target-ppc: dump-guest-memory support
[qemu/kevin.git] / exec.c
blob2e31ffcb2c17e798073bfe561480a2301a2fee8e
1 /*
2 * Virtual page mapping
4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "config.h"
20 #ifdef _WIN32
21 #include <windows.h>
22 #else
23 #include <sys/types.h>
24 #include <sys/mman.h>
25 #endif
27 #include "qemu-common.h"
28 #include "cpu.h"
29 #include "tcg.h"
30 #include "hw/hw.h"
31 #include "hw/qdev.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "sysemu/sysemu.h"
35 #include "hw/xen/xen.h"
36 #include "qemu/timer.h"
37 #include "qemu/config-file.h"
38 #include "exec/memory.h"
39 #include "sysemu/dma.h"
40 #include "exec/address-spaces.h"
41 #if defined(CONFIG_USER_ONLY)
42 #include <qemu.h>
43 #else /* !CONFIG_USER_ONLY */
44 #include "sysemu/xen-mapcache.h"
45 #include "trace.h"
46 #endif
47 #include "exec/cpu-all.h"
49 #include "exec/cputlb.h"
50 #include "translate-all.h"
52 #include "exec/memory-internal.h"
54 //#define DEBUG_SUBPAGE
56 #if !defined(CONFIG_USER_ONLY)
57 static int in_migration;
59 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
61 static MemoryRegion *system_memory;
62 static MemoryRegion *system_io;
64 AddressSpace address_space_io;
65 AddressSpace address_space_memory;
67 MemoryRegion io_mem_rom, io_mem_notdirty;
68 static MemoryRegion io_mem_unassigned;
70 #endif
72 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
73 /* current CPU in the current thread. It is only valid inside
74 cpu_exec() */
75 DEFINE_TLS(CPUState *, current_cpu);
76 /* 0 = Do not count executed instructions.
77 1 = Precise instruction counting.
78 2 = Adaptive rate instruction counting. */
79 int use_icount;
81 #if !defined(CONFIG_USER_ONLY)
83 typedef struct PhysPageEntry PhysPageEntry;
85 struct PhysPageEntry {
86 uint16_t is_leaf : 1;
87 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
88 uint16_t ptr : 15;
91 typedef PhysPageEntry Node[L2_SIZE];
93 struct AddressSpaceDispatch {
94 /* This is a multi-level map on the physical address space.
95 * The bottom level has pointers to MemoryRegionSections.
97 PhysPageEntry phys_map;
98 Node *nodes;
99 MemoryRegionSection *sections;
100 AddressSpace *as;
103 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
104 typedef struct subpage_t {
105 MemoryRegion iomem;
106 AddressSpace *as;
107 hwaddr base;
108 uint16_t sub_section[TARGET_PAGE_SIZE];
109 } subpage_t;
111 #define PHYS_SECTION_UNASSIGNED 0
112 #define PHYS_SECTION_NOTDIRTY 1
113 #define PHYS_SECTION_ROM 2
114 #define PHYS_SECTION_WATCH 3
116 typedef struct PhysPageMap {
117 unsigned sections_nb;
118 unsigned sections_nb_alloc;
119 unsigned nodes_nb;
120 unsigned nodes_nb_alloc;
121 Node *nodes;
122 MemoryRegionSection *sections;
123 } PhysPageMap;
125 static PhysPageMap *prev_map;
126 static PhysPageMap next_map;
128 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
130 static void io_mem_init(void);
131 static void memory_map_init(void);
133 static MemoryRegion io_mem_watch;
134 #endif
136 #if !defined(CONFIG_USER_ONLY)
138 static void phys_map_node_reserve(unsigned nodes)
140 if (next_map.nodes_nb + nodes > next_map.nodes_nb_alloc) {
141 next_map.nodes_nb_alloc = MAX(next_map.nodes_nb_alloc * 2,
142 16);
143 next_map.nodes_nb_alloc = MAX(next_map.nodes_nb_alloc,
144 next_map.nodes_nb + nodes);
145 next_map.nodes = g_renew(Node, next_map.nodes,
146 next_map.nodes_nb_alloc);
150 static uint16_t phys_map_node_alloc(void)
152 unsigned i;
153 uint16_t ret;
155 ret = next_map.nodes_nb++;
156 assert(ret != PHYS_MAP_NODE_NIL);
157 assert(ret != next_map.nodes_nb_alloc);
158 for (i = 0; i < L2_SIZE; ++i) {
159 next_map.nodes[ret][i].is_leaf = 0;
160 next_map.nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
162 return ret;
165 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
166 hwaddr *nb, uint16_t leaf,
167 int level)
169 PhysPageEntry *p;
170 int i;
171 hwaddr step = (hwaddr)1 << (level * L2_BITS);
173 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
174 lp->ptr = phys_map_node_alloc();
175 p = next_map.nodes[lp->ptr];
176 if (level == 0) {
177 for (i = 0; i < L2_SIZE; i++) {
178 p[i].is_leaf = 1;
179 p[i].ptr = PHYS_SECTION_UNASSIGNED;
182 } else {
183 p = next_map.nodes[lp->ptr];
185 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
187 while (*nb && lp < &p[L2_SIZE]) {
188 if ((*index & (step - 1)) == 0 && *nb >= step) {
189 lp->is_leaf = true;
190 lp->ptr = leaf;
191 *index += step;
192 *nb -= step;
193 } else {
194 phys_page_set_level(lp, index, nb, leaf, level - 1);
196 ++lp;
200 static void phys_page_set(AddressSpaceDispatch *d,
201 hwaddr index, hwaddr nb,
202 uint16_t leaf)
204 /* Wildly overreserve - it doesn't matter much. */
205 phys_map_node_reserve(3 * P_L2_LEVELS);
207 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
210 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr index,
211 Node *nodes, MemoryRegionSection *sections)
213 PhysPageEntry *p;
214 int i;
216 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
217 if (lp.ptr == PHYS_MAP_NODE_NIL) {
218 return &sections[PHYS_SECTION_UNASSIGNED];
220 p = nodes[lp.ptr];
221 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
223 return &sections[lp.ptr];
226 bool memory_region_is_unassigned(MemoryRegion *mr)
228 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
229 && mr != &io_mem_watch;
232 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
233 hwaddr addr,
234 bool resolve_subpage)
236 MemoryRegionSection *section;
237 subpage_t *subpage;
239 section = phys_page_find(d->phys_map, addr >> TARGET_PAGE_BITS,
240 d->nodes, d->sections);
241 if (resolve_subpage && section->mr->subpage) {
242 subpage = container_of(section->mr, subpage_t, iomem);
243 section = &d->sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
245 return section;
248 static MemoryRegionSection *
249 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
250 hwaddr *plen, bool resolve_subpage)
252 MemoryRegionSection *section;
253 Int128 diff;
255 section = address_space_lookup_region(d, addr, resolve_subpage);
256 /* Compute offset within MemoryRegionSection */
257 addr -= section->offset_within_address_space;
259 /* Compute offset within MemoryRegion */
260 *xlat = addr + section->offset_within_region;
262 diff = int128_sub(section->mr->size, int128_make64(addr));
263 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
264 return section;
267 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
268 hwaddr *xlat, hwaddr *plen,
269 bool is_write)
271 IOMMUTLBEntry iotlb;
272 MemoryRegionSection *section;
273 MemoryRegion *mr;
274 hwaddr len = *plen;
276 for (;;) {
277 section = address_space_translate_internal(as->dispatch, addr, &addr, plen, true);
278 mr = section->mr;
280 if (!mr->iommu_ops) {
281 break;
284 iotlb = mr->iommu_ops->translate(mr, addr);
285 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
286 | (addr & iotlb.addr_mask));
287 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
288 if (!(iotlb.perm & (1 << is_write))) {
289 mr = &io_mem_unassigned;
