search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
cpu: Add Error argument to cpu_exec_init()
[qemu/cris-port.git] / exec.c
blobce5fadd88a95e340a2c7c21a9366e01047522fa1
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "exec/cputlb.h"
53 #include "translate-all.h"
54
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
57
58 #include "qemu/range.h"
59
60 //#define DEBUG_SUBPAGE
61
62 #if !defined(CONFIG_USER_ONLY)
63 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
64 * are protected by the ramlist lock.
65 */
66 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
67
68 static MemoryRegion *system_memory;
69 static MemoryRegion *system_io;
70
71 AddressSpace address_space_io;
72 AddressSpace address_space_memory;
73
74 MemoryRegion io_mem_rom, io_mem_notdirty;
75 static MemoryRegion io_mem_unassigned;
76
77 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
78 #define RAM_PREALLOC (1 << 0)
79
80 /* RAM is mmap-ed with MAP_SHARED */
81 #define RAM_SHARED (1 << 1)
82
83 /* Only a portion of RAM (used_length) is actually used, and migrated.
84 * This used_length size can change across reboots.
85 */
86 #define RAM_RESIZEABLE (1 << 2)
87
88 #endif
89
90 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
91 /* current CPU in the current thread. It is only valid inside
92 cpu_exec() */
93 DEFINE_TLS(CPUState *, current_cpu);
94 /* 0 = Do not count executed instructions.
95 1 = Precise instruction counting.
96 2 = Adaptive rate instruction counting. */
97 int use_icount;
98
99 #if !defined(CONFIG_USER_ONLY)
100
101 typedef struct PhysPageEntry PhysPageEntry;
102
103 struct PhysPageEntry {
104 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
105 uint32_t skip : 6;
106 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
107 uint32_t ptr : 26;
108 };
109
110 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
111
112 /* Size of the L2 (and L3, etc) page tables. */
113 #define ADDR_SPACE_BITS 64
114
115 #define P_L2_BITS 9
116 #define P_L2_SIZE (1 << P_L2_BITS)
117
118 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
119
120 typedef PhysPageEntry Node[P_L2_SIZE];
121
122 typedef struct PhysPageMap {
123 struct rcu_head rcu;
124
125 unsigned sections_nb;
126 unsigned sections_nb_alloc;
127 unsigned nodes_nb;
128 unsigned nodes_nb_alloc;
129 Node *nodes;
130 MemoryRegionSection *sections;
131 } PhysPageMap;
132
133 struct AddressSpaceDispatch {
134 struct rcu_head rcu;
135
136 /* This is a multi-level map on the physical address space.
137 * The bottom level has pointers to MemoryRegionSections.
138 */
139 PhysPageEntry phys_map;
140 PhysPageMap map;
141 AddressSpace *as;
142 };
143
144 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
145 typedef struct subpage_t {
146 MemoryRegion iomem;
147 AddressSpace *as;
148 hwaddr base;
149 uint16_t sub_section[TARGET_PAGE_SIZE];
150 } subpage_t;
151
152 #define PHYS_SECTION_UNASSIGNED 0
153 #define PHYS_SECTION_NOTDIRTY 1
154 #define PHYS_SECTION_ROM 2
155 #define PHYS_SECTION_WATCH 3
156
157 static void io_mem_init(void);
158 static void memory_map_init(void);
159 static void tcg_commit(MemoryListener *listener);
160
161 static MemoryRegion io_mem_watch;
162 #endif
163
164 #if !defined(CONFIG_USER_ONLY)
165
166 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
167 {
168 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
170 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
171 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
172 }
173 }
174
175 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
176 {
177 unsigned i;
178 uint32_t ret;
179 PhysPageEntry e;
180 PhysPageEntry *p;
181
182 ret = map->nodes_nb++;
183 p = map->nodes[ret];
184 assert(ret != PHYS_MAP_NODE_NIL);
185 assert(ret != map->nodes_nb_alloc);
186
187 e.skip = leaf ? 0 : 1;
188 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
189 for (i = 0; i < P_L2_SIZE; ++i) {
190 memcpy(&p[i], &e, sizeof(e));
191 }
192 return ret;
193 }
194
195 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
196 hwaddr *index, hwaddr *nb, uint16_t leaf,
197 int level)
198 {
199 PhysPageEntry *p;
200 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
201
202 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
203 lp->ptr = phys_map_node_alloc(map, level == 0);
204 }
205 p = map->nodes[lp->ptr];
206 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
207
208 while (*nb && lp < &p[P_L2_SIZE]) {
209 if ((*index & (step - 1)) == 0 && *nb >= step) {
210 lp->skip = 0;
211 lp->ptr = leaf;
212 *index += step;
213 *nb -= step;
214 } else {
215 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
216 }
217 ++lp;
218 }
219 }
220
221 static void phys_page_set(AddressSpaceDispatch *d,
222 hwaddr index, hwaddr nb,
223 uint16_t leaf)
224 {
225 /* Wildly overreserve - it doesn't matter much. */
226 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
227
228 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
229 }
230
231 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
232 * and update our entry so we can skip it and go directly to the destination.
233 */
234 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
235 {
236 unsigned valid_ptr = P_L2_SIZE;
237 int valid = 0;
238 PhysPageEntry *p;
239 int i;
240
241 if (lp->ptr == PHYS_MAP_NODE_NIL) {
242 return;
243 }
244
245 p = nodes[lp->ptr];
246 for (i = 0; i < P_L2_SIZE; i++) {
247 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
248 continue;
249 }
250
251 valid_ptr = i;
252 valid++;
253 if (p[i].skip) {
254 phys_page_compact(&p[i], nodes, compacted);
255 }
256 }
257
258 /* We can only compress if there's only one child. */
259 if (valid != 1) {
260 return;
261 }
262
263 assert(valid_ptr < P_L2_SIZE);
264
265 /* Don't compress if it won't fit in the # of bits we have. */
266 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
267 return;
268 }
269
270 lp->ptr = p[valid_ptr].ptr;
271 if (!p[valid_ptr].skip) {
272 /* If our only child is a leaf, make this a leaf. */
273 /* By design, we should have made this node a leaf to begin with so we
274 * should never reach here.
275 * But since it's so simple to handle this, let's do it just in case we
276 * change this rule.
277 */
278 lp->skip = 0;
279 } else {
280 lp->skip += p[valid_ptr].skip;
281 }
282 }
283
284 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
285 {
286 DECLARE_BITMAP(compacted, nodes_nb);
287
288 if (d->phys_map.skip) {
289 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
290 }
291 }
292
293 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
294 Node *nodes, MemoryRegionSection *sections)
295 {
296 PhysPageEntry *p;
297 hwaddr index = addr >> TARGET_PAGE_BITS;
298 int i;
299
300 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
301 if (lp.ptr == PHYS_MAP_NODE_NIL) {
302 return &sections[PHYS_SECTION_UNASSIGNED];
303 }
304 p = nodes[lp.ptr];
305 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
306 }
307
308 if (sections[lp.ptr].size.hi ||
309 range_covers_byte(sections[lp.ptr].offset_within_address_space,
310 sections[lp.ptr].size.lo, addr)) {
311 return &sections[lp.ptr];
312 } else {
313 return &sections[PHYS_SECTION_UNASSIGNED];
314 }
315 }
316
317 bool memory_region_is_unassigned(MemoryRegion *mr)
318 {
319 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
320 && mr != &io_mem_watch;
321 }
322
323 /* Called from RCU critical section */
324 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
325 hwaddr addr,
326 bool resolve_subpage)
327 {
328 MemoryRegionSection *section;
329 subpage_t *subpage;
330
331 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
332 if (resolve_subpage && section->mr->subpage) {
333 subpage = container_of(section->mr, subpage_t, iomem);
334 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
335 }
336 return section;
337 }
338
339 /* Called from RCU critical section */
340 static MemoryRegionSection *
341 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
342 hwaddr *plen, bool resolve_subpage)
343 {
344 MemoryRegionSection *section;
345 MemoryRegion *mr;
346 Int128 diff;
347
348 section = address_space_lookup_region(d, addr, resolve_subpage);
349 /* Compute offset within MemoryRegionSection */
350 addr -= section->offset_within_address_space;
351
352 /* Compute offset within MemoryRegion */
353 *xlat = addr + section->offset_within_region;
354
355 mr = section->mr;
356
357 /* MMIO registers can be expected to perform full-width accesses based only
358 * on their address, without considering adjacent registers that could
359 * decode to completely different MemoryRegions. When such registers
360 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
361 * regions overlap wildly. For this reason we cannot clamp the accesses
362 * here.
363 *
364 * If the length is small (as is the case for address_space_ldl/stl),
365 * everything works fine. If the incoming length is large, however,
366 * the caller really has to do the clamping through memory_access_size.
