search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
pci-assign: Catch missing KVM support
[qemu/qemu-dev-zwu.git] / exec.c
blob69b8a27ddc95a327d49eb654665c1bfc7b08a202
1 /*
2 * virtual page mapping and translated block handling
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifdef _WIN32
21 #include <windows.h>
22 #else
23 #include <sys/types.h>
24 #include <sys/mman.h>
25 #endif
26 #include <stdlib.h>
27 #include <stdio.h>
28 #include <stdarg.h>
29 #include <string.h>
30 #include <errno.h>
31 #include <unistd.h>
32 #include <inttypes.h>
33
34 #include "cpu.h"
35 #include "exec-all.h"
36 #include "qemu-common.h"
37 #include "cache-utils.h"
38
39 #if !defined(TARGET_IA64)
40 #include "tcg.h"
41 #endif
42 #include "qemu-kvm.h"
43
44 #include "hw/hw.h"
45 #include "hw/qdev.h"
46 #include "osdep.h"
47 #include "kvm.h"
48 #include "qemu-timer.h"
49 #if defined(CONFIG_USER_ONLY)
50 #include <qemu.h>
51 #include <signal.h>
52 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
53 #include <sys/param.h>
54 #if __FreeBSD_version >= 700104
55 #define HAVE_KINFO_GETVMMAP
56 #define sigqueue sigqueue_freebsd /* avoid redefinition */
57 #include <sys/time.h>
58 #include <sys/proc.h>
59 #include <machine/profile.h>
60 #define _KERNEL
61 #include <sys/user.h>
62 #undef _KERNEL
63 #undef sigqueue
64 #include <libutil.h>
65 #endif
66 #endif
67 #endif
68
69 //#define DEBUG_TB_INVALIDATE
70 //#define DEBUG_FLUSH
71 //#define DEBUG_TLB
72 //#define DEBUG_UNASSIGNED
73
74 /* make various TB consistency checks */
75 //#define DEBUG_TB_CHECK
76 //#define DEBUG_TLB_CHECK
77
78 //#define DEBUG_IOPORT
79 //#define DEBUG_SUBPAGE
80
81 #if !defined(CONFIG_USER_ONLY)
82 /* TB consistency checks only implemented for usermode emulation. */
83 #undef DEBUG_TB_CHECK
84 #endif
85
86 #define SMC_BITMAP_USE_THRESHOLD 10
87
88 static TranslationBlock *tbs;
89 static int code_gen_max_blocks;
90 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
91 static int nb_tbs;
92 /* any access to the tbs or the page table must use this lock */
93 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
94
95 #if defined(__arm__) || defined(__sparc_v9__)
96 /* The prologue must be reachable with a direct jump. ARM and Sparc64
97 have limited branch ranges (possibly also PPC) so place it in a
98 section close to code segment. */
99 #define code_gen_section \
100 __attribute__((__section__(".gen_code"))) \
101 __attribute__((aligned (32)))
102 #elif defined(_WIN32)
103 /* Maximum alignment for Win32 is 16. */
104 #define code_gen_section \
105 __attribute__((aligned (16)))
106 #else
107 #define code_gen_section \
108 __attribute__((aligned (32)))
109 #endif
110
111 uint8_t code_gen_prologue[1024] code_gen_section;
112 static uint8_t *code_gen_buffer;
113 static unsigned long code_gen_buffer_size;
114 /* threshold to flush the translated code buffer */
115 static unsigned long code_gen_buffer_max_size;
116 static uint8_t *code_gen_ptr;
117
118 #if !defined(CONFIG_USER_ONLY)
119 int phys_ram_fd;
120 static int in_migration;
121
122 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list) };
123 #endif
124
125 CPUState *first_cpu;
126 /* current CPU in the current thread. It is only valid inside
127 cpu_exec() */
128 CPUState *cpu_single_env;
129 /* 0 = Do not count executed instructions.
130 1 = Precise instruction counting.
131 2 = Adaptive rate instruction counting. */
132 int use_icount = 0;
133 /* Current instruction counter. While executing translated code this may
134 include some instructions that have not yet been executed. */
135 int64_t qemu_icount;
136
137 typedef struct PageDesc {
138 /* list of TBs intersecting this ram page */
139 TranslationBlock *first_tb;
140 /* in order to optimize self modifying code, we count the number
141 of lookups we do to a given page to use a bitmap */
142 unsigned int code_write_count;
143 uint8_t *code_bitmap;
144 #if defined(CONFIG_USER_ONLY)
145 unsigned long flags;
146 #endif
147 } PageDesc;
148
149 /* In system mode we want L1_MAP to be based on ram offsets,
150 while in user mode we want it to be based on virtual addresses. */
151 #if !defined(CONFIG_USER_ONLY)
152 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
153 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
154 #else
155 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
156 #endif
157 #else
158 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
159 #endif
160
161 /* Size of the L2 (and L3, etc) page tables. */
162 #define L2_BITS 10
163 #define L2_SIZE (1 << L2_BITS)
164
165 /* The bits remaining after N lower levels of page tables. */
166 #define P_L1_BITS_REM \
167 ((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
168 #define V_L1_BITS_REM \
169 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
170
171 /* Size of the L1 page table. Avoid silly small sizes. */
172 #if P_L1_BITS_REM < 4
173 #define P_L1_BITS (P_L1_BITS_REM + L2_BITS)
174 #else
175 #define P_L1_BITS P_L1_BITS_REM
176 #endif
177
178 #if V_L1_BITS_REM < 4
179 #define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
180 #else
181 #define V_L1_BITS V_L1_BITS_REM
182 #endif
183
184 #define P_L1_SIZE ((target_phys_addr_t)1 << P_L1_BITS)
185 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
186
187 #define P_L1_SHIFT (TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - P_L1_BITS)
188 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
189
190 unsigned long qemu_real_host_page_size;
191 unsigned long qemu_host_page_bits;
192 unsigned long qemu_host_page_size;
193 unsigned long qemu_host_page_mask;
194
195 /* This is a multi-level map on the virtual address space.
196 The bottom level has pointers to PageDesc. */
197 static void *l1_map[V_L1_SIZE];
198
199 #if !defined(CONFIG_USER_ONLY)
200 typedef struct PhysPageDesc {
201 /* offset in host memory of the page + io_index in the low bits */
202 ram_addr_t phys_offset;
203 ram_addr_t region_offset;
204 } PhysPageDesc;
205
206 /* This is a multi-level map on the physical address space.
207 The bottom level has pointers to PhysPageDesc. */
208 static void *l1_phys_map[P_L1_SIZE];
209
210 static void io_mem_init(void);
211
212 /* io memory support */
213 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
214 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
215 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
216 static char io_mem_used[IO_MEM_NB_ENTRIES];
217 static int io_mem_watch;
218 #endif
219
220 /* log support */
221 #ifdef WIN32
222 static const char *logfilename = "qemu.log";
223 #else
224 static const char *logfilename = "/tmp/qemu.log";
225 #endif
226 FILE *logfile;
227 int loglevel;
228 static int log_append = 0;
229
230 /* statistics */
231 #if !defined(CONFIG_USER_ONLY)
232 static int tlb_flush_count;
233 #endif
234 static int tb_flush_count;
235 static int tb_phys_invalidate_count;
236
237 #ifdef _WIN32
238 static void map_exec(void *addr, long size)
239 {
240 DWORD old_protect;
241 VirtualProtect(addr, size,
242 PAGE_EXECUTE_READWRITE, &old_protect);
243
244 }
245 #else
246 static void map_exec(void *addr, long size)
247 {
248 unsigned long start, end, page_size;
249
250 page_size = getpagesize();
251 start = (unsigned long)addr;
252 start &= ~(page_size - 1);
253
254 end = (unsigned long)addr + size;
255 end += page_size - 1;
256 end &= ~(page_size - 1);
257
258 mprotect((void *)start, end - start,
259 PROT_READ | PROT_WRITE | PROT_EXEC);
260 }
261 #endif
262
263 static void page_init(void)
264 {
265 /* NOTE: we can always suppose that qemu_host_page_size >=
266 TARGET_PAGE_SIZE */
267 #ifdef _WIN32
268 {
269 SYSTEM_INFO system_info;
270
271 GetSystemInfo(&system_info);
272 qemu_real_host_page_size = system_info.dwPageSize;
273 }
274 #else
275 qemu_real_host_page_size = getpagesize();
276 #endif
277 if (qemu_host_page_size == 0)
278 qemu_host_page_size = qemu_real_host_page_size;
279 if (qemu_host_page_size < TARGET_PAGE_SIZE)
280 qemu_host_page_size = TARGET_PAGE_SIZE;
281 qemu_host_page_bits = 0;
282 while ((1 << qemu_host_page_bits) < qemu_host_page_size)
283 qemu_host_page_bits++;
284 qemu_host_page_mask = ~(qemu_host_page_size - 1);
285
286 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
287 {
288 #ifdef HAVE_KINFO_GETVMMAP
289 struct kinfo_vmentry *freep;
290 int i, cnt;
291
292 freep = kinfo_getvmmap(getpid(), &cnt);
293 if (freep) {
294 mmap_lock();
295 for (i = 0; i < cnt; i++) {
296 unsigned long startaddr, endaddr;
297
298 startaddr = freep[i].kve_start;
299 endaddr = freep[i].kve_end;
300 if (h2g_valid(startaddr)) {
301 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
302
303 if (h2g_valid(endaddr)) {
304 endaddr = h2g(endaddr);
305 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
306 } else {
307 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
308 endaddr = ~0ul;
309 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
310 #endif
311 }
312 }
313 }
314 free(freep);
315 mmap_unlock();
316 }
317 #else
318 FILE *f;
319
320 last_brk = (unsigned long)sbrk(0);
321
322 f = fopen("/compat/linux/proc/self/maps", "r");
323 if (f) {
324 mmap_lock();
325
326 do {
327 unsigned long startaddr, endaddr;
328 int n;
329
330 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
331
332 if (n == 2 && h2g_valid(startaddr)) {
333 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
334
335 if (h2g_valid(endaddr)) {
336 endaddr = h2g(endaddr);
337 } else {
338 endaddr = ~0ul;
339 }
340 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
341 }
342 } while (!feof(f));
343
344 fclose(f);
345 mmap_unlock();
346 }
347 #endif
348 }
349 #endif
350 }
351
352 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
353 {
354 PageDesc *pd;
355 void **lp;
356 int i;
357
358 #if defined(CONFIG_USER_ONLY)
359 /* We can't use qemu_malloc because it may recurse into a locked mutex. */
360 # define ALLOC(P, SIZE) \
361 do { \
362 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
363 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
364 } while (0)
365 #else
366 # define ALLOC(P, SIZE) \
367 do { P = qemu_mallocz(SIZE); } while (0)
368 #endif
369
370 /* Level 1. Always allocated. */
371 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
372
373 /* Level 2..N-1. */
374 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
375 void **p = *lp;
376
377 if (p == NULL) {
378 if (!alloc) {
379 return NULL;
380 }
381 ALLOC(p, sizeof(void *) * L2_SIZE);
382 *lp = p;
383 }
384
385 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
386 }
387
388 pd = *lp;
389 if (pd == NULL) {
390 if (!alloc) {
391 return NULL;
392 }
393 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
394 *lp = pd;
395 }
396
397 #undef ALLOC
398
399 return pd + (index & (L2_SIZE - 1));
400 }
401
402 static inline PageDesc *page_find(tb_page_addr_t index)
403 {
404 return page_find_alloc(index, 0);
405 }
406
407 #if !defined(CONFIG_USER_ONLY)
408 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
409 {
410 PhysPageDesc *pd;
411 void **lp;
412 int i;
413
414 /* Level 1. Always allocated. */
415 lp = l1_phys_map + ((index >> P_L1_SHIFT) & (P_L1_SIZE - 1));
416
417 /* Level 2..N-1. */
418 for (i = P_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
419 void **p = *lp;
420 if (p == NULL) {
421 if (!alloc) {
422 return NULL;
423 }
424 *lp = p = qemu_mallocz(sizeof(void *) * L2_SIZE);
425 }
426 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
427 }
428
429 pd = *lp;
430 if (pd == NULL) {
431 int i;
432
433 if (!alloc) {
434 return NULL;
435 }
436
437 *lp = pd = qemu_malloc(sizeof(PhysPageDesc) * L2_SIZE);
438
439 for (i = 0; i < L2_SIZE; i++) {
440 pd[i].phys_offset = IO_MEM_UNASSIGNED;
441 pd[i].region_offset = (index + i) << TARGET_PAGE_BITS;
442 }
443 }
444
445 return pd + (index & (L2_SIZE - 1));
446 }
447
448 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
449 {
450 return phys_page_find_alloc(index, 0);
451 }
452
453 static void tlb_protect_code(ram_addr_t ram_addr);
454 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
455 target_ulong vaddr);
456 #define mmap_lock() do { } while(0)
457 #define mmap_unlock() do { } while(0)
458 #endif
459
460 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
461
462 #if defined(CONFIG_USER_ONLY)
463 /* Currently it is not recommended to allocate big chunks of data in
464 user mode. It will change when a dedicated libc will be used */
465 #define USE_STATIC_CODE_GEN_BUFFER
466 #endif
467
468 #ifdef USE_STATIC_CODE_GEN_BUFFER
469 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
470 __attribute__((aligned (CODE_GEN_ALIGN)));
471 #endif
472
473 static void code_gen_alloc(unsigned long tb_size)
474 {
475 if (kvm_enabled())
476 return;
477
478 #ifdef USE_STATIC_CODE_GEN_BUFFER
479 code_gen_buffer = static_code_gen_buffer;
480 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
481 map_exec(code_gen_buffer, code_gen_buffer_size);
482 #else
483 code_gen_buffer_size = tb_size;
484 if (code_gen_buffer_size == 0) {
485 #if defined(CONFIG_USER_ONLY)
486 /* in user mode, phys_ram_size is not meaningful */
487 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
488 #else
489 /* XXX: needs adjustments */
490 code_gen_buffer_size = (unsigned long)(ram_size / 4);
491 #endif
492 }
493 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
494 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
495 /* The code gen buffer location may have constraints depending on
496 the host cpu and OS */
497 #if defined(__linux__)
498 {
499 int flags;
500 void *start = NULL;
501
502 flags = MAP_PRIVATE | MAP_ANONYMOUS;
503 #if defined(__x86_64__)
504 flags |= MAP_32BIT;
505 /* Cannot map more than that */
506 if (code_gen_buffer_size > (800 * 1024 * 1024))
507 code_gen_buffer_size = (800 * 1024 * 1024);
508 #elif defined(__sparc_v9__)
509 // Map the buffer below 2G, so we can use direct calls and branches
510 flags |= MAP_FIXED;
511 start = (void *) 0x60000000UL;
512 if (code_gen_buffer_size > (512 * 1024 * 1024))
513 code_gen_buffer_size = (512 * 1024 * 1024);
514 #elif defined(__arm__)
515 /* Map the buffer below 32M, so we can use direct calls and branches */
516 flags |= MAP_FIXED;
517 start = (void *) 0x01000000UL;
518 if (code_gen_buffer_size > 16 * 1024 * 1024)
519 code_gen_buffer_size = 16 * 1024 * 1024;
520 #elif defined(__s390x__)
521 /* Map the buffer so that we can use direct calls and branches. */
522 /* We have a +- 4GB range on the branches; leave some slop. */
523 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
524 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
525 }
526 start = (void *)0x90000000UL;
527 #endif
528 code_gen_buffer = mmap(start, code_gen_buffer_size,
529 PROT_WRITE | PROT_READ | PROT_EXEC,
530 flags, -1, 0);
531 if (code_gen_buffer == MAP_FAILED) {
532 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
533 exit(1);
534 }
535 }
536 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__)
537 {
538 int flags;
539 void *addr = NULL;
540 flags = MAP_PRIVATE | MAP_ANONYMOUS;
541 #if defined(__x86_64__)
542 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
543 * 0x40000000 is free */
544 flags |= MAP_FIXED;
545 addr = (void *)0x40000000;
546 /* Cannot map more than that */
547 if (code_gen_buffer_size > (800 * 1024 * 1024))
548 code_gen_buffer_size = (800 * 1024 * 1024);
549 #endif
550 code_gen_buffer = mmap(addr, code_gen_buffer_size,
