search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
xhci: fix address device
[qemu/kevin.git] / translate-all.c
blob08dd03881634c8bc9a607a5b3a1135a8a7a84007
1 /*
2 * Host code generation
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #ifdef _WIN32
20 #include <windows.h>
21 #else
22 #include <sys/types.h>
23 #include <sys/mman.h>
24 #endif
25 #include <stdarg.h>
26 #include <stdlib.h>
27 #include <stdio.h>
28 #include <string.h>
29 #include <inttypes.h>
30
31 #include "config.h"
32
33 #include "qemu-common.h"
34 #define NO_CPU_IO_DEFS
35 #include "cpu.h"
36 #include "disas/disas.h"
37 #include "tcg.h"
38 #if defined(CONFIG_USER_ONLY)
39 #include "qemu.h"
40 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41 #include <sys/param.h>
42 #if __FreeBSD_version >= 700104
43 #define HAVE_KINFO_GETVMMAP
44 #define sigqueue sigqueue_freebsd /* avoid redefinition */
45 #include <sys/time.h>
46 #include <sys/proc.h>
47 #include <machine/profile.h>
48 #define _KERNEL
49 #include <sys/user.h>
50 #undef _KERNEL
51 #undef sigqueue
52 #include <libutil.h>
53 #endif
54 #endif
55 #else
56 #include "exec/address-spaces.h"
57 #endif
58
59 #include "exec/cputlb.h"
60 #include "translate-all.h"
61
62 //#define DEBUG_TB_INVALIDATE
63 //#define DEBUG_FLUSH
64 /* make various TB consistency checks */
65 //#define DEBUG_TB_CHECK
66
67 #if !defined(CONFIG_USER_ONLY)
68 /* TB consistency checks only implemented for usermode emulation. */
69 #undef DEBUG_TB_CHECK
70 #endif
71
72 #define SMC_BITMAP_USE_THRESHOLD 10
73
74 typedef struct PageDesc {
75 /* list of TBs intersecting this ram page */
76 TranslationBlock *first_tb;
77 /* in order to optimize self modifying code, we count the number
78 of lookups we do to a given page to use a bitmap */
79 unsigned int code_write_count;
80 uint8_t *code_bitmap;
81 #if defined(CONFIG_USER_ONLY)
82 unsigned long flags;
83 #endif
84 } PageDesc;
85
86 /* In system mode we want L1_MAP to be based on ram offsets,
87 while in user mode we want it to be based on virtual addresses. */
88 #if !defined(CONFIG_USER_ONLY)
89 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
90 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
91 #else
92 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
93 #endif
94 #else
95 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
96 #endif
97
98 /* The bits remaining after N lower levels of page tables. */
99 #define V_L1_BITS_REM \
100 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
101
102 #if V_L1_BITS_REM < 4
103 #define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
104 #else
105 #define V_L1_BITS V_L1_BITS_REM
106 #endif
107
108 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
109
110 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
111
112 uintptr_t qemu_real_host_page_size;
113 uintptr_t qemu_host_page_size;
114 uintptr_t qemu_host_page_mask;
115
116 /* This is a multi-level map on the virtual address space.
117 The bottom level has pointers to PageDesc. */
118 static void *l1_map[V_L1_SIZE];
119
120 /* code generation context */
121 TCGContext tcg_ctx;
122
123 static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
124 tb_page_addr_t phys_page2);
125 static TranslationBlock *tb_find_pc(uintptr_t tc_ptr);
126
127 void cpu_gen_init(void)
128 {
129 tcg_context_init(&tcg_ctx);
130 }
131
132 /* return non zero if the very first instruction is invalid so that
133 the virtual CPU can trigger an exception.
134
135 '*gen_code_size_ptr' contains the size of the generated code (host
136 code).
137 */
138 int cpu_gen_code(CPUArchState *env, TranslationBlock *tb, int *gen_code_size_ptr)
139 {
140 TCGContext *s = &tcg_ctx;
141 uint8_t *gen_code_buf;
142 int gen_code_size;
143 #ifdef CONFIG_PROFILER
144 int64_t ti;
145 #endif
146
147 #ifdef CONFIG_PROFILER
148 s->tb_count1++; /* includes aborted translations because of
149 exceptions */
150 ti = profile_getclock();
151 #endif
152 tcg_func_start(s);
153
154 gen_intermediate_code(env, tb);
155
156 /* generate machine code */
157 gen_code_buf = tb->tc_ptr;
158 tb->tb_next_offset[0] = 0xffff;
159 tb->tb_next_offset[1] = 0xffff;
160 s->tb_next_offset = tb->tb_next_offset;
161 #ifdef USE_DIRECT_JUMP
162 s->tb_jmp_offset = tb->tb_jmp_offset;
163 s->tb_next = NULL;
164 #else
165 s->tb_jmp_offset = NULL;
166 s->tb_next = tb->tb_next;
167 #endif
168
169 #ifdef CONFIG_PROFILER
170 s->tb_count++;
171 s->interm_time += profile_getclock() - ti;
172 s->code_time -= profile_getclock();
173 #endif
174 gen_code_size = tcg_gen_code(s, gen_code_buf);
175 *gen_code_size_ptr = gen_code_size;
176 #ifdef CONFIG_PROFILER
177 s->code_time += profile_getclock();
178 s->code_in_len += tb->size;
179 s->code_out_len += gen_code_size;
180 #endif
181
182 #ifdef DEBUG_DISAS
183 if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM)) {
184 qemu_log("OUT: [size=%d]\n", *gen_code_size_ptr);
185 log_disas(tb->tc_ptr, *gen_code_size_ptr);
186 qemu_log("\n");
187 qemu_log_flush();
188 }
189 #endif
190 return 0;
191 }
192
193 /* The cpu state corresponding to 'searched_pc' is restored.