367 */
368 if (memory_region_is_ram(mr)) {
369 diff = int128_sub(section->size, int128_make64(addr));
370 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
371 }
372 return section;
373 }
374
375 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
376 {
377 if (memory_region_is_ram(mr)) {
378 return !(is_write && mr->readonly);
379 }
380 if (memory_region_is_romd(mr)) {
381 return !is_write;
382 }
383
384 return false;
385 }
386
387 /* Called from RCU critical section */
388 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
389 hwaddr *xlat, hwaddr *plen,
390 bool is_write)
391 {
392 IOMMUTLBEntry iotlb;
393 MemoryRegionSection *section;
394 MemoryRegion *mr;
395
396 for (;;) {
397 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
398 section = address_space_translate_internal(d, addr, &addr, plen, true);
399 mr = section->mr;
400
401 if (!mr->iommu_ops) {
402 break;
403 }
404
405 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
406 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
407 | (addr & iotlb.addr_mask));
408 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
409 if (!(iotlb.perm & (1 << is_write))) {
410 mr = &io_mem_unassigned;
411 break;
412 }
413
414 as = iotlb.target_as;
415 }
416
417 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
418 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
419 *plen = MIN(page, *plen);
420 }
421
422 *xlat = addr;
423 return mr;
424 }
425
426 /* Called from RCU critical section */
427 MemoryRegionSection *
428 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
429 hwaddr *xlat, hwaddr *plen)
430 {
431 MemoryRegionSection *section;
432 section = address_space_translate_internal(cpu->memory_dispatch,
433 addr, xlat, plen, false);
434
435 assert(!section->mr->iommu_ops);
436 return section;
437 }
438 #endif
439
440 #if !defined(CONFIG_USER_ONLY)
441
442 static int cpu_common_post_load(void *opaque, int version_id)
443 {
444 CPUState *cpu = opaque;
445
446 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
447 version_id is increased. */
448 cpu->interrupt_request &= ~0x01;
449 tlb_flush(cpu, 1);
450
451 return 0;
452 }
453
454 static int cpu_common_pre_load(void *opaque)
455 {
456 CPUState *cpu = opaque;
457
458 cpu->exception_index = -1;
459
460 return 0;
461 }
462
463 static bool cpu_common_exception_index_needed(void *opaque)
464 {
465 CPUState *cpu = opaque;
466
467 return tcg_enabled() && cpu->exception_index != -1;
468 }
469
470 static const VMStateDescription vmstate_cpu_common_exception_index = {
471 .name = "cpu_common/exception_index",
472 .version_id = 1,
473 .minimum_version_id = 1,
474 .needed = cpu_common_exception_index_needed,
475 .fields = (VMStateField[]) {
476 VMSTATE_INT32(exception_index, CPUState),
477 VMSTATE_END_OF_LIST()
478 }
479 };
480
481 const VMStateDescription vmstate_cpu_common = {
482 .name = "cpu_common",
483 .version_id = 1,
484 .minimum_version_id = 1,
485 .pre_load = cpu_common_pre_load,
486 .post_load = cpu_common_post_load,
487 .fields = (VMStateField[]) {
488 VMSTATE_UINT32(halted, CPUState),
489 VMSTATE_UINT32(interrupt_request, CPUState),
490 VMSTATE_END_OF_LIST()
491 },
492 .subsections = (const VMStateDescription*[]) {
493 &vmstate_cpu_common_exception_index,
494 NULL
495 }
496 };
497
498 #endif
499
500 CPUState *qemu_get_cpu(int index)
501 {
502 CPUState *cpu;
503
504 CPU_FOREACH(cpu) {
505 if (cpu->cpu_index == index) {
506 return cpu;
507 }
508 }
509
510 return NULL;
511 }
512
513 #if !defined(CONFIG_USER_ONLY)
514 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
515 {
516 /* We only support one address space per cpu at the moment. */
517 assert(cpu->as == as);
518
519 if (cpu->tcg_as_listener) {
520 memory_listener_unregister(cpu->tcg_as_listener);
521 } else {
522 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
523 }
524 cpu->tcg_as_listener->commit = tcg_commit;
525 memory_listener_register(cpu->tcg_as_listener, as);
526 }
527 #endif
528
529 void cpu_exec_init(CPUArchState *env, Error **errp)
530 {
531 CPUState *cpu = ENV_GET_CPU(env);
532 CPUClass *cc = CPU_GET_CLASS(cpu);
533 CPUState *some_cpu;
534 int cpu_index;
535
536 #ifndef CONFIG_USER_ONLY
537 cpu->as = &address_space_memory;
538 cpu->thread_id = qemu_get_thread_id();
539 cpu_reload_memory_map(cpu);
540 #endif
541
542 #if defined(CONFIG_USER_ONLY)
543 cpu_list_lock();
544 #endif
545 cpu_index = 0;
546 CPU_FOREACH(some_cpu) {
547 cpu_index++;
548 }
549 cpu->cpu_index = cpu_index;
550 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
551 #if defined(CONFIG_USER_ONLY)
552 cpu_list_unlock();
553 #endif
554 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
555 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
556 }
557 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
558 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
559 cpu_save, cpu_load, env);
560 assert(cc->vmsd == NULL);
561 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
562 #endif
563 if (cc->vmsd != NULL) {
564 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
565 }
566 }
567
568 #if defined(CONFIG_USER_ONLY)
569 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
570 {
571 tb_invalidate_phys_page_range(pc, pc + 1, 0);
572 }
573 #else
574 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
575 {
576 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
577 if (phys != -1) {
578 tb_invalidate_phys_addr(cpu->as,
579 phys | (pc & ~TARGET_PAGE_MASK));
580 }
581 }
582 #endif
583
584 #if defined(CONFIG_USER_ONLY)
585 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
586
587 {
588 }
589
590 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
591 int flags)
592 {
593 return -ENOSYS;
594 }
595
596 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
597 {
598 }
599
600 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
601 int flags, CPUWatchpoint **watchpoint)
602 {
603 return -ENOSYS;
604 }
605 #else
606 /* Add a watchpoint. */
607 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
608 int flags, CPUWatchpoint **watchpoint)
609 {
610 CPUWatchpoint *wp;
611
612 /* forbid ranges which are empty or run off the end of the address space */
613 if (len == 0 || (addr + len - 1) < addr) {
614 error_report("tried to set invalid watchpoint at %"
615 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
616 return -EINVAL;
617 }
618 wp = g_malloc(sizeof(*wp));
619
620 wp->vaddr = addr;
621 wp->len = len;
622 wp->flags = flags;
623
624 /* keep all GDB-injected watchpoints in front */
625 if (flags & BP_GDB) {
626 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
627 } else {
628 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
629 }
630
631 tlb_flush_page(cpu, addr);
632
633 if (watchpoint)
634 *watchpoint = wp;
635 return 0;
636 }
637
638 /* Remove a specific watchpoint. */
639 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
640 int flags)
641 {
642 CPUWatchpoint *wp;
643
644 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
645 if (addr == wp->vaddr && len == wp->len
646 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
647 cpu_watchpoint_remove_by_ref(cpu, wp);
648 return 0;
649 }
650 }
651 return -ENOENT;
652 }
653
654 /* Remove a specific watchpoint by reference. */
655 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
656 {
657 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
658
659 tlb_flush_page(cpu, watchpoint->vaddr);
660
661 g_free(watchpoint);
662 }
663
664 /* Remove all matching watchpoints. */
665 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
666 {
667 CPUWatchpoint *wp, *next;
668
669 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
670 if (wp->flags & mask) {
671 cpu_watchpoint_remove_by_ref(cpu, wp);
672 }
673 }
674 }
675
676 /* Return true if this watchpoint address matches the specified
677 * access (ie the address range covered by the watchpoint overlaps
678 * partially or completely with the address range covered by the
679 * access).
680 */
681 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
682 vaddr addr,
683 vaddr len)
684 {
685 /* We know the lengths are non-zero, but a little caution is
686 * required to avoid errors in the case where the range ends
687 * exactly at the top of the address space and so addr + len
688 * wraps round to zero.
689 */
690 vaddr wpend = wp->vaddr + wp->len - 1;
691 vaddr addrend = addr + len - 1;
692
693 return !(addr > wpend || wp->vaddr > addrend);
694 }
695
696 #endif
697
698 /* Add a breakpoint. */
699 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
700 CPUBreakpoint **breakpoint)
701 {
702 CPUBreakpoint *bp;
703
704 bp = g_malloc(sizeof(*bp));
705
706 bp->pc = pc;
707 bp->flags = flags;
708
709 /* keep all GDB-injected breakpoints in front */
710 if (flags & BP_GDB) {
711 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
712 } else {
713 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
714 }
715
716 breakpoint_invalidate(cpu, pc);
717
718 if (breakpoint) {
719 *breakpoint = bp;
720 }
721 return 0;
722 }
723
724 /* Remove a specific breakpoint. */
725 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
726 {
727 CPUBreakpoint *bp;
728
729 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
730 if (bp->pc == pc && bp->flags == flags) {
731 cpu_breakpoint_remove_by_ref(cpu, bp);
732 return 0;
733 }
734 }
735 return -ENOENT;
736 }
737
738 /* Remove a specific breakpoint by reference. */
739 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
740 {
741 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
742
743 breakpoint_invalidate(cpu, breakpoint->pc);
744
745 g_free(breakpoint);
746 }
747
748 /* Remove all matching breakpoints. */
749 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
750 {
751 CPUBreakpoint *bp, *next;
752
753 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
754 if (bp->flags & mask) {
755 cpu_breakpoint_remove_by_ref(cpu, bp);
756 }
757 }
758 }
759
760 /* enable or disable single step mode. EXCP_DEBUG is returned by the
761 CPU loop after each instruction */
762 void cpu_single_step(CPUState *cpu, int enabled)
763 {
764 if (cpu->singlestep_enabled != enabled) {
765 cpu->singlestep_enabled = enabled;
766 if (kvm_enabled()) {
767 kvm_update_guest_debug(cpu, 0);
768 } else {
769 /* must flush all the translated code to avoid inconsistencies */
770 /* XXX: only flush what is necessary */
771 CPUArchState *env = cpu->env_ptr;
772 tb_flush(env);
773 }
774 }
775 }
776
777 void cpu_abort(CPUState *cpu, const char *fmt, ...)
778 {
779 va_list ap;
780 va_list ap2;
781
782 va_start(ap, fmt);
783 va_copy(ap2, ap);
784 fprintf(stderr, "qemu: fatal: ");
785 vfprintf(stderr, fmt, ap);
786 fprintf(stderr, "\n");
787 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
788 if (qemu_log_enabled()) {
789 qemu_log("qemu: fatal: ");
790 qemu_log_vprintf(fmt, ap2);
791 qemu_log("\n");
792 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
793 qemu_log_flush();
794 qemu_log_close();
795 }
796 va_end(ap2);
797 va_end(ap);
798 #if defined(CONFIG_USER_ONLY)
799 {
800 struct sigaction act;
801 sigfillset(&act.sa_mask);
802 act.sa_handler = SIG_DFL;
803 sigaction(SIGABRT, &act, NULL);
804 }
805 #endif
806 abort();
807 }
808
809 #if !defined(CONFIG_USER_ONLY)
810 /* Called from RCU critical section */
811 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
812 {
813 RAMBlock *block;
814
815 block = atomic_rcu_read(&ram_list.mru_block);
816 if (block && addr - block->offset < block->max_length) {
817 goto found;
818 }
819 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
820 if (addr - block->offset < block->max_length) {
821 goto found;
822 }
823 }
824
825 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
826 abort();
827
828 found:
829 /* It is safe to write mru_block outside the iothread lock. This
830 * is what happens:
831 *
832 * mru_block = xxx
833 * rcu_read_unlock()
834 * xxx removed from list
835 * rcu_read_lock()
836 * read mru_block
837 * mru_block = NULL;
838 * call_rcu(reclaim_ramblock, xxx);
839 * rcu_read_unlock()
840 *
841 * atomic_rcu_set is not needed here. The block was already published
842 * when it was placed into the list. Here we're just making an extra
843 * copy of the pointer.
844 */
845 ram_list.mru_block = block;
846 return block;
847 }
848
849 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
850 {
851 ram_addr_t start1;
852 RAMBlock *block;
853 ram_addr_t end;
854
855 end = TARGET_PAGE_ALIGN(start + length);
856 start &= TARGET_PAGE_MASK;
857
858 rcu_read_lock();
859 block = qemu_get_ram_block(start);
860 assert(block == qemu_get_ram_block(end - 1));
861 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
862 cpu_tlb_reset_dirty_all(start1, length);
863 rcu_read_unlock();
864 }
865
866 /* Note: start and end must be within the same ram block. */
867 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
868 ram_addr_t length,
869 unsigned client)
870 {
871 unsigned long end, page;
872 bool dirty;
873
874 if (length == 0) {
875 return false;
876 }
877
878 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
879 page = start >> TARGET_PAGE_BITS;
880 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
881 page, end - page);
882
883 if (dirty && tcg_enabled()) {
884 tlb_reset_dirty_range_all(start, length);
885 }
886
887 return dirty;
888 }
889
890 /* Called from RCU critical section */
891 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
892 MemoryRegionSection *section,
893 target_ulong vaddr,
894 hwaddr paddr, hwaddr xlat,
895 int prot,
896 target_ulong *address)
897 {
898 hwaddr iotlb;
899 CPUWatchpoint *wp;
900
901 if (memory_region_is_ram(section->mr)) {
902 /* Normal RAM. */
903 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
904 + xlat;
905 if (!section->readonly) {
906 iotlb |= PHYS_SECTION_NOTDIRTY;
907 } else {
908 iotlb |= PHYS_SECTION_ROM;
909 }
910 } else {
911 iotlb = section - section->address_space->dispatch->map.sections;
912 iotlb += xlat;
913 }
914
915 /* Make accesses to pages with watchpoints go via the
916 watchpoint trap routines. */
917 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
918 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
919 /* Avoid trapping reads of pages with a write breakpoint. */
920 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
921 iotlb = PHYS_SECTION_WATCH + paddr;
922 *address |= TLB_MMIO;
923 break;
924 }
925 }
926 }
927
928 return iotlb;
929 }
930 #endif /* defined(CONFIG_USER_ONLY) */
931
932 #if !defined(CONFIG_USER_ONLY)
933
934 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
935 uint16_t section);
936 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
937
938 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
939 qemu_anon_ram_alloc;
940
941 /*
942 * Set a custom physical guest memory alloator.
943 * Accelerators with unusual needs may need this. Hopefully, we can
944 * get rid of it eventually.