290 break;
293 as = iotlb.target_as;
296 *plen = len;
297 *xlat = addr;
298 return mr;
301 MemoryRegionSection *
302 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
303 hwaddr *plen)
305 MemoryRegionSection *section;
306 section = address_space_translate_internal(as->dispatch, addr, xlat, plen, false);
308 assert(!section->mr->iommu_ops);
309 return section;
311 #endif
313 void cpu_exec_init_all(void)
315 #if !defined(CONFIG_USER_ONLY)
316 qemu_mutex_init(&ram_list.mutex);
317 memory_map_init();
318 io_mem_init();
319 #endif
322 #if !defined(CONFIG_USER_ONLY)
324 static int cpu_common_post_load(void *opaque, int version_id)
326 CPUState *cpu = opaque;
328 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
329 version_id is increased. */
330 cpu->interrupt_request &= ~0x01;
331 tlb_flush(cpu->env_ptr, 1);
333 return 0;
336 const VMStateDescription vmstate_cpu_common = {
337 .name = "cpu_common",
338 .version_id = 1,
339 .minimum_version_id = 1,
340 .minimum_version_id_old = 1,
341 .post_load = cpu_common_post_load,
342 .fields = (VMStateField []) {
343 VMSTATE_UINT32(halted, CPUState),
344 VMSTATE_UINT32(interrupt_request, CPUState),
345 VMSTATE_END_OF_LIST()
349 #endif
351 CPUState *qemu_get_cpu(int index)
353 CPUState *cpu;
355 CPU_FOREACH(cpu) {
356 if (cpu->cpu_index == index) {
357 return cpu;
361 return NULL;
364 void cpu_exec_init(CPUArchState *env)
366 CPUState *cpu = ENV_GET_CPU(env);
367 CPUClass *cc = CPU_GET_CLASS(cpu);
368 CPUState *some_cpu;
369 int cpu_index;
371 #if defined(CONFIG_USER_ONLY)
372 cpu_list_lock();
373 #endif
374 cpu_index = 0;
375 CPU_FOREACH(some_cpu) {
376 cpu_index++;
378 cpu->cpu_index = cpu_index;
379 cpu->numa_node = 0;
380 QTAILQ_INIT(&env->breakpoints);
381 QTAILQ_INIT(&env->watchpoints);
382 #ifndef CONFIG_USER_ONLY
383 cpu->thread_id = qemu_get_thread_id();
384 #endif
385 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
386 #if defined(CONFIG_USER_ONLY)
387 cpu_list_unlock();
388 #endif
389 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
390 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
392 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
393 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
394 cpu_save, cpu_load, env);
395 assert(cc->vmsd == NULL);
396 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
397 #endif
398 if (cc->vmsd != NULL) {
399 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
403 #if defined(TARGET_HAS_ICE)
404 #if defined(CONFIG_USER_ONLY)
405 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
407 tb_invalidate_phys_page_range(pc, pc + 1, 0);
409 #else
410 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
412 tb_invalidate_phys_addr(cpu_get_phys_page_debug(cpu, pc) |
413 (pc & ~TARGET_PAGE_MASK));
415 #endif
416 #endif /* TARGET_HAS_ICE */
418 #if defined(CONFIG_USER_ONLY)
419 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
424 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
425 int flags, CPUWatchpoint **watchpoint)
427 return -ENOSYS;
429 #else
430 /* Add a watchpoint. */
431 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
432 int flags, CPUWatchpoint **watchpoint)
434 target_ulong len_mask = ~(len - 1);
435 CPUWatchpoint *wp;
437 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
438 if ((len & (len - 1)) || (addr & ~len_mask) ||
439 len == 0 || len > TARGET_PAGE_SIZE) {
440 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
441 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
442 return -EINVAL;
444 wp = g_malloc(sizeof(*wp));
446 wp->vaddr = addr;
447 wp->len_mask = len_mask;
448 wp->flags = flags;
450 /* keep all GDB-injected watchpoints in front */
451 if (flags & BP_GDB)
452 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
453 else
454 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
456 tlb_flush_page(env, addr);
458 if (watchpoint)
459 *watchpoint = wp;
460 return 0;
463 /* Remove a specific watchpoint. */
464 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
465 int flags)
467 target_ulong len_mask = ~(len - 1);
468 CPUWatchpoint *wp;
470 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
471 if (addr == wp->vaddr && len_mask == wp->len_mask
472 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
473 cpu_watchpoint_remove_by_ref(env, wp);
474 return 0;
477 return -ENOENT;
480 /* Remove a specific watchpoint by reference. */
481 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
483 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
485 tlb_flush_page(env, watchpoint->vaddr);
487 g_free(watchpoint);
490 /* Remove all matching watchpoints. */
491 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
493 CPUWatchpoint *wp, *next;
495 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
496 if (wp->flags & mask)
497 cpu_watchpoint_remove_by_ref(env, wp);
500 #endif
502 /* Add a breakpoint. */
503 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
504 CPUBreakpoint **breakpoint)
506 #if defined(TARGET_HAS_ICE)
507 CPUBreakpoint *bp;
509 bp = g_malloc(sizeof(*bp));
511 bp->pc = pc;
512 bp->flags = flags;
514 /* keep all GDB-injected breakpoints in front */
515 if (flags & BP_GDB) {
516 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
517 } else {
518 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
521 breakpoint_invalidate(ENV_GET_CPU(env), pc);
523 if (breakpoint) {
524 *breakpoint = bp;
526 return 0;
527 #else
528 return -ENOSYS;
529 #endif
532 /* Remove a specific breakpoint. */
533 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
535 #if defined(TARGET_HAS_ICE)
536 CPUBreakpoint *bp;
538 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
539 if (bp->pc == pc && bp->flags == flags) {
540 cpu_breakpoint_remove_by_ref(env, bp);
541 return 0;
544 return -ENOENT;
545 #else
546 return -ENOSYS;
547 #endif
550 /* Remove a specific breakpoint by reference. */
551 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
553 #if defined(TARGET_HAS_ICE)
554 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
556 breakpoint_invalidate(ENV_GET_CPU(env), breakpoint->pc);
558 g_free(breakpoint);
559 #endif
562 /* Remove all matching breakpoints. */
563 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
565 #if defined(TARGET_HAS_ICE)
566 CPUBreakpoint *bp, *next;
568 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
569 if (bp->flags & mask)
570 cpu_breakpoint_remove_by_ref(env, bp);
572 #endif
575 /* enable or disable single step mode. EXCP_DEBUG is returned by the
576 CPU loop after each instruction */
577 void cpu_single_step(CPUState *cpu, int enabled)
579 #if defined(TARGET_HAS_ICE)
580 if (cpu->singlestep_enabled != enabled) {
581 cpu->singlestep_enabled = enabled;
582 if (kvm_enabled()) {
583 kvm_update_guest_debug(cpu, 0);
584 } else {
585 /* must flush all the translated code to avoid inconsistencies */
586 /* XXX: only flush what is necessary */
587 CPUArchState *env = cpu->env_ptr;
588 tb_flush(env);
591 #endif
594 void cpu_abort(CPUArchState *env, const char *fmt, ...)