194 */
195 static int cpu_restore_state_from_tb(TranslationBlock *tb, CPUArchState *env,
196 uintptr_t searched_pc)
197 {
198 TCGContext *s = &tcg_ctx;
199 int j;
200 uintptr_t tc_ptr;
201 #ifdef CONFIG_PROFILER
202 int64_t ti;
203 #endif
204
205 #ifdef CONFIG_PROFILER
206 ti = profile_getclock();
207 #endif
208 tcg_func_start(s);
209
210 gen_intermediate_code_pc(env, tb);
211
212 if (use_icount) {
213 /* Reset the cycle counter to the start of the block. */
214 env->icount_decr.u16.low += tb->icount;
215 /* Clear the IO flag. */
216 env->can_do_io = 0;
217 }
218
219 /* find opc index corresponding to search_pc */
220 tc_ptr = (uintptr_t)tb->tc_ptr;
221 if (searched_pc < tc_ptr)
222 return -1;
223
224 s->tb_next_offset = tb->tb_next_offset;
225 #ifdef USE_DIRECT_JUMP
226 s->tb_jmp_offset = tb->tb_jmp_offset;
227 s->tb_next = NULL;
228 #else
229 s->tb_jmp_offset = NULL;
230 s->tb_next = tb->tb_next;
231 #endif
232 j = tcg_gen_code_search_pc(s, (uint8_t *)tc_ptr, searched_pc - tc_ptr);
233 if (j < 0)
234 return -1;
235 /* now find start of instruction before */
236 while (s->gen_opc_instr_start[j] == 0) {
237 j--;
238 }
239 env->icount_decr.u16.low -= s->gen_opc_icount[j];
240
241 restore_state_to_opc(env, tb, j);
242
243 #ifdef CONFIG_PROFILER
244 s->restore_time += profile_getclock() - ti;
245 s->restore_count++;
246 #endif
247 return 0;
248 }
249
250 bool cpu_restore_state(CPUArchState *env, uintptr_t retaddr)
251 {
252 TranslationBlock *tb;
253
254 tb = tb_find_pc(retaddr);
255 if (tb) {
256 cpu_restore_state_from_tb(tb, env, retaddr);
257 return true;
258 }
259 return false;
260 }
261
262 #ifdef _WIN32
263 static inline void map_exec(void *addr, long size)
264 {
265 DWORD old_protect;
266 VirtualProtect(addr, size,
267 PAGE_EXECUTE_READWRITE, &old_protect);
268 }
269 #else
270 static inline void map_exec(void *addr, long size)
271 {
272 unsigned long start, end, page_size;
273
274 page_size = getpagesize();
275 start = (unsigned long)addr;
276 start &= ~(page_size - 1);
277
278 end = (unsigned long)addr + size;
279 end += page_size - 1;
280 end &= ~(page_size - 1);
281
282 mprotect((void *)start, end - start,
283 PROT_READ | PROT_WRITE | PROT_EXEC);
284 }
285 #endif
286
287 static void page_init(void)
288 {
289 /* NOTE: we can always suppose that qemu_host_page_size >=
290 TARGET_PAGE_SIZE */
291 #ifdef _WIN32
292 {
293 SYSTEM_INFO system_info;
294
295 GetSystemInfo(&system_info);
296 qemu_real_host_page_size = system_info.dwPageSize;
297 }
298 #else
299 qemu_real_host_page_size = getpagesize();
300 #endif
301 if (qemu_host_page_size == 0) {
302 qemu_host_page_size = qemu_real_host_page_size;
303 }
304 if (qemu_host_page_size < TARGET_PAGE_SIZE) {
305 qemu_host_page_size = TARGET_PAGE_SIZE;
306 }
307 qemu_host_page_mask = ~(qemu_host_page_size - 1);
308
309 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
310 {
311 #ifdef HAVE_KINFO_GETVMMAP
312 struct kinfo_vmentry *freep;
313 int i, cnt;
314
315 freep = kinfo_getvmmap(getpid(), &cnt);
316 if (freep) {
317 mmap_lock();
318 for (i = 0; i < cnt; i++) {
319 unsigned long startaddr, endaddr;
320
321 startaddr = freep[i].kve_start;
322 endaddr = freep[i].kve_end;
323 if (h2g_valid(startaddr)) {
324 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
325
326 if (h2g_valid(endaddr)) {
327 endaddr = h2g(endaddr);
328 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
329 } else {
330 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
331 endaddr = ~0ul;
332 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
333 #endif
334 }
335 }
336 }
337 free(freep);
338 mmap_unlock();
339 }
340 #else
341 FILE *f;
342
343 last_brk = (unsigned long)sbrk(0);
344
345 f = fopen("/compat/linux/proc/self/maps", "r");
346 if (f) {
347 mmap_lock();
348
349 do {
350 unsigned long startaddr, endaddr;
351 int n;
352
353 n = fscanf(f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
354
355 if (n == 2 && h2g_valid(startaddr)) {
356 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
357
358 if (h2g_valid(endaddr)) {
359 endaddr = h2g(endaddr);
360 } else {
361 endaddr = ~0ul;
362 }
363 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
364 }
365 } while (!feof(f));
366
367 fclose(f);
368 mmap_unlock();
369 }
370 #endif
371 }
372 #endif
373 }
374
375 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
376 {
377 PageDesc *pd;
378 void **lp;
379 int i;
380
381 #if defined(CONFIG_USER_ONLY)
382 /* We can't use g_malloc because it may recurse into a locked mutex. */
383 # define ALLOC(P, SIZE) \
384 do { \
385 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
386 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
387 } while (0)
388 #else
389 # define ALLOC(P, SIZE) \
390 do { P = g_malloc0(SIZE); } while (0)
391 #endif
392
393 /* Level 1. Always allocated. */
394 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
395
396 /* Level 2..N-1. */
397 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
398 void **p = *lp;
399
400 if (p == NULL) {
401 if (!alloc) {
402 return NULL;
403 }
404 ALLOC(p, sizeof(void *) * L2_SIZE);
405 *lp = p;
406 }
407
408 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
409 }
410
411 pd = *lp;
412 if (pd == NULL) {
413 if (!alloc) {
414 return NULL;
415 }
416 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
417 *lp = pd;
418 }
419
420 #undef ALLOC
421
422 return pd + (index & (L2_SIZE - 1));
423 }
424
425 static inline PageDesc *page_find(tb_page_addr_t index)
426 {
427 return page_find_alloc(index, 0);
428 }
429
430 #if !defined(CONFIG_USER_ONLY)
431 #define mmap_lock() do { } while (0)
432 #define mmap_unlock() do { } while (0)
433 #endif
434
435 #if defined(CONFIG_USER_ONLY)
436 /* Currently it is not recommended to allocate big chunks of data in
437 user mode. It will change when a dedicated libc will be used. */
438 /* ??? 64-bit hosts ought to have no problem mmaping data outside the
439 region in which the guest needs to run. Revisit this. */
440 #define USE_STATIC_CODE_GEN_BUFFER
441 #endif
442
443 /* ??? Should configure for this, not list operating systems here. */
444 #if (defined(__linux__) \
445 || defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
446 || defined(__DragonFly__) || defined(__OpenBSD__) \
447 || defined(__NetBSD__))
448 # define USE_MMAP
449 #endif
450
451 /* Minimum size of the code gen buffer. This number is randomly chosen,
452 but not so small that we can't have a fair number of TB's live. */
453 #define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
454
455 /* Maximum size of the code gen buffer we'd like to use. Unless otherwise
456 indicated, this is constrained by the range of direct branches on the
457 host cpu, as used by the TCG implementation of goto_tb. */
458 #if defined(__x86_64__)
459 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
460 #elif defined(__sparc__)
461 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
462 #elif defined(__arm__)
463 # define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024)
464 #elif defined(__s390x__)
465 /* We have a +- 4GB range on the branches; leave some slop. */
466 # define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
467 #else
468 # define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
469 #endif
470
471 #define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
472
473 #define DEFAULT_CODE_GEN_BUFFER_SIZE \
474 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
475 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
476
477 static inline size_t size_code_gen_buffer(size_t tb_size)
478 {
479 /* Size the buffer. */
480 if (tb_size == 0) {
481 #ifdef USE_STATIC_CODE_GEN_BUFFER
482 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
483 #else
484 /* ??? Needs adjustments. */
485 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
486 static buffer, we could size this on RESERVED_VA, on the text
487 segment size of the executable, or continue to use the default. */
488 tb_size = (unsigned long)(ram_size / 4);
489 #endif
490 }
491 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
492 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
493 }
494 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
495 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
496 }
497 tcg_ctx.code_gen_buffer_size = tb_size;
498 return tb_size;
499 }
500
501 #ifdef USE_STATIC_CODE_GEN_BUFFER
502 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
503 __attribute__((aligned(CODE_GEN_ALIGN)));
504
505 static inline void *alloc_code_gen_buffer(void)
506 {
507 map_exec(static_code_gen_buffer, tcg_ctx.code_gen_buffer_size);
508 return static_code_gen_buffer;
509 }
510 #elif defined(USE_MMAP)
511 static inline void *alloc_code_gen_buffer(void)
512 {
513 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
514 uintptr_t start = 0;
515 void *buf;
516
517 /* Constrain the position of the buffer based on the host cpu.
