search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
exec: only check relevant bitmaps for cleanliness
[qemu/kevin.git] / exec.c
blob162c57908ebc11114809a296c8fc12ff08fba835
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "exec/cputlb.h"
52 #include "translate-all.h"
53
54 #include "exec/memory-internal.h"
55 #include "exec/ram_addr.h"
56
57 #include "qemu/range.h"
58
59 //#define DEBUG_SUBPAGE
60
61 #if !defined(CONFIG_USER_ONLY)
62 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
63 * are protected by the ramlist lock.
64 */
65 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
66
67 static MemoryRegion *system_memory;
68 static MemoryRegion *system_io;
69
70 AddressSpace address_space_io;
71 AddressSpace address_space_memory;
72
73 MemoryRegion io_mem_rom, io_mem_notdirty;
74 static MemoryRegion io_mem_unassigned;
75
76 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
77 #define RAM_PREALLOC (1 << 0)
78
79 /* RAM is mmap-ed with MAP_SHARED */
80 #define RAM_SHARED (1 << 1)
81
82 /* Only a portion of RAM (used_length) is actually used, and migrated.
83 * This used_length size can change across reboots.
84 */
85 #define RAM_RESIZEABLE (1 << 2)
86
87 #endif
88
89 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
90 /* current CPU in the current thread. It is only valid inside
91 cpu_exec() */
92 DEFINE_TLS(CPUState *, current_cpu);
93 /* 0 = Do not count executed instructions.
94 1 = Precise instruction counting.
95 2 = Adaptive rate instruction counting. */
96 int use_icount;
97
98 #if !defined(CONFIG_USER_ONLY)
99
100 typedef struct PhysPageEntry PhysPageEntry;
101
102 struct PhysPageEntry {
103 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
104 uint32_t skip : 6;
105 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
106 uint32_t ptr : 26;
107 };
108
109 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
110
111 /* Size of the L2 (and L3, etc) page tables. */
112 #define ADDR_SPACE_BITS 64
113
114 #define P_L2_BITS 9
115 #define P_L2_SIZE (1 << P_L2_BITS)
116
117 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
118
119 typedef PhysPageEntry Node[P_L2_SIZE];
120
121 typedef struct PhysPageMap {
122 struct rcu_head rcu;
123
124 unsigned sections_nb;
125 unsigned sections_nb_alloc;
126 unsigned nodes_nb;
127 unsigned nodes_nb_alloc;
128 Node *nodes;
129 MemoryRegionSection *sections;
130 } PhysPageMap;
131
132 struct AddressSpaceDispatch {
133 struct rcu_head rcu;
134
135 /* This is a multi-level map on the physical address space.
136 * The bottom level has pointers to MemoryRegionSections.
137 */
138 PhysPageEntry phys_map;
139 PhysPageMap map;
140 AddressSpace *as;
141 };
142
143 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
144 typedef struct subpage_t {
145 MemoryRegion iomem;
146 AddressSpace *as;
147 hwaddr base;
148 uint16_t sub_section[TARGET_PAGE_SIZE];
149 } subpage_t;
150
151 #define PHYS_SECTION_UNASSIGNED 0
152 #define PHYS_SECTION_NOTDIRTY 1
153 #define PHYS_SECTION_ROM 2
154 #define PHYS_SECTION_WATCH 3
155
156 static void io_mem_init(void);
157 static void memory_map_init(void);
158 static void tcg_commit(MemoryListener *listener);
159
160 static MemoryRegion io_mem_watch;
161 #endif
162
163 #if !defined(CONFIG_USER_ONLY)
164
165 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
166 {
167 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
168 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
170 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
171 }
172 }
173
174 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
175 {
176 unsigned i;
177 uint32_t ret;
178 PhysPageEntry e;
179 PhysPageEntry *p;
180
181 ret = map->nodes_nb++;
182 p = map->nodes[ret];
183 assert(ret != PHYS_MAP_NODE_NIL);
184 assert(ret != map->nodes_nb_alloc);
185
186 e.skip = leaf ? 0 : 1;
187 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
188 for (i = 0; i < P_L2_SIZE; ++i) {
189 memcpy(&p[i], &e, sizeof(e));
190 }
191 return ret;
192 }
193
194 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
195 hwaddr *index, hwaddr *nb, uint16_t leaf,
196 int level)
197 {
198 PhysPageEntry *p;
199 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
200
201 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
202 lp->ptr = phys_map_node_alloc(map, level == 0);
203 }
204 p = map->nodes[lp->ptr];
205 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
206
207 while (*nb && lp < &p[P_L2_SIZE]) {
208 if ((*index & (step - 1)) == 0 && *nb >= step) {
209 lp->skip = 0;
210 lp->ptr = leaf;
211 *index += step;
212 *nb -= step;
213 } else {
214 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
215 }
216 ++lp;
217 }
218 }
219
220 static void phys_page_set(AddressSpaceDispatch *d,
221 hwaddr index, hwaddr nb,
222 uint16_t leaf)
223 {
224 /* Wildly overreserve - it doesn't matter much. */
225 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
226
227 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
228 }
229
230 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
231 * and update our entry so we can skip it and go directly to the destination.
232 */
233 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
234 {
235 unsigned valid_ptr = P_L2_SIZE;
236 int valid = 0;
237 PhysPageEntry *p;
238 int i;
239
240 if (lp->ptr == PHYS_MAP_NODE_NIL) {
241 return;
242 }
243
244 p = nodes[lp->ptr];
245 for (i = 0; i < P_L2_SIZE; i++) {
246 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
247 continue;
248 }
249
250 valid_ptr = i;
251 valid++;
252 if (p[i].skip) {
253 phys_page_compact(&p[i], nodes, compacted);
254 }
255 }
256
257 /* We can only compress if there's only one child. */
258 if (valid != 1) {
259 return;
260 }
261
262 assert(valid_ptr < P_L2_SIZE);
263
264 /* Don't compress if it won't fit in the # of bits we have. */
265 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
266 return;
267 }
268
269 lp->ptr = p[valid_ptr].ptr;
270 if (!p[valid_ptr].skip) {
271 /* If our only child is a leaf, make this a leaf. */
272 /* By design, we should have made this node a leaf to begin with so we
273 * should never reach here.
274 * But since it's so simple to handle this, let's do it just in case we
275 * change this rule.
276 */
277 lp->skip = 0;
278 } else {
279 lp->skip += p[valid_ptr].skip;
280 }
281 }
282
283 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
284 {
285 DECLARE_BITMAP(compacted, nodes_nb);
286
287 if (d->phys_map.skip) {
288 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
289 }
290 }
291
292 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
293 Node *nodes, MemoryRegionSection *sections)
294 {
295 PhysPageEntry *p;
296 hwaddr index = addr >> TARGET_PAGE_BITS;
297 int i;
298
299 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
300 if (lp.ptr == PHYS_MAP_NODE_NIL) {
301 return &sections[PHYS_SECTION_UNASSIGNED];
302 }
303 p = nodes[lp.ptr];
304 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
305 }
306
307 if (sections[lp.ptr].size.hi ||
308 range_covers_byte(sections[lp.ptr].offset_within_address_space,
309 sections[lp.ptr].size.lo, addr)) {
310 return &sections[lp.ptr];
311 } else {
312 return &sections[PHYS_SECTION_UNASSIGNED];
313 }
314 }
315
316 bool memory_region_is_unassigned(MemoryRegion *mr)
317 {
318 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
319 && mr != &io_mem_watch;
320 }
321
322 /* Called from RCU critical section */
323 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
324 hwaddr addr,
325 bool resolve_subpage)
326 {
327 MemoryRegionSection *section;
328 subpage_t *subpage;
329
330 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
331 if (resolve_subpage && section->mr->subpage) {
332 subpage = container_of(section->mr, subpage_t, iomem);
333 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
334 }
335 return section;
336 }
337
338 /* Called from RCU critical section */
339 static MemoryRegionSection *
340 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
341 hwaddr *plen, bool resolve_subpage)
342 {
343 MemoryRegionSection *section;
344 Int128 diff;
345
346 section = address_space_lookup_region(d, addr, resolve_subpage);
347 /* Compute offset within MemoryRegionSection */
348 addr -= section->offset_within_address_space;
349
350 /* Compute offset within MemoryRegion */
351 *xlat = addr + section->offset_within_region;
352
353 diff = int128_sub(section->mr->size, int128_make64(addr));
354 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
355 return section;
356 }
357
358 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
359 {
360 if (memory_region_is_ram(mr)) {
361 return !(is_write && mr->readonly);
362 }
363 if (memory_region_is_romd(mr)) {
364 return !is_write;
365 }
366
367 return false;
368 }
369
370 /* Called from RCU critical section */
371 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
372 hwaddr *xlat, hwaddr *plen,
373 bool is_write)
374 {
375 IOMMUTLBEntry iotlb;
376 MemoryRegionSection *section;
377 MemoryRegion *mr;
378
379 for (;;) {
380 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
381 section = address_space_translate_internal(d, addr, &addr, plen, true);
382 mr = section->mr;
383
384 if (!mr->iommu_ops) {
385 break;
386 }
387
388 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
389 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
390 | (addr & iotlb.addr_mask));
391 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
392 if (!(iotlb.perm & (1 << is_write))) {
393 mr = &io_mem_unassigned;
394 break;
395 }
396
397 as = iotlb.target_as;
398 }
399
400 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
401 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
402 *plen = MIN(page, *plen);
403 }
404
405 *xlat = addr;
406 return mr;
407 }
408
409 /* Called from RCU critical section */
410 MemoryRegionSection *
411 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
412 hwaddr *xlat, hwaddr *plen)
413 {
414 MemoryRegionSection *section;
415 section = address_space_translate_internal(cpu->memory_dispatch,
416 addr, xlat, plen, false);
417
418 assert(!section->mr->iommu_ops);
419 return section;
420 }
421 #endif
422
423 #if !defined(CONFIG_USER_ONLY)
424
425 static int cpu_common_post_load(void *opaque, int version_id)
426 {
427 CPUState *cpu = opaque;
428
429 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
430 version_id is increased. */
431 cpu->interrupt_request &= ~0x01;
432 tlb_flush(cpu, 1);
433
434 return 0;
435 }
436
437 static int cpu_common_pre_load(void *opaque)
438 {
439 CPUState *cpu = opaque;
440
441 cpu->exception_index = -1;
442
443 return 0;
444 }
445
446 static bool cpu_common_exception_index_needed(void *opaque)
447 {
448 CPUState *cpu = opaque;
449
450 return tcg_enabled() && cpu->exception_index != -1;
451 }
452
453 static const VMStateDescription vmstate_cpu_common_exception_index = {
454 .name = "cpu_common/exception_index",
455 .version_id = 1,
456 .minimum_version_id = 1,
457 .fields = (VMStateField[]) {
458 VMSTATE_INT32(exception_index, CPUState),
459 VMSTATE_END_OF_LIST()
460 }
461 };
462
463 const VMStateDescription vmstate_cpu_common = {
464 .name = "cpu_common",
465 .version_id = 1,
466 .minimum_version_id = 1,
467 .pre_load = cpu_common_pre_load,
468 .post_load = cpu_common_post_load,
469 .fields = (VMStateField[]) {
470 VMSTATE_UINT32(halted, CPUState),
471 VMSTATE_UINT32(interrupt_request, CPUState),
472 VMSTATE_END_OF_LIST()
473 },
474 .subsections = (VMStateSubsection[]) {
475 {