945 */
946 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
947 {
948 phys_mem_alloc = alloc;
949 }
950
951 static uint16_t phys_section_add(PhysPageMap *map,
952 MemoryRegionSection *section)
953 {
954 /* The physical section number is ORed with a page-aligned
955 * pointer to produce the iotlb entries. Thus it should
956 * never overflow into the page-aligned value.
957 */
958 assert(map->sections_nb < TARGET_PAGE_SIZE);
959
960 if (map->sections_nb == map->sections_nb_alloc) {
961 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
962 map->sections = g_renew(MemoryRegionSection, map->sections,
963 map->sections_nb_alloc);
964 }
965 map->sections[map->sections_nb] = *section;
966 memory_region_ref(section->mr);
967 return map->sections_nb++;
968 }
969
970 static void phys_section_destroy(MemoryRegion *mr)
971 {
972 memory_region_unref(mr);
973
974 if (mr->subpage) {
975 subpage_t *subpage = container_of(mr, subpage_t, iomem);
976 object_unref(OBJECT(&subpage->iomem));
977 g_free(subpage);
978 }
979 }
980
981 static void phys_sections_free(PhysPageMap *map)
982 {
983 while (map->sections_nb > 0) {
984 MemoryRegionSection *section = &map->sections[--map->sections_nb];
985 phys_section_destroy(section->mr);
986 }
987 g_free(map->sections);
988 g_free(map->nodes);
989 }
990
991 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
992 {
993 subpage_t *subpage;
994 hwaddr base = section->offset_within_address_space
995 & TARGET_PAGE_MASK;
996 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
997 d->map.nodes, d->map.sections);
998 MemoryRegionSection subsection = {
999 .offset_within_address_space = base,
1000 .size = int128_make64(TARGET_PAGE_SIZE),
1001 };
1002 hwaddr start, end;
1003
1004 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1005
1006 if (!(existing->mr->subpage)) {
1007 subpage = subpage_init(d->as, base);
1008 subsection.address_space = d->as;
1009 subsection.mr = &subpage->iomem;
1010 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1011 phys_section_add(&d->map, &subsection));
1012 } else {
1013 subpage = container_of(existing->mr, subpage_t, iomem);
1014 }
1015 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1016 end = start + int128_get64(section->size) - 1;
1017 subpage_register(subpage, start, end,
1018 phys_section_add(&d->map, section));
1019 }
1020
1021
1022 static void register_multipage(AddressSpaceDispatch *d,
1023 MemoryRegionSection *section)
1024 {
1025 hwaddr start_addr = section->offset_within_address_space;
1026 uint16_t section_index = phys_section_add(&d->map, section);
1027 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1028 TARGET_PAGE_BITS));
1029
1030 assert(num_pages);
1031 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1032 }
1033
1034 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1035 {
1036 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1037 AddressSpaceDispatch *d = as->next_dispatch;
1038 MemoryRegionSection now = *section, remain = *section;
1039 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1040
1041 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1042 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1043 - now.offset_within_address_space;
1044
1045 now.size = int128_min(int128_make64(left), now.size);
1046 register_subpage(d, &now);
1047 } else {
1048 now.size = int128_zero();
1049 }
1050 while (int128_ne(remain.size, now.size)) {
1051 remain.size = int128_sub(remain.size, now.size);
1052 remain.offset_within_address_space += int128_get64(now.size);
1053 remain.offset_within_region += int128_get64(now.size);
1054 now = remain;
1055 if (int128_lt(remain.size, page_size)) {
1056 register_subpage(d, &now);
1057 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1058 now.size = page_size;
1059 register_subpage(d, &now);
1060 } else {
1061 now.size = int128_and(now.size, int128_neg(page_size));
1062 register_multipage(d, &now);
1063 }
1064 }
1065 }
1066
1067 void qemu_flush_coalesced_mmio_buffer(void)
1068 {
1069 if (kvm_enabled())
1070 kvm_flush_coalesced_mmio_buffer();
1071 }
1072
1073 void qemu_mutex_lock_ramlist(void)
1074 {
1075 qemu_mutex_lock(&ram_list.mutex);
1076 }
1077
1078 void qemu_mutex_unlock_ramlist(void)
1079 {
1080 qemu_mutex_unlock(&ram_list.mutex);
1081 }
1082
1083 #ifdef __linux__
1084
1085 #include <sys/vfs.h>
1086
1087 #define HUGETLBFS_MAGIC 0x958458f6
1088
1089 static long gethugepagesize(const char *path, Error **errp)
1090 {
1091 struct statfs fs;
1092 int ret;
1093
1094 do {
1095 ret = statfs(path, &fs);
1096 } while (ret != 0 && errno == EINTR);
1097
1098 if (ret != 0) {
1099 error_setg_errno(errp, errno, "failed to get page size of file %s",
1100 path);
1101 return 0;
1102 }
1103
1104 if (fs.f_type != HUGETLBFS_MAGIC)
1105 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1106
1107 return fs.f_bsize;
1108 }
1109
1110 static void *file_ram_alloc(RAMBlock *block,
1111 ram_addr_t memory,
1112 const char *path,
1113 Error **errp)
1114 {
1115 char *filename;
1116 char *sanitized_name;
1117 char *c;
1118 void *area = NULL;
1119 int fd;
1120 uint64_t hpagesize;
1121 Error *local_err = NULL;
1122
1123 hpagesize = gethugepagesize(path, &local_err);
1124 if (local_err) {
1125 error_propagate(errp, local_err);
1126 goto error;
1127 }
1128 block->mr->align = hpagesize;
1129
1130 if (memory < hpagesize) {
1131 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1132 "or larger than huge page size 0x%" PRIx64,
1133 memory, hpagesize);
1134 goto error;
1135 }
1136
1137 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1138 error_setg(errp,
1139 "host lacks kvm mmu notifiers, -mem-path unsupported");
1140 goto error;
1141 }
1142
1143 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1144 sanitized_name = g_strdup(memory_region_name(block->mr));
1145 for (c = sanitized_name; *c != '\0'; c++) {
1146 if (*c == '/')
1147 *c = '_';
1148 }
1149
1150 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1151 sanitized_name);
1152 g_free(sanitized_name);
1153
1154 fd = mkstemp(filename);
1155 if (fd < 0) {
1156 error_setg_errno(errp, errno,
1157 "unable to create backing store for hugepages");
1158 g_free(filename);
1159 goto error;
1160 }
1161 unlink(filename);
1162 g_free(filename);
1163
1164 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1165
1166 /*
1167 * ftruncate is not supported by hugetlbfs in older
1168 * hosts, so don't bother bailing out on errors.
1169 * If anything goes wrong with it under other filesystems,
1170 * mmap will fail.
1171 */
1172 if (ftruncate(fd, memory)) {
1173 perror("ftruncate");
1174 }
1175
1176 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1177 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1178 fd, 0);
1179 if (area == MAP_FAILED) {
1180 error_setg_errno(errp, errno,
1181 "unable to map backing store for hugepages");
1182 close(fd);
1183 goto error;
1184 }
1185
1186 if (mem_prealloc) {
1187 os_mem_prealloc(fd, area, memory);
1188 }
1189
1190 block->fd = fd;
1191 return area;
1192
1193 error:
1194 if (mem_prealloc) {
1195 error_report("%s", error_get_pretty(*errp));
1196 exit(1);
1197 }
1198 return NULL;
1199 }
1200 #endif
1201
1202 /* Called with the ramlist lock held. */
1203 static ram_addr_t find_ram_offset(ram_addr_t size)
1204 {
1205 RAMBlock *block, *next_block;
1206 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1207
1208 assert(size != 0); /* it would hand out same offset multiple times */
1209
1210 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1211 return 0;
1212 }
1213
1214 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1215 ram_addr_t end, next = RAM_ADDR_MAX;
1216
1217 end = block->offset + block->max_length;
1218
1219 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1220 if (next_block->offset >= end) {
1221 next = MIN(next, next_block->offset);
1222 }
1223 }
1224 if (next - end >= size && next - end < mingap) {
1225 offset = end;
1226 mingap = next - end;
1227 }
1228 }
1229
1230 if (offset == RAM_ADDR_MAX) {
1231 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1232 (uint64_t)size);
1233 abort();
1234 }
1235
1236 return offset;
1237 }
1238
1239 ram_addr_t last_ram_offset(void)
1240 {
1241 RAMBlock *block;
1242 ram_addr_t last = 0;
1243
1244 rcu_read_lock();
1245 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1246 last = MAX(last, block->offset + block->max_length);
1247 }
1248 rcu_read_unlock();
1249 return last;
1250 }
1251
1252 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1253 {
1254 int ret;
1255
1256 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1257 if (!machine_dump_guest_core(current_machine)) {
1258 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1259 if (ret) {
1260 perror("qemu_madvise");
1261 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1262 "but dump_guest_core=off specified\n");
1263 }
1264 }
1265 }
1266
1267 /* Called within an RCU critical section, or while the ramlist lock
1268 * is held.
1269 */
1270 static RAMBlock *find_ram_block(ram_addr_t addr)
1271 {
1272 RAMBlock *block;
1273
1274 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1275 if (block->offset == addr) {
1276 return block;
1277 }
1278 }
1279
1280 return NULL;
1281 }
1282
1283 /* Called with iothread lock held. */
1284 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1285 {
1286 RAMBlock *new_block, *block;
1287
1288 rcu_read_lock();
1289 new_block = find_ram_block(addr);
1290 assert(new_block);
1291 assert(!new_block->idstr[0]);
1292
1293 if (dev) {
1294 char *id = qdev_get_dev_path(dev);
1295 if (id) {
1296 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1297 g_free(id);
1298 }
1299 }
1300 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1301
1302 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1303 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1304 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1305 new_block->idstr);
1306 abort();
1307 }
1308 }
1309 rcu_read_unlock();
1310 }
1311
1312 /* Called with iothread lock held. */
1313 void qemu_ram_unset_idstr(ram_addr_t addr)
1314 {
1315 RAMBlock *block;
1316
1317 /* FIXME: arch_init.c assumes that this is not called throughout
1318 * migration. Ignore the problem since hot-unplug during migration
1319 * does not work anyway.
1320 */
1321
1322 rcu_read_lock();
1323 block = find_ram_block(addr);
1324 if (block) {
1325 memset(block->idstr, 0, sizeof(block->idstr));
1326 }
1327 rcu_read_unlock();
1328 }
1329
1330 static int memory_try_enable_merging(void *addr, size_t len)
1331 {
1332 if (!machine_mem_merge(current_machine)) {
1333 /* disabled by the user */
1334 return 0;
1335 }
1336
1337 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1338 }
1339
1340 /* Only legal before guest might have detected the memory size: e.g. on
1341 * incoming migration, or right after reset.
1342 *
1343 * As memory core doesn't know how is memory accessed, it is up to
1344 * resize callback to update device state and/or add assertions to detect
1345 * misuse, if necessary.
