search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
exec: pull qemu_flush_coalesced_mmio_buffer() into address_space_rw/ld*/st*
[qemu/cris-port.git] / exec.c
blobf2e66032a47df6d3e3a58bffc9499c75702b74b0
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "exec/cputlb.h"
52 #include "translate-all.h"
53
54 #include "exec/memory-internal.h"
55 #include "exec/ram_addr.h"
56
57 #include "qemu/range.h"
58
59 //#define DEBUG_SUBPAGE
60
61 #if !defined(CONFIG_USER_ONLY)
62 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
63 * are protected by the ramlist lock.
64 */
65 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
66
67 static MemoryRegion *system_memory;
68 static MemoryRegion *system_io;
69
70 AddressSpace address_space_io;
71 AddressSpace address_space_memory;
72
73 MemoryRegion io_mem_rom, io_mem_notdirty;
74 static MemoryRegion io_mem_unassigned;
75
76 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
77 #define RAM_PREALLOC (1 << 0)
78
79 /* RAM is mmap-ed with MAP_SHARED */
80 #define RAM_SHARED (1 << 1)
81
82 /* Only a portion of RAM (used_length) is actually used, and migrated.
83 * This used_length size can change across reboots.
84 */
85 #define RAM_RESIZEABLE (1 << 2)
86
87 #endif
88
89 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
90 /* current CPU in the current thread. It is only valid inside
91 cpu_exec() */
92 DEFINE_TLS(CPUState *, current_cpu);
93 /* 0 = Do not count executed instructions.
94 1 = Precise instruction counting.
95 2 = Adaptive rate instruction counting. */
96 int use_icount;
97
98 #if !defined(CONFIG_USER_ONLY)
99
100 typedef struct PhysPageEntry PhysPageEntry;
101
102 struct PhysPageEntry {
103 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
104 uint32_t skip : 6;
105 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
106 uint32_t ptr : 26;
107 };
108
109 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
110
111 /* Size of the L2 (and L3, etc) page tables. */
112 #define ADDR_SPACE_BITS 64
113
114 #define P_L2_BITS 9
115 #define P_L2_SIZE (1 << P_L2_BITS)
116
117 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
118
119 typedef PhysPageEntry Node[P_L2_SIZE];
120
121 typedef struct PhysPageMap {
122 struct rcu_head rcu;
123
124 unsigned sections_nb;
125 unsigned sections_nb_alloc;
126 unsigned nodes_nb;
127 unsigned nodes_nb_alloc;
128 Node *nodes;
129 MemoryRegionSection *sections;
130 } PhysPageMap;
131
132 struct AddressSpaceDispatch {
133 struct rcu_head rcu;
134
135 /* This is a multi-level map on the physical address space.
136 * The bottom level has pointers to MemoryRegionSections.
137 */
138 PhysPageEntry phys_map;
139 PhysPageMap map;
140 AddressSpace *as;
141 };
142
143 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
144 typedef struct subpage_t {
145 MemoryRegion iomem;
146 AddressSpace *as;
147 hwaddr base;
148 uint16_t sub_section[TARGET_PAGE_SIZE];
149 } subpage_t;
150
151 #define PHYS_SECTION_UNASSIGNED 0
152 #define PHYS_SECTION_NOTDIRTY 1
153 #define PHYS_SECTION_ROM 2
154 #define PHYS_SECTION_WATCH 3
155
156 static void io_mem_init(void);
157 static void memory_map_init(void);
158 static void tcg_commit(MemoryListener *listener);
159
160 static MemoryRegion io_mem_watch;
161 #endif
162
163 #if !defined(CONFIG_USER_ONLY)
164
165 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
166 {
167 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
168 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
170 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
171 }
172 }
173
174 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
175 {
176 unsigned i;
177 uint32_t ret;
178 PhysPageEntry e;
179 PhysPageEntry *p;
180
181 ret = map->nodes_nb++;
182 p = map->nodes[ret];
183 assert(ret != PHYS_MAP_NODE_NIL);
184 assert(ret != map->nodes_nb_alloc);
185
186 e.skip = leaf ? 0 : 1;
187 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
188 for (i = 0; i < P_L2_SIZE; ++i) {
189 memcpy(&p[i], &e, sizeof(e));
190 }
191 return ret;
192 }
193
194 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
195 hwaddr *index, hwaddr *nb, uint16_t leaf,
196 int level)
197 {
198 PhysPageEntry *p;
199 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
200
201 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
202 lp->ptr = phys_map_node_alloc(map, level == 0);
203 }
204 p = map->nodes[lp->ptr];
205 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
206
207 while (*nb && lp < &p[P_L2_SIZE]) {
208 if ((*index & (step - 1)) == 0 && *nb >= step) {
209 lp->skip = 0;
210 lp->ptr = leaf;
211 *index += step;
212 *nb -= step;
213 } else {
214 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
215 }
216 ++lp;
217 }
218 }
219
220 static void phys_page_set(AddressSpaceDispatch *d,
221 hwaddr index, hwaddr nb,
222 uint16_t leaf)
223 {
224 /* Wildly overreserve - it doesn't matter much. */
225 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
226
227 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
228 }
229
230 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
231 * and update our entry so we can skip it and go directly to the destination.
232 */
233 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
234 {
235 unsigned valid_ptr = P_L2_SIZE;
236 int valid = 0;
237 PhysPageEntry *p;
238 int i;
239
240 if (lp->ptr == PHYS_MAP_NODE_NIL) {
241 return;
242 }
243
244 p = nodes[lp->ptr];
245 for (i = 0; i < P_L2_SIZE; i++) {
246 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
247 continue;
248 }
249
250 valid_ptr = i;
251 valid++;
252 if (p[i].skip) {
253 phys_page_compact(&p[i], nodes, compacted);
254 }
255 }
256
257 /* We can only compress if there's only one child. */
258 if (valid != 1) {
259 return;
260 }
261
262 assert(valid_ptr < P_L2_SIZE);
263
264 /* Don't compress if it won't fit in the # of bits we have. */
265 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
266 return;
267 }
268
269 lp->ptr = p[valid_ptr].ptr;
270 if (!p[valid_ptr].skip) {
271 /* If our only child is a leaf, make this a leaf. */
272 /* By design, we should have made this node a leaf to begin with so we
273 * should never reach here.
274 * But since it's so simple to handle this, let's do it just in case we
275 * change this rule.
276 */
277 lp->skip = 0;
278 } else {
279 lp->skip += p[valid_ptr].skip;
280 }
281 }
282
283 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
284 {
285 DECLARE_BITMAP(compacted, nodes_nb);
286
287 if (d->phys_map.skip) {
288 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
289 }
290 }
291
292 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
293 Node *nodes, MemoryRegionSection *sections)
294 {
295 PhysPageEntry *p;
296 hwaddr index = addr >> TARGET_PAGE_BITS;
297 int i;
298
299 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
300 if (lp.ptr == PHYS_MAP_NODE_NIL) {
301 return &sections[PHYS_SECTION_UNASSIGNED];
302 }
303 p = nodes[lp.ptr];
304 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
305 }
306
307 if (sections[lp.ptr].size.hi ||
308 range_covers_byte(sections[lp.ptr].offset_within_address_space,
309 sections[lp.ptr].size.lo, addr)) {
310 return &sections[lp.ptr];
311 } else {
312 return &sections[PHYS_SECTION_UNASSIGNED];
313 }
314 }
315
316 bool memory_region_is_unassigned(MemoryRegion *mr)
317 {
318 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
319 && mr != &io_mem_watch;
320 }
321
322 /* Called from RCU critical section */
323 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
324 hwaddr addr,
325 bool resolve_subpage)
326 {
327 MemoryRegionSection *section;
328 subpage_t *subpage;
329
330 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
331 if (resolve_subpage && section->mr->subpage) {
332 subpage = container_of(section->mr, subpage_t, iomem);
333 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
334 }
335 return section;
336 }
337
338 /* Called from RCU critical section */
339 static MemoryRegionSection *
340 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
341 hwaddr *plen, bool resolve_subpage)
342 {
343 MemoryRegionSection *section;
344 MemoryRegion *mr;
345 Int128 diff;
346
347 section = address_space_lookup_region(d, addr, resolve_subpage);
348 /* Compute offset within MemoryRegionSection */
349 addr -= section->offset_within_address_space;
350
351 /* Compute offset within MemoryRegion */
352 *xlat = addr + section->offset_within_region;
353
354 mr = section->mr;
355 if (memory_region_is_ram(mr)) {
356 diff = int128_sub(section->size, int128_make64(addr));
357 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
358 }
359 return section;
360 }
361
362 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
363 {
364 if (memory_region_is_ram(mr)) {
365 return !(is_write && mr->readonly);
366 }
367 if (memory_region_is_romd(mr)) {
368 return !is_write;
369 }
370
371 return false;
372 }
373
374 /* Called from RCU critical section */
375 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
376 hwaddr *xlat, hwaddr *plen,
377 bool is_write)
378 {
379 IOMMUTLBEntry iotlb;
380 MemoryRegionSection *section;
381 MemoryRegion *mr;
382
383 for (;;) {
384 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
385 section = address_space_translate_internal(d, addr, &addr, plen, true);
386 mr = section->mr;
387
388 if (!mr->iommu_ops) {
389 break;
390 }
391
392 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
393 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
394 | (addr & iotlb.addr_mask));
395 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
396 if (!(iotlb.perm & (1 << is_write))) {
397 mr = &io_mem_unassigned;
398 break;
399 }
400
401 as = iotlb.target_as;
402 }
403
404 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
405 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
406 *plen = MIN(page, *plen);
407 }
408
409 *xlat = addr;
410 return mr;
411 }
412
413 /* Called from RCU critical section */
414 MemoryRegionSection *
415 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
416 hwaddr *xlat, hwaddr *plen)
417 {
418 MemoryRegionSection *section;
419 section = address_space_translate_internal(cpu->memory_dispatch,
420 addr, xlat, plen, false);
421
422 assert(!section->mr->iommu_ops);
423 return section;
424 }
425 #endif
426
427 #if !defined(CONFIG_USER_ONLY)
428
429 static int cpu_common_post_load(void *opaque, int version_id)
430 {
431 CPUState *cpu = opaque;
432
433 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
434 version_id is increased. */
435 cpu->interrupt_request &= ~0x01;
436 tlb_flush(cpu, 1);
437
438 return 0;
439 }
440
441 static int cpu_common_pre_load(void *opaque)
442 {
443 CPUState *cpu = opaque;
444
445 cpu->exception_index = -1;
446
447 return 0;
448 }
449
450 static bool cpu_common_exception_index_needed(void *opaque)
451 {
452 CPUState *cpu = opaque;
453
454 return tcg_enabled() && cpu->exception_index != -1;
455 }
456
457 static const VMStateDescription vmstate_cpu_common_exception_index = {
458 .name = "cpu_common/exception_index",
459 .version_id = 1,
460 .minimum_version_id = 1,
461 .needed = cpu_common_exception_index_needed,
462 .fields = (VMStateField[]) {
463 VMSTATE_INT32(exception_index, CPUState),
464 VMSTATE_END_OF_LIST()
465 }
466 };
467
468 const VMStateDescription vmstate_cpu_common = {
469 .name = "cpu_common",
470 .version_id = 1,
471 .minimum_version_id = 1,
472 .pre_load = cpu_common_pre_load,
473 .post_load = cpu_common_post_load,
474 .fields = (VMStateField[]) {
475 VMSTATE_UINT32(halted, CPUState),
476 VMSTATE_UINT32(interrupt_request, CPUState),
477 VMSTATE_END_OF_LIST()
478 },
479 .subsections = (const VMStateDescription*[]) {
