrupt so that is will trigger after the
2013 * current instruction. */
2014 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2015 return;
2016 }
2017 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2018 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2019 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2020 && (wp->flags & flags)) {
2021 if (flags == BP_MEM_READ) {
2022 wp->flags |= BP_WATCHPOINT_HIT_READ;
2023 } else {
2024 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2025 }
2026 wp->hitaddr = vaddr;
2027 wp->hitattrs = attrs;
2028 if (!cpu->watchpoint_hit) {
2029 cpu->watchpoint_hit = wp;
2030 tb_check_watchpoint(cpu);
2031 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2032 cpu->exception_index = EXCP_DEBUG;
2033 cpu_loop_exit(cpu);
2034 } else {
2035 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2036 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2037 cpu_resume_from_signal(cpu, NULL);
2038 }
2039 }
2040 } else {
2041 wp->flags &= ~BP_WATCHPOINT_HIT;
2042 }
2043 }
2044 }
2045
2046 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2047 so these check for a hit then pass through to the normal out-of-line
2048 phys routines. */
2049 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2050 unsigned size, MemTxAttrs attrs)
2051 {
2052 MemTxResult res;
2053 uint64_t data;
2054
2055 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2056 switch (size) {
2057 case 1:
2058 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2059 break;
2060 case 2:
2061 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2062 break;
2063 case 4:
2064 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2065 break;
2066 default: abort();
2067 }
2068 *pdata = data;
2069 return res;
2070 }
2071
2072 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2073 uint64_t val, unsigned size,
2074 MemTxAttrs attrs)
2075 {
2076 MemTxResult res;
2077
2078 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2079 switch (size) {
2080 case 1:
2081 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2082 break;
2083 case 2:
2084 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2085 break;
2086 case 4:
2087 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2088 break;
2089 default: abort();
2090 }
2091 return res;
2092 }
2093
2094 static const MemoryRegionOps watch_mem_ops = {
2095 .read_with_attrs = watch_mem_read,
2096 .write_with_attrs = watch_mem_write,
2097 .endianness = DEVICE_NATIVE_ENDIAN,
2098 };
2099
2100 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2101 unsigned len, MemTxAttrs attrs)
2102 {
2103 subpage_t *subpage = opaque;
2104 uint8_t buf[8];
2105 MemTxResult res;
2106
2107 #if defined(DEBUG_SUBPAGE)
2108 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2109 subpage, len, addr);
2110 #endif
2111 res = address_space_read(subpage->as, addr + subpage->base,
2112 attrs, buf, len);
2113 if (res) {
2114 return res;
2115 }
2116 switch (len) {
2117 case 1:
2118 *data = ldub_p(buf);
2119 return MEMTX_OK;
2120 case 2:
2121 *data = lduw_p(buf);
2122 return MEMTX_OK;
2123 case 4:
2124 *data = ldl_p(buf);
2125 return MEMTX_OK;
2126 case 8:
2127 *data = ldq_p(buf);
2128 return MEMTX_OK;
2129 default:
2130 abort();
2131 }
2132 }
2133
2134 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2135 uint64_t value, unsigned len, MemTxAttrs attrs)
2136 {
2137 subpage_t *subpage = opaque;
2138 uint8_t buf[8];
2139
2140 #if defined(DEBUG_SUBPAGE)
2141 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2142 " value %"PRIx64"\n",
2143 __func__, subpage, len, addr, value);
2144 #endif
2145 switch (len) {
2146 case 1:
2147 stb_p(buf, value);
2148 break;
2149 case 2:
2150 stw_p(buf, value);
2151 break;
2152 case 4:
2153 stl_p(buf, value);
2154 break;
2155 case 8:
2156 stq_p(buf, value);
2157 break;
2158 default:
2159 abort();
2160 }
2161 return address_space_write(subpage->as, addr + subpage->base,
2162 attrs, buf, len);
2163 }
2164
2165 static bool subpage_accepts(void *opaque, hwaddr addr,
2166 unsigned len, bool is_write)
2167 {
2168 subpage_t *subpage = opaque;
2169 #if defined(DEBUG_SUBPAGE)
2170 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2171 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2172 #endif
2173
2174 return address_space_access_valid(subpage->as, addr + subpage->base,
2175 len, is_write);
2176 }
2177
2178 static const MemoryRegionOps subpage_ops = {
2179 .read_with_attrs = subpage_read,
2180 .write_with_attrs = subpage_write,
2181 .impl.min_access_size = 1,
2182 .impl.max_access_size = 8,
2183 .valid.min_access_size = 1,
2184 .valid.max_access_size = 8,
2185 .valid.accepts = subpage_accepts,
2186 .endianness = DEVICE_NATIVE_ENDIAN,
2187 };
2188
2189 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2190 uint16_t section)
2191 {
2192 int idx, eidx;
2193
2194 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2195 return -1;
2196 idx = SUBPAGE_IDX(start);
2197 eidx = SUBPAGE_IDX(end);
2198 #if defined(DEBUG_SUBPAGE)
2199 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2200 __func__, mmio, start, end, idx, eidx, section);
2201 #endif
2202 for (; idx <= eidx; idx++) {
2203 mmio->sub_section[idx] = section;
2204 }
2205
2206 return 0;
2207 }
2208
2209 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2210 {
2211 subpage_t *mmio;
2212
2213 mmio = g_malloc0(sizeof(subpage_t));
2214
2215 mmio->as = as;
2216 mmio->base = base;
2217 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2218 NULL, TARGET_PAGE_SIZE);
2219 mmio->iomem.subpage = true;
2220 #if defined(DEBUG_SUBPAGE)
2221 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2222 mmio, base, TARGET_PAGE_SIZE);
2223 #endif
2224 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2225