476 .vmsd = &vmstate_cpu_common_exception_index,
477 .needed = cpu_common_exception_index_needed,
478 } , {
479 /* empty */
480 }
481 }
482 };
483
484 #endif
485
486 CPUState *qemu_get_cpu(int index)
487 {
488 CPUState *cpu;
489
490 CPU_FOREACH(cpu) {
491 if (cpu->cpu_index == index) {
492 return cpu;
493 }
494 }
495
496 return NULL;
497 }
498
499 #if !defined(CONFIG_USER_ONLY)
500 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
501 {
502 /* We only support one address space per cpu at the moment. */
503 assert(cpu->as == as);
504
505 if (cpu->tcg_as_listener) {
506 memory_listener_unregister(cpu->tcg_as_listener);
507 } else {
508 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
509 }
510 cpu->tcg_as_listener->commit = tcg_commit;
511 memory_listener_register(cpu->tcg_as_listener, as);
512 }
513 #endif
514
515 void cpu_exec_init(CPUArchState *env)
516 {
517 CPUState *cpu = ENV_GET_CPU(env);
518 CPUClass *cc = CPU_GET_CLASS(cpu);
519 CPUState *some_cpu;
520 int cpu_index;
521
522 #if defined(CONFIG_USER_ONLY)
523 cpu_list_lock();
524 #endif
525 cpu_index = 0;
526 CPU_FOREACH(some_cpu) {
527 cpu_index++;
528 }
529 cpu->cpu_index = cpu_index;
530 cpu->numa_node = 0;
531 QTAILQ_INIT(&cpu->breakpoints);
532 QTAILQ_INIT(&cpu->watchpoints);
533 #ifndef CONFIG_USER_ONLY
534 cpu->as = &address_space_memory;
535 cpu->thread_id = qemu_get_thread_id();
536 cpu_reload_memory_map(cpu);
537 #endif
538 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
539 #if defined(CONFIG_USER_ONLY)
540 cpu_list_unlock();
541 #endif
542 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
543 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
544 }
545 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
546 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
547 cpu_save, cpu_load, env);
548 assert(cc->vmsd == NULL);
549 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
550 #endif
551 if (cc->vmsd != NULL) {
552 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
553 }
554 }
555
556 #if defined(CONFIG_USER_ONLY)
557 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
558 {
559 tb_invalidate_phys_page_range(pc, pc + 1, 0);
560 }
561 #else
562 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
563 {
564 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
565 if (phys != -1) {
566 tb_invalidate_phys_addr(cpu->as,
567 phys | (pc & ~TARGET_PAGE_MASK));
568 }
569 }
570 #endif
571
572 #if defined(CONFIG_USER_ONLY)
573 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
574
575 {
576 }
577
578 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
579 int flags)
580 {
581 return -ENOSYS;
582 }
583
584 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
585 {
586 }
587
588 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
589 int flags, CPUWatchpoint **watchpoint)
590 {
591 return -ENOSYS;
592 }
593 #else
594 /* Add a watchpoint. */
595 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
596 int flags, CPUWatchpoint **watchpoint)
597 {
598 CPUWatchpoint *wp;
599
600 /* forbid ranges which are empty or run off the end of the address space */
601 if (len == 0 || (addr + len - 1) < addr) {
602 error_report("tried to set invalid watchpoint at %"
603 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
604 return -EINVAL;
605 }
606 wp = g_malloc(sizeof(*wp));
607
608 wp->vaddr = addr;
609 wp->len = len;
610 wp->flags = flags;
611
612 /* keep all GDB-injected watchpoints in front */
613 if (flags & BP_GDB) {
614 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
615 } else {
616 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
617 }
618
619 tlb_flush_page(cpu, addr);
620
621 if (watchpoint)
622 *watchpoint = wp;
623 return 0;
624 }
625
626 /* Remove a specific watchpoint. */
627 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
628 int flags)
629 {
630 CPUWatchpoint *wp;
631
632 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
633 if (addr == wp->vaddr && len == wp->len
634 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
635 cpu_watchpoint_remove_by_ref(cpu, wp);
636 return 0;
637 }
638 }
639 return -ENOENT;
640 }
641
642 /* Remove a specific watchpoint by reference. */
643 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
644 {
645 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
646
647 tlb_flush_page(cpu, watchpoint->vaddr);
648
649 g_free(watchpoint);
650 }
651
652 /* Remove all matching watchpoints. */
653 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
654 {
655 CPUWatchpoint *wp, *next;
656
657 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
658 if (wp->flags & mask) {
659 cpu_watchpoint_remove_by_ref(cpu, wp);
660 }
661 }
662 }
663
664 /* Return true if this watchpoint address matches the specified
665 * access (ie the address range covered by the watchpoint overlaps
666 * partially or completely with the address range covered by the
667 * access).
668 */
669 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
670 vaddr addr,
671 vaddr len)
672 {
673 /* We know the lengths are non-zero, but a little caution is
674 * required to avoid errors in the case where the range ends
675 * exactly at the top of the address space and so addr + len
676 * wraps round to zero.
677 */
678 vaddr wpend = wp->vaddr + wp->len - 1;
679 vaddr addrend = addr + len - 1;
680
681 return !(addr > wpend || wp->vaddr > addrend);
682 }
683
684 #endif
685
686 /* Add a breakpoint. */
687 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
688 CPUBreakpoint **breakpoint)
689 {
690 CPUBreakpoint *bp;
691
692 bp = g_malloc(sizeof(*bp));
693
694 bp->pc = pc;
695 bp->flags = flags;
696
697 /* keep all GDB-injected breakpoints in front */
698 if (flags & BP_GDB) {
699 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
700 } else {
701 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
702 }
703
704 breakpoint_invalidate(cpu, pc);
705
706 if (breakpoint) {
707 *breakpoint = bp;
708 }
709 return 0;
710 }
711
712 /* Remove a specific breakpoint. */
713 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
714 {
715 CPUBreakpoint *bp;
716
717 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
718 if (bp->pc == pc && bp->flags == flags) {
719 cpu_breakpoint_remove_by_ref(cpu, bp);
720 return 0;
721 }
722 }
723 return -ENOENT;
724 }
725
726 /* Remove a specific breakpoint by reference. */
727 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
728 {
729 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
730
731 breakpoint_invalidate(cpu, breakpoint->pc);
732
733 g_free(breakpoint);
734 }
735
736 /* Remove all matching breakpoints. */
737 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
738 {
739 CPUBreakpoint *bp, *next;
740
741 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
742 if (bp->flags & mask) {
743 cpu_breakpoint_remove_by_ref(cpu, bp);
744 }
745 }
746 }
747
748 /* enable or disable single step mode. EXCP_DEBUG is returned by the
749 CPU loop after each instruction */
750 void cpu_single_step(CPUState *cpu, int enabled)
751 {
752 if (cpu->singlestep_enabled != enabled) {
753 cpu->singlestep_enabled = enabled;
754 if (kvm_enabled()) {
755 kvm_update_guest_debug(cpu, 0);
756 } else {
757 /* must flush all the translated code to avoid inconsistencies */
758 /* XXX: only flush what is necessary */
759 CPUArchState *env = cpu->env_ptr;
760 tb_flush(env);
761 }
762 }
763 }
764
765 void cpu_abort(CPUState *cpu, const char *fmt, ...)
766 {
767 va_list ap;
768 va_list ap2;
769
770 va_start(ap, fmt);
771 va_copy(ap2, ap);
772 fprintf(stderr, "qemu: fatal: ");
773 vfprintf(stderr, fmt, ap);
774 fprintf(stderr, "\n");
775 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
776 if (qemu_log_enabled()) {
777 qemu_log("qemu: fatal: ");
778 qemu_log_vprintf(fmt, ap2);
779 qemu_log("\n");
780 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
781 qemu_log_flush();
782 qemu_log_close();
783 }
784 va_end(ap2);
785 va_end(ap);
786 #if defined(CONFIG_USER_ONLY)
787 {
788 struct sigaction act;
789 sigfillset(&act.sa_mask);
790 act.sa_handler = SIG_DFL;
791 sigaction(SIGABRT, &act, NULL);
792 }
793 #endif
794 abort();
795 }
796
797 #if !defined(CONFIG_USER_ONLY)
798 /* Called from RCU critical section */
799 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
800 {
801 RAMBlock *block;
802
803 block = atomic_rcu_read(&ram_list.mru_block);
804 if (block && addr - block->offset < block->max_length) {
805 goto found;
806 }
807 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
808 if (addr - block->offset < block->max_length) {
809 goto found;
810 }
811 }
812
813 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
814 abort();
815
816 found:
817 /* It is safe to write mru_block outside the iothread lock. This
818 * is what happens:
819 *
820 * mru_block = xxx
821 * rcu_read_unlock()
822 * xxx removed from list
823 * rcu_read_lock()
824 * read mru_block
825 * mru_block = NULL;
826 * call_rcu(reclaim_ramblock, xxx);
827 * rcu_read_unlock()
828 *
829 * atomic_rcu_set is not needed here. The block was already published
830 * when it was placed into the list. Here we're just making an extra
831 * copy of the pointer.
832 */
833 ram_list.mru_block = block;
834 return block;
835 }
836
837 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
838 {
839 ram_addr_t start1;
840 RAMBlock *block;
841 ram_addr_t end;
842
843 end = TARGET_PAGE_ALIGN(start + length);
844 start &= TARGET_PAGE_MASK;
845
846 rcu_read_lock();
847 block = qemu_get_ram_block(start);
848 assert(block == qemu_get_ram_block(end - 1));
849 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
850 cpu_tlb_reset_dirty_all(start1, length);
851 rcu_read_unlock();
852 }
853
854 /* Note: start and end must be within the same ram block. */
855 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t length,
856 unsigned client)
857 {
858 if (length == 0)
859 return;
860 cpu_physical_memory_clear_dirty_range_type(start, length, client);
861
862 if (tcg_enabled()) {
863 tlb_reset_dirty_range_all(start, length);
864 }
865 }
866
867 /* Called from RCU critical section */
868 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
869 MemoryRegionSection *section,
870 target_ulong vaddr,
871 hwaddr paddr, hwaddr xlat,
872 int prot,
873 target_ulong *address)
874 {
875 hwaddr iotlb;
876 CPUWatchpoint *wp;
877
878 if (memory_region_is_ram(section->mr)) {
879 /* Normal RAM. */
880 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
881 + xlat;
882 if (!section->readonly) {
883 iotlb |= PHYS_SECTION_NOTDIRTY;
884 } else {
885 iotlb |= PHYS_SECTION_ROM;
886 }
887 } else {
888 iotlb = section - section->address_space->dispatch->map.sections;
889 iotlb += xlat;
890 }
891
892 /* Make accesses to pages with watchpoints go via the
893 watchpoint trap routines. */
894 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
895 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
896 /* Avoid trapping reads of pages with a write breakpoint. */
897 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
898 iotlb = PHYS_SECTION_WATCH + paddr;
899 *address |= TLB_MMIO;
900 break;
901 }
902 }
903 }
904
905 return iotlb;
906 }
907 #endif /* defined(CONFIG_USER_ONLY) */
908
909 #if !defined(CONFIG_USER_ONLY)
910
911 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
912 uint16_t section);
913 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
914
915 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
916 qemu_anon_ram_alloc;
917
918 /*
919 * Set a custom physical guest memory alloator.