596 CPUState *cpu = ENV_GET_CPU(env);
597 va_list ap;
598 va_list ap2;
600 va_start(ap, fmt);
601 va_copy(ap2, ap);
602 fprintf(stderr, "qemu: fatal: ");
603 vfprintf(stderr, fmt, ap);
604 fprintf(stderr, "\n");
605 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
606 if (qemu_log_enabled()) {
607 qemu_log("qemu: fatal: ");
608 qemu_log_vprintf(fmt, ap2);
609 qemu_log("\n");
610 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
611 qemu_log_flush();
612 qemu_log_close();
614 va_end(ap2);
615 va_end(ap);
616 #if defined(CONFIG_USER_ONLY)
618 struct sigaction act;
619 sigfillset(&act.sa_mask);
620 act.sa_handler = SIG_DFL;
621 sigaction(SIGABRT, &act, NULL);
623 #endif
624 abort();
627 #if !defined(CONFIG_USER_ONLY)
628 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
630 RAMBlock *block;
632 /* The list is protected by the iothread lock here. */
633 block = ram_list.mru_block;
634 if (block && addr - block->offset < block->length) {
635 goto found;
637 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
638 if (addr - block->offset < block->length) {
639 goto found;
643 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
644 abort();
646 found:
647 ram_list.mru_block = block;
648 return block;
651 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
652 uintptr_t length)
654 RAMBlock *block;
655 ram_addr_t start1;
657 block = qemu_get_ram_block(start);
658 assert(block == qemu_get_ram_block(end - 1));
659 start1 = (uintptr_t)block->host + (start - block->offset);
660 cpu_tlb_reset_dirty_all(start1, length);
663 /* Note: start and end must be within the same ram block. */
664 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
665 int dirty_flags)
667 uintptr_t length;
669 start &= TARGET_PAGE_MASK;
670 end = TARGET_PAGE_ALIGN(end);
672 length = end - start;
673 if (length == 0)
674 return;
675 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
677 if (tcg_enabled()) {
678 tlb_reset_dirty_range_all(start, end, length);
682 static int cpu_physical_memory_set_dirty_tracking(int enable)
684 int ret = 0;
685 in_migration = enable;
686 return ret;
689 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
690 MemoryRegionSection *section,
691 target_ulong vaddr,
692 hwaddr paddr, hwaddr xlat,
693 int prot,
694 target_ulong *address)
696 hwaddr iotlb;
697 CPUWatchpoint *wp;
699 if (memory_region_is_ram(section->mr)) {
700 /* Normal RAM. */
701 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
702 + xlat;
703 if (!section->readonly) {
704 iotlb |= PHYS_SECTION_NOTDIRTY;
705 } else {
706 iotlb |= PHYS_SECTION_ROM;
708 } else {
709 iotlb = section - address_space_memory.dispatch->sections;
710 iotlb += xlat;
713 /* Make accesses to pages with watchpoints go via the
714 watchpoint trap routines. */
715 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
716 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
717 /* Avoid trapping reads of pages with a write breakpoint. */
718 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
719 iotlb = PHYS_SECTION_WATCH + paddr;
720 *address |= TLB_MMIO;
721 break;
726 return iotlb;
728 #endif /* defined(CONFIG_USER_ONLY) */
730 #if !defined(CONFIG_USER_ONLY)
732 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
733 uint16_t section);
734 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
736 static void *(*phys_mem_alloc)(size_t size) = qemu_anon_ram_alloc;
739 * Set a custom physical guest memory alloator.
740 * Accelerators with unusual needs may need this. Hopefully, we can
741 * get rid of it eventually.
743 void phys_mem_set_alloc(void *(*alloc)(size_t))
745 phys_mem_alloc = alloc;
748 static uint16_t phys_section_add(MemoryRegionSection *section)
750 /* The physical section number is ORed with a page-aligned
751 * pointer to produce the iotlb entries. Thus it should
752 * never overflow into the page-aligned value.
754 assert(next_map.sections_nb < TARGET_PAGE_SIZE);
756 if (next_map.sections_nb == next_map.sections_nb_alloc) {
757 next_map.sections_nb_alloc = MAX(next_map.sections_nb_alloc * 2,
758 16);
759 next_map.sections = g_renew(MemoryRegionSection, next_map.sections,
760 next_map.sections_nb_alloc);
762 next_map.sections[next_map.sections_nb] = *section;
763 memory_region_ref(section->mr);
764 return next_map.sections_nb++;
767 static void phys_section_destroy(MemoryRegion *mr)
769 memory_region_unref(mr);
771 if (mr->subpage) {
772 subpage_t *subpage = container_of(mr, subpage_t, iomem);
773 memory_region_destroy(&subpage->iomem);
774 g_free(subpage);
778 static void phys_sections_free(PhysPageMap *map)
780 while (map->sections_nb > 0) {
781 MemoryRegionSection *section = &map->sections[--map->sections_nb];
782 phys_section_destroy(section->mr);
784 g_free(map->sections);
785 g_free(map->nodes);
786 g_free(map);
789 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
791 subpage_t *subpage;
792 hwaddr base = section->offset_within_address_space
793 & TARGET_PAGE_MASK;
794 MemoryRegionSection *existing = phys_page_find(d->phys_map, base >> TARGET_PAGE_BITS,
795 next_map.nodes, next_map.sections);
796 MemoryRegionSection subsection = {
797 .offset_within_address_space = base,
798 .size = int128_make64(TARGET_PAGE_SIZE),
800 hwaddr start, end;
802 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
804 if (!(existing->mr->subpage)) {
805 subpage = subpage_init(d->as, base);
806 subsection.mr = &subpage->iomem;
807 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
808 phys_section_add(&subsection));
809 } else {
810 subpage = container_of(existing->mr, subpage_t, iomem);
812 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
813 end = start + int128_get64(section->size) - 1;
814 subpage_register(subpage, start, end, phys_section_add(section));
818 static void register_multipage(AddressSpaceDispatch *d,
819 MemoryRegionSection *section)
821 hwaddr start_addr = section->offset_within_address_space;
822 uint16_t section_index = phys_section_add(section);
823 uint64_t num_pages = int128_get64(int128_rshift(section->size,
824 TARGET_PAGE_BITS));
826 assert(num_pages);
827 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
830 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
832 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
833 AddressSpaceDispatch *d = as->next_dispatch;
834 MemoryRegionSection now = *section, remain = *section;
835 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
837 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
838 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
839 - now.offset_within_address_space;
841 now.size = int128_min(int128_make64(left), now.size);
842 register_subpage(d, &now);
843 } else {
844 now.size = int128_zero();
846 while (int128_ne(remain.size, now.size)) {
847 remain.size = int128_sub(remain.size, now.size);
848 remain.offset_within_address_space += int128_get64(now.size);
849 remain.offset_within_region += int128_get64(now.size);
850 now = remain;
851 if (int128_lt(remain.size, page_size)) {
852 register_subpage(d, &now);
853 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
854 now.size = page_size;
855 register_subpage(d, &now);
856 } else {
857 now.size = int128_and(now.size, int128_neg(page_size));
858 register_multipage(d, &now);
863 void qemu_flush_coalesced_mmio_buffer(void)
865 if (kvm_enabled())
866 kvm_flush_coalesced_mmio_buffer();
869 void qemu_mutex_lock_ramlist(void)
871 qemu_mutex_lock(&ram_list.mutex);
874 void qemu_mutex_unlock_ramlist(void)
876 qemu_mutex_unlock(&ram_list.mutex);
879 #ifdef __linux__
881 #include <sys/vfs.h>
883 #define HUGETLBFS_MAGIC 0x958458f6
885 static long gethugepagesize(const char *path)
887 struct statfs fs;
888 int ret;
890 do {
891 ret = statfs(path, &fs);
892 } while (ret != 0 && errno == EINTR);
894 if (ret != 0) {
895 perror(path);
896 return 0;
899 if (fs.f_type != HUGETLBFS_MAGIC)
900 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
902 return fs.f_bsize;
905 static void *file_ram_alloc(RAMBlock *block,
906 ram_addr_t memory,
907 const char *path)
909 char *filename;
910 char *sanitized_name;
911 char *c;
912 void *area;
913 int fd;
914 #ifdef MAP_POPULATE
915 int flags;
916 #endif
917 unsigned long hpagesize;
919 hpagesize = gethugepagesize(path);
920 if (!hpagesize) {
921 return NULL;
924 if (memory < hpagesize) {
925 return NULL;
928 if (kvm_enabled() && !kvm_has_sync_mmu()) {
929 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
930 return NULL;
933 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
934 sanitized_name = g_strdup(block->mr->name);
935 for (c = sanitized_name; *c != '\0'; c++) {
936 if (*c == '/')
937 *c = '_';
940 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
941 sanitized_name);
942 g_free(sanitized_name);
944 fd = mkstemp(filename);
945 if (fd < 0) {
946 perror("unable to create backing store for hugepages");
947 g_free(filename);
948 return NULL;
950 unlink(filename);
951 g_free(filename);
953 memory = (memory+hpagesize-1) & ~(hpagesize-1);
956 * ftruncate is not supported by hugetlbfs in older
957 * hosts, so don't bother bailing out on errors.
958 * If anything goes wrong with it under other filesystems,
959 * mmap will fail.
961 if (ftruncate(fd, memory))
962 perror("ftruncate");
964 #ifdef MAP_POPULATE
965 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
966 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
967 * to sidestep this quirk.