2226 return mmio;
2227 }
2228
2229 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2230 MemoryRegion *mr)
2231 {
2232 assert(as);
2233 MemoryRegionSection section = {
2234 .address_space = as,
2235 .mr = mr,
2236 .offset_within_address_space = 0,
2237 .offset_within_region = 0,
2238 .size = int128_2_64(),
2239 };
2240
2241 return phys_section_add(map, &section);
2242 }
2243
2244 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2245 {
2246 CPUAddressSpace *cpuas = &cpu->cpu_ases[0];
2247 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2248 MemoryRegionSection *sections = d->map.sections;
2249
2250 return sections[index & ~TARGET_PAGE_MASK].mr;
2251 }
2252
2253 static void io_mem_init(void)
2254 {
2255 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2256 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2257 NULL, UINT64_MAX);
2258 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2259 NULL, UINT64_MAX);
2260 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2261 NULL, UINT64_MAX);
2262 }
2263
2264 static void mem_begin(MemoryListener *listener)
2265 {
2266 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2267 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2268 uint16_t n;
2269
2270 n = dummy_section(&d->map, as, &io_mem_unassigned);
2271 assert(n == PHYS_SECTION_UNASSIGNED);
2272 n = dummy_section(&d->map, as, &io_mem_notdirty);
2273 assert(n == PHYS_SECTION_NOTDIRTY);
2274 n = dummy_section(&d->map, as, &io_mem_rom);
2275 assert(n == PHYS_SECTION_ROM);
2276 n = dummy_section(&d->map, as, &io_mem_watch);
2277 assert(n == PHYS_SECTION_WATCH);
2278
2279 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2280 d->as = as;
2281 as->next_dispatch = d;
2282 }
2283
2284 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2285 {
2286 phys_sections_free(&d->map);
2287 g_free(d);
2288 }
2289
2290 static void mem_commit(MemoryListener *listener)
2291 {
2292 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2293 AddressSpaceDispatch *cur = as->dispatch;
2294 AddressSpaceDispatch *next = as->next_dispatch;
2295
2296 phys_page_compact_all(next, next->map.nodes_nb);
2297
2298 atomic_rcu_set(&as->dispatch, next);
2299 if (cur) {
2300 call_rcu(cur, address_space_dispatch_free, rcu);
2301 }
2302 }
2303
2304 static void tcg_commit(MemoryListener *listener)
2305 {
2306 CPUAddressSpace *cpuas;
2307 AddressSpaceDispatch *d;
2308
2309 /* since each CPU stores ram addresses in its TLB cache, we must
2310 reset the modified entries */
2311 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2312 cpu_reloading_memory_map();
2313 /* The CPU and TLB are protected by the iothread lock.
2314 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2315 * may have split the RCU critical section.
2316 */
2317 d = atomic_rcu_read(&cpuas->as->dispatch);
2318 cpuas->memory_dispatch = d;
2319 tlb_flush(cpuas->cpu, 1);
2320 }
2321
2322 void address_space_init_dispatch(AddressSpace *as)
2323 {
2324 as->dispatch = NULL;
2325 as->dispatch_listener = (MemoryListener) {
2326 .begin = mem_begin,
2327 .commit = mem_commit,
2328 .region_add = mem_add,
2329 .region_nop = mem_add,
2330 .priority = 0,
2331 };
2332 memory_listener_register(&as->dispatch_listener, as);
2333 }
2334
2335 void address_space_unregister(AddressSpace *as)
2336 {
2337 memory_listener_unregister(&as->dispatch_listener);
2338 }
2339
2340 void address_space_destroy_dispatch(AddressSpace *as)
2341 {
2342 AddressSpaceDispatch *d = as->dispatch;
2343
2344 atomic_rcu_set(&as->dispatch, NULL);
2345 if (d) {
2346 call_rcu(d, address_space_dispatch_free, rcu);
2347 }
2348 }
2349
2350 static void memory_map_init(void)
2351 {
2352 system_memory = g_malloc(sizeof(*system_memory));
2353
2354 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2355 address_space_init(&address_space_memory, system_memory, "memory");
2356
2357 system_io = g_malloc(sizeof(*system_io));
2358 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2359 65536);
2360 address_space_init(&address_space_io, system_io, "I/O");
2361 }
2362
2363 MemoryRegion *get_system_memory(void)
2364 {
2365 return system_memory;
2366 }
2367
2368 MemoryRegion *get_system_io(void)
2369 {
2370 return system_io;
2371 }
2372
2373 #endif /* !defined(CONFIG_USER_ONLY) */
2374
2375 /* physical memory access (slow version, mainly for debug) */
2376 #if defined(CONFIG_USER_ONLY)
2377 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2378 uint8_t *buf, int len, int is_write)
2379 {
2380 int l, flags;
2381 target_ulong page;
2382 void * p;
2383
2384 while (len > 0) {
2385 page = addr & TARGET_PAGE_MASK;
2386 l = (page + TARGET_PAGE_SIZE) - addr;
2387 if (l > len)
2388 l = len;
2389 flags = page_get_flags(page);
2390 if (!(flags & PAGE_VALID))
2391 return -1;
2392 if (is_write) {
2393 if (!(flags & PAGE_WRITE))
2394 return -1;
2395 /* XXX: this code should not depend on lock_user */
2396 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2397 return -1;
2398 memcpy(p, buf, l);
2399 unlock_user(p, addr, l);
2400 } else {
2401 if (!(flags & PAGE_READ))
2402 return -1;
2403 /* XXX: this code should not depend on lock_user */
2404 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2405 return -1;
2406 memcpy(buf, p, l);
2407 unlock_user(p, addr, 0);
2408 }
2409 len -= l;
2410 buf += l;
2411 addr += l;
2412 }
2413 return 0;
2414 }
2415
2416 #else
2417
2418 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2419 hwaddr length)
2420 {
2421 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2422 /* No early return if dirty_log_mask is or becomes 0, because
2423 * cpu_physical_memory_set_dirty_range will still call
2424 * xen_modified_memory.
