Merge remote-tracking branch 'remotes/stefanha/tags/CVE-2015-3209-pcnet-tx-buffer...
[qemu/ar7.git] / exec.c
blob487583b1bdff0194a0cf9b6bf7605604bb11566b
1 /*
2 * Virtual page mapping
4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "exec/cputlb.h"
52 #include "translate-all.h"
54 #include "exec/memory-internal.h"
55 #include "exec/ram_addr.h"
57 #include "qemu/range.h"
59 //#define DEBUG_SUBPAGE
61 #if !defined(CONFIG_USER_ONLY)
62 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
63 * are protected by the ramlist lock.
65 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
67 static MemoryRegion *system_memory;
68 static MemoryRegion *system_io;
70 AddressSpace address_space_io;
71 AddressSpace address_space_memory;
73 MemoryRegion io_mem_rom, io_mem_notdirty;
74 static MemoryRegion io_mem_unassigned;
76 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
77 #define RAM_PREALLOC (1 << 0)
79 /* RAM is mmap-ed with MAP_SHARED */
80 #define RAM_SHARED (1 << 1)
82 /* Only a portion of RAM (used_length) is actually used, and migrated.
83 * This used_length size can change across reboots.
85 #define RAM_RESIZEABLE (1 << 2)
87 #endif
89 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
90 /* current CPU in the current thread. It is only valid inside
91 cpu_exec() */
92 DEFINE_TLS(CPUState *, current_cpu);
93 /* 0 = Do not count executed instructions.
94 1 = Precise instruction counting.
95 2 = Adaptive rate instruction counting. */
96 int use_icount;
98 #if !defined(CONFIG_USER_ONLY)
100 typedef struct PhysPageEntry PhysPageEntry;
102 struct PhysPageEntry {
103 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
104 uint32_t skip : 6;
105 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
106 uint32_t ptr : 26;
109 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
111 /* Size of the L2 (and L3, etc) page tables. */
112 #define ADDR_SPACE_BITS 64
114 #define P_L2_BITS 9
115 #define P_L2_SIZE (1 << P_L2_BITS)
117 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
119 typedef PhysPageEntry Node[P_L2_SIZE];
121 typedef struct PhysPageMap {
122 struct rcu_head rcu;
124 unsigned sections_nb;
125 unsigned sections_nb_alloc;
126 unsigned nodes_nb;
127 unsigned nodes_nb_alloc;
128 Node *nodes;
129 MemoryRegionSection *sections;
130 } PhysPageMap;
132 struct AddressSpaceDispatch {
133 struct rcu_head rcu;
135 /* This is a multi-level map on the physical address space.
136 * The bottom level has pointers to MemoryRegionSections.
138 PhysPageEntry phys_map;
139 PhysPageMap map;
140 AddressSpace *as;
143 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
144 typedef struct subpage_t {
145 MemoryRegion iomem;
146 AddressSpace *as;
147 hwaddr base;
148 uint16_t sub_section[TARGET_PAGE_SIZE];
149 } subpage_t;
151 #define PHYS_SECTION_UNASSIGNED 0
152 #define PHYS_SECTION_NOTDIRTY 1
153 #define PHYS_SECTION_ROM 2
154 #define PHYS_SECTION_WATCH 3
156 static void io_mem_init(void);
157 static void memory_map_init(void);
158 static void tcg_commit(MemoryListener *listener);
160 static MemoryRegion io_mem_watch;
161 #endif
163 #if !defined(CONFIG_USER_ONLY)
165 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
167 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
168 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
170 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
174 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
176 unsigned i;
177 uint32_t ret;
178 PhysPageEntry e;
179 PhysPageEntry *p;
181 ret = map->nodes_nb++;
182 p = map->nodes[ret];
183 assert(ret != PHYS_MAP_NODE_NIL);
184 assert(ret != map->nodes_nb_alloc);
186 e.skip = leaf ? 0 : 1;
187 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
188 for (i = 0; i < P_L2_SIZE; ++i) {
189 memcpy(&p[i], &e, sizeof(e));
191 return ret;
194 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
195 hwaddr *index, hwaddr *nb, uint16_t leaf,
196 int level)
198 PhysPageEntry *p;
199 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
201 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
202 lp->ptr = phys_map_node_alloc(map, level == 0);
204 p = map->nodes[lp->ptr];
205 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
207 while (*nb && lp < &p[P_L2_SIZE]) {
208 if ((*index & (step - 1)) == 0 && *nb >= step) {
209 lp->skip = 0;
210 lp->ptr = leaf;
211 *index += step;
212 *nb -= step;
213 } else {
214 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
216 ++lp;
220 static void phys_page_set(AddressSpaceDispatch *d,
221 hwaddr index, hwaddr nb,
222 uint16_t leaf)
224 /* Wildly overreserve - it doesn't matter much. */
225 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
227 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
230 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
231 * and update our entry so we can skip it and go directly to the destination.
233 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
235 unsigned valid_ptr = P_L2_SIZE;
236 int valid = 0;
237 PhysPageEntry *p;
238 int i;
240 if (lp->ptr == PHYS_MAP_NODE_NIL) {
241 return;
244 p = nodes[lp->ptr];
245 for (i = 0; i < P_L2_SIZE; i++) {
246 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
247 continue;
250 valid_ptr = i;
251 valid++;
252 if (p[i].skip) {
253 phys_page_compact(&p[i], nodes, compacted);
257 /* We can only compress if there's only one child. */
258 if (valid != 1) {
259 return;
262 assert(valid_ptr < P_L2_SIZE);
264 /* Don't compress if it won't fit in the # of bits we have. */
265 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
266 return;
269 lp->ptr = p[valid_ptr].ptr;
270 if (!p[valid_ptr].skip) {
271 /* If our only child is a leaf, make this a leaf. */
272 /* By design, we should have made this node a leaf to begin with so we
273 * should never reach here.
274 * But since it's so simple to handle this, let's do it just in case we
275 * change this rule.
277 lp->skip = 0;
278 } else {
279 lp->skip += p[valid_ptr].skip;
283 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
285 DECLARE_BITMAP(compacted, nodes_nb);
287 if (d->phys_map.skip) {
288 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
292 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
293 Node *nodes, MemoryRegionSection *sections)
295 PhysPageEntry *p;
296 hwaddr index = addr >> TARGET_PAGE_BITS;
297 int i;
299 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
300 if (lp.ptr == PHYS_MAP_NODE_NIL) {
301 return &sections[PHYS_SECTION_UNASSIGNED];
303 p = nodes[lp.ptr];
304 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
307 if (sections[lp.ptr].size.hi ||
308 range_covers_byte(sections[lp.ptr].offset_within_address_space,
309 sections[lp.ptr].size.lo, addr)) {
310 return &sections[lp.ptr];
311 } else {
312 return &sections[PHYS_SECTION_UNASSIGNED];
316 bool memory_region_is_unassigned(MemoryRegion *mr)
318 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
319 && mr != &io_mem_watch;
322 /* Called from RCU critical section */
323 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
324 hwaddr addr,
325 bool resolve_subpage)
327 MemoryRegionSection *section;
328 subpage_t *subpage;
330 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
331 if (resolve_subpage && section->mr->subpage) {
332 subpage = container_of(section->mr, subpage_t, iomem);
333 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
335 return section;
338 /* Called from RCU critical section */
339 static MemoryRegionSection *
340 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
341 hwaddr *plen, bool resolve_subpage)
343 MemoryRegionSection *section;
344 Int128 diff;
346 section = address_space_lookup_region(d, addr, resolve_subpage);
347 /* Compute offset within MemoryRegionSection */
348 addr -= section->offset_within_address_space;
350 /* Compute offset within MemoryRegion */
351 *xlat = addr + section->offset_within_region;
353 diff = int128_sub(section->mr->size, int128_make64(addr));
354 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
355 return section;
358 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
360 if (memory_region_is_ram(mr)) {
361 return !(is_write && mr->readonly);
363 if (memory_region_is_romd(mr)) {
364 return !is_write;
367 return false;
370 /* Called from RCU critical section */
371 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
372 hwaddr *xlat, hwaddr *plen,
373 bool is_write)
375 IOMMUTLBEntry iotlb;
376 MemoryRegionSection *section;
377 MemoryRegion *mr;
379 for (;;) {
380 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
381 section = address_space_translate_internal(d, addr, &addr, plen, true);
382 mr = section->mr;
384 if (!mr->iommu_ops) {
385 break;
388 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
389 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
390 | (addr & iotlb.addr_mask));
391 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
392 if (!(iotlb.perm & (1 << is_write))) {
393 mr = &io_mem_unassigned;
394 break;
397 as = iotlb.target_as;
400 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
401 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
402 *plen = MIN(page, *plen);
405 *xlat = addr;
406 return mr;
409 /* Called from RCU critical section */
410 MemoryRegionSection *
411 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
412 hwaddr *xlat, hwaddr *plen)
414 MemoryRegionSection *section;
415 section = address_space_translate_internal(cpu->memory_dispatch,
416 addr, xlat, plen, false);
418 assert(!section->mr->iommu_ops);
419 return section;
421 #endif
423 #if !defined(CONFIG_USER_ONLY)
425 static int cpu_common_post_load(void *opaque, int version_id)
427 CPUState *cpu = opaque;
429 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
430 version_id is increased. */
431 cpu->interrupt_request &= ~0x01;
432 tlb_flush(cpu, 1);
434 return 0;
437 static int cpu_common_pre_load(void *opaque)
439 CPUState *cpu = opaque;
441 cpu->exception_index = -1;
443 return 0;
446 static bool cpu_common_exception_index_needed(void *opaque)
448 CPUState *cpu = opaque;
450 return tcg_enabled() && cpu->exception_index != -1;
453 static const VMStateDescription vmstate_cpu_common_exception_index = {
454 .name = "cpu_common/exception_index",
455 .version_id = 1,
456 .minimum_version_id = 1,
457 .fields = (VMStateField[]) {
458 VMSTATE_INT32(exception_index, CPUState),
459 VMSTATE_END_OF_LIST()
463 const VMStateDescription vmstate_cpu_common = {
464 .name = "cpu_common",
465 .version_id = 1,
466 .minimum_version_id = 1,
467 .pre_load = cpu_common_pre_load,
468 .post_load = cpu_common_post_load,
469 .fields = (VMStateField[]) {
470 VMSTATE_UINT32(halted, CPUState),
471 VMSTATE_UINT32(interrupt_request, CPUState),
472 VMSTATE_END_OF_LIST()
474 .subsections = (VMStateSubsection[]) {
476 .vmsd = &vmstate_cpu_common_exception_index,
477 .needed = cpu_common_exception_index_needed,