518 Note that these addresses are chosen in concert with the
519 addresses assigned in the relevant linker script file. */
520 # if defined(__PIE__) || defined(__PIC__)
521 /* Don't bother setting a preferred location if we're building
522 a position-independent executable. We're more likely to get
523 an address near the main executable if we let the kernel
524 choose the address. */
525 # elif defined(__x86_64__) && defined(MAP_32BIT)
526 /* Force the memory down into low memory with the executable.
527 Leave the choice of exact location with the kernel. */
528 flags |= MAP_32BIT;
529 /* Cannot expect to map more than 800MB in low memory. */
530 if (tcg_ctx.code_gen_buffer_size > 800u * 1024 * 1024) {
531 tcg_ctx.code_gen_buffer_size = 800u * 1024 * 1024;
532 }
533 # elif defined(__sparc__)
534 start = 0x40000000ul;
535 # elif defined(__s390x__)
536 start = 0x90000000ul;
537 # endif
538
539 buf = mmap((void *)start, tcg_ctx.code_gen_buffer_size,
540 PROT_WRITE | PROT_READ | PROT_EXEC, flags, -1, 0);
541 return buf == MAP_FAILED ? NULL : buf;
542 }
543 #else
544 static inline void *alloc_code_gen_buffer(void)
545 {
546 void *buf = g_malloc(tcg_ctx.code_gen_buffer_size);
547
548 if (buf) {
549 map_exec(buf, tcg_ctx.code_gen_buffer_size);
550 }
551 return buf;
552 }
553 #endif /* USE_STATIC_CODE_GEN_BUFFER, USE_MMAP */
554
555 static inline void code_gen_alloc(size_t tb_size)
556 {
557 tcg_ctx.code_gen_buffer_size = size_code_gen_buffer(tb_size);
558 tcg_ctx.code_gen_buffer = alloc_code_gen_buffer();
559 if (tcg_ctx.code_gen_buffer == NULL) {
560 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
561 exit(1);
562 }
563
564 qemu_madvise(tcg_ctx.code_gen_buffer, tcg_ctx.code_gen_buffer_size,
565 QEMU_MADV_HUGEPAGE);
566
567 /* Steal room for the prologue at the end of the buffer. This ensures
568 (via the MAX_CODE_GEN_BUFFER_SIZE limits above) that direct branches
569 from TB's to the prologue are going to be in range. It also means
570 that we don't need to mark (additional) portions of the data segment
571 as executable. */
572 tcg_ctx.code_gen_prologue = tcg_ctx.code_gen_buffer +
573 tcg_ctx.code_gen_buffer_size - 1024;
574 tcg_ctx.code_gen_buffer_size -= 1024;
575
576 tcg_ctx.code_gen_buffer_max_size = tcg_ctx.code_gen_buffer_size -
577 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
578 tcg_ctx.code_gen_max_blocks = tcg_ctx.code_gen_buffer_size /
579 CODE_GEN_AVG_BLOCK_SIZE;
580 tcg_ctx.tb_ctx.tbs =
581 g_malloc(tcg_ctx.code_gen_max_blocks * sizeof(TranslationBlock));
582 }
583
584 /* Must be called before using the QEMU cpus. 'tb_size' is the size
585 (in bytes) allocated to the translation buffer. Zero means default
586 size. */
587 void tcg_exec_init(unsigned long tb_size)
588 {
589 cpu_gen_init();
590 code_gen_alloc(tb_size);
591 tcg_ctx.code_gen_ptr = tcg_ctx.code_gen_buffer;
592 tcg_register_jit(tcg_ctx.code_gen_buffer, tcg_ctx.code_gen_buffer_size);
593 page_init();
594 #if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
595 /* There's no guest base to take into account, so go ahead and
596 initialize the prologue now. */
597 tcg_prologue_init(&tcg_ctx);
598 #endif
599 }
600
601 bool tcg_enabled(void)
602 {
603 return tcg_ctx.code_gen_buffer != NULL;
604 }
605
606 /* Allocate a new translation block. Flush the translation buffer if
607 too many translation blocks or too much generated code. */
608 static TranslationBlock *tb_alloc(target_ulong pc)
609 {
610 TranslationBlock *tb;
611
612 if (tcg_ctx.tb_ctx.nb_tbs >= tcg_ctx.code_gen_max_blocks ||
613 (tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer) >=
614 tcg_ctx.code_gen_buffer_max_size) {
615 return NULL;
616 }
617 tb = &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs++];
618 tb->pc = pc;
619 tb->cflags = 0;
620 return tb;
621 }
622
623 void tb_free(TranslationBlock *tb)
624 {
625 /* In practice this is mostly used for single use temporary TB
626 Ignore the hard cases and just back up if this TB happens to
627 be the last one generated. */
628 if (tcg_ctx.tb_ctx.nb_tbs > 0 &&
629 tb == &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs - 1]) {
630 tcg_ctx.code_gen_ptr = tb->tc_ptr;
631 tcg_ctx.tb_ctx.nb_tbs--;
632 }
633 }
634
635 static inline void invalidate_page_bitmap(PageDesc *p)
636 {
637 if (p->code_bitmap) {
638 g_free(p->code_bitmap);
639 p->code_bitmap = NULL;
640 }
641 p->code_write_count = 0;
642 }
643
644 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
645 static void page_flush_tb_1(int level, void **lp)
646 {
647 int i;
648
649 if (*lp == NULL) {
650 return;
651 }
652 if (level == 0) {
653 PageDesc *pd = *lp;
654
655 for (i = 0; i < L2_SIZE; ++i) {
656 pd[i].first_tb = NULL;
657 invalidate_page_bitmap(pd + i);
658 }
659 } else {
660 void **pp = *lp;
661
662 for (i = 0; i < L2_SIZE; ++i) {
663 page_flush_tb_1(level - 1, pp + i);
664 }
665 }
666 }
667
668 static void page_flush_tb(void)
669 {
670 int i;
671
672 for (i = 0; i < V_L1_SIZE; i++) {
673 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
674 }
675 }
676
677 /* flush all the translation blocks */
678 /* XXX: tb_flush is currently not thread safe */
679 void tb_flush(CPUArchState *env1)
680 {
681 CPUArchState *env;
682
683 #if defined(DEBUG_FLUSH)
684 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
685 (unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer),
686 tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.tb_ctx.nb_tbs > 0 ?