1346 */
1347 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1348 {
1349 RAMBlock *block = find_ram_block(base);
1350
1351 assert(block);
1352
1353 newsize = TARGET_PAGE_ALIGN(newsize);
1354
1355 if (block->used_length == newsize) {
1356 return 0;
1357 }
1358
1359 if (!(block->flags & RAM_RESIZEABLE)) {
1360 error_setg_errno(errp, EINVAL,
1361 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1362 " in != 0x" RAM_ADDR_FMT, block->idstr,
1363 newsize, block->used_length);
1364 return -EINVAL;
1365 }
1366
1367 if (block->max_length < newsize) {
1368 error_setg_errno(errp, EINVAL,
1369 "Length too large: %s: 0x" RAM_ADDR_FMT
1370 " > 0x" RAM_ADDR_FMT, block->idstr,
1371 newsize, block->max_length);
1372 return -EINVAL;
1373 }
1374
1375 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1376 block->used_length = newsize;
1377 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1378 DIRTY_CLIENTS_ALL);
1379 memory_region_set_size(block->mr, newsize);
1380 if (block->resized) {
1381 block->resized(block->idstr, newsize, block->host);
1382 }
1383 return 0;
1384 }
1385
1386 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1387 {
1388 RAMBlock *block;
1389 RAMBlock *last_block = NULL;
1390 ram_addr_t old_ram_size, new_ram_size;
1391
1392 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1393
1394 qemu_mutex_lock_ramlist();
1395 new_block->offset = find_ram_offset(new_block->max_length);
1396
1397 if (!new_block->host) {
1398 if (xen_enabled()) {
1399 xen_ram_alloc(new_block->offset, new_block->max_length,
1400 new_block->mr);
1401 } else {
1402 new_block->host = phys_mem_alloc(new_block->max_length,
1403 &new_block->mr->align);
1404 if (!new_block->host) {
1405 error_setg_errno(errp, errno,
1406 "cannot set up guest memory '%s'",
1407 memory_region_name(new_block->mr));
1408 qemu_mutex_unlock_ramlist();
1409 return -1;
1410 }
1411 memory_try_enable_merging(new_block->host, new_block->max_length);
1412 }
1413 }
1414
1415 new_ram_size = MAX(old_ram_size,
1416 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1417 if (new_ram_size > old_ram_size) {
1418 migration_bitmap_extend(old_ram_size, new_ram_size);
1419 }
1420 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1421 * QLIST (which has an RCU-friendly variant) does not have insertion at
1422 * tail, so save the last element in last_block.
1423 */
1424 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1425 last_block = block;
1426 if (block->max_length < new_block->max_length) {
1427 break;
1428 }
1429 }
1430 if (block) {
1431 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1432 } else if (last_block) {
1433 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1434 } else { /* list is empty */
1435 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1436 }
1437 ram_list.mru_block = NULL;
1438
1439 /* Write list before version */
1440 smp_wmb();
1441 ram_list.version++;
1442 qemu_mutex_unlock_ramlist();
1443
1444 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1445
1446 if (new_ram_size > old_ram_size) {
1447 int i;
1448
1449 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1450 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1451 ram_list.dirty_memory[i] =
1452 bitmap_zero_extend(ram_list.dirty_memory[i],
1453 old_ram_size, new_ram_size);
1454 }
1455 }
1456 cpu_physical_memory_set_dirty_range(new_block->offset,
1457 new_block->used_length,
1458 DIRTY_CLIENTS_ALL);
1459
1460 if (new_block->host) {
1461 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1462 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1463 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1464 if (kvm_enabled()) {
1465 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1466 }
1467 }
1468
1469 return new_block->offset;
1470 }
1471
1472 #ifdef __linux__
1473 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1474 bool share, const char *mem_path,
1475 Error **errp)
1476 {
1477 RAMBlock *new_block;
1478 ram_addr_t addr;
1479 Error *local_err = NULL;
1480
1481 if (xen_enabled()) {
1482 error_setg(errp, "-mem-path not supported with Xen");
1483 return -1;
1484 }
1485
1486 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1487 /*
1488 * file_ram_alloc() needs to allocate just like
1489 * phys_mem_alloc, but we haven't bothered to provide
1490 * a hook there.
1491 */
1492 error_setg(errp,
1493 "-mem-path not supported with this accelerator");
1494 return -1;
1495 }
1496
1497 size = TARGET_PAGE_ALIGN(size);
1498 new_block = g_malloc0(sizeof(*new_block));
1499 new_block->mr = mr;
1500 new_block->used_length = size;
1501 new_block->max_length = size;
1502 new_block->flags = share ? RAM_SHARED : 0;
1503 new_block->host = file_ram_alloc(new_block, size,
1504 mem_path, errp);
1505 if (!new_block->host) {
1506 g_free(new_block);
1507 return -1;
1508 }
1509
1510 addr = ram_block_add(new_block, &local_err);
1511 if (local_err) {
1512 g_free(new_block);
1513 error_propagate(errp, local_err);
1514 return -1;
1515 }
1516 return addr;
1517 }
1518 #endif
1519
1520 static
1521 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1522 void (*resized)(const char*,
1523 uint64_t length,
1524 void *host),
1525 void *host, bool resizeable,
1526 MemoryRegion *mr, Error **errp)
1527 {
1528 RAMBlock *new_block;
1529 ram_addr_t addr;
1530 Error *local_err = NULL;
1531
1532 size = TARGET_PAGE_ALIGN(size);
1533 max_size = TARGET_PAGE_ALIGN(max_size);
1534 new_block = g_malloc0(sizeof(*new_block));
1535 new_block->mr = mr;
1536 new_block->resized = resized;
1537 new_block->used_length = size;
1538 new_block->max_length = max_size;
1539 assert(max_size >= size);
1540 new_block->fd = -1;
1541 new_block->host = host;
1542 if (host) {
1543 new_block->flags |= RAM_PREALLOC;
1544 }
1545 if (resizeable) {
1546 new_block->flags |= RAM_RESIZEABLE;
1547 }
1548 addr = ram_block_add(new_block, &local_err);
1549 if (local_err) {
1550 g_free(new_block);
1551 error_propagate(errp, local_err);
1552 return -1;
1553 }
1554 return addr;
1555 }
1556
1557 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1558 MemoryRegion *mr, Error **errp)
1559 {
1560 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1561 }
1562
1563 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1564 {
1565 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1566 }
1567
1568 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1569 void (*resized)(const char*,
1570 uint64_t length,
1571 void *host),
1572 MemoryRegion *mr, Error **errp)
1573 {
1574 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1575 }
1576
1577 void qemu_ram_free_from_ptr(ram_addr_t addr)
1578 {
1579 RAMBlock *block;
1580
1581 qemu_mutex_lock_ramlist();
1582 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1583 if (addr == block->offset) {
1584 QLIST_REMOVE_RCU(block, next);
1585 ram_list.mru_block = NULL;
1586 /* Write list before version */
1587 smp_wmb();
1588 ram_list.version++;
1589 g_free_rcu(block, rcu);
1590 break;
1591 }
1592 }
1593 qemu_mutex_unlock_ramlist();
1594 }
1595
1596 static void reclaim_ramblock(RAMBlock *block)
1597 {
1598 if (block->flags & RAM_PREALLOC) {
1599 ;
1600 } else if (xen_enabled()) {
1601 xen_invalidate_map_cache_entry(block->host);
1602 #ifndef _WIN32
1603 } else if (block->fd >= 0) {
1604 munmap(block->host, block->max_length);
1605 close(block->fd);
1606 #endif
1607 } else {
1608 qemu_anon_ram_free(block->host, block->max_length);
1609 }
1610 g_free(block);
1611 }
1612
1613 void qemu_ram_free(ram_addr_t addr)
1614 {
1615 RAMBlock *block;
1616
1617 qemu_mutex_lock_ramlist();
1618 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1619 if (addr == block->offset) {
1620 QLIST_REMOVE_RCU(block, next);
1621 ram_list.mru_block = NULL;
1622 /* Write list before version */
1623 smp_wmb();
1624 ram_list.version++;
1625 call_rcu(block, reclaim_ramblock, rcu);
1626 break;
1627 }
1628 }
1629 qemu_mutex_unlock_ramlist();
1630 }
1631
1632 #ifndef _WIN32
1633 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1634 {
1635 RAMBlock *block;
1636 ram_addr_t offset;
1637 int flags;
1638 void *area, *vaddr;
1639
1640 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1641 offset = addr - block->offset;
1642 if (offset < block->max_length) {
1643 vaddr = ramblock_ptr(block, offset);
1644 if (block->flags & RAM_PREALLOC) {
1645 ;
1646 } else if (xen_enabled()) {
1647 abort();
1648 } else {
1649 flags = MAP_FIXED;
1650 if (block->fd >= 0) {
1651 flags |= (block->flags & RAM_SHARED ?
1652 MAP_SHARED : MAP_PRIVATE);
1653 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1654 flags, block->fd, offset);
1655 } else {
1656 /*
1657 * Remap needs to match alloc. Accelerators that
1658 * set phys_mem_alloc never remap. If they did,
1659 * we'd need a remap hook here.
1660 */
1661 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1662
1663 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1664 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1665 flags, -1, 0);
1666 }
1667 if (area != vaddr) {
1668 fprintf(stderr, "Could not remap addr: "
1669 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1670 length, addr);
1671 exit(1);
1672 }
1673 memory_try_enable_merging(vaddr, length);
1674 qemu_ram_setup_dump(vaddr, length);
1675 }
1676 }
1677 }
1678 }
1679 #endif /* !_WIN32 */
1680
1681 int qemu_get_ram_fd(ram_addr_t addr)
1682 {
1683 RAMBlock *block;
1684 int fd;
1685
1686 rcu_read_lock();
1687 block = qemu_get_ram_block(addr);
1688 fd = block->fd;
1689 rcu_read_unlock();
1690 return fd;
1691 }
1692
1693 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1694 {
1695 RAMBlock *block;
1696 void *ptr;
1697
1698 rcu_read_lock();
1699 block = qemu_get_ram_block(addr);
1700 ptr = ramblock_ptr(block, 0);
1701 rcu_read_unlock();
1702 return ptr;
1703 }
1704
1705 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1706 * This should not be used for general purpose DMA. Use address_space_map
1707 * or address_space_rw instead. For local memory (e.g. video ram) that the
1708 * device owns, use memory_region_get_ram_ptr.
1709 *
1710 * By the time this function returns, the returned pointer is not protected
1711 * by RCU anymore. If the caller is not within an RCU critical section and
1712 * does not hold the iothread lock, it must have other means of protecting the
1713 * pointer, such as a reference to the region that includes the incoming
1714 * ram_addr_t.
1715 */
1716 void *qemu_get_ram_ptr(ram_addr_t addr)
1717 {
1718 RAMBlock *block;
1719 void *ptr;
1720
1721 rcu_read_lock();
1722 block = qemu_get_ram_block(addr);
1723
1724 if (xen_enabled() && block->host == NULL) {
1725 /* We need to check if the requested address is in the RAM
1726 * because we don't want to map the entire memory in QEMU.
1727 * In that case just map until the end of the page.
1728 */
1729 if (block->offset == 0) {
1730 ptr = xen_map_cache(addr, 0, 0);
1731 goto unlock;
1732 }
1733
1734 block->host = xen_map_cache(block->offset, block->max_length, 1);
1735 }
1736 ptr = ramblock_ptr(block, addr - block->offset);
1737
1738 unlock:
1739 rcu_read_unlock();
1740 return ptr;
1741 }
1742
1743 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1744 * but takes a size argument.
1745 *
1746 * By the time this function returns, the returned pointer is not protected
1747 * by RCU anymore. If the caller is not within an RCU critical section and
1748 * does not hold the iothread lock, it must have other means of protecting the
1749 * pointer, such as a reference to the region that includes the incoming
1750 * ram_addr_t.
1751 */
1752 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1753 {
1754 void *ptr;
1755 if (*size == 0) {
1756 return NULL;
1757 }
1758 if (xen_enabled()) {
1759 return xen_map_cache(addr, *size, 1);
1760 } else {
1761 RAMBlock *block;
1762 rcu_read_lock();
1763 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1764 if (addr - block->offset < block->max_length) {
1765 if (addr - block->offset + *size > block->max_length)
1766 *size = block->max_length - addr + block->offset;
1767 ptr = ramblock_ptr(block, addr - block->offset);
1768 rcu_read_unlock();
1769 return ptr;
1770 }
1771 }
1772
1773 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1774 abort();
1775 }
1776 }
1777
1778 /* Some of the softmmu routines need to translate from a host pointer
1779 * (typically a TLB entry) back to a ram offset.