2425 */
2426 if (dirty_log_mask) {
2427 dirty_log_mask =
2428 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2429 }
2430 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2431 tb_invalidate_phys_range(addr, addr + length);
2432 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2433 }
2434 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2435 }
2436
2437 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2438 {
2439 unsigned access_size_max = mr->ops->valid.max_access_size;
2440
2441 /* Regions are assumed to support 1-4 byte accesses unless
2442 otherwise specified. */
2443 if (access_size_max == 0) {
2444 access_size_max = 4;
2445 }
2446
2447 /* Bound the maximum access by the alignment of the address. */
2448 if (!mr->ops->impl.unaligned) {
2449 unsigned align_size_max = addr & -addr;
2450 if (align_size_max != 0 && align_size_max < access_size_max) {
2451 access_size_max = align_size_max;
2452 }
2453 }
2454
2455 /* Don't attempt accesses larger than the maximum. */
2456 if (l > access_size_max) {
2457 l = access_size_max;
2458 }
2459 l = pow2floor(l);
2460
2461 return l;
2462 }
2463
2464 static bool prepare_mmio_access(MemoryRegion *mr)
2465 {
2466 bool unlocked = !qemu_mutex_iothread_locked();
2467 bool release_lock = false;
2468
2469 if (unlocked && mr->global_locking) {
2470 qemu_mutex_lock_iothread();
2471 unlocked = false;
2472 release_lock = true;
2473 }
2474 if (mr->flush_coalesced_mmio) {
2475 if (unlocked) {
2476 qemu_mutex_lock_iothread();
2477 }
2478 qemu_flush_coalesced_mmio_buffer();
2479 if (unlocked) {
2480 qemu_mutex_unlock_iothread();
2481 }
2482 }
2483
2484 return release_lock;
2485 }
2486
2487 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2488 uint8_t *buf, int len, bool is_write)
2489 {
2490 hwaddr l;
2491 uint8_t *ptr;
2492 uint64_t val;
2493 hwaddr addr1;
2494 MemoryRegion *mr;
2495 MemTxResult result = MEMTX_OK;
2496 bool release_lock = false;
2497
2498 rcu_read_lock();
2499 while (len > 0) {
2500 l = len;
2501 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2502
2503 if (is_write) {
2504 if (!memory_access_is_direct(mr, is_write)) {
2505 release_lock |= prepare_mmio_access(mr);
2506 l = memory_access_size(mr, l, addr1);
2507 /* XXX: could force current_cpu to NULL to avoid
2508 potential bugs */
2509 switch (l) {
2510 case 8:
2511 /* 64 bit write access */
2512 val = ldq_p(buf);
2513 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2514 attrs);
2515 break;
2516 case 4:
2517 /* 32 bit write access */
2518 val = ldl_p(buf);
2519 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2520 attrs);
2521 break;
2522 case 2:
2523 /* 16 bit write access */
2524 val = lduw_p(buf);
2525 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2526 attrs);
2527 break;
2528 case 1:
2529 /* 8 bit write access */
2530 val = ldub_p(buf);
2531 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2532 attrs);
2533 break;
2534 default:
2535 abort();
2536 }
2537 } else {
2538 addr1 += memory_region_get_ram_addr(mr);
2539 /* RAM case */
2540 ptr = qemu_get_ram_ptr(addr1);
2541 memcpy(ptr, buf, l);
2542 invalidate_and_set_dirty(mr, addr1, l);
2543 }
2544 } else {
2545 if (!memory_access_is_direct(mr, is_write)) {
2546 /* I/O case */
2547 release_lock |= prepare_mmio_access(mr);
2548 l = memory_access_size(mr, l, addr1);
2549 switch (l) {
2550 case 8:
2551 /* 64 bit read access */
2552 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2553 attrs);
2554 stq_p(buf, val);
2555 break;
2556 case 4:
2557 /* 32 bit read access */
2558 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2559 attrs);
2560 stl_p(buf, val);
2561 break;
2562 case 2:
2563 /* 16 bit read access */
2564 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2565 attrs);
2566 stw_p(buf, val);
2567 break;
2568 case 1:
2569 /* 8 bit read access */
2570 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2571 attrs);
2572 stb_p(buf, val);
2573 break;
2574 default:
2575 abort();
2576 }
2577 } else {
2578 /* RAM case */
2579 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2580 memcpy(buf, ptr, l);
2581 }
2582 }
2583
2584 if (release_lock) {
2585 qemu_mutex_unlock_iothread();
2586 release_lock = false;
2587 }
2588
2589 len -= l;
2590 buf += l;
2591 addr += l;
2592 }
2593 rcu_read_unlock();
2594
2595 return result;
2596 }
2597
2598 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2599 const uint8_t *buf, int len)
2600 {
2601 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2602 }
2603
2604 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2605 uint8_t *buf, int len)
2606 {
2607 return address_space_rw(as, addr, attrs, buf, len, false);