687 ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)) /
688 tcg_ctx.tb_ctx.nb_tbs : 0);
689 #endif
690 if ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)
691 > tcg_ctx.code_gen_buffer_size) {
692 cpu_abort(env1, "Internal error: code buffer overflow\n");
693 }
694 tcg_ctx.tb_ctx.nb_tbs = 0;
695
696 for (env = first_cpu; env != NULL; env = env->next_cpu) {
697 memset(env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof(void *));
698 }
699
700 memset(tcg_ctx.tb_ctx.tb_phys_hash, 0,
701 CODE_GEN_PHYS_HASH_SIZE * sizeof(void *));
702 page_flush_tb();
703
704 tcg_ctx.code_gen_ptr = tcg_ctx.code_gen_buffer;
705 /* XXX: flush processor icache at this point if cache flush is
706 expensive */
707 tcg_ctx.tb_ctx.tb_flush_count++;
708 }
709
710 #ifdef DEBUG_TB_CHECK
711
712 static void tb_invalidate_check(target_ulong address)
713 {
714 TranslationBlock *tb;
715 int i;
716
717 address &= TARGET_PAGE_MASK;
718 for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) {
719 for (tb = tb_ctx.tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
720 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
721 address >= tb->pc + tb->size)) {
722 printf("ERROR invalidate: address=" TARGET_FMT_lx
723 " PC=%08lx size=%04x\n",
724 address, (long)tb->pc, tb->size);
725 }
726 }
727 }
728 }
729
730 /* verify that all the pages have correct rights for code */
731 static void tb_page_check(void)
732 {
733 TranslationBlock *tb;
734 int i, flags1, flags2;
735
736 for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) {
737 for (tb = tcg_ctx.tb_ctx.tb_phys_hash[i]; tb != NULL;
738 tb = tb->phys_hash_next) {
739 flags1 = page_get_flags(tb->pc);
740 flags2 = page_get_flags(tb->pc + tb->size - 1);
741 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
742 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
743 (long)tb->pc, tb->size, flags1, flags2);
744 }
745 }
746 }
747 }
748
749 #endif
750
751 static inline void tb_hash_remove(TranslationBlock **ptb, TranslationBlock *tb)
752 {
753 TranslationBlock *tb1;
754
755 for (;;) {
756 tb1 = *ptb;
757 if (tb1 == tb) {
758 *ptb = tb1->phys_hash_next;
759 break;
760 }
761 ptb = &tb1->phys_hash_next;
762 }
763 }
764
765 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
766 {
767 TranslationBlock *tb1;
768 unsigned int n1;
769
770 for (;;) {
771 tb1 = *ptb;
772 n1 = (uintptr_t)tb1 & 3;
773 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
774 if (tb1 == tb) {
775 *ptb = tb1->page_next[n1];
776 break;
777 }
778 ptb = &tb1->page_next[n1];
779 }
780 }
781
782 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
783 {
784 TranslationBlock *tb1, **ptb;
785 unsigned int n1;
786
787 ptb = &tb->jmp_next[n];
788 tb1 = *ptb;
789 if (tb1) {
790 /* find tb(n) in circular list */
791 for (;;) {
792 tb1 = *ptb;
793 n1 = (uintptr_t)tb1 & 3;
794 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
795 if (n1 == n && tb1 == tb) {
796 break;
797 }
798 if (n1 == 2) {
799 ptb = &tb1->jmp_first;
800 } else {
801 ptb = &tb1->jmp_next[n1];
802 }
803 }
804 /* now we can suppress tb(n) from the list */
805 *ptb = tb->jmp_next[n];
806
807 tb->jmp_next[n] = NULL;
808 }
809 }
810
811 /* reset the jump entry 'n' of a TB so that it is not chained to
812 another TB */
813 static inline void tb_reset_jump(TranslationBlock *tb, int n)
814 {
815 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
816 }
817
818 /* invalidate one TB */
819 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
820 {
821 CPUArchState *env;
822 PageDesc *p;
823 unsigned int h, n1;
824 tb_page_addr_t phys_pc;
825 TranslationBlock *tb1, *tb2;
826
827 /* remove the TB from the hash list */
828 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
829 h = tb_phys_hash_func(phys_pc);
830 tb_hash_remove(&tcg_ctx.tb_ctx.tb_phys_hash[h], tb);
831
832 /* remove the TB from the page list */
833 if (tb->page_addr[0] != page_addr) {
834 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
835 tb_page_remove(&p->first_tb, tb);
836 invalidate_page_bitmap(p);
837 }
838 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
839 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
840 tb_page_remove(&p->first_tb, tb);
841 invalidate_page_bitmap(p);
842 }
843
844 tcg_ctx.tb_ctx.tb_invalidated_flag = 1;
845
846 /* remove the TB from the hash list */
847 h = tb_jmp_cache_hash_func(tb->pc);
848 for (env = first_cpu; env != NULL; env = env->next_cpu) {
849 if (env->tb_jmp_cache[h] == tb) {
850 env->tb_jmp_cache[h] = NULL;
851 }
852 }
853
854 /* suppress this TB from the two jump lists */
855 tb_jmp_remove(tb, 0);
856 tb_jmp_remove(tb, 1);
857
858 /* suppress any remaining jumps to this TB */
859 tb1 = tb->jmp_first;
860 for (;;) {
861 n1 = (uintptr_t)tb1 & 3;
862 if (n1 == 2) {
863 break;
864 }
865 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
866 tb2 = tb1->jmp_next[n1];
867 tb_reset_jump(tb1, n1);
868 tb1->jmp_next[n1] = NULL;
869 tb1 = tb2;
870 }
871 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
872
873 tcg_ctx.tb_ctx.tb_phys_invalidate_count++;
874 }
875
876 static inline void set_bits(uint8_t *tab, int start, int len)
877 {
878 int end, mask, end1;
879
880 end = start + len;
881 tab += start >> 3;
882 mask = 0xff << (start & 7);
883 if ((start & ~7) == (end & ~7)) {
884 if (start < end) {
885 mask &= ~(0xff << (end & 7));
886 *tab |= mask;
887 }
888 } else {
889 *tab++ |= mask;
890 start = (start + 8) & ~7;
891 end1 = end & ~7;
892 while (start < end1) {
893 *tab++ = 0xff;
894 start += 8;
895 }
896 if (start < end) {
897 mask = ~(0xff << (end & 7));
898 *tab |= mask;
899 }
900 }
901 }
902
903 static void build_page_bitmap(PageDesc *p)
904 {
905 int n, tb_start, tb_end;
906 TranslationBlock *tb;
907
908 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
909
910 tb = p->first_tb;
911 while (tb != NULL) {
912 n = (uintptr_t)tb & 3;
913 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
914 /* NOTE: this is subtle as a TB may span two physical pages */
915 if (n == 0) {
916 /* NOTE: tb_end may be after the end of the page, but
917 it is not a problem */
918 tb_start = tb->pc & ~TARGET_PAGE_MASK;
919 tb_end = tb_start + tb->size;
920 if (tb_end > TARGET_PAGE_SIZE) {
921 tb_end = TARGET_PAGE_SIZE;
922 }
923 } else {
924 tb_start = 0;
925 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
926 }
927 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
928 tb = tb->page_next[n];
929 }
930 }
931
932 TranslationBlock *tb_gen_code(CPUArchState *env,
933 target_ulong pc, target_ulong cs_base,
934 int flags, int cflags)
935 {
936 TranslationBlock *tb;
937 uint8_t *tc_ptr;
938 tb_page_addr_t phys_pc, phys_page2;
939 target_ulong virt_page2;
940 int code_gen_size;
941
942 phys_pc = get_page_addr_code(env, pc);
943 tb = tb_alloc(pc);
944 if (!tb) {
945 /* flush must be done */
946 tb_flush(env);
947 /* cannot fail at this point */
948 tb = tb_alloc(pc);
949 /* Don't forget to invalidate previous TB info. */
950 tcg_ctx.tb_ctx.tb_invalidated_flag = 1;
951 }
952 tc_ptr = tcg_ctx.code_gen_ptr;
953 tb->tc_ptr = tc_ptr;
954 tb->cs_base = cs_base;
955 tb->flags = flags;
956 tb->cflags = cflags;
957 cpu_gen_code(env, tb, &code_gen_size);
958 tcg_ctx.code_gen_ptr = (void *)(((uintptr_t)tcg_ctx.code_gen_ptr +
959 code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
960
961 /* check next page if needed */
962 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
963 phys_page2 = -1;
964 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
965 phys_page2 = get_page_addr_code(env, virt_page2);
966 }
967 tb_link_page(tb, phys_pc, phys_page2);
968 return tb;
969 }
970
971 /*
972 * Invalidate all TBs which intersect with the target physical address range
973 * [start;end[. NOTE: start and end may refer to *different* physical pages.
