search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
memory: move preallocation code out of exec.c
[qemu/rayw.git] / exec.c
blobdae50a1aa0b0200022aa94c7add87dbdfd9e2772
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #include "hw/qdev.h"
30 #include "qemu/osdep.h"
31 #include "sysemu/kvm.h"
32 #include "sysemu/sysemu.h"
33 #include "hw/xen/xen.h"
34 #include "qemu/timer.h"
35 #include "qemu/config-file.h"
36 #include "qemu/error-report.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
41 #include <qemu.h>
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
44 #include "trace.h"
45 #endif
46 #include "exec/cpu-all.h"
47
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
50
51 #include "exec/memory-internal.h"
52 #include "exec/ram_addr.h"
53 #include "qemu/cache-utils.h"
54
55 #include "qemu/range.h"
56
57 //#define DEBUG_SUBPAGE
58
59 #if !defined(CONFIG_USER_ONLY)
60 static bool in_migration;
61
62 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
63
64 static MemoryRegion *system_memory;
65 static MemoryRegion *system_io;
66
67 AddressSpace address_space_io;
68 AddressSpace address_space_memory;
69
70 MemoryRegion io_mem_rom, io_mem_notdirty;
71 static MemoryRegion io_mem_unassigned;
72
73 #endif
74
75 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
76 /* current CPU in the current thread. It is only valid inside
77 cpu_exec() */
78 DEFINE_TLS(CPUState *, current_cpu);
79 /* 0 = Do not count executed instructions.
80 1 = Precise instruction counting.
81 2 = Adaptive rate instruction counting. */
82 int use_icount;
83
84 #if !defined(CONFIG_USER_ONLY)
85
86 typedef struct PhysPageEntry PhysPageEntry;
87
88 struct PhysPageEntry {
89 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
90 uint32_t skip : 6;
91 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
92 uint32_t ptr : 26;
93 };
94
95 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
96
97 /* Size of the L2 (and L3, etc) page tables. */
98 #define ADDR_SPACE_BITS 64
99
100 #define P_L2_BITS 9
101 #define P_L2_SIZE (1 << P_L2_BITS)
102
103 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
104
105 typedef PhysPageEntry Node[P_L2_SIZE];
106
107 typedef struct PhysPageMap {
108 unsigned sections_nb;
109 unsigned sections_nb_alloc;
110 unsigned nodes_nb;
111 unsigned nodes_nb_alloc;
112 Node *nodes;
113 MemoryRegionSection *sections;
114 } PhysPageMap;
115
116 struct AddressSpaceDispatch {
117 /* This is a multi-level map on the physical address space.
118 * The bottom level has pointers to MemoryRegionSections.
119 */
120 PhysPageEntry phys_map;
121 PhysPageMap map;
122 AddressSpace *as;
123 };
124
125 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
126 typedef struct subpage_t {
127 MemoryRegion iomem;
128 AddressSpace *as;
129 hwaddr base;
130 uint16_t sub_section[TARGET_PAGE_SIZE];
131 } subpage_t;
132
133 #define PHYS_SECTION_UNASSIGNED 0
134 #define PHYS_SECTION_NOTDIRTY 1
135 #define PHYS_SECTION_ROM 2
136 #define PHYS_SECTION_WATCH 3
137
138 static void io_mem_init(void);
139 static void memory_map_init(void);
140 static void tcg_commit(MemoryListener *listener);
141
142 static MemoryRegion io_mem_watch;
143 #endif
144
145 #if !defined(CONFIG_USER_ONLY)
146
147 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
148 {
149 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
150 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
151 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
152 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
153 }
154 }
155
156 static uint32_t phys_map_node_alloc(PhysPageMap *map)
157 {
158 unsigned i;
159 uint32_t ret;
160
161 ret = map->nodes_nb++;
162 assert(ret != PHYS_MAP_NODE_NIL);
163 assert(ret != map->nodes_nb_alloc);
164 for (i = 0; i < P_L2_SIZE; ++i) {
165 map->nodes[ret][i].skip = 1;
166 map->nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
167 }
168 return ret;
169 }
170
