search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
memory: reorder MemoryRegion fields
[qemu/cris-port.git] / exec.c
blob069848b26aea94ebeb08d2ca96bbe8c3c90aded5
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53 #include "sysemu/replay.h"
54
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
57
58 #include "qemu/range.h"
59 #ifndef _WIN32
60 #include "qemu/mmap-alloc.h"
61 #endif
62
63 //#define DEBUG_SUBPAGE
64
65 #if !defined(CONFIG_USER_ONLY)
66 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
67 * are protected by the ramlist lock.
68 */
69 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
70
71 static MemoryRegion *system_memory;
72 static MemoryRegion *system_io;
73
74 AddressSpace address_space_io;
75 AddressSpace address_space_memory;
76
77 MemoryRegion io_mem_rom, io_mem_notdirty;
78 static MemoryRegion io_mem_unassigned;
79
80 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
81 #define RAM_PREALLOC (1 << 0)
82
83 /* RAM is mmap-ed with MAP_SHARED */
84 #define RAM_SHARED (1 << 1)
85
86 /* Only a portion of RAM (used_length) is actually used, and migrated.
87 * This used_length size can change across reboots.
88 */
89 #define RAM_RESIZEABLE (1 << 2)
90
91 #endif
92
93 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
94 /* current CPU in the current thread. It is only valid inside
95 cpu_exec() */
96 __thread CPUState *current_cpu;
97 /* 0 = Do not count executed instructions.
98 1 = Precise instruction counting.
99 2 = Adaptive rate instruction counting. */
100 int use_icount;
101
102 #if !defined(CONFIG_USER_ONLY)
103
104 typedef struct PhysPageEntry PhysPageEntry;
105
106 struct PhysPageEntry {
107 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
108 uint32_t skip : 6;
109 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
110 uint32_t ptr : 26;
111 };
112
113 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
114
115 /* Size of the L2 (and L3, etc) page tables. */
116 #define ADDR_SPACE_BITS 64
117
118 #define P_L2_BITS 9
119 #define P_L2_SIZE (1 << P_L2_BITS)
120
121 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
122
123 typedef PhysPageEntry Node[P_L2_SIZE];
124
125 typedef struct PhysPageMap {
126 struct rcu_head rcu;
127
128 unsigned sections_nb;
129 unsigned sections_nb_alloc;
130 unsigned nodes_nb;
131 unsigned nodes_nb_alloc;
132 Node *nodes;
133 MemoryRegionSection *sections;
134 } PhysPageMap;
135
136 struct AddressSpaceDispatch {
137 struct rcu_head rcu;
138
139 /* This is a multi-level map on the physical address space.
140 * The bottom level has pointers to MemoryRegionSections.
141 */
142 PhysPageEntry phys_map;
143 PhysPageMap map;
144 AddressSpace *as;
145 };
146
147 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
148 typedef struct subpage_t {
149 MemoryRegion iomem;
150 AddressSpace *as;
151 hwaddr base;
152 uint16_t sub_section[TARGET_PAGE_SIZE];
153 } subpage_t;
154
155 #define PHYS_SECTION_UNASSIGNED 0
156 #define PHYS_SECTION_NOTDIRTY 1
157 #define PHYS_SECTION_ROM 2
158 #define PHYS_SECTION_WATCH 3
159
160 static void io_mem_init(void);
161 static void memory_map_init(void);
162 static void tcg_commit(MemoryListener *listener);
163
164 static MemoryRegion io_mem_watch;
165
166 /**
167 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
168 * @cpu: the CPU whose AddressSpace this is
169 * @as: the AddressSpace itself
170 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
171 * @tcg_as_listener: listener for tracking changes to the AddressSpace
172 */
173 struct CPUAddressSpace {
174 CPUState *cpu;
175 AddressSpace *as;
176 struct AddressSpaceDispatch *memory_dispatch;
177 MemoryListener tcg_as_listener;
178 };
179
180 #endif
181
182 #if !defined(CONFIG_USER_ONLY)
183
184 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
185 {
186 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
187 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
188 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
189 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
190 }
191 }
192
193 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
194 {
195 unsigned i;
196 uint32_t ret;
197 PhysPageEntry e;
198 PhysPageEntry *p;
199
200 ret = map->nodes_nb++;
201 p = map->nodes[ret];
202 assert(ret != PHYS_MAP_NODE_NIL);
203 assert(ret != map->nodes_nb_alloc);
204
205 e.skip = leaf ? 0 : 1;
206 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
207 for (i = 0; i < P_L2_SIZE; ++i) {
208 memcpy(&p[i], &e, sizeof(e));
209 }
210 return ret;
211 }
212
213 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
214 hwaddr *index, hwaddr *nb, uint16_t leaf,
215 int level)
216 {
217 PhysPageEntry *p;
218 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
219
220 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
221 lp->ptr = phys_map_node_alloc(map, level == 0);
222 }
223 p = map->nodes[lp->ptr];
224 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
225
226 while (*nb && lp < &p[P_L2_SIZE]) {
227 if ((*index & (step - 1)) == 0 && *nb >= step) {
228 lp->skip = 0;
229 lp->ptr = leaf;
230 *index += step;
231 *nb -= step;
232 } else {
233 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
234 }
235 ++lp;
236 }
237 }
238
239 static void phys_page_set(AddressSpaceDispatch *d,
240 hwaddr index, hwaddr nb,
241 uint16_t leaf)
242 {
243 /* Wildly overreserve - it doesn't matter much. */
244 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
245
246 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
247 }
248
249 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
250 * and update our entry so we can skip it and go directly to the destination.
251 */
252 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
253 {
254 unsigned valid_ptr = P_L2_SIZE;
255 int valid = 0;
256 PhysPageEntry *p;
257 int i;
258
259 if (lp->ptr == PHYS_MAP_NODE_NIL) {
260 return;
261 }
262
263 p = nodes[lp->ptr];
264 for (i = 0; i < P_L2_SIZE; i++) {
265 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
266 continue;
267 }
268
269 valid_ptr = i;
270 valid++;
271 if (p[i].skip) {
272 phys_page_compact(&p[i], nodes, compacted);
273 }
274 }
275
276 /* We can only compress if there's only one child. */
277 if (valid != 1) {
278 return;
279 }
280
281 assert(valid_ptr < P_L2_SIZE);
282
283 /* Don't compress if it won't fit in the # of bits we have. */
284 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
285 return;
286 }
287
288 lp->ptr = p[valid_ptr].ptr;
289 if (!p[valid_ptr].skip) {
290 /* If our only child is a leaf, make this a leaf. */
291 /* By design, we should have made this node a leaf to begin with so we
292 * should never reach here.
293 * But since it's so simple to handle this, let's do it just in case we
294 * change this rule.
295 */
296 lp->skip = 0;
297 } else {
298 lp->skip += p[valid_ptr].skip;
299 }
300 }
301
302 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
303 {
304 DECLARE_BITMAP(compacted, nodes_nb);
305
306 if (d->phys_map.skip) {
307 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
308 }
309 }
310
311 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
312 Node *nodes, MemoryRegionSection *sections)
313 {
314 PhysPageEntry *p;
315 hwaddr index = addr >> TARGET_PAGE_BITS;
316 int i;
317
318 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
319 if (lp.ptr == PHYS_MAP_NODE_NIL) {
320 return &sections[PHYS_SECTION_UNASSIGNED];
321 }
322 p = nodes[lp.ptr];
323 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
324 }
325
326 if (sections[lp.ptr].size.hi ||
327 range_covers_byte(sections[lp.ptr].offset_within_address_space,
328 sections[lp.ptr].size.lo, addr)) {
329 return &sections[lp.ptr];
330 } else {
331 return &sections[PHYS_SECTION_UNASSIGNED];
332 }
333 }
334
335 bool memory_region_is_unassigned(MemoryRegion *mr)
336 {
337 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
338 && mr != &io_mem_watch;
339 }
340
341 /* Called from RCU critical section */
342 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
343 hwaddr addr,
344 bool resolve_subpage)
345 {
346 MemoryRegionSection *section;
347 subpage_t *subpage;
348
349 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
350 if (resolve_subpage && section->mr->subpage) {
351 subpage = container_of(section->mr, subpage_t, iomem);
352 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
353 }
354 return section;
355 }
356
357 /* Called from RCU critical section */
358 static MemoryRegionSection *
359 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
360 hwaddr *plen, bool resolve_subpage)
361 {
362 MemoryRegionSection *section;
363 MemoryRegion *mr;
364 Int128 diff;
365
366 section = address_space_lookup_region(d, addr, resolve_subpage);
367 /* Compute offset within MemoryRegionSection */
368 addr -= section->offset_within_address_space;
369
370 /* Compute offset within MemoryRegion */
371 *xlat = addr + section->offset_within_region;
372
373 mr = section->mr;
374
375 /* MMIO registers can be expected to perform full-width accesses based only
376 * on their address, without considering adjacent registers that could
377 * decode to completely different MemoryRegions. When such registers
378 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
379 * regions overlap wildly. For this reason we cannot clamp the accesses
380 * here.
381 *
382 * If the length is small (as is the case for address_space_ldl/stl),
383 * everything works fine. If the incoming length is large, however,
384 * the caller really has to do the clamping through memory_access_size.