974 * 'is_cpu_write_access' should be true if called from a real cpu write
975 * access: the virtual CPU will exit the current TB if code is modified inside
976 * this TB.
977 */
978 void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end,
979 int is_cpu_write_access)
980 {
981 while (start < end) {
982 tb_invalidate_phys_page_range(start, end, is_cpu_write_access);
983 start &= TARGET_PAGE_MASK;
984 start += TARGET_PAGE_SIZE;
985 }
986 }
987
988 /*
989 * Invalidate all TBs which intersect with the target physical address range
990 * [start;end[. NOTE: start and end must refer to the *same* physical page.
991 * 'is_cpu_write_access' should be true if called from a real cpu write
992 * access: the virtual CPU will exit the current TB if code is modified inside
993 * this TB.
994 */
995 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
996 int is_cpu_write_access)
997 {
998 TranslationBlock *tb, *tb_next, *saved_tb;
999 CPUArchState *env = cpu_single_env;
1000 CPUState *cpu = NULL;
1001 tb_page_addr_t tb_start, tb_end;
1002 PageDesc *p;
1003 int n;
1004 #ifdef TARGET_HAS_PRECISE_SMC
1005 int current_tb_not_found = is_cpu_write_access;
1006 TranslationBlock *current_tb = NULL;
1007 int current_tb_modified = 0;
1008 target_ulong current_pc = 0;
1009 target_ulong current_cs_base = 0;
1010 int current_flags = 0;
1011 #endif /* TARGET_HAS_PRECISE_SMC */
1012
1013 p = page_find(start >> TARGET_PAGE_BITS);
1014 if (!p) {
1015 return;
1016 }
1017 if (!p->code_bitmap &&
1018 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1019 is_cpu_write_access) {
1020 /* build code bitmap */
1021 build_page_bitmap(p);
1022 }
1023 if (env != NULL) {
1024 cpu = ENV_GET_CPU(env);
1025 }
1026
1027 /* we remove all the TBs in the range [start, end[ */
1028 /* XXX: see if in some cases it could be faster to invalidate all
1029 the code */
1030 tb = p->first_tb;
1031 while (tb != NULL) {
1032 n = (uintptr_t)tb & 3;
1033 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1034 tb_next = tb->page_next[n];
1035 /* NOTE: this is subtle as a TB may span two physical pages */
1036 if (n == 0) {
1037 /* NOTE: tb_end may be after the end of the page, but
1038 it is not a problem */
1039 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1040 tb_end = tb_start + tb->size;
1041 } else {
1042 tb_start = tb->page_addr[1];
1043 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1044 }
1045 if (!(tb_end <= start || tb_start >= end)) {
1046 #ifdef TARGET_HAS_PRECISE_SMC
1047 if (current_tb_not_found) {
1048 current_tb_not_found = 0;
1049 current_tb = NULL;
1050 if (env->mem_io_pc) {
1051 /* now we have a real cpu fault */
1052 current_tb = tb_find_pc(env->mem_io_pc);
1053 }
1054 }
1055 if (current_tb == tb &&
1056 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1057 /* If we are modifying the current TB, we must stop
1058 its execution. We could be more precise by checking
1059 that the modification is after the current PC, but it
1060 would require a specialized function to partially
1061 restore the CPU state */
1062
1063 current_tb_modified = 1;
1064 cpu_restore_state_from_tb(current_tb, env, env->mem_io_pc);
1065 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1066 &current_flags);
1067 }
1068 #endif /* TARGET_HAS_PRECISE_SMC */
1069 /* we need to do that to handle the case where a signal
1070 occurs while doing tb_phys_invalidate() */
1071 saved_tb = NULL;
1072 if (cpu != NULL) {
1073 saved_tb = cpu->current_tb;
1074 cpu->current_tb = NULL;
1075 }
1076 tb_phys_invalidate(tb, -1);
1077 if (cpu != NULL) {
1078 cpu->current_tb = saved_tb;
1079 if (cpu->interrupt_request && cpu->current_tb) {
1080 cpu_interrupt(cpu, cpu->interrupt_request);
1081 }
1082 }
1083 }
1084 tb = tb_next;
1085 }
1086 #if !defined(CONFIG_USER_ONLY)
1087 /* if no code remaining, no need to continue to use slow writes */
1088 if (!p->first_tb) {
1089 invalidate_page_bitmap(p);
1090 if (is_cpu_write_access) {
1091 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1092 }
1093 }
1094 #endif
1095 #ifdef TARGET_HAS_PRECISE_SMC
1096 if (current_tb_modified) {
1097 /* we generate a block containing just the instruction
1098 modifying the memory. It will ensure that it cannot modify
1099 itself */
1100 cpu->current_tb = NULL;
1101 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1102 cpu_resume_from_signal(env, NULL);
1103 }
1104 #endif
1105 }
1106
1107 /* len must be <= 8 and start must be a multiple of len */
1108 void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1109 {
1110 PageDesc *p;
1111 int offset, b;
1112
1113 #if 0
1114 if (1) {
1115 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1116 cpu_single_env->mem_io_vaddr, len,
1117 cpu_single_env->eip,
1118 cpu_single_env->eip +
1119 (intptr_t)cpu_single_env->segs[R_CS].base);
1120 }
1121 #endif
1122 p = page_find(start >> TARGET_PAGE_BITS);
1123 if (!p) {
1124 return;
1125 }
1126 if (p->code_bitmap) {
1127 offset = start & ~TARGET_PAGE_MASK;
1128 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1129 if (b & ((1 << len) - 1)) {
1130 goto do_invalidate;
1131 }
1132 } else {
1133 do_invalidate:
1134 tb_invalidate_phys_page_range(start, start + len, 1);
1135 }
1136 }
1137
1138 #if !defined(CONFIG_SOFTMMU)
1139 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1140 uintptr_t pc, void *puc)
1141 {
1142 TranslationBlock *tb;
1143 PageDesc *p;
1144 int n;
1145 #ifdef TARGET_HAS_PRECISE_SMC
1146 TranslationBlock *current_tb = NULL;
1147 CPUArchState *env = cpu_single_env;
1148 CPUState *cpu = NULL;
1149 int current_tb_modified = 0;
1150 target_ulong current_pc = 0;
1151 target_ulong current_cs_base = 0;
1152 int current_flags = 0;
1153 #endif
1154
1155 addr &= TARGET_PAGE_MASK;
1156 p = page_find(addr >> TARGET_PAGE_BITS);
1157 if (!p) {
1158 return;
1159 }
1160 tb = p->first_tb;
1161 #ifdef TARGET_HAS_PRECISE_SMC
1162 if (tb && pc != 0) {
1163 current_tb = tb_find_pc(pc);
1164 }
1165 if (env != NULL) {
1166 cpu = ENV_GET_CPU(env);
1167 }
1168 #endif
1169 while (tb != NULL) {
1170 n = (uintptr_t)tb & 3;
1171 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1172 #ifdef TARGET_HAS_PRECISE_SMC
1173 if (current_tb == tb &&
1174 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1175 /* If we are modifying the current TB, we must stop
1176 its execution. We could be more precise by checking
1177 that the modification is after the current PC, but it
1178 would require a specialized function to partially