551 PROT_WRITE | PROT_READ | PROT_EXEC,
552 flags, -1, 0);
553 if (code_gen_buffer == MAP_FAILED) {
554 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
555 exit(1);
556 }
557 }
558 #else
559 code_gen_buffer = qemu_malloc(code_gen_buffer_size);
560 map_exec(code_gen_buffer, code_gen_buffer_size);
561 #endif
562 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
563 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
564 code_gen_buffer_max_size = code_gen_buffer_size -
565 (TCG_MAX_OP_SIZE * OPC_MAX_SIZE);
566 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
567 tbs = qemu_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
568 }
569
570 /* Must be called before using the QEMU cpus. 'tb_size' is the size
571 (in bytes) allocated to the translation buffer. Zero means default
572 size. */
573 void cpu_exec_init_all(unsigned long tb_size)
574 {
575 cpu_gen_init();
576 code_gen_alloc(tb_size);
577 code_gen_ptr = code_gen_buffer;
578 page_init();
579 #if !defined(CONFIG_USER_ONLY)
580 io_mem_init();
581 #endif
582 #if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
583 /* There's no guest base to take into account, so go ahead and
584 initialize the prologue now. */
585 tcg_prologue_init(&tcg_ctx);
586 #endif
587 }
588
589 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
590
591 static int cpu_common_post_load(void *opaque, int version_id)
592 {
593 CPUState *env = opaque;
594
595 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
596 version_id is increased. */
597 env->interrupt_request &= ~0x01;
598 tlb_flush(env, 1);
599
600 return 0;
601 }
602
603 static const VMStateDescription vmstate_cpu_common = {
604 .name = "cpu_common",
605 .version_id = 1,
606 .minimum_version_id = 1,
607 .minimum_version_id_old = 1,
608 .post_load = cpu_common_post_load,
609 .fields = (VMStateField []) {
610 VMSTATE_UINT32(halted, CPUState),
611 VMSTATE_UINT32(interrupt_request, CPUState),
612 VMSTATE_END_OF_LIST()
613 }
614 };
615 #endif
616
617 CPUState *qemu_get_cpu(int cpu)
618 {
619 CPUState *env = first_cpu;
620
621 while (env) {
622 if (env->cpu_index == cpu)
623 break;
624 env = env->next_cpu;
625 }
626
627 return env;
628 }
629
630 void cpu_exec_init(CPUState *env)
631 {
632 CPUState **penv;
633 int cpu_index;
634
635 #if defined(CONFIG_USER_ONLY)
636 cpu_list_lock();
637 #endif
638 env->next_cpu = NULL;
639 penv = &first_cpu;
640 cpu_index = 0;
641 while (*penv != NULL) {
642 penv = &(*penv)->next_cpu;
643 cpu_index++;
644 }
645 env->cpu_index = cpu_index;
646 env->numa_node = 0;
647 QTAILQ_INIT(&env->breakpoints);
648 QTAILQ_INIT(&env->watchpoints);
649 #ifdef __WIN32
650 env->thread_id = GetCurrentProcessId();
651 #else
652 env->thread_id = getpid();
653 #endif
654 *penv = env;
655 #if defined(CONFIG_USER_ONLY)
656 cpu_list_unlock();
657 #endif
658 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
659 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
660 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
661 cpu_save, cpu_load, env);
662 #endif
663 }
664
665 static inline void invalidate_page_bitmap(PageDesc *p)
666 {
667 if (p->code_bitmap) {
668 qemu_free(p->code_bitmap);
669 p->code_bitmap = NULL;
670 }
671 p->code_write_count = 0;
672 }
673
674 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
675
676 static void page_flush_tb_1 (int level, void **lp)
677 {
678 int i;
679
680 if (*lp == NULL) {
681 return;
682 }
683 if (level == 0) {
684 PageDesc *pd = *lp;
685 for (i = 0; i < L2_SIZE; ++i) {
686 pd[i].first_tb = NULL;
687 invalidate_page_bitmap(pd + i);
688 }
689 } else {
690 void **pp = *lp;
691 for (i = 0; i < L2_SIZE; ++i) {
692 page_flush_tb_1 (level - 1, pp + i);
693 }
694 }
695 }
696
697 static void page_flush_tb(void)
698 {
699 int i;
700 for (i = 0; i < V_L1_SIZE; i++) {
701 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
702 }
703 }
704
705 /* flush all the translation blocks */
706 /* XXX: tb_flush is currently not thread safe */
707 void tb_flush(CPUState *env1)
708 {
709 CPUState *env;
710 #if defined(DEBUG_FLUSH)
711 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
712 (unsigned long)(code_gen_ptr - code_gen_buffer),
713 nb_tbs, nb_tbs > 0 ?
714 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
715 #endif
716 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
717 cpu_abort(env1, "Internal error: code buffer overflow\n");
718
719 nb_tbs = 0;
720
721 for(env = first_cpu; env != NULL; env = env->next_cpu) {
722 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
723 }
724
725 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
726 page_flush_tb();
727
728 code_gen_ptr = code_gen_buffer;
729 /* XXX: flush processor icache at this point if cache flush is
730 expensive */
731 tb_flush_count++;
732 }
733
734 #ifdef DEBUG_TB_CHECK
735
736 static void tb_invalidate_check(target_ulong address)
737 {
738 TranslationBlock *tb;
739 int i;
740 address &= TARGET_PAGE_MASK;
741 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
742 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
743 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
744 address >= tb->pc + tb->size)) {
745 printf("ERROR invalidate: address=" TARGET_FMT_lx
746 " PC=%08lx size=%04x\n",
747 address, (long)tb->pc, tb->size);
748 }
749 }
750 }
751 }
752
753 /* verify that all the pages have correct rights for code */
754 static void tb_page_check(void)
755 {
756 TranslationBlock *tb;
757 int i, flags1, flags2;
758
759 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
760 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
761 flags1 = page_get_flags(tb->pc);
762 flags2 = page_get_flags(tb->pc + tb->size - 1);
763 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
764 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
765 (long)tb->pc, tb->size, flags1, flags2);
766 }
767 }
768 }
769 }
770
771 #endif
772
773 /* invalidate one TB */
774 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
775 int next_offset)
776 {
777 TranslationBlock *tb1;
778 for(;;) {
779 tb1 = *ptb;
780 if (tb1 == tb) {
781 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
782 break;
783 }
784 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
785 }
786 }
787
788 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
789 {
790 TranslationBlock *tb1;
791 unsigned int n1;
792
793 for(;;) {
794 tb1 = *ptb;
795 n1 = (long)tb1 & 3;
796 tb1 = (TranslationBlock *)((long)tb1 & ~3);
797 if (tb1 == tb) {
798 *ptb = tb1->page_next[n1];
799 break;
800 }
801 ptb = &tb1->page_next[n1];
802 }
803 }
804
805 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
806 {
807 TranslationBlock *tb1, **ptb;
808 unsigned int n1;
809
810 ptb = &tb->jmp_next[n];
811 tb1 = *ptb;
812 if (tb1) {
813 /* find tb(n) in circular list */
814 for(;;) {
815 tb1 = *ptb;
816 n1 = (long)tb1 & 3;
817 tb1 = (TranslationBlock *)((long)tb1 & ~3);
818 if (n1 == n && tb1 == tb)
819 break;
820 if (n1 == 2) {
821 ptb = &tb1->jmp_first;
822 } else {
823 ptb = &tb1->jmp_next[n1];
824 }
825 }
826 /* now we can suppress tb(n) from the list */
827 *ptb = tb->jmp_next[n];
828
829 tb->jmp_next[n] = NULL;
830 }
831 }
832
833 /* reset the jump entry 'n' of a TB so that it is not chained to
834 another TB */
835 static inline void tb_reset_jump(TranslationBlock *tb, int n)
836 {
837 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
838 }
839
840 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
841 {
842 CPUState *env;
843 PageDesc *p;
844 unsigned int h, n1;
845 tb_page_addr_t phys_pc;
846 TranslationBlock *tb1, *tb2;
847
848 /* remove the TB from the hash list */
849 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
850 h = tb_phys_hash_func(phys_pc);
851 tb_remove(&tb_phys_hash[h], tb,
852 offsetof(TranslationBlock, phys_hash_next));
853
854 /* remove the TB from the page list */
855 if (tb->page_addr[0] != page_addr) {
856 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
857 tb_page_remove(&p->first_tb, tb);
858 invalidate_page_bitmap(p);
859 }
860 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
861 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
862 tb_page_remove(&p->first_tb, tb);
863 invalidate_page_bitmap(p);
864 }
865
866 tb_invalidated_flag = 1;
867
868 /* remove the TB from the hash list */
869 h = tb_jmp_cache_hash_func(tb->pc);
870 for(env = first_cpu; env != NULL; env = env->next_cpu) {
871 if (env->tb_jmp_cache[h] == tb)
872 env->tb_jmp_cache[h] = NULL;
873 }
874
875 /* suppress this TB from the two jump lists */
876 tb_jmp_remove(tb, 0);
877 tb_jmp_remove(tb, 1);
878
879 /* suppress any remaining jumps to this TB */
880 tb1 = tb->jmp_first;
881 for(;;) {
882 n1 = (long)tb1 & 3;
883 if (n1 == 2)
884 break;
885 tb1 = (TranslationBlock *)((long)tb1 & ~3);
886 tb2 = tb1->jmp_next[n1];
887 tb_reset_jump(tb1, n1);
888 tb1->jmp_next[n1] = NULL;
889 tb1 = tb2;
890 }
891 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
892
893 tb_phys_invalidate_count++;
894 }
895
896 static inline void set_bits(uint8_t *tab, int start, int len)
897 {
898 int end, mask, end1;
899
900 end = start + len;
901 tab += start >> 3;
902 mask = 0xff << (start & 7);
903 if ((start & ~7) == (end & ~7)) {
904 if (start < end) {
905 mask &= ~(0xff << (end & 7));
906 *tab |= mask;
907 }
908 } else {
909 *tab++ |= mask;
910 start = (start + 8) & ~7;
911 end1 = end & ~7;
912 while (start < end1) {
913 *tab++ = 0xff;
914 start += 8;
915 }
916 if (start < end) {
917 mask = ~(0xff << (end & 7));
918 *tab |= mask;
919 }
920 }
921 }
922
923 static void build_page_bitmap(PageDesc *p)
924 {
925 int n, tb_start, tb_end;
926 TranslationBlock *tb;
927
928 p->code_bitmap = qemu_mallocz(TARGET_PAGE_SIZE / 8);
929
930 tb = p->first_tb;
931 while (tb != NULL) {
932 n = (long)tb & 3;
933 tb = (TranslationBlock *)((long)tb & ~3);
934 /* NOTE: this is subtle as a TB may span two physical pages */
935 if (n == 0) {
936 /* NOTE: tb_end may be after the end of the page, but
937 it is not a problem */
938 tb_start = tb->pc & ~TARGET_PAGE_MASK;
939 tb_end = tb_start + tb->size;
940 if (tb_end > TARGET_PAGE_SIZE)
941 tb_end = TARGET_PAGE_SIZE;
942 } else {
943 tb_start = 0;
944 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
945 }
946 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
947 tb = tb->page_next[n];
948 }
949 }
950
951 TranslationBlock *tb_gen_code(CPUState *env,
952 target_ulong pc, target_ulong cs_base,
953 int flags, int cflags)
954 {
955 TranslationBlock *tb;
956 uint8_t *tc_ptr;
957 tb_page_addr_t phys_pc, phys_page2;
958 target_ulong virt_page2;
959 int code_gen_size;
960
961 phys_pc = get_page_addr_code(env, pc);
962 tb = tb_alloc(pc);
963 if (!tb) {
964 /* flush must be done */
965 tb_flush(env);
966 /* cannot fail at this point */
967 tb = tb_alloc(pc);
968 /* Don't forget to invalidate previous TB info. */
969 tb_invalidated_flag = 1;
970 }
971 tc_ptr = code_gen_ptr;
972 tb->tc_ptr = tc_ptr;
973 tb->cs_base = cs_base;
974 tb->flags = flags;
975 tb->cflags = cflags;
976 cpu_gen_code(env, tb, &code_gen_size);
977 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
978
979 /* check next page if needed */
980 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
981 phys_page2 = -1;
982 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
983 phys_page2 = get_page_addr_code(env, virt_page2);
984 }
985 tb_link_page(tb, phys_pc, phys_page2);
986 return tb;
987 }
988
989 /* invalidate all TBs which intersect with the target physical page
990 starting in range [start;end[. NOTE: start and end must refer to
991 the same physical page. 'is_cpu_write_access' should be true if called
992 from a real cpu write access: the virtual CPU will exit the current
993 TB if code is modified inside this TB. */
994 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
995 int is_cpu_write_access)
996 {
997 TranslationBlock *tb, *tb_next, *saved_tb;
998 CPUState *env = cpu_single_env;
999 tb_page_addr_t tb_start, tb_end;
1000 PageDesc *p;
1001 int n;
1002 #ifdef TARGET_HAS_PRECISE_SMC
1003 int current_tb_not_found = is_cpu_write_access;
1004 TranslationBlock *current_tb = NULL;
1005 int current_tb_modified = 0;
1006 target_ulong current_pc = 0;
1007 target_ulong current_cs_base = 0;
1008 int current_flags = 0;
1009 #endif /* TARGET_HAS_PRECISE_SMC */
1010
1011 p = page_find(start >> TARGET_PAGE_BITS);
1012 if (!p)
1013 return;
1014 if (!p->code_bitmap &&
1015 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1016 is_cpu_write_access) {
1017 /* build code bitmap */
1018 build_page_bitmap(p);
1019 }
1020
1021 /* we remove all the TBs in the range [start, end[ */
1022 /* XXX: see if in some cases it could be faster to invalidate all the code */
1023 tb = p->first_tb;
1024 while (tb != NULL) {
1025 n = (long)tb & 3;
1026 tb = (TranslationBlock *)((long)tb & ~3);
1027 tb_next = tb->page_next[n];
1028 /* NOTE: this is subtle as a TB may span two physical pages */
1029 if (n == 0) {
1030 /* NOTE: tb_end may be after the end of the page, but
1031 it is not a problem */
1032 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1033 tb_end = tb_start + tb->size;
1034 } else {
1035 tb_start = tb->page_addr[1];
1036 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1037 }
1038 if (!(tb_end <= start || tb_start >= end)) {
1039 #ifdef TARGET_HAS_PRECISE_SMC
1040 if (current_tb_not_found) {
1041 current_tb_not_found = 0;
1042 current_tb = NULL;
1043 if (env->mem_io_pc) {
1044 /* now we have a real cpu fault */
1045 current_tb = tb_find_pc(env->mem_io_pc);
1046 }
1047 }
1048 if (current_tb == tb &&
1049 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1050 /* If we are modifying the current TB, we must stop
1051 its execution. We could be more precise by checking
1052 that the modification is after the current PC, but it
1053 would require a specialized function to partially
1054 restore the CPU state */
1055
1056 current_tb_modified = 1;
1057 cpu_restore_state(current_tb, env,
1058 env->mem_io_pc, NULL);
1059 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1060 &current_flags);
1061 }
1062 #endif /* TARGET_HAS_PRECISE_SMC */
1063 /* we need to do that to handle the case where a signal
1064 occurs while doing tb_phys_invalidate() */
1065 saved_tb = NULL;
1066 if (env) {
1067 saved_tb = env->current_tb;
1068 env->current_tb = NULL;
1069 }
1070 tb_phys_invalidate(tb, -1);
1071 if (env) {
1072 env->current_tb = saved_tb;
1073 if (env->interrupt_request && env->current_tb)
1074 cpu_interrupt(env, env->interrupt_request);
1075 }
1076 }
1077 tb = tb_next;
1078 }
1079 #if !defined(CONFIG_USER_ONLY)
1080 /* if no code remaining, no need to continue to use slow writes */
1081 if (!p->first_tb) {
1082 invalidate_page_bitmap(p);
1083 if (is_cpu_write_access) {
1084 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1085 }
1086 }
1087 #endif
1088 #ifdef TARGET_HAS_PRECISE_SMC
1089 if (current_tb_modified) {
1090 /* we generate a block containing just the instruction
1091 modifying the memory. It will ensure that it cannot modify
1092 itself */
1093 env->current_tb = NULL;
1094 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1095 cpu_resume_from_signal(env, NULL);
1096 }
1097 #endif
1098 }
1099
1100 /* len must be <= 8 and start must be a multiple of len */
1101 static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1102 {
1103 PageDesc *p;
1104 int offset, b;
1105 #if 0
1106 if (1) {