920 * Accelerators with unusual needs may need this. Hopefully, we can
921 * get rid of it eventually.
922 */
923 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
924 {
925 phys_mem_alloc = alloc;
926 }
927
928 static uint16_t phys_section_add(PhysPageMap *map,
929 MemoryRegionSection *section)
930 {
931 /* The physical section number is ORed with a page-aligned
932 * pointer to produce the iotlb entries. Thus it should
933 * never overflow into the page-aligned value.
934 */
935 assert(map->sections_nb < TARGET_PAGE_SIZE);
936
937 if (map->sections_nb == map->sections_nb_alloc) {
938 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
939 map->sections = g_renew(MemoryRegionSection, map->sections,
940 map->sections_nb_alloc);
941 }
942 map->sections[map->sections_nb] = *section;
943 memory_region_ref(section->mr);
944 return map->sections_nb++;
945 }
946
947 static void phys_section_destroy(MemoryRegion *mr)
948 {
949 memory_region_unref(mr);
950
951 if (mr->subpage) {
952 subpage_t *subpage = container_of(mr, subpage_t, iomem);
953 object_unref(OBJECT(&subpage->iomem));
954 g_free(subpage);
955 }
956 }
957
958 static void phys_sections_free(PhysPageMap *map)
959 {
960 while (map->sections_nb > 0) {
961 MemoryRegionSection *section = &map->sections[--map->sections_nb];
962 phys_section_destroy(section->mr);
963 }
964 g_free(map->sections);
965 g_free(map->nodes);
966 }
967
968 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
969 {
970 subpage_t *subpage;
971 hwaddr base = section->offset_within_address_space
972 & TARGET_PAGE_MASK;
973 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
974 d->map.nodes, d->map.sections);
975 MemoryRegionSection subsection = {
976 .offset_within_address_space = base,
977 .size = int128_make64(TARGET_PAGE_SIZE),
978 };
979 hwaddr start, end;
980
981 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
982
983 if (!(existing->mr->subpage)) {
984 subpage = subpage_init(d->as, base);
985 subsection.address_space = d->as;
986 subsection.mr = &subpage->iomem;
987 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
988 phys_section_add(&d->map, &subsection));
989 } else {
990 subpage = container_of(existing->mr, subpage_t, iomem);
991 }
992 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
993 end = start + int128_get64(section->size) - 1;
994 subpage_register(subpage, start, end,
995 phys_section_add(&d->map, section));
996 }
997
998
999 static void register_multipage(AddressSpaceDispatch *d,
1000 MemoryRegionSection *section)
1001 {
1002 hwaddr start_addr = section->offset_within_address_space;
1003 uint16_t section_index = phys_section_add(&d->map, section);
1004 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1005 TARGET_PAGE_BITS));
1006
1007 assert(num_pages);
1008 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1009 }
1010
1011 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1012 {
1013 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1014 AddressSpaceDispatch *d = as->next_dispatch;
1015 MemoryRegionSection now = *section, remain = *section;
1016 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1017
1018 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1019 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1020 - now.offset_within_address_space;
1021
1022 now.size = int128_min(int128_make64(left), now.size);
1023 register_subpage(d, &now);
1024 } else {
1025 now.size = int128_zero();
1026 }
1027 while (int128_ne(remain.size, now.size)) {
1028 remain.size = int128_sub(remain.size, now.size);
1029 remain.offset_within_address_space += int128_get64(now.size);
1030 remain.offset_within_region += int128_get64(now.size);
1031 now = remain;
1032 if (int128_lt(remain.size, page_size)) {
1033 register_subpage(d, &now);
1034 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1035 now.size = page_size;
1036 register_subpage(d, &now);
1037 } else {
1038 now.size = int128_and(now.size, int128_neg(page_size));
1039 register_multipage(d, &now);
1040 }
1041 }
1042 }
1043
1044 void qemu_flush_coalesced_mmio_buffer(void)
1045 {
1046 if (kvm_enabled())
1047 kvm_flush_coalesced_mmio_buffer();
1048 }
1049
1050 void qemu_mutex_lock_ramlist(void)
1051 {
1052 qemu_mutex_lock(&ram_list.mutex);
1053 }
1054
1055 void qemu_mutex_unlock_ramlist(void)
1056 {
1057 qemu_mutex_unlock(&ram_list.mutex);
1058 }
1059
1060 #ifdef __linux__
1061
1062 #include <sys/vfs.h>
1063
1064 #define HUGETLBFS_MAGIC 0x958458f6
1065
1066 static long gethugepagesize(const char *path, Error **errp)
1067 {
1068 struct statfs fs;
1069 int ret;
1070
1071 do {
1072 ret = statfs(path, &fs);
1073 } while (ret != 0 && errno == EINTR);
1074
1075 if (ret != 0) {
1076 error_setg_errno(errp, errno, "failed to get page size of file %s",
1077 path);
1078 return 0;
1079 }
1080
1081 if (fs.f_type != HUGETLBFS_MAGIC)
1082 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1083
1084 return fs.f_bsize;
1085 }
1086
1087 static void *file_ram_alloc(RAMBlock *block,
1088 ram_addr_t memory,
1089 const char *path,
1090 Error **errp)
1091 {
1092 char *filename;
1093 char *sanitized_name;
1094 char *c;
1095 void *area = NULL;
1096 int fd;
1097 uint64_t hpagesize;
1098 Error *local_err = NULL;
1099
1100 hpagesize = gethugepagesize(path, &local_err);
1101 if (local_err) {
1102 error_propagate(errp, local_err);
1103 goto error;
1104 }
1105 block->mr->align = hpagesize;
1106
1107 if (memory < hpagesize) {
1108 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1109 "or larger than huge page size 0x%" PRIx64,
1110 memory, hpagesize);
1111 goto error;
1112 }
1113
1114 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1115 error_setg(errp,
1116 "host lacks kvm mmu notifiers, -mem-path unsupported");
1117 goto error;
1118 }
1119
1120 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1121 sanitized_name = g_strdup(memory_region_name(block->mr));
1122 for (c = sanitized_name; *c != '\0'; c++) {
1123 if (*c == '/')
1124 *c = '_';
1125 }
1126
1127 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1128 sanitized_name);
1129 g_free(sanitized_name);
1130
1131 fd = mkstemp(filename);
1132 if (fd < 0) {
1133 error_setg_errno(errp, errno,
1134 "unable to create backing store for hugepages");
1135 g_free(filename);
1136 goto error;
1137 }
1138 unlink(filename);
1139 g_free(filename);
1140
1141 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1142
1143 /*
1144 * ftruncate is not supported by hugetlbfs in older
1145 * hosts, so don't bother bailing out on errors.
1146 * If anything goes wrong with it under other filesystems,
1147 * mmap will fail.
1148 */
1149 if (ftruncate(fd, memory)) {
1150 perror("ftruncate");
1151 }
1152
1153 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1154 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1155 fd, 0);
1156 if (area == MAP_FAILED) {
1157 error_setg_errno(errp, errno,
1158 "unable to map backing store for hugepages");
1159 close(fd);
1160 goto error;
1161 }
1162
1163 if (mem_prealloc) {
1164 os_mem_prealloc(fd, area, memory);
1165 }
1166
1167 block->fd = fd;
1168 return area;
1169
1170 error:
1171 if (mem_prealloc) {
1172 error_report("%s", error_get_pretty(*errp));
1173 exit(1);
1174 }
1175 return NULL;
1176 }
1177 #endif
1178
1179 /* Called with the ramlist lock held. */
1180 static ram_addr_t find_ram_offset(ram_addr_t size)
1181 {
1182 RAMBlock *block, *next_block;
1183 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1184
1185 assert(size != 0); /* it would hand out same offset multiple times */
1186
1187 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1188 return 0;
1189 }
1190
1191 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1192 ram_addr_t end, next = RAM_ADDR_MAX;
1193
1194 end = block->offset + block->max_length;
1195
1196 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1197 if (next_block->offset >= end) {
1198 next = MIN(next, next_block->offset);
1199 }
1200 }
1201 if (next - end >= size && next - end < mingap) {
1202 offset = end;
1203 mingap = next - end;
1204 }
1205 }
1206
1207 if (offset == RAM_ADDR_MAX) {
1208 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1209 (uint64_t)size);
1210 abort();
1211 }
1212
1213 return offset;
1214 }
1215
1216 ram_addr_t last_ram_offset(void)
1217 {
1218 RAMBlock *block;
1219 ram_addr_t last = 0;
1220
1221 rcu_read_lock();
1222 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1223 last = MAX(last, block->offset + block->max_length);
1224 }
1225 rcu_read_unlock();
1226 return last;
1227 }
1228
1229 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1230 {
1231 int ret;
1232
1233 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1234 if (!machine_dump_guest_core(current_machine)) {
1235 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1236 if (ret) {
1237 perror("qemu_madvise");
1238 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1239 "but dump_guest_core=off specified\n");
1240 }
1241 }
1242 }
1243
1244 /* Called within an RCU critical section, or while the ramlist lock
1245 * is held.
1246 */
1247 static RAMBlock *find_ram_block(ram_addr_t addr)
1248 {
1249 RAMBlock *block;
1250
1251 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1252 if (block->offset == addr) {
1253 return block;
1254 }
1255 }
1256
1257 return NULL;
1258 }
1259
1260 /* Called with iothread lock held. */
1261 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1262 {
1263 RAMBlock *new_block, *block;
1264
1265 rcu_read_lock();
1266 new_block = find_ram_block(addr);
1267 assert(new_block);
1268 assert(!new_block->idstr[0]);
1269
1270 if (dev) {
1271 char *id = qdev_get_dev_path(dev);
1272 if (id) {
1273 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1274 g_free(id);
1275 }
1276 }
1277 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1278
1279 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1280 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1281 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1282 new_block->idstr);
1283 abort();
1284 }
1285 }
1286 rcu_read_unlock();
1287 }
1288
1289 /* Called with iothread lock held. */
1290 void qemu_ram_unset_idstr(ram_addr_t addr)
1291 {
1292 RAMBlock *block;
1293
1294 /* FIXME: arch_init.c assumes that this is not called throughout
1295 * migration. Ignore the problem since hot-unplug during migration
1296 * does not work anyway.
1297 */
1298
1299 rcu_read_lock();
1300 block = find_ram_block(addr);
1301 if (block) {
1302 memset(block->idstr, 0, sizeof(block->idstr));
1303 }
1304 rcu_read_unlock();
1305 }
1306
1307 static int memory_try_enable_merging(void *addr, size_t len)
1308 {
1309 if (!machine_mem_merge(current_machine)) {
1310 /* disabled by the user */
1311 return 0;
1312 }
1313
1314 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1315 }
1316
1317 /* Only legal before guest might have detected the memory size: e.g. on
1318 * incoming migration, or right after reset.
1319 *
1320 * As memory core doesn't know how is memory accessed, it is up to
1321 * resize callback to update device state and/or add assertions to detect
1322 * misuse, if necessary.