2608 }
2609
2610
2611 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2612 int len, int is_write)
2613 {
2614 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2615 buf, len, is_write);
2616 }
2617
2618 enum write_rom_type {
2619 WRITE_DATA,
2620 FLUSH_CACHE,
2621 };
2622
2623 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2624 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2625 {
2626 hwaddr l;
2627 uint8_t *ptr;
2628 hwaddr addr1;
2629 MemoryRegion *mr;
2630
2631 rcu_read_lock();
2632 while (len > 0) {
2633 l = len;
2634 mr = address_space_translate(as, addr, &addr1, &l, true);
2635
2636 if (!(memory_region_is_ram(mr) ||
2637 memory_region_is_romd(mr))) {
2638 l = memory_access_size(mr, l, addr1);
2639 } else {
2640 addr1 += memory_region_get_ram_addr(mr);
2641 /* ROM/RAM case */
2642 ptr = qemu_get_ram_ptr(addr1);
2643 switch (type) {
2644 case WRITE_DATA:
2645 memcpy(ptr, buf, l);
2646 invalidate_and_set_dirty(mr, addr1, l);
2647 break;
2648 case FLUSH_CACHE:
2649 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2650 break;
2651 }
2652 }
2653 len -= l;
2654 buf += l;
2655 addr += l;
2656 }
2657 rcu_read_unlock();
2658 }
2659
2660 /* used for ROM loading : can write in RAM and ROM */
2661 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2662 const uint8_t *buf, int len)
2663 {
2664 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2665 }
2666
2667 void cpu_flush_icache_range(hwaddr start, int len)
2668 {
2669 /*
2670 * This function should do the same thing as an icache flush that was
2671 * triggered from within the guest. For TCG we are always cache coherent,
2672 * so there is no need to flush anything. For KVM / Xen we need to flush
2673 * the host's instruction cache at least.
2674 */
2675 if (tcg_enabled()) {
2676 return;
2677 }
2678
2679 cpu_physical_memory_write_rom_internal(&address_space_memory,
2680 start, NULL, len, FLUSH_CACHE);
2681 }
2682
2683 typedef struct {
2684 MemoryRegion *mr;
2685 void *buffer;
2686 hwaddr addr;
2687 hwaddr len;
2688 bool in_use;
2689 } BounceBuffer;
2690
2691 static BounceBuffer bounce;
2692
2693 typedef struct MapClient {
2694 QEMUBH *bh;
2695 QLIST_ENTRY(MapClient) link;
2696 } MapClient;
2697
2698 QemuMutex map_client_list_lock;
2699 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2700 = QLIST_HEAD_INITIALIZER(map_client_list);
2701
2702 static void cpu_unregister_map_client_do(MapClient *client)
2703 {
2704 QLIST_REMOVE(client, link);
2705 g_free(client);
2706 }
2707
2708 static void cpu_notify_map_clients_locked(void)
2709 {
2710 MapClient *client;
2711
2712 while (!QLIST_EMPTY(&map_client_list)) {
2713 client = QLIST_FIRST(&map_client_list);
2714 qemu_bh_schedule(client->bh);
2715 cpu_unregister_map_client_do(client);
2716 }
2717 }
2718
2719 void cpu_register_map_client(QEMUBH *bh)
2720 {
2721 MapClient *client = g_malloc(sizeof(*client));
2722
2723 qemu_mutex_lock(&map_client_list_lock);
2724 client->bh = bh;
2725 QLIST_INSERT_HEAD(&map_client_list, client, link);
2726 if (!atomic_read(&bounce.in_use)) {
2727 cpu_notify_map_clients_locked();
2728 }
2729 qemu_mutex_unlock(&map_client_list_lock);
2730 }
2731
2732 void cpu_exec_init_all(void)
2733 {
2734 qemu_mutex_init(&ram_list.mutex);
2735 io_mem_init();
2736 memory_map_init();
2737 qemu_mutex_init(&map_client_list_lock);
2738 }
2739
2740 void cpu_unregister_map_client(QEMUBH *bh)
2741 {
2742 MapClient *client;
2743
2744 qemu_mutex_lock(&map_client_list_lock);
2745 QLIST_FOREACH(client, &map_client_list, link) {
2746 if (client->bh == bh) {
2747 cpu_unregister_map_client_do(client);
2748 break;
2749 }
2750 }
2751 qemu_mutex_unlock(&map_client_list_lock);
2752 }
2753
2754 static void cpu_notify_map_clients(void)
2755 {
2756 qemu_mutex_lock(&map_client_list_lock);
2757 cpu_notify_map_clients_locked();
2758 qemu_mutex_unlock(&map_client_list_lock);
2759 }
2760
2761 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2762 {
2763 MemoryRegion *mr;
2764 hwaddr l, xlat;
2765
2766 rcu_read_lock();
2767 while (len > 0) {
2768 l = len;
2769 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2770 if (!memory_access_is_direct(mr, is_write)) {
2771 l = memory_access_size(mr, l, addr);
2772 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2773 return false;
2774 }
2775 }
2776
2777 len -= l;
2778 addr += l;
2779 }
2780 rcu_read_unlock();
2781 return true;
2782 }
2783
2784 /* Map a physical memory region into a host virtual address.
2785 * May map a subset of the requested range, given by and returned in *plen.
2786 * May return NULL if resources needed to perform the mapping are exhausted.