385 */
386 if (memory_region_is_ram(mr)) {
387 diff = int128_sub(section->size, int128_make64(addr));
388 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
389 }
390 return section;
391 }
392
393 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
394 {
395 if (memory_region_is_ram(mr)) {
396 return !(is_write && mr->readonly);
397 }
398 if (memory_region_is_romd(mr)) {
399 return !is_write;
400 }
401
402 return false;
403 }
404
405 /* Called from RCU critical section */
406 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
407 hwaddr *xlat, hwaddr *plen,
408 bool is_write)
409 {
410 IOMMUTLBEntry iotlb;
411 MemoryRegionSection *section;
412 MemoryRegion *mr;
413
414 for (;;) {
415 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
416 section = address_space_translate_internal(d, addr, &addr, plen, true);
417 mr = section->mr;
418
419 if (!mr->iommu_ops) {
420 break;
421 }
422
423 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
424 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
425 | (addr & iotlb.addr_mask));
426 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
427 if (!(iotlb.perm & (1 << is_write))) {
428 mr = &io_mem_unassigned;
429 break;
430 }
431
432 as = iotlb.target_as;
433 }
434
435 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
436 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
437 *plen = MIN(page, *plen);
438 }
439
440 *xlat = addr;
441 return mr;
442 }
443
444 /* Called from RCU critical section */
445 MemoryRegionSection *
446 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
447 hwaddr *xlat, hwaddr *plen)
448 {
449 MemoryRegionSection *section;
450 section = address_space_translate_internal(cpu->cpu_ases[0].memory_dispatch,
451 addr, xlat, plen, false);
452
453 assert(!section->mr->iommu_ops);
454 return section;
455 }
456 #endif
457
458 #if !defined(CONFIG_USER_ONLY)
459
460 static int cpu_common_post_load(void *opaque, int version_id)
461 {
462 CPUState *cpu = opaque;
463
464 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
465 version_id is increased. */
466 cpu->interrupt_request &= ~0x01;
467 tlb_flush(cpu, 1);
468
469 return 0;
470 }
471
472 static int cpu_common_pre_load(void *opaque)
473 {
474 CPUState *cpu = opaque;
475
476 cpu->exception_index = -1;
477
478 return 0;
479 }
480
481 static bool cpu_common_exception_index_needed(void *opaque)
482 {
483 CPUState *cpu = opaque;
484
485 return tcg_enabled() && cpu->exception_index != -1;
486 }
487
488 static const VMStateDescription vmstate_cpu_common_exception_index = {
489 .name = "cpu_common/exception_index",
490 .version_id = 1,
491 .minimum_version_id = 1,
492 .needed = cpu_common_exception_index_needed,
493 .fields = (VMStateField[]) {
494 VMSTATE_INT32(exception_index, CPUState),
495 VMSTATE_END_OF_LIST()
496 }
497 };
498
499 static bool cpu_common_crash_occurred_needed(void *opaque)
500 {
501 CPUState *cpu = opaque;
502
503 return cpu->crash_occurred;
504 }
505
506 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
507 .name = "cpu_common/crash_occurred",
508 .version_id = 1,
509 .minimum_version_id = 1,
510 .needed = cpu_common_crash_occurred_needed,
511 .fields = (VMStateField[]) {
512 VMSTATE_BOOL(crash_occurred, CPUState),
513 VMSTATE_END_OF_LIST()
514 }
515 };
516
517 const VMStateDescription vmstate_cpu_common = {
518 .name = "cpu_common",
519 .version_id = 1,
520 .minimum_version_id = 1,
521 .pre_load = cpu_common_pre_load,
522 .post_load = cpu_common_post_load,
523 .fields = (VMStateField[]) {
524 VMSTATE_UINT32(halted, CPUState),
525 VMSTATE_UINT32(interrupt_request, CPUState),
526 VMSTATE_END_OF_LIST()
527 },
528 .subsections = (const VMStateDescription*[]) {
529 &vmstate_cpu_common_exception_index,
530 &vmstate_cpu_common_crash_occurred,
531 NULL
532 }
533 };
534
535 #endif
536
537 CPUState *qemu_get_cpu(int index)
538 {
539 CPUState *cpu;
540
541 CPU_FOREACH(cpu) {
542 if (cpu->cpu_index == index) {
543 return cpu;
544 }
545 }
546
547 return NULL;
548 }
549
550 #if !defined(CONFIG_USER_ONLY)
551 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
552 {
553 /* We only support one address space per cpu at the moment. */
554 assert(cpu->as == as);
555
556 if (cpu->cpu_ases) {
557 /* We've already registered the listener for our only AS */
558 return;
559 }
560
561 cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
562 cpu->cpu_ases[0].cpu = cpu;
563 cpu->cpu_ases[0].as = as;
564 cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
565 memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as);
566 }
567 #endif
568
569 #ifndef CONFIG_USER_ONLY
570 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
571
572 static int cpu_get_free_index(Error **errp)
573 {
574 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
575
576 if (cpu >= MAX_CPUMASK_BITS) {
577 error_setg(errp, "Trying to use more CPUs than max of %d",
578 MAX_CPUMASK_BITS);
579 return -1;
580 }
581
582 bitmap_set(cpu_index_map, cpu, 1);
583 return cpu;
584 }
585
586 void cpu_exec_exit(CPUState *cpu)
587 {
588 if (cpu->cpu_index == -1) {
589 /* cpu_index was never allocated by this @cpu or was already freed. */
590 return;
591 }
592
593 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
594 cpu->cpu_index = -1;
595 }
596 #else
597
598 static int cpu_get_free_index(Error **errp)
599 {
600 CPUState *some_cpu;
601 int cpu_index = 0;
602
603 CPU_FOREACH(some_cpu) {
604 cpu_index++;
605 }
606 return cpu_index;
607 }
608
609 void cpu_exec_exit(CPUState *cpu)
610 {
611 }
612 #endif
613
614 void cpu_exec_init(CPUState *cpu, Error **errp)
615 {
616 CPUClass *cc = CPU_GET_CLASS(cpu);
617 int cpu_index;
618 Error *local_err = NULL;
619
620 #ifndef CONFIG_USER_ONLY
621 cpu->as = &address_space_memory;
622 cpu->thread_id = qemu_get_thread_id();
623 #endif
624
625 #if defined(CONFIG_USER_ONLY)
626 cpu_list_lock();
627 #endif
628 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
629 if (local_err) {
630 error_propagate(errp, local_err);
631 #if defined(CONFIG_USER_ONLY)
632 cpu_list_unlock();
633 #endif
634 return;
635 }
636 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
637 #if defined(CONFIG_USER_ONLY)
638 cpu_list_unlock();
639 #endif
640 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
641 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
642 }
643 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
644 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
645 cpu_save, cpu_load, cpu->env_ptr);
646 assert(cc->vmsd == NULL);
647 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
648 #endif
649 if (cc->vmsd != NULL) {
650 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
651 }
652 }
653
654 #if defined(CONFIG_USER_ONLY)
655 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
656 {
657 tb_invalidate_phys_page_range(pc, pc + 1, 0);
658 }
659 #else
660 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
661 {
662 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
663 if (phys != -1) {
664 tb_invalidate_phys_addr(cpu->as,
665 phys | (pc & ~TARGET_PAGE_MASK));
666 }
667 }
668 #endif
669
670 #if defined(CONFIG_USER_ONLY)
671 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
672
673 {
674 }
675
676 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
677 int flags)
678 {
679 return -ENOSYS;
680 }
681
682 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
683 {
684 }
685
686 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
687 int flags, CPUWatchpoint **watchpoint)
688 {
689 return -ENOSYS;
690 }
691 #else
692 /* Add a watchpoint. */
693 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
694 int flags, CPUWatchpoint **watchpoint)
695 {
696 CPUWatchpoint *wp;
697
698 /* forbid ranges which are empty or run off the end of the address space */
699 if (len == 0 || (addr + len - 1) < addr) {
700 error_report("tried to set invalid watchpoint at %"
701 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
702 return -EINVAL;
703 }
704 wp = g_malloc(sizeof(*wp));
705
706 wp->vaddr = addr;
707 wp->len = len;
708 wp->flags = flags;
709
710 /* keep all GDB-injected watchpoints in front */
711 if (flags & BP_GDB) {
712 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
713 } else {
714 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
715 }
716
717 tlb_flush_page(cpu, addr);
718
719 if (watchpoint)
720 *watchpoint = wp;
721 return 0;
722 }
723
724 /* Remove a specific watchpoint. */
725 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
726 int flags)
727 {
728 CPUWatchpoint *wp;
729
730 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
731 if (addr == wp->vaddr && len == wp->len
732 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
733 cpu_watchpoint_remove_by_ref(cpu, wp);
734 return 0;
735 }
736 }
737 return -ENOENT;
738 }
739
740 /* Remove a specific watchpoint by reference. */
741 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
742 {
743 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
744
745 tlb_flush_page(cpu, watchpoint->vaddr);
746
747 g_free(watchpoint);
748 }
749
750 /* Remove all matching watchpoints. */
751 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
752 {
753 CPUWatchpoint *wp, *next;
754
755 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
756 if (wp->flags & mask) {
757 cpu_watchpoint_remove_by_ref(cpu, wp);
758 }
759 }
760 }
761
762 /* Return true if this watchpoint address matches the specified
763 * access (ie the address range covered by the watchpoint overlaps
764 * partially or completely with the address range covered by the
765 * access).
766 */
767 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
768 vaddr addr,
769 vaddr len)
770 {
771 /* We know the lengths are non-zero, but a little caution is
772 * required to avoid errors in the case where the range ends
773 * exactly at the top of the address space and so addr + len
774 * wraps round to zero.
775 */
776 vaddr wpend = wp->vaddr + wp->len - 1;
777 vaddr addrend = addr + len - 1;
778
779 return !(addr > wpend || wp->vaddr > addrend);
780 }
781
782 #endif
783
784 /* Add a breakpoint. */
785 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
786 CPUBreakpoint **breakpoint)
787 {
788 CPUBreakpoint *bp;
789
790 bp = g_malloc(sizeof(*bp));
791
792 bp->pc = pc;
793 bp->flags = flags;
794
795 /* keep all GDB-injected breakpoints in front */
796 if (flags & BP_GDB) {
797 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
798 } else {
799 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
800 }
801
802 breakpoint_invalidate(cpu, pc);
803
804 if (breakpoint) {
805 *breakpoint = bp;
806 }
807 return 0;
808 }
809
810 /* Remove a specific breakpoint. */
811 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
812 {
813 CPUBreakpoint *bp;
814
815 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
816 if (bp->pc == pc && bp->flags == flags) {
817 cpu_breakpoint_remove_by_ref(cpu, bp);
818 return 0;
819 }
820 }
821 return -ENOENT;
822 }
823
824 /* Remove a specific breakpoint by reference. */
825 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
826 {
827 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
828
829 breakpoint_invalidate(cpu, breakpoint->pc);
830
831 g_free(breakpoint);
832 }
833
834 /* Remove all matching breakpoints. */
835 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
836 {
837 CPUBreakpoint *bp, *next;
838
839 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
840 if (bp->flags & mask) {
841 cpu_breakpoint_remove_by_ref(cpu, bp);
842 }
843 }
844 }
845
846 /* enable or disable single step mode. EXCP_DEBUG is returned by the
847 CPU loop after each instruction */
848 void cpu_single_step(CPUState *cpu, int enabled)
849 {
850 if (cpu->singlestep_enabled != enabled) {
851 cpu->singlestep_enabled = enabled;
852 if (kvm_enabled()) {
853 kvm_update_guest_debug(cpu, 0);
854 } else {
855 /* must flush all the translated code to avoid inconsistencies */
856 /* XXX: only flush what is necessary */
857 tb_flush(cpu);
858 }
859 }
860 }
861
862 void cpu_abort(CPUState *cpu, const char *fmt, ...)
863 {
864 va_list ap;
865 va_list ap2;
866
867 va_start(ap, fmt);
868 va_copy(ap2, ap);
869 fprintf(stderr, "qemu: fatal: ");
870 vfprintf(stderr, fmt, ap);
871 fprintf(stderr, "\n");
872 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
873 if (qemu_log_separate()) {
874 qemu_log("qemu: fatal: ");
875 qemu_log_vprintf(fmt, ap2);
876 qemu_log("\n");
877 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
878 qemu_log_flush();
879 qemu_log_close();
880 }
881 va_end(ap2);
882 va_end(ap);
883 replay_finish();
884 #if defined(CONFIG_USER_ONLY)
885 {
886 struct sigaction act;
887 sigfillset(&act.sa_mask);
888 act.sa_handler = SIG_DFL;
889 sigaction(SIGABRT, &act, NULL);
890 }
891 #endif
892 abort();
893 }
894
895 #if !defined(CONFIG_USER_ONLY)
896 /* Called from RCU critical section */
897 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
898 {
899 RAMBlock *block;
900
901 block = atomic_rcu_read(&ram_list.mru_block);
902 if (block && addr - block->offset < block->max_length) {
903 return block;
904 }
905 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
906 if (addr - block->offset < block->max_length) {
907 goto found;
908 }
909 }
910
911 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
912 abort();
913
914 found:
915 /* It is safe to write mru_block outside the iothread lock. This
916 * is what happens:
917 *
918 * mru_block = xxx
919 * rcu_read_unlock()
920 * xxx removed from list
921 * rcu_read_lock()
922 * read mru_block
923 * mru_block = NULL;
924 * call_rcu(reclaim_ramblock, xxx);
925 * rcu_read_unlock()
926 *
927 * atomic_rcu_set is not needed here. The block was already published
928 * when it was placed into the list. Here we're just making an extra
929 * copy of the pointer.