480 &vmstate_cpu_common_exception_index,
481 NULL
482 }
483 };
484
485 #endif
486
487 CPUState *qemu_get_cpu(int index)
488 {
489 CPUState *cpu;
490
491 CPU_FOREACH(cpu) {
492 if (cpu->cpu_index == index) {
493 return cpu;
494 }
495 }
496
497 return NULL;
498 }
499
500 #if !defined(CONFIG_USER_ONLY)
501 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
502 {
503 /* We only support one address space per cpu at the moment. */
504 assert(cpu->as == as);
505
506 if (cpu->tcg_as_listener) {
507 memory_listener_unregister(cpu->tcg_as_listener);
508 } else {
509 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
510 }
511 cpu->tcg_as_listener->commit = tcg_commit;
512 memory_listener_register(cpu->tcg_as_listener, as);
513 }
514 #endif
515
516 void cpu_exec_init(CPUArchState *env)
517 {
518 CPUState *cpu = ENV_GET_CPU(env);
519 CPUClass *cc = CPU_GET_CLASS(cpu);
520 CPUState *some_cpu;
521 int cpu_index;
522
523 #if defined(CONFIG_USER_ONLY)
524 cpu_list_lock();
525 #endif
526 cpu_index = 0;
527 CPU_FOREACH(some_cpu) {
528 cpu_index++;
529 }
530 cpu->cpu_index = cpu_index;
531 cpu->numa_node = 0;
532 QTAILQ_INIT(&cpu->breakpoints);
533 QTAILQ_INIT(&cpu->watchpoints);
534 #ifndef CONFIG_USER_ONLY
535 cpu->as = &address_space_memory;
536 cpu->thread_id = qemu_get_thread_id();
537 cpu_reload_memory_map(cpu);
538 #endif
539 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
540 #if defined(CONFIG_USER_ONLY)
541 cpu_list_unlock();
542 #endif
543 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
544 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
545 }
546 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
547 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
548 cpu_save, cpu_load, env);
549 assert(cc->vmsd == NULL);
550 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
551 #endif
552 if (cc->vmsd != NULL) {
553 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
554 }
555 }
556
557 #if defined(CONFIG_USER_ONLY)
558 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
559 {
560 tb_invalidate_phys_page_range(pc, pc + 1, 0);
561 }
562 #else
563 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
564 {
565 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
566 if (phys != -1) {
567 tb_invalidate_phys_addr(cpu->as,
568 phys | (pc & ~TARGET_PAGE_MASK));
569 }
570 }
571 #endif
572
573 #if defined(CONFIG_USER_ONLY)
574 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
575
576 {
577 }
578
579 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
580 int flags)
581 {
582 return -ENOSYS;
583 }
584
585 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
586 {
587 }
588
589 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
590 int flags, CPUWatchpoint **watchpoint)
591 {
592 return -ENOSYS;
593 }
594 #else
595 /* Add a watchpoint. */
596 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
597 int flags, CPUWatchpoint **watchpoint)
598 {
599 CPUWatchpoint *wp;
600
601 /* forbid ranges which are empty or run off the end of the address space */
602 if (len == 0 || (addr + len - 1) < addr) {
603 error_report("tried to set invalid watchpoint at %"
604 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
605 return -EINVAL;
606 }
607 wp = g_malloc(sizeof(*wp));
608
609 wp->vaddr = addr;
610 wp->len = len;
611 wp->flags = flags;
612
613 /* keep all GDB-injected watchpoints in front */
614 if (flags & BP_GDB) {
615 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
616 } else {
617 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
618 }
619
620 tlb_flush_page(cpu, addr);
621
622 if (watchpoint)
623 *watchpoint = wp;
624 return 0;
625 }
626
627 /* Remove a specific watchpoint. */
628 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
629 int flags)
630 {
631 CPUWatchpoint *wp;
632
633 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
634 if (addr == wp->vaddr && len == wp->len
635 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
636 cpu_watchpoint_remove_by_ref(cpu, wp);
637 return 0;
638 }
639 }
640 return -ENOENT;
641 }
642
643 /* Remove a specific watchpoint by reference. */
644 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
645 {
646 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
647
648 tlb_flush_page(cpu, watchpoint->vaddr);
649
650 g_free(watchpoint);
651 }
652
653 /* Remove all matching watchpoints. */
654 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
655 {
656 CPUWatchpoint *wp, *next;
657
658 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
659 if (wp->flags & mask) {
660 cpu_watchpoint_remove_by_ref(cpu, wp);
661 }
662 }
663 }
664
665 /* Return true if this watchpoint address matches the specified
666 * access (ie the address range covered by the watchpoint overlaps
667 * partially or completely with the address range covered by the
668 * access).
669 */
670 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
671 vaddr addr,
672 vaddr len)
673 {
674 /* We know the lengths are non-zero, but a little caution is
675 * required to avoid errors in the case where the range ends
676 * exactly at the top of the address space and so addr + len
677 * wraps round to zero.
678 */
679 vaddr wpend = wp->vaddr + wp->len - 1;
680 vaddr addrend = addr + len - 1;
681
682 return !(addr > wpend || wp->vaddr > addrend);
683 }
684
685 #endif
686
687 /* Add a breakpoint. */
688 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
689 CPUBreakpoint **breakpoint)
690 {
691 CPUBreakpoint *bp;
692
693 bp = g_malloc(sizeof(*bp));
694
695 bp->pc = pc;
696 bp->flags = flags;
697
698 /* keep all GDB-injected breakpoints in front */
699 if (flags & BP_GDB) {
700 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
701 } else {
702 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
703 }
704
705 breakpoint_invalidate(cpu, pc);
706
707 if (breakpoint) {
708 *breakpoint = bp;
709 }
710 return 0;
711 }
712
713 /* Remove a specific breakpoint. */
714 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
715 {
716 CPUBreakpoint *bp;
717
718 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
719 if (bp->pc == pc && bp->flags == flags) {
720 cpu_breakpoint_remove_by_ref(cpu, bp);
721 return 0;
722 }
723 }
724 return -ENOENT;
725 }
726
727 /* Remove a specific breakpoint by reference. */
728 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
729 {
730 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
731
732 breakpoint_invalidate(cpu, breakpoint->pc);
733
734 g_free(breakpoint);
735 }
736
737 /* Remove all matching breakpoints. */
738 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
739 {
740 CPUBreakpoint *bp, *next;
741
742 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
743 if (bp->flags & mask) {
744 cpu_breakpoint_remove_by_ref(cpu, bp);
745 }
746 }
747 }
748
749 /* enable or disable single step mode. EXCP_DEBUG is returned by the
750 CPU loop after each instruction */
751 void cpu_single_step(CPUState *cpu, int enabled)
752 {
753 if (cpu->singlestep_enabled != enabled) {
754 cpu->singlestep_enabled = enabled;
755 if (kvm_enabled()) {
756 kvm_update_guest_debug(cpu, 0);
757 } else {
758 /* must flush all the translated code to avoid inconsistencies */
759 /* XXX: only flush what is necessary */
760 CPUArchState *env = cpu->env_ptr;
761 tb_flush(env);
762 }
763 }
764 }
765
766 void cpu_abort(CPUState *cpu, const char *fmt, ...)
767 {
768 va_list ap;
769 va_list ap2;
770
771 va_start(ap, fmt);
772 va_copy(ap2, ap);
773 fprintf(stderr, "qemu: fatal: ");
774 vfprintf(stderr, fmt, ap);
775 fprintf(stderr, "\n");
776 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
777 if (qemu_log_enabled()) {
778 qemu_log("qemu: fatal: ");
779 qemu_log_vprintf(fmt, ap2);
780 qemu_log("\n");
781 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
782 qemu_log_flush();
783 qemu_log_close();
784 }
785 va_end(ap2);
786 va_end(ap);
787 #if defined(CONFIG_USER_ONLY)
788 {
789 struct sigaction act;
790 sigfillset(&act.sa_mask);
791 act.sa_handler = SIG_DFL;
792 sigaction(SIGABRT, &act, NULL);
793 }
794 #endif
795 abort();
796 }
797
798 #if !defined(CONFIG_USER_ONLY)
799 /* Called from RCU critical section */
800 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
801 {
802 RAMBlock *block;
803
804 block = atomic_rcu_read(&ram_list.mru_block);
805 if (block && addr - block->offset < block->max_length) {
806 goto found;
807 }
808 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
809 if (addr - block->offset < block->max_length) {
810 goto found;
811 }
812 }
813
814 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
815 abort();
816
817 found:
818 /* It is safe to write mru_block outside the iothread lock. This
819 * is what happens:
820 *
821 * mru_block = xxx
822 * rcu_read_unlock()
823 * xxx removed from list
824 * rcu_read_lock()
825 * read mru_block
826 * mru_block = NULL;
827 * call_rcu(reclaim_ramblock, xxx);
828 * rcu_read_unlock()
829 *
830 * atomic_rcu_set is not needed here. The block was already published
831 * when it was placed into the list. Here we're just making an extra
832 * copy of the pointer.
833 */
834 ram_list.mru_block = block;
835 return block;
836 }
837
838 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
839 {
840 ram_addr_t start1;
841 RAMBlock *block;
842 ram_addr_t end;
843
844 end = TARGET_PAGE_ALIGN(start + length);
845 start &= TARGET_PAGE_MASK;
846
847 rcu_read_lock();
848 block = qemu_get_ram_block(start);
849 assert(block == qemu_get_ram_block(end - 1));
850 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
851 cpu_tlb_reset_dirty_all(start1, length);
852 rcu_read_unlock();
853 }
854
855 /* Note: start and end must be within the same ram block. */
856 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
857 ram_addr_t length,
858 unsigned client)
859 {
860 unsigned long end, page;
861 bool dirty;
862
863 if (length == 0) {
864 return false;
865 }
866
867 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
868 page = start >> TARGET_PAGE_BITS;
869 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
870 page, end - page);
871
872 if (dirty && tcg_enabled()) {
873 tlb_reset_dirty_range_all(start, length);
874 }
875
876 return dirty;
877 }
878
879 /* Called from RCU critical section */
880 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
881 MemoryRegionSection *section,
882 target_ulong vaddr,
883 hwaddr paddr, hwaddr xlat,
884 int prot,
885 target_ulong *address)
886 {
887 hwaddr iotlb;
888 CPUWatchpoint *wp;
889
890 if (memory_region_is_ram(section->mr)) {
891 /* Normal RAM. */
892 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
893 + xlat;
894 if (!section->readonly) {
895 iotlb |= PHYS_SECTION_NOTDIRTY;
896 } else {
897 iotlb |= PHYS_SECTION_ROM;
898 }
899 } else {
900 iotlb = section - section->address_space->dispatch->map.sections;
901 iotlb += xlat;
902 }
903
904 /* Make accesses to pages with watchpoints go via the
905 watchpoint trap routines. */
906 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
907 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
908 /* Avoid trapping reads of pages with a write breakpoint. */
909 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
910 iotlb = PHYS_SECTION_WATCH + paddr;
911 *address |= TLB_MMIO;
912 break;
913 }
914 }
915 }
916
917 return iotlb;
918 }
919 #endif /* defined(CONFIG_USER_ONLY) */
920
921 #if !defined(CONFIG_USER_ONLY)
922
923 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
924 uint16_t section);
925 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
926
927 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
928 qemu_anon_ram_alloc;
929
930 /*
931 * Set a custom physical guest memory alloator.