969 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
970 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
971 #else
972 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
973 #endif
974 if (area == MAP_FAILED) {
975 perror("file_ram_alloc: can't mmap RAM pages");
976 close(fd);
977 return (NULL);
979 block->fd = fd;
980 return area;
982 #else
983 static void *file_ram_alloc(RAMBlock *block,
984 ram_addr_t memory,
985 const char *path)
987 fprintf(stderr, "-mem-path not supported on this host\n");
988 exit(1);
990 #endif
992 static ram_addr_t find_ram_offset(ram_addr_t size)
994 RAMBlock *block, *next_block;
995 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
997 assert(size != 0); /* it would hand out same offset multiple times */
999 if (QTAILQ_EMPTY(&ram_list.blocks))
1000 return 0;
1002 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1003 ram_addr_t end, next = RAM_ADDR_MAX;
1005 end = block->offset + block->length;
1007 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1008 if (next_block->offset >= end) {
1009 next = MIN(next, next_block->offset);
1012 if (next - end >= size && next - end < mingap) {
1013 offset = end;
1014 mingap = next - end;
1018 if (offset == RAM_ADDR_MAX) {
1019 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1020 (uint64_t)size);
1021 abort();
1024 return offset;
1027 ram_addr_t last_ram_offset(void)
1029 RAMBlock *block;
1030 ram_addr_t last = 0;
1032 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1033 last = MAX(last, block->offset + block->length);
1035 return last;
1038 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1040 int ret;
1042 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1043 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1044 "dump-guest-core", true)) {
1045 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1046 if (ret) {
1047 perror("qemu_madvise");
1048 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1049 "but dump_guest_core=off specified\n");
1054 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1056 RAMBlock *new_block, *block;
1058 new_block = NULL;
1059 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1060 if (block->offset == addr) {
1061 new_block = block;
1062 break;
1065 assert(new_block);
1066 assert(!new_block->idstr[0]);
1068 if (dev) {
1069 char *id = qdev_get_dev_path(dev);
1070 if (id) {
1071 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1072 g_free(id);
1075 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1077 /* This assumes the iothread lock is taken here too. */
1078 qemu_mutex_lock_ramlist();
1079 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1080 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1081 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1082 new_block->idstr);
1083 abort();
1086 qemu_mutex_unlock_ramlist();
1089 static int memory_try_enable_merging(void *addr, size_t len)
1091 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
1092 /* disabled by the user */
1093 return 0;
1096 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1099 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1100 MemoryRegion *mr)
1102 RAMBlock *block, *new_block;
1104 size = TARGET_PAGE_ALIGN(size);
1105 new_block = g_malloc0(sizeof(*new_block));
1106 new_block->fd = -1;
1108 /* This assumes the iothread lock is taken here too. */
1109 qemu_mutex_lock_ramlist();
1110 new_block->mr = mr;
1111 new_block->offset = find_ram_offset(size);
1112 if (host) {
1113 new_block->host = host;
1114 new_block->flags |= RAM_PREALLOC_MASK;
1115 } else if (xen_enabled()) {
1116 if (mem_path) {
1117 fprintf(stderr, "-mem-path not supported with Xen\n");
1118 exit(1);
1120 xen_ram_alloc(new_block->offset, size, mr);
1121 } else {
1122 if (mem_path) {
1123 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1125 * file_ram_alloc() needs to allocate just like
1126 * phys_mem_alloc, but we haven't bothered to provide
1127 * a hook there.
1129 fprintf(stderr,
1130 "-mem-path not supported with this accelerator\n");
1131 exit(1);
1133 new_block->host = file_ram_alloc(new_block, size, mem_path);
1135 if (!new_block->host) {
1136 new_block->host = phys_mem_alloc(size);
1137 if (!new_block->host) {
1138 fprintf(stderr, "Cannot set up guest memory '%s': %s\n",
1139 new_block->mr->name, strerror(errno));
1140 exit(1);
1142 memory_try_enable_merging(new_block->host, size);
1145 new_block->length = size;
1147 /* Keep the list sorted from biggest to smallest block. */
1148 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1149 if (block->length < new_block->length) {
1150 break;
1153 if (block) {
1154 QTAILQ_INSERT_BEFORE(block, new_block, next);
1155 } else {
1156 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1158 ram_list.mru_block = NULL;
1160 ram_list.version++;
1161 qemu_mutex_unlock_ramlist();
1163 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1164 last_ram_offset() >> TARGET_PAGE_BITS);
1165 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1166 0, size >> TARGET_PAGE_BITS);
1167 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1169 qemu_ram_setup_dump(new_block->host, size);
1170 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1171 qemu_madvise(new_block->host, size, QEMU_MADV_DONTFORK);
1173 if (kvm_enabled())
1174 kvm_setup_guest_memory(new_block->host, size);
1176 return new_block->offset;
1179 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1181 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1184 void qemu_ram_free_from_ptr(ram_addr_t addr)
1186 RAMBlock *block;
1188 /* This assumes the iothread lock is taken here too. */
1189 qemu_mutex_lock_ramlist();
1190 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1191 if (addr == block->offset) {
1192 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1193 ram_list.mru_block = NULL;
1194 ram_list.version++;
1195 g_free(block);
1196 break;
1199 qemu_mutex_unlock_ramlist();
1202 void qemu_ram_free(ram_addr_t addr)
1204 RAMBlock *block;
1206 /* This assumes the iothread lock is taken here too. */
1207 qemu_mutex_lock_ramlist();
1208 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1209 if (addr == block->offset) {
1210 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1211 ram_list.mru_block = NULL;
1212 ram_list.version++;
1213 if (block->flags & RAM_PREALLOC_MASK) {
1215 } else if (xen_enabled()) {
1216 xen_invalidate_map_cache_entry(block->host);
1217 #ifndef _WIN32
1218 } else if (block->fd >= 0) {
1219 munmap(block->host, block->length);
1220 close(block->fd);
1221 #endif
1222 } else {
1223 qemu_anon_ram_free(block->host, block->length);
1225 g_free(block);
1226 break;
1229 qemu_mutex_unlock_ramlist();
1233 #ifndef _WIN32
1234 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1236 RAMBlock *block;
1237 ram_addr_t offset;
1238 int flags;
1239 void *area, *vaddr;
1241 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1242 offset = addr - block->offset;
1243 if (offset < block->length) {
1244 vaddr = block->host + offset;
1245 if (block->flags & RAM_PREALLOC_MASK) {
1247 } else if (xen_enabled()) {
1248 abort();
1249 } else {
1250 flags = MAP_FIXED;
1251 munmap(vaddr, length);
1252 if (block->fd >= 0) {
1253 #ifdef MAP_POPULATE
1254 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1255 MAP_PRIVATE;
1256 #else
1257 flags |= MAP_PRIVATE;
1258 #endif
1259 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1260 flags, block->fd, offset);
1261 } else {
1263 * Remap needs to match alloc. Accelerators that
1264 * set phys_mem_alloc never remap. If they did,
1265 * we'd need a remap hook here.
1267 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1269 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1270 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1271 flags, -1, 0);
1273 if (area != vaddr) {
1274 fprintf(stderr, "Could not remap addr: "
1275 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1276 length, addr);
1277 exit(1);
1279 memory_try_enable_merging(vaddr, length);
1280 qemu_ram_setup_dump(vaddr, length);
1282 return;
1286 #endif /* !_WIN32 */
1288 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1289 With the exception of the softmmu code in this file, this should
1290 only be used for local memory (e.g. video ram) that the device owns,
1291 and knows it isn't going to access beyond the end of the block.
1293 It should not be used for general purpose DMA.
1294 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1296 void *qemu_get_ram_ptr(ram_addr_t addr)
1298 RAMBlock *block = qemu_get_ram_block(addr);
1300 if (xen_enabled()) {
1301 /* We need to check if the requested address is in the RAM
1302 * because we don't want to map the entire memory in QEMU.
1303 * In that case just map until the end of the page.