478 } , {
479 /* empty */
484 #endif
486 CPUState *qemu_get_cpu(int index)
488 CPUState *cpu;
490 CPU_FOREACH(cpu) {
491 if (cpu->cpu_index == index) {
492 return cpu;
496 return NULL;
499 #if !defined(CONFIG_USER_ONLY)
500 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
502 /* We only support one address space per cpu at the moment. */
503 assert(cpu->as == as);
505 if (cpu->tcg_as_listener) {
506 memory_listener_unregister(cpu->tcg_as_listener);
507 } else {
508 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
510 cpu->tcg_as_listener->commit = tcg_commit;
511 memory_listener_register(cpu->tcg_as_listener, as);
513 #endif
515 void cpu_exec_init(CPUArchState *env)
517 CPUState *cpu = ENV_GET_CPU(env);
518 CPUClass *cc = CPU_GET_CLASS(cpu);
519 CPUState *some_cpu;
520 int cpu_index;
522 #if defined(CONFIG_USER_ONLY)
523 cpu_list_lock();
524 #endif
525 cpu_index = 0;
526 CPU_FOREACH(some_cpu) {
527 cpu_index++;
529 cpu->cpu_index = cpu_index;
530 cpu->numa_node = 0;
531 QTAILQ_INIT(&cpu->breakpoints);
532 QTAILQ_INIT(&cpu->watchpoints);
533 #ifndef CONFIG_USER_ONLY
534 cpu->as = &address_space_memory;
535 cpu->thread_id = qemu_get_thread_id();
536 cpu_reload_memory_map(cpu);
537 #endif
538 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
539 #if defined(CONFIG_USER_ONLY)
540 cpu_list_unlock();
541 #endif
542 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
543 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
545 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
546 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
547 cpu_save, cpu_load, env);
548 assert(cc->vmsd == NULL);
549 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
550 #endif
551 if (cc->vmsd != NULL) {
552 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
556 #if defined(CONFIG_USER_ONLY)
557 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
559 tb_invalidate_phys_page_range(pc, pc + 1, 0);
561 #else
562 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
564 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
565 if (phys != -1) {
566 tb_invalidate_phys_addr(cpu->as,
567 phys | (pc & ~TARGET_PAGE_MASK));
570 #endif
572 #if defined(CONFIG_USER_ONLY)
573 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
578 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
579 int flags)
581 return -ENOSYS;
584 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
588 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
589 int flags, CPUWatchpoint **watchpoint)
591 return -ENOSYS;
593 #else
594 /* Add a watchpoint. */
595 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
596 int flags, CPUWatchpoint **watchpoint)
598 CPUWatchpoint *wp;
600 /* forbid ranges which are empty or run off the end of the address space */
601 if (len == 0 || (addr + len - 1) < addr) {
602 error_report("tried to set invalid watchpoint at %"
603 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
604 return -EINVAL;
606 wp = g_malloc(sizeof(*wp));
608 wp->vaddr = addr;
609 wp->len = len;
610 wp->flags = flags;
612 /* keep all GDB-injected watchpoints in front */
613 if (flags & BP_GDB) {
614 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
615 } else {
616 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
619 tlb_flush_page(cpu, addr);
621 if (watchpoint)
622 *watchpoint = wp;
623 return 0;
626 /* Remove a specific watchpoint. */
627 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
628 int flags)
630 CPUWatchpoint *wp;
632 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
633 if (addr == wp->vaddr && len == wp->len
634 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
635 cpu_watchpoint_remove_by_ref(cpu, wp);
636 return 0;
639 return -ENOENT;
642 /* Remove a specific watchpoint by reference. */
643 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
645 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
647 tlb_flush_page(cpu, watchpoint->vaddr);
649 g_free(watchpoint);
652 /* Remove all matching watchpoints. */
653 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
655 CPUWatchpoint *wp, *next;
657 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
658 if (wp->flags & mask) {
659 cpu_watchpoint_remove_by_ref(cpu, wp);
664 /* Return true if this watchpoint address matches the specified
665 * access (ie the address range covered by the watchpoint overlaps
666 * partially or completely with the address range covered by the
667 * access).
669 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
670 vaddr addr,
671 vaddr len)
673 /* We know the lengths are non-zero, but a little caution is
674 * required to avoid errors in the case where the range ends
675 * exactly at the top of the address space and so addr + len
676 * wraps round to zero.
678 vaddr wpend = wp->vaddr + wp->len - 1;
679 vaddr addrend = addr + len - 1;
681 return !(addr > wpend || wp->vaddr > addrend);
684 #endif
686 /* Add a breakpoint. */
687 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
688 CPUBreakpoint **breakpoint)
690 CPUBreakpoint *bp;
692 bp = g_malloc(sizeof(*bp));
694 bp->pc = pc;
695 bp->flags = flags;
697 /* keep all GDB-injected breakpoints in front */
698 if (flags & BP_GDB) {
699 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
700 } else {
701 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
704 breakpoint_invalidate(cpu, pc);
706 if (breakpoint) {
707 *breakpoint = bp;
709 return 0;
712 /* Remove a specific breakpoint. */
713 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
715 CPUBreakpoint *bp;
717 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
718 if (bp->pc == pc && bp->flags == flags) {
719 cpu_breakpoint_remove_by_ref(cpu, bp);
720 return 0;
723 return -ENOENT;
726 /* Remove a specific breakpoint by reference. */
727 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
729 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
731 breakpoint_invalidate(cpu, breakpoint->pc);
733 g_free(breakpoint);
736 /* Remove all matching breakpoints. */
737 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
739 CPUBreakpoint *bp, *next;
741 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
742 if (bp->flags & mask) {
743 cpu_breakpoint_remove_by_ref(cpu, bp);
748 /* enable or disable single step mode. EXCP_DEBUG is returned by the
749 CPU loop after each instruction */
750 void cpu_single_step(CPUState *cpu, int enabled)
752 if (cpu->singlestep_enabled != enabled) {
753 cpu->singlestep_enabled = enabled;
754 if (kvm_enabled()) {
755 kvm_update_guest_debug(cpu, 0);
756 } else {
757 /* must flush all the translated code to avoid inconsistencies */
758 /* XXX: only flush what is necessary */
759 CPUArchState *env = cpu->env_ptr;
760 tb_flush(env);
765 void cpu_abort(CPUState *cpu, const char *fmt, ...)
767 va_list ap;
768 va_list ap2;
770 va_start(ap, fmt);
771 va_copy(ap2, ap);
772 fprintf(stderr, "qemu: fatal: ");
773 vfprintf(stderr, fmt, ap);
774 fprintf(stderr, "\n");
775 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
776 if (qemu_log_enabled()) {
777 qemu_log("qemu: fatal: ");
778 qemu_log_vprintf(fmt, ap2);
779 qemu_log("\n");
780 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
781 qemu_log_flush();
782 qemu_log_close();
784 va_end(ap2);
785 va_end(ap);
786 #if defined(CONFIG_USER_ONLY)
788 struct sigaction act;
789 sigfillset(&act.sa_mask);
790 act.sa_handler = SIG_DFL;
791 sigaction(SIGABRT, &act, NULL);
793 #endif
794 abort();
797 #if !defined(CONFIG_USER_ONLY)
798 /* Called from RCU critical section */
799 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
801 RAMBlock *block;
803 block = atomic_rcu_read(&ram_list.mru_block);
804 if (block && addr - block->offset < block->max_length) {
805 goto found;
807 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
808 if (addr - block->offset < block->max_length) {
809 goto found;
813 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
814 abort();
816 found:
817 /* It is safe to write mru_block outside the iothread lock. This
818 * is what happens:
820 * mru_block = xxx
821 * rcu_read_unlock()
822 * xxx removed from list
823 * rcu_read_lock()
824 * read mru_block
825 * mru_block = NULL;
826 * call_rcu(reclaim_ramblock, xxx);
827 * rcu_read_unlock()
829 * atomic_rcu_set is not needed here. The block was already published
830 * when it was placed into the list. Here we're just making an extra
831 * copy of the pointer.
833 ram_list.mru_block = block;
834 return block;
837 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
839 ram_addr_t start1;
840 RAMBlock *block;
841 ram_addr_t end;
843 end = TARGET_PAGE_ALIGN(start + length);
844 start &= TARGET_PAGE_MASK;
846 rcu_read_lock();
847 block = qemu_get_ram_block(start);
848 assert(block == qemu_get_ram_block(end - 1));
849 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
850 cpu_tlb_reset_dirty_all(start1, length);
851 rcu_read_unlock();
854 /* Note: start and end must be within the same ram block. */
855 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
856 ram_addr_t length,
857 unsigned client)
859 unsigned long end, page;
860 bool dirty;
862 if (length == 0) {
863 return false;
866 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
867 page = start >> TARGET_PAGE_BITS;
868 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
869 page, end - page);
871 if (dirty && tcg_enabled()) {
872 tlb_reset_dirty_range_all(start, length);
875 return dirty;
878 /* Called from RCU critical section */
879 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
880 MemoryRegionSection *section,
881 target_ulong vaddr,
882 hwaddr paddr, hwaddr xlat,
883 int prot,
884 target_ulong *address)
886 hwaddr iotlb;
887 CPUWatchpoint *wp;
889 if (memory_region_is_ram(section->mr)) {
890 /* Normal RAM. */
891 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
892 + xlat;
893 if (!section->readonly) {
894 iotlb |= PHYS_SECTION_NOTDIRTY;
895 } else {
896 iotlb |= PHYS_SECTION_ROM;
898 } else {
899 iotlb = section - section->address_space->dispatch->map.sections;
900 iotlb += xlat;
903 /* Make accesses to pages with watchpoints go via the
904 watchpoint trap routines. */
905 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
906 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
907 /* Avoid trapping reads of pages with a write breakpoint. */
908 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
909 iotlb = PHYS_SECTION_WATCH + paddr;
910 *address |= TLB_MMIO;
911 break;
916 return iotlb;
918 #endif /* defined(CONFIG_USER_ONLY) */
920 #if !defined(CONFIG_USER_ONLY)
922 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
923 uint16_t section);
924 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
926 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
927 qemu_anon_ram_alloc;
930 * Set a custom physical guest memory alloator.