1780 *
1781 * By the time this function returns, the returned pointer is not protected
1782 * by RCU anymore. If the caller is not within an RCU critical section and
1783 * does not hold the iothread lock, it must have other means of protecting the
1784 * pointer, such as a reference to the region that includes the incoming
1785 * ram_addr_t.
1786 */
1787 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1788 {
1789 RAMBlock *block;
1790 uint8_t *host = ptr;
1791 MemoryRegion *mr;
1792
1793 if (xen_enabled()) {
1794 rcu_read_lock();
1795 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1796 mr = qemu_get_ram_block(*ram_addr)->mr;
1797 rcu_read_unlock();
1798 return mr;
1799 }
1800
1801 rcu_read_lock();
1802 block = atomic_rcu_read(&ram_list.mru_block);
1803 if (block && block->host && host - block->host < block->max_length) {
1804 goto found;
1805 }
1806
1807 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1808 /* This case append when the block is not mapped. */
1809 if (block->host == NULL) {
1810 continue;
1811 }
1812 if (host - block->host < block->max_length) {
1813 goto found;
1814 }
1815 }
1816
1817 rcu_read_unlock();
1818 return NULL;
1819
1820 found:
1821 *ram_addr = block->offset + (host - block->host);
1822 mr = block->mr;
1823 rcu_read_unlock();
1824 return mr;
1825 }
1826
1827 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1828 uint64_t val, unsigned size)
1829 {
1830 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1831 tb_invalidate_phys_page_fast(ram_addr, size);
1832 }
1833 switch (size) {
1834 case 1:
1835 stb_p(qemu_get_ram_ptr(ram_addr), val);
1836 break;
1837 case 2:
1838 stw_p(qemu_get_ram_ptr(ram_addr), val);
1839 break;
1840 case 4:
1841 stl_p(qemu_get_ram_ptr(ram_addr), val);
1842 break;
1843 default:
1844 abort();
1845 }
1846 /* Set both VGA and migration bits for simplicity and to remove
1847 * the notdirty callback faster.
1848 */
1849 cpu_physical_memory_set_dirty_range(ram_addr, size,
1850 DIRTY_CLIENTS_NOCODE);
1851 /* we remove the notdirty callback only if the code has been
1852 flushed */
1853 if (!cpu_physical_memory_is_clean(ram_addr)) {
1854 CPUArchState *env = current_cpu->env_ptr;
1855 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1856 }
1857 }
1858
1859 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1860 unsigned size, bool is_write)
1861 {
1862 return is_write;
1863 }
1864
1865 static const MemoryRegionOps notdirty_mem_ops = {
1866 .write = notdirty_mem_write,
1867 .valid.accepts = notdirty_mem_accepts,
1868 .endianness = DEVICE_NATIVE_ENDIAN,
1869 };
1870
1871 /* Generate a debug exception if a watchpoint has been hit. */
1872 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1873 {
1874 CPUState *cpu = current_cpu;
1875 CPUArchState *env = cpu->env_ptr;
1876 target_ulong pc, cs_base;
1877 target_ulong vaddr;
1878 CPUWatchpoint *wp;
1879 int cpu_flags;
1880
1881 if (cpu->watchpoint_hit) {
1882 /* We re-entered the check after replacing the TB. Now raise
1883 * the debug interrupt so that is will trigger after the
1884 * current instruction. */
1885 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1886 return;
1887 }
1888 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1889 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1890 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1891 && (wp->flags & flags)) {
1892 if (flags == BP_MEM_READ) {
1893 wp->flags |= BP_WATCHPOINT_HIT_READ;
1894 } else {
1895 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1896 }
1897 wp->hitaddr = vaddr;
1898 wp->hitattrs = attrs;
1899 if (!cpu->watchpoint_hit) {
1900 cpu->watchpoint_hit = wp;
1901 tb_check_watchpoint(cpu);
1902 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1903 cpu->exception_index = EXCP_DEBUG;
1904 cpu_loop_exit(cpu);
1905 } else {
1906 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1907 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1908 cpu_resume_from_signal(cpu, NULL);
1909 }
1910 }
1911 } else {
1912 wp->flags &= ~BP_WATCHPOINT_HIT;
1913 }
1914 }
1915 }
1916
1917 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1918 so these check for a hit then pass through to the normal out-of-line
1919 phys routines. */
1920 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
1921 unsigned size, MemTxAttrs attrs)
1922 {
1923 MemTxResult res;
1924 uint64_t data;
1925
1926 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1927 switch (size) {
1928 case 1:
1929 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
1930 break;
1931 case 2:
1932 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
1933 break;
1934 case 4:
1935 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
1936 break;
1937 default: abort();
1938 }
1939 *pdata = data;
1940 return res;
1941 }
1942
1943 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
1944 uint64_t val, unsigned size,
1945 MemTxAttrs attrs)
1946 {
1947 MemTxResult res;
1948
1949 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1950 switch (size) {
1951 case 1:
1952 address_space_stb(&address_space_memory, addr, val, attrs, &res);
1953 break;
1954 case 2:
1955 address_space_stw(&address_space_memory, addr, val, attrs, &res);
1956 break;
1957 case 4:
1958 address_space_stl(&address_space_memory, addr, val, attrs, &res);
1959 break;
1960 default: abort();
1961 }
1962 return res;
1963 }
1964
1965 static const MemoryRegionOps watch_mem_ops = {
1966 .read_with_attrs = watch_mem_read,
1967 .write_with_attrs = watch_mem_write,
1968 .endianness = DEVICE_NATIVE_ENDIAN,
1969 };
1970
1971 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
1972 unsigned len, MemTxAttrs attrs)
1973 {
1974 subpage_t *subpage = opaque;
1975 uint8_t buf[8];
1976 MemTxResult res;
1977
1978 #if defined(DEBUG_SUBPAGE)
1979 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1980 subpage, len, addr);
1981 #endif
1982 res = address_space_read(subpage->as, addr + subpage->base,
1983 attrs, buf, len);
1984 if (res) {
1985 return res;
1986 }
1987 switch (len) {
1988 case 1:
1989 *data = ldub_p(buf);
1990 return MEMTX_OK;
1991 case 2:
1992 *data = lduw_p(buf);
1993 return MEMTX_OK;
1994 case 4:
1995 *data = ldl_p(buf);
1996 return MEMTX_OK;
1997 case 8:
1998 *data = ldq_p(buf);
1999 return MEMTX_OK;
2000 default:
2001 abort();
2002 }
2003 }
2004
2005 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2006 uint64_t value, unsigned len, MemTxAttrs attrs)
2007 {
2008 subpage_t *subpage = opaque;
2009 uint8_t buf[8];
2010
2011 #if defined(DEBUG_SUBPAGE)
2012 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2013 " value %"PRIx64"\n",
2014 __func__, subpage, len, addr, value);
2015 #endif
2016 switch (len) {
2017 case 1:
2018 stb_p(buf, value);
2019 break;
2020 case 2:
2021 stw_p(buf, value);
2022 break;
2023 case 4:
2024 stl_p(buf, value);
2025 break;
2026 case 8:
2027 stq_p(buf, value);
2028 break;
2029 default:
2030 abort();
2031 }
2032 return address_space_write(subpage->as, addr + subpage->base,
2033 attrs, buf, len);
2034 }
2035
2036 static bool subpage_accepts(void *opaque, hwaddr addr,
2037 unsigned len, bool is_write)
2038 {
2039 subpage_t *subpage = opaque;
2040 #if defined(DEBUG_SUBPAGE)
2041 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2042 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2043 #endif
2044
2045 return address_space_access_valid(subpage->as, addr + subpage->base,
2046 len, is_write);
2047 }
2048
2049 static const MemoryRegionOps subpage_ops = {
2050 .read_with_attrs = subpage_read,
2051 .write_with_attrs = subpage_write,
2052 .impl.min_access_size = 1,
2053 .impl.max_access_size = 8,
2054 .valid.min_access_size = 1,
2055 .valid.max_access_size = 8,
2056 .valid.accepts = subpage_accepts,
2057 .endianness = DEVICE_NATIVE_ENDIAN,
2058 };
2059
2060 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2061 uint16_t section)
2062 {
2063 int idx, eidx;
2064
2065 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2066 return -1;
2067 idx = SUBPAGE_IDX(start);
2068 eidx = SUBPAGE_IDX(end);
2069 #if defined(DEBUG_SUBPAGE)
2070 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2071 __func__, mmio, start, end, idx, eidx, section);
2072 #endif
2073 for (; idx <= eidx; idx++) {
2074 mmio->sub_section[idx] = section;
2075 }
2076
2077 return 0;
2078 }
2079
2080 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2081 {
2082 subpage_t *mmio;
2083
2084 mmio = g_malloc0(sizeof(subpage_t));
2085
2086 mmio->as = as;
2087 mmio->base = base;
2088 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2089 NULL, TARGET_PAGE_SIZE);
2090 mmio->iomem.subpage = true;
2091 #if defined(DEBUG_SUBPAGE)
2092 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2093 mmio, base, TARGET_PAGE_SIZE);
2094 #endif
2095 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2096
2097 return mmio;
2098 }
2099
2100 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2101 MemoryRegion *mr)
2102 {
2103 assert(as);
2104 MemoryRegionSection section = {
2105 .address_space = as,
2106 .mr = mr,
2107 .offset_within_address_space = 0,
2108 .offset_within_region = 0,
2109 .size = int128_2_64(),
2110 };
2111
2112 return phys_section_add(map, &section);
2113 }
2114
2115 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2116 {
2117 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2118 MemoryRegionSection *sections = d->map.sections;
2119
2120 return sections[index & ~TARGET_PAGE_MASK].mr;
2121 }
2122
2123 static void io_mem_init(void)
2124 {
2125 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2126 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2127 NULL, UINT64_MAX);
2128 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2129 NULL, UINT64_MAX);
2130 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2131 NULL, UINT64_MAX);
2132 }
2133
2134 static void mem_begin(MemoryListener *listener)
2135 {
2136 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2137 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2138 uint16_t n;
2139
2140 n = dummy_section(&d->map, as, &io_mem_unassigned);
2141 assert(n == PHYS_SECTION_UNASSIGNED);
2142 n = dummy_section(&d->map, as, &io_mem_notdirty);
2143 assert(n == PHYS_SECTION_NOTDIRTY);
2144 n = dummy_section(&d->map, as, &io_mem_rom);
2145 assert(n == PHYS_SECTION_ROM);
2146 n = dummy_section(&d->map, as, &io_mem_watch);
2147 assert(n == PHYS_SECTION_WATCH);
2148
2149 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2150 d->as = as;
2151 as->next_dispatch = d;
2152 }
2153
2154 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2155 {
2156 phys_sections_free(&d->map);
2157 g_free(d);
2158 }
2159
2160 static void mem_commit(MemoryListener *listener)
2161 {
2162 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2163 AddressSpaceDispatch *cur = as->dispatch;
2164 AddressSpaceDispatch *next = as->next_dispatch;
2165
2166 phys_page_compact_all(next, next->map.nodes_nb);
2167
2168 atomic_rcu_set(&as->dispatch, next);
2169 if (cur) {
2170 call_rcu(cur, address_space_dispatch_free, rcu);
2171 }
2172 }
2173
2174 static void tcg_commit(MemoryListener *listener)
2175 {
2176 CPUState *cpu;
2177
2178 /* since each CPU stores ram addresses in its TLB cache, we must
2179 reset the modified entries */
2180 /* XXX: slow ! */
2181 CPU_FOREACH(cpu) {
2182 /* FIXME: Disentangle the cpu.h circular files deps so we can
2183 directly get the right CPU from listener. */
2184 if (cpu->tcg_as_listener != listener) {
2185 continue;
2186 }
2187 cpu_reload_memory_map(cpu);
2188 }
2189 }
2190
2191 void address_space_init_dispatch(AddressSpace *as)
2192 {
2193 as->dispatch = NULL;
2194 as->dispatch_listener = (MemoryListener) {
2195 .begin = mem_begin,
2196 .commit = mem_commit,
2197 .region_add = mem_add,
2198 .region_nop = mem_add,
2199 .priority = 0,
2200 };
2201 memory_listener_register(&as->dispatch_listener, as);
2202 }
2203
2204 void address_space_unregister(AddressSpace *as)
2205 {
2206 memory_listener_unregister(&as->dispatch_listener);
2207 }
2208
2209 void address_space_destroy_dispatch(AddressSpace *as)
2210 {
2211 AddressSpaceDispatch *d = as->dispatch;
2212
2213 atomic_rcu_set(&as->dispatch, NULL);
2214 if (d) {
2215 call_rcu(d, address_space_dispatch_free, rcu);
2216 }
2217 }
2218
2219 static void memory_map_init(void)
2220 {
2221 system_memory = g_malloc(sizeof(*system_memory));
2222
2223 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2224 address_space_init(&address_space_memory, system_memory, "memory");
2225
2226 system_io = g_malloc(sizeof(*system_io));
2227 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2228 65536);
2229 address_space_init(&address_space_io, system_io, "I/O");
2230 }
2231
2232 MemoryRegion *get_system_memory(void)
2233 {
2234 return system_memory;
2235 }
2236
2237 MemoryRegion *get_system_io(void)
2238 {
2239 return system_io;
2240 }
2241
2242 #endif /* !defined(CONFIG_USER_ONLY) */
2243
2244 /* physical memory access (slow version, mainly for debug) */
2245 #if defined(CONFIG_USER_ONLY)
2246 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2247 uint8_t *buf, int len, int is_write)
2248 {
2249 int l, flags;
2250 target_ulong page;
2251 void * p;
2252
2253 while (len > 0) {
2254 page = addr & TARGET_PAGE_MASK;
2255 l = (page + TARGET_PAGE_SIZE) - addr;
2256 if (l > len)
2257 l = len;
2258 flags = page_get_flags(page);
2259 if (!(flags & PAGE_VALID))
2260 return -1;
2261 if (is_write) {
2262 if (!(flags & PAGE_WRITE))
2263 return -1;
2264 /* XXX: this code should not depend on lock_user */
2265 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2266 return -1;
2267 memcpy(p, buf, l);
2268 unlock_user(p, addr, l);
2269 } else {
2270 if (!(flags & PAGE_READ))
2271 return -1;
2272 /* XXX: this code should not depend on lock_user */
2273 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2274 return -1;
2275 memcpy(buf, p, l);
2276 unlock_user(p, addr, 0);
2277 }
2278 len -= l;
2279 buf += l;
2280 addr += l;
2281 }
2282 return 0;
2283 }
2284
2285 #else
2286
2287 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2288 hwaddr length)
2289 {
2290 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2291 /* No early return if dirty_log_mask is or becomes 0, because
2292 * cpu_physical_memory_set_dirty_range will still call
2293 * xen_modified_memory.