1305 if (block->offset == 0) {
1306 return xen_map_cache(addr, 0, 0);
1307 } else if (block->host == NULL) {
1308 block->host =
1309 xen_map_cache(block->offset, block->length, 1);
1312 return block->host + (addr - block->offset);
1315 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1316 * but takes a size argument */
1317 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1319 if (*size == 0) {
1320 return NULL;
1322 if (xen_enabled()) {
1323 return xen_map_cache(addr, *size, 1);
1324 } else {
1325 RAMBlock *block;
1327 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1328 if (addr - block->offset < block->length) {
1329 if (addr - block->offset + *size > block->length)
1330 *size = block->length - addr + block->offset;
1331 return block->host + (addr - block->offset);
1335 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1336 abort();
1340 /* Some of the softmmu routines need to translate from a host pointer
1341 (typically a TLB entry) back to a ram offset. */
1342 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1344 RAMBlock *block;
1345 uint8_t *host = ptr;
1347 if (xen_enabled()) {
1348 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1349 return qemu_get_ram_block(*ram_addr)->mr;
1352 block = ram_list.mru_block;
1353 if (block && block->host && host - block->host < block->length) {
1354 goto found;
1357 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1358 /* This case append when the block is not mapped. */
1359 if (block->host == NULL) {
1360 continue;
1362 if (host - block->host < block->length) {
1363 goto found;
1367 return NULL;
1369 found:
1370 *ram_addr = block->offset + (host - block->host);
1371 return block->mr;
1374 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1375 uint64_t val, unsigned size)
1377 int dirty_flags;
1378 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1379 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1380 tb_invalidate_phys_page_fast(ram_addr, size);
1381 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1383 switch (size) {
1384 case 1:
1385 stb_p(qemu_get_ram_ptr(ram_addr), val);
1386 break;
1387 case 2:
1388 stw_p(qemu_get_ram_ptr(ram_addr), val);
1389 break;
1390 case 4:
1391 stl_p(qemu_get_ram_ptr(ram_addr), val);
1392 break;
1393 default:
1394 abort();
1396 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1397 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1398 /* we remove the notdirty callback only if the code has been
1399 flushed */
1400 if (dirty_flags == 0xff) {
1401 CPUArchState *env = current_cpu->env_ptr;
1402 tlb_set_dirty(env, env->mem_io_vaddr);
1406 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1407 unsigned size, bool is_write)
1409 return is_write;
1412 static const MemoryRegionOps notdirty_mem_ops = {
1413 .write = notdirty_mem_write,
1414 .valid.accepts = notdirty_mem_accepts,
1415 .endianness = DEVICE_NATIVE_ENDIAN,
1418 /* Generate a debug exception if a watchpoint has been hit. */
1419 static void check_watchpoint(int offset, int len_mask, int flags)
1421 CPUArchState *env = current_cpu->env_ptr;
1422 target_ulong pc, cs_base;
1423 target_ulong vaddr;
1424 CPUWatchpoint *wp;
1425 int cpu_flags;
1427 if (env->watchpoint_hit) {
1428 /* We re-entered the check after replacing the TB. Now raise
1429 * the debug interrupt so that is will trigger after the
1430 * current instruction. */
1431 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1432 return;
1434 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1435 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1436 if ((vaddr == (wp->vaddr & len_mask) ||
1437 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1438 wp->flags |= BP_WATCHPOINT_HIT;
1439 if (!env->watchpoint_hit) {
1440 env->watchpoint_hit = wp;
1441 tb_check_watchpoint(env);
1442 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1443 env->exception_index = EXCP_DEBUG;
1444 cpu_loop_exit(env);
1445 } else {
1446 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1447 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1448 cpu_resume_from_signal(env, NULL);
1451 } else {
1452 wp->flags &= ~BP_WATCHPOINT_HIT;
1457 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1458 so these check for a hit then pass through to the normal out-of-line
1459 phys routines. */
1460 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1461 unsigned size)
1463 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1464 switch (size) {
1465 case 1: return ldub_phys(addr);
1466 case 2: return lduw_phys(addr);
1467 case 4: return ldl_phys(addr);
1468 default: abort();
1472 static void watch_mem_write(void *opaque, hwaddr addr,
1473 uint64_t val, unsigned size)
1475 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1476 switch (size) {
1477 case 1:
1478 stb_phys(addr, val);
1479 break;
1480 case 2:
1481 stw_phys(addr, val);
1482 break;
1483 case 4:
1484 stl_phys(addr, val);
1485 break;
1486 default: abort();
1490 static const MemoryRegionOps watch_mem_ops = {
1491 .read = watch_mem_read,
1492 .write = watch_mem_write,
1493 .endianness = DEVICE_NATIVE_ENDIAN,
1496 static uint64_t subpage_read(void *opaque, hwaddr addr,
1497 unsigned len)
1499 subpage_t *subpage = opaque;
1500 uint8_t buf[4];
1502 #if defined(DEBUG_SUBPAGE)
1503 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1504 subpage, len, addr);
1505 #endif
1506 address_space_read(subpage->as, addr + subpage->base, buf, len);
1507 switch (len) {
1508 case 1:
1509 return ldub_p(buf);
1510 case 2:
1511 return lduw_p(buf);
1512 case 4:
1513 return ldl_p(buf);
1514 default:
1515 abort();
1519 static void subpage_write(void *opaque, hwaddr addr,
1520 uint64_t value, unsigned len)
1522 subpage_t *subpage = opaque;
1523 uint8_t buf[4];
1525 #if defined(DEBUG_SUBPAGE)
1526 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1527 " value %"PRIx64"\n",
1528 __func__, subpage, len, addr, value);
1529 #endif
1530 switch (len) {
1531 case 1:
1532 stb_p(buf, value);
1533 break;
1534 case 2:
1535 stw_p(buf, value);
1536 break;
1537 case 4:
1538 stl_p(buf, value);
1539 break;
1540 default:
1541 abort();
1543 address_space_write(subpage->as, addr + subpage->base, buf, len);
1546 static bool subpage_accepts(void *opaque, hwaddr addr,
1547 unsigned len, bool is_write)
1549 subpage_t *subpage = opaque;
1550 #if defined(DEBUG_SUBPAGE)
1551 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
1552 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1553 #endif
1555 return address_space_access_valid(subpage->as, addr + subpage->base,
1556 len, is_write);
1559 static const MemoryRegionOps subpage_ops = {
1560 .read = subpage_read,
1561 .write = subpage_write,
1562 .valid.accepts = subpage_accepts,
1563 .endianness = DEVICE_NATIVE_ENDIAN,
1566 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1567 uint16_t section)
1569 int idx, eidx;
1571 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1572 return -1;
1573 idx = SUBPAGE_IDX(start);
1574 eidx = SUBPAGE_IDX(end);
1575 #if defined(DEBUG_SUBPAGE)
1576 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
1577 __func__, mmio, start, end, idx, eidx, section);
1578 #endif
1579 for (; idx <= eidx; idx++) {
1580 mmio->sub_section[idx] = section;
1583 return 0;
1586 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1588 subpage_t *mmio;
1590 mmio = g_malloc0(sizeof(subpage_t));
1592 mmio->as = as;
1593 mmio->base = base;
1594 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
1595 "subpage", TARGET_PAGE_SIZE);
1596 mmio->iomem.subpage = true;
1597 #if defined(DEBUG_SUBPAGE)
1598 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
1599 mmio, base, TARGET_PAGE_SIZE);
1600 #endif
1601 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
1603 return mmio;
1606 static uint16_t dummy_section(MemoryRegion *mr)
1608 MemoryRegionSection section = {
1609 .mr = mr,
1610 .offset_within_address_space = 0,
1611 .offset_within_region = 0,
1612 .size = int128_2_64(),
1615 return phys_section_add(&section);
1618 MemoryRegion *iotlb_to_region(hwaddr index)
1620 return address_space_memory.dispatch->sections[index & ~TARGET_PAGE_MASK].mr;
1623 static void io_mem_init(void)
1625 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1626 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1627 "unassigned", UINT64_MAX);
1628 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1629 "notdirty", UINT64_MAX);
1630 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1631 "watch", UINT64_MAX);
1634 static void mem_begin(MemoryListener *listener)
1636 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1637 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1639 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1640 d->as = as;
1641 as->next_dispatch = d;
1644 static void mem_commit(MemoryListener *listener)
1646 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1647 AddressSpaceDispatch *cur = as->dispatch;
1648 AddressSpaceDispatch *next = as->next_dispatch;
1650 next->nodes = next_map.nodes;
1651 next->sections = next_map.sections;
1653 as->dispatch = next;
1654 g_free(cur);
1657 static void core_begin(MemoryListener *listener)
1659 uint16_t n;
1661 prev_map = g_new(PhysPageMap, 1);
1662 *prev_map = next_map;
1664 memset(&next_map, 0, sizeof(next_map));
1665 n = dummy_section(&io_mem_unassigned);
1666 assert(n == PHYS_SECTION_UNASSIGNED);
1667 n = dummy_section(&io_mem_notdirty);
1668 assert(n == PHYS_SECTION_NOTDIRTY);
1669 n = dummy_section(&io_mem_rom);
1670 assert(n == PHYS_SECTION_ROM);
1671 n = dummy_section(&io_mem_watch);
1672 assert(n == PHYS_SECTION_WATCH);
1675 /* This listener's commit run after the other AddressSpaceDispatch listeners'.