1323 */
1324 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1325 {
1326 RAMBlock *block = find_ram_block(base);
1327
1328 assert(block);
1329
1330 newsize = TARGET_PAGE_ALIGN(newsize);
1331
1332 if (block->used_length == newsize) {
1333 return 0;
1334 }
1335
1336 if (!(block->flags & RAM_RESIZEABLE)) {
1337 error_setg_errno(errp, EINVAL,
1338 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1339 " in != 0x" RAM_ADDR_FMT, block->idstr,
1340 newsize, block->used_length);
1341 return -EINVAL;
1342 }
1343
1344 if (block->max_length < newsize) {
1345 error_setg_errno(errp, EINVAL,
1346 "Length too large: %s: 0x" RAM_ADDR_FMT
1347 " > 0x" RAM_ADDR_FMT, block->idstr,
1348 newsize, block->max_length);
1349 return -EINVAL;
1350 }
1351
1352 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1353 block->used_length = newsize;
1354 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1355 DIRTY_CLIENTS_ALL);
1356 memory_region_set_size(block->mr, newsize);
1357 if (block->resized) {
1358 block->resized(block->idstr, newsize, block->host);
1359 }
1360 return 0;
1361 }
1362
1363 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1364 {
1365 RAMBlock *block;
1366 RAMBlock *last_block = NULL;
1367 ram_addr_t old_ram_size, new_ram_size;
1368
1369 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1370
1371 qemu_mutex_lock_ramlist();
1372 new_block->offset = find_ram_offset(new_block->max_length);
1373
1374 if (!new_block->host) {
1375 if (xen_enabled()) {
1376 xen_ram_alloc(new_block->offset, new_block->max_length,
1377 new_block->mr);
1378 } else {
1379 new_block->host = phys_mem_alloc(new_block->max_length,
1380 &new_block->mr->align);
1381 if (!new_block->host) {
1382 error_setg_errno(errp, errno,
1383 "cannot set up guest memory '%s'",
1384 memory_region_name(new_block->mr));
1385 qemu_mutex_unlock_ramlist();
1386 return -1;
1387 }
1388 memory_try_enable_merging(new_block->host, new_block->max_length);
1389 }
1390 }
1391
1392 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1393 * QLIST (which has an RCU-friendly variant) does not have insertion at
1394 * tail, so save the last element in last_block.
1395 */
1396 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1397 last_block = block;
1398 if (block->max_length < new_block->max_length) {
1399 break;
1400 }
1401 }
1402 if (block) {
1403 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1404 } else if (last_block) {
1405 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1406 } else { /* list is empty */
1407 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1408 }
1409 ram_list.mru_block = NULL;
1410
1411 /* Write list before version */
1412 smp_wmb();
1413 ram_list.version++;
1414 qemu_mutex_unlock_ramlist();
1415
1416 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1417
1418 if (new_ram_size > old_ram_size) {
1419 int i;
1420
1421 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1422 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1423 ram_list.dirty_memory[i] =
1424 bitmap_zero_extend(ram_list.dirty_memory[i],
1425 old_ram_size, new_ram_size);
1426 }
1427 }
1428 cpu_physical_memory_set_dirty_range(new_block->offset,
1429 new_block->used_length,
1430 DIRTY_CLIENTS_ALL);
1431
1432 if (new_block->host) {
1433 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1434 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1435 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1436 if (kvm_enabled()) {
1437 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1438 }
1439 }
1440
1441 return new_block->offset;
1442 }
1443
1444 #ifdef __linux__
1445 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1446 bool share, const char *mem_path,
1447 Error **errp)
1448 {
1449 RAMBlock *new_block;
1450 ram_addr_t addr;
1451 Error *local_err = NULL;
1452
1453 if (xen_enabled()) {
1454 error_setg(errp, "-mem-path not supported with Xen");
1455 return -1;
1456 }
1457
1458 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1459 /*
1460 * file_ram_alloc() needs to allocate just like
1461 * phys_mem_alloc, but we haven't bothered to provide
1462 * a hook there.
1463 */
1464 error_setg(errp,
1465 "-mem-path not supported with this accelerator");
1466 return -1;
1467 }
1468
1469 size = TARGET_PAGE_ALIGN(size);
1470 new_block = g_malloc0(sizeof(*new_block));
1471 new_block->mr = mr;
1472 new_block->used_length = size;
1473 new_block->max_length = size;
1474 new_block->flags = share ? RAM_SHARED : 0;
1475 new_block->host = file_ram_alloc(new_block, size,
1476 mem_path, errp);
1477 if (!new_block->host) {
1478 g_free(new_block);
1479 return -1;
1480 }
1481
1482 addr = ram_block_add(new_block, &local_err);
1483 if (local_err) {
1484 g_free(new_block);
1485 error_propagate(errp, local_err);
1486 return -1;
1487 }
1488 return addr;
1489 }
1490 #endif
1491
1492 static
1493 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1494 void (*resized)(const char*,
1495 uint64_t length,
1496 void *host),
1497 void *host, bool resizeable,
1498 MemoryRegion *mr, Error **errp)
1499 {
1500 RAMBlock *new_block;
1501 ram_addr_t addr;
1502 Error *local_err = NULL;
1503
1504 size = TARGET_PAGE_ALIGN(size);
1505 max_size = TARGET_PAGE_ALIGN(max_size);
1506 new_block = g_malloc0(sizeof(*new_block));
1507 new_block->mr = mr;
1508 new_block->resized = resized;
1509 new_block->used_length = size;
1510 new_block->max_length = max_size;
1511 assert(max_size >= size);
1512 new_block->fd = -1;
1513 new_block->host = host;
1514 if (host) {
1515 new_block->flags |= RAM_PREALLOC;
1516 }
1517 if (resizeable) {
1518 new_block->flags |= RAM_RESIZEABLE;
1519 }
1520 addr = ram_block_add(new_block, &local_err);
1521 if (local_err) {
1522 g_free(new_block);
1523 error_propagate(errp, local_err);
1524 return -1;
1525 }
1526 return addr;
1527 }
1528
1529 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1530 MemoryRegion *mr, Error **errp)
1531 {
1532 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1533 }
1534
1535 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1536 {
1537 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1538 }
1539
1540 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1541 void (*resized)(const char*,
1542 uint64_t length,
1543 void *host),
1544 MemoryRegion *mr, Error **errp)
1545 {
1546 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1547 }
1548
1549 void qemu_ram_free_from_ptr(ram_addr_t addr)
1550 {
1551 RAMBlock *block;
1552
1553 qemu_mutex_lock_ramlist();
1554 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1555 if (addr == block->offset) {
1556 QLIST_REMOVE_RCU(block, next);
1557 ram_list.mru_block = NULL;
1558 /* Write list before version */
1559 smp_wmb();
1560 ram_list.version++;
1561 g_free_rcu(block, rcu);
1562 break;
1563 }
1564 }
1565 qemu_mutex_unlock_ramlist();
1566 }
1567
1568 static void reclaim_ramblock(RAMBlock *block)
1569 {
1570 if (block->flags & RAM_PREALLOC) {
1571 ;
1572 } else if (xen_enabled()) {
1573 xen_invalidate_map_cache_entry(block->host);
1574 #ifndef _WIN32
1575 } else if (block->fd >= 0) {
1576 munmap(block->host, block->max_length);
1577 close(block->fd);
1578 #endif
1579 } else {
1580 qemu_anon_ram_free(block->host, block->max_length);
1581 }
1582 g_free(block);
1583 }
1584
1585 void qemu_ram_free(ram_addr_t addr)
1586 {
1587 RAMBlock *block;
1588
1589 qemu_mutex_lock_ramlist();
1590 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1591 if (addr == block->offset) {
1592 QLIST_REMOVE_RCU(block, next);
1593 ram_list.mru_block = NULL;
1594 /* Write list before version */
1595 smp_wmb();
1596 ram_list.version++;
1597 call_rcu(block, reclaim_ramblock, rcu);
1598 break;
1599 }
1600 }
1601 qemu_mutex_unlock_ramlist();
1602 }
1603
1604 #ifndef _WIN32
1605 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1606 {
1607 RAMBlock *block;
1608 ram_addr_t offset;
1609 int flags;
1610 void *area, *vaddr;
1611
1612 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1613 offset = addr - block->offset;
1614 if (offset < block->max_length) {
1615 vaddr = ramblock_ptr(block, offset);
1616 if (block->flags & RAM_PREALLOC) {
1617 ;
1618 } else if (xen_enabled()) {
1619 abort();
1620 } else {
1621 flags = MAP_FIXED;
1622 if (block->fd >= 0) {
1623 flags |= (block->flags & RAM_SHARED ?
1624 MAP_SHARED : MAP_PRIVATE);
1625 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1626 flags, block->fd, offset);
1627 } else {
1628 /*
1629 * Remap needs to match alloc. Accelerators that
1630 * set phys_mem_alloc never remap. If they did,
1631 * we'd need a remap hook here.
1632 */
1633 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1634
1635 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1636 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1637 flags, -1, 0);
1638 }
1639 if (area != vaddr) {
1640 fprintf(stderr, "Could not remap addr: "
1641 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1642 length, addr);
1643 exit(1);
1644 }
1645 memory_try_enable_merging(vaddr, length);
1646 qemu_ram_setup_dump(vaddr, length);
1647 }
1648 }
1649 }
1650 }
1651 #endif /* !_WIN32 */
1652
1653 int qemu_get_ram_fd(ram_addr_t addr)
1654 {
1655 RAMBlock *block;
1656 int fd;
1657
1658 rcu_read_lock();
1659 block = qemu_get_ram_block(addr);
1660 fd = block->fd;
1661 rcu_read_unlock();
1662 return fd;
1663 }
1664
1665 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1666 {
1667 RAMBlock *block;
1668 void *ptr;
1669
1670 rcu_read_lock();
1671 block = qemu_get_ram_block(addr);
1672 ptr = ramblock_ptr(block, 0);
1673 rcu_read_unlock();
1674 return ptr;
1675 }
1676
1677 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1678 * This should not be used for general purpose DMA. Use address_space_map
1679 * or address_space_rw instead. For local memory (e.g. video ram) that the
1680 * device owns, use memory_region_get_ram_ptr.
1681 *
1682 * By the time this function returns, the returned pointer is not protected
1683 * by RCU anymore. If the caller is not within an RCU critical section and
1684 * does not hold the iothread lock, it must have other means of protecting the
1685 * pointer, such as a reference to the region that includes the incoming
1686 * ram_addr_t.
1687 */
1688 void *qemu_get_ram_ptr(ram_addr_t addr)
1689 {
1690 RAMBlock *block;
1691 void *ptr;
1692
1693 rcu_read_lock();
1694 block = qemu_get_ram_block(addr);
1695
1696 if (xen_enabled() && block->host == NULL) {
1697 /* We need to check if the requested address is in the RAM
1698 * because we don't want to map the entire memory in QEMU.
1699 * In that case just map until the end of the page.
1700 */
1701 if (block->offset == 0) {
1702 ptr = xen_map_cache(addr, 0, 0);
1703 goto unlock;
1704 }
1705
1706 block->host = xen_map_cache(block->offset, block->max_length, 1);
1707 }
1708 ptr = ramblock_ptr(block, addr - block->offset);
1709
1710 unlock:
1711 rcu_read_unlock();
1712 return ptr;
1713 }
1714
1715 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1716 * but takes a size argument.