2787 * Use only for reads OR writes - not for read-modify-write operations.
2788 * Use cpu_register_map_client() to know when retrying the map operation is
2789 * likely to succeed.
2790 */
2791 void *address_space_map(AddressSpace *as,
2792 hwaddr addr,
2793 hwaddr *plen,
2794 bool is_write)
2795 {
2796 hwaddr len = *plen;
2797 hwaddr done = 0;
2798 hwaddr l, xlat, base;
2799 MemoryRegion *mr, *this_mr;
2800 ram_addr_t raddr;
2801
2802 if (len == 0) {
2803 return NULL;
2804 }
2805
2806 l = len;
2807 rcu_read_lock();
2808 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2809
2810 if (!memory_access_is_direct(mr, is_write)) {
2811 if (atomic_xchg(&bounce.in_use, true)) {
2812 rcu_read_unlock();
2813 return NULL;
2814 }
2815 /* Avoid unbounded allocations */
2816 l = MIN(l, TARGET_PAGE_SIZE);
2817 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2818 bounce.addr = addr;
2819 bounce.len = l;
2820
2821 memory_region_ref(mr);
2822 bounce.mr = mr;
2823 if (!is_write) {
2824 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2825 bounce.buffer, l);
2826 }
2827
2828 rcu_read_unlock();
2829 *plen = l;
2830 return bounce.buffer;
2831 }
2832
2833 base = xlat;
2834 raddr = memory_region_get_ram_addr(mr);
2835
2836 for (;;) {
2837 len -= l;
2838 addr += l;
2839 done += l;
2840 if (len == 0) {
2841 break;
2842 }
2843
2844 l = len;
2845 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2846 if (this_mr != mr || xlat != base + done) {
2847 break;
2848 }
2849 }
2850
2851 memory_region_ref(mr);
2852 rcu_read_unlock();
2853 *plen = done;
2854 return qemu_ram_ptr_length(raddr + base, plen);
2855 }
2856
2857 /* Unmaps a memory region previously mapped by address_space_map().
2858 * Will also mark the memory as dirty if is_write == 1. access_len gives
2859 * the amount of memory that was actually read or written by the caller.
2860 */
2861 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2862 int is_write, hwaddr access_len)
2863 {
2864 if (buffer != bounce.buffer) {
2865 MemoryRegion *mr;
2866 ram_addr_t addr1;
2867
2868 mr = qemu_ram_addr_from_host(buffer, &addr1);
2869 assert(mr != NULL);
2870 if (is_write) {
2871 invalidate_and_set_dirty(mr, addr1, access_len);
2872 }
2873 if (xen_enabled()) {
2874 xen_invalidate_map_cache_entry(buffer);
2875 }
2876 memory_region_unref(mr);
2877 return;
2878 }
2879 if (is_write) {
2880 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2881 bounce.buffer, access_len);
2882 }
2883 qemu_vfree(bounce.buffer);
2884 bounce.buffer = NULL;
2885 memory_region_unref(bounce.mr);
2886 atomic_mb_set(&bounce.in_use, false);
2887 cpu_notify_map_clients();
2888 }
2889
2890 void *cpu_physical_memory_map(hwaddr addr,
2891 hwaddr *plen,
2892 int is_write)
2893 {
2894 return address_space_map(&address_space_memory, addr, plen, is_write);
2895 }
2896
2897 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2898 int is_write, hwaddr access_len)
2899 {
2900 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2901 }
2902
2903 /* warning: addr must be aligned */
2904 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2905 MemTxAttrs attrs,
2906 MemTxResult *result,
2907 enum device_endian endian)
2908 {
2909 uint8_t *ptr;
2910 uint64_t val;
2911 MemoryRegion *mr;
2912 hwaddr l = 4;
2913 hwaddr addr1;
2914 MemTxResult r;
2915 bool release_lock = false;
2916
2917 rcu_read_lock();
2918 mr = address_space_translate(as, addr, &addr1, &l, false);
2919 if (l < 4 || !memory_access_is_direct(mr, false)) {
2920 release_lock |= prepare_mmio_access(mr);
2921
2922 /* I/O case */
2923 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2924 #if defined(TARGET_WORDS_BIGENDIAN)
2925 if (endian == DEVICE_LITTLE_ENDIAN) {
2926 val = bswap32(val);
2927 }
2928 #else
2929 if (endian == DEVICE_BIG_ENDIAN) {
2930 val = bswap32(val);
2931 }
2932 #endif
2933 } else {
2934 /* RAM case */
2935 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2936 & TARGET_PAGE_MASK)
2937 + addr1);
2938 switch (endian) {
2939 case DEVICE_LITTLE_ENDIAN:
2940 val = ldl_le_p(ptr);
2941 break;
2942 case DEVICE_BIG_ENDIAN:
2943 val = ldl_be_p(ptr);
2944 break;
2945 default:
2946 val = ldl_p(ptr);
2947 break;
2948 }
2949 r = MEMTX_OK;
2950 }
2951 if (result) {
2952 *result = r;
2953 }
2954 if (release_lock) {
2955 qemu_mutex_unlock_iothread();
2956 }
2957 rcu_read_unlock();
2958 return val;
2959 }
2960
2961 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2962 MemTxAttrs attrs, MemTxResult *result)
2963 {
2964 return address_space_ldl_internal(as, addr, attrs, result,
2965 DEVICE_NATIVE_ENDIAN);
2966 }
2967
2968 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2969 MemTxAttrs attrs, MemTxResult *result)
2970 {
2971 return address_space_ldl_internal(as, addr, attrs, result,
2972 DEVICE_LITTLE_ENDIAN);
2973 }
2974
2975 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2976 MemTxAttrs attrs, MemTxResult *result)
2977 {
2978 return address_space_ldl_internal(as, addr, attrs, result,
2979 DEVICE_BIG_ENDIAN);
2980 }
2981
2982 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2983 {
2984 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2985 }
2986
2987 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2988 {