930 */
931 ram_list.mru_block = block;
932 return block;
933 }
934
935 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
936 {
937 CPUState *cpu;
938 ram_addr_t start1;
939 RAMBlock *block;
940 ram_addr_t end;
941
942 end = TARGET_PAGE_ALIGN(start + length);
943 start &= TARGET_PAGE_MASK;
944
945 rcu_read_lock();
946 block = qemu_get_ram_block(start);
947 assert(block == qemu_get_ram_block(end - 1));
948 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
949 CPU_FOREACH(cpu) {
950 tlb_reset_dirty(cpu, start1, length);
951 }
952 rcu_read_unlock();
953 }
954
955 /* Note: start and end must be within the same ram block. */
956 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
957 ram_addr_t length,
958 unsigned client)
959 {
960 unsigned long end, page;
961 bool dirty;
962
963 if (length == 0) {
964 return false;
965 }
966
967 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
968 page = start >> TARGET_PAGE_BITS;
969 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
970 page, end - page);
971
972 if (dirty && tcg_enabled()) {
973 tlb_reset_dirty_range_all(start, length);
974 }
975
976 return dirty;
977 }
978
979 /* Called from RCU critical section */
980 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
981 MemoryRegionSection *section,
982 target_ulong vaddr,
983 hwaddr paddr, hwaddr xlat,
984 int prot,
985 target_ulong *address)
986 {
987 hwaddr iotlb;
988 CPUWatchpoint *wp;
989
990 if (memory_region_is_ram(section->mr)) {
991 /* Normal RAM. */
992 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
993 + xlat;
994 if (!section->readonly) {
995 iotlb |= PHYS_SECTION_NOTDIRTY;
996 } else {
997 iotlb |= PHYS_SECTION_ROM;
998 }
999 } else {
1000 AddressSpaceDispatch *d;
1001
1002 d = atomic_rcu_read(&section->address_space->dispatch);
1003 iotlb = section - d->map.sections;
1004 iotlb += xlat;
1005 }
1006
1007 /* Make accesses to pages with watchpoints go via the
1008 watchpoint trap routines. */
1009 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1010 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1011 /* Avoid trapping reads of pages with a write breakpoint. */
1012 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1013 iotlb = PHYS_SECTION_WATCH + paddr;
1014 *address |= TLB_MMIO;
1015 break;
1016 }
1017 }
1018 }
1019
1020 return iotlb;
1021 }
1022 #endif /* defined(CONFIG_USER_ONLY) */
1023
1024 #if !defined(CONFIG_USER_ONLY)
1025
1026 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1027 uint16_t section);
1028 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1029
1030 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1031 qemu_anon_ram_alloc;
1032
1033 /*
1034 * Set a custom physical guest memory alloator.
1035 * Accelerators with unusual needs may need this. Hopefully, we can
1036 * get rid of it eventually.
1037 */
1038 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1039 {
1040 phys_mem_alloc = alloc;
1041 }
1042
1043 static uint16_t phys_section_add(PhysPageMap *map,
1044 MemoryRegionSection *section)
1045 {
1046 /* The physical section number is ORed with a page-aligned
1047 * pointer to produce the iotlb entries. Thus it should
1048 * never overflow into the page-aligned value.
1049 */
1050 assert(map->sections_nb < TARGET_PAGE_SIZE);
1051
1052 if (map->sections_nb == map->sections_nb_alloc) {
1053 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1054 map->sections = g_renew(MemoryRegionSection, map->sections,
1055 map->sections_nb_alloc);
1056 }
1057 map->sections[map->sections_nb] = *section;
1058 memory_region_ref(section->mr);
1059 return map->sections_nb++;
1060 }
1061
1062 static void phys_section_destroy(MemoryRegion *mr)
1063 {
1064 bool have_sub_page = mr->subpage;
1065
1066 memory_region_unref(mr);
1067
1068 if (have_sub_page) {
1069 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1070 object_unref(OBJECT(&subpage->iomem));
1071 g_free(subpage);
1072 }
1073 }
1074
1075 static void phys_sections_free(PhysPageMap *map)
1076 {
1077 while (map->sections_nb > 0) {
1078 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1079 phys_section_destroy(section->mr);
1080 }
1081 g_free(map->sections);
1082 g_free(map->nodes);
1083 }
1084
1085 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1086 {
1087 subpage_t *subpage;
1088 hwaddr base = section->offset_within_address_space
1089 & TARGET_PAGE_MASK;
1090 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1091 d->map.nodes, d->map.sections);
1092 MemoryRegionSection subsection = {
1093 .offset_within_address_space = base,
1094 .size = int128_make64(TARGET_PAGE_SIZE),
1095 };
1096 hwaddr start, end;
1097
1098 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1099
1100 if (!(existing->mr->subpage)) {
1101 subpage = subpage_init(d->as, base);
1102 subsection.address_space = d->as;
1103 subsection.mr = &subpage->iomem;
1104 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1105 phys_section_add(&d->map, &subsection));
1106 } else {
1107 subpage = container_of(existing->mr, subpage_t, iomem);
1108 }
1109 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1110 end = start + int128_get64(section->size) - 1;
1111 subpage_register(subpage, start, end,
1112 phys_section_add(&d->map, section));
1113 }
1114
1115
1116 static void register_multipage(AddressSpaceDispatch *d,
1117 MemoryRegionSection *section)
1118 {
1119 hwaddr start_addr = section->offset_within_address_space;
1120 uint16_t section_index = phys_section_add(&d->map, section);
1121 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1122 TARGET_PAGE_BITS));
1123
1124 assert(num_pages);
1125 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1126 }
1127
1128 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1129 {
1130 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1131 AddressSpaceDispatch *d = as->next_dispatch;
1132 MemoryRegionSection now = *section, remain = *section;
1133 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1134
1135 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1136 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1137 - now.offset_within_address_space;
1138
1139 now.size = int128_min(int128_make64(left), now.size);
1140 register_subpage(d, &now);
1141 } else {
1142 now.size = int128_zero();
1143 }
1144 while (int128_ne(remain.size, now.size)) {
1145 remain.size = int128_sub(remain.size, now.size);
1146 remain.offset_within_address_space += int128_get64(now.size);
1147 remain.offset_within_region += int128_get64(now.size);
1148 now = remain;
1149 if (int128_lt(remain.size, page_size)) {
1150 register_subpage(d, &now);
1151 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1152 now.size = page_size;
1153 register_subpage(d, &now);
1154 } else {
1155 now.size = int128_and(now.size, int128_neg(page_size));
1156 register_multipage(d, &now);
1157 }
1158 }
1159 }
1160
1161 void qemu_flush_coalesced_mmio_buffer(void)
1162 {
1163 if (kvm_enabled())
1164 kvm_flush_coalesced_mmio_buffer();
1165 }
1166
1167 void qemu_mutex_lock_ramlist(void)
1168 {
1169 qemu_mutex_lock(&ram_list.mutex);
1170 }
1171
1172 void qemu_mutex_unlock_ramlist(void)
1173 {
1174 qemu_mutex_unlock(&ram_list.mutex);
1175 }
1176
1177 #ifdef __linux__
1178
1179 #include <sys/vfs.h>
1180
1181 #define HUGETLBFS_MAGIC 0x958458f6
1182
1183 static long gethugepagesize(const char *path, Error **errp)
1184 {
1185 struct statfs fs;
1186 int ret;
1187
1188 do {
1189 ret = statfs(path, &fs);
1190 } while (ret != 0 && errno == EINTR);
1191
1192 if (ret != 0) {
1193 error_setg_errno(errp, errno, "failed to get page size of file %s",
1194 path);
1195 return 0;
1196 }
1197
1198 return fs.f_bsize;
1199 }
1200
1201 static void *file_ram_alloc(RAMBlock *block,
1202 ram_addr_t memory,
1203 const char *path,
1204 Error **errp)
1205 {
1206 struct stat st;
1207 char *filename;
1208 char *sanitized_name;
1209 char *c;
1210 void *area;
1211 int fd;
1212 uint64_t hpagesize;
1213 Error *local_err = NULL;
1214
1215 hpagesize = gethugepagesize(path, &local_err);
1216 if (local_err) {
1217 error_propagate(errp, local_err);
1218 goto error;
1219 }
1220 block->mr->align = hpagesize;
1221
1222 if (memory < hpagesize) {
1223 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1224 "or larger than huge page size 0x%" PRIx64,
1225 memory, hpagesize);
1226 goto error;
1227 }
1228
1229 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1230 error_setg(errp,
1231 "host lacks kvm mmu notifiers, -mem-path unsupported");
1232 goto error;
1233 }
1234
1235 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1236 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1237 sanitized_name = g_strdup(memory_region_name(block->mr));
1238 for (c = sanitized_name; *c != '\0'; c++) {
1239 if (*c == '/') {
1240 *c = '_';
1241 }
1242 }
1243
1244 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1245 sanitized_name);
1246 g_free(sanitized_name);
1247
1248 fd = mkstemp(filename);
1249 if (fd >= 0) {
1250 unlink(filename);
1251 }
1252 g_free(filename);
1253 } else {
1254 fd = open(path, O_RDWR | O_CREAT, 0644);
1255 }
1256
1257 if (fd < 0) {
1258 error_setg_errno(errp, errno,
1259 "unable to create backing store for hugepages");
1260 goto error;
1261 }
1262
1263 memory = ROUND_UP(memory, hpagesize);
1264
1265 /*
1266 * ftruncate is not supported by hugetlbfs in older
1267 * hosts, so don't bother bailing out on errors.
1268 * If anything goes wrong with it under other filesystems,
1269 * mmap will fail.
1270 */
1271 if (ftruncate(fd, memory)) {
1272 perror("ftruncate");
1273 }
1274
1275 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
1276 if (area == MAP_FAILED) {
1277 error_setg_errno(errp, errno,
1278 "unable to map backing store for hugepages");
1279 close(fd);
1280 goto error;
1281 }
1282
1283 if (mem_prealloc) {
1284 os_mem_prealloc(fd, area, memory);
1285 }
1286
1287 block->fd = fd;
1288 return area;
1289
1290 error:
1291 return NULL;
1292 }
1293 #endif
1294
1295 /* Called with the ramlist lock held. */
1296 static ram_addr_t find_ram_offset(ram_addr_t size)
1297 {
1298 RAMBlock *block, *next_block;
1299 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1300
1301 assert(size != 0); /* it would hand out same offset multiple times */
1302
1303 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1304 return 0;
1305 }
1306
1307 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1308 ram_addr_t end, next = RAM_ADDR_MAX;
1309
1310 end = block->offset + block->max_length;
1311
1312 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1313 if (next_block->offset >= end) {
1314 next = MIN(next, next_block->offset);
1315 }
1316 }
1317 if (next - end >= size && next - end < mingap) {
1318 offset = end;
1319 mingap = next - end;
1320 }
1321 }
1322
1323 if (offset == RAM_ADDR_MAX) {
1324 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1325 (uint64_t)size);
1326 abort();
1327 }
1328
1329 return offset;
1330 }
1331
1332 ram_addr_t last_ram_offset(void)
1333 {
1334 RAMBlock *block;
1335 ram_addr_t last = 0;
1336
1337 rcu_read_lock();
1338 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1339 last = MAX(last, block->offset + block->max_length);
1340 }
1341 rcu_read_unlock();
1342 return last;
1343 }
1344
1345 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1346 {
1347 int ret;
1348
1349 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1350 if (!machine_dump_guest_core(current_machine)) {
1351 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1352 if (ret) {
1353 perror("qemu_madvise");
1354 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1355 "but dump_guest_core=off specified\n");
1356 }
1357 }
1358 }
1359
1360 /* Called within an RCU critical section, or while the ramlist lock
1361 * is held.
1362 */
1363 static RAMBlock *find_ram_block(ram_addr_t addr)
1364 {
1365 RAMBlock *block;
1366
1367 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1368 if (block->offset == addr) {
1369 return block;
1370 }
1371 }
1372
1373 return NULL;
1374 }
1375
1376 const char *qemu_ram_get_idstr(RAMBlock *rb)
1377 {
1378 return rb->idstr;
1379 }
1380
1381 /* Called with iothread lock held. */
1382 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1383 {
1384 RAMBlock *new_block, *block;
1385
1386 rcu_read_lock();
1387 new_block = find_ram_block(addr);
1388 assert(new_block);
1389 assert(!new_block->idstr[0]);
1390
1391 if (dev) {
1392 char *id = qdev_get_dev_path(dev);
1393 if (id) {
1394 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1395 g_free(id);
1396 }
1397 }
1398 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1399
1400 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1401 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1402 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1403 new_block->idstr);
1404 abort();
1405 }
1406 }
1407 rcu_read_unlock();
1408 }
1409
1410 /* Called with iothread lock held. */
1411 void qemu_ram_unset_idstr(ram_addr_t addr)
1412 {
1413 RAMBlock *block;
1414
1415 /* FIXME: arch_init.c assumes that this is not called throughout
1416 * migration. Ignore the problem since hot-unplug during migration
1417 * does not work anyway.