931 * Accelerators with unusual needs may need this. Hopefully, we can
932 * get rid of it eventually.
934 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
936 phys_mem_alloc = alloc;
939 static uint16_t phys_section_add(PhysPageMap *map,
940 MemoryRegionSection *section)
942 /* The physical section number is ORed with a page-aligned
943 * pointer to produce the iotlb entries. Thus it should
944 * never overflow into the page-aligned value.
946 assert(map->sections_nb < TARGET_PAGE_SIZE);
948 if (map->sections_nb == map->sections_nb_alloc) {
949 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
950 map->sections = g_renew(MemoryRegionSection, map->sections,
951 map->sections_nb_alloc);
953 map->sections[map->sections_nb] = *section;
954 memory_region_ref(section->mr);
955 return map->sections_nb++;
958 static void phys_section_destroy(MemoryRegion *mr)
960 memory_region_unref(mr);
962 if (mr->subpage) {
963 subpage_t *subpage = container_of(mr, subpage_t, iomem);
964 object_unref(OBJECT(&subpage->iomem));
965 g_free(subpage);
969 static void phys_sections_free(PhysPageMap *map)
971 while (map->sections_nb > 0) {
972 MemoryRegionSection *section = &map->sections[--map->sections_nb];
973 phys_section_destroy(section->mr);
975 g_free(map->sections);
976 g_free(map->nodes);
979 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
981 subpage_t *subpage;
982 hwaddr base = section->offset_within_address_space
983 & TARGET_PAGE_MASK;
984 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
985 d->map.nodes, d->map.sections);
986 MemoryRegionSection subsection = {
987 .offset_within_address_space = base,
988 .size = int128_make64(TARGET_PAGE_SIZE),
990 hwaddr start, end;
992 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
994 if (!(existing->mr->subpage)) {
995 subpage = subpage_init(d->as, base);
996 subsection.address_space = d->as;
997 subsection.mr = &subpage->iomem;
998 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
999 phys_section_add(&d->map, &subsection));
1000 } else {
1001 subpage = container_of(existing->mr, subpage_t, iomem);
1003 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1004 end = start + int128_get64(section->size) - 1;
1005 subpage_register(subpage, start, end,
1006 phys_section_add(&d->map, section));
1010 static void register_multipage(AddressSpaceDispatch *d,
1011 MemoryRegionSection *section)
1013 hwaddr start_addr = section->offset_within_address_space;
1014 uint16_t section_index = phys_section_add(&d->map, section);
1015 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1016 TARGET_PAGE_BITS));
1018 assert(num_pages);
1019 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1022 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1024 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1025 AddressSpaceDispatch *d = as->next_dispatch;
1026 MemoryRegionSection now = *section, remain = *section;
1027 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1029 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1030 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1031 - now.offset_within_address_space;
1033 now.size = int128_min(int128_make64(left), now.size);
1034 register_subpage(d, &now);
1035 } else {
1036 now.size = int128_zero();
1038 while (int128_ne(remain.size, now.size)) {
1039 remain.size = int128_sub(remain.size, now.size);
1040 remain.offset_within_address_space += int128_get64(now.size);
1041 remain.offset_within_region += int128_get64(now.size);
1042 now = remain;
1043 if (int128_lt(remain.size, page_size)) {
1044 register_subpage(d, &now);
1045 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1046 now.size = page_size;
1047 register_subpage(d, &now);
1048 } else {
1049 now.size = int128_and(now.size, int128_neg(page_size));
1050 register_multipage(d, &now);
1055 void qemu_flush_coalesced_mmio_buffer(void)
1057 if (kvm_enabled())
1058 kvm_flush_coalesced_mmio_buffer();
1061 void qemu_mutex_lock_ramlist(void)
1063 qemu_mutex_lock(&ram_list.mutex);
1066 void qemu_mutex_unlock_ramlist(void)
1068 qemu_mutex_unlock(&ram_list.mutex);
1071 #ifdef __linux__
1073 #include <sys/vfs.h>
1075 #define HUGETLBFS_MAGIC 0x958458f6
1077 static long gethugepagesize(const char *path, Error **errp)
1079 struct statfs fs;
1080 int ret;
1082 do {
1083 ret = statfs(path, &fs);
1084 } while (ret != 0 && errno == EINTR);
1086 if (ret != 0) {
1087 error_setg_errno(errp, errno, "failed to get page size of file %s",
1088 path);
1089 return 0;
1092 if (fs.f_type != HUGETLBFS_MAGIC)
1093 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1095 return fs.f_bsize;
1098 static void *file_ram_alloc(RAMBlock *block,
1099 ram_addr_t memory,
1100 const char *path,
1101 Error **errp)
1103 char *filename;
1104 char *sanitized_name;
1105 char *c;
1106 void *area = NULL;
1107 int fd;
1108 uint64_t hpagesize;
1109 Error *local_err = NULL;
1111 hpagesize = gethugepagesize(path, &local_err);
1112 if (local_err) {
1113 error_propagate(errp, local_err);
1114 goto error;
1116 block->mr->align = hpagesize;
1118 if (memory < hpagesize) {
1119 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1120 "or larger than huge page size 0x%" PRIx64,
1121 memory, hpagesize);
1122 goto error;
1125 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1126 error_setg(errp,
1127 "host lacks kvm mmu notifiers, -mem-path unsupported");
1128 goto error;
1131 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1132 sanitized_name = g_strdup(memory_region_name(block->mr));
1133 for (c = sanitized_name; *c != '\0'; c++) {
1134 if (*c == '/')
1135 *c = '_';
1138 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1139 sanitized_name);
1140 g_free(sanitized_name);
1142 fd = mkstemp(filename);
1143 if (fd < 0) {
1144 error_setg_errno(errp, errno,
1145 "unable to create backing store for hugepages");
1146 g_free(filename);
1147 goto error;
1149 unlink(filename);
1150 g_free(filename);
1152 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1155 * ftruncate is not supported by hugetlbfs in older
1156 * hosts, so don't bother bailing out on errors.
1157 * If anything goes wrong with it under other filesystems,
1158 * mmap will fail.
1160 if (ftruncate(fd, memory)) {
1161 perror("ftruncate");
1164 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1165 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1166 fd, 0);
1167 if (area == MAP_FAILED) {
1168 error_setg_errno(errp, errno,
1169 "unable to map backing store for hugepages");
1170 close(fd);
1171 goto error;
1174 if (mem_prealloc) {
1175 os_mem_prealloc(fd, area, memory);
1178 block->fd = fd;
1179 return area;
1181 error:
1182 if (mem_prealloc) {
1183 error_report("%s", error_get_pretty(*errp));
1184 exit(1);
1186 return NULL;
1188 #endif
1190 /* Called with the ramlist lock held. */
1191 static ram_addr_t find_ram_offset(ram_addr_t size)
1193 RAMBlock *block, *next_block;
1194 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1196 assert(size != 0); /* it would hand out same offset multiple times */
1198 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1199 return 0;
1202 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1203 ram_addr_t end, next = RAM_ADDR_MAX;
1205 end = block->offset + block->max_length;
1207 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1208 if (next_block->offset >= end) {
1209 next = MIN(next, next_block->offset);
1212 if (next - end >= size && next - end < mingap) {
1213 offset = end;
1214 mingap = next - end;
1218 if (offset == RAM_ADDR_MAX) {
1219 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1220 (uint64_t)size);
1221 abort();
1224 return offset;
1227 ram_addr_t last_ram_offset(void)
1229 RAMBlock *block;
1230 ram_addr_t last = 0;
1232 rcu_read_lock();
1233 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1234 last = MAX(last, block->offset + block->max_length);
1236 rcu_read_unlock();
1237 return last;
1240 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1242 int ret;
1244 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1245 if (!machine_dump_guest_core(current_machine)) {
1246 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1247 if (ret) {
1248 perror("qemu_madvise");
1249 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1250 "but dump_guest_core=off specified\n");
1255 /* Called within an RCU critical section, or while the ramlist lock
1256 * is held.
1258 static RAMBlock *find_ram_block(ram_addr_t addr)
1260 RAMBlock *block;
1262 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1263 if (block->offset == addr) {
1264 return block;
1268 return NULL;
1271 /* Called with iothread lock held. */
1272 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1274 RAMBlock *new_block, *block;
1276 rcu_read_lock();
1277 new_block = find_ram_block(addr);
1278 assert(new_block);
1279 assert(!new_block->idstr[0]);
1281 if (dev) {
1282 char *id = qdev_get_dev_path(dev);
1283 if (id) {
1284 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1285 g_free(id);
1288 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1290 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1291 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1292 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1293 new_block->idstr);
1294 abort();
1297 rcu_read_unlock();
1300 /* Called with iothread lock held. */
1301 void qemu_ram_unset_idstr(ram_addr_t addr)
1303 RAMBlock *block;
1305 /* FIXME: arch_init.c assumes that this is not called throughout
1306 * migration. Ignore the problem since hot-unplug during migration
1307 * does not work anyway.
1310 rcu_read_lock();
1311 block = find_ram_block(addr);
1312 if (block) {
1313 memset(block->idstr, 0, sizeof(block->idstr));
1315 rcu_read_unlock();
1318 static int memory_try_enable_merging(void *addr, size_t len)
1320 if (!machine_mem_merge(current_machine)) {
1321 /* disabled by the user */
1322 return 0;
1325 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1328 /* Only legal before guest might have detected the memory size: e.g. on
1329 * incoming migration, or right after reset.