2989 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2990 }
2991
2992 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2993 {
2994 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2995 }
2996
2997 /* warning: addr must be aligned */
2998 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2999 MemTxAttrs attrs,
3000 MemTxResult *result,
3001 enum device_endian endian)
3002 {
3003 uint8_t *ptr;
3004 uint64_t val;
3005 MemoryRegion *mr;
3006 hwaddr l = 8;
3007 hwaddr addr1;
3008 MemTxResult r;
3009 bool release_lock = false;
3010
3011 rcu_read_lock();
3012 mr = address_space_translate(as, addr, &addr1, &l,
3013 false);
3014 if (l < 8 || !memory_access_is_direct(mr, false)) {
3015 release_lock |= prepare_mmio_access(mr);
3016
3017 /* I/O case */
3018 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3019 #if defined(TARGET_WORDS_BIGENDIAN)
3020 if (endian == DEVICE_LITTLE_ENDIAN) {
3021 val = bswap64(val);
3022 }
3023 #else
3024 if (endian == DEVICE_BIG_ENDIAN) {
3025 val = bswap64(val);
3026 }
3027 #endif
3028 } else {
3029 /* RAM case */
3030 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3031 & TARGET_PAGE_MASK)
3032 + addr1);
3033 switch (endian) {
3034 case DEVICE_LITTLE_ENDIAN:
3035 val = ldq_le_p(ptr);
3036 break;
3037 case DEVICE_BIG_ENDIAN:
3038 val = ldq_be_p(ptr);
3039 break;
3040 default:
3041 val = ldq_p(ptr);
3042 break;
3043 }
3044 r = MEMTX_OK;
3045 }
3046 if (result) {
3047 *result = r;
3048 }
3049 if (release_lock) {
3050 qemu_mutex_unlock_iothread();
3051 }
3052 rcu_read_unlock();
3053 return val;
3054 }
3055
3056 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3057 MemTxAttrs attrs, MemTxResult *result)
3058 {
3059 return address_space_ldq_internal(as, addr, attrs, result,
3060 DEVICE_NATIVE_ENDIAN);
3061 }
3062
3063 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3064 MemTxAttrs attrs, MemTxResult *result)
3065 {
3066 return address_space_ldq_internal(as, addr, attrs, result,
3067 DEVICE_LITTLE_ENDIAN);
3068 }
3069
3070 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3071 MemTxAttrs attrs, MemTxResult *result)
3072 {
3073 return address_space_ldq_internal(as, addr, attrs, result,
3074 DEVICE_BIG_ENDIAN);
3075 }
3076
3077 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3078 {
3079 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3080 }
3081
3082 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3083 {
3084 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3085 }
3086
3087 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3088 {
3089 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3090 }
3091
3092 /* XXX: optimize */
3093 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3094 MemTxAttrs attrs, MemTxResult *result)
3095 {
3096 uint8_t val;
3097 MemTxResult r;
3098
3099 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3100 if (result) {
3101 *result = r;
3102 }
3103 return val;
3104 }
3105
3106 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3107 {
3108 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3109 }
3110
3111 /* warning: addr must be aligned */
3112 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3113 hwaddr addr,
3114 MemTxAttrs attrs,
3115 MemTxResult *result,
3116 enum device_endian endian)
3117 {
3118 uint8_t *ptr;
3119 uint64_t val;
3120 MemoryRegion *mr;
3121 hwaddr l = 2;
3122 hwaddr addr1;
3123 MemTxResult r;
3124 bool release_lock = false;
3125
3126 rcu_read_lock();
3127 mr = address_space_translate(as, addr, &addr1, &l,
3128 false);
3129 if (l < 2 || !memory_access_is_direct(mr, false)) {
3130 release_lock |= prepare_mmio_access(mr);
3131
3132 /* I/O case */
3133 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3134 #if defined(TARGET_WORDS_BIGENDIAN)
3135 if (endian == DEVICE_LITTLE_ENDIAN) {
3136 val = bswap16(val);
3137 }
3138 #else
3139 if (endian == DEVICE_BIG_ENDIAN) {
3140 val = bswap16(val);
3141 }
3142 #endif
3143 } else {
3144 /* RAM case */
3145 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3146 & TARGET_PAGE_MASK)
3147 + addr1);
3148 switch (endian) {
3149 case DEVICE_LITTLE_ENDIAN:
3150 val = lduw_le_p(ptr);
3151 break;
3152 case DEVICE_BIG_ENDIAN:
3153 val = lduw_be_p(ptr);
3154 break;
3155 default:
3156 val = lduw_p(ptr);
3157 break;
3158 }
3159 r = MEMTX_OK;
3160 }
3161 if (result) {
3162 *result = r;
3163 }
3164 if (release_lock) {
3165 qemu_mutex_unlock_iothread();
3166 }
3167 rcu_read_unlock();
3168 return val;
3169 }
3170
3171 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3172 MemTxAttrs attrs, MemTxResult *result)
3173 {
3174 return address_space_lduw_internal(as, addr, attrs, result,
3175 DEVICE_NATIVE_ENDIAN);
3176 }
3177
3178 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3179 MemTxAttrs attrs, MemTxResult *result)
3180 {
3181 return address_space_lduw_internal(as, addr, attrs, result,
3182 DEVICE_LITTLE_ENDIAN);
3183 }
3184
3185 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3186 MemTxAttrs attrs, MemTxResult *result)
3187 {
3188 return address_space_lduw_internal(as, addr, attrs, result,
3189 DEVICE_BIG_ENDIAN);
3190 }
3191
3192 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3193 {
3194 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3195 }