1418 */
1419
1420 rcu_read_lock();
1421 block = find_ram_block(addr);
1422 if (block) {
1423 memset(block->idstr, 0, sizeof(block->idstr));
1424 }
1425 rcu_read_unlock();
1426 }
1427
1428 static int memory_try_enable_merging(void *addr, size_t len)
1429 {
1430 if (!machine_mem_merge(current_machine)) {
1431 /* disabled by the user */
1432 return 0;
1433 }
1434
1435 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1436 }
1437
1438 /* Only legal before guest might have detected the memory size: e.g. on
1439 * incoming migration, or right after reset.
1440 *
1441 * As memory core doesn't know how is memory accessed, it is up to
1442 * resize callback to update device state and/or add assertions to detect
1443 * misuse, if necessary.
1444 */
1445 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1446 {
1447 RAMBlock *block = find_ram_block(base);
1448
1449 assert(block);
1450
1451 newsize = HOST_PAGE_ALIGN(newsize);
1452
1453 if (block->used_length == newsize) {
1454 return 0;
1455 }
1456
1457 if (!(block->flags & RAM_RESIZEABLE)) {
1458 error_setg_errno(errp, EINVAL,
1459 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1460 " in != 0x" RAM_ADDR_FMT, block->idstr,
1461 newsize, block->used_length);
1462 return -EINVAL;
1463 }
1464
1465 if (block->max_length < newsize) {
1466 error_setg_errno(errp, EINVAL,
1467 "Length too large: %s: 0x" RAM_ADDR_FMT
1468 " > 0x" RAM_ADDR_FMT, block->idstr,
1469 newsize, block->max_length);
1470 return -EINVAL;
1471 }
1472
1473 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1474 block->used_length = newsize;
1475 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1476 DIRTY_CLIENTS_ALL);
1477 memory_region_set_size(block->mr, newsize);
1478 if (block->resized) {
1479 block->resized(block->idstr, newsize, block->host);
1480 }
1481 return 0;
1482 }
1483
1484 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1485 {
1486 RAMBlock *block;
1487 RAMBlock *last_block = NULL;
1488 ram_addr_t old_ram_size, new_ram_size;
1489
1490 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1491
1492 qemu_mutex_lock_ramlist();
1493 new_block->offset = find_ram_offset(new_block->max_length);
1494
1495 if (!new_block->host) {
1496 if (xen_enabled()) {
1497 xen_ram_alloc(new_block->offset, new_block->max_length,
1498 new_block->mr);
1499 } else {
1500 new_block->host = phys_mem_alloc(new_block->max_length,
1501 &new_block->mr->align);
1502 if (!new_block->host) {
1503 error_setg_errno(errp, errno,
1504 "cannot set up guest memory '%s'",
1505 memory_region_name(new_block->mr));
1506 qemu_mutex_unlock_ramlist();
1507 return -1;
1508 }
1509 memory_try_enable_merging(new_block->host, new_block->max_length);
1510 }
1511 }
1512
1513 new_ram_size = MAX(old_ram_size,
1514 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1515 if (new_ram_size > old_ram_size) {
1516 migration_bitmap_extend(old_ram_size, new_ram_size);
1517 }
1518 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1519 * QLIST (which has an RCU-friendly variant) does not have insertion at
1520 * tail, so save the last element in last_block.
1521 */
1522 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1523 last_block = block;
1524 if (block->max_length < new_block->max_length) {
1525 break;
1526 }
1527 }
1528 if (block) {
1529 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1530 } else if (last_block) {
1531 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1532 } else { /* list is empty */
1533 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1534 }
1535 ram_list.mru_block = NULL;
1536
1537 /* Write list before version */
1538 smp_wmb();
1539 ram_list.version++;
1540 qemu_mutex_unlock_ramlist();
1541
1542 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1543
1544 if (new_ram_size > old_ram_size) {
1545 int i;
1546
1547 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1548 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1549 ram_list.dirty_memory[i] =
1550 bitmap_zero_extend(ram_list.dirty_memory[i],
1551 old_ram_size, new_ram_size);
1552 }
1553 }
1554 cpu_physical_memory_set_dirty_range(new_block->offset,
1555 new_block->used_length,
1556 DIRTY_CLIENTS_ALL);
1557
1558 if (new_block->host) {
1559 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1560 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1561 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1562 if (kvm_enabled()) {
1563 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1564 }
1565 }
1566
1567 return new_block->offset;
1568 }
1569
1570 #ifdef __linux__
1571 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1572 bool share, const char *mem_path,
1573 Error **errp)
1574 {
1575 RAMBlock *new_block;
1576 ram_addr_t addr;
1577 Error *local_err = NULL;
1578
1579 if (xen_enabled()) {
1580 error_setg(errp, "-mem-path not supported with Xen");
1581 return -1;
1582 }
1583
1584 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1585 /*
1586 * file_ram_alloc() needs to allocate just like
1587 * phys_mem_alloc, but we haven't bothered to provide
1588 * a hook there.
1589 */
1590 error_setg(errp,
1591 "-mem-path not supported with this accelerator");
1592 return -1;
1593 }
1594
1595 size = HOST_PAGE_ALIGN(size);
1596 new_block = g_malloc0(sizeof(*new_block));
1597 new_block->mr = mr;
1598 new_block->used_length = size;
1599 new_block->max_length = size;
1600 new_block->flags = share ? RAM_SHARED : 0;
1601 new_block->host = file_ram_alloc(new_block, size,
1602 mem_path, errp);
1603 if (!new_block->host) {
1604 g_free(new_block);
1605 return -1;
1606 }
1607
1608 addr = ram_block_add(new_block, &local_err);
1609 if (local_err) {
1610 g_free(new_block);
1611 error_propagate(errp, local_err);
1612 return -1;
1613 }
1614 return addr;
1615 }
1616 #endif
1617
1618 static
1619 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1620 void (*resized)(const char*,
1621 uint64_t length,
1622 void *host),
1623 void *host, bool resizeable,
1624 MemoryRegion *mr, Error **errp)
1625 {
1626 RAMBlock *new_block;
1627 ram_addr_t addr;
1628 Error *local_err = NULL;
1629
1630 size = HOST_PAGE_ALIGN(size);
1631 max_size = HOST_PAGE_ALIGN(max_size);
1632 new_block = g_malloc0(sizeof(*new_block));
1633 new_block->mr = mr;
1634 new_block->resized = resized;
1635 new_block->used_length = size;
1636 new_block->max_length = max_size;
1637 assert(max_size >= size);
1638 new_block->fd = -1;
1639 new_block->host = host;
1640 if (host) {
1641 new_block->flags |= RAM_PREALLOC;
1642 }
1643 if (resizeable) {
1644 new_block->flags |= RAM_RESIZEABLE;
1645 }
1646 addr = ram_block_add(new_block, &local_err);
1647 if (local_err) {
1648 g_free(new_block);
1649 error_propagate(errp, local_err);
1650 return -1;
1651 }
1652 return addr;
1653 }
1654
1655 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1656 MemoryRegion *mr, Error **errp)
1657 {
1658 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1659 }
1660
1661 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1662 {
1663 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1664 }
1665
1666 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1667 void (*resized)(const char*,
1668 uint64_t length,
1669 void *host),
1670 MemoryRegion *mr, Error **errp)
1671 {
1672 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1673 }
1674
1675 static void reclaim_ramblock(RAMBlock *block)
1676 {
1677 if (block->flags & RAM_PREALLOC) {
1678 ;
1679 } else if (xen_enabled()) {
1680 xen_invalidate_map_cache_entry(block->host);
1681 #ifndef _WIN32
1682 } else if (block->fd >= 0) {
1683 qemu_ram_munmap(block->host, block->max_length);
1684 close(block->fd);
1685 #endif
1686 } else {
1687 qemu_anon_ram_free(block->host, block->max_length);
1688 }
1689 g_free(block);
1690 }
1691
1692 void qemu_ram_free(ram_addr_t addr)
1693 {
1694 RAMBlock *block;
1695
1696 qemu_mutex_lock_ramlist();
1697 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1698 if (addr == block->offset) {
1699 QLIST_REMOVE_RCU(block, next);
1700 ram_list.mru_block = NULL;
1701 /* Write list before version */
1702 smp_wmb();
1703 ram_list.version++;
1704 call_rcu(block, reclaim_ramblock, rcu);
1705 break;
1706 }
1707 }
1708 qemu_mutex_unlock_ramlist();
1709 }
1710
1711 #ifndef _WIN32
1712 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1713 {
1714 RAMBlock *block;
1715 ram_addr_t offset;
1716 int flags;
1717 void *area, *vaddr;
1718
1719 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1720 offset = addr - block->offset;
1721 if (offset < block->max_length) {
1722 vaddr = ramblock_ptr(block, offset);
1723 if (block->flags & RAM_PREALLOC) {
1724 ;
1725 } else if (xen_enabled()) {
1726 abort();
1727 } else {
1728 flags = MAP_FIXED;
1729 if (block->fd >= 0) {
1730 flags |= (block->flags & RAM_SHARED ?
1731 MAP_SHARED : MAP_PRIVATE);
1732 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1733 flags, block->fd, offset);
1734 } else {
1735 /*
1736 * Remap needs to match alloc. Accelerators that
1737 * set phys_mem_alloc never remap. If they did,
1738 * we'd need a remap hook here.
1739 */
1740 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1741
1742 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1743 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1744 flags, -1, 0);
1745 }
1746 if (area != vaddr) {
1747 fprintf(stderr, "Could not remap addr: "
1748 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1749 length, addr);
1750 exit(1);
1751 }
1752 memory_try_enable_merging(vaddr, length);
1753 qemu_ram_setup_dump(vaddr, length);
1754 }
1755 }
1756 }
1757 }
1758 #endif /* !_WIN32 */
1759
1760 int qemu_get_ram_fd(ram_addr_t addr)
1761 {
1762 RAMBlock *block;
1763 int fd;
1764
1765 rcu_read_lock();
1766 block = qemu_get_ram_block(addr);
1767 fd = block->fd;
1768 rcu_read_unlock();
1769 return fd;
1770 }
1771
1772 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1773 {
1774 RAMBlock *block;
1775 void *ptr;
1776
1777 rcu_read_lock();
1778 block = qemu_get_ram_block(addr);
1779 ptr = ramblock_ptr(block, 0);
1780 rcu_read_unlock();
1781 return ptr;
1782 }
1783
1784 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1785 * This should not be used for general purpose DMA. Use address_space_map
1786 * or address_space_rw instead. For local memory (e.g. video ram) that the
1787 * device owns, use memory_region_get_ram_ptr.
1788 *
1789 * Called within RCU critical section.
1790 */
1791 void *qemu_get_ram_ptr(ram_addr_t addr)
1792 {
1793 RAMBlock *block = qemu_get_ram_block(addr);
1794
1795 if (xen_enabled() && block->host == NULL) {
1796 /* We need to check if the requested address is in the RAM
1797 * because we don't want to map the entire memory in QEMU.
1798 * In that case just map until the end of the page.
1799 */
1800 if (block->offset == 0) {
1801 return xen_map_cache(addr, 0, 0);
1802 }
1803
1804 block->host = xen_map_cache(block->offset, block->max_length, 1);
1805 }
1806 return ramblock_ptr(block, addr - block->offset);
1807 }
1808
1809 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1810 * but takes a size argument.
1811 *
1812 * Called within RCU critical section.
1813 */
1814 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1815 {
1816 RAMBlock *block;
1817 ram_addr_t offset_inside_block;
1818 if (*size == 0) {
1819 return NULL;
1820 }
1821
1822 block = qemu_get_ram_block(addr);
1823 offset_inside_block = addr - block->offset;
1824 *size = MIN(*size, block->max_length - offset_inside_block);
1825
1826 if (xen_enabled() && block->host == NULL) {
1827 /* We need to check if the requested address is in the RAM
1828 * because we don't want to map the entire memory in QEMU.
1829 * In that case just map the requested area.