1331 * As memory core doesn't know how is memory accessed, it is up to
1332 * resize callback to update device state and/or add assertions to detect
1333 * misuse, if necessary.
1335 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1337 RAMBlock *block = find_ram_block(base);
1339 assert(block);
1341 newsize = TARGET_PAGE_ALIGN(newsize);
1343 if (block->used_length == newsize) {
1344 return 0;
1347 if (!(block->flags & RAM_RESIZEABLE)) {
1348 error_setg_errno(errp, EINVAL,
1349 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1350 " in != 0x" RAM_ADDR_FMT, block->idstr,
1351 newsize, block->used_length);
1352 return -EINVAL;
1355 if (block->max_length < newsize) {
1356 error_setg_errno(errp, EINVAL,
1357 "Length too large: %s: 0x" RAM_ADDR_FMT
1358 " > 0x" RAM_ADDR_FMT, block->idstr,
1359 newsize, block->max_length);
1360 return -EINVAL;
1363 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1364 block->used_length = newsize;
1365 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1366 DIRTY_CLIENTS_ALL);
1367 memory_region_set_size(block->mr, newsize);
1368 if (block->resized) {
1369 block->resized(block->idstr, newsize, block->host);
1371 return 0;
1374 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1376 RAMBlock *block;
1377 RAMBlock *last_block = NULL;
1378 ram_addr_t old_ram_size, new_ram_size;
1380 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1382 qemu_mutex_lock_ramlist();
1383 new_block->offset = find_ram_offset(new_block->max_length);
1385 if (!new_block->host) {
1386 if (xen_enabled()) {
1387 xen_ram_alloc(new_block->offset, new_block->max_length,
1388 new_block->mr);
1389 } else {
1390 new_block->host = phys_mem_alloc(new_block->max_length,
1391 &new_block->mr->align);
1392 if (!new_block->host) {
1393 error_setg_errno(errp, errno,
1394 "cannot set up guest memory '%s'",
1395 memory_region_name(new_block->mr));
1396 qemu_mutex_unlock_ramlist();
1397 return -1;
1399 memory_try_enable_merging(new_block->host, new_block->max_length);
1403 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1404 * QLIST (which has an RCU-friendly variant) does not have insertion at
1405 * tail, so save the last element in last_block.
1407 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1408 last_block = block;
1409 if (block->max_length < new_block->max_length) {
1410 break;
1413 if (block) {
1414 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1415 } else if (last_block) {
1416 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1417 } else { /* list is empty */
1418 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1420 ram_list.mru_block = NULL;
1422 /* Write list before version */
1423 smp_wmb();
1424 ram_list.version++;
1425 qemu_mutex_unlock_ramlist();
1427 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1429 if (new_ram_size > old_ram_size) {
1430 int i;
1432 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1433 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1434 ram_list.dirty_memory[i] =
1435 bitmap_zero_extend(ram_list.dirty_memory[i],
1436 old_ram_size, new_ram_size);
1439 cpu_physical_memory_set_dirty_range(new_block->offset,
1440 new_block->used_length,
1441 DIRTY_CLIENTS_ALL);
1443 if (new_block->host) {
1444 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1445 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1446 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1447 if (kvm_enabled()) {
1448 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1452 return new_block->offset;
1455 #ifdef __linux__
1456 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1457 bool share, const char *mem_path,
1458 Error **errp)
1460 RAMBlock *new_block;
1461 ram_addr_t addr;
1462 Error *local_err = NULL;
1464 if (xen_enabled()) {
1465 error_setg(errp, "-mem-path not supported with Xen");
1466 return -1;
1469 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1471 * file_ram_alloc() needs to allocate just like
1472 * phys_mem_alloc, but we haven't bothered to provide
1473 * a hook there.
1475 error_setg(errp,
1476 "-mem-path not supported with this accelerator");
1477 return -1;
1480 size = TARGET_PAGE_ALIGN(size);
1481 new_block = g_malloc0(sizeof(*new_block));
1482 new_block->mr = mr;
1483 new_block->used_length = size;
1484 new_block->max_length = size;
1485 new_block->flags = share ? RAM_SHARED : 0;
1486 new_block->host = file_ram_alloc(new_block, size,
1487 mem_path, errp);
1488 if (!new_block->host) {
1489 g_free(new_block);
1490 return -1;
1493 addr = ram_block_add(new_block, &local_err);
1494 if (local_err) {
1495 g_free(new_block);
1496 error_propagate(errp, local_err);
1497 return -1;
1499 return addr;
1501 #endif
1503 static
1504 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1505 void (*resized)(const char*,
1506 uint64_t length,
1507 void *host),
1508 void *host, bool resizeable,
1509 MemoryRegion *mr, Error **errp)
1511 RAMBlock *new_block;
1512 ram_addr_t addr;
1513 Error *local_err = NULL;
1515 size = TARGET_PAGE_ALIGN(size);
1516 max_size = TARGET_PAGE_ALIGN(max_size);
1517 new_block = g_malloc0(sizeof(*new_block));
1518 new_block->mr = mr;
1519 new_block->resized = resized;
1520 new_block->used_length = size;
1521 new_block->max_length = max_size;
1522 assert(max_size >= size);
1523 new_block->fd = -1;
1524 new_block->host = host;
1525 if (host) {
1526 new_block->flags |= RAM_PREALLOC;
1528 if (resizeable) {
1529 new_block->flags |= RAM_RESIZEABLE;
1531 addr = ram_block_add(new_block, &local_err);
1532 if (local_err) {
1533 g_free(new_block);
1534 error_propagate(errp, local_err);
1535 return -1;
1537 return addr;
1540 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1541 MemoryRegion *mr, Error **errp)
1543 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1546 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1548 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1551 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1552 void (*resized)(const char*,
1553 uint64_t length,
1554 void *host),
1555 MemoryRegion *mr, Error **errp)
1557 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1560 void qemu_ram_free_from_ptr(ram_addr_t addr)
1562 RAMBlock *block;
1564 qemu_mutex_lock_ramlist();
1565 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1566 if (addr == block->offset) {
1567 QLIST_REMOVE_RCU(block, next);
1568 ram_list.mru_block = NULL;
1569 /* Write list before version */
1570 smp_wmb();
1571 ram_list.version++;
1572 g_free_rcu(block, rcu);
1573 break;
1576 qemu_mutex_unlock_ramlist();
1579 static void reclaim_ramblock(RAMBlock *block)
1581 if (block->flags & RAM_PREALLOC) {
1583 } else if (xen_enabled()) {
1584 xen_invalidate_map_cache_entry(block->host);
1585 #ifndef _WIN32
1586 } else if (block->fd >= 0) {
1587 munmap(block->host, block->max_length);
1588 close(block->fd);
1589 #endif
1590 } else {
1591 qemu_anon_ram_free(block->host, block->max_length);
1593 g_free(block);
1596 void qemu_ram_free(ram_addr_t addr)
1598 RAMBlock *block;
1600 qemu_mutex_lock_ramlist();
1601 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1602 if (addr == block->offset) {
1603 QLIST_REMOVE_RCU(block, next);
1604 ram_list.mru_block = NULL;
1605 /* Write list before version */
1606 smp_wmb();
1607 ram_list.version++;
1608 call_rcu(block, reclaim_ramblock, rcu);
1609 break;
1612 qemu_mutex_unlock_ramlist();
1615 #ifndef _WIN32
1616 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1618 RAMBlock *block;
1619 ram_addr_t offset;
1620 int flags;
1621 void *area, *vaddr;
1623 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1624 offset = addr - block->offset;
1625 if (offset < block->max_length) {
1626 vaddr = ramblock_ptr(block, offset);
1627 if (block->flags & RAM_PREALLOC) {
1629 } else if (xen_enabled()) {
1630 abort();
1631 } else {
1632 flags = MAP_FIXED;
1633 if (block->fd >= 0) {
1634 flags |= (block->flags & RAM_SHARED ?
1635 MAP_SHARED : MAP_PRIVATE);
1636 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1637 flags, block->fd, offset);
1638 } else {
1640 * Remap needs to match alloc. Accelerators that
1641 * set phys_mem_alloc never remap. If they did,
1642 * we'd need a remap hook here.
1644 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1646 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1647 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1648 flags, -1, 0);
1650 if (area != vaddr) {
1651 fprintf(stderr, "Could not remap addr: "
1652 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1653 length, addr);
1654 exit(1);
1656 memory_try_enable_merging(vaddr, length);
1657 qemu_ram_setup_dump(vaddr, length);
1662 #endif /* !_WIN32 */
1664 int qemu_get_ram_fd(ram_addr_t addr)
1666 RAMBlock *block;
1667 int fd;
1669 rcu_read_lock();
1670 block = qemu_get_ram_block(addr);
1671 fd = block->fd;
1672 rcu_read_unlock();
1673 return fd;
1676 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1678 RAMBlock *block;
1679 void *ptr;
1681 rcu_read_lock();
1682 block = qemu_get_ram_block(addr);
1683 ptr = ramblock_ptr(block, 0);
1684 rcu_read_unlock();
1685 return ptr;
1688 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1689 * This should not be used for general purpose DMA. Use address_space_map
1690 * or address_space_rw instead. For local memory (e.g. video ram) that the
1691 * device owns, use memory_region_get_ram_ptr.
1693 * By the time this function returns, the returned pointer is not protected
1694 * by RCU anymore. If the caller is not within an RCU critical section and
1695 * does not hold the iothread lock, it must have other means of protecting the
1696 * pointer, such as a reference to the region that includes the incoming
1697 * ram_addr_t.
1699 void *qemu_get_ram_ptr(ram_addr_t addr)
1701 RAMBlock *block;
1702 void *ptr;
1704 rcu_read_lock();
1705 block = qemu_get_ram_block(addr);
1707 if (xen_enabled() && block->host == NULL) {
1708 /* We need to check if the requested address is in the RAM
1709 * because we don't want to map the entire memory in QEMU.
1710 * In that case just map until the end of the page.
1712 if (block->offset == 0) {
1713 ptr = xen_map_cache(addr, 0, 0);
1714 goto unlock;
1717 block->host = xen_map_cache(block->offset, block->max_length, 1);
1719 ptr = ramblock_ptr(block, addr - block->offset);
1721 unlock:
1722 rcu_read_unlock();
1723 return ptr;
1726 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1727 * but takes a size argument.