932 * Accelerators with unusual needs may need this. Hopefully, we can
933 * get rid of it eventually.
934 */
935 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
936 {
937 phys_mem_alloc = alloc;
938 }
939
940 static uint16_t phys_section_add(PhysPageMap *map,
941 MemoryRegionSection *section)
942 {
943 /* The physical section number is ORed with a page-aligned
944 * pointer to produce the iotlb entries. Thus it should
945 * never overflow into the page-aligned value.
946 */
947 assert(map->sections_nb < TARGET_PAGE_SIZE);
948
949 if (map->sections_nb == map->sections_nb_alloc) {
950 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
951 map->sections = g_renew(MemoryRegionSection, map->sections,
952 map->sections_nb_alloc);
953 }
954 map->sections[map->sections_nb] = *section;
955 memory_region_ref(section->mr);
956 return map->sections_nb++;
957 }
958
959 static void phys_section_destroy(MemoryRegion *mr)
960 {
961 memory_region_unref(mr);
962
963 if (mr->subpage) {
964 subpage_t *subpage = container_of(mr, subpage_t, iomem);
965 object_unref(OBJECT(&subpage->iomem));
966 g_free(subpage);
967 }
968 }
969
970 static void phys_sections_free(PhysPageMap *map)
971 {
972 while (map->sections_nb > 0) {
973 MemoryRegionSection *section = &map->sections[--map->sections_nb];
974 phys_section_destroy(section->mr);
975 }
976 g_free(map->sections);
977 g_free(map->nodes);
978 }
979
980 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
981 {
982 subpage_t *subpage;
983 hwaddr base = section->offset_within_address_space
984 & TARGET_PAGE_MASK;
985 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
986 d->map.nodes, d->map.sections);
987 MemoryRegionSection subsection = {
988 .offset_within_address_space = base,
989 .size = int128_make64(TARGET_PAGE_SIZE),
990 };
991 hwaddr start, end;
992
993 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
994
995 if (!(existing->mr->subpage)) {
996 subpage = subpage_init(d->as, base);
997 subsection.address_space = d->as;
998 subsection.mr = &subpage->iomem;
999 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1000 phys_section_add(&d->map, &subsection));
1001 } else {
1002 subpage = container_of(existing->mr, subpage_t, iomem);
1003 }
1004 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1005 end = start + int128_get64(section->size) - 1;
1006 subpage_register(subpage, start, end,
1007 phys_section_add(&d->map, section));
1008 }
1009
1010
1011 static void register_multipage(AddressSpaceDispatch *d,
1012 MemoryRegionSection *section)
1013 {
1014 hwaddr start_addr = section->offset_within_address_space;
1015 uint16_t section_index = phys_section_add(&d->map, section);
1016 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1017 TARGET_PAGE_BITS));
1018
1019 assert(num_pages);
1020 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1021 }
1022
1023 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1024 {
1025 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1026 AddressSpaceDispatch *d = as->next_dispatch;
1027 MemoryRegionSection now = *section, remain = *section;
1028 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1029
1030 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1031 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1032 - now.offset_within_address_space;
1033
1034 now.size = int128_min(int128_make64(left), now.size);
1035 register_subpage(d, &now);
1036 } else {
1037 now.size = int128_zero();
1038 }
1039 while (int128_ne(remain.size, now.size)) {
1040 remain.size = int128_sub(remain.size, now.size);
1041 remain.offset_within_address_space += int128_get64(now.size);
1042 remain.offset_within_region += int128_get64(now.size);
1043 now = remain;
1044 if (int128_lt(remain.size, page_size)) {
1045 register_subpage(d, &now);
1046 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1047 now.size = page_size;
1048 register_subpage(d, &now);
1049 } else {
1050 now.size = int128_and(now.size, int128_neg(page_size));
1051 register_multipage(d, &now);
1052 }
1053 }
1054 }
1055
1056 void qemu_flush_coalesced_mmio_buffer(void)
1057 {
1058 if (kvm_enabled())
1059 kvm_flush_coalesced_mmio_buffer();
1060 }
1061
1062 void qemu_mutex_lock_ramlist(void)
1063 {
1064 qemu_mutex_lock(&ram_list.mutex);
1065 }
1066
1067 void qemu_mutex_unlock_ramlist(void)
1068 {
1069 qemu_mutex_unlock(&ram_list.mutex);
1070 }
1071
1072 #ifdef __linux__
1073
1074 #include <sys/vfs.h>
1075
1076 #define HUGETLBFS_MAGIC 0x958458f6
1077
1078 static long gethugepagesize(const char *path, Error **errp)
1079 {
1080 struct statfs fs;
1081 int ret;
1082
1083 do {
1084 ret = statfs(path, &fs);
1085 } while (ret != 0 && errno == EINTR);
1086
1087 if (ret != 0) {
1088 error_setg_errno(errp, errno, "failed to get page size of file %s",
1089 path);
1090 return 0;
1091 }
1092
1093 if (fs.f_type != HUGETLBFS_MAGIC)
1094 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1095
1096 return fs.f_bsize;
1097 }
1098
1099 static void *file_ram_alloc(RAMBlock *block,
1100 ram_addr_t memory,
1101 const char *path,
1102 Error **errp)
1103 {
1104 char *filename;
1105 char *sanitized_name;
1106 char *c;
1107 void *area = NULL;
1108 int fd;
1109 uint64_t hpagesize;
1110 Error *local_err = NULL;
1111
1112 hpagesize = gethugepagesize(path, &local_err);
1113 if (local_err) {
1114 error_propagate(errp, local_err);
1115 goto error;
1116 }
1117 block->mr->align = hpagesize;
1118
1119 if (memory < hpagesize) {
1120 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1121 "or larger than huge page size 0x%" PRIx64,
1122 memory, hpagesize);
1123 goto error;
1124 }
1125
1126 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1127 error_setg(errp,
1128 "host lacks kvm mmu notifiers, -mem-path unsupported");
1129 goto error;
1130 }
1131
1132 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1133 sanitized_name = g_strdup(memory_region_name(block->mr));
1134 for (c = sanitized_name; *c != '\0'; c++) {
1135 if (*c == '/')
1136 *c = '_';
1137 }
1138
1139 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1140 sanitized_name);
1141 g_free(sanitized_name);
1142
1143 fd = mkstemp(filename);
1144 if (fd < 0) {
1145 error_setg_errno(errp, errno,
1146 "unable to create backing store for hugepages");
1147 g_free(filename);
1148 goto error;
1149 }
1150 unlink(filename);
1151 g_free(filename);
1152
1153 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1154
1155 /*
1156 * ftruncate is not supported by hugetlbfs in older
1157 * hosts, so don't bother bailing out on errors.
1158 * If anything goes wrong with it under other filesystems,
1159 * mmap will fail.
1160 */
1161 if (ftruncate(fd, memory)) {
1162 perror("ftruncate");
1163 }
1164
1165 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1166 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1167 fd, 0);
1168 if (area == MAP_FAILED) {
1169 error_setg_errno(errp, errno,
1170 "unable to map backing store for hugepages");
1171 close(fd);
1172 goto error;
1173 }
1174
1175 if (mem_prealloc) {
1176 os_mem_prealloc(fd, area, memory);
1177 }
1178
1179 block->fd = fd;
1180 return area;
1181
1182 error:
1183 if (mem_prealloc) {
1184 error_report("%s", error_get_pretty(*errp));
1185 exit(1);
1186 }
1187 return NULL;
1188 }
1189 #endif
1190
1191 /* Called with the ramlist lock held. */
1192 static ram_addr_t find_ram_offset(ram_addr_t size)
1193 {
1194 RAMBlock *block, *next_block;
1195 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1196
1197 assert(size != 0); /* it would hand out same offset multiple times */
1198
1199 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1200 return 0;
1201 }
1202
1203 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1204 ram_addr_t end, next = RAM_ADDR_MAX;
1205
1206 end = block->offset + block->max_length;
1207
1208 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1209 if (next_block->offset >= end) {
1210 next = MIN(next, next_block->offset);
1211 }
1212 }
1213 if (next - end >= size && next - end < mingap) {
1214 offset = end;
1215 mingap = next - end;
1216 }
1217 }
1218
1219 if (offset == RAM_ADDR_MAX) {
1220 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1221 (uint64_t)size);
1222 abort();
1223 }
1224
1225 return offset;
1226 }
1227
1228 ram_addr_t last_ram_offset(void)
1229 {
1230 RAMBlock *block;
1231 ram_addr_t last = 0;
1232
1233 rcu_read_lock();
1234 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1235 last = MAX(last, block->offset + block->max_length);
1236 }
1237 rcu_read_unlock();
1238 return last;
1239 }
1240
1241 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1242 {
1243 int ret;
1244
1245 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1246 if (!machine_dump_guest_core(current_machine)) {
1247 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1248 if (ret) {
1249 perror("qemu_madvise");
1250 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1251 "but dump_guest_core=off specified\n");
1252 }
1253 }
1254 }
1255
1256 /* Called within an RCU critical section, or while the ramlist lock
1257 * is held.
1258 */
1259 static RAMBlock *find_ram_block(ram_addr_t addr)
1260 {
1261 RAMBlock *block;
1262
1263 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1264 if (block->offset == addr) {
1265 return block;
1266 }
1267 }
1268
1269 return NULL;
1270 }
1271
1272 /* Called with iothread lock held. */
1273 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1274 {
1275 RAMBlock *new_block, *block;
1276
1277 rcu_read_lock();
1278 new_block = find_ram_block(addr);
1279 assert(new_block);
1280 assert(!new_block->idstr[0]);
1281
1282 if (dev) {
1283 char *id = qdev_get_dev_path(dev);
1284 if (id) {
1285 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1286 g_free(id);
1287 }
1288 }
1289 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1290
1291 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1292 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1293 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1294 new_block->idstr);
1295 abort();
1296 }
1297 }
1298 rcu_read_unlock();
1299 }
1300
1301 /* Called with iothread lock held. */
1302 void qemu_ram_unset_idstr(ram_addr_t addr)
1303 {
1304 RAMBlock *block;
1305
1306 /* FIXME: arch_init.c assumes that this is not called throughout
1307 * migration. Ignore the problem since hot-unplug during migration
1308 * does not work anyway.
1309 */
1310
1311 rcu_read_lock();
1312 block = find_ram_block(addr);
1313 if (block) {
1314 memset(block->idstr, 0, sizeof(block->idstr));
1315 }
1316 rcu_read_unlock();
1317 }
1318
1319 static int memory_try_enable_merging(void *addr, size_t len)
1320 {
1321 if (!machine_mem_merge(current_machine)) {
1322 /* disabled by the user */
1323 return 0;
1324 }
1325
1326 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1327 }
1328
1329 /* Only legal before guest might have detected the memory size: e.g. on
1330 * incoming migration, or right after reset.
1331 *
1332 * As memory core doesn't know how is memory accessed, it is up to
1333 * resize callback to update device state and/or add assertions to detect
1334 * misuse, if necessary.