1830 */
1831 if (block->offset == 0) {
1832 return xen_map_cache(addr, *size, 1);
1833 }
1834
1835 block->host = xen_map_cache(block->offset, block->max_length, 1);
1836 }
1837
1838 return ramblock_ptr(block, offset_inside_block);
1839 }
1840
1841 /*
1842 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1843 * in that RAMBlock.
1844 *
1845 * ptr: Host pointer to look up
1846 * round_offset: If true round the result offset down to a page boundary
1847 * *ram_addr: set to result ram_addr
1848 * *offset: set to result offset within the RAMBlock
1849 *
1850 * Returns: RAMBlock (or NULL if not found)
1851 *
1852 * By the time this function returns, the returned pointer is not protected
1853 * by RCU anymore. If the caller is not within an RCU critical section and
1854 * does not hold the iothread lock, it must have other means of protecting the
1855 * pointer, such as a reference to the region that includes the incoming
1856 * ram_addr_t.
1857 */
1858 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1859 ram_addr_t *ram_addr,
1860 ram_addr_t *offset)
1861 {
1862 RAMBlock *block;
1863 uint8_t *host = ptr;
1864
1865 if (xen_enabled()) {
1866 rcu_read_lock();
1867 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1868 block = qemu_get_ram_block(*ram_addr);
1869 if (block) {
1870 *offset = (host - block->host);
1871 }
1872 rcu_read_unlock();
1873 return block;
1874 }
1875
1876 rcu_read_lock();
1877 block = atomic_rcu_read(&ram_list.mru_block);
1878 if (block && block->host && host - block->host < block->max_length) {
1879 goto found;
1880 }
1881
1882 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1883 /* This case append when the block is not mapped. */
1884 if (block->host == NULL) {
1885 continue;
1886 }
1887 if (host - block->host < block->max_length) {
1888 goto found;
1889 }
1890 }
1891
1892 rcu_read_unlock();
1893 return NULL;
1894
1895 found:
1896 *offset = (host - block->host);
1897 if (round_offset) {
1898 *offset &= TARGET_PAGE_MASK;
1899 }
1900 *ram_addr = block->offset + *offset;
1901 rcu_read_unlock();
1902 return block;
1903 }
1904
1905 /*
1906 * Finds the named RAMBlock
1907 *
1908 * name: The name of RAMBlock to find
1909 *
1910 * Returns: RAMBlock (or NULL if not found)
1911 */
1912 RAMBlock *qemu_ram_block_by_name(const char *name)
1913 {
1914 RAMBlock *block;
1915
1916 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1917 if (!strcmp(name, block->idstr)) {
1918 return block;
1919 }
1920 }
1921
1922 return NULL;
1923 }
1924
1925 /* Some of the softmmu routines need to translate from a host pointer
1926 (typically a TLB entry) back to a ram offset. */
1927 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1928 {
1929 RAMBlock *block;
1930 ram_addr_t offset; /* Not used */
1931
1932 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
1933
1934 if (!block) {
1935 return NULL;
1936 }
1937
1938 return block->mr;
1939 }
1940
1941 /* Called within RCU critical section. */
1942 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1943 uint64_t val, unsigned size)
1944 {
1945 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1946 tb_invalidate_phys_page_fast(ram_addr, size);
1947 }
1948 switch (size) {
1949 case 1:
1950 stb_p(qemu_get_ram_ptr(ram_addr), val);
1951 break;
1952 case 2:
1953 stw_p(qemu_get_ram_ptr(ram_addr), val);
1954 break;
1955 case 4:
1956 stl_p(qemu_get_ram_ptr(ram_addr), val);
1957 break;
1958 default:
1959 abort();
1960 }
1961 /* Set both VGA and migration bits for simplicity and to remove
1962 * the notdirty callback faster.
1963 */
1964 cpu_physical_memory_set_dirty_range(ram_addr, size,
1965 DIRTY_CLIENTS_NOCODE);
1966 /* we remove the notdirty callback only if the code has been
1967 flushed */
1968 if (!cpu_physical_memory_is_clean(ram_addr)) {
1969 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1970 }
1971 }
1972
1973 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1974 unsigned size, bool is_write)
1975 {
1976 return is_write;
1977 }
1978
1979 static const MemoryRegionOps notdirty_mem_ops = {
1980 .write = notdirty_mem_write,
1981 .valid.accepts = notdirty_mem_accepts,
1982 .endianness = DEVICE_NATIVE_ENDIAN,
1983 };
1984
1985 /* Generate a debug exception if a watchpoint has been hit. */
1986 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1987 {
1988 CPUState *cpu = current_cpu;
1989 CPUArchState *env = cpu->env_ptr;
1990 target_ulong pc, cs_base;
1991 target_ulong vaddr;
1992 CPUWatchpoint *wp;
1993 int cpu_flags;
1994
1995 if (cpu->watchpoint_hit) {
1996 /* We re-entered the check after replacing the TB. Now raise
1997 * the debug interrupt so that is will trigger after the
1998 * current instruction. */
1999 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2000 return;
2001 }
2002 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2003 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2004 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2005 && (wp->flags & flags)) {
2006 if (flags == BP_MEM_READ) {
2007 wp->flags |= BP_WATCHPOINT_HIT_READ;
2008 } else {
2009 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2010 }
2011 wp->hitaddr = vaddr;
2012 wp->hitattrs = attrs;
2013 if (!cpu->watchpoint_hit) {
2014 cpu->watchpoint_hit = wp;
2015 tb_check_watchpoint(cpu);
2016 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2017 cpu->exception_index = EXCP_DEBUG;
2018 cpu_loop_exit(cpu);
2019 } else {
2020 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2021 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2022 cpu_resume_from_signal(cpu, NULL);
2023 }
2024 }
2025 } else {
2026 wp->flags &= ~BP_WATCHPOINT_HIT;
2027 }
2028 }
2029 }
2030
2031 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2032 so these check for a hit then pass through to the normal out-of-line
2033 phys routines. */
2034 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2035 unsigned size, MemTxAttrs attrs)
2036 {
2037 MemTxResult res;
2038 uint64_t data;
2039
2040 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2041 switch (size) {
2042 case 1:
2043 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2044 break;
2045 case 2:
2046 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2047 break;
2048 case 4:
2049 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2050 break;
2051 default: abort();
2052 }
2053 *pdata = data;
2054 return res;
2055 }
2056
2057 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2058 uint64_t val, unsigned size,
2059 MemTxAttrs attrs)
2060 {
2061 MemTxResult res;
2062
2063 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2064 switch (size) {
2065 case 1:
2066 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2067 break;
2068 case 2:
2069 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2070 break;
2071 case 4:
2072 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2073 break;
2074 default: abort();
2075 }
2076 return res;
2077 }
2078
2079 static const MemoryRegionOps watch_mem_ops = {
2080 .read_with_attrs = watch_mem_read,
2081 .write_with_attrs = watch_mem_write,
2082 .endianness = DEVICE_NATIVE_ENDIAN,
2083 };
2084
2085 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2086 unsigned len, MemTxAttrs attrs)
2087 {
2088 subpage_t *subpage = opaque;
2089 uint8_t buf[8];
2090 MemTxResult res;
2091
2092 #if defined(DEBUG_SUBPAGE)
2093 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2094 subpage, len, addr);
2095 #endif
2096 res = address_space_read(subpage->as, addr + subpage->base,
2097 attrs, buf, len);
2098 if (res) {
2099 return res;
2100 }
2101 switch (len) {
2102 case 1:
2103 *data = ldub_p(buf);
2104 return MEMTX_OK;
2105 case 2:
2106 *data = lduw_p(buf);
2107 return MEMTX_OK;
2108 case 4:
2109 *data = ldl_p(buf);
2110 return MEMTX_OK;
2111 case 8:
2112 *data = ldq_p(buf);
2113 return MEMTX_OK;
2114 default:
2115 abort();
2116 }
2117 }
2118
2119 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2120 uint64_t value, unsigned len, MemTxAttrs attrs)
2121 {
2122 subpage_t *subpage = opaque;
2123 uint8_t buf[8];
2124
2125 #if defined(DEBUG_SUBPAGE)
2126 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2127 " value %"PRIx64"\n",
2128 __func__, subpage, len, addr, value);
2129 #endif
2130 switch (len) {
2131 case 1:
2132 stb_p(buf, value);
2133 break;
2134 case 2:
2135 stw_p(buf, value);
2136 break;
2137 case 4:
2138 stl_p(buf, value);
2139 break;
2140 case 8:
2141 stq_p(buf, value);
2142 break;
2143 default:
2144 abort();
2145 }
2146 return address_space_write(subpage->as, addr + subpage->base,
2147 attrs, buf, len);
2148 }
2149
2150 static bool subpage_accepts(void *opaque, hwaddr addr,
2151 unsigned len, bool is_write)
2152 {
2153 subpage_t *subpage = opaque;
2154 #if defined(DEBUG_SUBPAGE)
2155 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2156 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2157 #endif
2158
2159 return address_space_access_valid(subpage->as, addr + subpage->base,
2160 len, is_write);
2161 }
2162
2163 static const MemoryRegionOps subpage_ops = {
2164 .read_with_attrs = subpage_read,
2165 .write_with_attrs = subpage_write,
2166 .impl.min_access_size = 1,
2167 .impl.max_access_size = 8,
2168 .valid.min_access_size = 1,
2169 .valid.max_access_size = 8,
2170 .valid.accepts = subpage_accepts,
2171 .endianness = DEVICE_NATIVE_ENDIAN,
2172 };
2173
2174 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2175 uint16_t section)
2176 {
2177 int idx, eidx;
2178
2179 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2180 return -1;
2181 idx = SUBPAGE_IDX(start);
2182 eidx = SUBPAGE_IDX(end);
2183 #if defined(DEBUG_SUBPAGE)
2184 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2185 __func__, mmio, start, end, idx, eidx, section);
2186 #endif
2187 for (; idx <= eidx; idx++) {
2188 mmio->sub_section[idx] = section;
2189 }
2190
2191 return 0;
2192 }
2193
2194 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2195 {
2196 subpage_t *mmio;
2197
2198 mmio = g_malloc0(sizeof(subpage_t));
2199
2200 mmio->as = as;
2201 mmio->base = base;
2202 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2203 NULL, TARGET_PAGE_SIZE);
2204 mmio->iomem.subpage = true;
2205 #if defined(DEBUG_SUBPAGE)
2206 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2207 mmio, base, TARGET_PAGE_SIZE);
2208 #endif
2209 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2210
2211 return mmio;
2212 }
2213
2214 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2215 MemoryRegion *mr)
2216 {
2217 assert(as);
2218 MemoryRegionSection section = {
2219 .address_space = as,
2220 .mr = mr,
2221 .offset_within_address_space = 0,
2222 .offset_within_region = 0,
2223 .size = int128_2_64(),
2224 };
2225
2226 return phys_section_add(map, &section);
2227 }
2228
2229 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2230 {
2231 CPUAddressSpace *cpuas = &cpu->cpu_ases[0];
2232 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2233 MemoryRegionSection *sections = d->map.sections;
2234
2235 return sections[index & ~TARGET_PAGE_MASK].mr;
2236 }
2237
2238 static void io_mem_init(void)
2239 {
2240 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2241 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2242 NULL, UINT64_MAX);
2243 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2244 NULL, UINT64_MAX);
2245 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2246 NULL, UINT64_MAX);
2247 }
2248
2249 static void mem_begin(MemoryListener *listener)
2250 {
2251 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2252 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2253 uint16_t n;
2254
2255 n = dummy_section(&d->map, as, &io_mem_unassigned);
2256 assert(n == PHYS_SECTION_UNASSIGNED);
2257 n = dummy_section(&d->map, as, &io_mem_notdirty);
2258 assert(n == PHYS_SECTION_NOTDIRTY);
2259 n = dummy_section(&d->map, as, &io_mem_rom);
2260 assert(n == PHYS_SECTION_ROM);
2261 n = dummy_section(&d->map, as, &io_mem_watch);
2262 assert(n == PHYS_SECTION_WATCH);
2263
2264 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2265 d->as = as;
2266 as->next_dispatch = d;
2267 }
2268
2269 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2270 {
2271 phys_sections_free(&d->map);
2272 g_free(d);
2273 }
2274
2275 static void mem_commit(MemoryListener *listener)
2276 {
2277 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2278 AddressSpaceDispatch *cur = as->dispatch;
2279 AddressSpaceDispatch *next = as->next_dispatch;
2280
2281 phys_page_compact_all(next, next->map.nodes_nb);
2282
2283 atomic_rcu_set(&as->dispatch, next);
2284 if (cur) {
2285 call_rcu(cur, address_space_dispatch_free, rcu);
2286 }
2287 }
2288
2289 static void tcg_commit(MemoryListener *listener)
2290 {
2291 CPUAddressSpace *cpuas;
2292 AddressSpaceDispatch *d;
2293
2294 /* since each CPU stores ram addresses in its TLB cache, we must
2295 reset the modified entries */
2296 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2297 cpu_reloading_memory_map();
2298 /* The CPU and TLB are protected by the iothread lock.