3196
3197 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3198 {
3199 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3200 }
3201
3202 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3203 {
3204 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3205 }
3206
3207 /* warning: addr must be aligned. The ram page is not masked as dirty
3208 and the code inside is not invalidated. It is useful if the dirty
3209 bits are used to track modified PTEs */
3210 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3211 MemTxAttrs attrs, MemTxResult *result)
3212 {
3213 uint8_t *ptr;
3214 MemoryRegion *mr;
3215 hwaddr l = 4;
3216 hwaddr addr1;
3217 MemTxResult r;
3218 uint8_t dirty_log_mask;
3219 bool release_lock = false;
3220
3221 rcu_read_lock();
3222 mr = address_space_translate(as, addr, &addr1, &l,
3223 true);
3224 if (l < 4 || !memory_access_is_direct(mr, true)) {
3225 release_lock |= prepare_mmio_access(mr);
3226
3227 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3228 } else {
3229 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3230 ptr = qemu_get_ram_ptr(addr1);
3231 stl_p(ptr, val);
3232
3233 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3234 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3235 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3236 r = MEMTX_OK;
3237 }
3238 if (result) {
3239 *result = r;
3240 }
3241 if (release_lock) {
3242 qemu_mutex_unlock_iothread();
3243 }
3244 rcu_read_unlock();
3245 }
3246
3247 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3248 {
3249 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3250 }
3251
3252 /* warning: addr must be aligned */
3253 static inline void address_space_stl_internal(AddressSpace *as,
3254 hwaddr addr, uint32_t val,
3255 MemTxAttrs attrs,
3256 MemTxResult *result,
3257 enum device_endian endian)
3258 {
3259 uint8_t *ptr;
3260 MemoryRegion *mr;
3261 hwaddr l = 4;
3262 hwaddr addr1;
3263 MemTxResult r;
3264 bool release_lock = false;
3265
3266 rcu_read_lock();
3267 mr = address_space_translate(as, addr, &addr1, &l,
3268 true);
3269 if (l < 4 || !memory_access_is_direct(mr, true)) {
3270 release_lock |= prepare_mmio_access(mr);
3271
3272 #if defined(TARGET_WORDS_BIGENDIAN)
3273 if (endian == DEVICE_LITTLE_ENDIAN) {
3274 val = bswap32(val);
3275 }
3276 #else
3277 if (endian == DEVICE_BIG_ENDIAN) {
3278 val = bswap32(val);
3279 }
3280 #endif
3281 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3282 } else {
3283 /* RAM case */
3284 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3285 ptr = qemu_get_ram_ptr(addr1);
3286 switch (endian) {
3287 case DEVICE_LITTLE_ENDIAN:
3288 stl_le_p(ptr, val);
3289 break;
3290 case DEVICE_BIG_ENDIAN:
3291 stl_be_p(ptr, val);
3292 break;
3293 default:
3294 stl_p(ptr, val);
3295 break;
3296 }
3297 invalidate_and_set_dirty(mr, addr1, 4);
3298 r = MEMTX_OK;
3299 }
3300 if (result) {
3301 *result = r;
3302 }
3303 if (release_lock) {
3304 qemu_mutex_unlock_iothread();
3305 }
3306 rcu_read_unlock();
3307 }
3308
3309 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3310 MemTxAttrs attrs, MemTxResult *result)
3311 {
3312 address_space_stl_internal(as, addr, val, attrs, result,
3313 DEVICE_NATIVE_ENDIAN);
3314 }
3315
3316 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3317 MemTxAttrs attrs, MemTxResult *result)
3318 {
3319 address_space_stl_internal(as, addr, val, attrs, result,
3320 DEVICE_LITTLE_ENDIAN);
3321 }
3322
3323 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3324 MemTxAttrs attrs, MemTxResult *result)
3325 {
3326 address_space_stl_internal(as, addr, val, attrs, result,
3327 DEVICE_BIG_ENDIAN);
3328 }
3329
3330 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3331 {
3332 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3333 }
3334
3335 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3336 {
3337 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3338 }
3339
3340 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3341 {
3342 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3343 }
3344
3345 /* XXX: optimize */
3346 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3347 MemTxAttrs attrs, MemTxResult *result)
3348 {
3349 uint8_t v = val;
3350 MemTxResult r;
3351
3352 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3353 if (result) {
3354 *result = r;
3355 }
3356 }
3357
3358 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3359 {
3360 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3361 }
3362
3363 /* warning: addr must be aligned */
3364 static inline void address_space_stw_internal(AddressSpace *as,
3365 hwaddr addr, uint32_t val,
3366 MemTxAttrs attrs,
3367 MemTxResult *result,
3368 enum device_endian endian)
3369 {
3370 uint8_t *ptr;
3371 MemoryRegion *mr;
3372 hwaddr l = 2;
3373 hwaddr addr1;
3374 MemTxResult r;
3375 bool release_lock = false;
3376
3377 rcu_read_lock();
3378 mr = address_space_translate(as, addr, &addr1, &l, true);
3379 if (l < 2 || !memory_access_is_direct(mr, true)) {
3380 release_lock |= prepare_mmio_access(mr);
3381
3382 #if defined(TARGET_WORDS_BIGENDIAN)
3383 if (endian == DEVICE_LITTLE_ENDIAN) {
3384 val = bswap16(val);
3385 }
3386 #else