171 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
172 hwaddr *index, hwaddr *nb, uint16_t leaf,
173 int level)
174 {
175 PhysPageEntry *p;
176 int i;
177 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
178
179 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
180 lp->ptr = phys_map_node_alloc(map);
181 p = map->nodes[lp->ptr];
182 if (level == 0) {
183 for (i = 0; i < P_L2_SIZE; i++) {
184 p[i].skip = 0;
185 p[i].ptr = PHYS_SECTION_UNASSIGNED;
186 }
187 }
188 } else {
189 p = map->nodes[lp->ptr];
190 }
191 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
192
193 while (*nb && lp < &p[P_L2_SIZE]) {
194 if ((*index & (step - 1)) == 0 && *nb >= step) {
195 lp->skip = 0;
196 lp->ptr = leaf;
197 *index += step;
198 *nb -= step;
199 } else {
200 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
201 }
202 ++lp;
203 }
204 }
205
206 static void phys_page_set(AddressSpaceDispatch *d,
207 hwaddr index, hwaddr nb,
208 uint16_t leaf)
209 {
210 /* Wildly overreserve - it doesn't matter much. */
211 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
212
213 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
214 }
215
216 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
217 * and update our entry so we can skip it and go directly to the destination.
218 */
219 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
220 {
221 unsigned valid_ptr = P_L2_SIZE;
222 int valid = 0;
223 PhysPageEntry *p;
224 int i;
225
226 if (lp->ptr == PHYS_MAP_NODE_NIL) {
227 return;
228 }
229
230 p = nodes[lp->ptr];
231 for (i = 0; i < P_L2_SIZE; i++) {
232 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
233 continue;
234 }
235
236 valid_ptr = i;
237 valid++;
238 if (p[i].skip) {
239 phys_page_compact(&p[i], nodes, compacted);
240 }
241 }
242
243 /* We can only compress if there's only one child. */
244 if (valid != 1) {
245 return;
246 }
247
248 assert(valid_ptr < P_L2_SIZE);
249
250 /* Don't compress if it won't fit in the # of bits we have. */
251 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
252 return;
253 }
254
255 lp->ptr = p[valid_ptr].ptr;
256 if (!p[valid_ptr].skip) {
257 /* If our only child is a leaf, make this a leaf. */
258 /* By design, we should have made this node a leaf to begin with so we
259 * should never reach here.
260 * But since it's so simple to handle this, let's do it just in case we
261 * change this rule.
262 */
263 lp->skip = 0;
264 } else {
265 lp->skip += p[valid_ptr].skip;
266 }
267 }
268
269 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
270 {
271 DECLARE_BITMAP(compacted, nodes_nb);
272
273 if (d->phys_map.skip) {
274 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
275 }
276 }
277
278 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
279 Node *nodes, MemoryRegionSection *sections)
280 {
281 PhysPageEntry *p;
282 hwaddr index = addr >> TARGET_PAGE_BITS;
283 int i;
284
285 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
286 if (lp.ptr == PHYS_MAP_NODE_NIL) {
287 return &sections[PHYS_SECTION_UNASSIGNED];
288 }
289 p = nodes[lp.ptr];
290 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
291 }
292
293 if (sections[lp.ptr].size.hi ||
294 range_covers_byte(sections[lp.ptr].offset_within_address_space,
295 sections[lp.ptr].size.lo, addr)) {
296 return &sections[lp.ptr];
297 } else {
298 return &sections[PHYS_SECTION_UNASSIGNED];
299 }
300 }
301
302 bool memory_region_is_unassigned(MemoryRegion *mr)
303 {
304 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
305 && mr != &io_mem_watch;
306 }
307
308 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
309 hwaddr addr,
310 bool resolve_subpage)
311 {
312 MemoryRegionSection *section;
313 subpage_t *subpage;
314
315 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
316 if (resolve_subpage && section->mr->subpage) {
317 subpage = container_of(section->mr, subpage_t, iomem);
318 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
319 }
320 return section;