1676 * All AddressSpaceDispatch instances have switched to the next map.
1678 static void core_commit(MemoryListener *listener)
1680 phys_sections_free(prev_map);
1683 static void tcg_commit(MemoryListener *listener)
1685 CPUState *cpu;
1687 /* since each CPU stores ram addresses in its TLB cache, we must
1688 reset the modified entries */
1689 /* XXX: slow ! */
1690 CPU_FOREACH(cpu) {
1691 CPUArchState *env = cpu->env_ptr;
1693 tlb_flush(env, 1);
1697 static void core_log_global_start(MemoryListener *listener)
1699 cpu_physical_memory_set_dirty_tracking(1);
1702 static void core_log_global_stop(MemoryListener *listener)
1704 cpu_physical_memory_set_dirty_tracking(0);
1707 static MemoryListener core_memory_listener = {
1708 .begin = core_begin,
1709 .commit = core_commit,
1710 .log_global_start = core_log_global_start,
1711 .log_global_stop = core_log_global_stop,
1712 .priority = 1,
1715 static MemoryListener tcg_memory_listener = {
1716 .commit = tcg_commit,
1719 void address_space_init_dispatch(AddressSpace *as)
1721 as->dispatch = NULL;
1722 as->dispatch_listener = (MemoryListener) {
1723 .begin = mem_begin,
1724 .commit = mem_commit,
1725 .region_add = mem_add,
1726 .region_nop = mem_add,
1727 .priority = 0,
1729 memory_listener_register(&as->dispatch_listener, as);
1732 void address_space_destroy_dispatch(AddressSpace *as)
1734 AddressSpaceDispatch *d = as->dispatch;
1736 memory_listener_unregister(&as->dispatch_listener);
1737 g_free(d);
1738 as->dispatch = NULL;
1741 static void memory_map_init(void)
1743 system_memory = g_malloc(sizeof(*system_memory));
1744 memory_region_init(system_memory, NULL, "system", INT64_MAX);
1745 address_space_init(&address_space_memory, system_memory, "memory");
1747 system_io = g_malloc(sizeof(*system_io));
1748 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
1749 65536);
1750 address_space_init(&address_space_io, system_io, "I/O");
1752 memory_listener_register(&core_memory_listener, &address_space_memory);
1753 if (tcg_enabled()) {
1754 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1758 MemoryRegion *get_system_memory(void)
1760 return system_memory;
1763 MemoryRegion *get_system_io(void)
1765 return system_io;
1768 #endif /* !defined(CONFIG_USER_ONLY) */
1770 /* physical memory access (slow version, mainly for debug) */
1771 #if defined(CONFIG_USER_ONLY)
1772 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
1773 uint8_t *buf, int len, int is_write)
1775 int l, flags;
1776 target_ulong page;
1777 void * p;
1779 while (len > 0) {
1780 page = addr & TARGET_PAGE_MASK;
1781 l = (page + TARGET_PAGE_SIZE) - addr;
1782 if (l > len)
1783 l = len;
1784 flags = page_get_flags(page);
1785 if (!(flags & PAGE_VALID))
1786 return -1;
1787 if (is_write) {
1788 if (!(flags & PAGE_WRITE))
1789 return -1;
1790 /* XXX: this code should not depend on lock_user */
1791 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1792 return -1;
1793 memcpy(p, buf, l);
1794 unlock_user(p, addr, l);
1795 } else {
1796 if (!(flags & PAGE_READ))
1797 return -1;
1798 /* XXX: this code should not depend on lock_user */
1799 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1800 return -1;
1801 memcpy(buf, p, l);
1802 unlock_user(p, addr, 0);
1804 len -= l;
1805 buf += l;
1806 addr += l;
1808 return 0;
1811 #else
1813 static void invalidate_and_set_dirty(hwaddr addr,
1814 hwaddr length)
1816 if (!cpu_physical_memory_is_dirty(addr)) {
1817 /* invalidate code */
1818 tb_invalidate_phys_page_range(addr, addr + length, 0);
1819 /* set dirty bit */
1820 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1822 xen_modified_memory(addr, length);
1825 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1827 if (memory_region_is_ram(mr)) {
1828 return !(is_write && mr->readonly);
1830 if (memory_region_is_romd(mr)) {
1831 return !is_write;
1834 return false;
1837 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
1839 unsigned access_size_max = mr->ops->valid.max_access_size;
1841 /* Regions are assumed to support 1-4 byte accesses unless
1842 otherwise specified. */
1843 if (access_size_max == 0) {
1844 access_size_max = 4;
1847 /* Bound the maximum access by the alignment of the address. */
1848 if (!mr->ops->impl.unaligned) {
1849 unsigned align_size_max = addr & -addr;
1850 if (align_size_max != 0 && align_size_max < access_size_max) {
1851 access_size_max = align_size_max;
1855 /* Don't attempt accesses larger than the maximum. */
1856 if (l > access_size_max) {
1857 l = access_size_max;
1859 if (l & (l - 1)) {
1860 l = 1 << (qemu_fls(l) - 1);
1863 return l;
1866 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1867 int len, bool is_write)
1869 hwaddr l;
1870 uint8_t *ptr;
1871 uint64_t val;
1872 hwaddr addr1;
1873 MemoryRegion *mr;
1874 bool error = false;
1876 while (len > 0) {
1877 l = len;
1878 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1880 if (is_write) {
1881 if (!memory_access_is_direct(mr, is_write)) {
1882 l = memory_access_size(mr, l, addr1);
1883 /* XXX: could force current_cpu to NULL to avoid
1884 potential bugs */
1885 switch (l) {
1886 case 8:
1887 /* 64 bit write access */
1888 val = ldq_p(buf);
1889 error |= io_mem_write(mr, addr1, val, 8);
1890 break;
1891 case 4:
1892 /* 32 bit write access */
1893 val = ldl_p(buf);
1894 error |= io_mem_write(mr, addr1, val, 4);
1895 break;
1896 case 2:
1897 /* 16 bit write access */
1898 val = lduw_p(buf);
1899 error |= io_mem_write(mr, addr1, val, 2);
1900 break;
1901 case 1:
1902 /* 8 bit write access */
1903 val = ldub_p(buf);
1904 error |= io_mem_write(mr, addr1, val, 1);
1905 break;
1906 default:
1907 abort();
1909 } else {
1910 addr1 += memory_region_get_ram_addr(mr);
1911 /* RAM case */
1912 ptr = qemu_get_ram_ptr(addr1);
1913 memcpy(ptr, buf, l);
1914 invalidate_and_set_dirty(addr1, l);
1916 } else {
1917 if (!memory_access_is_direct(mr, is_write)) {
1918 /* I/O case */
1919 l = memory_access_size(mr, l, addr1);
1920 switch (l) {
1921 case 8:
1922 /* 64 bit read access */
1923 error |= io_mem_read(mr, addr1, &val, 8);
1924 stq_p(buf, val);
1925 break;
1926 case 4:
1927 /* 32 bit read access */
1928 error |= io_mem_read(mr, addr1, &val, 4);
1929 stl_p(buf, val);
1930 break;
1931 case 2:
1932 /* 16 bit read access */
1933 error |= io_mem_read(mr, addr1, &val, 2);
1934 stw_p(buf, val);
1935 break;
1936 case 1:
1937 /* 8 bit read access */
1938 error |= io_mem_read(mr, addr1, &val, 1);
1939 stb_p(buf, val);
1940 break;
1941 default:
1942 abort();
1944 } else {
1945 /* RAM case */
1946 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
1947 memcpy(buf, ptr, l);
1950 len -= l;
1951 buf += l;
1952 addr += l;
1955 return error;
1958 bool address_space_write(AddressSpace *as, hwaddr addr,
1959 const uint8_t *buf, int len)
1961 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
1964 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
1966 return address_space_rw(as, addr, buf, len, false);
1970 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
1971 int len, int is_write)
1973 address_space_rw(&address_space_memory, addr, buf, len, is_write);
1976 /* used for ROM loading : can write in RAM and ROM */
1977 void cpu_physical_memory_write_rom(hwaddr addr,