2299 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2300 * may have split the RCU critical section.
2301 */
2302 d = atomic_rcu_read(&cpuas->as->dispatch);
2303 cpuas->memory_dispatch = d;
2304 tlb_flush(cpuas->cpu, 1);
2305 }
2306
2307 void address_space_init_dispatch(AddressSpace *as)
2308 {
2309 as->dispatch = NULL;
2310 as->dispatch_listener = (MemoryListener) {
2311 .begin = mem_begin,
2312 .commit = mem_commit,
2313 .region_add = mem_add,
2314 .region_nop = mem_add,
2315 .priority = 0,
2316 };
2317 memory_listener_register(&as->dispatch_listener, as);
2318 }
2319
2320 void address_space_unregister(AddressSpace *as)
2321 {
2322 memory_listener_unregister(&as->dispatch_listener);
2323 }
2324
2325 void address_space_destroy_dispatch(AddressSpace *as)
2326 {
2327 AddressSpaceDispatch *d = as->dispatch;
2328
2329 atomic_rcu_set(&as->dispatch, NULL);
2330 if (d) {
2331 call_rcu(d, address_space_dispatch_free, rcu);
2332 }
2333 }
2334
2335 static void memory_map_init(void)
2336 {
2337 system_memory = g_malloc(sizeof(*system_memory));
2338
2339 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2340 address_space_init(&address_space_memory, system_memory, "memory");
2341
2342 system_io = g_malloc(sizeof(*system_io));
2343 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2344 65536);
2345 address_space_init(&address_space_io, system_io, "I/O");
2346 }
2347
2348 MemoryRegion *get_system_memory(void)
2349 {
2350 return system_memory;
2351 }
2352
2353 MemoryRegion *get_system_io(void)
2354 {
2355 return system_io;
2356 }
2357
2358 #endif /* !defined(CONFIG_USER_ONLY) */
2359
2360 /* physical memory access (slow version, mainly for debug) */
2361 #if defined(CONFIG_USER_ONLY)
2362 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2363 uint8_t *buf, int len, int is_write)
2364 {
2365 int l, flags;
2366 target_ulong page;
2367 void * p;
2368
2369 while (len > 0) {
2370 page = addr & TARGET_PAGE_MASK;
2371 l = (page + TARGET_PAGE_SIZE) - addr;
2372 if (l > len)
2373 l = len;
2374 flags = page_get_flags(page);
2375 if (!(flags & PAGE_VALID))
2376 return -1;
2377 if (is_write) {
2378 if (!(flags & PAGE_WRITE))
2379 return -1;
2380 /* XXX: this code should not depend on lock_user */
2381 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2382 return -1;
2383 memcpy(p, buf, l);
2384 unlock_user(p, addr, l);
2385 } else {
2386 if (!(flags & PAGE_READ))
2387 return -1;
2388 /* XXX: this code should not depend on lock_user */
2389 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2390 return -1;
2391 memcpy(buf, p, l);
2392 unlock_user(p, addr, 0);
2393 }
2394 len -= l;
2395 buf += l;
2396 addr += l;
2397 }
2398 return 0;
2399 }
2400
2401 #else
2402
2403 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2404 hwaddr length)
2405 {
2406 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2407 /* No early return if dirty_log_mask is or becomes 0, because
2408 * cpu_physical_memory_set_dirty_range will still call
2409 * xen_modified_memory.
2410 */
2411 if (dirty_log_mask) {
2412 dirty_log_mask =
2413 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2414 }
2415 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2416 tb_invalidate_phys_range(addr, addr + length);
2417 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2418 }
2419 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2420 }
2421
2422 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2423 {
2424 unsigned access_size_max = mr->ops->valid.max_access_size;
2425
2426 /* Regions are assumed to support 1-4 byte accesses unless
2427 otherwise specified. */
2428 if (access_size_max == 0) {
2429 access_size_max = 4;
2430 }
2431
2432 /* Bound the maximum access by the alignment of the address. */
2433 if (!mr->ops->impl.unaligned) {
2434 unsigned align_size_max = addr & -addr;
2435 if (align_size_max != 0 && align_size_max < access_size_max) {
2436 access_size_max = align_size_max;
2437 }
2438 }
2439
2440 /* Don't attempt accesses larger than the maximum. */
2441 if (l > access_size_max) {
2442 l = access_size_max;
2443 }
2444 l = pow2floor(l);
2445
2446 return l;
2447 }
2448
2449 static bool prepare_mmio_access(MemoryRegion *mr)
2450 {
2451 bool unlocked = !qemu_mutex_iothread_locked();
2452 bool release_lock = false;
2453
2454 if (unlocked && mr->global_locking) {
2455 qemu_mutex_lock_iothread();
2456 unlocked = false;
2457 release_lock = true;
2458 }
2459 if (mr->flush_coalesced_mmio) {
2460 if (unlocked) {
2461 qemu_mutex_lock_iothread();
2462 }
2463 qemu_flush_coalesced_mmio_buffer();
2464 if (unlocked) {
2465 qemu_mutex_unlock_iothread();
2466 }
2467 }
2468
2469 return release_lock;
2470 }
2471
2472 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2473 uint8_t *buf, int len, bool is_write)
2474 {
2475 hwaddr l;
2476 uint8_t *ptr;
2477 uint64_t val;
2478 hwaddr addr1;
2479 MemoryRegion *mr;
2480 MemTxResult result = MEMTX_OK;
2481 bool release_lock = false;
2482
2483 rcu_read_lock();
2484 while (len > 0) {
2485 l = len;
2486 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2487
2488 if (is_write) {
2489 if (!memory_access_is_direct(mr, is_write)) {
2490 release_lock |= prepare_mmio_access(mr);
2491 l = memory_access_size(mr, l, addr1);
2492 /* XXX: could force current_cpu to NULL to avoid
2493 potential bugs */
2494 switch (l) {
2495 case 8:
2496 /* 64 bit write access */
2497 val = ldq_p(buf);
2498 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2499 attrs);
2500 break;
2501 case 4:
2502 /* 32 bit write access */
2503 val = ldl_p(buf);
2504 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2505 attrs);
2506 break;
2507 case 2:
2508 /* 16 bit write access */
2509 val = lduw_p(buf);
2510 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2511 attrs);
2512 break;
2513 case 1:
2514 /* 8 bit write access */
2515 val = ldub_p(buf);
2516 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2517 attrs);
2518 break;
2519 default:
2520 abort();
2521 }
2522 } else {
2523 addr1 += memory_region_get_ram_addr(mr);
2524 /* RAM case */
2525 ptr = qemu_get_ram_ptr(addr1);
2526 memcpy(ptr, buf, l);
2527 invalidate_and_set_dirty(mr, addr1, l);
2528 }
2529 } else {
2530 if (!memory_access_is_direct(mr, is_write)) {
2531 /* I/O case */
2532 release_lock |= prepare_mmio_access(mr);
2533 l = memory_access_size(mr, l, addr1);
2534 switch (l) {
2535 case 8:
2536 /* 64 bit read access */
2537 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2538 attrs);
2539 stq_p(buf, val);
2540 break;
2541 case 4:
2542 /* 32 bit read access */
2543 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2544 attrs);
2545 stl_p(buf, val);
2546 break;
2547 case 2:
2548 /* 16 bit read access */
2549 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2550 attrs);
2551 stw_p(buf, val);
2552 break;
2553 case 1:
2554 /* 8 bit read access */
2555 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2556 attrs);
2557 stb_p(buf, val);
2558 break;
2559 default:
2560 abort();
2561 }
2562 } else {
2563 /* RAM case */
2564 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2565 memcpy(buf, ptr, l);
2566 }
2567 }
2568
2569 if (release_lock) {
2570 qemu_mutex_unlock_iothread();
2571 release_lock = false;
2572 }
2573
2574 len -= l;
2575 buf += l;
2576 addr += l;
2577 }
2578 rcu_read_unlock();
2579
2580 return result;
2581 }
2582
2583 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2584 const uint8_t *buf, int len)
2585 {
2586 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2587 }
2588
2589 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2590 uint8_t *buf, int len)
2591 {
2592 return address_space_rw(as, addr, attrs, buf, len, false);
2593 }
2594
2595
2596 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2597 int len, int is_write)
2598 {
2599 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2600 buf, len, is_write);
2601 }
2602
2603 enum write_rom_type {
2604 WRITE_DATA,
2605 FLUSH_CACHE,
2606 };
2607
2608 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2609 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2610 {
2611 hwaddr l;
2612 uint8_t *ptr;
2613 hwaddr addr1;
2614 MemoryRegion *mr;
2615
2616 rcu_read_lock();
2617 while (len > 0) {
2618 l = len;
2619 mr = address_space_translate(as, addr, &addr1, &l, true);
2620
2621 if (!(memory_region_is_ram(mr) ||
2622 memory_region_is_romd(mr))) {
2623 l = memory_access_size(mr, l, addr1);
2624 } else {
2625 addr1 += memory_region_get_ram_addr(mr);
2626 /* ROM/RAM case */
2627 ptr = qemu_get_ram_ptr(addr1);
2628 switch (type) {
2629 case WRITE_DATA:
2630 memcpy(ptr, buf, l);
2631 invalidate_and_set_dirty(mr, addr1, l);
2632 break;
2633 case FLUSH_CACHE:
2634 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2635 break;
2636 }
2637 }
2638 len -= l;
2639 buf += l;
2640 addr += l;
2641 }
2642 rcu_read_unlock();
2643 }
2644
2645 /* used for ROM loading : can write in RAM and ROM */
2646 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2647 const uint8_t *buf, int len)
2648 {
2649 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2650 }
2651
2652 void cpu_flush_icache_range(hwaddr start, int len)
2653 {
2654 /*
2655 * This function should do the same thing as an icache flush that was
2656 * triggered from within the guest. For TCG we are always cache coherent,
2657 * so there is no need to flush anything. For KVM / Xen we need to flush
2658 * the host's instruction cache at least.