3387 if (endian == DEVICE_BIG_ENDIAN) {
3388 val = bswap16(val);
3389 }
3390 #endif
3391 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3392 } else {
3393 /* RAM case */
3394 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3395 ptr = qemu_get_ram_ptr(addr1);
3396 switch (endian) {
3397 case DEVICE_LITTLE_ENDIAN:
3398 stw_le_p(ptr, val);
3399 break;
3400 case DEVICE_BIG_ENDIAN:
3401 stw_be_p(ptr, val);
3402 break;
3403 default:
3404 stw_p(ptr, val);
3405 break;
3406 }
3407 invalidate_and_set_dirty(mr, addr1, 2);
3408 r = MEMTX_OK;
3409 }
3410 if (result) {
3411 *result = r;
3412 }
3413 if (release_lock) {
3414 qemu_mutex_unlock_iothread();
3415 }
3416 rcu_read_unlock();
3417 }
3418
3419 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3420 MemTxAttrs attrs, MemTxResult *result)
3421 {
3422 address_space_stw_internal(as, addr, val, attrs, result,
3423 DEVICE_NATIVE_ENDIAN);
3424 }
3425
3426 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3427 MemTxAttrs attrs, MemTxResult *result)
3428 {
3429 address_space_stw_internal(as, addr, val, attrs, result,
3430 DEVICE_LITTLE_ENDIAN);
3431 }
3432
3433 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3434 MemTxAttrs attrs, MemTxResult *result)
3435 {
3436 address_space_stw_internal(as, addr, val, attrs, result,
3437 DEVICE_BIG_ENDIAN);
3438 }
3439
3440 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3441 {
3442 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3443 }
3444
3445 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3446 {
3447 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3448 }
3449
3450 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3451 {
3452 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3453 }
3454
3455 /* XXX: optimize */
3456 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3457 MemTxAttrs attrs, MemTxResult *result)
3458 {
3459 MemTxResult r;
3460 val = tswap64(val);
3461 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3462 if (result) {
3463 *result = r;
3464 }
3465 }
3466
3467 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3468 MemTxAttrs attrs, MemTxResult *result)
3469 {
3470 MemTxResult r;
3471 val = cpu_to_le64(val);
3472 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3473 if (result) {
3474 *result = r;
3475 }
3476 }
3477 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3478 MemTxAttrs attrs, MemTxResult *result)
3479 {
3480 MemTxResult r;
3481 val = cpu_to_be64(val);
3482 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3483 if (result) {
3484 *result = r;
3485 }
3486 }
3487
3488 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3489 {
3490 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3491 }
3492
3493 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3494 {
3495 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3496 }
3497
3498 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3499 {
3500 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3501 }
3502
3503 /* virtual memory access for debug (includes writing to ROM) */
3504 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3505 uint8_t *buf, int len, int is_write)
3506 {
3507 int l;
3508 hwaddr phys_addr;
3509 target_ulong page;
3510
3511 while (len > 0) {
3512 page = addr & TARGET_PAGE_MASK;
3513 phys_addr = cpu_get_phys_page_debug(cpu, page);
3514 /* if no physical page mapped, return an error */
3515 if (phys_addr == -1)
3516 return -1;
3517 l = (page + TARGET_PAGE_SIZE) - addr;
3518 if (l > len)
3519 l = len;
3520 phys_addr += (addr & ~TARGET_PAGE_MASK);
3521 if (is_write) {
3522 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3523 } else {
3524 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3525 buf, l, 0);
3526 }
3527 len -= l;
3528 buf += l;
3529 addr += l;
3530 }
3531 return 0;
3532 }
3533
3534 /*
3535 * Allows code that needs to deal with migration bitmaps etc to still be built
3536 * target independent.
3537 */
3538 size_t qemu_target_page_bits(void)
3539 {
3540 return TARGET_PAGE_BITS;
3541 }
3542
3543 #endif
3544
3545 /*
3546 * A helper function for the _utterly broken_ virtio device model to find out if
3547 * it's running on a big endian machine. Don't do this at home kids!
3548 */
3549 bool target_words_bigendian(void);
3550 bool target_words_bigendian(void)
3551 {
3552 #if defined(TARGET_WORDS_BIGENDIAN)
3553 return true;
3554 #else
3555 return false;
3556 #endif
3557 }
3558
3559 #ifndef CONFIG_USER_ONLY
3560 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3561 {
3562 MemoryRegion*mr;
3563 hwaddr l = 1;
3564 bool res;
3565
3566 rcu_read_lock();
3567 mr = address_space_translate(&address_space_memory,
3568 phys_addr, &phys_addr, &l, false);
3569
3570 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3571 rcu_read_unlock();
3572 return res;
3573 }
3574
3575 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3576 {
3577 RAMBlock *block;
3578 int ret = 0;
3579
3580 rcu_read_lock();
3581 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3582 ret = func(block->idstr, block->host, block->offset,
3583 block->used_length, opaque);
3584 if (ret) {
3585 break;
3586 }
3587 }
3588 rcu_read_unlock();
3589 return ret;
3590 }
3591 #endif
AR7 emulation for QEMU