1978 const uint8_t *buf, int len)
1980 hwaddr l;
1981 uint8_t *ptr;
1982 hwaddr addr1;
1983 MemoryRegion *mr;
1985 while (len > 0) {
1986 l = len;
1987 mr = address_space_translate(&address_space_memory,
1988 addr, &addr1, &l, true);
1990 if (!(memory_region_is_ram(mr) ||
1991 memory_region_is_romd(mr))) {
1992 /* do nothing */
1993 } else {
1994 addr1 += memory_region_get_ram_addr(mr);
1995 /* ROM/RAM case */
1996 ptr = qemu_get_ram_ptr(addr1);
1997 memcpy(ptr, buf, l);
1998 invalidate_and_set_dirty(addr1, l);
2000 len -= l;
2001 buf += l;
2002 addr += l;
2006 typedef struct {
2007 MemoryRegion *mr;
2008 void *buffer;
2009 hwaddr addr;
2010 hwaddr len;
2011 } BounceBuffer;
2013 static BounceBuffer bounce;
2015 typedef struct MapClient {
2016 void *opaque;
2017 void (*callback)(void *opaque);
2018 QLIST_ENTRY(MapClient) link;
2019 } MapClient;
2021 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2022 = QLIST_HEAD_INITIALIZER(map_client_list);
2024 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2026 MapClient *client = g_malloc(sizeof(*client));
2028 client->opaque = opaque;
2029 client->callback = callback;
2030 QLIST_INSERT_HEAD(&map_client_list, client, link);
2031 return client;
2034 static void cpu_unregister_map_client(void *_client)
2036 MapClient *client = (MapClient *)_client;
2038 QLIST_REMOVE(client, link);
2039 g_free(client);
2042 static void cpu_notify_map_clients(void)
2044 MapClient *client;
2046 while (!QLIST_EMPTY(&map_client_list)) {
2047 client = QLIST_FIRST(&map_client_list);
2048 client->callback(client->opaque);
2049 cpu_unregister_map_client(client);
2053 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2055 MemoryRegion *mr;
2056 hwaddr l, xlat;
2058 while (len > 0) {
2059 l = len;
2060 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2061 if (!memory_access_is_direct(mr, is_write)) {
2062 l = memory_access_size(mr, l, addr);
2063 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2064 return false;
2068 len -= l;
2069 addr += l;
2071 return true;
2074 /* Map a physical memory region into a host virtual address.
2075 * May map a subset of the requested range, given by and returned in *plen.
2076 * May return NULL if resources needed to perform the mapping are exhausted.
2077 * Use only for reads OR writes - not for read-modify-write operations.
2078 * Use cpu_register_map_client() to know when retrying the map operation is
2079 * likely to succeed.
2081 void *address_space_map(AddressSpace *as,
2082 hwaddr addr,
2083 hwaddr *plen,
2084 bool is_write)
2086 hwaddr len = *plen;
2087 hwaddr done = 0;
2088 hwaddr l, xlat, base;
2089 MemoryRegion *mr, *this_mr;
2090 ram_addr_t raddr;
2092 if (len == 0) {
2093 return NULL;
2096 l = len;
2097 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2098 if (!memory_access_is_direct(mr, is_write)) {
2099 if (bounce.buffer) {
2100 return NULL;
2102 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2103 bounce.addr = addr;
2104 bounce.len = l;
2106 memory_region_ref(mr);
2107 bounce.mr = mr;
2108 if (!is_write) {
2109 address_space_read(as, addr, bounce.buffer, l);
2112 *plen = l;
2113 return bounce.buffer;
2116 base = xlat;
2117 raddr = memory_region_get_ram_addr(mr);
2119 for (;;) {
2120 len -= l;
2121 addr += l;
2122 done += l;
2123 if (len == 0) {
2124 break;
2127 l = len;
2128 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2129 if (this_mr != mr || xlat != base + done) {
2130 break;
2134 memory_region_ref(mr);
2135 *plen = done;
2136 return qemu_ram_ptr_length(raddr + base, plen);
2139 /* Unmaps a memory region previously mapped by address_space_map().
2140 * Will also mark the memory as dirty if is_write == 1. access_len gives
2141 * the amount of memory that was actually read or written by the caller.
2143 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2144 int is_write, hwaddr access_len)
2146 if (buffer != bounce.buffer) {
2147 MemoryRegion *mr;
2148 ram_addr_t addr1;
2150 mr = qemu_ram_addr_from_host(buffer, &addr1);
2151 assert(mr != NULL);
2152 if (is_write) {
2153 while (access_len) {
2154 unsigned l;
2155 l = TARGET_PAGE_SIZE;
2156 if (l > access_len)
2157 l = access_len;
2158 invalidate_and_set_dirty(addr1, l);
2159 addr1 += l;
2160 access_len -= l;
2163 if (xen_enabled()) {
2164 xen_invalidate_map_cache_entry(buffer);
2166 memory_region_unref(mr);
2167 return;
2169 if (is_write) {
2170 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2172 qemu_vfree(bounce.buffer);
2173 bounce.buffer = NULL;
2174 memory_region_unref(bounce.mr);
2175 cpu_notify_map_clients();
2178 void *cpu_physical_memory_map(hwaddr addr,
2179 hwaddr *plen,
2180 int is_write)
2182 return address_space_map(&address_space_memory, addr, plen, is_write);
2185 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2186 int is_write, hwaddr access_len)
2188 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2191 /* warning: addr must be aligned */
2192 static inline uint32_t ldl_phys_internal(hwaddr addr,
2193 enum device_endian endian)
2195 uint8_t *ptr;
2196 uint64_t val;
2197 MemoryRegion *mr;
2198 hwaddr l = 4;
2199 hwaddr addr1;
2201 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2202 false);
2203 if (l < 4 || !memory_access_is_direct(mr, false)) {
2204 /* I/O case */
2205 io_mem_read(mr, addr1, &val, 4);
2206 #if defined(TARGET_WORDS_BIGENDIAN)
2207 if (endian == DEVICE_LITTLE_ENDIAN) {
2208 val = bswap32(val);
2210 #else
2211 if (endian == DEVICE_BIG_ENDIAN) {
2212 val = bswap32(val);
2214 #endif
2215 } else {
2216 /* RAM case */
2217 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2218 & TARGET_PAGE_MASK)
2219 + addr1);
2220 switch (endian) {
2221 case DEVICE_LITTLE_ENDIAN:
2222 val = ldl_le_p(ptr);
2223 break;
2224 case DEVICE_BIG_ENDIAN:
2225 val = ldl_be_p(ptr);
2226 break;
2227 default:
2228 val = ldl_p(ptr);
2229 break;
2232 return val;
2235 uint32_t ldl_phys(hwaddr addr)
2237 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2240 uint32_t ldl_le_phys(hwaddr addr)
2242 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2245 uint32_t ldl_be_phys(hwaddr addr)
2247 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2250 /* warning: addr must be aligned */
2251 static inline uint64_t ldq_phys_internal(hwaddr addr,
2252 enum device_endian endian)
2254 uint8_t *ptr;
2255 uint64_t val;
2256 MemoryRegion *mr;
2257 hwaddr l = 8;
2258 hwaddr addr1;
2260 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2261 false);
2262 if (l < 8 || !memory_access_is_direct(mr, false)) {
2263 /* I/O case */
2264 io_mem_read(mr, addr1, &val, 8);
2265 #if defined(TARGET_WORDS_BIGENDIAN)
2266 if (endian == DEVICE_LITTLE_ENDIAN) {
2267 val = bswap64(val);
2269 #else
2270 if (endian == DEVICE_BIG_ENDIAN) {
2271 val = bswap64(val);
2273 #endif
2274 } else {
2275 /* RAM case */
2276 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2277 & TARGET_PAGE_MASK)
2278 + addr1);
2279 switch (endian) {
2280 case DEVICE_LITTLE_ENDIAN:
2281 val = ldq_le_p(ptr);
2282 break;
2283 case DEVICE_BIG_ENDIAN:
2284 val = ldq_be_p(ptr);
2285 break;
2286 default:
2287 val = ldq_p(ptr);
2288 break;
2291 return val;
2294 uint64_t ldq_phys(hwaddr addr)
2296 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2299 uint64_t ldq_le_phys(hwaddr addr)