2294 */
2295 if (dirty_log_mask) {
2296 dirty_log_mask =
2297 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2298 }
2299 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2300 tb_invalidate_phys_range(addr, addr + length);
2301 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2302 }
2303 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2304 }
2305
2306 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2307 {
2308 unsigned access_size_max = mr->ops->valid.max_access_size;
2309
2310 /* Regions are assumed to support 1-4 byte accesses unless
2311 otherwise specified. */
2312 if (access_size_max == 0) {
2313 access_size_max = 4;
2314 }
2315
2316 /* Bound the maximum access by the alignment of the address. */
2317 if (!mr->ops->impl.unaligned) {
2318 unsigned align_size_max = addr & -addr;
2319 if (align_size_max != 0 && align_size_max < access_size_max) {
2320 access_size_max = align_size_max;
2321 }
2322 }
2323
2324 /* Don't attempt accesses larger than the maximum. */
2325 if (l > access_size_max) {
2326 l = access_size_max;
2327 }
2328 if (l & (l - 1)) {
2329 l = 1 << (qemu_fls(l) - 1);
2330 }
2331
2332 return l;
2333 }
2334
2335 static bool prepare_mmio_access(MemoryRegion *mr)
2336 {
2337 bool unlocked = !qemu_mutex_iothread_locked();
2338 bool release_lock = false;
2339
2340 if (unlocked && mr->global_locking) {
2341 qemu_mutex_lock_iothread();
2342 unlocked = false;
2343 release_lock = true;
2344 }
2345 if (mr->flush_coalesced_mmio) {
2346 if (unlocked) {
2347 qemu_mutex_lock_iothread();
2348 }
2349 qemu_flush_coalesced_mmio_buffer();
2350 if (unlocked) {
2351 qemu_mutex_unlock_iothread();
2352 }
2353 }
2354
2355 return release_lock;
2356 }
2357
2358 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2359 uint8_t *buf, int len, bool is_write)
2360 {
2361 hwaddr l;
2362 uint8_t *ptr;
2363 uint64_t val;
2364 hwaddr addr1;
2365 MemoryRegion *mr;
2366 MemTxResult result = MEMTX_OK;
2367 bool release_lock = false;
2368
2369 rcu_read_lock();
2370 while (len > 0) {
2371 l = len;
2372 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2373
2374 if (is_write) {
2375 if (!memory_access_is_direct(mr, is_write)) {
2376 release_lock |= prepare_mmio_access(mr);
2377 l = memory_access_size(mr, l, addr1);
2378 /* XXX: could force current_cpu to NULL to avoid
2379 potential bugs */
2380 switch (l) {
2381 case 8:
2382 /* 64 bit write access */
2383 val = ldq_p(buf);
2384 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2385 attrs);
2386 break;
2387 case 4:
2388 /* 32 bit write access */
2389 val = ldl_p(buf);
2390 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2391 attrs);
2392 break;
2393 case 2:
2394 /* 16 bit write access */
2395 val = lduw_p(buf);
2396 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2397 attrs);
2398 break;
2399 case 1:
2400 /* 8 bit write access */
2401 val = ldub_p(buf);
2402 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2403 attrs);
2404 break;
2405 default:
2406 abort();
2407 }
2408 } else {
2409 addr1 += memory_region_get_ram_addr(mr);
2410 /* RAM case */
2411 ptr = qemu_get_ram_ptr(addr1);
2412 memcpy(ptr, buf, l);
2413 invalidate_and_set_dirty(mr, addr1, l);
2414 }
2415 } else {
2416 if (!memory_access_is_direct(mr, is_write)) {
2417 /* I/O case */
2418 release_lock |= prepare_mmio_access(mr);
2419 l = memory_access_size(mr, l, addr1);
2420 switch (l) {
2421 case 8:
2422 /* 64 bit read access */
2423 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2424 attrs);
2425 stq_p(buf, val);
2426 break;
2427 case 4:
2428 /* 32 bit read access */
2429 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2430 attrs);
2431 stl_p(buf, val);
2432 break;
2433 case 2:
2434 /* 16 bit read access */
2435 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2436 attrs);
2437 stw_p(buf, val);
2438 break;
2439 case 1:
2440 /* 8 bit read access */
2441 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2442 attrs);
2443 stb_p(buf, val);
2444 break;
2445 default:
2446 abort();
2447 }
2448 } else {
2449 /* RAM case */
2450 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2451 memcpy(buf, ptr, l);
2452 }
2453 }
2454
2455 if (release_lock) {
2456 qemu_mutex_unlock_iothread();
2457 release_lock = false;
2458 }
2459
2460 len -= l;
2461 buf += l;
2462 addr += l;
2463 }
2464 rcu_read_unlock();
2465
2466 return result;
2467 }
2468
2469 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2470 const uint8_t *buf, int len)
2471 {
2472 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2473 }
2474
2475 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2476 uint8_t *buf, int len)
2477 {
2478 return address_space_rw(as, addr, attrs, buf, len, false);
2479 }
2480
2481
2482 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2483 int len, int is_write)
2484 {
2485 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2486 buf, len, is_write);
2487 }
2488
2489 enum write_rom_type {
2490 WRITE_DATA,
2491 FLUSH_CACHE,
2492 };
2493
2494 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2495 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2496 {
2497 hwaddr l;
2498 uint8_t *ptr;
2499 hwaddr addr1;
2500 MemoryRegion *mr;
2501
2502 rcu_read_lock();
2503 while (len > 0) {
2504 l = len;
2505 mr = address_space_translate(as, addr, &addr1, &l, true);
2506
2507 if (!(memory_region_is_ram(mr) ||
2508 memory_region_is_romd(mr))) {
2509 l = memory_access_size(mr, l, addr1);
2510 } else {
2511 addr1 += memory_region_get_ram_addr(mr);
2512 /* ROM/RAM case */
2513 ptr = qemu_get_ram_ptr(addr1);
2514 switch (type) {
2515 case WRITE_DATA:
2516 memcpy(ptr, buf, l);
2517 invalidate_and_set_dirty(mr, addr1, l);
2518 break;
2519 case FLUSH_CACHE:
2520 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2521 break;
2522 }
2523 }
2524 len -= l;
2525 buf += l;
2526 addr += l;
2527 }
2528 rcu_read_unlock();
2529 }
2530
2531 /* used for ROM loading : can write in RAM and ROM */
2532 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2533 const uint8_t *buf, int len)
2534 {
2535 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2536 }
2537
2538 void cpu_flush_icache_range(hwaddr start, int len)
2539 {
2540 /*
2541 * This function should do the same thing as an icache flush that was
2542 * triggered from within the guest. For TCG we are always cache coherent,
2543 * so there is no need to flush anything. For KVM / Xen we need to flush
2544 * the host's instruction cache at least.