1107 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1108 cpu_single_env->mem_io_vaddr, len,
1109 cpu_single_env->eip,
1110 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
1111 }
1112 #endif
1113 p = page_find(start >> TARGET_PAGE_BITS);
1114 if (!p)
1115 return;
1116 if (p->code_bitmap) {
1117 offset = start & ~TARGET_PAGE_MASK;
1118 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1119 if (b & ((1 << len) - 1))
1120 goto do_invalidate;
1121 } else {
1122 do_invalidate:
1123 tb_invalidate_phys_page_range(start, start + len, 1);
1124 }
1125 }
1126
1127 #if !defined(CONFIG_SOFTMMU)
1128 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1129 unsigned long pc, void *puc)
1130 {
1131 TranslationBlock *tb;
1132 PageDesc *p;
1133 int n;
1134 #ifdef TARGET_HAS_PRECISE_SMC
1135 TranslationBlock *current_tb = NULL;
1136 CPUState *env = cpu_single_env;
1137 int current_tb_modified = 0;
1138 target_ulong current_pc = 0;
1139 target_ulong current_cs_base = 0;
1140 int current_flags = 0;
1141 #endif
1142
1143 addr &= TARGET_PAGE_MASK;
1144 p = page_find(addr >> TARGET_PAGE_BITS);
1145 if (!p)
1146 return;
1147 tb = p->first_tb;
1148 #ifdef TARGET_HAS_PRECISE_SMC
1149 if (tb && pc != 0) {
1150 current_tb = tb_find_pc(pc);
1151 }
1152 #endif
1153 while (tb != NULL) {
1154 n = (long)tb & 3;
1155 tb = (TranslationBlock *)((long)tb & ~3);
1156 #ifdef TARGET_HAS_PRECISE_SMC
1157 if (current_tb == tb &&
1158 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1159 /* If we are modifying the current TB, we must stop
1160 its execution. We could be more precise by checking
1161 that the modification is after the current PC, but it
1162 would require a specialized function to partially
1163 restore the CPU state */
1164
1165 current_tb_modified = 1;
1166 cpu_restore_state(current_tb, env, pc, puc);
1167 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1168 &current_flags);
1169 }
1170 #endif /* TARGET_HAS_PRECISE_SMC */
1171 tb_phys_invalidate(tb, addr);
1172 tb = tb->page_next[n];
1173 }
1174 p->first_tb = NULL;
1175 #ifdef TARGET_HAS_PRECISE_SMC
1176 if (current_tb_modified) {
1177 /* we generate a block containing just the instruction
1178 modifying the memory. It will ensure that it cannot modify
1179 itself */
1180 env->current_tb = NULL;
1181 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1182 cpu_resume_from_signal(env, puc);
1183 }
1184 #endif
1185 }
1186 #endif
1187
1188 /* add the tb in the target page and protect it if necessary */
1189 static inline void tb_alloc_page(TranslationBlock *tb,
1190 unsigned int n, tb_page_addr_t page_addr)
1191 {
1192 PageDesc *p;
1193 TranslationBlock *last_first_tb;
1194
1195 tb->page_addr[n] = page_addr;
1196 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1197 tb->page_next[n] = p->first_tb;
1198 last_first_tb = p->first_tb;
1199 p->first_tb = (TranslationBlock *)((long)tb | n);
1200 invalidate_page_bitmap(p);
1201
1202 #if defined(TARGET_HAS_SMC) || 1
1203
1204 #if defined(CONFIG_USER_ONLY)
1205 if (p->flags & PAGE_WRITE) {
1206 target_ulong addr;
1207 PageDesc *p2;
1208 int prot;
1209
1210 /* force the host page as non writable (writes will have a
1211 page fault + mprotect overhead) */
1212 page_addr &= qemu_host_page_mask;
1213 prot = 0;
1214 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1215 addr += TARGET_PAGE_SIZE) {
1216
1217 p2 = page_find (addr >> TARGET_PAGE_BITS);
1218 if (!p2)
1219 continue;
1220 prot |= p2->flags;
1221 p2->flags &= ~PAGE_WRITE;
1222 }
1223 mprotect(g2h(page_addr), qemu_host_page_size,
1224 (prot & PAGE_BITS) & ~PAGE_WRITE);
1225 #ifdef DEBUG_TB_INVALIDATE
1226 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1227 page_addr);
1228 #endif
1229 }
1230 #else
1231 /* if some code is already present, then the pages are already
1232 protected. So we handle the case where only the first TB is
1233 allocated in a physical page */
1234 if (!last_first_tb) {
1235 tlb_protect_code(page_addr);
1236 }
1237 #endif
1238
1239 #endif /* TARGET_HAS_SMC */
1240 }
1241
1242 /* Allocate a new translation block. Flush the translation buffer if
1243 too many translation blocks or too much generated code. */
1244 TranslationBlock *tb_alloc(target_ulong pc)
1245 {
1246 TranslationBlock *tb;
1247
1248 if (nb_tbs >= code_gen_max_blocks ||
1249 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
1250 return NULL;
1251 tb = &tbs[nb_tbs++];
1252 tb->pc = pc;
1253 tb->cflags = 0;
1254 return tb;
1255 }
1256
1257 void tb_free(TranslationBlock *tb)
1258 {
1259 /* In practice this is mostly used for single use temporary TB
1260 Ignore the hard cases and just back up if this TB happens to
1261 be the last one generated. */
1262 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
1263 code_gen_ptr = tb->tc_ptr;
1264 nb_tbs--;
1265 }
1266 }
1267
1268 /* add a new TB and link it to the physical page tables. phys_page2 is
1269 (-1) to indicate that only one page contains the TB. */
1270 void tb_link_page(TranslationBlock *tb,
1271 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
1272 {
1273 unsigned int h;
1274 TranslationBlock **ptb;
1275
1276 /* Grab the mmap lock to stop another thread invalidating this TB
1277 before we are done. */
1278 mmap_lock();
1279 /* add in the physical hash table */
1280 h = tb_phys_hash_func(phys_pc);
1281 ptb = &tb_phys_hash[h];
1282 tb->phys_hash_next = *ptb;
1283 *ptb = tb;
1284
1285 /* add in the page list */
1286 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1287 if (phys_page2 != -1)
1288 tb_alloc_page(tb, 1, phys_page2);
1289 else
1290 tb->page_addr[1] = -1;
1291
1292 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1293 tb->jmp_next[0] = NULL;
1294 tb->jmp_next[1] = NULL;
1295
1296 /* init original jump addresses */
1297 if (tb->tb_next_offset[0] != 0xffff)
1298 tb_reset_jump(tb, 0);
1299 if (tb->tb_next_offset[1] != 0xffff)
1300 tb_reset_jump(tb, 1);
1301
1302 #ifdef DEBUG_TB_CHECK
1303 tb_page_check();
1304 #endif
1305 mmap_unlock();
1306 }
1307
1308 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1309 tb[1].tc_ptr. Return NULL if not found */
1310 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1311 {
1312 int m_min, m_max, m;
1313 unsigned long v;
1314 TranslationBlock *tb;
1315
1316 if (nb_tbs <= 0)
1317 return NULL;
1318 if (tc_ptr < (unsigned long)code_gen_buffer ||
1319 tc_ptr >= (unsigned long)code_gen_ptr)
1320 return NULL;
1321 /* binary search (cf Knuth) */
1322 m_min = 0;
1323 m_max = nb_tbs - 1;
1324 while (m_min <= m_max) {
1325 m = (m_min + m_max) >> 1;
1326 tb = &tbs[m];
1327 v = (unsigned long)tb->tc_ptr;
1328 if (v == tc_ptr)
1329 return tb;
1330 else if (tc_ptr < v) {
1331 m_max = m - 1;
1332 } else {
1333 m_min = m + 1;
1334 }
1335 }
1336 return &tbs[m_max];
1337 }
1338
1339 static void tb_reset_jump_recursive(TranslationBlock *tb);
1340
1341 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1342 {
1343 TranslationBlock *tb1, *tb_next, **ptb;
1344 unsigned int n1;
1345
1346 tb1 = tb->jmp_next[n];
1347 if (tb1 != NULL) {
1348 /* find head of list */
1349 for(;;) {
1350 n1 = (long)tb1 & 3;
1351 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1352 if (n1 == 2)
1353 break;
1354 tb1 = tb1->jmp_next[n1];
1355 }
1356 /* we are now sure now that tb jumps to tb1 */
1357 tb_next = tb1;
1358
1359 /* remove tb from the jmp_first list */
1360 ptb = &tb_next->jmp_first;
1361 for(;;) {
1362 tb1 = *ptb;
1363 n1 = (long)tb1 & 3;
1364 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1365 if (n1 == n && tb1 == tb)
1366 break;
1367 ptb = &tb1->jmp_next[n1];
1368 }
1369 *ptb = tb->jmp_next[n];
1370 tb->jmp_next[n] = NULL;
1371
1372 /* suppress the jump to next tb in generated code */
1373 tb_reset_jump(tb, n);
1374
1375 /* suppress jumps in the tb on which we could have jumped */
1376 tb_reset_jump_recursive(tb_next);
1377 }
1378 }
1379
1380 static void tb_reset_jump_recursive(TranslationBlock *tb)
1381 {
1382 tb_reset_jump_recursive2(tb, 0);
1383 tb_reset_jump_recursive2(tb, 1);
1384 }
1385
1386 #if defined(TARGET_HAS_ICE)
1387 #if defined(CONFIG_USER_ONLY)
1388 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1389 {
1390 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1391 }
1392 #else
1393 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1394 {
1395 target_phys_addr_t addr;
1396 target_ulong pd;
1397 ram_addr_t ram_addr;
1398 PhysPageDesc *p;
1399
1400 addr = cpu_get_phys_page_debug(env, pc);
1401 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1402 if (!p) {
1403 pd = IO_MEM_UNASSIGNED;
1404 } else {
1405 pd = p->phys_offset;
1406 }
1407 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1408 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1409 }
1410 #endif
1411 #endif /* TARGET_HAS_ICE */
1412
1413 #if defined(CONFIG_USER_ONLY)
1414 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1415
1416 {
1417 }
1418
1419 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1420 int flags, CPUWatchpoint **watchpoint)
1421 {
1422 return -ENOSYS;
1423 }
1424 #else
1425 /* Add a watchpoint. */
1426 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1427 int flags, CPUWatchpoint **watchpoint)
1428 {
1429 target_ulong len_mask = ~(len - 1);
1430 CPUWatchpoint *wp;
1431
1432 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1433 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1434 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1435 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1436 return -EINVAL;
1437 }
1438 wp = qemu_malloc(sizeof(*wp));
1439
1440 wp->vaddr = addr;
1441 wp->len_mask = len_mask;
1442 wp->flags = flags;
1443
1444 /* keep all GDB-injected watchpoints in front */
1445 if (flags & BP_GDB)
1446 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1447 else
1448 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1449
1450 tlb_flush_page(env, addr);
1451
1452 if (watchpoint)
1453 *watchpoint = wp;
1454 return 0;
1455 }
1456
1457 /* Remove a specific watchpoint. */
1458 int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1459 int flags)
1460 {
1461 target_ulong len_mask = ~(len - 1);
1462 CPUWatchpoint *wp;
1463
1464 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1465 if (addr == wp->vaddr && len_mask == wp->len_mask
1466 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1467 cpu_watchpoint_remove_by_ref(env, wp);
1468 return 0;
1469 }
1470 }
1471 return -ENOENT;
1472 }
1473
1474 /* Remove a specific watchpoint by reference. */
1475 void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1476 {
1477 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1478
1479 tlb_flush_page(env, watchpoint->vaddr);
1480
1481 qemu_free(watchpoint);
1482 }
1483
1484 /* Remove all matching watchpoints. */
1485 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1486 {
1487 CPUWatchpoint *wp, *next;
1488
1489 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1490 if (wp->flags & mask)
1491 cpu_watchpoint_remove_by_ref(env, wp);
1492 }
1493 }
1494 #endif
1495
1496 /* Add a breakpoint. */
1497 int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1498 CPUBreakpoint **breakpoint)
1499 {
1500 #if defined(TARGET_HAS_ICE)
1501 CPUBreakpoint *bp;
1502
1503 bp = qemu_malloc(sizeof(*bp));
1504
1505 bp->pc = pc;
1506 bp->flags = flags;
1507
1508 /* keep all GDB-injected breakpoints in front */
1509 if (flags & BP_GDB)
1510 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1511 else
1512 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1513
1514 breakpoint_invalidate(env, pc);
1515
1516 if (breakpoint)
1517 *breakpoint = bp;
1518 return 0;
1519 #else
1520 return -ENOSYS;
1521 #endif
1522 }
1523
1524 /* Remove a specific breakpoint. */
1525 int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1526 {
1527 #if defined(TARGET_HAS_ICE)
1528 CPUBreakpoint *bp;
1529
1530 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1531 if (bp->pc == pc && bp->flags == flags) {
1532 cpu_breakpoint_remove_by_ref(env, bp);
1533 return 0;
1534 }
1535 }
1536 return -ENOENT;
1537 #else
1538 return -ENOSYS;
1539 #endif
1540 }
1541
1542 /* Remove a specific breakpoint by reference. */
1543 void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
1544 {
1545 #if defined(TARGET_HAS_ICE)
1546 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1547
1548 breakpoint_invalidate(env, breakpoint->pc);
1549
1550 qemu_free(breakpoint);
1551 #endif
1552 }
1553
1554 /* Remove all matching breakpoints. */
1555 void cpu_breakpoint_remove_all(CPUState *env, int mask)
1556 {
1557 #if defined(TARGET_HAS_ICE)
1558 CPUBreakpoint *bp, *next;
1559
1560 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1561 if (bp->flags & mask)
1562 cpu_breakpoint_remove_by_ref(env, bp);
1563 }
1564 #endif
1565 }
1566
1567 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1568 CPU loop after each instruction */
1569 void cpu_single_step(CPUState *env, int enabled)
1570 {
1571 #if defined(TARGET_HAS_ICE)
1572 if (env->singlestep_enabled != enabled) {
1573 env->singlestep_enabled = enabled;
1574 if (kvm_enabled())
1575 kvm_update_guest_debug(env, 0);
1576 else {
1577 /* must flush all the translated code to avoid inconsistencies */
1578 /* XXX: only flush what is necessary */
1579 tb_flush(env);
1580 }
1581 }
1582 #endif
1583 }
1584
1585 /* enable or disable low levels log */
1586 void cpu_set_log(int log_flags)
1587 {
1588 loglevel = log_flags;
1589 if (loglevel && !logfile) {
1590 logfile = fopen(logfilename, log_append ? "a" : "w");
1591 if (!logfile) {
1592 perror(logfilename);
1593 _exit(1);
1594 }
1595 #if !defined(CONFIG_SOFTMMU)
1596 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1597 {
1598 static char logfile_buf[4096];
1599 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1600 }
1601 #elif !defined(_WIN32)
1602 /* Win32 doesn't support line-buffering and requires size >= 2 */
1603 setvbuf(logfile, NULL, _IOLBF, 0);
1604 #endif
1605 log_append = 1;
1606 }
1607 if (!loglevel && logfile) {
1608 fclose(logfile);
1609 logfile = NULL;
1610 }
1611 }
1612
1613 void cpu_set_log_filename(const char *filename)
1614 {
1615 logfilename = strdup(filename);
1616 if (logfile) {
1617 fclose(logfile);
1618 logfile = NULL;
1619 }
1620 cpu_set_log(loglevel);
1621 }
1622
1623 static void cpu_unlink_tb(CPUState *env)
1624 {
1625 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1626 problem and hope the cpu will stop of its own accord. For userspace
1627 emulation this often isn't actually as bad as it sounds. Often
1628 signals are used primarily to interrupt blocking syscalls. */
1629 TranslationBlock *tb;
1630 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1631
1632 spin_lock(&interrupt_lock);
1633 tb = env->current_tb;
1634 /* if the cpu is currently executing code, we must unlink it and
1635 all the potentially executing TB */
1636 if (tb) {
1637 env->current_tb = NULL;
1638 tb_reset_jump_recursive(tb);
1639 }
1640 spin_unlock(&interrupt_lock);
1641 }
1642
1643 /* mask must never be zero, except for A20 change call */
1644 void cpu_interrupt(CPUState *env, int mask)
1645 {
1646 int old_mask;
1647
1648 old_mask = env->interrupt_request;
1649 env->interrupt_request |= mask;
1650 if (kvm_enabled() && !kvm_irqchip_in_kernel())
1651 kvm_update_interrupt_request(env);
1652
1653 #ifndef CONFIG_USER_ONLY
1654 /*
1655 * If called from iothread context, wake the target cpu in
1656 * case its halted.