2301 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2304 uint64_t ldq_be_phys(hwaddr addr)
2306 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2309 /* XXX: optimize */
2310 uint32_t ldub_phys(hwaddr addr)
2312 uint8_t val;
2313 cpu_physical_memory_read(addr, &val, 1);
2314 return val;
2317 /* warning: addr must be aligned */
2318 static inline uint32_t lduw_phys_internal(hwaddr addr,
2319 enum device_endian endian)
2321 uint8_t *ptr;
2322 uint64_t val;
2323 MemoryRegion *mr;
2324 hwaddr l = 2;
2325 hwaddr addr1;
2327 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2328 false);
2329 if (l < 2 || !memory_access_is_direct(mr, false)) {
2330 /* I/O case */
2331 io_mem_read(mr, addr1, &val, 2);
2332 #if defined(TARGET_WORDS_BIGENDIAN)
2333 if (endian == DEVICE_LITTLE_ENDIAN) {
2334 val = bswap16(val);
2336 #else
2337 if (endian == DEVICE_BIG_ENDIAN) {
2338 val = bswap16(val);
2340 #endif
2341 } else {
2342 /* RAM case */
2343 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2344 & TARGET_PAGE_MASK)
2345 + addr1);
2346 switch (endian) {
2347 case DEVICE_LITTLE_ENDIAN:
2348 val = lduw_le_p(ptr);
2349 break;
2350 case DEVICE_BIG_ENDIAN:
2351 val = lduw_be_p(ptr);
2352 break;
2353 default:
2354 val = lduw_p(ptr);
2355 break;
2358 return val;
2361 uint32_t lduw_phys(hwaddr addr)
2363 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2366 uint32_t lduw_le_phys(hwaddr addr)
2368 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2371 uint32_t lduw_be_phys(hwaddr addr)
2373 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2376 /* warning: addr must be aligned. The ram page is not masked as dirty
2377 and the code inside is not invalidated. It is useful if the dirty
2378 bits are used to track modified PTEs */
2379 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2381 uint8_t *ptr;
2382 MemoryRegion *mr;
2383 hwaddr l = 4;
2384 hwaddr addr1;
2386 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2387 true);
2388 if (l < 4 || !memory_access_is_direct(mr, true)) {
2389 io_mem_write(mr, addr1, val, 4);
2390 } else {
2391 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2392 ptr = qemu_get_ram_ptr(addr1);
2393 stl_p(ptr, val);
2395 if (unlikely(in_migration)) {
2396 if (!cpu_physical_memory_is_dirty(addr1)) {
2397 /* invalidate code */
2398 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2399 /* set dirty bit */
2400 cpu_physical_memory_set_dirty_flags(
2401 addr1, (0xff & ~CODE_DIRTY_FLAG));
2407 /* warning: addr must be aligned */
2408 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2409 enum device_endian endian)
2411 uint8_t *ptr;
2412 MemoryRegion *mr;
2413 hwaddr l = 4;
2414 hwaddr addr1;
2416 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2417 true);
2418 if (l < 4 || !memory_access_is_direct(mr, true)) {
2419 #if defined(TARGET_WORDS_BIGENDIAN)
2420 if (endian == DEVICE_LITTLE_ENDIAN) {
2421 val = bswap32(val);
2423 #else
2424 if (endian == DEVICE_BIG_ENDIAN) {
2425 val = bswap32(val);
2427 #endif
2428 io_mem_write(mr, addr1, val, 4);
2429 } else {
2430 /* RAM case */
2431 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2432 ptr = qemu_get_ram_ptr(addr1);
2433 switch (endian) {
2434 case DEVICE_LITTLE_ENDIAN:
2435 stl_le_p(ptr, val);
2436 break;
2437 case DEVICE_BIG_ENDIAN:
2438 stl_be_p(ptr, val);
2439 break;
2440 default:
2441 stl_p(ptr, val);
2442 break;
2444 invalidate_and_set_dirty(addr1, 4);
2448 void stl_phys(hwaddr addr, uint32_t val)
2450 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2453 void stl_le_phys(hwaddr addr, uint32_t val)
2455 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2458 void stl_be_phys(hwaddr addr, uint32_t val)
2460 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2463 /* XXX: optimize */
2464 void stb_phys(hwaddr addr, uint32_t val)
2466 uint8_t v = val;
2467 cpu_physical_memory_write(addr, &v, 1);
2470 /* warning: addr must be aligned */
2471 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2472 enum device_endian endian)
2474 uint8_t *ptr;
2475 MemoryRegion *mr;
2476 hwaddr l = 2;
2477 hwaddr addr1;
2479 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2480 true);
2481 if (l < 2 || !memory_access_is_direct(mr, true)) {
2482 #if defined(TARGET_WORDS_BIGENDIAN)
2483 if (endian == DEVICE_LITTLE_ENDIAN) {
2484 val = bswap16(val);
2486 #else
2487 if (endian == DEVICE_BIG_ENDIAN) {
2488 val = bswap16(val);
2490 #endif
2491 io_mem_write(mr, addr1, val, 2);
2492 } else {
2493 /* RAM case */
2494 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2495 ptr = qemu_get_ram_ptr(addr1);
2496 switch (endian) {
2497 case DEVICE_LITTLE_ENDIAN:
2498 stw_le_p(ptr, val);
2499 break;
2500 case DEVICE_BIG_ENDIAN:
2501 stw_be_p(ptr, val);
2502 break;
2503 default:
2504 stw_p(ptr, val);
2505 break;
2507 invalidate_and_set_dirty(addr1, 2);
2511 void stw_phys(hwaddr addr, uint32_t val)
2513 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2516 void stw_le_phys(hwaddr addr, uint32_t val)
2518 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2521 void stw_be_phys(hwaddr addr, uint32_t val)
2523 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2526 /* XXX: optimize */
2527 void stq_phys(hwaddr addr, uint64_t val)
2529 val = tswap64(val);
2530 cpu_physical_memory_write(addr, &val, 8);
2533 void stq_le_phys(hwaddr addr, uint64_t val)
2535 val = cpu_to_le64(val);
2536 cpu_physical_memory_write(addr, &val, 8);
2539 void stq_be_phys(hwaddr addr, uint64_t val)
2541 val = cpu_to_be64(val);
2542 cpu_physical_memory_write(addr, &val, 8);
2545 /* virtual memory access for debug (includes writing to ROM) */
2546 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2547 uint8_t *buf, int len, int is_write)
2549 int l;
2550 hwaddr phys_addr;
2551 target_ulong page;
2553 while (len > 0) {
2554 page = addr & TARGET_PAGE_MASK;
2555 phys_addr = cpu_get_phys_page_debug(cpu, page);
2556 /* if no physical page mapped, return an error */
2557 if (phys_addr == -1)
2558 return -1;
2559 l = (page + TARGET_PAGE_SIZE) - addr;
2560 if (l > len)
2561 l = len;
2562 phys_addr += (addr & ~TARGET_PAGE_MASK);
2563 if (is_write)
2564 cpu_physical_memory_write_rom(phys_addr, buf, l);
2565 else
2566 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2567 len -= l;
2568 buf += l;
2569 addr += l;
2571 return 0;
2573 #endif
2575 #if !defined(CONFIG_USER_ONLY)
2578 * A helper function for the _utterly broken_ virtio device model to find out if
2579 * it's running on a big endian machine. Don't do this at home kids!
2581 bool virtio_is_big_endian(void);
2582 bool virtio_is_big_endian(void)
2584 #if defined(TARGET_WORDS_BIGENDIAN)
2585 return true;
2586 #else
2587 return false;
2588 #endif
2591 #endif
2593 #ifndef CONFIG_USER_ONLY
2594 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2596 MemoryRegion*mr;
2597 hwaddr l = 1;
2599 mr = address_space_translate(&address_space_memory,
2600 phys_addr, &phys_addr, &l, false);
2602 return !(memory_region_is_ram(mr) ||
2603 memory_region_is_romd(mr));
2606 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2608 RAMBlock *block;
2610 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2611 func(block->host, block->offset, block->length, opaque);
2614 #endif