1717 *
1718 * By the time this function returns, the returned pointer is not protected
1719 * by RCU anymore. If the caller is not within an RCU critical section and
1720 * does not hold the iothread lock, it must have other means of protecting the
1721 * pointer, such as a reference to the region that includes the incoming
1722 * ram_addr_t.
1723 */
1724 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1725 {
1726 void *ptr;
1727 if (*size == 0) {
1728 return NULL;
1729 }
1730 if (xen_enabled()) {
1731 return xen_map_cache(addr, *size, 1);
1732 } else {
1733 RAMBlock *block;
1734 rcu_read_lock();
1735 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1736 if (addr - block->offset < block->max_length) {
1737 if (addr - block->offset + *size > block->max_length)
1738 *size = block->max_length - addr + block->offset;
1739 ptr = ramblock_ptr(block, addr - block->offset);
1740 rcu_read_unlock();
1741 return ptr;
1742 }
1743 }
1744
1745 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1746 abort();
1747 }
1748 }
1749
1750 /* Some of the softmmu routines need to translate from a host pointer
1751 * (typically a TLB entry) back to a ram offset.
1752 *
1753 * By the time this function returns, the returned pointer is not protected
1754 * by RCU anymore. If the caller is not within an RCU critical section and
1755 * does not hold the iothread lock, it must have other means of protecting the
1756 * pointer, such as a reference to the region that includes the incoming
1757 * ram_addr_t.
1758 */
1759 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1760 {
1761 RAMBlock *block;
1762 uint8_t *host = ptr;
1763 MemoryRegion *mr;
1764
1765 if (xen_enabled()) {
1766 rcu_read_lock();
1767 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1768 mr = qemu_get_ram_block(*ram_addr)->mr;
1769 rcu_read_unlock();
1770 return mr;
1771 }
1772
1773 rcu_read_lock();
1774 block = atomic_rcu_read(&ram_list.mru_block);
1775 if (block && block->host && host - block->host < block->max_length) {
1776 goto found;
1777 }
1778
1779 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1780 /* This case append when the block is not mapped. */
1781 if (block->host == NULL) {
1782 continue;
1783 }
1784 if (host - block->host < block->max_length) {
1785 goto found;
1786 }
1787 }
1788
1789 rcu_read_unlock();
1790 return NULL;
1791
1792 found:
1793 *ram_addr = block->offset + (host - block->host);
1794 mr = block->mr;
1795 rcu_read_unlock();
1796 return mr;
1797 }
1798
1799 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1800 uint64_t val, unsigned size)
1801 {
1802 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1803 tb_invalidate_phys_page_fast(ram_addr, size);
1804 }
1805 switch (size) {
1806 case 1:
1807 stb_p(qemu_get_ram_ptr(ram_addr), val);
1808 break;
1809 case 2:
1810 stw_p(qemu_get_ram_ptr(ram_addr), val);
1811 break;
1812 case 4:
1813 stl_p(qemu_get_ram_ptr(ram_addr), val);
1814 break;
1815 default:
1816 abort();
1817 }
1818 /* Set both VGA and migration bits for simplicity and to remove
1819 * the notdirty callback faster.
1820 */
1821 cpu_physical_memory_set_dirty_range(ram_addr, size,
1822 DIRTY_CLIENTS_NOCODE);
1823 /* we remove the notdirty callback only if the code has been
1824 flushed */
1825 if (!cpu_physical_memory_is_clean(ram_addr)) {
1826 CPUArchState *env = current_cpu->env_ptr;
1827 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1828 }
1829 }
1830
1831 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1832 unsigned size, bool is_write)
1833 {
1834 return is_write;
1835 }
1836
1837 static const MemoryRegionOps notdirty_mem_ops = {
1838 .write = notdirty_mem_write,
1839 .valid.accepts = notdirty_mem_accepts,
1840 .endianness = DEVICE_NATIVE_ENDIAN,
1841 };
1842
1843 /* Generate a debug exception if a watchpoint has been hit. */
1844 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1845 {
1846 CPUState *cpu = current_cpu;
1847 CPUArchState *env = cpu->env_ptr;
1848 target_ulong pc, cs_base;
1849 target_ulong vaddr;
1850 CPUWatchpoint *wp;
1851 int cpu_flags;
1852
1853 if (cpu->watchpoint_hit) {
1854 /* We re-entered the check after replacing the TB. Now raise
1855 * the debug interrupt so that is will trigger after the
1856 * current instruction. */
1857 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1858 return;
1859 }
1860 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1861 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1862 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1863 && (wp->flags & flags)) {
1864 if (flags == BP_MEM_READ) {
1865 wp->flags |= BP_WATCHPOINT_HIT_READ;
1866 } else {
1867 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1868 }
1869 wp->hitaddr = vaddr;
1870 wp->hitattrs = attrs;
1871 if (!cpu->watchpoint_hit) {
1872 cpu->watchpoint_hit = wp;
1873 tb_check_watchpoint(cpu);
1874 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1875 cpu->exception_index = EXCP_DEBUG;
1876 cpu_loop_exit(cpu);
1877 } else {
1878 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1879 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1880 cpu_resume_from_signal(cpu, NULL);
1881 }
1882 }
1883 } else {
1884 wp->flags &= ~BP_WATCHPOINT_HIT;
1885 }
1886 }
1887 }
1888
1889 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1890 so these check for a hit then pass through to the normal out-of-line
1891 phys routines. */
1892 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
1893 unsigned size, MemTxAttrs attrs)
1894 {
1895 MemTxResult res;
1896 uint64_t data;
1897
1898 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1899 switch (size) {
1900 case 1:
1901 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
1902 break;
1903 case 2:
1904 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
1905 break;
1906 case 4:
1907 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
1908 break;
1909 default: abort();
1910 }
1911 *pdata = data;
1912 return res;
1913 }
1914
1915 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
1916 uint64_t val, unsigned size,
1917 MemTxAttrs attrs)
1918 {
1919 MemTxResult res;
1920
1921 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1922 switch (size) {
1923 case 1:
1924 address_space_stb(&address_space_memory, addr, val, attrs, &res);
1925 break;
1926 case 2:
1927 address_space_stw(&address_space_memory, addr, val, attrs, &res);
1928 break;
1929 case 4:
1930 address_space_stl(&address_space_memory, addr, val, attrs, &res);
1931 break;
1932 default: abort();
1933 }
1934 return res;
1935 }
1936
1937 static const MemoryRegionOps watch_mem_ops = {
1938 .read_with_attrs = watch_mem_read,
1939 .write_with_attrs = watch_mem_write,
1940 .endianness = DEVICE_NATIVE_ENDIAN,
1941 };
1942
1943 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
1944 unsigned len, MemTxAttrs attrs)
1945 {
1946 subpage_t *subpage = opaque;
1947 uint8_t buf[8];
1948 MemTxResult res;
1949
1950 #if defined(DEBUG_SUBPAGE)
1951 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1952 subpage, len, addr);
1953 #endif
1954 res = address_space_read(subpage->as, addr + subpage->base,
1955 attrs, buf, len);
1956 if (res) {
1957 return res;
1958 }
1959 switch (len) {
1960 case 1:
1961 *data = ldub_p(buf);
1962 return MEMTX_OK;
1963 case 2:
1964 *data = lduw_p(buf);
1965 return MEMTX_OK;
1966 case 4:
1967 *data = ldl_p(buf);
1968 return MEMTX_OK;
1969 case 8:
1970 *data = ldq_p(buf);
1971 return MEMTX_OK;
1972 default:
1973 abort();
1974 }
1975 }
1976
1977 static MemTxResult subpage_write(void *opaque, hwaddr addr,
1978 uint64_t value, unsigned len, MemTxAttrs attrs)
1979 {
1980 subpage_t *subpage = opaque;
1981 uint8_t buf[8];
1982
1983 #if defined(DEBUG_SUBPAGE)
1984 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1985 " value %"PRIx64"\n",
1986 __func__, subpage, len, addr, value);
1987 #endif
1988 switch (len) {
1989 case 1:
1990 stb_p(buf, value);
1991 break;
1992 case 2:
1993 stw_p(buf, value);
1994 break;
1995 case 4:
1996 stl_p(buf, value);
1997 break;
1998 case 8:
1999 stq_p(buf, value);
2000 break;
2001 default:
2002 abort();
2003 }
2004 return address_space_write(subpage->as, addr + subpage->base,
2005 attrs, buf, len);
2006 }
2007
2008 static bool subpage_accepts(void *opaque, hwaddr addr,
2009 unsigned len, bool is_write)
2010 {
2011 subpage_t *subpage = opaque;
2012 #if defined(DEBUG_SUBPAGE)
2013 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2014 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2015 #endif
2016
2017 return address_space_access_valid(subpage->as, addr + subpage->base,
2018 len, is_write);
2019 }
2020
2021 static const MemoryRegionOps subpage_ops = {
2022 .read_with_attrs = subpage_read,
2023 .write_with_attrs = subpage_write,
2024 .impl.min_access_size = 1,
2025 .impl.max_access_size = 8,
2026 .valid.min_access_size = 1,
2027 .valid.max_access_size = 8,
2028 .valid.accepts = subpage_accepts,
2029 .endianness = DEVICE_NATIVE_ENDIAN,
2030 };
2031
2032 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2033 uint16_t section)
2034 {
2035 int idx, eidx;
2036
2037 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2038 return -1;
2039 idx = SUBPAGE_IDX(start);
2040 eidx = SUBPAGE_IDX(end);
2041 #if defined(DEBUG_SUBPAGE)
2042 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2043 __func__, mmio, start, end, idx, eidx, section);
2044 #endif
2045 for (; idx <= eidx; idx++) {
2046 mmio->sub_section[idx] = section;
2047 }
2048
2049 return 0;
2050 }
2051
2052 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2053 {
2054 subpage_t *mmio;
2055
2056 mmio = g_malloc0(sizeof(subpage_t));
2057
2058 mmio->as = as;
2059 mmio->base = base;
2060 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2061 NULL, TARGET_PAGE_SIZE);
2062 mmio->iomem.subpage = true;
2063 #if defined(DEBUG_SUBPAGE)
2064 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2065 mmio, base, TARGET_PAGE_SIZE);
2066 #endif
2067 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2068
2069 return mmio;
2070 }
2071
2072 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2073 MemoryRegion *mr)
2074 {
2075 assert(as);
2076 MemoryRegionSection section = {
2077 .address_space = as,
2078 .mr = mr,
2079 .offset_within_address_space = 0,
2080 .offset_within_region = 0,
2081 .size = int128_2_64(),
2082 };
2083
2084 return phys_section_add(map, &section);
2085 }
2086
2087 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2088 {
2089 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2090 MemoryRegionSection *sections = d->map.sections;
2091