2545 */
2546 if (tcg_enabled()) {
2547 return;
2548 }
2549
2550 cpu_physical_memory_write_rom_internal(&address_space_memory,
2551 start, NULL, len, FLUSH_CACHE);
2552 }
2553
2554 typedef struct {
2555 MemoryRegion *mr;
2556 void *buffer;
2557 hwaddr addr;
2558 hwaddr len;
2559 bool in_use;
2560 } BounceBuffer;
2561
2562 static BounceBuffer bounce;
2563
2564 typedef struct MapClient {
2565 QEMUBH *bh;
2566 QLIST_ENTRY(MapClient) link;
2567 } MapClient;
2568
2569 QemuMutex map_client_list_lock;
2570 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2571 = QLIST_HEAD_INITIALIZER(map_client_list);
2572
2573 static void cpu_unregister_map_client_do(MapClient *client)
2574 {
2575 QLIST_REMOVE(client, link);
2576 g_free(client);
2577 }
2578
2579 static void cpu_notify_map_clients_locked(void)
2580 {
2581 MapClient *client;
2582
2583 while (!QLIST_EMPTY(&map_client_list)) {
2584 client = QLIST_FIRST(&map_client_list);
2585 qemu_bh_schedule(client->bh);
2586 cpu_unregister_map_client_do(client);
2587 }
2588 }
2589
2590 void cpu_register_map_client(QEMUBH *bh)
2591 {
2592 MapClient *client = g_malloc(sizeof(*client));
2593
2594 qemu_mutex_lock(&map_client_list_lock);
2595 client->bh = bh;
2596 QLIST_INSERT_HEAD(&map_client_list, client, link);
2597 if (!atomic_read(&bounce.in_use)) {
2598 cpu_notify_map_clients_locked();
2599 }
2600 qemu_mutex_unlock(&map_client_list_lock);
2601 }
2602
2603 void cpu_exec_init_all(void)
2604 {
2605 qemu_mutex_init(&ram_list.mutex);
2606 memory_map_init();
2607 io_mem_init();
2608 qemu_mutex_init(&map_client_list_lock);
2609 }
2610
2611 void cpu_unregister_map_client(QEMUBH *bh)
2612 {
2613 MapClient *client;
2614
2615 qemu_mutex_lock(&map_client_list_lock);
2616 QLIST_FOREACH(client, &map_client_list, link) {
2617 if (client->bh == bh) {
2618 cpu_unregister_map_client_do(client);
2619 break;
2620 }
2621 }
2622 qemu_mutex_unlock(&map_client_list_lock);
2623 }
2624
2625 static void cpu_notify_map_clients(void)
2626 {
2627 qemu_mutex_lock(&map_client_list_lock);
2628 cpu_notify_map_clients_locked();
2629 qemu_mutex_unlock(&map_client_list_lock);
2630 }
2631
2632 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2633 {
2634 MemoryRegion *mr;
2635 hwaddr l, xlat;
2636
2637 rcu_read_lock();
2638 while (len > 0) {
2639 l = len;
2640 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2641 if (!memory_access_is_direct(mr, is_write)) {
2642 l = memory_access_size(mr, l, addr);
2643 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2644 return false;
2645 }
2646 }
2647
2648 len -= l;
2649 addr += l;
2650 }
2651 rcu_read_unlock();
2652 return true;
2653 }
2654
2655 /* Map a physical memory region into a host virtual address.
2656 * May map a subset of the requested range, given by and returned in *plen.
2657 * May return NULL if resources needed to perform the mapping are exhausted.
2658 * Use only for reads OR writes - not for read-modify-write operations.
2659 * Use cpu_register_map_client() to know when retrying the map operation is
2660 * likely to succeed.
2661 */
2662 void *address_space_map(AddressSpace *as,
2663 hwaddr addr,
2664 hwaddr *plen,
2665 bool is_write)
2666 {
2667 hwaddr len = *plen;
2668 hwaddr done = 0;
2669 hwaddr l, xlat, base;
2670 MemoryRegion *mr, *this_mr;
2671 ram_addr_t raddr;
2672
2673 if (len == 0) {
2674 return NULL;
2675 }
2676
2677 l = len;
2678 rcu_read_lock();
2679 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2680
2681 if (!memory_access_is_direct(mr, is_write)) {
2682 if (atomic_xchg(&bounce.in_use, true)) {
2683 rcu_read_unlock();
2684 return NULL;
2685 }
2686 /* Avoid unbounded allocations */
2687 l = MIN(l, TARGET_PAGE_SIZE);
2688 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2689 bounce.addr = addr;
2690 bounce.len = l;
2691
2692 memory_region_ref(mr);
2693 bounce.mr = mr;
2694 if (!is_write) {
2695 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2696 bounce.buffer, l);
2697 }
2698
2699 rcu_read_unlock();
2700 *plen = l;
2701 return bounce.buffer;
2702 }
2703
2704 base = xlat;
2705 raddr = memory_region_get_ram_addr(mr);
2706
2707 for (;;) {
2708 len -= l;
2709 addr += l;
2710 done += l;
2711 if (len == 0) {
2712 break;
2713 }
2714
2715 l = len;
2716 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2717 if (this_mr != mr || xlat != base + done) {
2718 break;
2719 }
2720 }
2721
2722 memory_region_ref(mr);
2723 rcu_read_unlock();
2724 *plen = done;
2725 return qemu_ram_ptr_length(raddr + base, plen);
2726 }
2727
2728 /* Unmaps a memory region previously mapped by address_space_map().
2729 * Will also mark the memory as dirty if is_write == 1. access_len gives
2730 * the amount of memory that was actually read or written by the caller.
2731 */
2732 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2733 int is_write, hwaddr access_len)
2734 {
2735 if (buffer != bounce.buffer) {
2736 MemoryRegion *mr;
2737 ram_addr_t addr1;
2738
2739 mr = qemu_ram_addr_from_host(buffer, &addr1);
2740 assert(mr != NULL);
2741 if (is_write) {
2742 invalidate_and_set_dirty(mr, addr1, access_len);
2743 }
2744 if (xen_enabled()) {
2745 xen_invalidate_map_cache_entry(buffer);
2746 }
2747 memory_region_unref(mr);
2748 return;
2749 }
2750 if (is_write) {
2751 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2752 bounce.buffer, access_len);
2753 }
2754 qemu_vfree(bounce.buffer);
2755 bounce.buffer = NULL;
2756 memory_region_unref(bounce.mr);
2757 atomic_mb_set(&bounce.in_use, false);
2758 cpu_notify_map_clients();
2759 }
2760
2761 void *cpu_physical_memory_map(hwaddr addr,
2762 hwaddr *plen,
2763 int is_write)
2764 {
2765 return address_space_map(&address_space_memory, addr, plen, is_write);
2766 }
2767
2768 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2769 int is_write, hwaddr access_len)
2770 {
2771 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2772 }
2773
2774 /* warning: addr must be aligned */
2775 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2776 MemTxAttrs attrs,
2777 MemTxResult *result,
2778 enum device_endian endian)
2779 {
2780 uint8_t *ptr;
2781 uint64_t val;
2782 MemoryRegion *mr;
2783 hwaddr l = 4;
2784 hwaddr addr1;
2785 MemTxResult r;
2786 bool release_lock = false;
2787
2788 rcu_read_lock();
2789 mr = address_space_translate(as, addr, &addr1, &l, false);
2790 if (l < 4 || !memory_access_is_direct(mr, false)) {
2791 release_lock |= prepare_mmio_access(mr);
2792
2793 /* I/O case */
2794 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2795 #if defined(TARGET_WORDS_BIGENDIAN)
2796 if (endian == DEVICE_LITTLE_ENDIAN) {
2797 val = bswap32(val);
2798 }
2799 #else
2800 if (endian == DEVICE_BIG_ENDIAN) {
2801 val = bswap32(val);
2802 }
2803 #endif
2804 } else {
2805 /* RAM case */
2806 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2807 & TARGET_PAGE_MASK)
2808 + addr1);
2809 switch (endian) {
2810 case DEVICE_LITTLE_ENDIAN:
2811 val = ldl_le_p(ptr);
2812 break;
2813 case DEVICE_BIG_ENDIAN:
2814 val = ldl_be_p(ptr);
2815 break;
2816 default:
2817 val = ldl_p(ptr);
2818 break;
2819 }
2820 r = MEMTX_OK;
2821 }
2822 if (result) {
2823 *result = r;
2824 }
2825 if (release_lock) {
2826 qemu_mutex_unlock_iothread();
2827 }
2828 rcu_read_unlock();
2829 return val;
2830 }
2831
2832 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2833 MemTxAttrs attrs, MemTxResult *result)
2834 {
2835 return address_space_ldl_internal(as, addr, attrs, result,
2836 DEVICE_NATIVE_ENDIAN);
2837 }
2838
2839 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2840 MemTxAttrs attrs, MemTxResult *result)
2841 {
2842 return address_space_ldl_internal(as, addr, attrs, result,
2843 DEVICE_LITTLE_ENDIAN);
2844 }
2845
2846 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2847 MemTxAttrs attrs, MemTxResult *result)
2848 {
2849 return address_space_ldl_internal(as, addr, attrs, result,
2850 DEVICE_BIG_ENDIAN);
2851 }
2852
2853 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2854 {
2855 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2856 }
2857
2858 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2859 {
2860 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2861 }
2862
2863 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2864 {
2865 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2866 }
2867
2868 /* warning: addr must be aligned */
2869 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2870 MemTxAttrs attrs,
2871 MemTxResult *result,
2872 enum device_endian endian)
2873 {
2874 uint8_t *ptr;
2875 uint64_t val;
2876 MemoryRegion *mr;
2877 hwaddr l = 8;
2878 hwaddr addr1;
2879 MemTxResult r;
2880 bool release_lock = false;
2881
2882 rcu_read_lock();
2883 mr = address_space_translate(as, addr, &addr1, &l,
2884 false);
2885 if (l < 8 || !memory_access_is_direct(mr, false)) {
2886 release_lock |= prepare_mmio_access(mr);
2887
2888 /* I/O case */
2889 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2890 #if defined(TARGET_WORDS_BIGENDIAN)
2891 if (endian == DEVICE_LITTLE_ENDIAN) {
2892 val = bswap64(val);
2893 }
2894 #else
2895 if (endian == DEVICE_BIG_ENDIAN) {
2896 val = bswap64(val);
2897 }
2898 #endif
2899 } else {
2900 /* RAM case */
2901 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2902 & TARGET_PAGE_MASK)
2903 + addr1);
2904 switch (endian) {
2905 case DEVICE_LITTLE_ENDIAN:
2906 val = ldq_le_p(ptr);
2907 break;
2908 case DEVICE_BIG_ENDIAN:
2909 val = ldq_be_p(ptr);
2910 break;
2911 default:
2912 val = ldq_p(ptr);
2913 break;
2914 }
2915 r = MEMTX_OK;
2916 }
2917 if (result) {
2918 *result = r;
2919 }
2920 if (release_lock) {
2921 qemu_mutex_unlock_iothread();
2922 }
2923 rcu_read_unlock();
2924 return val;
2925 }
2926
2927 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
2928 MemTxAttrs attrs, MemTxResult *result)
2929 {
2930 return address_space_ldq_internal(as, addr, attrs, result,
2931 DEVICE_NATIVE_ENDIAN);
2932 }
2933
2934 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
2935 MemTxAttrs attrs, MemTxResult *result)
2936 {
2937 return address_space_ldq_internal(as, addr, attrs, result,
2938 DEVICE_LITTLE_ENDIAN);
2939 }
2940
2941 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
2942 MemTxAttrs attrs, MemTxResult *result)
2943 {
2944 return address_space_ldq_internal(as, addr, attrs, result,
2945 DEVICE_BIG_ENDIAN);
2946 }
2947
2948 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
2949 {
2950 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2951 }
2952
2953 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
2954 {
2955 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2956 }
2957
2958 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
2959 {
2960 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2961 }
2962
2963 /* XXX: optimize */
2964 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
2965 MemTxAttrs attrs, MemTxResult *result)
2966 {
2967 uint8_t val;
2968 MemTxResult r;
2969
2970 r = address_space_rw(as, addr, attrs, &val, 1, 0);
2971 if (result) {
2972 *result = r;
2973 }
2974 return val;
2975 }
2976
2977 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
2978 {
2979 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2980 }
2981
2982 /* warning: addr must be aligned */
2983 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
2984 hwaddr addr,
2985 MemTxAttrs attrs,
2986 MemTxResult *result,
2987 enum device_endian endian)
2988 {
2989 uint8_t *ptr;
2990 uint64_t val;
2991 MemoryRegion *mr;
2992 hwaddr l = 2;
2993 hwaddr addr1;
2994 MemTxResult r;
2995 bool release_lock = false;
2996
2997 rcu_read_lock();
2998 mr = address_space_translate(as, addr, &addr1, &l,
2999 false);
3000 if (l < 2 || !memory_access_is_direct(mr, false)) {
3001 release_lock |= prepare_mmio_access(mr);
3002
3003 /* I/O case */