321 }
322
323 static MemoryRegionSection *
324 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
325 hwaddr *plen, bool resolve_subpage)
326 {
327 MemoryRegionSection *section;
328 Int128 diff;
329
330 section = address_space_lookup_region(d, addr, resolve_subpage);
331 /* Compute offset within MemoryRegionSection */
332 addr -= section->offset_within_address_space;
333
334 /* Compute offset within MemoryRegion */
335 *xlat = addr + section->offset_within_region;
336
337 diff = int128_sub(section->mr->size, int128_make64(addr));
338 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
339 return section;
340 }
341
342 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
343 {
344 if (memory_region_is_ram(mr)) {
345 return !(is_write && mr->readonly);
346 }
347 if (memory_region_is_romd(mr)) {
348 return !is_write;
349 }
350
351 return false;
352 }
353
354 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
355 hwaddr *xlat, hwaddr *plen,
356 bool is_write)
357 {
358 IOMMUTLBEntry iotlb;
359 MemoryRegionSection *section;
360 MemoryRegion *mr;
361 hwaddr len = *plen;
362
363 for (;;) {
364 section = address_space_translate_internal(as->dispatch, addr, &addr, plen, true);
365 mr = section->mr;
366
367 if (!mr->iommu_ops) {
368 break;
369 }
370
371 iotlb = mr->iommu_ops->translate(mr, addr);
372 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
373 | (addr & iotlb.addr_mask));
374 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
375 if (!(iotlb.perm & (1 << is_write))) {
376 mr = &io_mem_unassigned;
377 break;
378 }
379
380 as = iotlb.target_as;
381 }
382
383 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
384 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
385 len = MIN(page, len);
386 }
387
388 *plen = len;
389 *xlat = addr;
390 return mr;
391 }
392
393 MemoryRegionSection *
394 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
395 hwaddr *plen)
396 {
397 MemoryRegionSection *section;
398 section = address_space_translate_internal(as->dispatch, addr, xlat, plen, false);
399
400 assert(!section->mr->iommu_ops);
401 return section;
402 }
403 #endif
404
405 void cpu_exec_init_all(void)
406 {
407 #if !defined(CONFIG_USER_ONLY)
408 qemu_mutex_init(&ram_list.mutex);
409 memory_map_init();
410 io_mem_init();
411 #endif
412 }
413
414 #if !defined(CONFIG_USER_ONLY)
415
416 static int cpu_common_post_load(void *opaque, int version_id)
417 {
418 CPUState *cpu = opaque;
419
420 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
421 version_id is increased. */
422 cpu->interrupt_request &= ~0x01;
423 tlb_flush(cpu, 1);
424
425 return 0;
426 }
427
428 const VMStateDescription vmstate_cpu_common = {
429 .name = "cpu_common",
430 .version_id = 1,
431 .minimum_version_id = 1,
432 .post_load = cpu_common_post_load,
433 .fields = (VMStateField[]) {
434 VMSTATE_UINT32(halted, CPUState),
435 VMSTATE_UINT32(interrupt_request, CPUState),
436 VMSTATE_END_OF_LIST()
437 }
438 };
439
440 #endif
441
442 CPUState *qemu_get_cpu(int index)
443 {
444 CPUState *cpu;
445
446 CPU_FOREACH(cpu) {
447 if (cpu->cpu_index == index) {
448 return cpu;
449 }
450 }
451
452 return NULL;
453 }
454
455 #if !defined(CONFIG_USER_ONLY)
456 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
457 {
458 /* We only support one address space per cpu at the moment. */
459 assert(cpu->as == as);
460
461 if (cpu->tcg_as_listener) {
462 memory_listener_unregister(cpu->tcg_as_listener);
463 } else {
464 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
465 }
466 cpu->tcg_as_listener->commit = tcg_commit;
467 memory_listener_register(cpu->tcg_as_listener, as);
468 }
469 #endif
470
471 void cpu_exec_init(CPUArchState *env)
472 {
473 CPUState *cpu = ENV_GET_CPU(env);
474 CPUClass *cc = CPU_GET_CLASS(cpu);
475 CPUState *some_cpu;
476 int cpu_index;
477
478 #if defined(CONFIG_USER_ONLY)
479 cpu_list_lock();
480 #endif
481 cpu_index = 0;
482 CPU_FOREACH(some_cpu) {
483 cpu_index++;
484 }