1657 */
1658 if (!qemu_cpu_self(env)) {
1659 qemu_cpu_kick(env);
1660 return;
1661 }
1662 #endif
1663
1664 if (use_icount) {
1665 env->icount_decr.u16.high = 0xffff;
1666 #ifndef CONFIG_USER_ONLY
1667 if (!can_do_io(env)
1668 && (mask & ~old_mask) != 0) {
1669 cpu_abort(env, "Raised interrupt while not in I/O function");
1670 }
1671 #endif
1672 } else {
1673 cpu_unlink_tb(env);
1674 }
1675 }
1676
1677 void cpu_reset_interrupt(CPUState *env, int mask)
1678 {
1679 env->interrupt_request &= ~mask;
1680 }
1681
1682 void cpu_exit(CPUState *env)
1683 {
1684 env->exit_request = 1;
1685 cpu_unlink_tb(env);
1686 }
1687
1688 const CPULogItem cpu_log_items[] = {
1689 { CPU_LOG_TB_OUT_ASM, "out_asm",
1690 "show generated host assembly code for each compiled TB" },
1691 { CPU_LOG_TB_IN_ASM, "in_asm",
1692 "show target assembly code for each compiled TB" },
1693 { CPU_LOG_TB_OP, "op",
1694 "show micro ops for each compiled TB" },
1695 { CPU_LOG_TB_OP_OPT, "op_opt",
1696 "show micro ops "
1697 #ifdef TARGET_I386
1698 "before eflags optimization and "
1699 #endif
1700 "after liveness analysis" },
1701 { CPU_LOG_INT, "int",
1702 "show interrupts/exceptions in short format" },
1703 { CPU_LOG_EXEC, "exec",
1704 "show trace before each executed TB (lots of logs)" },
1705 { CPU_LOG_TB_CPU, "cpu",
1706 "show CPU state before block translation" },
1707 #ifdef TARGET_I386
1708 { CPU_LOG_PCALL, "pcall",
1709 "show protected mode far calls/returns/exceptions" },
1710 { CPU_LOG_RESET, "cpu_reset",
1711 "show CPU state before CPU resets" },
1712 #endif
1713 #ifdef DEBUG_IOPORT
1714 { CPU_LOG_IOPORT, "ioport",
1715 "show all i/o ports accesses" },
1716 #endif
1717 { 0, NULL, NULL },
1718 };
1719
1720 #ifndef CONFIG_USER_ONLY
1721 static QLIST_HEAD(memory_client_list, CPUPhysMemoryClient) memory_client_list
1722 = QLIST_HEAD_INITIALIZER(memory_client_list);
1723
1724 static void cpu_notify_set_memory(target_phys_addr_t start_addr,
1725 ram_addr_t size,
1726 ram_addr_t phys_offset)
1727 {
1728 CPUPhysMemoryClient *client;
1729 QLIST_FOREACH(client, &memory_client_list, list) {
1730 client->set_memory(client, start_addr, size, phys_offset);
1731 }
1732 }
1733
1734 static int cpu_notify_sync_dirty_bitmap(target_phys_addr_t start,
1735 target_phys_addr_t end)
1736 {
1737 CPUPhysMemoryClient *client;
1738 QLIST_FOREACH(client, &memory_client_list, list) {
1739 int r = client->sync_dirty_bitmap(client, start, end);
1740 if (r < 0)
1741 return r;
1742 }
1743 return 0;
1744 }
1745
1746 static int cpu_notify_migration_log(int enable)
1747 {
1748 CPUPhysMemoryClient *client;
1749 QLIST_FOREACH(client, &memory_client_list, list) {
1750 int r = client->migration_log(client, enable);
1751 if (r < 0)
1752 return r;
1753 }
1754 return 0;
1755 }
1756
1757 static void phys_page_for_each_1(CPUPhysMemoryClient *client,
1758 int level, void **lp)
1759 {
1760 int i;
1761
1762 if (*lp == NULL) {
1763 return;
1764 }
1765 if (level == 0) {
1766 PhysPageDesc *pd = *lp;
1767 for (i = 0; i < L2_SIZE; ++i) {
1768 if (pd[i].phys_offset != IO_MEM_UNASSIGNED) {
1769 client->set_memory(client, pd[i].region_offset,
1770 TARGET_PAGE_SIZE, pd[i].phys_offset);
1771 }
1772 }
1773 } else {
1774 void **pp = *lp;
1775 for (i = 0; i < L2_SIZE; ++i) {
1776 phys_page_for_each_1(client, level - 1, pp + i);
1777 }
1778 }
1779 }
1780
1781 static void phys_page_for_each(CPUPhysMemoryClient *client)
1782 {
1783 int i;
1784 for (i = 0; i < P_L1_SIZE; ++i) {
1785 phys_page_for_each_1(client, P_L1_SHIFT / L2_BITS - 1,
1786 l1_phys_map + 1);
1787 }
1788 }
1789
1790 void cpu_register_phys_memory_client(CPUPhysMemoryClient *client)
1791 {
1792 QLIST_INSERT_HEAD(&memory_client_list, client, list);
1793 phys_page_for_each(client);
1794 }
1795
1796 void cpu_unregister_phys_memory_client(CPUPhysMemoryClient *client)
1797 {
1798 QLIST_REMOVE(client, list);
1799 }
1800 #endif
1801
1802 static int cmp1(const char *s1, int n, const char *s2)
1803 {
1804 if (strlen(s2) != n)
1805 return 0;
1806 return memcmp(s1, s2, n) == 0;
1807 }
1808
1809 /* takes a comma separated list of log masks. Return 0 if error. */
1810 int cpu_str_to_log_mask(const char *str)
1811 {
1812 const CPULogItem *item;
1813 int mask;
1814 const char *p, *p1;
1815
1816 p = str;
1817 mask = 0;
1818 for(;;) {
1819 p1 = strchr(p, ',');
1820 if (!p1)
1821 p1 = p + strlen(p);
1822 if(cmp1(p,p1-p,"all")) {
1823 for(item = cpu_log_items; item->mask != 0; item++) {
1824 mask |= item->mask;
1825 }
1826 } else {
1827 for(item = cpu_log_items; item->mask != 0; item++) {
1828 if (cmp1(p, p1 - p, item->name))
1829 goto found;
1830 }
1831 return 0;
1832 }
1833 found:
1834 mask |= item->mask;
1835 if (*p1 != ',')
1836 break;
1837 p = p1 + 1;
1838 }
1839 return mask;
1840 }
1841
1842 void cpu_abort(CPUState *env, const char *fmt, ...)
1843 {
1844 va_list ap;
1845 va_list ap2;
1846
1847 va_start(ap, fmt);
1848 va_copy(ap2, ap);
1849 fprintf(stderr, "qemu: fatal: ");
1850 vfprintf(stderr, fmt, ap);
1851 fprintf(stderr, "\n");
1852 #ifdef TARGET_I386
1853 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1854 #else
1855 cpu_dump_state(env, stderr, fprintf, 0);
1856 #endif
1857 if (qemu_log_enabled()) {
1858 qemu_log("qemu: fatal: ");
1859 qemu_log_vprintf(fmt, ap2);
1860 qemu_log("\n");
1861 #ifdef TARGET_I386
1862 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
1863 #else
1864 log_cpu_state(env, 0);
1865 #endif
1866 qemu_log_flush();
1867 qemu_log_close();
1868 }
1869 va_end(ap2);
1870 va_end(ap);
1871 #if defined(CONFIG_USER_ONLY)
1872 {
1873 struct sigaction act;
1874 sigfillset(&act.sa_mask);
1875 act.sa_handler = SIG_DFL;
1876 sigaction(SIGABRT, &act, NULL);
1877 }
1878 #endif
1879 abort();
1880 }
1881
1882 CPUState *cpu_copy(CPUState *env)
1883 {
1884 CPUState *new_env = cpu_init(env->cpu_model_str);
1885 CPUState *next_cpu = new_env->next_cpu;
1886 int cpu_index = new_env->cpu_index;
1887 #if defined(TARGET_HAS_ICE)
1888 CPUBreakpoint *bp;
1889 CPUWatchpoint *wp;
1890 #endif
1891
1892 memcpy(new_env, env, sizeof(CPUState));
1893
1894 /* Preserve chaining and index. */
1895 new_env->next_cpu = next_cpu;
1896 new_env->cpu_index = cpu_index;
1897
1898 /* Clone all break/watchpoints.
1899 Note: Once we support ptrace with hw-debug register access, make sure
1900 BP_CPU break/watchpoints are handled correctly on clone. */
1901 QTAILQ_INIT(&env->breakpoints);
1902 QTAILQ_INIT(&env->watchpoints);
1903 #if defined(TARGET_HAS_ICE)
1904 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1905 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1906 }
1907 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1908 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1909 wp->flags, NULL);
1910 }
1911 #endif
1912
1913 return new_env;
1914 }
1915
1916 #if !defined(CONFIG_USER_ONLY)
1917
1918 static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1919 {
1920 unsigned int i;
1921
1922 /* Discard jump cache entries for any tb which might potentially
1923 overlap the flushed page. */
1924 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1925 memset (&env->tb_jmp_cache[i], 0,
1926 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1927
1928 i = tb_jmp_cache_hash_page(addr);
1929 memset (&env->tb_jmp_cache[i], 0,
1930 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1931 }
1932
1933 static CPUTLBEntry s_cputlb_empty_entry = {
1934 .addr_read = -1,
1935 .addr_write = -1,
1936 .addr_code = -1,
1937 .addend = -1,
1938 };
1939
1940 /* NOTE: if flush_global is true, also flush global entries (not
1941 implemented yet) */
1942 void tlb_flush(CPUState *env, int flush_global)
1943 {
1944 int i;
1945
1946 #if defined(DEBUG_TLB)
1947 printf("tlb_flush:\n");
1948 #endif
1949 /* must reset current TB so that interrupts cannot modify the
1950 links while we are modifying them */
1951 env->current_tb = NULL;
1952
1953 for(i = 0; i < CPU_TLB_SIZE; i++) {
1954 int mmu_idx;
1955 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1956 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
1957 }
1958 }
1959
1960 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1961
1962 env->tlb_flush_addr = -1;
1963 env->tlb_flush_mask = 0;
1964 tlb_flush_count++;
1965 }
1966
1967 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1968 {
1969 if (addr == (tlb_entry->addr_read &
1970 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1971 addr == (tlb_entry->addr_write &
1972 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1973 addr == (tlb_entry->addr_code &
1974 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1975 *tlb_entry = s_cputlb_empty_entry;
1976 }
1977 }
1978
1979 void tlb_flush_page(CPUState *env, target_ulong addr)
1980 {
1981 int i;
1982 int mmu_idx;
1983
1984 #if defined(DEBUG_TLB)
1985 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1986 #endif
1987 /* Check if we need to flush due to large pages. */
1988 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
1989 #if defined(DEBUG_TLB)
1990 printf("tlb_flush_page: forced full flush ("
1991 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
1992 env->tlb_flush_addr, env->tlb_flush_mask);
1993 #endif
1994 tlb_flush(env, 1);
1995 return;
1996 }
1997 /* must reset current TB so that interrupts cannot modify the
1998 links while we are modifying them */
1999 env->current_tb = NULL;
2000
2001 addr &= TARGET_PAGE_MASK;
2002 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2003 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2004 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
2005
2006 tlb_flush_jmp_cache(env, addr);
2007 }
2008
2009 /* update the TLBs so that writes to code in the virtual page 'addr'
2010 can be detected */
2011 static void tlb_protect_code(ram_addr_t ram_addr)
2012 {
2013 cpu_physical_memory_reset_dirty(ram_addr,
2014 ram_addr + TARGET_PAGE_SIZE,
2015 CODE_DIRTY_FLAG);
2016 }
2017
2018 /* update the TLB so that writes in physical page 'phys_addr' are no longer
2019 tested for self modifying code */
2020 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
2021 target_ulong vaddr)
2022 {
2023 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
2024 }
2025
2026 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
2027 unsigned long start, unsigned long length)
2028 {
2029 unsigned long addr;
2030 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
2031 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
2032 if ((addr - start) < length) {
2033 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
2034 }
2035 }
2036 }
2037
2038 /* Note: start and end must be within the same ram block. */
2039 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
2040 int dirty_flags)
2041 {
2042 CPUState *env;
2043 unsigned long length, start1;
2044 int i;
2045
2046 start &= TARGET_PAGE_MASK;
2047 end = TARGET_PAGE_ALIGN(end);
2048
2049 length = end - start;
2050 if (length == 0)
2051 return;
2052 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
2053
2054 /* we modify the TLB cache so that the dirty bit will be set again
2055 when accessing the range */
2056 start1 = (unsigned long)qemu_get_ram_ptr(start);
2057 /* Chek that we don't span multiple blocks - this breaks the
2058 address comparisons below. */
2059 if ((unsigned long)qemu_get_ram_ptr(end - 1) - start1
2060 != (end - 1) - start) {
2061 abort();
2062 }
2063
2064 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2065 int mmu_idx;
2066 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2067 for(i = 0; i < CPU_TLB_SIZE; i++)
2068 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2069 start1, length);
2070 }
2071 }
2072 }
2073
2074 int cpu_physical_memory_set_dirty_tracking(int enable)
2075 {
2076 int ret = 0;
2077 in_migration = enable;
2078 ret = cpu_notify_migration_log(!!enable);
2079 return ret;
2080 }
2081
2082 int cpu_physical_memory_get_dirty_tracking(void)
2083 {
2084 return in_migration;
2085 }
2086
2087 int cpu_physical_sync_dirty_bitmap(target_phys_addr_t start_addr,
2088 target_phys_addr_t end_addr)
2089 {
2090 int ret;
2091
2092 ret = cpu_notify_sync_dirty_bitmap(start_addr, end_addr);
2093 return ret;
2094 }
2095
2096 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2097 {
2098 ram_addr_t ram_addr;
2099 void *p;
2100
2101 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
2102 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2103 + tlb_entry->addend);
2104 ram_addr = qemu_ram_addr_from_host_nofail(p);
2105 if (!cpu_physical_memory_is_dirty(ram_addr)) {
2106 tlb_entry->addr_write |= TLB_NOTDIRTY;
2107 }
2108 }
2109 }
2110
2111 /* update the TLB according to the current state of the dirty bits */
2112 void cpu_tlb_update_dirty(CPUState *env)
2113 {
2114 int i;
2115 int mmu_idx;
2116 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2117 for(i = 0; i < CPU_TLB_SIZE; i++)
2118 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2119 }
2120 }
2121
2122 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
2123 {
2124 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2125 tlb_entry->addr_write = vaddr;
2126 }
2127
2128 /* update the TLB corresponding to virtual page vaddr
2129 so that it is no longer dirty */
2130 static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
2131 {
2132 int i;
2133 int mmu_idx;
2134
2135 vaddr &= TARGET_PAGE_MASK;
2136 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2137 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2138 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
2139 }
2140
2141 /* Our TLB does not support large pages, so remember the area covered by
2142 large pages and trigger a full TLB flush if these are invalidated. */
2143 static void tlb_add_large_page(CPUState *env, target_ulong vaddr,
2144 target_ulong size)
2145 {
2146 target_ulong mask = ~(size - 1);
2147
2148 if (env->tlb_flush_addr == (target_ulong)-1) {
2149 env->tlb_flush_addr = vaddr & mask;
2150 env->tlb_flush_mask = mask;
2151 return;
2152 }
2153 /* Extend the existing region to include the new page.