2092 return sections[index & ~TARGET_PAGE_MASK].mr;
2093 }
2094
2095 static void io_mem_init(void)
2096 {
2097 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2098 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2099 NULL, UINT64_MAX);
2100 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2101 NULL, UINT64_MAX);
2102 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2103 NULL, UINT64_MAX);
2104 }
2105
2106 static void mem_begin(MemoryListener *listener)
2107 {
2108 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2109 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2110 uint16_t n;
2111
2112 n = dummy_section(&d->map, as, &io_mem_unassigned);
2113 assert(n == PHYS_SECTION_UNASSIGNED);
2114 n = dummy_section(&d->map, as, &io_mem_notdirty);
2115 assert(n == PHYS_SECTION_NOTDIRTY);
2116 n = dummy_section(&d->map, as, &io_mem_rom);
2117 assert(n == PHYS_SECTION_ROM);
2118 n = dummy_section(&d->map, as, &io_mem_watch);
2119 assert(n == PHYS_SECTION_WATCH);
2120
2121 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2122 d->as = as;
2123 as->next_dispatch = d;
2124 }
2125
2126 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2127 {
2128 phys_sections_free(&d->map);
2129 g_free(d);
2130 }
2131
2132 static void mem_commit(MemoryListener *listener)
2133 {
2134 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2135 AddressSpaceDispatch *cur = as->dispatch;
2136 AddressSpaceDispatch *next = as->next_dispatch;
2137
2138 phys_page_compact_all(next, next->map.nodes_nb);
2139
2140 atomic_rcu_set(&as->dispatch, next);
2141 if (cur) {
2142 call_rcu(cur, address_space_dispatch_free, rcu);
2143 }
2144 }
2145
2146 static void tcg_commit(MemoryListener *listener)
2147 {
2148 CPUState *cpu;
2149
2150 /* since each CPU stores ram addresses in its TLB cache, we must
2151 reset the modified entries */
2152 /* XXX: slow ! */
2153 CPU_FOREACH(cpu) {
2154 /* FIXME: Disentangle the cpu.h circular files deps so we can
2155 directly get the right CPU from listener. */
2156 if (cpu->tcg_as_listener != listener) {
2157 continue;
2158 }
2159 cpu_reload_memory_map(cpu);
2160 }
2161 }
2162
2163 void address_space_init_dispatch(AddressSpace *as)
2164 {
2165 as->dispatch = NULL;
2166 as->dispatch_listener = (MemoryListener) {
2167 .begin = mem_begin,
2168 .commit = mem_commit,
2169 .region_add = mem_add,
2170 .region_nop = mem_add,
2171 .priority = 0,
2172 };
2173 memory_listener_register(&as->dispatch_listener, as);
2174 }
2175
2176 void address_space_unregister(AddressSpace *as)
2177 {
2178 memory_listener_unregister(&as->dispatch_listener);
2179 }
2180
2181 void address_space_destroy_dispatch(AddressSpace *as)
2182 {
2183 AddressSpaceDispatch *d = as->dispatch;
2184
2185 atomic_rcu_set(&as->dispatch, NULL);
2186 if (d) {
2187 call_rcu(d, address_space_dispatch_free, rcu);
2188 }
2189 }
2190
2191 static void memory_map_init(void)
2192 {
2193 system_memory = g_malloc(sizeof(*system_memory));
2194
2195 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2196 address_space_init(&address_space_memory, system_memory, "memory");
2197
2198 system_io = g_malloc(sizeof(*system_io));
2199 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2200 65536);
2201 address_space_init(&address_space_io, system_io, "I/O");
2202 }
2203
2204 MemoryRegion *get_system_memory(void)
2205 {
2206 return system_memory;
2207 }
2208
2209 MemoryRegion *get_system_io(void)
2210 {
2211 return system_io;
2212 }
2213
2214 #endif /* !defined(CONFIG_USER_ONLY) */
2215
2216 /* physical memory access (slow version, mainly for debug) */
2217 #if defined(CONFIG_USER_ONLY)
2218 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2219 uint8_t *buf, int len, int is_write)
2220 {
2221 int l, flags;
2222 target_ulong page;
2223 void * p;
2224
2225 while (len > 0) {
2226 page = addr & TARGET_PAGE_MASK;
2227 l = (page + TARGET_PAGE_SIZE) - addr;
2228 if (l > len)
2229 l = len;
2230 flags = page_get_flags(page);
2231 if (!(flags & PAGE_VALID))
2232 return -1;
2233 if (is_write) {
2234 if (!(flags & PAGE_WRITE))
2235 return -1;
2236 /* XXX: this code should not depend on lock_user */
2237 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2238 return -1;
2239 memcpy(p, buf, l);
2240 unlock_user(p, addr, l);
2241 } else {
2242 if (!(flags & PAGE_READ))
2243 return -1;
2244 /* XXX: this code should not depend on lock_user */
2245 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2246 return -1;
2247 memcpy(buf, p, l);
2248 unlock_user(p, addr, 0);
2249 }
2250 len -= l;
2251 buf += l;
2252 addr += l;
2253 }
2254 return 0;
2255 }
2256
2257 #else
2258
2259 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2260 hwaddr length)
2261 {
2262 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2263 /* No early return if dirty_log_mask is or becomes 0, because
2264 * cpu_physical_memory_set_dirty_range will still call
2265 * xen_modified_memory.
2266 */
2267 if (dirty_log_mask) {
2268 dirty_log_mask =
2269 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2270 }
2271 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2272 tb_invalidate_phys_range(addr, addr + length);
2273 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2274 }
2275 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2276 }
2277
2278 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2279 {
2280 unsigned access_size_max = mr->ops->valid.max_access_size;
2281
2282 /* Regions are assumed to support 1-4 byte accesses unless
2283 otherwise specified. */
2284 if (access_size_max == 0) {
2285 access_size_max = 4;
2286 }
2287
2288 /* Bound the maximum access by the alignment of the address. */
2289 if (!mr->ops->impl.unaligned) {
2290 unsigned align_size_max = addr & -addr;
2291 if (align_size_max != 0 && align_size_max < access_size_max) {
2292 access_size_max = align_size_max;
2293 }
2294 }
2295
2296 /* Don't attempt accesses larger than the maximum. */
2297 if (l > access_size_max) {
2298 l = access_size_max;
2299 }
2300 if (l & (l - 1)) {
2301 l = 1 << (qemu_fls(l) - 1);
2302 }
2303
2304 return l;
2305 }
2306
2307 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2308 uint8_t *buf, int len, bool is_write)
2309 {
2310 hwaddr l;
2311 uint8_t *ptr;
2312 uint64_t val;
2313 hwaddr addr1;
2314 MemoryRegion *mr;
2315 MemTxResult result = MEMTX_OK;
2316
2317 rcu_read_lock();
2318 while (len > 0) {
2319 l = len;
2320 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2321
2322 if (is_write) {
2323 if (!memory_access_is_direct(mr, is_write)) {
2324 l = memory_access_size(mr, l, addr1);
2325 /* XXX: could force current_cpu to NULL to avoid
2326 potential bugs */
2327 switch (l) {
2328 case 8:
2329 /* 64 bit write access */
2330 val = ldq_p(buf);
2331 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2332 attrs);
2333 break;
2334 case 4:
2335 /* 32 bit write access */
2336 val = ldl_p(buf);
2337 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2338 attrs);
2339 break;
2340 case 2:
2341 /* 16 bit write access */
2342 val = lduw_p(buf);
2343 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2344 attrs);
2345 break;
2346 case 1:
2347 /* 8 bit write access */
2348 val = ldub_p(buf);
2349 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2350 attrs);
2351 break;
2352 default:
2353 abort();
2354 }
2355 } else {
2356 addr1 += memory_region_get_ram_addr(mr);
2357 /* RAM case */
2358 ptr = qemu_get_ram_ptr(addr1);
2359 memcpy(ptr, buf, l);
2360 invalidate_and_set_dirty(mr, addr1, l);
2361 }
2362 } else {
2363 if (!memory_access_is_direct(mr, is_write)) {
2364 /* I/O case */
2365 l = memory_access_size(mr, l, addr1);
2366 switch (l) {
2367 case 8:
2368 /* 64 bit read access */
2369 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2370 attrs);
2371 stq_p(buf, val);
2372 break;
2373 case 4:
2374 /* 32 bit read access */
2375 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2376 attrs);
2377 stl_p(buf, val);
2378 break;
2379 case 2:
2380 /* 16 bit read access */
2381 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2382 attrs);
2383 stw_p(buf, val);
2384 break;
2385 case 1:
2386 /* 8 bit read access */
2387 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2388 attrs);
2389 stb_p(buf, val);
2390 break;
2391 default:
2392 abort();
2393 }
2394 } else {
2395 /* RAM case */
2396 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2397 memcpy(buf, ptr, l);
2398 }
2399 }
2400 len -= l;
2401 buf += l;
2402 addr += l;
2403 }
2404 rcu_read_unlock();
2405
2406 return result;
2407 }
2408
2409 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2410 const uint8_t *buf, int len)
2411 {
2412 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2413 }
2414
2415 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2416 uint8_t *buf, int len)
2417 {
2418 return address_space_rw(as, addr, attrs, buf, len, false);
2419 }
2420
2421
2422 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2423 int len, int is_write)
2424 {
2425 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2426 buf, len, is_write);
2427 }
2428
2429 enum write_rom_type {
2430 WRITE_DATA,
2431 FLUSH_CACHE,
2432 };
2433
2434 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2435 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2436 {
2437 hwaddr l;
2438 uint8_t *ptr;
2439 hwaddr addr1;
2440 MemoryRegion *mr;
2441
2442 rcu_read_lock();
2443 while (len > 0) {
2444 l = len;
2445 mr = address_space_translate(as, addr, &addr1, &l, true);
2446
2447 if (!(memory_region_is_ram(mr) ||
2448 memory_region_is_romd(mr))) {
2449 /* do nothing */
2450 } else {
2451 addr1 += memory_region_get_ram_addr(mr);
2452 /* ROM/RAM case */
2453 ptr = qemu_get_ram_ptr(addr1);
2454 switch (type) {
2455 case WRITE_DATA:
2456 memcpy(ptr, buf, l);
2457 invalidate_and_set_dirty(mr, addr1, l);
2458 break;
2459 case FLUSH_CACHE:
2460 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2461 break;
2462 }
2463 }
2464 len -= l;
2465 buf += l;
2466 addr += l;
2467 }
2468 rcu_read_unlock();
2469 }
2470
2471 /* used for ROM loading : can write in RAM and ROM */
2472 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2473 const uint8_t *buf, int len)
2474 {
2475 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2476 }
2477
2478 void cpu_flush_icache_range(hwaddr start, int len)
2479 {
2480 /*
2481 * This function should do the same thing as an icache flush that was
2482 * triggered from within the guest. For TCG we are always cache coherent,
2483 * so there is no need to flush anything. For KVM / Xen we need to flush
2484 * the host's instruction cache at least.