485 cpu->cpu_index = cpu_index;
486 cpu->numa_node = 0;
487 QTAILQ_INIT(&cpu->breakpoints);
488 QTAILQ_INIT(&cpu->watchpoints);
489 #ifndef CONFIG_USER_ONLY
490 cpu->as = &address_space_memory;
491 cpu->thread_id = qemu_get_thread_id();
492 #endif
493 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
494 #if defined(CONFIG_USER_ONLY)
495 cpu_list_unlock();
496 #endif
497 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
498 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
499 }
500 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
501 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
502 cpu_save, cpu_load, env);
503 assert(cc->vmsd == NULL);
504 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
505 #endif
506 if (cc->vmsd != NULL) {
507 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
508 }
509 }
510
511 #if defined(TARGET_HAS_ICE)
512 #if defined(CONFIG_USER_ONLY)
513 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
514 {
515 tb_invalidate_phys_page_range(pc, pc + 1, 0);
516 }
517 #else
518 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
519 {
520 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
521 if (phys != -1) {
522 tb_invalidate_phys_addr(cpu->as,
523 phys | (pc & ~TARGET_PAGE_MASK));
524 }
525 }
526 #endif
527 #endif /* TARGET_HAS_ICE */
528
529 #if defined(CONFIG_USER_ONLY)
530 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
531
532 {
533 }
534
535 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
536 int flags, CPUWatchpoint **watchpoint)
537 {
538 return -ENOSYS;
539 }
540 #else
541 /* Add a watchpoint. */
542 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
543 int flags, CPUWatchpoint **watchpoint)
544 {
545 vaddr len_mask = ~(len - 1);
546 CPUWatchpoint *wp;
547
548 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
549 if ((len & (len - 1)) || (addr & ~len_mask) ||
550 len == 0 || len > TARGET_PAGE_SIZE) {
551 error_report("tried to set invalid watchpoint at %"
552 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
553 return -EINVAL;
554 }
555 wp = g_malloc(sizeof(*wp));
556
557 wp->vaddr = addr;
558 wp->len_mask = len_mask;
559 wp->flags = flags;
560
561 /* keep all GDB-injected watchpoints in front */
562 if (flags & BP_GDB) {
563 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
564 } else {
565 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
566 }
567
568 tlb_flush_page(cpu, addr);
569
570 if (watchpoint)
571 *watchpoint = wp;
572 return 0;
573 }
574
575 /* Remove a specific watchpoint. */
576 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
577 int flags)
578 {
579 vaddr len_mask = ~(len - 1);
580 CPUWatchpoint *wp;
581
582 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
583 if (addr == wp->vaddr && len_mask == wp->len_mask
584 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
585 cpu_watchpoint_remove_by_ref(cpu, wp);
586 return 0;
587 }
588 }
589 return -ENOENT;
590 }
591
592 /* Remove a specific watchpoint by reference. */
593 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
594 {
595 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
596
597 tlb_flush_page(cpu, watchpoint->vaddr);
598
599 g_free(watchpoint);
600 }
601
602 /* Remove all matching watchpoints. */
603 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
604 {
605 CPUWatchpoint *wp, *next;
606
607 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
608 if (wp->flags & mask) {
609 cpu_watchpoint_remove_by_ref(cpu, wp);
610 }
611 }
612 }
613 #endif
614
615 /* Add a breakpoint. */
616 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
617 CPUBreakpoint **breakpoint)
618 {
619 #if defined(TARGET_HAS_ICE)
620 CPUBreakpoint *bp;
621
622 bp = g_malloc(sizeof(*bp));
623
624 bp->pc = pc;
625 bp->flags = flags;
626
627 /* keep all GDB-injected breakpoints in front */
628 if (flags & BP_GDB) {
629 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
630 } else {