2154 This is a compromise between unnecessary flushes and the cost
2155 of maintaining a full variable size TLB. */
2156 mask &= env->tlb_flush_mask;
2157 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2158 mask <<= 1;
2159 }
2160 env->tlb_flush_addr &= mask;
2161 env->tlb_flush_mask = mask;
2162 }
2163
2164 /* Add a new TLB entry. At most one entry for a given virtual address
2165 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2166 supplied size is only used by tlb_flush_page. */
2167 void tlb_set_page(CPUState *env, target_ulong vaddr,
2168 target_phys_addr_t paddr, int prot,
2169 int mmu_idx, target_ulong size)
2170 {
2171 PhysPageDesc *p;
2172 unsigned long pd;
2173 unsigned int index;
2174 target_ulong address;
2175 target_ulong code_address;
2176 unsigned long addend;
2177 CPUTLBEntry *te;
2178 CPUWatchpoint *wp;
2179 target_phys_addr_t iotlb;
2180
2181 assert(size >= TARGET_PAGE_SIZE);
2182 if (size != TARGET_PAGE_SIZE) {
2183 tlb_add_large_page(env, vaddr, size);
2184 }
2185 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
2186 if (!p) {
2187 pd = IO_MEM_UNASSIGNED;
2188 } else {
2189 pd = p->phys_offset;
2190 }
2191 #if defined(DEBUG_TLB)
2192 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
2193 " prot=%x idx=%d pd=0x%08lx\n",
2194 vaddr, paddr, prot, mmu_idx, pd);
2195 #endif
2196
2197 address = vaddr;
2198 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
2199 /* IO memory case (romd handled later) */
2200 address |= TLB_MMIO;
2201 }
2202 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
2203 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
2204 /* Normal RAM. */
2205 iotlb = pd & TARGET_PAGE_MASK;
2206 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
2207 iotlb |= IO_MEM_NOTDIRTY;
2208 else
2209 iotlb |= IO_MEM_ROM;
2210 } else {
2211 /* IO handlers are currently passed a physical address.
2212 It would be nice to pass an offset from the base address
2213 of that region. This would avoid having to special case RAM,
2214 and avoid full address decoding in every device.
2215 We can't use the high bits of pd for this because
2216 IO_MEM_ROMD uses these as a ram address. */
2217 iotlb = (pd & ~TARGET_PAGE_MASK);
2218 if (p) {
2219 iotlb += p->region_offset;
2220 } else {
2221 iotlb += paddr;
2222 }
2223 }
2224
2225 code_address = address;
2226 /* Make accesses to pages with watchpoints go via the
2227 watchpoint trap routines. */
2228 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2229 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2230 /* Avoid trapping reads of pages with a write breakpoint. */
2231 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
2232 iotlb = io_mem_watch + paddr;
2233 address |= TLB_MMIO;
2234 break;
2235 }
2236 }
2237 }
2238
2239 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2240 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2241 te = &env->tlb_table[mmu_idx][index];
2242 te->addend = addend - vaddr;
2243 if (prot & PAGE_READ) {
2244 te->addr_read = address;
2245 } else {
2246 te->addr_read = -1;
2247 }
2248
2249 if (prot & PAGE_EXEC) {
2250 te->addr_code = code_address;
2251 } else {
2252 te->addr_code = -1;
2253 }
2254 if (prot & PAGE_WRITE) {
2255 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
2256 (pd & IO_MEM_ROMD)) {
2257 /* Write access calls the I/O callback. */
2258 te->addr_write = address | TLB_MMIO;
2259 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
2260 !cpu_physical_memory_is_dirty(pd)) {
2261 te->addr_write = address | TLB_NOTDIRTY;
2262 } else {
2263 te->addr_write = address;
2264 }
2265 } else {
2266 te->addr_write = -1;
2267 }
2268 }
2269
2270 #else
2271
2272 void tlb_flush(CPUState *env, int flush_global)
2273 {
2274 }
2275
2276 void tlb_flush_page(CPUState *env, target_ulong addr)
2277 {
2278 }
2279
2280 /*
2281 * Walks guest process memory "regions" one by one
2282 * and calls callback function 'fn' for each region.
2283 */
2284
2285 struct walk_memory_regions_data
2286 {
2287 walk_memory_regions_fn fn;
2288 void *priv;
2289 unsigned long start;
2290 int prot;
2291 };
2292
2293 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
2294 abi_ulong end, int new_prot)
2295 {
2296 if (data->start != -1ul) {
2297 int rc = data->fn(data->priv, data->start, end, data->prot);
2298 if (rc != 0) {
2299 return rc;
2300 }
2301 }
2302
2303 data->start = (new_prot ? end : -1ul);
2304 data->prot = new_prot;
2305
2306 return 0;
2307 }
2308
2309 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
2310 abi_ulong base, int level, void **lp)
2311 {
2312 abi_ulong pa;
2313 int i, rc;
2314
2315 if (*lp == NULL) {
2316 return walk_memory_regions_end(data, base, 0);
2317 }
2318
2319 if (level == 0) {
2320 PageDesc *pd = *lp;
2321 for (i = 0; i < L2_SIZE; ++i) {
2322 int prot = pd[i].flags;
2323
2324 pa = base | (i << TARGET_PAGE_BITS);
2325 if (prot != data->prot) {
2326 rc = walk_memory_regions_end(data, pa, prot);
2327 if (rc != 0) {
2328 return rc;
2329 }
2330 }
2331 }
2332 } else {
2333 void **pp = *lp;
2334 for (i = 0; i < L2_SIZE; ++i) {
2335 pa = base | ((abi_ulong)i <<
2336 (TARGET_PAGE_BITS + L2_BITS * level));
2337 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2338 if (rc != 0) {
2339 return rc;
2340 }
2341 }
2342 }
2343
2344 return 0;
2345 }
2346
2347 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2348 {
2349 struct walk_memory_regions_data data;
2350 unsigned long i;
2351
2352 data.fn = fn;
2353 data.priv = priv;
2354 data.start = -1ul;
2355 data.prot = 0;
2356
2357 for (i = 0; i < V_L1_SIZE; i++) {
2358 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
2359 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2360 if (rc != 0) {
2361 return rc;
2362 }
2363 }
2364
2365 return walk_memory_regions_end(&data, 0, 0);
2366 }
2367
2368 static int dump_region(void *priv, abi_ulong start,
2369 abi_ulong end, unsigned long prot)
2370 {
2371 FILE *f = (FILE *)priv;
2372
2373 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2374 " "TARGET_ABI_FMT_lx" %c%c%c\n",
2375 start, end, end - start,
2376 ((prot & PAGE_READ) ? 'r' : '-'),
2377 ((prot & PAGE_WRITE) ? 'w' : '-'),
2378 ((prot & PAGE_EXEC) ? 'x' : '-'));
2379
2380 return (0);
2381 }
2382
2383 /* dump memory mappings */
2384 void page_dump(FILE *f)
2385 {
2386 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2387 "start", "end", "size", "prot");
2388 walk_memory_regions(f, dump_region);
2389 }
2390
2391 int page_get_flags(target_ulong address)
2392 {
2393 PageDesc *p;
2394
2395 p = page_find(address >> TARGET_PAGE_BITS);
2396 if (!p)
2397 return 0;
2398 return p->flags;
2399 }
2400
2401 /* Modify the flags of a page and invalidate the code if necessary.
2402 The flag PAGE_WRITE_ORG is positioned automatically depending
2403 on PAGE_WRITE. The mmap_lock should already be held. */
2404 void page_set_flags(target_ulong start, target_ulong end, int flags)
2405 {
2406 target_ulong addr, len;
2407
2408 /* This function should never be called with addresses outside the
2409 guest address space. If this assert fires, it probably indicates
2410 a missing call to h2g_valid. */
2411 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2412 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2413 #endif
2414 assert(start < end);
2415
2416 start = start & TARGET_PAGE_MASK;
2417 end = TARGET_PAGE_ALIGN(end);
2418
2419 if (flags & PAGE_WRITE) {
2420 flags |= PAGE_WRITE_ORG;
2421 }
2422
2423 for (addr = start, len = end - start;
2424 len != 0;
2425 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2426 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2427
2428 /* If the write protection bit is set, then we invalidate
2429 the code inside. */
2430 if (!(p->flags & PAGE_WRITE) &&
2431 (flags & PAGE_WRITE) &&
2432 p->first_tb) {
2433 tb_invalidate_phys_page(addr, 0, NULL);
2434 }
2435 p->flags = flags;
2436 }
2437 }
2438
2439 int page_check_range(target_ulong start, target_ulong len, int flags)
2440 {
2441 PageDesc *p;
2442 target_ulong end;
2443 target_ulong addr;
2444
2445 /* This function should never be called with addresses outside the
2446 guest address space. If this assert fires, it probably indicates
2447 a missing call to h2g_valid. */
2448 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2449 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2450 #endif
2451
2452 if (len == 0) {
2453 return 0;
2454 }
2455 if (start + len - 1 < start) {
2456 /* We've wrapped around. */
2457 return -1;
2458 }
2459
2460 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2461 start = start & TARGET_PAGE_MASK;
2462
2463 for (addr = start, len = end - start;
2464 len != 0;
2465 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2466 p = page_find(addr >> TARGET_PAGE_BITS);
2467 if( !p )
2468 return -1;
2469 if( !(p->flags & PAGE_VALID) )
2470 return -1;
2471
2472 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2473 return -1;
2474 if (flags & PAGE_WRITE) {
2475 if (!(p->flags & PAGE_WRITE_ORG))
2476 return -1;
2477 /* unprotect the page if it was put read-only because it
2478 contains translated code */
2479 if (!(p->flags & PAGE_WRITE)) {
2480 if (!page_unprotect(addr, 0, NULL))
2481 return -1;
2482 }
2483 return 0;
2484 }
2485 }
2486 return 0;
2487 }
2488
2489 /* called from signal handler: invalidate the code and unprotect the
2490 page. Return TRUE if the fault was successfully handled. */
2491 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2492 {
2493 unsigned int prot;
2494 PageDesc *p;
2495 target_ulong host_start, host_end, addr;
2496
2497 /* Technically this isn't safe inside a signal handler. However we
2498 know this only ever happens in a synchronous SEGV handler, so in
2499 practice it seems to be ok. */
2500 mmap_lock();
2501
2502 p = page_find(address >> TARGET_PAGE_BITS);
2503 if (!p) {
2504 mmap_unlock();
2505 return 0;
2506 }
2507
2508 /* if the page was really writable, then we change its
2509 protection back to writable */
2510 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2511 host_start = address & qemu_host_page_mask;
2512 host_end = host_start + qemu_host_page_size;
2513
2514 prot = 0;
2515 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2516 p = page_find(addr >> TARGET_PAGE_BITS);
2517 p->flags |= PAGE_WRITE;
2518 prot |= p->flags;
2519
2520 /* and since the content will be modified, we must invalidate
2521 the corresponding translated code. */
2522 tb_invalidate_phys_page(addr, pc, puc);
2523 #ifdef DEBUG_TB_CHECK
2524 tb_invalidate_check(addr);
2525 #endif
2526 }
2527 mprotect((void *)g2h(host_start), qemu_host_page_size,
2528 prot & PAGE_BITS);
2529
2530 mmap_unlock();
2531 return 1;
2532 }
2533 mmap_unlock();
2534 return 0;
2535 }
2536
2537 static inline void tlb_set_dirty(CPUState *env,
2538 unsigned long addr, target_ulong vaddr)
2539 {
2540 }
2541 #endif /* defined(CONFIG_USER_ONLY) */
2542
2543 #if !defined(CONFIG_USER_ONLY)
2544
2545 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2546 typedef struct subpage_t {
2547 target_phys_addr_t base;
2548 ram_addr_t sub_io_index[TARGET_PAGE_SIZE];
2549 ram_addr_t region_offset[TARGET_PAGE_SIZE];
2550 } subpage_t;
2551
2552 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2553 ram_addr_t memory, ram_addr_t region_offset);
2554 static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2555 ram_addr_t orig_memory,
2556 ram_addr_t region_offset);
2557 #define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2558 need_subpage) \
2559 do { \
2560 if (addr > start_addr) \
2561 start_addr2 = 0; \
2562 else { \
2563 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2564 if (start_addr2 > 0) \
2565 need_subpage = 1; \
2566 } \
2567 \
2568 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2569 end_addr2 = TARGET_PAGE_SIZE - 1; \
2570 else { \
2571 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2572 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2573 need_subpage = 1; \
2574 } \
2575 } while (0)
2576
2577 /* register physical memory.