2659 */
2660 if (tcg_enabled()) {
2661 return;
2662 }
2663
2664 cpu_physical_memory_write_rom_internal(&address_space_memory,
2665 start, NULL, len, FLUSH_CACHE);
2666 }
2667
2668 typedef struct {
2669 MemoryRegion *mr;
2670 void *buffer;
2671 hwaddr addr;
2672 hwaddr len;
2673 bool in_use;
2674 } BounceBuffer;
2675
2676 static BounceBuffer bounce;
2677
2678 typedef struct MapClient {
2679 QEMUBH *bh;
2680 QLIST_ENTRY(MapClient) link;
2681 } MapClient;
2682
2683 QemuMutex map_client_list_lock;
2684 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2685 = QLIST_HEAD_INITIALIZER(map_client_list);
2686
2687 static void cpu_unregister_map_client_do(MapClient *client)
2688 {
2689 QLIST_REMOVE(client, link);
2690 g_free(client);
2691 }
2692
2693 static void cpu_notify_map_clients_locked(void)
2694 {
2695 MapClient *client;
2696
2697 while (!QLIST_EMPTY(&map_client_list)) {
2698 client = QLIST_FIRST(&map_client_list);
2699 qemu_bh_schedule(client->bh);
2700 cpu_unregister_map_client_do(client);
2701 }
2702 }
2703
2704 void cpu_register_map_client(QEMUBH *bh)
2705 {
2706 MapClient *client = g_malloc(sizeof(*client));
2707
2708 qemu_mutex_lock(&map_client_list_lock);
2709 client->bh = bh;
2710 QLIST_INSERT_HEAD(&map_client_list, client, link);
2711 if (!atomic_read(&bounce.in_use)) {
2712 cpu_notify_map_clients_locked();
2713 }
2714 qemu_mutex_unlock(&map_client_list_lock);
2715 }
2716
2717 void cpu_exec_init_all(void)
2718 {
2719 qemu_mutex_init(&ram_list.mutex);
2720 io_mem_init();
2721 memory_map_init();
2722 qemu_mutex_init(&map_client_list_lock);
2723 }
2724
2725 void cpu_unregister_map_client(QEMUBH *bh)
2726 {
2727 MapClient *client;
2728
2729 qemu_mutex_lock(&map_client_list_lock);
2730 QLIST_FOREACH(client, &map_client_list, link) {
2731 if (client->bh == bh) {
2732 cpu_unregister_map_client_do(client);
2733 break;
2734 }
2735 }
2736 qemu_mutex_unlock(&map_client_list_lock);
2737 }
2738
2739 static void cpu_notify_map_clients(void)
2740 {
2741 qemu_mutex_lock(&map_client_list_lock);
2742 cpu_notify_map_clients_locked();
2743 qemu_mutex_unlock(&map_client_list_lock);
2744 }
2745
2746 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2747 {
2748 MemoryRegion *mr;
2749 hwaddr l, xlat;
2750
2751 rcu_read_lock();
2752 while (len > 0) {
2753 l = len;
2754 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2755 if (!memory_access_is_direct(mr, is_write)) {
2756 l = memory_access_size(mr, l, addr);
2757 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2758 return false;
2759 }
2760 }
2761
2762 len -= l;
2763 addr += l;
2764 }
2765 rcu_read_unlock();
2766 return true;
2767 }
2768
2769 /* Map a physical memory region into a host virtual address.
2770 * May map a subset of the requested range, given by and returned in *plen.
2771 * May return NULL if resources needed to perform the mapping are exhausted.
2772 * Use only for reads OR writes - not for read-modify-write operations.
2773 * Use cpu_register_map_client() to know when retrying the map operation is
2774 * likely to succeed.
2775 */
2776 void *address_space_map(AddressSpace *as,
2777 hwaddr addr,
2778 hwaddr *plen,
2779 bool is_write)
2780 {
2781 hwaddr len = *plen;
2782 hwaddr done = 0;
2783 hwaddr l, xlat, base;
2784 MemoryRegion *mr, *this_mr;
2785 ram_addr_t raddr;
2786 void *ptr;
2787
2788 if (len == 0) {
2789 return NULL;
2790 }
2791
2792 l = len;
2793 rcu_read_lock();
2794 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2795
2796 if (!memory_access_is_direct(mr, is_write)) {
2797 if (atomic_xchg(&bounce.in_use, true)) {
2798 rcu_read_unlock();
2799 return NULL;
2800 }
2801 /* Avoid unbounded allocations */
2802 l = MIN(l, TARGET_PAGE_SIZE);
2803 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2804 bounce.addr = addr;
2805 bounce.len = l;
2806
2807 memory_region_ref(mr);
2808 bounce.mr = mr;
2809 if (!is_write) {
2810 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2811 bounce.buffer, l);
2812 }
2813
2814 rcu_read_unlock();
2815 *plen = l;
2816 return bounce.buffer;
2817 }
2818
2819 base = xlat;
2820 raddr = memory_region_get_ram_addr(mr);
2821
2822 for (;;) {
2823 len -= l;
2824 addr += l;
2825 done += l;
2826 if (len == 0) {
2827 break;
2828 }
2829
2830 l = len;
2831 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2832 if (this_mr != mr || xlat != base + done) {
2833 break;
2834 }
2835 }
2836
2837 memory_region_ref(mr);
2838 *plen = done;
2839 ptr = qemu_ram_ptr_length(raddr + base, plen);
2840 rcu_read_unlock();
2841
2842 return ptr;
2843 }
2844
2845 /* Unmaps a memory region previously mapped by address_space_map().
2846 * Will also mark the memory as dirty if is_write == 1. access_len gives
2847 * the amount of memory that was actually read or written by the caller.
2848 */
2849 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2850 int is_write, hwaddr access_len)
2851 {
2852 if (buffer != bounce.buffer) {
2853 MemoryRegion *mr;
2854 ram_addr_t addr1;
2855
2856 mr = qemu_ram_addr_from_host(buffer, &addr1);
2857 assert(mr != NULL);
2858 if (is_write) {
2859 invalidate_and_set_dirty(mr, addr1, access_len);
2860 }
2861 if (xen_enabled()) {
2862 xen_invalidate_map_cache_entry(buffer);
2863 }
2864 memory_region_unref(mr);
2865 return;
2866 }
2867 if (is_write) {
2868 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2869 bounce.buffer, access_len);
2870 }
2871 qemu_vfree(bounce.buffer);
2872 bounce.buffer = NULL;
2873 memory_region_unref(bounce.mr);
2874 atomic_mb_set(&bounce.in_use, false);
2875 cpu_notify_map_clients();
2876 }
2877
2878 void *cpu_physical_memory_map(hwaddr addr,
2879 hwaddr *plen,
2880 int is_write)
2881 {
2882 return address_space_map(&address_space_memory, addr, plen, is_write);
2883 }
2884
2885 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2886 int is_write, hwaddr access_len)
2887 {
2888 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2889 }
2890
2891 /* warning: addr must be aligned */
2892 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2893 MemTxAttrs attrs,
2894 MemTxResult *result,
2895 enum device_endian endian)
2896 {
2897 uint8_t *ptr;
2898 uint64_t val;
2899 MemoryRegion *mr;
2900 hwaddr l = 4;
2901 hwaddr addr1;
2902 MemTxResult r;
2903 bool release_lock = false;
2904
2905 rcu_read_lock();
2906 mr = address_space_translate(as, addr, &addr1, &l, false);
2907 if (l < 4 || !memory_access_is_direct(mr, false)) {
2908 release_lock |= prepare_mmio_access(mr);
2909
2910 /* I/O case */
2911 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2912 #if defined(TARGET_WORDS_BIGENDIAN)
2913 if (endian == DEVICE_LITTLE_ENDIAN) {
2914 val = bswap32(val);
2915 }
2916 #else
2917 if (endian == DEVICE_BIG_ENDIAN) {
2918 val = bswap32(val);
2919 }
2920 #endif
2921 } else {
2922 /* RAM case */
2923 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2924 & TARGET_PAGE_MASK)
2925 + addr1);
2926 switch (endian) {
2927 case DEVICE_LITTLE_ENDIAN:
2928 val = ldl_le_p(ptr);
2929 break;
2930 case DEVICE_BIG_ENDIAN:
2931 val = ldl_be_p(ptr);
2932 break;
2933 default:
2934 val = ldl_p(ptr);
2935 break;
2936 }
2937 r = MEMTX_OK;
2938 }
2939 if (result) {
2940 *result = r;
2941 }
2942 if (release_lock) {
2943 qemu_mutex_unlock_iothread();
2944 }
2945 rcu_read_unlock();
2946 return val;
2947 }
2948
2949 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2950 MemTxAttrs attrs, MemTxResult *result)
2951 {
2952 return address_space_ldl_internal(as, addr, attrs, result,
2953 DEVICE_NATIVE_ENDIAN);
2954 }
2955
2956 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2957 MemTxAttrs attrs, MemTxResult *result)
2958 {
2959 return address_space_ldl_internal(as, addr, attrs, result,
2960 DEVICE_LITTLE_ENDIAN);
2961 }
2962
2963 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2964 MemTxAttrs attrs, MemTxResult *result)
2965 {
2966 return address_space_ldl_internal(as, addr, attrs, result,
2967 DEVICE_BIG_ENDIAN);
2968 }
2969
2970 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2971 {
2972 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2973 }
2974
2975 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2976 {
2977 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2978 }
2979
2980 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2981 {
2982 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2983 }
2984
2985 /* warning: addr must be aligned */
2986 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2987 MemTxAttrs attrs,
2988 MemTxResult *result,
2989 enum device_endian endian)
2990 {
2991 uint8_t *ptr;
2992 uint64_t val;
2993 MemoryRegion *mr;
2994 hwaddr l = 8;
2995 hwaddr addr1;
2996 MemTxResult r;
2997 bool release_lock = false;
2998
2999 rcu_read_lock();
3000 mr = address_space_translate(as, addr, &addr1, &l,
3001 false);
3002 if (l < 8 || !memory_access_is_direct(mr, false)) {
3003 release_lock |= prepare_mmio_access(mr);
3004
3005 /* I/O case */
3006 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3007 #if defined(TARGET_WORDS_BIGENDIAN)
3008 if (endian == DEVICE_LITTLE_ENDIAN) {
3009 val = bswap64(val);
3010 }
3011 #else
3012 if (endian == DEVICE_BIG_ENDIAN) {
3013 val = bswap64(val);
3014 }
3015 #endif
3016 } else {
3017 /* RAM case */
3018 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3019 & TARGET_PAGE_MASK)
3020 + addr1);
3021 switch (endian) {
3022 case DEVICE_LITTLE_ENDIAN:
3023 val = ldq_le_p(ptr);
3024 break;
3025 case DEVICE_BIG_ENDIAN:
3026 val = ldq_be_p(ptr);
3027 break;
3028 default:
3029 val = ldq_p(ptr);
3030 break;
3031 }
3032 r = MEMTX_OK;
3033 }
3034 if (result) {
3035 *result = r;
3036 }
3037 if (release_lock) {
3038 qemu_mutex_unlock_iothread();
3039 }
3040 rcu_read_unlock();
3041 return val;
3042 }
3043
3044 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3045 MemTxAttrs attrs, MemTxResult *result)
3046 {
3047 return address_space_ldq_internal(as, addr, attrs, result,
3048 DEVICE_NATIVE_ENDIAN);
3049 }
3050
3051 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3052 MemTxAttrs attrs, MemTxResult *result)
3053 {
3054 return address_space_ldq_internal(as, addr, attrs, result,
3055 DEVICE_LITTLE_ENDIAN);
3056 }
3057
3058 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3059 MemTxAttrs attrs, MemTxResult *result)
3060 {
3061 return address_space_ldq_internal(as, addr, attrs, result,
3062 DEVICE_BIG_ENDIAN);
3063 }
3064
3065 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3066 {
3067 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3068 }
3069
3070 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3071 {
3072 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3073 }
3074
3075 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3076 {
3077 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3078 }
3079
3080 /* XXX: optimize */
3081 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3082 MemTxAttrs attrs, MemTxResult *result)
3083 {
3084 uint8_t val;
3085 MemTxResult r;
3086
3087 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3088 if (result) {
3089 *result = r;
3090 }
3091 return val;
3092 }
3093
3094 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3095 {
3096 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3097 }
3098
3099 /* warning: addr must be aligned */
3100 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3101 hwaddr addr,
3102 MemTxAttrs attrs,
3103 MemTxResult *result,
3104 enum device_endian endian)
3105 {
3106 uint8_t *ptr;
3107 uint64_t val;
3108 MemoryRegion *mr;
3109 hwaddr l = 2;
3110 hwaddr addr1;
3111 MemTxResult r;
3112 bool release_lock = false;
3113
3114 rcu_read_lock();
3115 mr = address_space_translate(as, addr, &addr1, &l,
3116 false);
3117 if (l < 2 || !memory_access_is_direct(mr, false)) {
3118 release_lock |= prepare_mmio_access(mr);
3119
3120 /* I/O case */
3121 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3122 #if defined(TARGET_WORDS_BIGENDIAN)