631 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
632 }
633
634 breakpoint_invalidate(cpu, pc);
635
636 if (breakpoint) {
637 *breakpoint = bp;
638 }
639 return 0;
640 #else
641 return -ENOSYS;
642 #endif
643 }
644
645 /* Remove a specific breakpoint. */
646 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
647 {
648 #if defined(TARGET_HAS_ICE)
649 CPUBreakpoint *bp;
650
651 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
652 if (bp->pc == pc && bp->flags == flags) {
653 cpu_breakpoint_remove_by_ref(cpu, bp);
654 return 0;
655 }
656 }
657 return -ENOENT;
658 #else
659 return -ENOSYS;
660 #endif
661 }
662
663 /* Remove a specific breakpoint by reference. */
664 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
665 {
666 #if defined(TARGET_HAS_ICE)
667 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
668
669 breakpoint_invalidate(cpu, breakpoint->pc);
670
671 g_free(breakpoint);
672 #endif
673 }
674
675 /* Remove all matching breakpoints. */
676 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
677 {
678 #if defined(TARGET_HAS_ICE)
679 CPUBreakpoint *bp, *next;
680
681 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
682 if (bp->flags & mask) {
683 cpu_breakpoint_remove_by_ref(cpu, bp);
684 }
685 }
686 #endif
687 }
688
689 /* enable or disable single step mode. EXCP_DEBUG is returned by the
690 CPU loop after each instruction */
691 void cpu_single_step(CPUState *cpu, int enabled)
692 {
693 #if defined(TARGET_HAS_ICE)
694 if (cpu->singlestep_enabled != enabled) {
695 cpu->singlestep_enabled = enabled;
696 if (kvm_enabled()) {
697 kvm_update_guest_debug(cpu, 0);
698 } else {
699 /* must flush all the translated code to avoid inconsistencies */
700 /* XXX: only flush what is necessary */
701 CPUArchState *env = cpu->env_ptr;
702 tb_flush(env);
703 }
704 }
705 #endif
706 }
707
708 void cpu_abort(CPUState *cpu, const char *fmt, ...)
709 {
710 va_list ap;
711 va_list ap2;
712
713 va_start(ap, fmt);
714 va_copy(ap2, ap);
715 fprintf(stderr, "qemu: fatal: ");
716 vfprintf(stderr, fmt, ap);
717 fprintf(stderr, "\n");
718 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
719 if (qemu_log_enabled()) {
720 qemu_log("qemu: fatal: ");
721 qemu_log_vprintf(fmt, ap2);
722 qemu_log("\n");
723 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
724 qemu_log_flush();
725 qemu_log_close();
726 }
727 va_end(ap2);
728 va_end(ap);
729 #if defined(CONFIG_USER_ONLY)
730 {
731 struct sigaction act;
732 sigfillset(&act.sa_mask);
733 act.sa_handler = SIG_DFL;
734 sigaction(SIGABRT, &act, NULL);
735 }
736 #endif
737 abort();
738 }
739
740 #if !defined(CONFIG_USER_ONLY)
741 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
742 {
743 RAMBlock *block;
744
745 /* The list is protected by the iothread lock here. */
746 block = ram_list.mru_block;
747 if (block && addr - block->offset < block->length) {
748 goto found;
749 }
750 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
751 if (addr - block->offset < block->length) {
752 goto found;
753 }
754 }
755
756 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
757 abort();
758
759 found:
760 ram_list.mru_block = block;
761 return block;
762 }
763
764 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
765 {
766 ram_addr_t start1;
767 RAMBlock *block;
768 ram_addr_t end;
769
770 end = TARGET_PAGE_ALIGN(start + length);
771 start &= TARGET_PAGE_MASK;
772
773 block = qemu_get_ram_block(start);
774 assert(block == qemu_get_ram_block(end - 1));
775 start1 = (uintptr_t)block->host + (start - block->offset);
776 cpu_tlb_reset_dirty_all(start1, length);
777 }
778
779 /* Note: start and end must be within the same ram block. */
780 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t length,
781 unsigned client)
782 {
783 if (length == 0)
784 return;
785 cpu_physical_memory_clear_dirty_range(start, length, client);
786
787 if (tcg_enabled()) {
788 tlb_reset_dirty_range_all(start, length);
789 }
790 }
791