2578 For RAM, 'size' must be a multiple of the target page size.
2579 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2580 io memory page. The address used when calling the IO function is
2581 the offset from the start of the region, plus region_offset. Both
2582 start_addr and region_offset are rounded down to a page boundary
2583 before calculating this offset. This should not be a problem unless
2584 the low bits of start_addr and region_offset differ. */
2585 void cpu_register_physical_memory_offset(target_phys_addr_t start_addr,
2586 ram_addr_t size,
2587 ram_addr_t phys_offset,
2588 ram_addr_t region_offset)
2589 {
2590 target_phys_addr_t addr, end_addr;
2591 PhysPageDesc *p;
2592 CPUState *env;
2593 ram_addr_t orig_size = size;
2594 subpage_t *subpage;
2595
2596 cpu_notify_set_memory(start_addr, size, phys_offset);
2597
2598 if (phys_offset == IO_MEM_UNASSIGNED) {
2599 region_offset = start_addr;
2600 }
2601 region_offset &= TARGET_PAGE_MASK;
2602 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2603 end_addr = start_addr + (target_phys_addr_t)size;
2604 for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
2605 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2606 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2607 ram_addr_t orig_memory = p->phys_offset;
2608 target_phys_addr_t start_addr2, end_addr2;
2609 int need_subpage = 0;
2610
2611 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2612 need_subpage);
2613 if (need_subpage) {
2614 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2615 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2616 &p->phys_offset, orig_memory,
2617 p->region_offset);
2618 } else {
2619 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2620 >> IO_MEM_SHIFT];
2621 }
2622 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2623 region_offset);
2624 p->region_offset = 0;
2625 } else {
2626 p->phys_offset = phys_offset;
2627 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2628 (phys_offset & IO_MEM_ROMD))
2629 phys_offset += TARGET_PAGE_SIZE;
2630 }
2631 } else {
2632 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2633 p->phys_offset = phys_offset;
2634 p->region_offset = region_offset;
2635 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2636 (phys_offset & IO_MEM_ROMD)) {
2637 phys_offset += TARGET_PAGE_SIZE;
2638 } else {
2639 target_phys_addr_t start_addr2, end_addr2;
2640 int need_subpage = 0;
2641
2642 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2643 end_addr2, need_subpage);
2644
2645 if (need_subpage) {
2646 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2647 &p->phys_offset, IO_MEM_UNASSIGNED,
2648 addr & TARGET_PAGE_MASK);
2649 subpage_register(subpage, start_addr2, end_addr2,
2650 phys_offset, region_offset);
2651 p->region_offset = 0;
2652 }
2653 }
2654 }
2655 region_offset += TARGET_PAGE_SIZE;
2656 }
2657
2658 /* since each CPU stores ram addresses in its TLB cache, we must
2659 reset the modified entries */
2660 /* XXX: slow ! */
2661 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2662 tlb_flush(env, 1);
2663 }
2664 }
2665
2666 /* XXX: temporary until new memory mapping API */
2667 ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
2668 {
2669 PhysPageDesc *p;
2670
2671 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2672 if (!p)
2673 return IO_MEM_UNASSIGNED;
2674 return p->phys_offset;
2675 }
2676
2677 void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2678 {
2679 if (kvm_enabled())
2680 kvm_coalesce_mmio_region(addr, size);
2681 }
2682
2683 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2684 {
2685 if (kvm_enabled())
2686 kvm_uncoalesce_mmio_region(addr, size);
2687 }
2688
2689 void qemu_flush_coalesced_mmio_buffer(void)
2690 {
2691 if (kvm_enabled())
2692 kvm_flush_coalesced_mmio_buffer();
2693 }
2694
2695 #if defined(__linux__) && !defined(TARGET_S390X)
2696
2697 #include <sys/vfs.h>
2698
2699 #define HUGETLBFS_MAGIC 0x958458f6
2700
2701 static long gethugepagesize(const char *path)
2702 {
2703 struct statfs fs;
2704 int ret;
2705
2706 do {
2707 ret = statfs(path, &fs);
2708 } while (ret != 0 && errno == EINTR);
2709
2710 if (ret != 0) {
2711 perror(path);
2712 return 0;
2713 }
2714
2715 if (fs.f_type != HUGETLBFS_MAGIC)
2716 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
2717
2718 return fs.f_bsize;
2719 }
2720
2721 static void *file_ram_alloc(RAMBlock *block,
2722 ram_addr_t memory,
2723 const char *path)
2724 {
2725 char *filename;
2726 void *area;
2727 int fd;
2728 #ifdef MAP_POPULATE
2729 int flags;
2730 #endif
2731 unsigned long hpagesize;
2732
2733 hpagesize = gethugepagesize(path);
2734 if (!hpagesize) {
2735 return NULL;
2736 }
2737
2738 if (memory < hpagesize) {
2739 return NULL;
2740 }
2741
2742 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2743 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2744 return NULL;
2745 }
2746
2747 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
2748 return NULL;
2749 }
2750
2751 fd = mkstemp(filename);
2752 if (fd < 0) {
2753 perror("unable to create backing store for hugepages");
2754 free(filename);
2755 return NULL;
2756 }
2757 unlink(filename);
2758 free(filename);
2759
2760 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2761
2762 /*
2763 * ftruncate is not supported by hugetlbfs in older
2764 * hosts, so don't bother bailing out on errors.
2765 * If anything goes wrong with it under other filesystems,
2766 * mmap will fail.
2767 */
2768 if (ftruncate(fd, memory))
2769 perror("ftruncate");
2770
2771 #ifdef MAP_POPULATE
2772 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2773 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2774 * to sidestep this quirk.
2775 */
2776 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2777 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2778 #else
2779 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2780 #endif
2781 if (area == MAP_FAILED) {
2782 perror("file_ram_alloc: can't mmap RAM pages");
2783 close(fd);
2784 return (NULL);
2785 }
2786 block->fd = fd;
2787 return area;
2788 }
2789 #endif
2790
2791 static ram_addr_t find_ram_offset(ram_addr_t size)
2792 {
2793 RAMBlock *block, *next_block;
2794 ram_addr_t offset = 0, mingap = ULONG_MAX;
2795
2796 if (QLIST_EMPTY(&ram_list.blocks))
2797 return 0;
2798
2799 QLIST_FOREACH(block, &ram_list.blocks, next) {
2800 ram_addr_t end, next = ULONG_MAX;
2801
2802 end = block->offset + block->length;
2803
2804 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2805 if (next_block->offset >= end) {
2806 next = MIN(next, next_block->offset);
2807 }
2808 }
2809 if (next - end >= size && next - end < mingap) {
2810 offset = end;
2811 mingap = next - end;
2812 }
2813 }
2814 return offset;
2815 }
2816
2817 static ram_addr_t last_ram_offset(void)
2818 {
2819 RAMBlock *block;
2820 ram_addr_t last = 0;
2821
2822 QLIST_FOREACH(block, &ram_list.blocks, next)
2823 last = MAX(last, block->offset + block->length);
2824
2825 return last;
2826 }
2827
2828 ram_addr_t qemu_ram_alloc_from_ptr(DeviceState *dev, const char *name,
2829 ram_addr_t size, void *host)
2830 {
2831 RAMBlock *new_block, *block;
2832
2833 size = TARGET_PAGE_ALIGN(size);
2834 new_block = qemu_mallocz(sizeof(*new_block));
2835
2836 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2837 char *id = dev->parent_bus->info->get_dev_path(dev);
2838 if (id) {
2839 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
2840 qemu_free(id);
2841 }
2842 }
2843 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2844
2845 QLIST_FOREACH(block, &ram_list.blocks, next) {
2846 if (!strcmp(block->idstr, new_block->idstr)) {
2847 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2848 new_block->idstr);
2849 abort();
2850 }
2851 }
2852
2853 if (host) {
2854 new_block->host = host;
2855 } else {
2856 if (mem_path) {
2857 #if defined (__linux__) && !defined(TARGET_S390X)
2858 new_block->host = file_ram_alloc(new_block, size, mem_path);
2859 if (!new_block->host) {
2860 new_block->host = qemu_vmalloc(size);
2861 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
2862 }
2863 #else
2864 fprintf(stderr, "-mem-path option unsupported\n");
2865 exit(1);
2866 #endif
2867 } else {
2868 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2869 /* XXX S390 KVM requires the topmost vma of the RAM to be < 256GB */
2870 new_block->host = mmap((void*)0x1000000, size,
2871 PROT_EXEC|PROT_READ|PROT_WRITE,
2872 MAP_SHARED | MAP_ANONYMOUS, -1, 0);
2873 #else
2874 new_block->host = qemu_vmalloc(size);
2875 #endif
2876 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
2877 }
2878 }
2879
2880 new_block->offset = find_ram_offset(size);
2881 new_block->length = size;
2882
2883 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
2884
2885 ram_list.phys_dirty = qemu_realloc(ram_list.phys_dirty,
2886 last_ram_offset() >> TARGET_PAGE_BITS);
2887 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2888 0xff, size >> TARGET_PAGE_BITS);
2889
2890 if (kvm_enabled())
2891 kvm_setup_guest_memory(new_block->host, size);
2892
2893 return new_block->offset;
2894 }
2895
2896 void qemu_ram_unmap(ram_addr_t addr)
2897 {
2898 RAMBlock *block;
2899
2900 QLIST_FOREACH(block, &ram_list.blocks, next) {
2901 if (addr == block->offset) {
2902 QLIST_REMOVE(block, next);
2903 qemu_free(block);
2904 return;
2905 }
2906 }
2907 }
2908
2909 ram_addr_t qemu_ram_alloc(DeviceState *dev, const char *name, ram_addr_t size)
2910 {
2911 return qemu_ram_alloc_from_ptr(dev, name, size, NULL);
2912 }
2913
2914 void qemu_ram_free(ram_addr_t addr)
2915 {
2916 RAMBlock *block;
2917
2918 QLIST_FOREACH(block, &ram_list.blocks, next) {
2919 if (addr == block->offset) {
2920 QLIST_REMOVE(block, next);
2921 if (mem_path) {
2922 #if defined (__linux__) && !defined(TARGET_S390X)
2923 if (block->fd) {
2924 munmap(block->host, block->length);
2925 close(block->fd);
2926 } else {
2927 qemu_vfree(block->host);
2928 }
2929 #endif
2930 } else {
2931 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2932 munmap(block->host, block->length);
2933 #else
2934 qemu_vfree(block->host);
2935 #endif
2936 }
2937 qemu_free(block);
2938 return;
2939 }
2940 }
2941
2942 }
2943
2944 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2945 With the exception of the softmmu code in this file, this should
2946 only be used for local memory (e.g. video ram) that the device owns,
2947 and knows it isn't going to access beyond the end of the block.
2948
2949 It should not be used for general purpose DMA.
2950 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2951 */
2952 void *qemu_get_ram_ptr(ram_addr_t addr)
2953 {
2954 RAMBlock *block;
2955
2956 QLIST_FOREACH(block, &ram_list.blocks, next) {
2957 if (addr - block->offset < block->length) {
2958 QLIST_REMOVE(block, next);
2959 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2960 return block->host + (addr - block->offset);
2961 }
2962 }
2963
2964 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2965 abort();
2966
2967 return NULL;
2968 }
2969
2970 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
2971 {
2972 RAMBlock *block;
2973 uint8_t *host = ptr;
2974
2975 QLIST_FOREACH(block, &ram_list.blocks, next) {
2976 if (host - block->host < block->length) {
2977 *ram_addr = block->offset + (host - block->host);
2978 return 0;
2979 }
2980 }
2981 return -1;
2982 }
2983
2984 /* Some of the softmmu routines need to translate from a host pointer
2985 (typically a TLB entry) back to a ram offset. */
2986 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
2987 {
2988 ram_addr_t ram_addr;
2989
2990 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
2991 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2992 abort();
2993 }
2994 return ram_addr;
2995 }
2996
2997 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
2998 {
2999 #ifdef DEBUG_UNASSIGNED
3000 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3001 #endif
3002 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3003 do_unassigned_access(addr, 0, 0, 0, 1);
3004 #endif
3005 return 0;
3006 }
3007
3008 static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
3009 {
3010 #ifdef DEBUG_UNASSIGNED
3011 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3012 #endif
3013 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3014 do_unassigned_access(addr, 0, 0, 0, 2);
3015 #endif
3016 return 0;
3017 }
3018
3019 static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
3020 {
3021 #ifdef DEBUG_UNASSIGNED
3022 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3023 #endif
3024 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3025 do_unassigned_access(addr, 0, 0, 0, 4);
3026 #endif
3027 return 0;
3028 }
3029
3030 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
3031 {
3032 #ifdef DEBUG_UNASSIGNED
3033 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3034 #endif
3035 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3036 do_unassigned_access(addr, 1, 0, 0, 1);
3037 #endif
3038 }
3039
3040 static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
3041 {
3042 #ifdef DEBUG_UNASSIGNED
3043 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3044 #endif
3045 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3046 do_unassigned_access(addr, 1, 0, 0, 2);
3047 #endif
3048 }
3049
3050 static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
3051 {
3052 #ifdef DEBUG_UNASSIGNED
3053 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3054 #endif
3055 #if defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3056 do_unassigned_access(addr, 1, 0, 0, 4);
3057 #endif
3058 }
3059
3060 static CPUReadMemoryFunc * const unassigned_mem_read[3] = {
3061 unassigned_mem_readb,
3062 unassigned_mem_readw,
3063 unassigned_mem_readl,
3064 };
3065
3066 static CPUWriteMemoryFunc * const unassigned_mem_write[3] = {
3067 unassigned_mem_writeb,
3068 unassigned_mem_writew,
3069 unassigned_mem_writel,
3070 };
3071
3072 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
3073 uint32_t val)
3074 {
3075 int dirty_flags;
3076 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3077 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3078 #if !defined(CONFIG_USER_ONLY)
3079 tb_invalidate_phys_page_fast(ram_addr, 1);
3080 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3081 #endif
3082 }
3083 stb_p(qemu_get_ram_ptr(ram_addr), val);
3084 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3085 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3086 /* we remove the notdirty callback only if the code has been
3087 flushed */
3088 if (dirty_flags == 0xff)
3089 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3090 }
3091
3092 static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
3093 uint32_t val)
3094 {
3095 int dirty_flags;
3096 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3097 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3098 #if !defined(CONFIG_USER_ONLY)
3099 tb_invalidate_phys_page_fast(ram_addr, 2);
3100 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3101 #endif
3102 }
3103 stw_p(qemu_get_ram_ptr(ram_addr), val);
3104 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3105 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3106 /* we remove the notdirty callback only if the code has been
3107 flushed */
3108 if (dirty_flags == 0xff)
3109 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3110 }
3111
3112 static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
3113 uint32_t val)
3114 {
3115 int dirty_flags;
3116 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3117 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3118 #if !defined(CONFIG_USER_ONLY)
3119 tb_invalidate_phys_page_fast(ram_addr, 4);
3120 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3121 #endif
3122 }
3123 stl_p(qemu_get_ram_ptr(ram_addr), val);
3124 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3125 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3126 /* we remove the notdirty callback only if the code has been
3127 flushed */
3128 if (dirty_flags == 0xff)
3129 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3130 }