1335 */
1336 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1337 {
1338 RAMBlock *block = find_ram_block(base);
1339
1340 assert(block);
1341
1342 newsize = TARGET_PAGE_ALIGN(newsize);
1343
1344 if (block->used_length == newsize) {
1345 return 0;
1346 }
1347
1348 if (!(block->flags & RAM_RESIZEABLE)) {
1349 error_setg_errno(errp, EINVAL,
1350 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1351 " in != 0x" RAM_ADDR_FMT, block->idstr,
1352 newsize, block->used_length);
1353 return -EINVAL;
1354 }
1355
1356 if (block->max_length < newsize) {
1357 error_setg_errno(errp, EINVAL,
1358 "Length too large: %s: 0x" RAM_ADDR_FMT
1359 " > 0x" RAM_ADDR_FMT, block->idstr,
1360 newsize, block->max_length);
1361 return -EINVAL;
1362 }
1363
1364 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1365 block->used_length = newsize;
1366 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1367 DIRTY_CLIENTS_ALL);
1368 memory_region_set_size(block->mr, newsize);
1369 if (block->resized) {
1370 block->resized(block->idstr, newsize, block->host);
1371 }
1372 return 0;
1373 }
1374
1375 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1376 {
1377 RAMBlock *block;
1378 RAMBlock *last_block = NULL;
1379 ram_addr_t old_ram_size, new_ram_size;
1380
1381 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1382
1383 qemu_mutex_lock_ramlist();
1384 new_block->offset = find_ram_offset(new_block->max_length);
1385
1386 if (!new_block->host) {
1387 if (xen_enabled()) {
1388 xen_ram_alloc(new_block->offset, new_block->max_length,
1389 new_block->mr);
1390 } else {
1391 new_block->host = phys_mem_alloc(new_block->max_length,
1392 &new_block->mr->align);
1393 if (!new_block->host) {
1394 error_setg_errno(errp, errno,
1395 "cannot set up guest memory '%s'",
1396 memory_region_name(new_block->mr));
1397 qemu_mutex_unlock_ramlist();
1398 return -1;
1399 }
1400 memory_try_enable_merging(new_block->host, new_block->max_length);
1401 }
1402 }
1403
1404 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1405 * QLIST (which has an RCU-friendly variant) does not have insertion at
1406 * tail, so save the last element in last_block.
1407 */
1408 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1409 last_block = block;
1410 if (block->max_length < new_block->max_length) {
1411 break;
1412 }
1413 }
1414 if (block) {
1415 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1416 } else if (last_block) {
1417 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1418 } else { /* list is empty */
1419 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1420 }
1421 ram_list.mru_block = NULL;
1422
1423 /* Write list before version */
1424 smp_wmb();
1425 ram_list.version++;
1426 qemu_mutex_unlock_ramlist();
1427
1428 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1429
1430 if (new_ram_size > old_ram_size) {
1431 int i;
1432
1433 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1434 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1435 ram_list.dirty_memory[i] =
1436 bitmap_zero_extend(ram_list.dirty_memory[i],
1437 old_ram_size, new_ram_size);
1438 }
1439 }
1440 cpu_physical_memory_set_dirty_range(new_block->offset,
1441 new_block->used_length,
1442 DIRTY_CLIENTS_ALL);
1443
1444 if (new_block->host) {
1445 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1446 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1447 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1448 if (kvm_enabled()) {
1449 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1450 }
1451 }
1452
1453 return new_block->offset;
1454 }
1455
1456 #ifdef __linux__
1457 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1458 bool share, const char *mem_path,
1459 Error **errp)
1460 {
1461 RAMBlock *new_block;
1462 ram_addr_t addr;
1463 Error *local_err = NULL;
1464
1465 if (xen_enabled()) {
1466 error_setg(errp, "-mem-path not supported with Xen");
1467 return -1;
1468 }
1469
1470 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1471 /*
1472 * file_ram_alloc() needs to allocate just like
1473 * phys_mem_alloc, but we haven't bothered to provide
1474 * a hook there.
1475 */
1476 error_setg(errp,
1477 "-mem-path not supported with this accelerator");
1478 return -1;
1479 }
1480
1481 size = TARGET_PAGE_ALIGN(size);
1482 new_block = g_malloc0(sizeof(*new_block));
1483 new_block->mr = mr;
1484 new_block->used_length = size;
1485 new_block->max_length = size;
1486 new_block->flags = share ? RAM_SHARED : 0;
1487 new_block->host = file_ram_alloc(new_block, size,
1488 mem_path, errp);
1489 if (!new_block->host) {
1490 g_free(new_block);
1491 return -1;
1492 }
1493
1494 addr = ram_block_add(new_block, &local_err);
1495 if (local_err) {
1496 g_free(new_block);
1497 error_propagate(errp, local_err);
1498 return -1;
1499 }
1500 return addr;
1501 }
1502 #endif
1503
1504 static
1505 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1506 void (*resized)(const char*,
1507 uint64_t length,
1508 void *host),
1509 void *host, bool resizeable,
1510 MemoryRegion *mr, Error **errp)
1511 {
1512 RAMBlock *new_block;
1513 ram_addr_t addr;
1514 Error *local_err = NULL;
1515
1516 size = TARGET_PAGE_ALIGN(size);
1517 max_size = TARGET_PAGE_ALIGN(max_size);
1518 new_block = g_malloc0(sizeof(*new_block));
1519 new_block->mr = mr;
1520 new_block->resized = resized;
1521 new_block->used_length = size;
1522 new_block->max_length = max_size;
1523 assert(max_size >= size);
1524 new_block->fd = -1;
1525 new_block->host = host;
1526 if (host) {
1527 new_block->flags |= RAM_PREALLOC;
1528 }
1529 if (resizeable) {
1530 new_block->flags |= RAM_RESIZEABLE;
1531 }
1532 addr = ram_block_add(new_block, &local_err);
1533 if (local_err) {
1534 g_free(new_block);
1535 error_propagate(errp, local_err);
1536 return -1;
1537 }
1538 return addr;
1539 }
1540
1541 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1542 MemoryRegion *mr, Error **errp)
1543 {
1544 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1545 }
1546
1547 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1548 {
1549 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1550 }
1551
1552 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1553 void (*resized)(const char*,
1554 uint64_t length,
1555 void *host),
1556 MemoryRegion *mr, Error **errp)
1557 {
1558 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1559 }
1560
1561 void qemu_ram_free_from_ptr(ram_addr_t addr)
1562 {
1563 RAMBlock *block;
1564
1565 qemu_mutex_lock_ramlist();
1566 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1567 if (addr == block->offset) {
1568 QLIST_REMOVE_RCU(block, next);
1569 ram_list.mru_block = NULL;
1570 /* Write list before version */
1571 smp_wmb();
1572 ram_list.version++;
1573 g_free_rcu(block, rcu);
1574 break;
1575 }
1576 }
1577 qemu_mutex_unlock_ramlist();
1578 }
1579
1580 static void reclaim_ramblock(RAMBlock *block)
1581 {
1582 if (block->flags & RAM_PREALLOC) {
1583 ;
1584 } else if (xen_enabled()) {
1585 xen_invalidate_map_cache_entry(block->host);
1586 #ifndef _WIN32
1587 } else if (block->fd >= 0) {
1588 munmap(block->host, block->max_length);
1589 close(block->fd);
1590 #endif
1591 } else {
1592 qemu_anon_ram_free(block->host, block->max_length);
1593 }
1594 g_free(block);
1595 }
1596
1597 void qemu_ram_free(ram_addr_t addr)
1598 {
1599 RAMBlock *block;
1600
1601 qemu_mutex_lock_ramlist();
1602 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1603 if (addr == block->offset) {
1604 QLIST_REMOVE_RCU(block, next);
1605 ram_list.mru_block = NULL;
1606 /* Write list before version */
1607 smp_wmb();
1608 ram_list.version++;
1609 call_rcu(block, reclaim_ramblock, rcu);
1610 break;
1611 }
1612 }
1613 qemu_mutex_unlock_ramlist();
1614 }
1615
1616 #ifndef _WIN32
1617 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1618 {
1619 RAMBlock *block;
1620 ram_addr_t offset;
1621 int flags;
1622 void *area, *vaddr;
1623
1624 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1625 offset = addr - block->offset;
1626 if (offset < block->max_length) {
1627 vaddr = ramblock_ptr(block, offset);
1628 if (block->flags & RAM_PREALLOC) {
1629 ;
1630 } else if (xen_enabled()) {
1631 abort();
1632 } else {
1633 flags = MAP_FIXED;
1634 if (block->fd >= 0) {
1635 flags |= (block->flags & RAM_SHARED ?
1636 MAP_SHARED : MAP_PRIVATE);
1637 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1638 flags, block->fd, offset);
1639 } else {
1640 /*
1641 * Remap needs to match alloc. Accelerators that
1642 * set phys_mem_alloc never remap. If they did,
1643 * we'd need a remap hook here.
1644 */
1645 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1646
1647 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1648 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1649 flags, -1, 0);
1650 }
1651 if (area != vaddr) {
1652 fprintf(stderr, "Could not remap addr: "
1653 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1654 length, addr);
1655 exit(1);
1656 }
1657 memory_try_enable_merging(vaddr, length);
1658 qemu_ram_setup_dump(vaddr, length);
1659 }
1660 }
1661 }
1662 }
1663 #endif /* !_WIN32 */
1664
1665 int qemu_get_ram_fd(ram_addr_t addr)
1666 {
1667 RAMBlock *block;
1668 int fd;
1669
1670 rcu_read_lock();
1671 block = qemu_get_ram_block(addr);
1672 fd = block->fd;
1673 rcu_read_unlock();
1674 return fd;
1675 }
1676
1677 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1678 {
1679 RAMBlock *block;
1680 void *ptr;
1681
1682 rcu_read_lock();
1683 block = qemu_get_ram_block(addr);
1684 ptr = ramblock_ptr(block, 0);
1685 rcu_read_unlock();
1686 return ptr;
1687 }
1688
1689 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1690 * This should not be used for general purpose DMA. Use address_space_map
1691 * or address_space_rw instead. For local memory (e.g. video ram) that the
1692 * device owns, use memory_region_get_ram_ptr.
1693 *
1694 * By the time this function returns, the returned pointer is not protected
1695 * by RCU anymore. If the caller is not within an RCU critical section and
1696 * does not hold the iothread lock, it must have other means of protecting the
1697 * pointer, such as a reference to the region that includes the incoming
1698 * ram_addr_t.
1699 */
1700 void *qemu_get_ram_ptr(ram_addr_t addr)
1701 {
1702 RAMBlock *block;
1703 void *ptr;
1704
1705 rcu_read_lock();
1706 block = qemu_get_ram_block(addr);
1707
1708 if (xen_enabled() && block->host == NULL) {
1709 /* We need to check if the requested address is in the RAM
1710 * because we don't want to map the entire memory in QEMU.
1711 * In that case just map until the end of the page.
1712 */
1713 if (block->offset == 0) {
1714 ptr = xen_map_cache(addr, 0, 0);
1715 goto unlock;
1716 }
1717
1718 block->host = xen_map_cache(block->offset, block->max_length, 1);
1719 }
1720 ptr = ramblock_ptr(block, addr - block->offset);
1721
1722 unlock:
1723 rcu_read_unlock();
1724 return ptr;
1725 }
1726
1727 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1728 * but takes a size argument.
1729 *
1730 * By the time this function returns, the returned pointer is not protected
1731 * by RCU anymore. If the caller is not within an RCU critical section and
1732 * does not hold the iothread lock, it must have other means of protecting the
1733 * pointer, such as a reference to the region that includes the incoming
1734 * ram_addr_t.