792 static void cpu_physical_memory_set_dirty_tracking(bool enable)
793 {
794 in_migration = enable;
795 }
796
797 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
798 MemoryRegionSection *section,
799 target_ulong vaddr,
800 hwaddr paddr, hwaddr xlat,
801 int prot,
802 target_ulong *address)
803 {
804 hwaddr iotlb;
805 CPUWatchpoint *wp;
806
807 if (memory_region_is_ram(section->mr)) {
808 /* Normal RAM. */
809 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
810 + xlat;
811 if (!section->readonly) {
812 iotlb |= PHYS_SECTION_NOTDIRTY;
813 } else {
814 iotlb |= PHYS_SECTION_ROM;
815 }
816 } else {
817 iotlb = section - section->address_space->dispatch->map.sections;
818 iotlb += xlat;
819 }
820
821 /* Make accesses to pages with watchpoints go via the
822 watchpoint trap routines. */
823 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
824 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
825 /* Avoid trapping reads of pages with a write breakpoint. */
826 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
827 iotlb = PHYS_SECTION_WATCH + paddr;
828 *address |= TLB_MMIO;
829 break;
830 }
831 }
832 }
833
834 return iotlb;
835 }
836 #endif /* defined(CONFIG_USER_ONLY) */
837
838 #if !defined(CONFIG_USER_ONLY)
839
840 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
841 uint16_t section);
842 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
843
844 static void *(*phys_mem_alloc)(size_t size) = qemu_anon_ram_alloc;
845
846 /*
847 * Set a custom physical guest memory alloator.
848 * Accelerators with unusual needs may need this. Hopefully, we can
849 * get rid of it eventually.
850 */
851 void phys_mem_set_alloc(void *(*alloc)(size_t))
852 {
853 phys_mem_alloc = alloc;
854 }
855
856 static uint16_t phys_section_add(PhysPageMap *map,
857 MemoryRegionSection *section)
858 {
859 /* The physical section number is ORed with a page-aligned
860 * pointer to produce the iotlb entries. Thus it should
861 * never overflow into the page-aligned value.
862 */
863 assert(map->sections_nb < TARGET_PAGE_SIZE);
864
865 if (map->sections_nb == map->sections_nb_alloc) {
866 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
867 map->sections = g_renew(MemoryRegionSection, map->sections,
868 map->sections_nb_alloc);
869 }
870 map->sections[map->sections_nb] = *section;
871 memory_region_ref(section->mr);
872 return map->sections_nb++;
873 }
874
875 static void phys_section_destroy(MemoryRegion *mr)
876 {
877 memory_region_unref(mr);
878
879 if (mr->subpage) {
880 subpage_t *subpage = container_of(mr, subpage_t, iomem);
881 memory_region_destroy(&subpage->iomem);
882 g_free(subpage);
883 }
884 }
885
886 static void phys_sections_free(PhysPageMap *map)
887 {
888 while (map->sections_nb > 0) {
889 MemoryRegionSection *section = &map->sections[--map->sections_nb];
890 phys_section_destroy(section->mr);
891 }
892 g_free(map->sections);
893 g_free(map->nodes);
894 }
895
896 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
897 {
898 subpage_t *subpage;
899 hwaddr base = section->offset_within_address_space
900 & TARGET_PAGE_MASK;
901 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
902 d->map.nodes, d->map.sections);
903 MemoryRegionSection subsection = {
904 .offset_within_address_space = base,
905 .size = int128_make64(TARGET_PAGE_SIZE),
906 };
907 hwaddr start, end;
908
909 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
910
911 if (!(existing->mr->subpage)) {
912 subpage = subpage_init(d->as, base);
913 subsection.address_space = d->as;
914 subsection.mr = &subpage->iomem;
915 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
916 phys_section_add(&d->map, &subsection));
917 } else {
918 subpage = container_of(existing->mr, subpage_t, iomem);
919 }
920 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
921 end = start + int128_get64(section->size) - 1;
922 subpage_register(subpage, start, end,
923 phys_section_add(&d->map, section));