3131
3132 static CPUReadMemoryFunc * const error_mem_read[3] = {
3133 NULL, /* never used */
3134 NULL, /* never used */
3135 NULL, /* never used */
3136 };
3137
3138 static CPUWriteMemoryFunc * const notdirty_mem_write[3] = {
3139 notdirty_mem_writeb,
3140 notdirty_mem_writew,
3141 notdirty_mem_writel,
3142 };
3143
3144 /* Generate a debug exception if a watchpoint has been hit. */
3145 static void check_watchpoint(int offset, int len_mask, int flags)
3146 {
3147 CPUState *env = cpu_single_env;
3148 target_ulong pc, cs_base;
3149 TranslationBlock *tb;
3150 target_ulong vaddr;
3151 CPUWatchpoint *wp;
3152 int cpu_flags;
3153
3154 if (env->watchpoint_hit) {
3155 /* We re-entered the check after replacing the TB. Now raise
3156 * the debug interrupt so that is will trigger after the
3157 * current instruction. */
3158 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3159 return;
3160 }
3161 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
3162 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
3163 if ((vaddr == (wp->vaddr & len_mask) ||
3164 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
3165 wp->flags |= BP_WATCHPOINT_HIT;
3166 if (!env->watchpoint_hit) {
3167 env->watchpoint_hit = wp;
3168 tb = tb_find_pc(env->mem_io_pc);
3169 if (!tb) {
3170 cpu_abort(env, "check_watchpoint: could not find TB for "
3171 "pc=%p", (void *)env->mem_io_pc);
3172 }
3173 cpu_restore_state(tb, env, env->mem_io_pc, NULL);
3174 tb_phys_invalidate(tb, -1);
3175 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3176 env->exception_index = EXCP_DEBUG;
3177 } else {
3178 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3179 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3180 }
3181 cpu_resume_from_signal(env, NULL);
3182 }
3183 } else {
3184 wp->flags &= ~BP_WATCHPOINT_HIT;
3185 }
3186 }
3187 }
3188
3189 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3190 so these check for a hit then pass through to the normal out-of-line
3191 phys routines. */
3192 static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
3193 {
3194 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_READ);
3195 return ldub_phys(addr);
3196 }
3197
3198 static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
3199 {
3200 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_READ);
3201 return lduw_phys(addr);
3202 }
3203
3204 static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
3205 {
3206 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_READ);
3207 return ldl_phys(addr);
3208 }
3209
3210 static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
3211 uint32_t val)
3212 {
3213 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_WRITE);
3214 stb_phys(addr, val);
3215 }
3216
3217 static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
3218 uint32_t val)
3219 {
3220 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_WRITE);
3221 stw_phys(addr, val);
3222 }
3223
3224 static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
3225 uint32_t val)
3226 {
3227 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_WRITE);
3228 stl_phys(addr, val);
3229 }
3230
3231 static CPUReadMemoryFunc * const watch_mem_read[3] = {
3232 watch_mem_readb,
3233 watch_mem_readw,
3234 watch_mem_readl,
3235 };
3236
3237 static CPUWriteMemoryFunc * const watch_mem_write[3] = {
3238 watch_mem_writeb,
3239 watch_mem_writew,
3240 watch_mem_writel,
3241 };
3242
3243 static inline uint32_t subpage_readlen (subpage_t *mmio,
3244 target_phys_addr_t addr,
3245 unsigned int len)
3246 {
3247 unsigned int idx = SUBPAGE_IDX(addr);
3248 #if defined(DEBUG_SUBPAGE)
3249 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3250 mmio, len, addr, idx);
3251 #endif
3252
3253 addr += mmio->region_offset[idx];
3254 idx = mmio->sub_io_index[idx];
3255 return io_mem_read[idx][len](io_mem_opaque[idx], addr);
3256 }
3257
3258 static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
3259 uint32_t value, unsigned int len)
3260 {
3261 unsigned int idx = SUBPAGE_IDX(addr);
3262 #if defined(DEBUG_SUBPAGE)
3263 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n",
3264 __func__, mmio, len, addr, idx, value);
3265 #endif
3266
3267 addr += mmio->region_offset[idx];
3268 idx = mmio->sub_io_index[idx];
3269 io_mem_write[idx][len](io_mem_opaque[idx], addr, value);
3270 }
3271
3272 static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
3273 {
3274 return subpage_readlen(opaque, addr, 0);
3275 }
3276
3277 static void subpage_writeb (void *opaque, target_phys_addr_t addr,
3278 uint32_t value)
3279 {
3280 subpage_writelen(opaque, addr, value, 0);
3281 }
3282
3283 static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
3284 {
3285 return subpage_readlen(opaque, addr, 1);
3286 }
3287
3288 static void subpage_writew (void *opaque, target_phys_addr_t addr,
3289 uint32_t value)
3290 {
3291 subpage_writelen(opaque, addr, value, 1);
3292 }
3293
3294 static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
3295 {
3296 return subpage_readlen(opaque, addr, 2);
3297 }
3298
3299 static void subpage_writel (void *opaque, target_phys_addr_t addr,
3300 uint32_t value)
3301 {
3302 subpage_writelen(opaque, addr, value, 2);
3303 }
3304
3305 static CPUReadMemoryFunc * const subpage_read[] = {
3306 &subpage_readb,
3307 &subpage_readw,
3308 &subpage_readl,
3309 };
3310
3311 static CPUWriteMemoryFunc * const subpage_write[] = {
3312 &subpage_writeb,
3313 &subpage_writew,
3314 &subpage_writel,
3315 };
3316
3317 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3318 ram_addr_t memory, ram_addr_t region_offset)
3319 {
3320 int idx, eidx;
3321
3322 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3323 return -1;
3324 idx = SUBPAGE_IDX(start);
3325 eidx = SUBPAGE_IDX(end);
3326 #if defined(DEBUG_SUBPAGE)
3327 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
3328 mmio, start, end, idx, eidx, memory);
3329 #endif
3330 if ((memory & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
3331 memory = IO_MEM_UNASSIGNED;
3332 memory = (memory >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3333 for (; idx <= eidx; idx++) {
3334 mmio->sub_io_index[idx] = memory;
3335 mmio->region_offset[idx] = region_offset;
3336 }
3337
3338 return 0;
3339 }
3340
3341 static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
3342 ram_addr_t orig_memory,
3343 ram_addr_t region_offset)
3344 {
3345 subpage_t *mmio;
3346 int subpage_memory;
3347
3348 mmio = qemu_mallocz(sizeof(subpage_t));
3349
3350 mmio->base = base;
3351 subpage_memory = cpu_register_io_memory(subpage_read, subpage_write, mmio);
3352 #if defined(DEBUG_SUBPAGE)
3353 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3354 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
3355 #endif
3356 *phys = subpage_memory | IO_MEM_SUBPAGE;
3357 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, orig_memory, region_offset);
3358
3359 return mmio;
3360 }
3361
3362 static int get_free_io_mem_idx(void)
3363 {
3364 int i;
3365
3366 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3367 if (!io_mem_used[i]) {
3368 io_mem_used[i] = 1;
3369 return i;
3370 }
3371 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
3372 return -1;
3373 }
3374
3375 /* mem_read and mem_write are arrays of functions containing the
3376 function to access byte (index 0), word (index 1) and dword (index
3377 2). Functions can be omitted with a NULL function pointer.
3378 If io_index is non zero, the corresponding io zone is
3379 modified. If it is zero, a new io zone is allocated. The return
3380 value can be used with cpu_register_physical_memory(). (-1) is
3381 returned if error. */
3382 static int cpu_register_io_memory_fixed(int io_index,
3383 CPUReadMemoryFunc * const *mem_read,
3384 CPUWriteMemoryFunc * const *mem_write,
3385 void *opaque)
3386 {
3387 int i;
3388
3389 if (io_index <= 0) {
3390 io_index = get_free_io_mem_idx();
3391 if (io_index == -1)
3392 return io_index;
3393 } else {
3394 io_index >>= IO_MEM_SHIFT;
3395 if (io_index >= IO_MEM_NB_ENTRIES)
3396 return -1;
3397 }
3398
3399 for (i = 0; i < 3; ++i) {
3400 io_mem_read[io_index][i]
3401 = (mem_read[i] ? mem_read[i] : unassigned_mem_read[i]);
3402 }
3403 for (i = 0; i < 3; ++i) {
3404 io_mem_write[io_index][i]
3405 = (mem_write[i] ? mem_write[i] : unassigned_mem_write[i]);
3406 }
3407 io_mem_opaque[io_index] = opaque;
3408
3409 return (io_index << IO_MEM_SHIFT);
3410 }
3411
3412 int cpu_register_io_memory(CPUReadMemoryFunc * const *mem_read,
3413 CPUWriteMemoryFunc * const *mem_write,
3414 void *opaque)
3415 {
3416 return cpu_register_io_memory_fixed(0, mem_read, mem_write, opaque);
3417 }
3418
3419 void cpu_unregister_io_memory(int io_table_address)
3420 {
3421 int i;
3422 int io_index = io_table_address >> IO_MEM_SHIFT;
3423
3424 for (i=0;i < 3; i++) {
3425 io_mem_read[io_index][i] = unassigned_mem_read[i];
3426 io_mem_write[io_index][i] = unassigned_mem_write[i];
3427 }
3428 io_mem_opaque[io_index] = NULL;
3429 io_mem_used[io_index] = 0;
3430 }
3431
3432 static void io_mem_init(void)
3433 {
3434 int i;
3435
3436 cpu_register_io_memory_fixed(IO_MEM_ROM, error_mem_read, unassigned_mem_write, NULL);
3437 cpu_register_io_memory_fixed(IO_MEM_UNASSIGNED, unassigned_mem_read, unassigned_mem_write, NULL);
3438 cpu_register_io_memory_fixed(IO_MEM_NOTDIRTY, error_mem_read, notdirty_mem_write, NULL);
3439 for (i=0; i<5; i++)
3440 io_mem_used[i] = 1;
3441
3442 io_mem_watch = cpu_register_io_memory(watch_mem_read,
3443 watch_mem_write, NULL);
3444 }
3445
3446 #endif /* !defined(CONFIG_USER_ONLY) */
3447
3448 /* physical memory access (slow version, mainly for debug) */
3449 #if defined(CONFIG_USER_ONLY)
3450 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3451 uint8_t *buf, int len, int is_write)
3452 {
3453 int l, flags;
3454 target_ulong page;
3455 void * p;
3456
3457 while (len > 0) {
3458 page = addr & TARGET_PAGE_MASK;
3459 l = (page + TARGET_PAGE_SIZE) - addr;
3460 if (l > len)
3461 l = len;
3462 flags = page_get_flags(page);
3463 if (!(flags & PAGE_VALID))
3464 return -1;
3465 if (is_write) {
3466 if (!(flags & PAGE_WRITE))
3467 return -1;
3468 /* XXX: this code should not depend on lock_user */
3469 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3470 return -1;
3471 memcpy(p, buf, l);
3472 unlock_user(p, addr, l);
3473 } else {
3474 if (!(flags & PAGE_READ))
3475 return -1;
3476 /* XXX: this code should not depend on lock_user */
3477 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3478 return -1;
3479 memcpy(buf, p, l);
3480 unlock_user(p, addr, 0);
3481 }
3482 len -= l;
3483 buf += l;
3484 addr += l;
3485 }
3486 return 0;
3487 }
3488
3489 #else
3490 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3491 int len, int is_write)
3492 {
3493 int l, io_index;
3494 uint8_t *ptr;
3495 uint32_t val;
3496 target_phys_addr_t page;
3497 unsigned long pd;
3498 PhysPageDesc *p;
3499
3500 while (len > 0) {
3501 page = addr & TARGET_PAGE_MASK;
3502 l = (page + TARGET_PAGE_SIZE) - addr;
3503 if (l > len)
3504 l = len;
3505 p = phys_page_find(page >> TARGET_PAGE_BITS);
3506 if (!p) {
3507 pd = IO_MEM_UNASSIGNED;
3508 } else {
3509 pd = p->phys_offset;
3510 }
3511
3512 if (is_write) {
3513 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3514 target_phys_addr_t addr1 = addr;
3515 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3516 if (p)
3517 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3518 /* XXX: could force cpu_single_env to NULL to avoid
3519 potential bugs */
3520 if (l >= 4 && ((addr1 & 3) == 0)) {
3521 /* 32 bit write access */
3522 val = ldl_p(buf);
3523 io_mem_write[io_index][2](io_mem_opaque[io_index], addr1, val);
3524 l = 4;
3525 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3526 /* 16 bit write access */
3527 val = lduw_p(buf);
3528 io_mem_write[io_index][1](io_mem_opaque[io_index], addr1, val);
3529 l = 2;
3530 } else {
3531 /* 8 bit write access */
3532 val = ldub_p(buf);
3533 io_mem_write[io_index][0](io_mem_opaque[io_index], addr1, val);
3534 l = 1;
3535 }
3536 } else {
3537 unsigned long addr1;
3538 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3539 /* RAM case */
3540 ptr = qemu_get_ram_ptr(addr1);
3541 memcpy(ptr, buf, l);
3542 if (!cpu_physical_memory_is_dirty(addr1)) {
3543 /* invalidate code */
3544 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3545 /* set dirty bit */
3546 cpu_physical_memory_set_dirty_flags(
3547 addr1, (0xff & ~CODE_DIRTY_FLAG));
3548 }
3549 /* qemu doesn't execute guest code directly, but kvm does
3550 therefore flush instruction caches */
3551 if (kvm_enabled())
3552 flush_icache_range((unsigned long)ptr,
3553 ((unsigned long)ptr)+l);
3554 }
3555 } else {
3556 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3557 !(pd & IO_MEM_ROMD)) {
3558 target_phys_addr_t addr1 = addr;
3559 /* I/O case */
3560 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3561 if (p)
3562 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3563 if (l >= 4 && ((addr1 & 3) == 0)) {
3564 /* 32 bit read access */
3565 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr1);
3566 stl_p(buf, val);
3567 l = 4;
3568 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3569 /* 16 bit read access */
3570 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr1);
3571 stw_p(buf, val);
3572 l = 2;
3573 } else {
3574 /* 8 bit read access */
3575 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr1);
3576 stb_p(buf, val);
3577 l = 1;
3578 }
3579 } else {
3580 /* RAM case */
3581 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3582 (addr & ~TARGET_PAGE_MASK);
3583 memcpy(buf, ptr, l);
3584 }
3585 }
3586 len -= l;
3587 buf += l;
3588 addr += l;
3589 }
3590 }
3591
3592 /* used for ROM loading : can write in RAM and ROM */
3593 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
3594 const uint8_t *buf, int len)
3595 {
3596 int l;
3597 uint8_t *ptr;
3598 target_phys_addr_t page;
3599 unsigned long pd;
3600 PhysPageDesc *p;
3601
3602 while (len > 0) {
3603 page = addr & TARGET_PAGE_MASK;
3604 l = (page + TARGET_PAGE_SIZE) - addr;
3605 if (l > len)
3606 l = len;
3607 p = phys_page_find(page >> TARGET_PAGE_BITS);
3608 if (!p) {
3609 pd = IO_MEM_UNASSIGNED;
3610 } else {
3611 pd = p->phys_offset;
3612 }
3613
3614 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
3615 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
3616 !(pd & IO_MEM_ROMD)) {
3617 /* do nothing */
3618 } else {
3619 unsigned long addr1;
3620 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3621 /* ROM/RAM case */
3622 ptr = qemu_get_ram_ptr(addr1);
3623 memcpy(ptr, buf, l);
3624 }
3625 len -= l;
3626 buf += l;
3627 addr += l;
3628 }
3629 }
3630
3631 typedef struct {
3632 void *buffer;
3633 target_phys_addr_t addr;
3634 target_phys_addr_t len;
3635 } BounceBuffer;
3636
3637 static BounceBuffer bounce;
3638
3639 typedef struct MapClient {
3640 void *opaque;
3641 void (*callback)(void *opaque);
3642 QLIST_ENTRY(MapClient) link;
3643 } MapClient;
3644
3645 static QLIST_HEAD(map_client_list, MapClient) map_client_list
3646 = QLIST_HEAD_INITIALIZER(map_client_list);
3647
3648 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3649 {
3650 MapClient *client = qemu_malloc(sizeof(*client));
3651
3652 client->opaque = opaque;
3653 client->callback = callback;
3654 QLIST_INSERT_HEAD(&map_client_list, client, link);
3655 return client;
3656 }
3657
3658 void cpu_unregister_map_client(void *_client)
3659 {
3660 MapClient *client = (MapClient *)_client;
3661
3662 QLIST_REMOVE(client, link);
3663 qemu_free(client);
3664 }
3665
3666 static void cpu_notify_map_clients(void)
3667 {
3668 MapClient *client;
3669
3670 while (!QLIST_EMPTY(&map_client_list)) {
3671 client = QLIST_FIRST(&map_client_list);
3672 client->callback(client->opaque);
3673 cpu_unregister_map_client(client);
3674 }
3675 }
3676
3677 /* Map a physical memory region into a host virtual address.
3678 * May map a subset of the requested range, given by and returned in *plen.
3679 * May return NULL if resources needed to perform the mapping are exhausted.
3680 * Use only for reads OR writes - not for read-modify-write operations.