1729 * By the time this function returns, the returned pointer is not protected
1730 * by RCU anymore. If the caller is not within an RCU critical section and
1731 * does not hold the iothread lock, it must have other means of protecting the
1732 * pointer, such as a reference to the region that includes the incoming
1733 * ram_addr_t.
1735 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1737 void *ptr;
1738 if (*size == 0) {
1739 return NULL;
1741 if (xen_enabled()) {
1742 return xen_map_cache(addr, *size, 1);
1743 } else {
1744 RAMBlock *block;
1745 rcu_read_lock();
1746 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1747 if (addr - block->offset < block->max_length) {
1748 if (addr - block->offset + *size > block->max_length)
1749 *size = block->max_length - addr + block->offset;
1750 ptr = ramblock_ptr(block, addr - block->offset);
1751 rcu_read_unlock();
1752 return ptr;
1756 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1757 abort();
1761 /* Some of the softmmu routines need to translate from a host pointer
1762 * (typically a TLB entry) back to a ram offset.
1764 * By the time this function returns, the returned pointer is not protected
1765 * by RCU anymore. If the caller is not within an RCU critical section and
1766 * does not hold the iothread lock, it must have other means of protecting the
1767 * pointer, such as a reference to the region that includes the incoming
1768 * ram_addr_t.
1770 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1772 RAMBlock *block;
1773 uint8_t *host = ptr;
1774 MemoryRegion *mr;
1776 if (xen_enabled()) {
1777 rcu_read_lock();
1778 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1779 mr = qemu_get_ram_block(*ram_addr)->mr;
1780 rcu_read_unlock();
1781 return mr;
1784 rcu_read_lock();
1785 block = atomic_rcu_read(&ram_list.mru_block);
1786 if (block && block->host && host - block->host < block->max_length) {
1787 goto found;
1790 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1791 /* This case append when the block is not mapped. */
1792 if (block->host == NULL) {
1793 continue;
1795 if (host - block->host < block->max_length) {
1796 goto found;
1800 rcu_read_unlock();
1801 return NULL;
1803 found:
1804 *ram_addr = block->offset + (host - block->host);
1805 mr = block->mr;
1806 rcu_read_unlock();
1807 return mr;
1810 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1811 uint64_t val, unsigned size)
1813 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1814 tb_invalidate_phys_page_fast(ram_addr, size);
1816 switch (size) {
1817 case 1:
1818 stb_p(qemu_get_ram_ptr(ram_addr), val);
1819 break;
1820 case 2:
1821 stw_p(qemu_get_ram_ptr(ram_addr), val);
1822 break;
1823 case 4:
1824 stl_p(qemu_get_ram_ptr(ram_addr), val);
1825 break;
1826 default:
1827 abort();
1829 /* Set both VGA and migration bits for simplicity and to remove
1830 * the notdirty callback faster.
1832 cpu_physical_memory_set_dirty_range(ram_addr, size,
1833 DIRTY_CLIENTS_NOCODE);
1834 /* we remove the notdirty callback only if the code has been
1835 flushed */
1836 if (!cpu_physical_memory_is_clean(ram_addr)) {
1837 CPUArchState *env = current_cpu->env_ptr;
1838 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1842 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1843 unsigned size, bool is_write)
1845 return is_write;
1848 static const MemoryRegionOps notdirty_mem_ops = {
1849 .write = notdirty_mem_write,
1850 .valid.accepts = notdirty_mem_accepts,
1851 .endianness = DEVICE_NATIVE_ENDIAN,
1854 /* Generate a debug exception if a watchpoint has been hit. */
1855 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1857 CPUState *cpu = current_cpu;
1858 CPUArchState *env = cpu->env_ptr;
1859 target_ulong pc, cs_base;
1860 target_ulong vaddr;
1861 CPUWatchpoint *wp;
1862 int cpu_flags;
1864 if (cpu->watchpoint_hit) {
1865 /* We re-entered the check after replacing the TB. Now raise
1866 * the debug interrupt so that is will trigger after the
1867 * current instruction. */
1868 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1869 return;
1871 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1872 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1873 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1874 && (wp->flags & flags)) {
1875 if (flags == BP_MEM_READ) {
1876 wp->flags |= BP_WATCHPOINT_HIT_READ;
1877 } else {
1878 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1880 wp->hitaddr = vaddr;
1881 wp->hitattrs = attrs;
1882 if (!cpu->watchpoint_hit) {
1883 cpu->watchpoint_hit = wp;
1884 tb_check_watchpoint(cpu);
1885 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1886 cpu->exception_index = EXCP_DEBUG;
1887 cpu_loop_exit(cpu);
1888 } else {
1889 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1890 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1891 cpu_resume_from_signal(cpu, NULL);
1894 } else {
1895 wp->flags &= ~BP_WATCHPOINT_HIT;
1900 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1901 so these check for a hit then pass through to the normal out-of-line
1902 phys routines. */
1903 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
1904 unsigned size, MemTxAttrs attrs)
1906 MemTxResult res;
1907 uint64_t data;
1909 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1910 switch (size) {
1911 case 1:
1912 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
1913 break;
1914 case 2:
1915 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
1916 break;
1917 case 4:
1918 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
1919 break;
1920 default: abort();
1922 *pdata = data;
1923 return res;
1926 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
1927 uint64_t val, unsigned size,
1928 MemTxAttrs attrs)
1930 MemTxResult res;
1932 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1933 switch (size) {
1934 case 1:
1935 address_space_stb(&address_space_memory, addr, val, attrs, &res);
1936 break;
1937 case 2:
1938 address_space_stw(&address_space_memory, addr, val, attrs, &res);
1939 break;
1940 case 4:
1941 address_space_stl(&address_space_memory, addr, val, attrs, &res);
1942 break;
1943 default: abort();
1945 return res;
1948 static const MemoryRegionOps watch_mem_ops = {
1949 .read_with_attrs = watch_mem_read,
1950 .write_with_attrs = watch_mem_write,
1951 .endianness = DEVICE_NATIVE_ENDIAN,
1954 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
1955 unsigned len, MemTxAttrs attrs)
1957 subpage_t *subpage = opaque;
1958 uint8_t buf[8];
1959 MemTxResult res;
1961 #if defined(DEBUG_SUBPAGE)
1962 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1963 subpage, len, addr);
1964 #endif
1965 res = address_space_read(subpage->as, addr + subpage->base,
1966 attrs, buf, len);
1967 if (res) {
1968 return res;
1970 switch (len) {
1971 case 1:
1972 *data = ldub_p(buf);
1973 return MEMTX_OK;
1974 case 2:
1975 *data = lduw_p(buf);
1976 return MEMTX_OK;
1977 case 4:
1978 *data = ldl_p(buf);
1979 return MEMTX_OK;
1980 case 8:
1981 *data = ldq_p(buf);
1982 return MEMTX_OK;
1983 default:
1984 abort();
1988 static MemTxResult subpage_write(void *opaque, hwaddr addr,
1989 uint64_t value, unsigned len, MemTxAttrs attrs)
1991 subpage_t *subpage = opaque;
1992 uint8_t buf[8];
1994 #if defined(DEBUG_SUBPAGE)
1995 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1996 " value %"PRIx64"\n",
1997 __func__, subpage, len, addr, value);
1998 #endif
1999 switch (len) {
2000 case 1:
2001 stb_p(buf, value);
2002 break;
2003 case 2:
2004 stw_p(buf, value);
2005 break;
2006 case 4:
2007 stl_p(buf, value);
2008 break;
2009 case 8:
2010 stq_p(buf, value);
2011 break;
2012 default:
2013 abort();
2015 return address_space_write(subpage->as, addr + subpage->base,
2016 attrs, buf, len);
2019 static bool subpage_accepts(void *opaque, hwaddr addr,
2020 unsigned len, bool is_write)
2022 subpage_t *subpage = opaque;
2023 #if defined(DEBUG_SUBPAGE)
2024 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2025 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2026 #endif
2028 return address_space_access_valid(subpage->as, addr + subpage->base,
2029 len, is_write);
2032 static const MemoryRegionOps subpage_ops = {
2033 .read_with_attrs = subpage_read,
2034 .write_with_attrs = subpage_write,
2035 .impl.min_access_size = 1,
2036 .impl.max_access_size = 8,
2037 .valid.min_access_size = 1,
2038 .valid.max_access_size = 8,
2039 .valid.accepts = subpage_accepts,
2040 .endianness = DEVICE_NATIVE_ENDIAN,
2043 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2044 uint16_t section)
2046 int idx, eidx;
2048 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2049 return -1;
2050 idx = SUBPAGE_IDX(start);
2051 eidx = SUBPAGE_IDX(end);
2052 #if defined(DEBUG_SUBPAGE)
2053 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2054 __func__, mmio, start, end, idx, eidx, section);
2055 #endif
2056 for (; idx <= eidx; idx++) {
2057 mmio->sub_section[idx] = section;
2060 return 0;
2063 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2065 subpage_t *mmio;
2067 mmio = g_malloc0(sizeof(subpage_t));
2069 mmio->as = as;
2070 mmio->base = base;
2071 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2072 NULL, TARGET_PAGE_SIZE);
2073 mmio->iomem.subpage = true;
2074 #if defined(DEBUG_SUBPAGE)
2075 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2076 mmio, base, TARGET_PAGE_SIZE);
2077 #endif
2078 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2080 return mmio;
2083 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2084 MemoryRegion *mr)
2086 assert(as);
2087 MemoryRegionSection section = {
2088 .address_space = as,
2089 .mr = mr,
2090 .offset_within_address_space = 0,
2091 .offset_within_region = 0,
2092 .size = int128_2_64(),
2095 return phys_section_add(map, &section);
2098 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2100 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2101 MemoryRegionSection *sections = d->map.sections;