1735 */
1736 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1737 {
1738 void *ptr;
1739 if (*size == 0) {
1740 return NULL;
1741 }
1742 if (xen_enabled()) {
1743 return xen_map_cache(addr, *size, 1);
1744 } else {
1745 RAMBlock *block;
1746 rcu_read_lock();
1747 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1748 if (addr - block->offset < block->max_length) {
1749 if (addr - block->offset + *size > block->max_length)
1750 *size = block->max_length - addr + block->offset;
1751 ptr = ramblock_ptr(block, addr - block->offset);
1752 rcu_read_unlock();
1753 return ptr;
1754 }
1755 }
1756
1757 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1758 abort();
1759 }
1760 }
1761
1762 /* Some of the softmmu routines need to translate from a host pointer
1763 * (typically a TLB entry) back to a ram offset.
1764 *
1765 * By the time this function returns, the returned pointer is not protected
1766 * by RCU anymore. If the caller is not within an RCU critical section and
1767 * does not hold the iothread lock, it must have other means of protecting the
1768 * pointer, such as a reference to the region that includes the incoming
1769 * ram_addr_t.
1770 */
1771 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1772 {
1773 RAMBlock *block;
1774 uint8_t *host = ptr;
1775 MemoryRegion *mr;
1776
1777 if (xen_enabled()) {
1778 rcu_read_lock();
1779 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1780 mr = qemu_get_ram_block(*ram_addr)->mr;
1781 rcu_read_unlock();
1782 return mr;
1783 }
1784
1785 rcu_read_lock();
1786 block = atomic_rcu_read(&ram_list.mru_block);
1787 if (block && block->host && host - block->host < block->max_length) {
1788 goto found;
1789 }
1790
1791 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1792 /* This case append when the block is not mapped. */
1793 if (block->host == NULL) {
1794 continue;
1795 }
1796 if (host - block->host < block->max_length) {
1797 goto found;
1798 }
1799 }
1800
1801 rcu_read_unlock();
1802 return NULL;
1803
1804 found:
1805 *ram_addr = block->offset + (host - block->host);
1806 mr = block->mr;
1807 rcu_read_unlock();
1808 return mr;
1809 }
1810
1811 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1812 uint64_t val, unsigned size)
1813 {
1814 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1815 tb_invalidate_phys_page_fast(ram_addr, size);
1816 }
1817 switch (size) {
1818 case 1:
1819 stb_p(qemu_get_ram_ptr(ram_addr), val);
1820 break;
1821 case 2:
1822 stw_p(qemu_get_ram_ptr(ram_addr), val);
1823 break;
1824 case 4:
1825 stl_p(qemu_get_ram_ptr(ram_addr), val);
1826 break;
1827 default:
1828 abort();
1829 }
1830 /* Set both VGA and migration bits for simplicity and to remove
1831 * the notdirty callback faster.
1832 */
1833 cpu_physical_memory_set_dirty_range(ram_addr, size,
1834 DIRTY_CLIENTS_NOCODE);
1835 /* we remove the notdirty callback only if the code has been
1836 flushed */
1837 if (!cpu_physical_memory_is_clean(ram_addr)) {
1838 CPUArchState *env = current_cpu->env_ptr;
1839 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1840 }
1841 }
1842
1843 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1844 unsigned size, bool is_write)
1845 {
1846 return is_write;
1847 }
1848
1849 static const MemoryRegionOps notdirty_mem_ops = {
1850 .write = notdirty_mem_write,
1851 .valid.accepts = notdirty_mem_accepts,
1852 .endianness = DEVICE_NATIVE_ENDIAN,
1853 };
1854
1855 /* Generate a debug exception if a watchpoint has been hit. */
1856 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1857 {
1858 CPUState *cpu = current_cpu;
1859 CPUArchState *env = cpu->env_ptr;
1860 target_ulong pc, cs_base;
1861 target_ulong vaddr;
1862 CPUWatchpoint *wp;
1863 int cpu_flags;
1864
1865 if (cpu->watchpoint_hit) {
1866 /* We re-entered the check after replacing the TB. Now raise
1867 * the debug interrupt so that is will trigger after the
1868 * current instruction. */
1869 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1870 return;
1871 }
1872 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1873 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1874 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1875 && (wp->flags & flags)) {
1876 if (flags == BP_MEM_READ) {
1877 wp->flags |= BP_WATCHPOINT_HIT_READ;
1878 } else {
1879 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1880 }
1881 wp->hitaddr = vaddr;
1882 wp->hitattrs = attrs;
1883 if (!cpu->watchpoint_hit) {
1884 cpu->watchpoint_hit = wp;
1885 tb_check_watchpoint(cpu);
1886 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1887 cpu->exception_index = EXCP_DEBUG;
1888 cpu_loop_exit(cpu);
1889 } else {
1890 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1891 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1892 cpu_resume_from_signal(cpu, NULL);
1893 }
1894 }
1895 } else {
1896 wp->flags &= ~BP_WATCHPOINT_HIT;
1897 }
1898 }
1899 }
1900
1901 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1902 so these check for a hit then pass through to the normal out-of-line
1903 phys routines. */
1904 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
1905 unsigned size, MemTxAttrs attrs)
1906 {
1907 MemTxResult res;
1908 uint64_t data;
1909
1910 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1911 switch (size) {
1912 case 1:
1913 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
1914 break;
1915 case 2:
1916 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
1917 break;
1918 case 4:
1919 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
1920 break;
1921 default: abort();
1922 }
1923 *pdata = data;
1924 return res;
1925 }
1926
1927 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
1928 uint64_t val, unsigned size,
1929 MemTxAttrs attrs)
1930 {
1931 MemTxResult res;
1932
1933 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1934 switch (size) {
1935 case 1:
1936 address_space_stb(&address_space_memory, addr, val, attrs, &res);
1937 break;
1938 case 2:
1939 address_space_stw(&address_space_memory, addr, val, attrs, &res);
1940 break;
1941 case 4:
1942 address_space_stl(&address_space_memory, addr, val, attrs, &res);
1943 break;
1944 default: abort();
1945 }
1946 return res;
1947 }
1948
1949 static const MemoryRegionOps watch_mem_ops = {
1950 .read_with_attrs = watch_mem_read,
1951 .write_with_attrs = watch_mem_write,
1952 .endianness = DEVICE_NATIVE_ENDIAN,
1953 };
1954
1955 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
1956 unsigned len, MemTxAttrs attrs)
1957 {
1958 subpage_t *subpage = opaque;
1959 uint8_t buf[8];
1960 MemTxResult res;
1961
1962 #if defined(DEBUG_SUBPAGE)
1963 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1964 subpage, len, addr);
1965 #endif
1966 res = address_space_read(subpage->as, addr + subpage->base,
1967 attrs, buf, len);
1968 if (res) {
1969 return res;
1970 }
1971 switch (len) {
1972 case 1:
1973 *data = ldub_p(buf);
1974 return MEMTX_OK;
1975 case 2:
1976 *data = lduw_p(buf);
1977 return MEMTX_OK;
1978 case 4:
1979 *data = ldl_p(buf);
1980 return MEMTX_OK;
1981 case 8:
1982 *data = ldq_p(buf);
1983 return MEMTX_OK;
1984 default:
1985 abort();
1986 }
1987 }
1988
1989 static MemTxResult subpage_write(void *opaque, hwaddr addr,
1990 uint64_t value, unsigned len, MemTxAttrs attrs)
1991 {
1992 subpage_t *subpage = opaque;
1993 uint8_t buf[8];
1994
1995 #if defined(DEBUG_SUBPAGE)
1996 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1997 " value %"PRIx64"\n",
1998 __func__, subpage, len, addr, value);
1999 #endif
2000 switch (len) {
2001 case 1:
2002 stb_p(buf, value);
2003 break;
2004 case 2:
2005 stw_p(buf, value);
2006 break;
2007 case 4:
2008 stl_p(buf, value);
2009 break;
2010 case 8:
2011 stq_p(buf, value);
2012 break;
2013 default:
2014 abort();
2015 }
2016 return address_space_write(subpage->as, addr + subpage->base,
2017 attrs, buf, len);
2018 }
2019
2020 static bool subpage_accepts(void *opaque, hwaddr addr,
2021 unsigned len, bool is_write)
2022 {
2023 subpage_t *subpage = opaque;
2024 #if defined(DEBUG_SUBPAGE)
2025 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2026 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2027 #endif
2028
2029 return address_space_access_valid(subpage->as, addr + subpage->base,
2030 len, is_write);
2031 }
2032
2033 static const MemoryRegionOps subpage_ops = {
2034 .read_with_attrs = subpage_read,
2035 .write_with_attrs = subpage_write,
2036 .impl.min_access_size = 1,
2037 .impl.max_access_size = 8,
2038 .valid.min_access_size = 1,
2039 .valid.max_access_size = 8,
2040 .valid.accepts = subpage_accepts,
2041 .endianness = DEVICE_NATIVE_ENDIAN,
2042 };
2043
2044 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2045 uint16_t section)
2046 {
2047 int idx, eidx;
2048
2049 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2050 return -1;
2051 idx = SUBPAGE_IDX(start);
2052 eidx = SUBPAGE_IDX(end);
2053 #if defined(DEBUG_SUBPAGE)
2054 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2055 __func__, mmio, start, end, idx, eidx, section);
2056 #endif
2057 for (; idx <= eidx; idx++) {
2058 mmio->sub_section[idx] = section;
2059 }
2060
2061 return 0;
2062 }
2063
2064 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2065 {
2066 subpage_t *mmio;
2067
2068 mmio = g_malloc0(sizeof(subpage_t));
2069
2070 mmio->as = as;
2071 mmio->base = base;
2072 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2073 NULL, TARGET_PAGE_SIZE);
2074 mmio->iomem.subpage = true;
2075 #if defined(DEBUG_SUBPAGE)
2076 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2077 mmio, base, TARGET_PAGE_SIZE);
2078 #endif
2079 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2080
2081 return mmio;
2082 }
2083
2084 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2085 MemoryRegion *mr)
2086 {
2087 assert(as);
2088 MemoryRegionSection section = {
2089 .address_space = as,
2090 .mr = mr,
2091 .offset_within_address_space = 0,
2092 .offset_within_region = 0,
2093 .size = int128_2_64(),
2094 };
2095
2096 return phys_section_add(map, &section);
2097 }
2098
2099 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2100 {
2101 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2102 MemoryRegionSection *sections = d->map.sections;
2103
2104 return sections[index & ~TARGET_PAGE_MASK].mr;
2105 }
2106
2107 static void io_mem_init(void)
2108 {
2109 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2110 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2111 NULL, UINT64_MAX);
2112 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2113 NULL, UINT64_MAX);