3681 * Use cpu_register_map_client() to know when retrying the map operation is
3682 * likely to succeed.
3683 */
3684 void *cpu_physical_memory_map(target_phys_addr_t addr,
3685 target_phys_addr_t *plen,
3686 int is_write)
3687 {
3688 target_phys_addr_t len = *plen;
3689 target_phys_addr_t done = 0;
3690 int l;
3691 uint8_t *ret = NULL;
3692 uint8_t *ptr;
3693 target_phys_addr_t page;
3694 unsigned long pd;
3695 PhysPageDesc *p;
3696 unsigned long addr1;
3697
3698 while (len > 0) {
3699 page = addr & TARGET_PAGE_MASK;
3700 l = (page + TARGET_PAGE_SIZE) - addr;
3701 if (l > len)
3702 l = len;
3703 p = phys_page_find(page >> TARGET_PAGE_BITS);
3704 if (!p) {
3705 pd = IO_MEM_UNASSIGNED;
3706 } else {
3707 pd = p->phys_offset;
3708 }
3709
3710 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3711 if (done || bounce.buffer) {
3712 break;
3713 }
3714 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3715 bounce.addr = addr;
3716 bounce.len = l;
3717 if (!is_write) {
3718 cpu_physical_memory_rw(addr, bounce.buffer, l, 0);
3719 }
3720 ptr = bounce.buffer;
3721 } else {
3722 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3723 ptr = qemu_get_ram_ptr(addr1);
3724 }
3725 if (!done) {
3726 ret = ptr;
3727 } else if (ret + done != ptr) {
3728 break;
3729 }
3730
3731 len -= l;
3732 addr += l;
3733 done += l;
3734 }
3735 *plen = done;
3736 return ret;
3737 }
3738
3739 /* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3740 * Will also mark the memory as dirty if is_write == 1. access_len gives
3741 * the amount of memory that was actually read or written by the caller.
3742 */
3743 void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3744 int is_write, target_phys_addr_t access_len)
3745 {
3746 unsigned long flush_len = (unsigned long)access_len;
3747
3748 if (buffer != bounce.buffer) {
3749 if (is_write) {
3750 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
3751 while (access_len) {
3752 unsigned l;
3753 l = TARGET_PAGE_SIZE;
3754 if (l > access_len)
3755 l = access_len;
3756 if (!cpu_physical_memory_is_dirty(addr1)) {
3757 /* invalidate code */
3758 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3759 /* set dirty bit */
3760 cpu_physical_memory_set_dirty_flags(
3761 addr1, (0xff & ~CODE_DIRTY_FLAG));
3762 }
3763 addr1 += l;
3764 access_len -= l;
3765 }
3766 dma_flush_range((unsigned long)buffer,
3767 (unsigned long)buffer + flush_len);
3768 }
3769 return;
3770 }
3771 if (is_write) {
3772 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3773 }
3774 qemu_vfree(bounce.buffer);
3775 bounce.buffer = NULL;
3776 cpu_notify_map_clients();
3777 }
3778
3779 /* warning: addr must be aligned */
3780 uint32_t ldl_phys(target_phys_addr_t addr)
3781 {
3782 int io_index;
3783 uint8_t *ptr;
3784 uint32_t val;
3785 unsigned long pd;
3786 PhysPageDesc *p;
3787
3788 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3789 if (!p) {
3790 pd = IO_MEM_UNASSIGNED;
3791 } else {
3792 pd = p->phys_offset;
3793 }
3794
3795 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3796 !(pd & IO_MEM_ROMD)) {
3797 /* I/O case */
3798 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3799 if (p)
3800 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3801 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3802 } else {
3803 /* RAM case */
3804 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3805 (addr & ~TARGET_PAGE_MASK);
3806 val = ldl_p(ptr);
3807 }
3808 return val;
3809 }
3810
3811 /* warning: addr must be aligned */
3812 uint64_t ldq_phys(target_phys_addr_t addr)
3813 {
3814 int io_index;
3815 uint8_t *ptr;
3816 uint64_t val;
3817 unsigned long pd;
3818 PhysPageDesc *p;
3819
3820 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3821 if (!p) {
3822 pd = IO_MEM_UNASSIGNED;
3823 } else {
3824 pd = p->phys_offset;
3825 }
3826
3827 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3828 !(pd & IO_MEM_ROMD)) {
3829 /* I/O case */
3830 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3831 if (p)
3832 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3833 #ifdef TARGET_WORDS_BIGENDIAN
3834 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
3835 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
3836 #else
3837 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
3838 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
3839 #endif
3840 } else {
3841 /* RAM case */
3842 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3843 (addr & ~TARGET_PAGE_MASK);
3844 val = ldq_p(ptr);
3845 }
3846 return val;
3847 }
3848
3849 /* XXX: optimize */
3850 uint32_t ldub_phys(target_phys_addr_t addr)
3851 {
3852 uint8_t val;
3853 cpu_physical_memory_read(addr, &val, 1);
3854 return val;
3855 }
3856
3857 /* warning: addr must be aligned */
3858 uint32_t lduw_phys(target_phys_addr_t addr)
3859 {
3860 int io_index;
3861 uint8_t *ptr;
3862 uint64_t val;
3863 unsigned long pd;
3864 PhysPageDesc *p;
3865
3866 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3867 if (!p) {
3868 pd = IO_MEM_UNASSIGNED;
3869 } else {
3870 pd = p->phys_offset;
3871 }
3872
3873 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
3874 !(pd & IO_MEM_ROMD)) {
3875 /* I/O case */
3876 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3877 if (p)
3878 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3879 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr);
3880 } else {
3881 /* RAM case */
3882 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3883 (addr & ~TARGET_PAGE_MASK);
3884 val = lduw_p(ptr);
3885 }
3886 return val;
3887 }
3888
3889 /* warning: addr must be aligned. The ram page is not masked as dirty
3890 and the code inside is not invalidated. It is useful if the dirty
3891 bits are used to track modified PTEs */
3892 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
3893 {
3894 int io_index;
3895 uint8_t *ptr;
3896 unsigned long pd;
3897 PhysPageDesc *p;
3898
3899 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3900 if (!p) {
3901 pd = IO_MEM_UNASSIGNED;
3902 } else {
3903 pd = p->phys_offset;
3904 }
3905
3906 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3907 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3908 if (p)
3909 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3910 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3911 } else {
3912 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3913 ptr = qemu_get_ram_ptr(addr1);
3914 stl_p(ptr, val);
3915
3916 if (unlikely(in_migration)) {
3917 if (!cpu_physical_memory_is_dirty(addr1)) {
3918 /* invalidate code */
3919 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3920 /* set dirty bit */
3921 cpu_physical_memory_set_dirty_flags(
3922 addr1, (0xff & ~CODE_DIRTY_FLAG));
3923 }
3924 }
3925 }
3926 }
3927
3928 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
3929 {
3930 int io_index;
3931 uint8_t *ptr;
3932 unsigned long pd;
3933 PhysPageDesc *p;
3934
3935 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3936 if (!p) {
3937 pd = IO_MEM_UNASSIGNED;
3938 } else {
3939 pd = p->phys_offset;
3940 }
3941
3942 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3943 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3944 if (p)
3945 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3946 #ifdef TARGET_WORDS_BIGENDIAN
3947 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
3948 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
3949 #else
3950 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3951 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
3952 #endif
3953 } else {
3954 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
3955 (addr & ~TARGET_PAGE_MASK);
3956 stq_p(ptr, val);
3957 }
3958 }
3959
3960 /* warning: addr must be aligned */
3961 void stl_phys(target_phys_addr_t addr, uint32_t val)
3962 {
3963 int io_index;
3964 uint8_t *ptr;
3965 unsigned long pd;
3966 PhysPageDesc *p;
3967
3968 p = phys_page_find(addr >> TARGET_PAGE_BITS);
3969 if (!p) {
3970 pd = IO_MEM_UNASSIGNED;
3971 } else {
3972 pd = p->phys_offset;
3973 }
3974
3975 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3976 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3977 if (p)
3978 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3979 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
3980 } else {
3981 unsigned long addr1;
3982 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3983 /* RAM case */
3984 ptr = qemu_get_ram_ptr(addr1);
3985 stl_p(ptr, val);
3986 if (!cpu_physical_memory_is_dirty(addr1)) {
3987 /* invalidate code */
3988 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3989 /* set dirty bit */
3990 cpu_physical_memory_set_dirty_flags(addr1,
3991 (0xff & ~CODE_DIRTY_FLAG));
3992 }
3993 }
3994 }
3995
3996 /* XXX: optimize */
3997 void stb_phys(target_phys_addr_t addr, uint32_t val)
3998 {
3999 uint8_t v = val;
4000 cpu_physical_memory_write(addr, &v, 1);
4001 }
4002
4003 /* warning: addr must be aligned */
4004 void stw_phys(target_phys_addr_t addr, uint32_t val)
4005 {
4006 int io_index;
4007 uint8_t *ptr;
4008 unsigned long pd;
4009 PhysPageDesc *p;
4010
4011 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4012 if (!p) {
4013 pd = IO_MEM_UNASSIGNED;
4014 } else {
4015 pd = p->phys_offset;
4016 }
4017
4018 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4019 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4020 if (p)
4021 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4022 io_mem_write[io_index][1](io_mem_opaque[io_index], addr, val);
4023 } else {
4024 unsigned long addr1;
4025 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4026 /* RAM case */
4027 ptr = qemu_get_ram_ptr(addr1);
4028 stw_p(ptr, val);
4029 if (!cpu_physical_memory_is_dirty(addr1)) {
4030 /* invalidate code */
4031 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4032 /* set dirty bit */
4033 cpu_physical_memory_set_dirty_flags(addr1,
4034 (0xff & ~CODE_DIRTY_FLAG));
4035 }
4036 }
4037 }
4038
4039 /* XXX: optimize */
4040 void stq_phys(target_phys_addr_t addr, uint64_t val)
4041 {
4042 val = tswap64(val);
4043 cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
4044 }
4045
4046 /* virtual memory access for debug (includes writing to ROM) */
4047 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
4048 uint8_t *buf, int len, int is_write)
4049 {
4050 int l;
4051 target_phys_addr_t phys_addr;
4052 target_ulong page;
4053
4054 while (len > 0) {
4055 page = addr & TARGET_PAGE_MASK;
4056 phys_addr = cpu_get_phys_page_debug(env, page);
4057 /* if no physical page mapped, return an error */
4058 if (phys_addr == -1)
4059 return -1;
4060 l = (page + TARGET_PAGE_SIZE) - addr;
4061 if (l > len)
4062 l = len;
4063 phys_addr += (addr & ~TARGET_PAGE_MASK);
4064 if (is_write)
4065 cpu_physical_memory_write_rom(phys_addr, buf, l);
4066 else
4067 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
4068 len -= l;
4069 buf += l;
4070 addr += l;
4071 }
4072 return 0;
4073 }
4074 #endif
4075
4076 /* in deterministic execution mode, instructions doing device I/Os
4077 must be at the end of the TB */
4078 void cpu_io_recompile(CPUState *env, void *retaddr)
4079 {
4080 TranslationBlock *tb;
4081 uint32_t n, cflags;
4082 target_ulong pc, cs_base;
4083 uint64_t flags;
4084
4085 tb = tb_find_pc((unsigned long)retaddr);
4086 if (!tb) {
4087 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4088 retaddr);
4089 }
4090 n = env->icount_decr.u16.low + tb->icount;
4091 cpu_restore_state(tb, env, (unsigned long)retaddr, NULL);
4092 /* Calculate how many instructions had been executed before the fault
4093 occurred. */
4094 n = n - env->icount_decr.u16.low;
4095 /* Generate a new TB ending on the I/O insn. */
4096 n++;
4097 /* On MIPS and SH, delay slot instructions can only be restarted if
4098 they were already the first instruction in the TB. If this is not
4099 the first instruction in a TB then re-execute the preceding
4100 branch. */
4101 #if defined(TARGET_MIPS)
4102 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4103 env->active_tc.PC -= 4;
4104 env->icount_decr.u16.low++;
4105 env->hflags &= ~MIPS_HFLAG_BMASK;
4106 }
4107 #elif defined(TARGET_SH4)
4108 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4109 && n > 1) {
4110 env->pc -= 2;
4111 env->icount_decr.u16.low++;
4112 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4113 }
4114 #endif
4115 /* This should never happen. */
4116 if (n > CF_COUNT_MASK)
4117 cpu_abort(env, "TB too big during recompile");
4118
4119 cflags = n | CF_LAST_IO;
4120 pc = tb->pc;
4121 cs_base = tb->cs_base;
4122 flags = tb->flags;
4123 tb_phys_invalidate(tb, -1);
4124 /* FIXME: In theory this could raise an exception. In practice
4125 we have already translated the block once so it's probably ok. */
4126 tb_gen_code(env, pc, cs_base, flags, cflags);
4127 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
4128 the first in the TB) then we end up generating a whole new TB and
4129 repeating the fault, which is horribly inefficient.
4130 Better would be to execute just this insn uncached, or generate a
4131 second new TB. */
4132 cpu_resume_from_signal(env, NULL);
4133 }
4134
4135 #if !defined(CONFIG_USER_ONLY)
4136
4137 void dump_exec_info(FILE *f,
4138 int (*cpu_fprintf)(FILE *f, const char *fmt, ...))
4139 {
4140 int i, target_code_size, max_target_code_size;
4141 int direct_jmp_count, direct_jmp2_count, cross_page;
4142 TranslationBlock *tb;
4143
4144 target_code_size = 0;
4145 max_target_code_size = 0;
4146 cross_page = 0;
4147 direct_jmp_count = 0;
4148 direct_jmp2_count = 0;
4149 for(i = 0; i < nb_tbs; i++) {
4150 tb = &tbs[i];
4151 target_code_size += tb->size;
4152 if (tb->size > max_target_code_size)
4153 max_target_code_size = tb->size;
4154 if (tb->page_addr[1] != -1)
4155 cross_page++;
4156 if (tb->tb_next_offset[0] != 0xffff) {
4157 direct_jmp_count++;
4158 if (tb->tb_next_offset[1] != 0xffff) {
4159 direct_jmp2_count++;
4160 }
4161 }
4162 }
4163 /* XXX: avoid using doubles ? */
4164 cpu_fprintf(f, "Translation buffer state:\n");
4165 cpu_fprintf(f, "gen code size %ld/%ld\n",
4166 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4167 cpu_fprintf(f, "TB count %d/%d\n",
4168 nb_tbs, code_gen_max_blocks);
4169 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
4170 nb_tbs ? target_code_size / nb_tbs : 0,
4171 max_target_code_size);
4172 cpu_fprintf(f, "TB avg host size %d bytes (expansion ratio: %0.1f)\n",
4173 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4174 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
4175 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4176 cross_page,
4177 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4178 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
4179 direct_jmp_count,
4180 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4181 direct_jmp2_count,
4182 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
4183 cpu_fprintf(f, "\nStatistics:\n");
4184 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4185 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4186 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
4187 #ifdef CONFIG_PROFILER
4188 tcg_dump_info(f, cpu_fprintf);
4189 #endif
4190 }
4191
4192 #define MMUSUFFIX _cmmu
4193 #define GETPC() NULL
4194 #define env cpu_single_env
4195 #define SOFTMMU_CODE_ACCESS
4196
4197 #define SHIFT 0
4198 #include "softmmu_template.h"
4199
4200 #define SHIFT 1
4201 #include "softmmu_template.h"
4202
4203 #define SHIFT 2
4204 #include "softmmu_template.h"
4205
4206 #define SHIFT 3
4207 #include "softmmu_template.h"
4208
4209 #undef env
4210
4211 #endif
Zhi Yong Wu's QEmu Source Tree - dev