1179 restore the CPU state */
1180
1181 current_tb_modified = 1;
1182 cpu_restore_state_from_tb(current_tb, env, pc);
1183 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1184 &current_flags);
1185 }
1186 #endif /* TARGET_HAS_PRECISE_SMC */
1187 tb_phys_invalidate(tb, addr);
1188 tb = tb->page_next[n];
1189 }
1190 p->first_tb = NULL;
1191 #ifdef TARGET_HAS_PRECISE_SMC
1192 if (current_tb_modified) {
1193 /* we generate a block containing just the instruction
1194 modifying the memory. It will ensure that it cannot modify
1195 itself */
1196 cpu->current_tb = NULL;
1197 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1198 cpu_resume_from_signal(env, puc);
1199 }
1200 #endif
1201 }
1202 #endif
1203
1204 /* add the tb in the target page and protect it if necessary */
1205 static inline void tb_alloc_page(TranslationBlock *tb,
1206 unsigned int n, tb_page_addr_t page_addr)
1207 {
1208 PageDesc *p;
1209 #ifndef CONFIG_USER_ONLY
1210 bool page_already_protected;
1211 #endif
1212
1213 tb->page_addr[n] = page_addr;
1214 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1215 tb->page_next[n] = p->first_tb;
1216 #ifndef CONFIG_USER_ONLY
1217 page_already_protected = p->first_tb != NULL;
1218 #endif
1219 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
1220 invalidate_page_bitmap(p);
1221
1222 #if defined(TARGET_HAS_SMC) || 1
1223
1224 #if defined(CONFIG_USER_ONLY)
1225 if (p->flags & PAGE_WRITE) {
1226 target_ulong addr;
1227 PageDesc *p2;
1228 int prot;
1229
1230 /* force the host page as non writable (writes will have a
1231 page fault + mprotect overhead) */
1232 page_addr &= qemu_host_page_mask;
1233 prot = 0;
1234 for (addr = page_addr; addr < page_addr + qemu_host_page_size;
1235 addr += TARGET_PAGE_SIZE) {
1236
1237 p2 = page_find(addr >> TARGET_PAGE_BITS);
1238 if (!p2) {
1239 continue;
1240 }
1241 prot |= p2->flags;
1242 p2->flags &= ~PAGE_WRITE;
1243 }
1244 mprotect(g2h(page_addr), qemu_host_page_size,
1245 (prot & PAGE_BITS) & ~PAGE_WRITE);
1246 #ifdef DEBUG_TB_INVALIDATE
1247 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1248 page_addr);
1249 #endif
1250 }
1251 #else
1252 /* if some code is already present, then the pages are already
1253 protected. So we handle the case where only the first TB is
1254 allocated in a physical page */
1255 if (!page_already_protected) {
1256 tlb_protect_code(page_addr);
1257 }
1258 #endif
1259
1260 #endif /* TARGET_HAS_SMC */
1261 }
1262
1263 /* add a new TB and link it to the physical page tables. phys_page2 is
1264 (-1) to indicate that only one page contains the TB. */
1265 static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
1266 tb_page_addr_t phys_page2)
1267 {
1268 unsigned int h;
1269 TranslationBlock **ptb;
1270
1271 /* Grab the mmap lock to stop another thread invalidating this TB
1272 before we are done. */
1273 mmap_lock();
1274 /* add in the physical hash table */
1275 h = tb_phys_hash_func(phys_pc);
1276 ptb = &tcg_ctx.tb_ctx.tb_phys_hash[h];
1277 tb->phys_hash_next = *ptb;
1278 *ptb = tb;
1279
1280 /* add in the page list */
1281 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1282 if (phys_page2 != -1) {
1283 tb_alloc_page(tb, 1, phys_page2);
1284 } else {
1285 tb->page_addr[1] = -1;
1286 }
1287
1288 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
1289 tb->jmp_next[0] = NULL;
1290 tb->jmp_next[1] = NULL;
1291
1292 /* init original jump addresses */
1293 if (tb->tb_next_offset[0] != 0xffff) {
1294 tb_reset_jump(tb, 0);
1295 }
1296 if (tb->tb_next_offset[1] != 0xffff) {
1297 tb_reset_jump(tb, 1);
1298 }
1299
1300 #ifdef DEBUG_TB_CHECK
1301 tb_page_check();
1302 #endif
1303 mmap_unlock();
1304 }
1305
1306 #if defined(CONFIG_QEMU_LDST_OPTIMIZATION) && defined(CONFIG_SOFTMMU)
1307 /* check whether the given addr is in TCG generated code buffer or not */
1308 bool is_tcg_gen_code(uintptr_t tc_ptr)
1309 {
1310 /* This can be called during code generation, code_gen_buffer_size
1311 is used instead of code_gen_ptr for upper boundary checking */
1312 return (tc_ptr >= (uintptr_t)tcg_ctx.code_gen_buffer &&
1313 tc_ptr < (uintptr_t)(tcg_ctx.code_gen_buffer +
1314 tcg_ctx.code_gen_buffer_size));
1315 }
1316 #endif
1317
1318 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1319 tb[1].tc_ptr. Return NULL if not found */
1320 static TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
1321 {
1322 int m_min, m_max, m;
1323 uintptr_t v;
1324 TranslationBlock *tb;
1325
1326 if (tcg_ctx.tb_ctx.nb_tbs <= 0) {
1327 return NULL;
1328 }
1329 if (tc_ptr < (uintptr_t)tcg_ctx.code_gen_buffer ||
1330 tc_ptr >= (uintptr_t)tcg_ctx.code_gen_ptr) {
1331 return NULL;
1332 }
1333 /* binary search (cf Knuth) */
1334 m_min = 0;
1335 m_max = tcg_ctx.tb_ctx.nb_tbs - 1;
1336 while (m_min <= m_max) {
1337 m = (m_min + m_max) >> 1;
1338 tb = &tcg_ctx.tb_ctx.tbs[m];
1339 v = (uintptr_t)tb->tc_ptr;
1340 if (v == tc_ptr) {
1341 return tb;
1342 } else if (tc_ptr < v) {
1343 m_max = m - 1;
1344 } else {
1345 m_min = m + 1;
1346 }
1347 }
1348 return &tcg_ctx.tb_ctx.tbs[m_max];
1349 }
1350
1351 #if defined(TARGET_HAS_ICE) && !defined(CONFIG_USER_ONLY)
1352 void tb_invalidate_phys_addr(hwaddr addr)
1353 {
1354 ram_addr_t ram_addr;
1355 MemoryRegionSection *section;
1356
1357 section = phys_page_find(address_space_memory.dispatch,
1358 addr >> TARGET_PAGE_BITS);
1359 if (!(memory_region_is_ram(section->mr)
1360 || (section->mr->rom_device && section->mr->readable))) {
1361 return;
1362 }
1363 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1364 + memory_region_section_addr(section, addr);
1365 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1366 }
1367 #endif /* TARGET_HAS_ICE && !defined(CONFIG_USER_ONLY) */
1368
1369 void tb_check_watchpoint(CPUArchState *env)
1370 {
1371 TranslationBlock *tb;
1372
1373 tb = tb_find_pc(env->mem_io_pc);
1374 if (!tb) {
1375 cpu_abort(env, "check_watchpoint: could not find TB for pc=%p",
1376 (void *)env->mem_io_pc);
1377 }
1378 cpu_restore_state_from_tb(tb, env, env->mem_io_pc);
1379 tb_phys_invalidate(tb, -1);
1380 }
1381
1382 #ifndef CONFIG_USER_ONLY
1383 /* mask must never be zero, except for A20 change call */
1384 static void tcg_handle_interrupt(CPUState *cpu, int mask)
1385 {
1386 CPUArchState *env = cpu->env_ptr;
1387 int old_mask;
1388
1389 old_mask = cpu->interrupt_request;
1390 cpu->interrupt_request |= mask;
1391
1392 /*
1393 * If called from iothread context, wake the target cpu in
1394 * case its halted.