2103 return sections[index & ~TARGET_PAGE_MASK].mr;
2106 static void io_mem_init(void)
2108 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2109 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2110 NULL, UINT64_MAX);
2111 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2112 NULL, UINT64_MAX);
2113 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2114 NULL, UINT64_MAX);
2117 static void mem_begin(MemoryListener *listener)
2119 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2120 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2121 uint16_t n;
2123 n = dummy_section(&d->map, as, &io_mem_unassigned);
2124 assert(n == PHYS_SECTION_UNASSIGNED);
2125 n = dummy_section(&d->map, as, &io_mem_notdirty);
2126 assert(n == PHYS_SECTION_NOTDIRTY);
2127 n = dummy_section(&d->map, as, &io_mem_rom);
2128 assert(n == PHYS_SECTION_ROM);
2129 n = dummy_section(&d->map, as, &io_mem_watch);
2130 assert(n == PHYS_SECTION_WATCH);
2132 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2133 d->as = as;
2134 as->next_dispatch = d;
2137 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2139 phys_sections_free(&d->map);
2140 g_free(d);
2143 static void mem_commit(MemoryListener *listener)
2145 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2146 AddressSpaceDispatch *cur = as->dispatch;
2147 AddressSpaceDispatch *next = as->next_dispatch;
2149 phys_page_compact_all(next, next->map.nodes_nb);
2151 atomic_rcu_set(&as->dispatch, next);
2152 if (cur) {
2153 call_rcu(cur, address_space_dispatch_free, rcu);
2157 static void tcg_commit(MemoryListener *listener)
2159 CPUState *cpu;
2161 /* since each CPU stores ram addresses in its TLB cache, we must
2162 reset the modified entries */
2163 /* XXX: slow ! */
2164 CPU_FOREACH(cpu) {
2165 /* FIXME: Disentangle the cpu.h circular files deps so we can
2166 directly get the right CPU from listener. */
2167 if (cpu->tcg_as_listener != listener) {
2168 continue;
2170 cpu_reload_memory_map(cpu);
2174 void address_space_init_dispatch(AddressSpace *as)
2176 as->dispatch = NULL;
2177 as->dispatch_listener = (MemoryListener) {
2178 .begin = mem_begin,
2179 .commit = mem_commit,
2180 .region_add = mem_add,
2181 .region_nop = mem_add,
2182 .priority = 0,
2184 memory_listener_register(&as->dispatch_listener, as);
2187 void address_space_unregister(AddressSpace *as)
2189 memory_listener_unregister(&as->dispatch_listener);
2192 void address_space_destroy_dispatch(AddressSpace *as)
2194 AddressSpaceDispatch *d = as->dispatch;
2196 atomic_rcu_set(&as->dispatch, NULL);
2197 if (d) {
2198 call_rcu(d, address_space_dispatch_free, rcu);
2202 static void memory_map_init(void)
2204 system_memory = g_malloc(sizeof(*system_memory));
2206 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2207 address_space_init(&address_space_memory, system_memory, "memory");
2209 system_io = g_malloc(sizeof(*system_io));
2210 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2211 65536);
2212 address_space_init(&address_space_io, system_io, "I/O");
2215 MemoryRegion *get_system_memory(void)
2217 return system_memory;
2220 MemoryRegion *get_system_io(void)
2222 return system_io;
2225 #endif /* !defined(CONFIG_USER_ONLY) */
2227 /* physical memory access (slow version, mainly for debug) */
2228 #if defined(CONFIG_USER_ONLY)
2229 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2230 uint8_t *buf, int len, int is_write)
2232 int l, flags;
2233 target_ulong page;
2234 void * p;
2236 while (len > 0) {
2237 page = addr & TARGET_PAGE_MASK;
2238 l = (page + TARGET_PAGE_SIZE) - addr;
2239 if (l > len)
2240 l = len;
2241 flags = page_get_flags(page);
2242 if (!(flags & PAGE_VALID))
2243 return -1;
2244 if (is_write) {
2245 if (!(flags & PAGE_WRITE))
2246 return -1;
2247 /* XXX: this code should not depend on lock_user */
2248 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2249 return -1;
2250 memcpy(p, buf, l);
2251 unlock_user(p, addr, l);
2252 } else {
2253 if (!(flags & PAGE_READ))
2254 return -1;
2255 /* XXX: this code should not depend on lock_user */
2256 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2257 return -1;
2258 memcpy(buf, p, l);
2259 unlock_user(p, addr, 0);
2261 len -= l;
2262 buf += l;
2263 addr += l;
2265 return 0;
2268 #else
2270 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2271 hwaddr length)
2273 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2274 /* No early return if dirty_log_mask is or becomes 0, because
2275 * cpu_physical_memory_set_dirty_range will still call
2276 * xen_modified_memory.
2278 if (dirty_log_mask) {
2279 dirty_log_mask =
2280 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2282 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2283 tb_invalidate_phys_range(addr, addr + length);
2284 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2286 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2289 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2291 unsigned access_size_max = mr->ops->valid.max_access_size;
2293 /* Regions are assumed to support 1-4 byte accesses unless
2294 otherwise specified. */
2295 if (access_size_max == 0) {
2296 access_size_max = 4;
2299 /* Bound the maximum access by the alignment of the address. */
2300 if (!mr->ops->impl.unaligned) {
2301 unsigned align_size_max = addr & -addr;
2302 if (align_size_max != 0 && align_size_max < access_size_max) {
2303 access_size_max = align_size_max;
2307 /* Don't attempt accesses larger than the maximum. */
2308 if (l > access_size_max) {
2309 l = access_size_max;
2311 if (l & (l - 1)) {
2312 l = 1 << (qemu_fls(l) - 1);
2315 return l;
2318 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2319 uint8_t *buf, int len, bool is_write)
2321 hwaddr l;
2322 uint8_t *ptr;
2323 uint64_t val;
2324 hwaddr addr1;
2325 MemoryRegion *mr;
2326 MemTxResult result = MEMTX_OK;
2328 rcu_read_lock();
2329 while (len > 0) {
2330 l = len;
2331 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2333 if (is_write) {
2334 if (!memory_access_is_direct(mr, is_write)) {
2335 l = memory_access_size(mr, l, addr1);
2336 /* XXX: could force current_cpu to NULL to avoid
2337 potential bugs */
2338 switch (l) {
2339 case 8:
2340 /* 64 bit write access */
2341 val = ldq_p(buf);
2342 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2343 attrs);
2344 break;
2345 case 4:
2346 /* 32 bit write access */
2347 val = ldl_p(buf);
2348 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2349 attrs);
2350 break;
2351 case 2:
2352 /* 16 bit write access */
2353 val = lduw_p(buf);
2354 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2355 attrs);
2356 break;
2357 case 1:
2358 /* 8 bit write access */
2359 val = ldub_p(buf);
2360 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2361 attrs);
2362 break;
2363 default:
2364 abort();
2366 } else {
2367 addr1 += memory_region_get_ram_addr(mr);
2368 /* RAM case */
2369 ptr = qemu_get_ram_ptr(addr1);
2370 memcpy(ptr, buf, l);
2371 invalidate_and_set_dirty(mr, addr1, l);
2373 } else {
2374 if (!memory_access_is_direct(mr, is_write)) {
2375 /* I/O case */
2376 l = memory_access_size(mr, l, addr1);
2377 switch (l) {
2378 case 8:
2379 /* 64 bit read access */
2380 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2381 attrs);
2382 stq_p(buf, val);
2383 break;
2384 case 4:
2385 /* 32 bit read access */
2386 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2387 attrs);
2388 stl_p(buf, val);
2389 break;
2390 case 2:
2391 /* 16 bit read access */
2392 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2393 attrs);
2394 stw_p(buf, val);
2395 break;
2396 case 1:
2397 /* 8 bit read access */
2398 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2399 attrs);
2400 stb_p(buf, val);
2401 break;
2402 default:
2403 abort();
2405 } else {
2406 /* RAM case */
2407 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2408 memcpy(buf, ptr, l);
2411 len -= l;
2412 buf += l;
2413 addr += l;
2415 rcu_read_unlock();
2417 return result;
2420 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2421 const uint8_t *buf, int len)
2423 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2426 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2427 uint8_t *buf, int len)
2429 return address_space_rw(as, addr, attrs, buf, len, false);
2433 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2434 int len, int is_write)
2436 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2437 buf, len, is_write);
2440 enum write_rom_type {
2441 WRITE_DATA,
2442 FLUSH_CACHE,
2445 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2446 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2448 hwaddr l;
2449 uint8_t *ptr;
2450 hwaddr addr1;
2451 MemoryRegion *mr;
2453 rcu_read_lock();
2454 while (len > 0) {
2455 l = len;
2456 mr = address_space_translate(as, addr, &addr1, &l, true);
2458 if (!(memory_region_is_ram(mr) ||
2459 memory_region_is_romd(mr))) {
2460 /* do nothing */
2461 } else {
2462 addr1 += memory_region_get_ram_addr(mr);
2463 /* ROM/RAM case */
2464 ptr = qemu_get_ram_ptr(addr1);
2465 switch (type) {
2466 case WRITE_DATA:
2467 memcpy(ptr, buf, l);
2468 invalidate_and_set_dirty(mr, addr1, l);
2469 break;
2470 case FLUSH_CACHE:
2471 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2472 break;
2475 len -= l;
2476 buf += l;
2477 addr += l;
2479 rcu_read_unlock();
2482 /* used for ROM loading : can write in RAM and ROM */
2483 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2484 const uint8_t *buf, int len)
2486 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2489 void cpu_flush_icache_range(hwaddr start, int len)
2492 * This function should do the same thing as an icache flush that was
2493 * triggered from within the guest. For TCG we are always cache coherent,
2494 * so there is no need to flush anything. For KVM / Xen we need to flush
2495 * the host's instruction cache at least.