3004 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3005 #if defined(TARGET_WORDS_BIGENDIAN)
3006 if (endian == DEVICE_LITTLE_ENDIAN) {
3007 val = bswap16(val);
3008 }
3009 #else
3010 if (endian == DEVICE_BIG_ENDIAN) {
3011 val = bswap16(val);
3012 }
3013 #endif
3014 } else {
3015 /* RAM case */
3016 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3017 & TARGET_PAGE_MASK)
3018 + addr1);
3019 switch (endian) {
3020 case DEVICE_LITTLE_ENDIAN:
3021 val = lduw_le_p(ptr);
3022 break;
3023 case DEVICE_BIG_ENDIAN:
3024 val = lduw_be_p(ptr);
3025 break;
3026 default:
3027 val = lduw_p(ptr);
3028 break;
3029 }
3030 r = MEMTX_OK;
3031 }
3032 if (result) {
3033 *result = r;
3034 }
3035 if (release_lock) {
3036 qemu_mutex_unlock_iothread();
3037 }
3038 rcu_read_unlock();
3039 return val;
3040 }
3041
3042 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3043 MemTxAttrs attrs, MemTxResult *result)
3044 {
3045 return address_space_lduw_internal(as, addr, attrs, result,
3046 DEVICE_NATIVE_ENDIAN);
3047 }
3048
3049 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3050 MemTxAttrs attrs, MemTxResult *result)
3051 {
3052 return address_space_lduw_internal(as, addr, attrs, result,
3053 DEVICE_LITTLE_ENDIAN);
3054 }
3055
3056 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3057 MemTxAttrs attrs, MemTxResult *result)
3058 {
3059 return address_space_lduw_internal(as, addr, attrs, result,
3060 DEVICE_BIG_ENDIAN);
3061 }
3062
3063 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3064 {
3065 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3066 }
3067
3068 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3069 {
3070 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3071 }
3072
3073 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3074 {
3075 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3076 }
3077
3078 /* warning: addr must be aligned. The ram page is not masked as dirty
3079 and the code inside is not invalidated. It is useful if the dirty
3080 bits are used to track modified PTEs */
3081 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3082 MemTxAttrs attrs, MemTxResult *result)
3083 {
3084 uint8_t *ptr;
3085 MemoryRegion *mr;
3086 hwaddr l = 4;
3087 hwaddr addr1;
3088 MemTxResult r;
3089 uint8_t dirty_log_mask;
3090 bool release_lock = false;
3091
3092 rcu_read_lock();
3093 mr = address_space_translate(as, addr, &addr1, &l,
3094 true);
3095 if (l < 4 || !memory_access_is_direct(mr, true)) {
3096 release_lock |= prepare_mmio_access(mr);
3097
3098 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3099 } else {
3100 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3101 ptr = qemu_get_ram_ptr(addr1);
3102 stl_p(ptr, val);
3103
3104 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3105 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3106 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3107 r = MEMTX_OK;
3108 }
3109 if (result) {
3110 *result = r;
3111 }
3112 if (release_lock) {
3113 qemu_mutex_unlock_iothread();
3114 }
3115 rcu_read_unlock();
3116 }
3117
3118 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3119 {
3120 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3121 }
3122
3123 /* warning: addr must be aligned */
3124 static inline void address_space_stl_internal(AddressSpace *as,
3125 hwaddr addr, uint32_t val,
3126 MemTxAttrs attrs,
3127 MemTxResult *result,
3128 enum device_endian endian)
3129 {
3130 uint8_t *ptr;
3131 MemoryRegion *mr;
3132 hwaddr l = 4;
3133 hwaddr addr1;
3134 MemTxResult r;
3135 bool release_lock = false;
3136
3137 rcu_read_lock();
3138 mr = address_space_translate(as, addr, &addr1, &l,
3139 true);
3140 if (l < 4 || !memory_access_is_direct(mr, true)) {
3141 release_lock |= prepare_mmio_access(mr);
3142
3143 #if defined(TARGET_WORDS_BIGENDIAN)
3144 if (endian == DEVICE_LITTLE_ENDIAN) {
3145 val = bswap32(val);
3146 }
3147 #else
3148 if (endian == DEVICE_BIG_ENDIAN) {
3149 val = bswap32(val);
3150 }
3151 #endif
3152 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3153 } else {
3154 /* RAM case */
3155 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3156 ptr = qemu_get_ram_ptr(addr1);
3157 switch (endian) {
3158 case DEVICE_LITTLE_ENDIAN:
3159 stl_le_p(ptr, val);
3160 break;
3161 case DEVICE_BIG_ENDIAN:
3162 stl_be_p(ptr, val);
3163 break;
3164 default:
3165 stl_p(ptr, val);
3166 break;
3167 }
3168 invalidate_and_set_dirty(mr, addr1, 4);
3169 r = MEMTX_OK;
3170 }
3171 if (result) {
3172 *result = r;
3173 }
3174 if (release_lock) {
3175 qemu_mutex_unlock_iothread();
3176 }
3177 rcu_read_unlock();
3178 }
3179
3180 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3181 MemTxAttrs attrs, MemTxResult *result)
3182 {
3183 address_space_stl_internal(as, addr, val, attrs, result,
3184 DEVICE_NATIVE_ENDIAN);
3185 }
3186
3187 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3188 MemTxAttrs attrs, MemTxResult *result)
3189 {
3190 address_space_stl_internal(as, addr, val, attrs, result,
3191 DEVICE_LITTLE_ENDIAN);
3192 }
3193
3194 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3195 MemTxAttrs attrs, MemTxResult *result)
3196 {
3197 address_space_stl_internal(as, addr, val, attrs, result,
3198 DEVICE_BIG_ENDIAN);
3199 }
3200
3201 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3202 {
3203 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3204 }
3205
3206 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3207 {
3208 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3209 }
3210
3211 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3212 {
3213 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3214 }
3215
3216 /* XXX: optimize */
3217 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3218 MemTxAttrs attrs, MemTxResult *result)
3219 {
3220 uint8_t v = val;
3221 MemTxResult r;
3222
3223 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3224 if (result) {
3225 *result = r;
3226 }
3227 }
3228
3229 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3230 {
3231 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3232 }
3233
3234 /* warning: addr must be aligned */
3235 static inline void address_space_stw_internal(AddressSpace *as,
3236 hwaddr addr, uint32_t val,
3237 MemTxAttrs attrs,
3238 MemTxResult *result,
3239 enum device_endian endian)
3240 {
3241 uint8_t *ptr;
3242 MemoryRegion *mr;
3243 hwaddr l = 2;
3244 hwaddr addr1;
3245 MemTxResult r;
3246 bool release_lock = false;
3247
3248 rcu_read_lock();
3249 mr = address_space_translate(as, addr, &addr1, &l, true);
3250 if (l < 2 || !memory_access_is_direct(mr, true)) {
3251 release_lock |= prepare_mmio_access(mr);
3252
3253 #if defined(TARGET_WORDS_BIGENDIAN)
3254 if (endian == DEVICE_LITTLE_ENDIAN) {
3255 val = bswap16(val);
3256 }
3257 #else
3258 if (endian == DEVICE_BIG_ENDIAN) {
3259 val = bswap16(val);
3260 }
3261 #endif
3262 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3263 } else {
3264 /* RAM case */
3265 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3266 ptr = qemu_get_ram_ptr(addr1);
3267 switch (endian) {
3268 case DEVICE_LITTLE_ENDIAN:
3269 stw_le_p(ptr, val);
3270 break;
3271 case DEVICE_BIG_ENDIAN:
3272 stw_be_p(ptr, val);
3273 break;
3274 default:
3275 stw_p(ptr, val);
3276 break;
3277 }
3278 invalidate_and_set_dirty(mr, addr1, 2);
3279 r = MEMTX_OK;
3280 }
3281 if (result) {
3282 *result = r;
3283 }
3284 if (release_lock) {
3285 qemu_mutex_unlock_iothread();
3286 }
3287 rcu_read_unlock();
3288 }
3289
3290 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3291 MemTxAttrs attrs, MemTxResult *result)
3292 {
3293 address_space_stw_internal(as, addr, val, attrs, result,
3294 DEVICE_NATIVE_ENDIAN);
3295 }
3296
3297 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3298 MemTxAttrs attrs, MemTxResult *result)
3299 {
3300 address_space_stw_internal(as, addr, val, attrs, result,
3301 DEVICE_LITTLE_ENDIAN);
3302 }
3303
3304 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3305 MemTxAttrs attrs, MemTxResult *result)
3306 {
3307 address_space_stw_internal(as, addr, val, attrs, result,
3308 DEVICE_BIG_ENDIAN);
3309 }
3310
3311 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3312 {
3313 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3314 }
3315
3316 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3317 {
3318 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3319 }
3320
3321 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3322 {
3323 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3324 }
3325
3326 /* XXX: optimize */
3327 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3328 MemTxAttrs attrs, MemTxResult *result)
3329 {
3330 MemTxResult r;
3331 val = tswap64(val);
3332 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3333 if (result) {
3334 *result = r;
3335 }
3336 }
3337
3338 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3339 MemTxAttrs attrs, MemTxResult *result)
3340 {
3341 MemTxResult r;
3342 val = cpu_to_le64(val);
3343 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3344 if (result) {
3345 *result = r;
3346 }
3347 }
3348 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3349 MemTxAttrs attrs, MemTxResult *result)
3350 {
3351 MemTxResult r;
3352 val = cpu_to_be64(val);
3353 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3354 if (result) {
3355 *result = r;
3356 }
3357 }
3358
3359 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3360 {
3361 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3362 }
3363
3364 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3365 {
3366 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3367 }
3368
3369 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3370 {
3371 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3372 }
3373
3374 /* virtual memory access for debug (includes writing to ROM) */
3375 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3376 uint8_t *buf, int len, int is_write)
3377 {
3378 int l;
3379 hwaddr phys_addr;
3380 target_ulong page;
3381
3382 while (len > 0) {
3383 page = addr & TARGET_PAGE_MASK;
3384 phys_addr = cpu_get_phys_page_debug(cpu, page);
3385 /* if no physical page mapped, return an error */
3386 if (phys_addr == -1)
3387 return -1;
3388 l = (page + TARGET_PAGE_SIZE) - addr;
3389 if (l > len)
3390 l = len;
3391 phys_addr += (addr & ~TARGET_PAGE_MASK);
3392 if (is_write) {
3393 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3394 } else {
3395 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3396 buf, l, 0);
3397 }
3398 len -= l;
3399 buf += l;
3400 addr += l;
3401 }
3402 return 0;
3403 }
3404 #endif
3405
3406 /*
3407 * A helper function for the _utterly broken_ virtio device model to find out if
3408 * it's running on a big endian machine. Don't do this at home kids!
3409 */
3410 bool target_words_bigendian(void);
3411 bool target_words_bigendian(void)
3412 {
3413 #if defined(TARGET_WORDS_BIGENDIAN)
3414 return true;
3415 #else
3416 return false;
3417 #endif
3418 }
3419
3420 #ifndef CONFIG_USER_ONLY
3421 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3422 {
3423 MemoryRegion*mr;
3424 hwaddr l = 1;
3425 bool res;
3426
3427 rcu_read_lock();
3428 mr = address_space_translate(&address_space_memory,
3429 phys_addr, &phys_addr, &l, false);
3430
3431 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3432 rcu_read_unlock();
3433 return res;
3434 }
3435
3436 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3437 {
3438 RAMBlock *block;
3439 int ret = 0;
3440
3441 rcu_read_lock();
3442 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3443 ret = func(block->idstr, block->host, block->offset,
3444 block->used_length, opaque);
3445 if (ret) {
3446 break;
3447 }
3448 }
3449 rcu_read_unlock();
3450 return ret;
3451 }
3452 #endif
CRIS target port of Qemu