1395 */
1396 if (!qemu_cpu_is_self(cpu)) {
1397 qemu_cpu_kick(cpu);
1398 return;
1399 }
1400
1401 if (use_icount) {
1402 env->icount_decr.u16.high = 0xffff;
1403 if (!can_do_io(env)
1404 && (mask & ~old_mask) != 0) {
1405 cpu_abort(env, "Raised interrupt while not in I/O function");
1406 }
1407 } else {
1408 cpu->tcg_exit_req = 1;
1409 }
1410 }
1411
1412 CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1413
1414 /* in deterministic execution mode, instructions doing device I/Os
1415 must be at the end of the TB */
1416 void cpu_io_recompile(CPUArchState *env, uintptr_t retaddr)
1417 {
1418 TranslationBlock *tb;
1419 uint32_t n, cflags;
1420 target_ulong pc, cs_base;
1421 uint64_t flags;
1422
1423 tb = tb_find_pc(retaddr);
1424 if (!tb) {
1425 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
1426 (void *)retaddr);
1427 }
1428 n = env->icount_decr.u16.low + tb->icount;
1429 cpu_restore_state_from_tb(tb, env, retaddr);
1430 /* Calculate how many instructions had been executed before the fault
1431 occurred. */
1432 n = n - env->icount_decr.u16.low;
1433 /* Generate a new TB ending on the I/O insn. */
1434 n++;
1435 /* On MIPS and SH, delay slot instructions can only be restarted if
1436 they were already the first instruction in the TB. If this is not
1437 the first instruction in a TB then re-execute the preceding
1438 branch. */
1439 #if defined(TARGET_MIPS)
1440 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
1441 env->active_tc.PC -= 4;
1442 env->icount_decr.u16.low++;
1443 env->hflags &= ~MIPS_HFLAG_BMASK;
1444 }
1445 #elif defined(TARGET_SH4)
1446 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
1447 && n > 1) {
1448 env->pc -= 2;
1449 env->icount_decr.u16.low++;
1450 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
1451 }
1452 #endif
1453 /* This should never happen. */
1454 if (n > CF_COUNT_MASK) {
1455 cpu_abort(env, "TB too big during recompile");
1456 }
1457
1458 cflags = n | CF_LAST_IO;
1459 pc = tb->pc;
1460 cs_base = tb->cs_base;
1461 flags = tb->flags;
1462 tb_phys_invalidate(tb, -1);
1463 /* FIXME: In theory this could raise an exception. In practice
1464 we have already translated the block once so it's probably ok. */
1465 tb_gen_code(env, pc, cs_base, flags, cflags);
1466 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
1467 the first in the TB) then we end up generating a whole new TB and
1468 repeating the fault, which is horribly inefficient.
1469 Better would be to execute just this insn uncached, or generate a
1470 second new TB. */
1471 cpu_resume_from_signal(env, NULL);
1472 }
1473
1474 void tb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
1475 {
1476 unsigned int i;
1477
1478 /* Discard jump cache entries for any tb which might potentially
1479 overlap the flushed page. */
1480 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1481 memset(&env->tb_jmp_cache[i], 0,
1482 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1483
1484 i = tb_jmp_cache_hash_page(addr);
1485 memset(&env->tb_jmp_cache[i], 0,
1486 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1487 }
1488
1489 void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
1490 {
1491 int i, target_code_size, max_target_code_size;
1492 int direct_jmp_count, direct_jmp2_count, cross_page;
1493 TranslationBlock *tb;
1494
1495 target_code_size = 0;
1496 max_target_code_size = 0;
1497 cross_page = 0;
1498 direct_jmp_count = 0;
1499 direct_jmp2_count = 0;
1500 for (i = 0; i < tcg_ctx.tb_ctx.nb_tbs; i++) {
1501 tb = &tcg_ctx.tb_ctx.tbs[i];
1502 target_code_size += tb->size;
1503 if (tb->size > max_target_code_size) {
1504 max_target_code_size = tb->size;
1505 }
1506 if (tb->page_addr[1] != -1) {
1507 cross_page++;
1508 }
1509 if (tb->tb_next_offset[0] != 0xffff) {
1510 direct_jmp_count++;
1511 if (tb->tb_next_offset[1] != 0xffff) {
1512 direct_jmp2_count++;
1513 }
1514 }
1515 }
1516 /* XXX: avoid using doubles ? */
1517 cpu_fprintf(f, "Translation buffer state:\n");
1518 cpu_fprintf(f, "gen code size %td/%zd\n",
1519 tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer,
1520 tcg_ctx.code_gen_buffer_max_size);
1521 cpu_fprintf(f, "TB count %d/%d\n",
1522 tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.code_gen_max_blocks);
1523 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
1524 tcg_ctx.tb_ctx.nb_tbs ? target_code_size /
1525 tcg_ctx.tb_ctx.nb_tbs : 0,
1526 max_target_code_size);
1527 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
1528 tcg_ctx.tb_ctx.nb_tbs ? (tcg_ctx.code_gen_ptr -
1529 tcg_ctx.code_gen_buffer) /
1530 tcg_ctx.tb_ctx.nb_tbs : 0,
1531 target_code_size ? (double) (tcg_ctx.code_gen_ptr -
1532 tcg_ctx.code_gen_buffer) /
1533 target_code_size : 0);
1534 cpu_fprintf(f, "cross page TB count %d (%d%%)\n", cross_page,
1535 tcg_ctx.tb_ctx.nb_tbs ? (cross_page * 100) /
1536 tcg_ctx.tb_ctx.nb_tbs : 0);
1537 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
1538 direct_jmp_count,
1539 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp_count * 100) /
1540 tcg_ctx.tb_ctx.nb_tbs : 0,
1541 direct_jmp2_count,
1542 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp2_count * 100) /
1543 tcg_ctx.tb_ctx.nb_tbs : 0);
1544 cpu_fprintf(f, "\nStatistics:\n");
1545 cpu_fprintf(f, "TB flush count %d\n", tcg_ctx.tb_ctx.tb_flush_count);
1546 cpu_fprintf(f, "TB invalidate count %d\n",
1547 tcg_ctx.tb_ctx.tb_phys_invalidate_count);
1548 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
1549 tcg_dump_info(f, cpu_fprintf);
1550 }
1551
1552 #else /* CONFIG_USER_ONLY */
1553
1554 void cpu_interrupt(CPUState *cpu, int mask)
1555 {
1556 cpu->interrupt_request |= mask;
1557 cpu->tcg_exit_req = 1;
1558 }
1559
1560 /*
1561 * Walks guest process memory "regions" one by one
1562 * and calls callback function 'fn' for each region.