2485 */
2486 if (tcg_enabled()) {
2487 return;
2488 }
2489
2490 cpu_physical_memory_write_rom_internal(&address_space_memory,
2491 start, NULL, len, FLUSH_CACHE);
2492 }
2493
2494 typedef struct {
2495 MemoryRegion *mr;
2496 void *buffer;
2497 hwaddr addr;
2498 hwaddr len;
2499 bool in_use;
2500 } BounceBuffer;
2501
2502 static BounceBuffer bounce;
2503
2504 typedef struct MapClient {
2505 QEMUBH *bh;
2506 QLIST_ENTRY(MapClient) link;
2507 } MapClient;
2508
2509 QemuMutex map_client_list_lock;
2510 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2511 = QLIST_HEAD_INITIALIZER(map_client_list);
2512
2513 static void cpu_unregister_map_client_do(MapClient *client)
2514 {
2515 QLIST_REMOVE(client, link);
2516 g_free(client);
2517 }
2518
2519 static void cpu_notify_map_clients_locked(void)
2520 {
2521 MapClient *client;
2522
2523 while (!QLIST_EMPTY(&map_client_list)) {
2524 client = QLIST_FIRST(&map_client_list);
2525 qemu_bh_schedule(client->bh);
2526 cpu_unregister_map_client_do(client);
2527 }
2528 }
2529
2530 void cpu_register_map_client(QEMUBH *bh)
2531 {
2532 MapClient *client = g_malloc(sizeof(*client));
2533
2534 qemu_mutex_lock(&map_client_list_lock);
2535 client->bh = bh;
2536 QLIST_INSERT_HEAD(&map_client_list, client, link);
2537 if (!atomic_read(&bounce.in_use)) {
2538 cpu_notify_map_clients_locked();
2539 }
2540 qemu_mutex_unlock(&map_client_list_lock);
2541 }
2542
2543 void cpu_exec_init_all(void)
2544 {
2545 qemu_mutex_init(&ram_list.mutex);
2546 memory_map_init();
2547 io_mem_init();
2548 qemu_mutex_init(&map_client_list_lock);
2549 }
2550
2551 void cpu_unregister_map_client(QEMUBH *bh)
2552 {
2553 MapClient *client;
2554
2555 qemu_mutex_lock(&map_client_list_lock);
2556 QLIST_FOREACH(client, &map_client_list, link) {
2557 if (client->bh == bh) {
2558 cpu_unregister_map_client_do(client);
2559 break;
2560 }
2561 }
2562 qemu_mutex_unlock(&map_client_list_lock);
2563 }
2564
2565 static void cpu_notify_map_clients(void)
2566 {
2567 qemu_mutex_lock(&map_client_list_lock);
2568 cpu_notify_map_clients_locked();
2569 qemu_mutex_unlock(&map_client_list_lock);
2570 }
2571
2572 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2573 {
2574 MemoryRegion *mr;
2575 hwaddr l, xlat;
2576
2577 rcu_read_lock();
2578 while (len > 0) {
2579 l = len;
2580 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2581 if (!memory_access_is_direct(mr, is_write)) {
2582 l = memory_access_size(mr, l, addr);
2583 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2584 return false;
2585 }
2586 }
2587
2588 len -= l;
2589 addr += l;
2590 }
2591 rcu_read_unlock();
2592 return true;
2593 }
2594
2595 /* Map a physical memory region into a host virtual address.
2596 * May map a subset of the requested range, given by and returned in *plen.
2597 * May return NULL if resources needed to perform the mapping are exhausted.
2598 * Use only for reads OR writes - not for read-modify-write operations.
2599 * Use cpu_register_map_client() to know when retrying the map operation is
2600 * likely to succeed.
2601 */
2602 void *address_space_map(AddressSpace *as,
2603 hwaddr addr,
2604 hwaddr *plen,
2605 bool is_write)
2606 {
2607 hwaddr len = *plen;
2608 hwaddr done = 0;
2609 hwaddr l, xlat, base;
2610 MemoryRegion *mr, *this_mr;
2611 ram_addr_t raddr;
2612
2613 if (len == 0) {
2614 return NULL;
2615 }
2616
2617 l = len;
2618 rcu_read_lock();
2619 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2620
2621 if (!memory_access_is_direct(mr, is_write)) {
2622 if (atomic_xchg(&bounce.in_use, true)) {
2623 rcu_read_unlock();
2624 return NULL;
2625 }
2626 /* Avoid unbounded allocations */
2627 l = MIN(l, TARGET_PAGE_SIZE);
2628 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2629 bounce.addr = addr;
2630 bounce.len = l;
2631
2632 memory_region_ref(mr);
2633 bounce.mr = mr;
2634 if (!is_write) {
2635 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2636 bounce.buffer, l);
2637 }
2638
2639 rcu_read_unlock();
2640 *plen = l;
2641 return bounce.buffer;
2642 }
2643
2644 base = xlat;
2645 raddr = memory_region_get_ram_addr(mr);
2646
2647 for (;;) {
2648 len -= l;
2649 addr += l;
2650 done += l;
2651 if (len == 0) {
2652 break;
2653 }
2654
2655 l = len;
2656 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2657 if (this_mr != mr || xlat != base + done) {
2658 break;
2659 }
2660 }
2661
2662 memory_region_ref(mr);
2663 rcu_read_unlock();
2664 *plen = done;
2665 return qemu_ram_ptr_length(raddr + base, plen);
2666 }
2667
2668 /* Unmaps a memory region previously mapped by address_space_map().
2669 * Will also mark the memory as dirty if is_write == 1. access_len gives
2670 * the amount of memory that was actually read or written by the caller.
2671 */
2672 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2673 int is_write, hwaddr access_len)
2674 {
2675 if (buffer != bounce.buffer) {
2676 MemoryRegion *mr;
2677 ram_addr_t addr1;
2678
2679 mr = qemu_ram_addr_from_host(buffer, &addr1);
2680 assert(mr != NULL);
2681 if (is_write) {
2682 invalidate_and_set_dirty(mr, addr1, access_len);
2683 }
2684 if (xen_enabled()) {
2685 xen_invalidate_map_cache_entry(buffer);
2686 }
2687 memory_region_unref(mr);
2688 return;
2689 }
2690 if (is_write) {
2691 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2692 bounce.buffer, access_len);
2693 }
2694 qemu_vfree(bounce.buffer);
2695 bounce.buffer = NULL;
2696 memory_region_unref(bounce.mr);
2697 atomic_mb_set(&bounce.in_use, false);
2698 cpu_notify_map_clients();
2699 }
2700
2701 void *cpu_physical_memory_map(hwaddr addr,
2702 hwaddr *plen,
2703 int is_write)
2704 {
2705 return address_space_map(&address_space_memory, addr, plen, is_write);
2706 }
2707
2708 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2709 int is_write, hwaddr access_len)
2710 {
2711 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2712 }
2713
2714 /* warning: addr must be aligned */
2715 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2716 MemTxAttrs attrs,
2717 MemTxResult *result,
2718 enum device_endian endian)
2719 {
2720 uint8_t *ptr;
2721 uint64_t val;
2722 MemoryRegion *mr;
2723 hwaddr l = 4;
2724 hwaddr addr1;
2725 MemTxResult r;
2726
2727 rcu_read_lock();
2728 mr = address_space_translate(as, addr, &addr1, &l, false);
2729 if (l < 4 || !memory_access_is_direct(mr, false)) {
2730 /* I/O case */
2731 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2732 #if defined(TARGET_WORDS_BIGENDIAN)
2733 if (endian == DEVICE_LITTLE_ENDIAN) {
2734 val = bswap32(val);
2735 }
2736 #else
2737 if (endian == DEVICE_BIG_ENDIAN) {
2738 val = bswap32(val);
2739 }
2740 #endif
2741 } else {
2742 /* RAM case */
2743 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2744 & TARGET_PAGE_MASK)
2745 + addr1);
2746 switch (endian) {
2747 case DEVICE_LITTLE_ENDIAN:
2748 val = ldl_le_p(ptr);
2749 break;
2750 case DEVICE_BIG_ENDIAN:
2751 val = ldl_be_p(ptr);
2752 break;
2753 default:
2754 val = ldl_p(ptr);
2755 break;
2756 }
2757 r = MEMTX_OK;
2758 }
2759 if (result) {
2760 *result = r;
2761 }
2762 rcu_read_unlock();
2763 return val;
2764 }
2765
2766 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2767 MemTxAttrs attrs, MemTxResult *result)
2768 {
2769 return address_space_ldl_internal(as, addr, attrs, result,
2770 DEVICE_NATIVE_ENDIAN);
2771 }
2772
2773 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2774 MemTxAttrs attrs, MemTxResult *result)
2775 {
2776 return address_space_ldl_internal(as, addr, attrs, result,
2777 DEVICE_LITTLE_ENDIAN);
2778 }
2779
2780 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2781 MemTxAttrs attrs, MemTxResult *result)
2782 {
2783 return address_space_ldl_internal(as, addr, attrs, result,
2784 DEVICE_BIG_ENDIAN);
2785 }
2786
2787 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2788 {
2789 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2790 }
2791
2792 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2793 {
2794 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2795 }
2796
2797 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2798 {
2799 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2800 }
2801
2802 /* warning: addr must be aligned */
2803 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2804 MemTxAttrs attrs,
2805 MemTxResult *result,
2806 enum device_endian endian)
2807 {
2808 uint8_t *ptr;
2809 uint64_t val;
2810 MemoryRegion *mr;
2811 hwaddr l = 8;
2812 hwaddr addr1;
2813 MemTxResult r;
2814
2815 rcu_read_lock();
2816 mr = address_space_translate(as, addr, &addr1, &l,
2817 false);
2818 if (l < 8 || !memory_access_is_direct(mr, false)) {
2819 /* I/O case */
2820 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2821 #if defined(TARGET_WORDS_BIGENDIAN)
2822 if (endian == DEVICE_LITTLE_ENDIAN) {
2823 val = bswap64(val);
2824 }
2825 #else
2826 if (endian == DEVICE_BIG_ENDIAN) {
2827 val = bswap64(val);
2828 }
2829 #endif
2830 } else {
2831 /* RAM case */
2832 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2833 & TARGET_PAGE_MASK)
2834 + addr1);
2835 switch (endian) {
2836 case DEVICE_LITTLE_ENDIAN:
2837 val = ldq_le_p(ptr);
2838 break;
2839 case DEVICE_BIG_ENDIAN:
2840 val = ldq_be_p(ptr);
2841 break;
2842 default:
2843 val = ldq_p(ptr);
2844 break;
2845 }
2846 r = MEMTX_OK;
2847 }
2848 if (result) {
2849 *result = r;
2850 }
2851 rcu_read_unlock();
2852 return val;
2853 }
2854
2855 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
2856 MemTxAttrs attrs, MemTxResult *result)
2857 {
2858 return address_space_ldq_internal(as, addr, attrs, result,
2859 DEVICE_NATIVE_ENDIAN);
2860 }
2861
2862 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
2863 MemTxAttrs attrs, MemTxResult *result)
2864 {
2865 return address_space_ldq_internal(as, addr, attrs, result,
2866 DEVICE_LITTLE_ENDIAN);
2867 }
2868
2869 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
2870 MemTxAttrs attrs, MemTxResult *result)
2871 {
2872 return address_space_ldq_internal(as, addr, attrs, result,
2873 DEVICE_BIG_ENDIAN);
2874 }
2875
2876 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
2877 {
2878 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2879 }
2880
2881 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
2882 {
2883 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2884 }
2885
2886 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
2887 {
2888 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2889 }
2890
2891 /* XXX: optimize */
2892 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
2893 MemTxAttrs attrs, MemTxResult *result)
2894 {
2895 uint8_t val;
2896 MemTxResult r;
2897
2898 r = address_space_rw(as, addr, attrs, &val, 1, 0);
2899 if (result) {
2900 *result = r;
2901 }
2902 return val;
2903 }
2904
2905 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
2906 {
2907 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2908 }
2909
2910 /* warning: addr must be aligned */
2911 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
2912 hwaddr addr,
2913 MemTxAttrs attrs,
2914 MemTxResult *result,
2915 enum device_endian endian)
2916 {
2917 uint8_t *ptr;
2918 uint64_t val;
2919 MemoryRegion *mr;
2920 hwaddr l = 2;
2921 hwaddr addr1;
2922 MemTxResult r;
2923
2924 rcu_read_lock();
2925 mr = address_space_translate(as, addr, &addr1, &l,