2114 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2115 NULL, UINT64_MAX);
2116 }
2117
2118 static void mem_begin(MemoryListener *listener)
2119 {
2120 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2121 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2122 uint16_t n;
2123
2124 n = dummy_section(&d->map, as, &io_mem_unassigned);
2125 assert(n == PHYS_SECTION_UNASSIGNED);
2126 n = dummy_section(&d->map, as, &io_mem_notdirty);
2127 assert(n == PHYS_SECTION_NOTDIRTY);
2128 n = dummy_section(&d->map, as, &io_mem_rom);
2129 assert(n == PHYS_SECTION_ROM);
2130 n = dummy_section(&d->map, as, &io_mem_watch);
2131 assert(n == PHYS_SECTION_WATCH);
2132
2133 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2134 d->as = as;
2135 as->next_dispatch = d;
2136 }
2137
2138 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2139 {
2140 phys_sections_free(&d->map);
2141 g_free(d);
2142 }
2143
2144 static void mem_commit(MemoryListener *listener)
2145 {
2146 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2147 AddressSpaceDispatch *cur = as->dispatch;
2148 AddressSpaceDispatch *next = as->next_dispatch;
2149
2150 phys_page_compact_all(next, next->map.nodes_nb);
2151
2152 atomic_rcu_set(&as->dispatch, next);
2153 if (cur) {
2154 call_rcu(cur, address_space_dispatch_free, rcu);
2155 }
2156 }
2157
2158 static void tcg_commit(MemoryListener *listener)
2159 {
2160 CPUState *cpu;
2161
2162 /* since each CPU stores ram addresses in its TLB cache, we must
2163 reset the modified entries */
2164 /* XXX: slow ! */
2165 CPU_FOREACH(cpu) {
2166 /* FIXME: Disentangle the cpu.h circular files deps so we can
2167 directly get the right CPU from listener. */
2168 if (cpu->tcg_as_listener != listener) {
2169 continue;
2170 }
2171 cpu_reload_memory_map(cpu);
2172 }
2173 }
2174
2175 void address_space_init_dispatch(AddressSpace *as)
2176 {
2177 as->dispatch = NULL;
2178 as->dispatch_listener = (MemoryListener) {
2179 .begin = mem_begin,
2180 .commit = mem_commit,
2181 .region_add = mem_add,
2182 .region_nop = mem_add,
2183 .priority = 0,
2184 };
2185 memory_listener_register(&as->dispatch_listener, as);
2186 }
2187
2188 void address_space_unregister(AddressSpace *as)
2189 {
2190 memory_listener_unregister(&as->dispatch_listener);
2191 }
2192
2193 void address_space_destroy_dispatch(AddressSpace *as)
2194 {
2195 AddressSpaceDispatch *d = as->dispatch;
2196
2197 atomic_rcu_set(&as->dispatch, NULL);
2198 if (d) {
2199 call_rcu(d, address_space_dispatch_free, rcu);
2200 }
2201 }
2202
2203 static void memory_map_init(void)
2204 {
2205 system_memory = g_malloc(sizeof(*system_memory));
2206
2207 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2208 address_space_init(&address_space_memory, system_memory, "memory");
2209
2210 system_io = g_malloc(sizeof(*system_io));
2211 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2212 65536);
2213 address_space_init(&address_space_io, system_io, "I/O");
2214 }
2215
2216 MemoryRegion *get_system_memory(void)
2217 {
2218 return system_memory;
2219 }
2220
2221 MemoryRegion *get_system_io(void)
2222 {
2223 return system_io;
2224 }
2225
2226 #endif /* !defined(CONFIG_USER_ONLY) */
2227
2228 /* physical memory access (slow version, mainly for debug) */
2229 #if defined(CONFIG_USER_ONLY)
2230 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2231 uint8_t *buf, int len, int is_write)
2232 {
2233 int l, flags;
2234 target_ulong page;
2235 void * p;
2236
2237 while (len > 0) {
2238 page = addr & TARGET_PAGE_MASK;
2239 l = (page + TARGET_PAGE_SIZE) - addr;
2240 if (l > len)
2241 l = len;
2242 flags = page_get_flags(page);
2243 if (!(flags & PAGE_VALID))
2244 return -1;
2245 if (is_write) {
2246 if (!(flags & PAGE_WRITE))
2247 return -1;
2248 /* XXX: this code should not depend on lock_user */
2249 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2250 return -1;
2251 memcpy(p, buf, l);
2252 unlock_user(p, addr, l);
2253 } else {
2254 if (!(flags & PAGE_READ))
2255 return -1;
2256 /* XXX: this code should not depend on lock_user */
2257 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2258 return -1;
2259 memcpy(buf, p, l);
2260 unlock_user(p, addr, 0);
2261 }
2262 len -= l;
2263 buf += l;
2264 addr += l;
2265 }
2266 return 0;
2267 }
2268
2269 #else
2270
2271 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2272 hwaddr length)
2273 {
2274 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2275 /* No early return if dirty_log_mask is or becomes 0, because
2276 * cpu_physical_memory_set_dirty_range will still call
2277 * xen_modified_memory.
2278 */
2279 if (dirty_log_mask) {
2280 dirty_log_mask =
2281 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2282 }
2283 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2284 tb_invalidate_phys_range(addr, addr + length);
2285 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2286 }
2287 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2288 }
2289
2290 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2291 {
2292 unsigned access_size_max = mr->ops->valid.max_access_size;
2293
2294 /* Regions are assumed to support 1-4 byte accesses unless
2295 otherwise specified. */
2296 if (access_size_max == 0) {
2297 access_size_max = 4;
2298 }
2299
2300 /* Bound the maximum access by the alignment of the address. */
2301 if (!mr->ops->impl.unaligned) {
2302 unsigned align_size_max = addr & -addr;
2303 if (align_size_max != 0 && align_size_max < access_size_max) {
2304 access_size_max = align_size_max;
2305 }
2306 }
2307
2308 /* Don't attempt accesses larger than the maximum. */
2309 if (l > access_size_max) {
2310 l = access_size_max;
2311 }
2312 if (l & (l - 1)) {
2313 l = 1 << (qemu_fls(l) - 1);
2314 }
2315
2316 return l;
2317 }
2318
2319 static void prepare_mmio_access(MemoryRegion *mr)
2320 {
2321 if (mr->flush_coalesced_mmio) {
2322 qemu_flush_coalesced_mmio_buffer();
2323 }
2324 }
2325
2326 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2327 uint8_t *buf, int len, bool is_write)
2328 {
2329 hwaddr l;
2330 uint8_t *ptr;
2331 uint64_t val;
2332 hwaddr addr1;
2333 MemoryRegion *mr;
2334 MemTxResult result = MEMTX_OK;
2335
2336 rcu_read_lock();
2337 while (len > 0) {
2338 l = len;
2339 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2340
2341 if (is_write) {
2342 if (!memory_access_is_direct(mr, is_write)) {
2343 prepare_mmio_access(mr);
2344 l = memory_access_size(mr, l, addr1);
2345 /* XXX: could force current_cpu to NULL to avoid
2346 potential bugs */
2347 switch (l) {
2348 case 8:
2349 /* 64 bit write access */
2350 val = ldq_p(buf);
2351 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2352 attrs);
2353 break;
2354 case 4:
2355 /* 32 bit write access */
2356 val = ldl_p(buf);
2357 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2358 attrs);
2359 break;
2360 case 2:
2361 /* 16 bit write access */
2362 val = lduw_p(buf);
2363 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2364 attrs);
2365 break;
2366 case 1:
2367 /* 8 bit write access */
2368 val = ldub_p(buf);
2369 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2370 attrs);
2371 break;
2372 default:
2373 abort();
2374 }
2375 } else {
2376 addr1 += memory_region_get_ram_addr(mr);
2377 /* RAM case */
2378 ptr = qemu_get_ram_ptr(addr1);
2379 memcpy(ptr, buf, l);
2380 invalidate_and_set_dirty(mr, addr1, l);
2381 }
2382 } else {
2383 if (!memory_access_is_direct(mr, is_write)) {
2384 /* I/O case */
2385 prepare_mmio_access(mr);
2386 l = memory_access_size(mr, l, addr1);
2387 switch (l) {
2388 case 8:
2389 /* 64 bit read access */
2390 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2391 attrs);
2392 stq_p(buf, val);
2393 break;
2394 case 4:
2395 /* 32 bit read access */
2396 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2397 attrs);
2398 stl_p(buf, val);
2399 break;
2400 case 2:
2401 /* 16 bit read access */
2402 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2403 attrs);
2404 stw_p(buf, val);
2405 break;
2406 case 1:
2407 /* 8 bit read access */
2408 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2409 attrs);
2410 stb_p(buf, val);
2411 break;
2412 default:
2413 abort();
2414 }
2415 } else {
2416 /* RAM case */
2417 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2418 memcpy(buf, ptr, l);
2419 }
2420 }
2421 len -= l;
2422 buf += l;
2423 addr += l;
2424 }
2425 rcu_read_unlock();
2426
2427 return result;
2428 }
2429
2430 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2431 const uint8_t *buf, int len)
2432 {
2433 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2434 }
2435
2436 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2437 uint8_t *buf, int len)
2438 {
2439 return address_space_rw(as, addr, attrs, buf, len, false);
2440 }
2441
2442
2443 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2444 int len, int is_write)
2445 {
2446 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2447 buf, len, is_write);
2448 }
2449
2450 enum write_rom_type {
2451 WRITE_DATA,
2452 FLUSH_CACHE,
2453 };
2454
2455 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2456 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2457 {
2458 hwaddr l;
2459 uint8_t *ptr;
2460 hwaddr addr1;
2461 MemoryRegion *mr;
2462
2463 rcu_read_lock();
2464 while (len > 0) {
2465 l = len;
2466 mr = address_space_translate(as, addr, &addr1, &l, true);
2467
2468 if (!(memory_region_is_ram(mr) ||
2469 memory_region_is_romd(mr))) {
2470 /* do nothing */
2471 } else {
2472 addr1 += memory_region_get_ram_addr(mr);
2473 /* ROM/RAM case */
2474 ptr = qemu_get_ram_ptr(addr1);
2475 switch (type) {
2476 case WRITE_DATA:
2477 memcpy(ptr, buf, l);
2478 invalidate_and_set_dirty(mr, addr1, l);
2479 break;
2480 case FLUSH_CACHE:
2481 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2482 break;
2483 }
2484 }
2485 len -= l;
2486 buf += l;
2487 addr += l;
2488 }
2489 rcu_read_unlock();
2490 }
2491
2492 /* used for ROM loading : can write in RAM and ROM */
2493 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2494 const uint8_t *buf, int len)
2495 {
2496 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2497 }
2498
2499 void cpu_flush_icache_range(hwaddr start, int len)
2500 {
2501 /*
2502 * This function should do the same thing as an icache flush that was
2503 * triggered from within the guest. For TCG we are always cache coherent,
2504 * so there is no need to flush anything. For KVM / Xen we need to flush
2505 * the host's instruction cache at least.