2497 if (tcg_enabled()) {
2498 return;
2501 cpu_physical_memory_write_rom_internal(&address_space_memory,
2502 start, NULL, len, FLUSH_CACHE);
2505 typedef struct {
2506 MemoryRegion *mr;
2507 void *buffer;
2508 hwaddr addr;
2509 hwaddr len;
2510 bool in_use;
2511 } BounceBuffer;
2513 static BounceBuffer bounce;
2515 typedef struct MapClient {
2516 QEMUBH *bh;
2517 QLIST_ENTRY(MapClient) link;
2518 } MapClient;
2520 QemuMutex map_client_list_lock;
2521 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2522 = QLIST_HEAD_INITIALIZER(map_client_list);
2524 static void cpu_unregister_map_client_do(MapClient *client)
2526 QLIST_REMOVE(client, link);
2527 g_free(client);
2530 static void cpu_notify_map_clients_locked(void)
2532 MapClient *client;
2534 while (!QLIST_EMPTY(&map_client_list)) {
2535 client = QLIST_FIRST(&map_client_list);
2536 qemu_bh_schedule(client->bh);
2537 cpu_unregister_map_client_do(client);
2541 void cpu_register_map_client(QEMUBH *bh)
2543 MapClient *client = g_malloc(sizeof(*client));
2545 qemu_mutex_lock(&map_client_list_lock);
2546 client->bh = bh;
2547 QLIST_INSERT_HEAD(&map_client_list, client, link);
2548 if (!atomic_read(&bounce.in_use)) {
2549 cpu_notify_map_clients_locked();
2551 qemu_mutex_unlock(&map_client_list_lock);
2554 void cpu_exec_init_all(void)
2556 qemu_mutex_init(&ram_list.mutex);
2557 memory_map_init();
2558 io_mem_init();
2559 qemu_mutex_init(&map_client_list_lock);
2562 void cpu_unregister_map_client(QEMUBH *bh)
2564 MapClient *client;
2566 qemu_mutex_lock(&map_client_list_lock);
2567 QLIST_FOREACH(client, &map_client_list, link) {
2568 if (client->bh == bh) {
2569 cpu_unregister_map_client_do(client);
2570 break;
2573 qemu_mutex_unlock(&map_client_list_lock);
2576 static void cpu_notify_map_clients(void)
2578 qemu_mutex_lock(&map_client_list_lock);
2579 cpu_notify_map_clients_locked();
2580 qemu_mutex_unlock(&map_client_list_lock);
2583 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2585 MemoryRegion *mr;
2586 hwaddr l, xlat;
2588 rcu_read_lock();
2589 while (len > 0) {
2590 l = len;
2591 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2592 if (!memory_access_is_direct(mr, is_write)) {
2593 l = memory_access_size(mr, l, addr);
2594 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2595 return false;
2599 len -= l;
2600 addr += l;
2602 rcu_read_unlock();
2603 return true;
2606 /* Map a physical memory region into a host virtual address.
2607 * May map a subset of the requested range, given by and returned in *plen.
2608 * May return NULL if resources needed to perform the mapping are exhausted.
2609 * Use only for reads OR writes - not for read-modify-write operations.
2610 * Use cpu_register_map_client() to know when retrying the map operation is
2611 * likely to succeed.
2613 void *address_space_map(AddressSpace *as,
2614 hwaddr addr,
2615 hwaddr *plen,
2616 bool is_write)
2618 hwaddr len = *plen;
2619 hwaddr done = 0;
2620 hwaddr l, xlat, base;
2621 MemoryRegion *mr, *this_mr;
2622 ram_addr_t raddr;
2624 if (len == 0) {
2625 return NULL;
2628 l = len;
2629 rcu_read_lock();
2630 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2632 if (!memory_access_is_direct(mr, is_write)) {
2633 if (atomic_xchg(&bounce.in_use, true)) {
2634 rcu_read_unlock();
2635 return NULL;
2637 /* Avoid unbounded allocations */
2638 l = MIN(l, TARGET_PAGE_SIZE);
2639 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2640 bounce.addr = addr;
2641 bounce.len = l;
2643 memory_region_ref(mr);
2644 bounce.mr = mr;
2645 if (!is_write) {
2646 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2647 bounce.buffer, l);
2650 rcu_read_unlock();
2651 *plen = l;
2652 return bounce.buffer;
2655 base = xlat;
2656 raddr = memory_region_get_ram_addr(mr);
2658 for (;;) {
2659 len -= l;
2660 addr += l;
2661 done += l;
2662 if (len == 0) {
2663 break;
2666 l = len;
2667 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2668 if (this_mr != mr || xlat != base + done) {
2669 break;
2673 memory_region_ref(mr);
2674 rcu_read_unlock();
2675 *plen = done;
2676 return qemu_ram_ptr_length(raddr + base, plen);
2679 /* Unmaps a memory region previously mapped by address_space_map().
2680 * Will also mark the memory as dirty if is_write == 1. access_len gives
2681 * the amount of memory that was actually read or written by the caller.
2683 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2684 int is_write, hwaddr access_len)
2686 if (buffer != bounce.buffer) {
2687 MemoryRegion *mr;
2688 ram_addr_t addr1;
2690 mr = qemu_ram_addr_from_host(buffer, &addr1);
2691 assert(mr != NULL);
2692 if (is_write) {
2693 invalidate_and_set_dirty(mr, addr1, access_len);
2695 if (xen_enabled()) {
2696 xen_invalidate_map_cache_entry(buffer);
2698 memory_region_unref(mr);
2699 return;
2701 if (is_write) {
2702 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2703 bounce.buffer, access_len);
2705 qemu_vfree(bounce.buffer);
2706 bounce.buffer = NULL;
2707 memory_region_unref(bounce.mr);
2708 atomic_mb_set(&bounce.in_use, false);
2709 cpu_notify_map_clients();
2712 void *cpu_physical_memory_map(hwaddr addr,
2713 hwaddr *plen,
2714 int is_write)
2716 return address_space_map(&address_space_memory, addr, plen, is_write);
2719 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2720 int is_write, hwaddr access_len)
2722 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2725 /* warning: addr must be aligned */
2726 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2727 MemTxAttrs attrs,
2728 MemTxResult *result,
2729 enum device_endian endian)
2731 uint8_t *ptr;
2732 uint64_t val;
2733 MemoryRegion *mr;
2734 hwaddr l = 4;
2735 hwaddr addr1;
2736 MemTxResult r;
2738 rcu_read_lock();
2739 mr = address_space_translate(as, addr, &addr1, &l, false);
2740 if (l < 4 || !memory_access_is_direct(mr, false)) {
2741 /* I/O case */
2742 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2743 #if defined(TARGET_WORDS_BIGENDIAN)
2744 if (endian == DEVICE_LITTLE_ENDIAN) {
2745 val = bswap32(val);
2747 #else
2748 if (endian == DEVICE_BIG_ENDIAN) {
2749 val = bswap32(val);
2751 #endif
2752 } else {
2753 /* RAM case */
2754 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2755 & TARGET_PAGE_MASK)
2756 + addr1);
2757 switch (endian) {
2758 case DEVICE_LITTLE_ENDIAN:
2759 val = ldl_le_p(ptr);
2760 break;
2761 case DEVICE_BIG_ENDIAN:
2762 val = ldl_be_p(ptr);
2763 break;
2764 default:
2765 val = ldl_p(ptr);
2766 break;
2768 r = MEMTX_OK;
2770 if (result) {
2771 *result = r;
2773 rcu_read_unlock();
2774 return val;
2777 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2778 MemTxAttrs attrs, MemTxResult *result)
2780 return address_space_ldl_internal(as, addr, attrs, result,
2781 DEVICE_NATIVE_ENDIAN);
2784 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2785 MemTxAttrs attrs, MemTxResult *result)
2787 return address_space_ldl_internal(as, addr, attrs, result,
2788 DEVICE_LITTLE_ENDIAN);
2791 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2792 MemTxAttrs attrs, MemTxResult *result)
2794 return address_space_ldl_internal(as, addr, attrs, result,
2795 DEVICE_BIG_ENDIAN);
2798 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2800 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2803 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2805 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2808 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2810 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2813 /* warning: addr must be aligned */
2814 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2815 MemTxAttrs attrs,
2816 MemTxResult *result,
2817 enum device_endian endian)
2819 uint8_t *ptr;
2820 uint64_t val;
2821 MemoryRegion *mr;
2822 hwaddr l = 8;
2823 hwaddr addr1;
2824 MemTxResult r;
2826 rcu_read_lock();
2827 mr = address_space_translate(as, addr, &addr1, &l,
2828 false);
2829 if (l < 8 || !memory_access_is_direct(mr, false)) {
2830 /* I/O case */
2831 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2832 #if defined(TARGET_WORDS_BIGENDIAN)
2833 if (endian == DEVICE_LITTLE_ENDIAN) {
2834 val = bswap64(val);
2836 #else
2837 if (endian == DEVICE_BIG_ENDIAN) {
2838 val = bswap64(val);
2840 #endif
2841 } else {
2842 /* RAM case */
2843 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2844 & TARGET_PAGE_MASK)
2845 + addr1);
2846 switch (endian) {
2847 case DEVICE_LITTLE_ENDIAN:
2848 val = ldq_le_p(ptr);
2849 break;
2850 case DEVICE_BIG_ENDIAN:
2851 val = ldq_be_p(ptr);
2852 break;
2853 default:
2854 val = ldq_p(ptr);
2855 break;
2857 r = MEMTX_OK;
2859 if (result) {
2860 *result = r;
2862 rcu_read_unlock();
2863 return val;
2866 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
2867 MemTxAttrs attrs, MemTxResult *result)
2869 return address_space_ldq_internal(as, addr, attrs, result,
2870 DEVICE_NATIVE_ENDIAN);
2873 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
2874 MemTxAttrs attrs, MemTxResult *result)
2876 return address_space_ldq_internal(as, addr, attrs, result,
2877 DEVICE_LITTLE_ENDIAN);
2880 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
2881 MemTxAttrs attrs, MemTxResult *result)
2883 return address_space_ldq_internal(as, addr, attrs, result,
2884 DEVICE_BIG_ENDIAN);
2887 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
2889 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2892 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
2894 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2897 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
2899 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2902 /* XXX: optimize */
2903 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
2904 MemTxAttrs attrs, MemTxResult *result)
2906 uint8_t val;
2907 MemTxResult r;
2909 r = address_space_rw(as, addr, attrs, &val, 1, 0);
2910 if (result) {
2911 *result = r;
2913 return val;
2916 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
2918 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2921 /* warning: addr must be aligned */
2922 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
2923 hwaddr addr,
2924 MemTxAttrs attrs,
2925 MemTxResult *result,
2926 enum device_endian endian)
2928 uint8_t *ptr;
2929 uint64_t val;
2930 MemoryRegion *mr;
2931 hwaddr l = 2;
2932 hwaddr addr1;
2933 MemTxResult r;
2935 rcu_read_lock();
2936 mr = address_space_translate(as, addr, &addr1, &l,