2926 false);
2927 if (l < 2 || !memory_access_is_direct(mr, false)) {
2928 /* I/O case */
2929 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
2930 #if defined(TARGET_WORDS_BIGENDIAN)
2931 if (endian == DEVICE_LITTLE_ENDIAN) {
2932 val = bswap16(val);
2933 }
2934 #else
2935 if (endian == DEVICE_BIG_ENDIAN) {
2936 val = bswap16(val);
2937 }
2938 #endif
2939 } else {
2940 /* RAM case */
2941 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2942 & TARGET_PAGE_MASK)
2943 + addr1);
2944 switch (endian) {
2945 case DEVICE_LITTLE_ENDIAN:
2946 val = lduw_le_p(ptr);
2947 break;
2948 case DEVICE_BIG_ENDIAN:
2949 val = lduw_be_p(ptr);
2950 break;
2951 default:
2952 val = lduw_p(ptr);
2953 break;
2954 }
2955 r = MEMTX_OK;
2956 }
2957 if (result) {
2958 *result = r;
2959 }
2960 rcu_read_unlock();
2961 return val;
2962 }
2963
2964 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
2965 MemTxAttrs attrs, MemTxResult *result)
2966 {
2967 return address_space_lduw_internal(as, addr, attrs, result,
2968 DEVICE_NATIVE_ENDIAN);
2969 }
2970
2971 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
2972 MemTxAttrs attrs, MemTxResult *result)
2973 {
2974 return address_space_lduw_internal(as, addr, attrs, result,
2975 DEVICE_LITTLE_ENDIAN);
2976 }
2977
2978 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
2979 MemTxAttrs attrs, MemTxResult *result)
2980 {
2981 return address_space_lduw_internal(as, addr, attrs, result,
2982 DEVICE_BIG_ENDIAN);
2983 }
2984
2985 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
2986 {
2987 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2988 }
2989
2990 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
2991 {
2992 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2993 }
2994
2995 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
2996 {
2997 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2998 }
2999
3000 /* warning: addr must be aligned. The ram page is not masked as dirty
3001 and the code inside is not invalidated. It is useful if the dirty
3002 bits are used to track modified PTEs */
3003 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3004 MemTxAttrs attrs, MemTxResult *result)
3005 {
3006 uint8_t *ptr;
3007 MemoryRegion *mr;
3008 hwaddr l = 4;
3009 hwaddr addr1;
3010 MemTxResult r;
3011 uint8_t dirty_log_mask;
3012
3013 rcu_read_lock();
3014 mr = address_space_translate(as, addr, &addr1, &l,
3015 true);
3016 if (l < 4 || !memory_access_is_direct(mr, true)) {
3017 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3018 } else {
3019 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3020 ptr = qemu_get_ram_ptr(addr1);
3021 stl_p(ptr, val);
3022
3023 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3024 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3025 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3026 r = MEMTX_OK;
3027 }
3028 if (result) {
3029 *result = r;
3030 }
3031 rcu_read_unlock();
3032 }
3033
3034 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3035 {
3036 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3037 }
3038
3039 /* warning: addr must be aligned */
3040 static inline void address_space_stl_internal(AddressSpace *as,
3041 hwaddr addr, uint32_t val,
3042 MemTxAttrs attrs,
3043 MemTxResult *result,
3044 enum device_endian endian)
3045 {
3046 uint8_t *ptr;
3047 MemoryRegion *mr;
3048 hwaddr l = 4;
3049 hwaddr addr1;
3050 MemTxResult r;
3051
3052 rcu_read_lock();
3053 mr = address_space_translate(as, addr, &addr1, &l,
3054 true);
3055 if (l < 4 || !memory_access_is_direct(mr, true)) {
3056 #if defined(TARGET_WORDS_BIGENDIAN)
3057 if (endian == DEVICE_LITTLE_ENDIAN) {
3058 val = bswap32(val);
3059 }
3060 #else
3061 if (endian == DEVICE_BIG_ENDIAN) {
3062 val = bswap32(val);
3063 }
3064 #endif
3065 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3066 } else {
3067 /* RAM case */
3068 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3069 ptr = qemu_get_ram_ptr(addr1);
3070 switch (endian) {
3071 case DEVICE_LITTLE_ENDIAN:
3072 stl_le_p(ptr, val);
3073 break;
3074 case DEVICE_BIG_ENDIAN:
3075 stl_be_p(ptr, val);
3076 break;
3077 default:
3078 stl_p(ptr, val);
3079 break;
3080 }
3081 invalidate_and_set_dirty(mr, addr1, 4);
3082 r = MEMTX_OK;
3083 }
3084 if (result) {
3085 *result = r;
3086 }
3087 rcu_read_unlock();
3088 }
3089
3090 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3091 MemTxAttrs attrs, MemTxResult *result)
3092 {
3093 address_space_stl_internal(as, addr, val, attrs, result,
3094 DEVICE_NATIVE_ENDIAN);
3095 }
3096
3097 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3098 MemTxAttrs attrs, MemTxResult *result)
3099 {
3100 address_space_stl_internal(as, addr, val, attrs, result,
3101 DEVICE_LITTLE_ENDIAN);
3102 }
3103
3104 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3105 MemTxAttrs attrs, MemTxResult *result)
3106 {
3107 address_space_stl_internal(as, addr, val, attrs, result,
3108 DEVICE_BIG_ENDIAN);
3109 }
3110
3111 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3112 {
3113 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3114 }
3115
3116 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3117 {
3118 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3119 }
3120
3121 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3122 {
3123 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3124 }
3125
3126 /* XXX: optimize */
3127 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3128 MemTxAttrs attrs, MemTxResult *result)
3129 {
3130 uint8_t v = val;
3131 MemTxResult r;
3132
3133 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3134 if (result) {
3135 *result = r;
3136 }
3137 }
3138
3139 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3140 {
3141 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3142 }
3143
3144 /* warning: addr must be aligned */
3145 static inline void address_space_stw_internal(AddressSpace *as,
3146 hwaddr addr, uint32_t val,
3147 MemTxAttrs attrs,
3148 MemTxResult *result,
3149 enum device_endian endian)
3150 {
3151 uint8_t *ptr;
3152 MemoryRegion *mr;
3153 hwaddr l = 2;
3154 hwaddr addr1;
3155 MemTxResult r;
3156
3157 rcu_read_lock();
3158 mr = address_space_translate(as, addr, &addr1, &l, true);
3159 if (l < 2 || !memory_access_is_direct(mr, true)) {
3160 #if defined(TARGET_WORDS_BIGENDIAN)
3161 if (endian == DEVICE_LITTLE_ENDIAN) {
3162 val = bswap16(val);
3163 }
3164 #else
3165 if (endian == DEVICE_BIG_ENDIAN) {
3166 val = bswap16(val);
3167 }
3168 #endif
3169 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3170 } else {
3171 /* RAM case */
3172 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3173 ptr = qemu_get_ram_ptr(addr1);
3174 switch (endian) {
3175 case DEVICE_LITTLE_ENDIAN:
3176 stw_le_p(ptr, val);
3177 break;
3178 case DEVICE_BIG_ENDIAN:
3179 stw_be_p(ptr, val);
3180 break;
3181 default:
3182 stw_p(ptr, val);
3183 break;
3184 }
3185 invalidate_and_set_dirty(mr, addr1, 2);
3186 r = MEMTX_OK;
3187 }
3188 if (result) {
3189 *result = r;
3190 }
3191 rcu_read_unlock();
3192 }
3193
3194 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3195 MemTxAttrs attrs, MemTxResult *result)
3196 {
3197 address_space_stw_internal(as, addr, val, attrs, result,
3198 DEVICE_NATIVE_ENDIAN);
3199 }
3200
3201 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3202 MemTxAttrs attrs, MemTxResult *result)
3203 {
3204 address_space_stw_internal(as, addr, val, attrs, result,
3205 DEVICE_LITTLE_ENDIAN);
3206 }
3207
3208 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3209 MemTxAttrs attrs, MemTxResult *result)
3210 {
3211 address_space_stw_internal(as, addr, val, attrs, result,
3212 DEVICE_BIG_ENDIAN);
3213 }
3214
3215 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3216 {
3217 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3218 }
3219
3220 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3221 {
3222 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3223 }
3224
3225 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3226 {
3227 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3228 }
3229
3230 /* XXX: optimize */
3231 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3232 MemTxAttrs attrs, MemTxResult *result)
3233 {
3234 MemTxResult r;
3235 val = tswap64(val);
3236 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3237 if (result) {
3238 *result = r;
3239 }
3240 }
3241
3242 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3243 MemTxAttrs attrs, MemTxResult *result)
3244 {
3245 MemTxResult r;
3246 val = cpu_to_le64(val);
3247 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3248 if (result) {
3249 *result = r;
3250 }
3251 }
3252 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3253 MemTxAttrs attrs, MemTxResult *result)
3254 {
3255 MemTxResult r;
3256 val = cpu_to_be64(val);
3257 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3258 if (result) {
3259 *result = r;
3260 }
3261 }
3262
3263 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3264 {
3265 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3266 }
3267
3268 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3269 {
3270 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3271 }
3272
3273 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3274 {
3275 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3276 }
3277
3278 /* virtual memory access for debug (includes writing to ROM) */
3279 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3280 uint8_t *buf, int len, int is_write)
3281 {
3282 int l;
3283 hwaddr phys_addr;
3284 target_ulong page;
3285
3286 while (len > 0) {
3287 page = addr & TARGET_PAGE_MASK;
3288 phys_addr = cpu_get_phys_page_debug(cpu, page);
3289 /* if no physical page mapped, return an error */
3290 if (phys_addr == -1)
3291 return -1;
3292 l = (page + TARGET_PAGE_SIZE) - addr;
3293 if (l > len)
3294 l = len;
3295 phys_addr += (addr & ~TARGET_PAGE_MASK);
3296 if (is_write) {
3297 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3298 } else {
3299 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3300 buf, l, 0);
3301 }
3302 len -= l;
3303 buf += l;
3304 addr += l;
3305 }
3306 return 0;
3307 }
3308 #endif
3309
3310 /*
3311 * A helper function for the _utterly broken_ virtio device model to find out if
3312 * it's running on a big endian machine. Don't do this at home kids!
3313 */
3314 bool target_words_bigendian(void);
3315 bool target_words_bigendian(void)
3316 {
3317 #if defined(TARGET_WORDS_BIGENDIAN)
3318 return true;
3319 #else
3320 return false;
3321 #endif
3322 }
3323
3324 #ifndef CONFIG_USER_ONLY
3325 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3326 {
3327 MemoryRegion*mr;
3328 hwaddr l = 1;
3329 bool res;
3330
3331 rcu_read_lock();
3332 mr = address_space_translate(&address_space_memory,
3333 phys_addr, &phys_addr, &l, false);
3334
3335 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3336 rcu_read_unlock();
3337 return res;
3338 }
3339
3340 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3341 {
3342 RAMBlock *block;
3343
3344 rcu_read_lock();
3345 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3346 func(block->host, block->offset, block->used_length, opaque);
3347 }
3348 rcu_read_unlock();
3349 }
3350 #endif
Random patches