2506 */
2507 if (tcg_enabled()) {
2508 return;
2509 }
2510
2511 cpu_physical_memory_write_rom_internal(&address_space_memory,
2512 start, NULL, len, FLUSH_CACHE);
2513 }
2514
2515 typedef struct {
2516 MemoryRegion *mr;
2517 void *buffer;
2518 hwaddr addr;
2519 hwaddr len;
2520 bool in_use;
2521 } BounceBuffer;
2522
2523 static BounceBuffer bounce;
2524
2525 typedef struct MapClient {
2526 QEMUBH *bh;
2527 QLIST_ENTRY(MapClient) link;
2528 } MapClient;
2529
2530 QemuMutex map_client_list_lock;
2531 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2532 = QLIST_HEAD_INITIALIZER(map_client_list);
2533
2534 static void cpu_unregister_map_client_do(MapClient *client)
2535 {
2536 QLIST_REMOVE(client, link);
2537 g_free(client);
2538 }
2539
2540 static void cpu_notify_map_clients_locked(void)
2541 {
2542 MapClient *client;
2543
2544 while (!QLIST_EMPTY(&map_client_list)) {
2545 client = QLIST_FIRST(&map_client_list);
2546 qemu_bh_schedule(client->bh);
2547 cpu_unregister_map_client_do(client);
2548 }
2549 }
2550
2551 void cpu_register_map_client(QEMUBH *bh)
2552 {
2553 MapClient *client = g_malloc(sizeof(*client));
2554
2555 qemu_mutex_lock(&map_client_list_lock);
2556 client->bh = bh;
2557 QLIST_INSERT_HEAD(&map_client_list, client, link);
2558 if (!atomic_read(&bounce.in_use)) {
2559 cpu_notify_map_clients_locked();
2560 }
2561 qemu_mutex_unlock(&map_client_list_lock);
2562 }
2563
2564 void cpu_exec_init_all(void)
2565 {
2566 qemu_mutex_init(&ram_list.mutex);
2567 memory_map_init();
2568 io_mem_init();
2569 qemu_mutex_init(&map_client_list_lock);
2570 }
2571
2572 void cpu_unregister_map_client(QEMUBH *bh)
2573 {
2574 MapClient *client;
2575
2576 qemu_mutex_lock(&map_client_list_lock);
2577 QLIST_FOREACH(client, &map_client_list, link) {
2578 if (client->bh == bh) {
2579 cpu_unregister_map_client_do(client);
2580 break;
2581 }
2582 }
2583 qemu_mutex_unlock(&map_client_list_lock);
2584 }
2585
2586 static void cpu_notify_map_clients(void)
2587 {
2588 qemu_mutex_lock(&map_client_list_lock);
2589 cpu_notify_map_clients_locked();
2590 qemu_mutex_unlock(&map_client_list_lock);
2591 }
2592
2593 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2594 {
2595 MemoryRegion *mr;
2596 hwaddr l, xlat;
2597
2598 rcu_read_lock();
2599 while (len > 0) {
2600 l = len;
2601 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2602 if (!memory_access_is_direct(mr, is_write)) {
2603 l = memory_access_size(mr, l, addr);
2604 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2605 return false;
2606 }
2607 }
2608
2609 len -= l;
2610 addr += l;
2611 }
2612 rcu_read_unlock();
2613 return true;
2614 }
2615
2616 /* Map a physical memory region into a host virtual address.
2617 * May map a subset of the requested range, given by and returned in *plen.
2618 * May return NULL if resources needed to perform the mapping are exhausted.
2619 * Use only for reads OR writes - not for read-modify-write operations.
2620 * Use cpu_register_map_client() to know when retrying the map operation is
2621 * likely to succeed.
2622 */
2623 void *address_space_map(AddressSpace *as,
2624 hwaddr addr,
2625 hwaddr *plen,
2626 bool is_write)
2627 {
2628 hwaddr len = *plen;
2629 hwaddr done = 0;
2630 hwaddr l, xlat, base;
2631 MemoryRegion *mr, *this_mr;
2632 ram_addr_t raddr;
2633
2634 if (len == 0) {
2635 return NULL;
2636 }
2637
2638 l = len;
2639 rcu_read_lock();
2640 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2641
2642 if (!memory_access_is_direct(mr, is_write)) {
2643 if (atomic_xchg(&bounce.in_use, true)) {
2644 rcu_read_unlock();
2645 return NULL;
2646 }
2647 /* Avoid unbounded allocations */
2648 l = MIN(l, TARGET_PAGE_SIZE);
2649 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2650 bounce.addr = addr;
2651 bounce.len = l;
2652
2653 memory_region_ref(mr);
2654 bounce.mr = mr;
2655 if (!is_write) {
2656 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2657 bounce.buffer, l);
2658 }
2659
2660 rcu_read_unlock();
2661 *plen = l;
2662 return bounce.buffer;
2663 }
2664
2665 base = xlat;
2666 raddr = memory_region_get_ram_addr(mr);
2667
2668 for (;;) {
2669 len -= l;
2670 addr += l;
2671 done += l;
2672 if (len == 0) {
2673 break;
2674 }
2675
2676 l = len;
2677 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2678 if (this_mr != mr || xlat != base + done) {
2679 break;
2680 }
2681 }
2682
2683 memory_region_ref(mr);
2684 rcu_read_unlock();
2685 *plen = done;
2686 return qemu_ram_ptr_length(raddr + base, plen);
2687 }
2688
2689 /* Unmaps a memory region previously mapped by address_space_map().
2690 * Will also mark the memory as dirty if is_write == 1. access_len gives
2691 * the amount of memory that was actually read or written by the caller.
2692 */
2693 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2694 int is_write, hwaddr access_len)
2695 {
2696 if (buffer != bounce.buffer) {
2697 MemoryRegion *mr;
2698 ram_addr_t addr1;
2699
2700 mr = qemu_ram_addr_from_host(buffer, &addr1);
2701 assert(mr != NULL);
2702 if (is_write) {
2703 invalidate_and_set_dirty(mr, addr1, access_len);
2704 }
2705 if (xen_enabled()) {
2706 xen_invalidate_map_cache_entry(buffer);
2707 }
2708 memory_region_unref(mr);
2709 return;
2710 }
2711 if (is_write) {
2712 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2713 bounce.buffer, access_len);
2714 }
2715 qemu_vfree(bounce.buffer);
2716 bounce.buffer = NULL;
2717 memory_region_unref(bounce.mr);
2718 atomic_mb_set(&bounce.in_use, false);
2719 cpu_notify_map_clients();
2720 }
2721
2722 void *cpu_physical_memory_map(hwaddr addr,
2723 hwaddr *plen,
2724 int is_write)
2725 {
2726 return address_space_map(&address_space_memory, addr, plen, is_write);
2727 }
2728
2729 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2730 int is_write, hwaddr access_len)
2731 {
2732 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2733 }
2734
2735 /* warning: addr must be aligned */
2736 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2737 MemTxAttrs attrs,
2738 MemTxResult *result,
2739 enum device_endian endian)
2740 {
2741 uint8_t *ptr;
2742 uint64_t val;
2743 MemoryRegion *mr;
2744 hwaddr l = 4;
2745 hwaddr addr1;
2746 MemTxResult r;
2747
2748 rcu_read_lock();
2749 mr = address_space_translate(as, addr, &addr1, &l, false);
2750 if (l < 4 || !memory_access_is_direct(mr, false)) {
2751 prepare_mmio_access(mr);
2752
2753 /* I/O case */
2754 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2755 #if defined(TARGET_WORDS_BIGENDIAN)
2756 if (endian == DEVICE_LITTLE_ENDIAN) {
2757 val = bswap32(val);
2758 }
2759 #else
2760 if (endian == DEVICE_BIG_ENDIAN) {
2761 val = bswap32(val);
2762 }
2763 #endif
2764 } else {
2765 /* RAM case */
2766 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2767 & TARGET_PAGE_MASK)
2768 + addr1);
2769 switch (endian) {
2770 case DEVICE_LITTLE_ENDIAN:
2771 val = ldl_le_p(ptr);
2772 break;
2773 case DEVICE_BIG_ENDIAN:
2774 val = ldl_be_p(ptr);
2775 break;
2776 default:
2777 val = ldl_p(ptr);
2778 break;
2779 }
2780 r = MEMTX_OK;
2781 }
2782 if (result) {
2783 *result = r;
2784 }
2785 rcu_read_unlock();
2786 return val;
2787 }
2788
2789 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2790 MemTxAttrs attrs, MemTxResult *result)
2791 {
2792 return address_space_ldl_internal(as, addr, attrs, result,
2793 DEVICE_NATIVE_ENDIAN);
2794 }
2795
2796 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2797 MemTxAttrs attrs, MemTxResult *result)
2798 {
2799 return address_space_ldl_internal(as, addr, attrs, result,
2800 DEVICE_LITTLE_ENDIAN);
2801 }
2802
2803 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2804 MemTxAttrs attrs, MemTxResult *result)
2805 {
2806 return address_space_ldl_internal(as, addr, attrs, result,
2807 DEVICE_BIG_ENDIAN);
2808 }
2809
2810 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2811 {
2812 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2813 }
2814
2815 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2816 {
2817 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2818 }
2819
2820 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2821 {
2822 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2823 }
2824
2825 /* warning: addr must be aligned */
2826 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2827 MemTxAttrs attrs,
2828 MemTxResult *result,
2829 enum device_endian endian)
2830 {
2831 uint8_t *ptr;
2832 uint64_t val;
2833 MemoryRegion *mr;
2834 hwaddr l = 8;
2835 hwaddr addr1;
2836 MemTxResult r;
2837
2838 rcu_read_lock();
2839 mr = address_space_translate(as, addr, &addr1, &l,
2840 false);
2841 if (l < 8 || !memory_access_is_direct(mr, false)) {
2842 prepare_mmio_access(mr);
2843
2844 /* I/O case */
2845 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2846 #if defined(TARGET_WORDS_BIGENDIAN)
2847 if (endian == DEVICE_LITTLE_ENDIAN) {
2848 val = bswap64(val);
2849 }
2850 #else
2851 if (endian == DEVICE_BIG_ENDIAN) {
2852 val = bswap64(val);
2853 }
2854 #endif
2855 } else {
2856 /* RAM case */
2857 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2858 & TARGET_PAGE_MASK)
2859 + addr1);
2860 switch (endian) {
2861 case DEVICE_LITTLE_ENDIAN:
2862 val = ldq_le_p(ptr);
2863 break;
2864 case DEVICE_BIG_ENDIAN:
2865 val = ldq_be_p(ptr);
2866 break;
2867 default:
2868 val = ldq_p(ptr);
2869 break;
2870 }
2871 r = MEMTX_OK;
2872 }
2873 if (result) {
2874 *result = r;
2875 }
2876 rcu_read_unlock();
2877 return val;
2878 }
2879
2880 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
2881 MemTxAttrs attrs, MemTxResult *result)
2882 {
2883 return address_space_ldq_internal(as, addr, attrs, result,
2884 DEVICE_NATIVE_ENDIAN);
2885 }
2886
2887 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
2888 MemTxAttrs attrs, MemTxResult *result)
2889 {
2890 return address_space_ldq_internal(as, addr, attrs, result,
2891 DEVICE_LITTLE_ENDIAN);
2892 }
2893
2894 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
2895 MemTxAttrs attrs, MemTxResult *result)
2896 {
2897 return address_space_ldq_internal(as, addr, attrs, result,
2898 DEVICE_BIG_ENDIAN);
2899 }
2900
2901 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
2902 {
2903 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2904 }
2905
2906 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
2907 {
2908 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2909 }
2910
2911 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
2912 {
2913 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2914 }
2915
2916 /* XXX: optimize */
2917 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
2918 MemTxAttrs attrs, MemTxResult *result)
2919 {
2920 uint8_t val;
2921 MemTxResult r;
2922
2923 r = address_space_rw(as, addr, attrs, &val, 1, 0);
2924 if (result) {
2925 *result = r;
2926 }
2927 return val;
2928 }
2929
2930 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
2931 {
2932 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2933 }
2934
2935 /* warning: addr must be aligned */
2936 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
2937 hwaddr addr,
2938 MemTxAttrs attrs,
2939 MemTxResult *result,
2940 enum device_endian endian)
2941 {
2942 uint8_t *ptr;
2943 uint64_t val;
2944 MemoryRegion *mr;
2945 hwaddr l = 2;
2946 hwaddr addr1;
2947 MemTxResult r;
2948
2949 rcu_read_lock();
2950 mr = address_space_translate(as, addr, &addr1, &l,
2951 false);
2952 if (l < 2 || !memory_access_is_direct(mr, false)) {