1563 */
1564 struct walk_memory_regions_data {
1565 walk_memory_regions_fn fn;
1566 void *priv;
1567 uintptr_t start;
1568 int prot;
1569 };
1570
1571 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
1572 abi_ulong end, int new_prot)
1573 {
1574 if (data->start != -1ul) {
1575 int rc = data->fn(data->priv, data->start, end, data->prot);
1576 if (rc != 0) {
1577 return rc;
1578 }
1579 }
1580
1581 data->start = (new_prot ? end : -1ul);
1582 data->prot = new_prot;
1583
1584 return 0;
1585 }
1586
1587 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
1588 abi_ulong base, int level, void **lp)
1589 {
1590 abi_ulong pa;
1591 int i, rc;
1592
1593 if (*lp == NULL) {
1594 return walk_memory_regions_end(data, base, 0);
1595 }
1596
1597 if (level == 0) {
1598 PageDesc *pd = *lp;
1599
1600 for (i = 0; i < L2_SIZE; ++i) {
1601 int prot = pd[i].flags;
1602
1603 pa = base | (i << TARGET_PAGE_BITS);
1604 if (prot != data->prot) {
1605 rc = walk_memory_regions_end(data, pa, prot);
1606 if (rc != 0) {
1607 return rc;
1608 }
1609 }
1610 }
1611 } else {
1612 void **pp = *lp;
1613
1614 for (i = 0; i < L2_SIZE; ++i) {
1615 pa = base | ((abi_ulong)i <<
1616 (TARGET_PAGE_BITS + L2_BITS * level));
1617 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
1618 if (rc != 0) {
1619 return rc;
1620 }
1621 }
1622 }
1623
1624 return 0;
1625 }
1626
1627 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
1628 {
1629 struct walk_memory_regions_data data;
1630 uintptr_t i;
1631
1632 data.fn = fn;
1633 data.priv = priv;
1634 data.start = -1ul;
1635 data.prot = 0;
1636
1637 for (i = 0; i < V_L1_SIZE; i++) {
1638 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
1639 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
1640
1641 if (rc != 0) {
1642 return rc;
1643 }
1644 }
1645
1646 return walk_memory_regions_end(&data, 0, 0);
1647 }
1648
1649 static int dump_region(void *priv, abi_ulong start,
1650 abi_ulong end, unsigned long prot)
1651 {
1652 FILE *f = (FILE *)priv;
1653
1654 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
1655 " "TARGET_ABI_FMT_lx" %c%c%c\n",
1656 start, end, end - start,
1657 ((prot & PAGE_READ) ? 'r' : '-'),
1658 ((prot & PAGE_WRITE) ? 'w' : '-'),
1659 ((prot & PAGE_EXEC) ? 'x' : '-'));
1660
1661 return 0;
1662 }
1663
1664 /* dump memory mappings */
1665 void page_dump(FILE *f)
1666 {
1667 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
1668 "start", "end", "size", "prot");
1669 walk_memory_regions(f, dump_region);
1670 }
1671
1672 int page_get_flags(target_ulong address)
1673 {
1674 PageDesc *p;
1675
1676 p = page_find(address >> TARGET_PAGE_BITS);
1677 if (!p) {
1678 return 0;
1679 }
1680 return p->flags;
1681 }
1682
1683 /* Modify the flags of a page and invalidate the code if necessary.
1684 The flag PAGE_WRITE_ORG is positioned automatically depending
1685 on PAGE_WRITE. The mmap_lock should already be held. */
1686 void page_set_flags(target_ulong start, target_ulong end, int flags)
1687 {
1688 target_ulong addr, len;
1689
1690 /* This function should never be called with addresses outside the
1691 guest address space. If this assert fires, it probably indicates
1692 a missing call to h2g_valid. */
1693 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
1694 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
1695 #endif
1696 assert(start < end);
1697
1698 start = start & TARGET_PAGE_MASK;
1699 end = TARGET_PAGE_ALIGN(end);
1700
1701 if (flags & PAGE_WRITE) {
1702 flags |= PAGE_WRITE_ORG;
1703 }
1704
1705 for (addr = start, len = end - start;
1706 len != 0;
1707 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
1708 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
1709
1710 /* If the write protection bit is set, then we invalidate
1711 the code inside. */
1712 if (!(p->flags & PAGE_WRITE) &&
1713 (flags & PAGE_WRITE) &&
1714 p->first_tb) {
1715 tb_invalidate_phys_page(addr, 0, NULL);
1716 }
1717 p->flags = flags;
1718 }
1719 }
1720
1721 int page_check_range(target_ulong start, target_ulong len, int flags)
1722 {
1723 PageDesc *p;
1724 target_ulong end;
1725 target_ulong addr;
1726
1727 /* This function should never be called with addresses outside the
1728 guest address space. If this assert fires, it probably indicates
1729 a missing call to h2g_valid. */
1730 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
1731 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
1732 #endif
1733
1734 if (len == 0) {
1735 return 0;
1736 }
1737 if (start + len - 1 < start) {
1738 /* We've wrapped around. */
1739 return -1;
1740 }
1741
1742 /* must do before we loose bits in the next step */
1743 end = TARGET_PAGE_ALIGN(start + len);
1744 start = start & TARGET_PAGE_MASK;
1745
1746 for (addr = start, len = end - start;
1747 len != 0;
1748 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
1749 p = page_find(addr >> TARGET_PAGE_BITS);
1750 if (!p) {
1751 return -1;
1752 }
1753 if (!(p->flags & PAGE_VALID)) {
1754 return -1;
1755 }
1756
1757 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ)) {
1758 return -1;
1759 }
1760 if (flags & PAGE_WRITE) {
1761 if (!(p->flags & PAGE_WRITE_ORG)) {
1762 return -1;
1763 }
1764 /* unprotect the page if it was put read-only because it
1765 contains translated code */
1766 if (!(p->flags & PAGE_WRITE)) {
1767 if (!page_unprotect(addr, 0, NULL)) {
1768 return -1;
1769 }
1770 }
1771 return 0;
1772 }
1773 }
1774 return 0;
1775 }
1776
1777 /* called from signal handler: invalidate the code and unprotect the
1778 page. Return TRUE if the fault was successfully handled. */
1779 int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
1780 {
1781 unsigned int prot;
1782 PageDesc *p;
1783 target_ulong host_start, host_end, addr;
1784
1785 /* Technically this isn't safe inside a signal handler. However we
1786 know this only ever happens in a synchronous SEGV handler, so in
1787 practice it seems to be ok. */
1788 mmap_lock();
1789
1790 p = page_find(address >> TARGET_PAGE_BITS);
1791 if (!p) {
1792 mmap_unlock();
1793 return 0;
1794 }
1795
1796 /* if the page was really writable, then we change its
1797 protection back to writable */
1798 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
1799 host_start = address & qemu_host_page_mask;
1800 host_end = host_start + qemu_host_page_size;
1801
1802 prot = 0;
1803 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
1804 p = page_find(addr >> TARGET_PAGE_BITS);
1805 p->flags |= PAGE_WRITE;
1806 prot |= p->flags;
1807
1808 /* and since the content will be modified, we must invalidate
1809 the corresponding translated code. */
1810 tb_invalidate_phys_page(addr, pc, puc);
1811 #ifdef DEBUG_TB_CHECK
1812 tb_invalidate_check(addr);
1813 #endif
1814 }
1815 mprotect((void *)g2h(host_start), qemu_host_page_size,
1816 prot & PAGE_BITS);
1817
1818 mmap_unlock();
1819 return 1;
1820 }
1821 mmap_unlock();
1822 return 0;
1823 }
1824 #endif /* CONFIG_USER_ONLY */
Random patches