2937 false);
2938 if (l < 2 || !memory_access_is_direct(mr, false)) {
2939 /* I/O case */
2940 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
2941 #if defined(TARGET_WORDS_BIGENDIAN)
2942 if (endian == DEVICE_LITTLE_ENDIAN) {
2943 val = bswap16(val);
2945 #else
2946 if (endian == DEVICE_BIG_ENDIAN) {
2947 val = bswap16(val);
2949 #endif
2950 } else {
2951 /* RAM case */
2952 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2953 & TARGET_PAGE_MASK)
2954 + addr1);
2955 switch (endian) {
2956 case DEVICE_LITTLE_ENDIAN:
2957 val = lduw_le_p(ptr);
2958 break;
2959 case DEVICE_BIG_ENDIAN:
2960 val = lduw_be_p(ptr);
2961 break;
2962 default:
2963 val = lduw_p(ptr);
2964 break;
2966 r = MEMTX_OK;
2968 if (result) {
2969 *result = r;
2971 rcu_read_unlock();
2972 return val;
2975 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
2976 MemTxAttrs attrs, MemTxResult *result)
2978 return address_space_lduw_internal(as, addr, attrs, result,
2979 DEVICE_NATIVE_ENDIAN);
2982 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
2983 MemTxAttrs attrs, MemTxResult *result)
2985 return address_space_lduw_internal(as, addr, attrs, result,
2986 DEVICE_LITTLE_ENDIAN);
2989 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
2990 MemTxAttrs attrs, MemTxResult *result)
2992 return address_space_lduw_internal(as, addr, attrs, result,
2993 DEVICE_BIG_ENDIAN);
2996 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
2998 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3001 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3003 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3006 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3008 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3011 /* warning: addr must be aligned. The ram page is not masked as dirty
3012 and the code inside is not invalidated. It is useful if the dirty
3013 bits are used to track modified PTEs */
3014 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3015 MemTxAttrs attrs, MemTxResult *result)
3017 uint8_t *ptr;
3018 MemoryRegion *mr;
3019 hwaddr l = 4;
3020 hwaddr addr1;
3021 MemTxResult r;
3022 uint8_t dirty_log_mask;
3024 rcu_read_lock();
3025 mr = address_space_translate(as, addr, &addr1, &l,
3026 true);
3027 if (l < 4 || !memory_access_is_direct(mr, true)) {
3028 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3029 } else {
3030 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3031 ptr = qemu_get_ram_ptr(addr1);
3032 stl_p(ptr, val);
3034 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3035 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3036 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3037 r = MEMTX_OK;
3039 if (result) {
3040 *result = r;
3042 rcu_read_unlock();
3045 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3047 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3050 /* warning: addr must be aligned */
3051 static inline void address_space_stl_internal(AddressSpace *as,
3052 hwaddr addr, uint32_t val,
3053 MemTxAttrs attrs,
3054 MemTxResult *result,
3055 enum device_endian endian)
3057 uint8_t *ptr;
3058 MemoryRegion *mr;
3059 hwaddr l = 4;
3060 hwaddr addr1;
3061 MemTxResult r;
3063 rcu_read_lock();
3064 mr = address_space_translate(as, addr, &addr1, &l,
3065 true);
3066 if (l < 4 || !memory_access_is_direct(mr, true)) {
3067 #if defined(TARGET_WORDS_BIGENDIAN)
3068 if (endian == DEVICE_LITTLE_ENDIAN) {
3069 val = bswap32(val);
3071 #else
3072 if (endian == DEVICE_BIG_ENDIAN) {
3073 val = bswap32(val);
3075 #endif
3076 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3077 } else {
3078 /* RAM case */
3079 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3080 ptr = qemu_get_ram_ptr(addr1);
3081 switch (endian) {
3082 case DEVICE_LITTLE_ENDIAN:
3083 stl_le_p(ptr, val);
3084 break;
3085 case DEVICE_BIG_ENDIAN:
3086 stl_be_p(ptr, val);
3087 break;
3088 default:
3089 stl_p(ptr, val);
3090 break;
3092 invalidate_and_set_dirty(mr, addr1, 4);
3093 r = MEMTX_OK;
3095 if (result) {
3096 *result = r;
3098 rcu_read_unlock();
3101 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3102 MemTxAttrs attrs, MemTxResult *result)
3104 address_space_stl_internal(as, addr, val, attrs, result,
3105 DEVICE_NATIVE_ENDIAN);
3108 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3109 MemTxAttrs attrs, MemTxResult *result)
3111 address_space_stl_internal(as, addr, val, attrs, result,
3112 DEVICE_LITTLE_ENDIAN);
3115 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3116 MemTxAttrs attrs, MemTxResult *result)
3118 address_space_stl_internal(as, addr, val, attrs, result,
3119 DEVICE_BIG_ENDIAN);
3122 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3124 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3127 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3129 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3132 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3134 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3137 /* XXX: optimize */
3138 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3139 MemTxAttrs attrs, MemTxResult *result)
3141 uint8_t v = val;
3142 MemTxResult r;
3144 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3145 if (result) {
3146 *result = r;
3150 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3152 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3155 /* warning: addr must be aligned */
3156 static inline void address_space_stw_internal(AddressSpace *as,
3157 hwaddr addr, uint32_t val,
3158 MemTxAttrs attrs,
3159 MemTxResult *result,
3160 enum device_endian endian)
3162 uint8_t *ptr;
3163 MemoryRegion *mr;
3164 hwaddr l = 2;
3165 hwaddr addr1;
3166 MemTxResult r;
3168 rcu_read_lock();
3169 mr = address_space_translate(as, addr, &addr1, &l, true);
3170 if (l < 2 || !memory_access_is_direct(mr, true)) {
3171 #if defined(TARGET_WORDS_BIGENDIAN)
3172 if (endian == DEVICE_LITTLE_ENDIAN) {
3173 val = bswap16(val);
3175 #else
3176 if (endian == DEVICE_BIG_ENDIAN) {
3177 val = bswap16(val);
3179 #endif
3180 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3181 } else {
3182 /* RAM case */
3183 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3184 ptr = qemu_get_ram_ptr(addr1);
3185 switch (endian) {
3186 case DEVICE_LITTLE_ENDIAN:
3187 stw_le_p(ptr, val);
3188 break;
3189 case DEVICE_BIG_ENDIAN:
3190 stw_be_p(ptr, val);
3191 break;
3192 default:
3193 stw_p(ptr, val);
3194 break;
3196 invalidate_and_set_dirty(mr, addr1, 2);
3197 r = MEMTX_OK;
3199 if (result) {
3200 *result = r;
3202 rcu_read_unlock();
3205 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3206 MemTxAttrs attrs, MemTxResult *result)
3208 address_space_stw_internal(as, addr, val, attrs, result,
3209 DEVICE_NATIVE_ENDIAN);
3212 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3213 MemTxAttrs attrs, MemTxResult *result)
3215 address_space_stw_internal(as, addr, val, attrs, result,
3216 DEVICE_LITTLE_ENDIAN);
3219 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3220 MemTxAttrs attrs, MemTxResult *result)
3222 address_space_stw_internal(as, addr, val, attrs, result,
3223 DEVICE_BIG_ENDIAN);
3226 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3228 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3231 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3233 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3236 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3238 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3241 /* XXX: optimize */
3242 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3243 MemTxAttrs attrs, MemTxResult *result)
3245 MemTxResult r;
3246 val = tswap64(val);
3247 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3248 if (result) {
3249 *result = r;
3253 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3254 MemTxAttrs attrs, MemTxResult *result)
3256 MemTxResult r;
3257 val = cpu_to_le64(val);
3258 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3259 if (result) {
3260 *result = r;
3263 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3264 MemTxAttrs attrs, MemTxResult *result)
3266 MemTxResult r;
3267 val = cpu_to_be64(val);
3268 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3269 if (result) {
3270 *result = r;
3274 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3276 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3279 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3281 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3284 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3286 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3289 /* virtual memory access for debug (includes writing to ROM) */
3290 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3291 uint8_t *buf, int len, int is_write)
3293 int l;
3294 hwaddr phys_addr;
3295 target_ulong page;
3297 while (len > 0) {
3298 page = addr & TARGET_PAGE_MASK;
3299 phys_addr = cpu_get_phys_page_debug(cpu, page);
3300 /* if no physical page mapped, return an error */
3301 if (phys_addr == -1)
3302 return -1;
3303 l = (page + TARGET_PAGE_SIZE) - addr;
3304 if (l > len)
3305 l = len;
3306 phys_addr += (addr & ~TARGET_PAGE_MASK);
3307 if (is_write) {
3308 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3309 } else {
3310 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3311 buf, l, 0);
3313 len -= l;
3314 buf += l;
3315 addr += l;
3317 return 0;
3319 #endif
3322 * A helper function for the _utterly broken_ virtio device model to find out if
3323 * it's running on a big endian machine. Don't do this at home kids!
3325 bool target_words_bigendian(void);
3326 bool target_words_bigendian(void)
3328 #if defined(TARGET_WORDS_BIGENDIAN)
3329 return true;
3330 #else
3331 return false;
3332 #endif
3335 #ifndef CONFIG_USER_ONLY
3336 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3338 MemoryRegion*mr;
3339 hwaddr l = 1;
3340 bool res;
3342 rcu_read_lock();
3343 mr = address_space_translate(&address_space_memory,
3344 phys_addr, &phys_addr, &l, false);
3346 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3347 rcu_read_unlock();
3348 return res;
3351 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3353 RAMBlock *block;
3355 rcu_read_lock();
3356 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3357 func(block->host, block->offset, block->used_length, opaque);
3359 rcu_read_unlock();
3361 #endif