2953 prepare_mmio_access(mr);
2954
2955 /* I/O case */
2956 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
2957 #if defined(TARGET_WORDS_BIGENDIAN)
2958 if (endian == DEVICE_LITTLE_ENDIAN) {
2959 val = bswap16(val);
2960 }
2961 #else
2962 if (endian == DEVICE_BIG_ENDIAN) {
2963 val = bswap16(val);
2964 }
2965 #endif
2966 } else {
2967 /* RAM case */
2968 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2969 & TARGET_PAGE_MASK)
2970 + addr1);
2971 switch (endian) {
2972 case DEVICE_LITTLE_ENDIAN:
2973 val = lduw_le_p(ptr);
2974 break;
2975 case DEVICE_BIG_ENDIAN:
2976 val = lduw_be_p(ptr);
2977 break;
2978 default:
2979 val = lduw_p(ptr);
2980 break;
2981 }
2982 r = MEMTX_OK;
2983 }
2984 if (result) {
2985 *result = r;
2986 }
2987 rcu_read_unlock();
2988 return val;
2989 }
2990
2991 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
2992 MemTxAttrs attrs, MemTxResult *result)
2993 {
2994 return address_space_lduw_internal(as, addr, attrs, result,
2995 DEVICE_NATIVE_ENDIAN);
2996 }
2997
2998 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
2999 MemTxAttrs attrs, MemTxResult *result)
3000 {
3001 return address_space_lduw_internal(as, addr, attrs, result,
3002 DEVICE_LITTLE_ENDIAN);
3003 }
3004
3005 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3006 MemTxAttrs attrs, MemTxResult *result)
3007 {
3008 return address_space_lduw_internal(as, addr, attrs, result,
3009 DEVICE_BIG_ENDIAN);
3010 }
3011
3012 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3013 {
3014 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3015 }
3016
3017 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3018 {
3019 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3020 }
3021
3022 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3023 {
3024 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3025 }
3026
3027 /* warning: addr must be aligned. The ram page is not masked as dirty
3028 and the code inside is not invalidated. It is useful if the dirty
3029 bits are used to track modified PTEs */
3030 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3031 MemTxAttrs attrs, MemTxResult *result)
3032 {
3033 uint8_t *ptr;
3034 MemoryRegion *mr;
3035 hwaddr l = 4;
3036 hwaddr addr1;
3037 MemTxResult r;
3038 uint8_t dirty_log_mask;
3039
3040 rcu_read_lock();
3041 mr = address_space_translate(as, addr, &addr1, &l,
3042 true);
3043 if (l < 4 || !memory_access_is_direct(mr, true)) {
3044 prepare_mmio_access(mr);
3045
3046 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3047 } else {
3048 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3049 ptr = qemu_get_ram_ptr(addr1);
3050 stl_p(ptr, val);
3051
3052 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3053 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3054 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3055 r = MEMTX_OK;
3056 }
3057 if (result) {
3058 *result = r;
3059 }
3060 rcu_read_unlock();
3061 }
3062
3063 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3064 {
3065 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3066 }
3067
3068 /* warning: addr must be aligned */
3069 static inline void address_space_stl_internal(AddressSpace *as,
3070 hwaddr addr, uint32_t val,
3071 MemTxAttrs attrs,
3072 MemTxResult *result,
3073 enum device_endian endian)
3074 {
3075 uint8_t *ptr;
3076 MemoryRegion *mr;
3077 hwaddr l = 4;
3078 hwaddr addr1;
3079 MemTxResult r;
3080
3081 rcu_read_lock();
3082 mr = address_space_translate(as, addr, &addr1, &l,
3083 true);
3084 if (l < 4 || !memory_access_is_direct(mr, true)) {
3085 prepare_mmio_access(mr);
3086
3087 #if defined(TARGET_WORDS_BIGENDIAN)
3088 if (endian == DEVICE_LITTLE_ENDIAN) {
3089 val = bswap32(val);
3090 }
3091 #else
3092 if (endian == DEVICE_BIG_ENDIAN) {
3093 val = bswap32(val);
3094 }
3095 #endif
3096 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3097 } else {
3098 /* RAM case */
3099 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3100 ptr = qemu_get_ram_ptr(addr1);
3101 switch (endian) {
3102 case DEVICE_LITTLE_ENDIAN:
3103 stl_le_p(ptr, val);
3104 break;
3105 case DEVICE_BIG_ENDIAN:
3106 stl_be_p(ptr, val);
3107 break;
3108 default:
3109 stl_p(ptr, val);
3110 break;
3111 }
3112 invalidate_and_set_dirty(mr, addr1, 4);
3113 r = MEMTX_OK;
3114 }
3115 if (result) {
3116 *result = r;
3117 }
3118 rcu_read_unlock();
3119 }
3120
3121 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3122 MemTxAttrs attrs, MemTxResult *result)
3123 {
3124 address_space_stl_internal(as, addr, val, attrs, result,
3125 DEVICE_NATIVE_ENDIAN);
3126 }
3127
3128 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3129 MemTxAttrs attrs, MemTxResult *result)
3130 {
3131 address_space_stl_internal(as, addr, val, attrs, result,
3132 DEVICE_LITTLE_ENDIAN);
3133 }
3134
3135 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3136 MemTxAttrs attrs, MemTxResult *result)
3137 {
3138 address_space_stl_internal(as, addr, val, attrs, result,
3139 DEVICE_BIG_ENDIAN);
3140 }
3141
3142 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3143 {
3144 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3145 }
3146
3147 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3148 {
3149 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3150 }
3151
3152 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3153 {
3154 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3155 }
3156
3157 /* XXX: optimize */
3158 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3159 MemTxAttrs attrs, MemTxResult *result)
3160 {
3161 uint8_t v = val;
3162 MemTxResult r;
3163
3164 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3165 if (result) {
3166 *result = r;
3167 }
3168 }
3169
3170 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3171 {
3172 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3173 }
3174
3175 /* warning: addr must be aligned */
3176 static inline void address_space_stw_internal(AddressSpace *as,
3177 hwaddr addr, uint32_t val,
3178 MemTxAttrs attrs,
3179 MemTxResult *result,
3180 enum device_endian endian)
3181 {
3182 uint8_t *ptr;
3183 MemoryRegion *mr;
3184 hwaddr l = 2;
3185 hwaddr addr1;
3186 MemTxResult r;
3187
3188 rcu_read_lock();
3189 mr = address_space_translate(as, addr, &addr1, &l, true);
3190 if (l < 2 || !memory_access_is_direct(mr, true)) {
3191 prepare_mmio_access(mr);
3192
3193 #if defined(TARGET_WORDS_BIGENDIAN)
3194 if (endian == DEVICE_LITTLE_ENDIAN) {
3195 val = bswap16(val);
3196 }
3197 #else
3198 if (endian == DEVICE_BIG_ENDIAN) {
3199 val = bswap16(val);
3200 }
3201 #endif
3202 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3203 } else {
3204 /* RAM case */
3205 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3206 ptr = qemu_get_ram_ptr(addr1);
3207 switch (endian) {
3208 case DEVICE_LITTLE_ENDIAN:
3209 stw_le_p(ptr, val);
3210 break;
3211 case DEVICE_BIG_ENDIAN:
3212 stw_be_p(ptr, val);
3213 break;
3214 default:
3215 stw_p(ptr, val);
3216 break;
3217 }
3218 invalidate_and_set_dirty(mr, addr1, 2);
3219 r = MEMTX_OK;
3220 }
3221 if (result) {
3222 *result = r;
3223 }
3224 rcu_read_unlock();
3225 }
3226
3227 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3228 MemTxAttrs attrs, MemTxResult *result)
3229 {
3230 address_space_stw_internal(as, addr, val, attrs, result,
3231 DEVICE_NATIVE_ENDIAN);
3232 }
3233
3234 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3235 MemTxAttrs attrs, MemTxResult *result)
3236 {
3237 address_space_stw_internal(as, addr, val, attrs, result,
3238 DEVICE_LITTLE_ENDIAN);
3239 }
3240
3241 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3242 MemTxAttrs attrs, MemTxResult *result)
3243 {
3244 address_space_stw_internal(as, addr, val, attrs, result,
3245 DEVICE_BIG_ENDIAN);
3246 }
3247
3248 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3249 {
3250 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3251 }
3252
3253 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3254 {
3255 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3256 }
3257
3258 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3259 {
3260 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3261 }
3262
3263 /* XXX: optimize */
3264 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3265 MemTxAttrs attrs, MemTxResult *result)
3266 {
3267 MemTxResult r;
3268 val = tswap64(val);
3269 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3270 if (result) {
3271 *result = r;
3272 }
3273 }
3274
3275 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3276 MemTxAttrs attrs, MemTxResult *result)
3277 {
3278 MemTxResult r;
3279 val = cpu_to_le64(val);
3280 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3281 if (result) {
3282 *result = r;
3283 }
3284 }
3285 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3286 MemTxAttrs attrs, MemTxResult *result)
3287 {
3288 MemTxResult r;
3289 val = cpu_to_be64(val);
3290 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3291 if (result) {
3292 *result = r;
3293 }
3294 }
3295
3296 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3297 {
3298 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3299 }
3300
3301 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3302 {
3303 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3304 }
3305
3306 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3307 {
3308 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3309 }
3310
3311 /* virtual memory access for debug (includes writing to ROM) */
3312 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3313 uint8_t *buf, int len, int is_write)
3314 {
3315 int l;
3316 hwaddr phys_addr;
3317 target_ulong page;
3318
3319 while (len > 0) {
3320 page = addr & TARGET_PAGE_MASK;
3321 phys_addr = cpu_get_phys_page_debug(cpu, page);
3322 /* if no physical page mapped, return an error */
3323 if (phys_addr == -1)
3324 return -1;
3325 l = (page + TARGET_PAGE_SIZE) - addr;
3326 if (l > len)
3327 l = len;
3328 phys_addr += (addr & ~TARGET_PAGE_MASK);
3329 if (is_write) {
3330 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3331 } else {
3332 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3333 buf, l, 0);
3334 }
3335 len -= l;
3336 buf += l;
3337 addr += l;
3338 }
3339 return 0;
3340 }
3341 #endif
3342
3343 /*
3344 * A helper function for the _utterly broken_ virtio device model to find out if
3345 * it's running on a big endian machine. Don't do this at home kids!
3346 */
3347 bool target_words_bigendian(void);
3348 bool target_words_bigendian(void)
3349 {
3350 #if defined(TARGET_WORDS_BIGENDIAN)
3351 return true;
3352 #else
3353 return false;
3354 #endif
3355 }
3356
3357 #ifndef CONFIG_USER_ONLY
3358 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3359 {
3360 MemoryRegion*mr;
3361 hwaddr l = 1;
3362 bool res;
3363
3364 rcu_read_lock();
3365 mr = address_space_translate(&address_space_memory,
3366 phys_addr, &phys_addr, &l, false);
3367
3368 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3369 rcu_read_unlock();
3370 return res;
3371 }
3372
3373 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3374 {
3375 RAMBlock *block;
3376 int ret = 0;
3377
3378 rcu_read_lock();
3379 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3380 ret = func(block->idstr, block->host, block->offset,
3381 block->used_length, opaque);
3382 if (ret) {
3383 break;
3384 }
3385 }
3386 rcu_read_unlock();
3387 return ret;
3388 }
3389 #endif
CRIS target port of Qemu