3123 if (endian == DEVICE_LITTLE_ENDIAN) {
3124 val = bswap16(val);
3125 }
3126 #else
3127 if (endian == DEVICE_BIG_ENDIAN) {
3128 val = bswap16(val);
3129 }
3130 #endif
3131 } else {
3132 /* RAM case */
3133 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3134 & TARGET_PAGE_MASK)
3135 + addr1);
3136 switch (endian) {
3137 case DEVICE_LITTLE_ENDIAN:
3138 val = lduw_le_p(ptr);
3139 break;
3140 case DEVICE_BIG_ENDIAN:
3141 val = lduw_be_p(ptr);
3142 break;
3143 default:
3144 val = lduw_p(ptr);
3145 break;
3146 }
3147 r = MEMTX_OK;
3148 }
3149 if (result) {
3150 *result = r;
3151 }
3152 if (release_lock) {
3153 qemu_mutex_unlock_iothread();
3154 }
3155 rcu_read_unlock();
3156 return val;
3157 }
3158
3159 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3160 MemTxAttrs attrs, MemTxResult *result)
3161 {
3162 return address_space_lduw_internal(as, addr, attrs, result,
3163 DEVICE_NATIVE_ENDIAN);
3164 }
3165
3166 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3167 MemTxAttrs attrs, MemTxResult *result)
3168 {
3169 return address_space_lduw_internal(as, addr, attrs, result,
3170 DEVICE_LITTLE_ENDIAN);
3171 }
3172
3173 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3174 MemTxAttrs attrs, MemTxResult *result)
3175 {
3176 return address_space_lduw_internal(as, addr, attrs, result,
3177 DEVICE_BIG_ENDIAN);
3178 }
3179
3180 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3181 {
3182 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3183 }
3184
3185 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3186 {
3187 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3188 }
3189
3190 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3191 {
3192 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3193 }
3194
3195 /* warning: addr must be aligned. The ram page is not masked as dirty
3196 and the code inside is not invalidated. It is useful if the dirty
3197 bits are used to track modified PTEs */
3198 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3199 MemTxAttrs attrs, MemTxResult *result)
3200 {
3201 uint8_t *ptr;
3202 MemoryRegion *mr;
3203 hwaddr l = 4;
3204 hwaddr addr1;
3205 MemTxResult r;
3206 uint8_t dirty_log_mask;
3207 bool release_lock = false;
3208
3209 rcu_read_lock();
3210 mr = address_space_translate(as, addr, &addr1, &l,
3211 true);
3212 if (l < 4 || !memory_access_is_direct(mr, true)) {
3213 release_lock |= prepare_mmio_access(mr);
3214
3215 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3216 } else {
3217 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3218 ptr = qemu_get_ram_ptr(addr1);
3219 stl_p(ptr, val);
3220
3221 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3222 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3223 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3224 r = MEMTX_OK;
3225 }
3226 if (result) {
3227 *result = r;
3228 }
3229 if (release_lock) {
3230 qemu_mutex_unlock_iothread();
3231 }
3232 rcu_read_unlock();
3233 }
3234
3235 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3236 {
3237 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3238 }
3239
3240 /* warning: addr must be aligned */
3241 static inline void address_space_stl_internal(AddressSpace *as,
3242 hwaddr addr, uint32_t val,
3243 MemTxAttrs attrs,
3244 MemTxResult *result,
3245 enum device_endian endian)
3246 {
3247 uint8_t *ptr;
3248 MemoryRegion *mr;
3249 hwaddr l = 4;
3250 hwaddr addr1;
3251 MemTxResult r;
3252 bool release_lock = false;
3253
3254 rcu_read_lock();
3255 mr = address_space_translate(as, addr, &addr1, &l,
3256 true);
3257 if (l < 4 || !memory_access_is_direct(mr, true)) {
3258 release_lock |= prepare_mmio_access(mr);
3259
3260 #if defined(TARGET_WORDS_BIGENDIAN)
3261 if (endian == DEVICE_LITTLE_ENDIAN) {
3262 val = bswap32(val);
3263 }
3264 #else
3265 if (endian == DEVICE_BIG_ENDIAN) {
3266 val = bswap32(val);
3267 }
3268 #endif
3269 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3270 } else {
3271 /* RAM case */
3272 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3273 ptr = qemu_get_ram_ptr(addr1);
3274 switch (endian) {
3275 case DEVICE_LITTLE_ENDIAN:
3276 stl_le_p(ptr, val);
3277 break;
3278 case DEVICE_BIG_ENDIAN:
3279 stl_be_p(ptr, val);
3280 break;
3281 default:
3282 stl_p(ptr, val);
3283 break;
3284 }
3285 invalidate_and_set_dirty(mr, addr1, 4);
3286 r = MEMTX_OK;
3287 }
3288 if (result) {
3289 *result = r;
3290 }
3291 if (release_lock) {
3292 qemu_mutex_unlock_iothread();
3293 }
3294 rcu_read_unlock();
3295 }
3296
3297 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3298 MemTxAttrs attrs, MemTxResult *result)
3299 {
3300 address_space_stl_internal(as, addr, val, attrs, result,
3301 DEVICE_NATIVE_ENDIAN);
3302 }
3303
3304 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3305 MemTxAttrs attrs, MemTxResult *result)
3306 {
3307 address_space_stl_internal(as, addr, val, attrs, result,
3308 DEVICE_LITTLE_ENDIAN);
3309 }
3310
3311 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3312 MemTxAttrs attrs, MemTxResult *result)
3313 {
3314 address_space_stl_internal(as, addr, val, attrs, result,
3315 DEVICE_BIG_ENDIAN);
3316 }
3317
3318 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3319 {
3320 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3321 }
3322
3323 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3324 {
3325 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3326 }
3327
3328 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3329 {
3330 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3331 }
3332
3333 /* XXX: optimize */
3334 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3335 MemTxAttrs attrs, MemTxResult *result)
3336 {
3337 uint8_t v = val;
3338 MemTxResult r;
3339
3340 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3341 if (result) {
3342 *result = r;
3343 }
3344 }
3345
3346 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3347 {
3348 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3349 }
3350
3351 /* warning: addr must be aligned */
3352 static inline void address_space_stw_internal(AddressSpace *as,
3353 hwaddr addr, uint32_t val,
3354 MemTxAttrs attrs,
3355 MemTxResult *result,
3356 enum device_endian endian)
3357 {
3358 uint8_t *ptr;
3359 MemoryRegion *mr;
3360 hwaddr l = 2;
3361 hwaddr addr1;
3362 MemTxResult r;
3363 bool release_lock = false;
3364
3365 rcu_read_lock();
3366 mr = address_space_translate(as, addr, &addr1, &l, true);
3367 if (l < 2 || !memory_access_is_direct(mr, true)) {
3368 release_lock |= prepare_mmio_access(mr);
3369
3370 #if defined(TARGET_WORDS_BIGENDIAN)
3371 if (endian == DEVICE_LITTLE_ENDIAN) {
3372 val = bswap16(val);
3373 }
3374 #else
3375 if (endian == DEVICE_BIG_ENDIAN) {
3376 val = bswap16(val);
3377 }
3378 #endif
3379 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3380 } else {
3381 /* RAM case */
3382 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3383 ptr = qemu_get_ram_ptr(addr1);
3384 switch (endian) {
3385 case DEVICE_LITTLE_ENDIAN:
3386 stw_le_p(ptr, val);
3387 break;
3388 case DEVICE_BIG_ENDIAN:
3389 stw_be_p(ptr, val);
3390 break;
3391 default:
3392 stw_p(ptr, val);
3393 break;
3394 }
3395 invalidate_and_set_dirty(mr, addr1, 2);
3396 r = MEMTX_OK;
3397 }
3398 if (result) {
3399 *result = r;
3400 }
3401 if (release_lock) {
3402 qemu_mutex_unlock_iothread();
3403 }
3404 rcu_read_unlock();
3405 }
3406
3407 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3408 MemTxAttrs attrs, MemTxResult *result)
3409 {
3410 address_space_stw_internal(as, addr, val, attrs, result,
3411 DEVICE_NATIVE_ENDIAN);
3412 }
3413
3414 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3415 MemTxAttrs attrs, MemTxResult *result)
3416 {
3417 address_space_stw_internal(as, addr, val, attrs, result,
3418 DEVICE_LITTLE_ENDIAN);
3419 }
3420
3421 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3422 MemTxAttrs attrs, MemTxResult *result)
3423 {
3424 address_space_stw_internal(as, addr, val, attrs, result,
3425 DEVICE_BIG_ENDIAN);
3426 }
3427
3428 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3429 {
3430 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3431 }
3432
3433 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3434 {
3435 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3436 }
3437
3438 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3439 {
3440 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3441 }
3442
3443 /* XXX: optimize */
3444 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3445 MemTxAttrs attrs, MemTxResult *result)
3446 {
3447 MemTxResult r;
3448 val = tswap64(val);
3449 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3450 if (result) {
3451 *result = r;
3452 }
3453 }
3454
3455 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3456 MemTxAttrs attrs, MemTxResult *result)
3457 {
3458 MemTxResult r;
3459 val = cpu_to_le64(val);
3460 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3461 if (result) {
3462 *result = r;
3463 }
3464 }
3465 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3466 MemTxAttrs attrs, MemTxResult *result)
3467 {
3468 MemTxResult r;
3469 val = cpu_to_be64(val);
3470 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3471 if (result) {
3472 *result = r;
3473 }
3474 }
3475
3476 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3477 {
3478 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3479 }
3480
3481 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3482 {
3483 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3484 }
3485
3486 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3487 {
3488 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3489 }
3490
3491 /* virtual memory access for debug (includes writing to ROM) */
3492 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3493 uint8_t *buf, int len, int is_write)
3494 {
3495 int l;
3496 hwaddr phys_addr;
3497 target_ulong page;
3498
3499 while (len > 0) {
3500 page = addr & TARGET_PAGE_MASK;
3501 phys_addr = cpu_get_phys_page_debug(cpu, page);
3502 /* if no physical page mapped, return an error */
3503 if (phys_addr == -1)
3504 return -1;
3505 l = (page + TARGET_PAGE_SIZE) - addr;
3506 if (l > len)
3507 l = len;
3508 phys_addr += (addr & ~TARGET_PAGE_MASK);
3509 if (is_write) {
3510 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3511 } else {
3512 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3513 buf, l, 0);
3514 }
3515 len -= l;
3516 buf += l;
3517 addr += l;
3518 }
3519 return 0;
3520 }
3521
3522 /*
3523 * Allows code that needs to deal with migration bitmaps etc to still be built
3524 * target independent.
3525 */
3526 size_t qemu_target_page_bits(void)
3527 {
3528 return TARGET_PAGE_BITS;
3529 }
3530
3531 #endif
3532
3533 /*
3534 * A helper function for the _utterly broken_ virtio device model to find out if
3535 * it's running on a big endian machine. Don't do this at home kids!
3536 */
3537 bool target_words_bigendian(void);
3538 bool target_words_bigendian(void)
3539 {
3540 #if defined(TARGET_WORDS_BIGENDIAN)
3541 return true;
3542 #else
3543 return false;
3544 #endif
3545 }
3546
3547 #ifndef CONFIG_USER_ONLY
3548 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3549 {
3550 MemoryRegion*mr;
3551 hwaddr l = 1;
3552 bool res;
3553
3554 rcu_read_lock();
3555 mr = address_space_translate(&address_space_memory,
3556 phys_addr, &phys_addr, &l, false);
3557
3558 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3559 rcu_read_unlock();
3560 return res;
3561 }
3562
3563 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3564 {
3565 RAMBlock *block;
3566 int ret = 0;
3567
3568 rcu_read_lock();
3569 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3570 ret = func(block->idstr, block->host, block->offset,
3571 block->used_length, opaque);
3572 if (ret) {
3573 break;
3574 }
3575 }
3576 rcu_read_unlock();
3577 return ret;
3578 }
3579 #endif
CRIS target port of Qemu