924 }
925
926
927 static void register_multipage(AddressSpaceDispatch *d,
928 MemoryRegionSection *section)
929 {
930 hwaddr start_addr = section->offset_within_address_space;
931 uint16_t section_index = phys_section_add(&d->map, section);
932 uint64_t num_pages = int128_get64(int128_rshift(section->size,
933 TARGET_PAGE_BITS));
934
935 assert(num_pages);
936 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
937 }
938
939 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
940 {
941 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
942 AddressSpaceDispatch *d = as->next_dispatch;
943 MemoryRegionSection now = *section, remain = *section;
944 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
945
946 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
947 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
948 - now.offset_within_address_space;
949
950 now.size = int128_min(int128_make64(left), now.size);
951 register_subpage(d, &now);
952 } else {
953 now.size = int128_zero();
954 }
955 while (int128_ne(remain.size, now.size)) {
956 remain.size = int128_sub(remain.size, now.size);
957 remain.offset_within_address_space += int128_get64(now.size);
958 remain.offset_within_region += int128_get64(now.size);
959 now = remain;
960 if (int128_lt(remain.size, page_size)) {
961 register_subpage(d, &now);
962 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
963 now.size = page_size;
964 register_subpage(d, &now);
965 } else {
966 now.size = int128_and(now.size, int128_neg(page_size));
967 register_multipage(d, &now);
968 }
969 }
970 }
971
972 void qemu_flush_coalesced_mmio_buffer(void)
973 {
974 if (kvm_enabled())
975 kvm_flush_coalesced_mmio_buffer();
976 }
977
978 void qemu_mutex_lock_ramlist(void)
979 {
980 qemu_mutex_lock(&ram_list.mutex);
981 }
982
983 void qemu_mutex_unlock_ramlist(void)
984 {
985 qemu_mutex_unlock(&ram_list.mutex);
986 }
987
988 #ifdef __linux__
989
990 #include <sys/vfs.h>
991
992 #define HUGETLBFS_MAGIC 0x958458f6
993
994 static long gethugepagesize(const char *path)
995 {
996 struct statfs fs;
997 int ret;
998
999 do {
1000 ret = statfs(path, &fs);
1001 } while (ret != 0 && errno == EINTR);
1002
1003 if (ret != 0) {
1004 perror(path);
1005 return 0;
1006 }
1007
1008 if (fs.f_type != HUGETLBFS_MAGIC)
1009 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1010
1011 return fs.f_bsize;
1012 }
1013
1014 static void *file_ram_alloc(RAMBlock *block,
1015 ram_addr_t memory,
1016 const char *path)
1017 {
1018 char *filename;
1019 char *sanitized_name;
1020 char *c;
1021 void *area;
1022 int fd;
1023 unsigned long hpagesize;
1024
1025 hpagesize = gethugepagesize(path);
1026 if (!hpagesize) {
1027 goto error;
1028 }
1029
1030 if (memory < hpagesize) {
1031 return NULL;
1032 }
1033
1034 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1035 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
1036 goto error;
1037 }
1038
1039 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1040 sanitized_name = g_strdup(block->mr->name);
1041 for (c = sanitized_name; *c != '\0'; c++) {
1042 if (*c == '/')
1043 *c = '_';
1044 }
1045
1046 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1047 sanitized_name);
1048 g_free(sanitized_name);
1049
1050 fd = mkstemp(filename);
1051 if (fd < 0) {
1052 perror("unable to create backing store for hugepages");
1053 g_free(filename);
1054 goto error;
1055 }
1056 unlink(filename);
1057 g_free(filename);
1058
1059 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1060
1061 /*
1062 * ftruncate is not supported by hugetlbfs in older
1063 * hosts, so don't bother bailing out on errors.
1064 * If anything goes wrong with it under other filesystems,
1065 * mmap will fail.
1066 */
1067 if (ftruncate(fd, memory))
1068 perror("ftruncate");
1069
1070 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
1071 if (area == MAP_FAILED) {
1072 perror("file_ram_alloc: can't mmap RAM pages");
1073 close(fd);
1074 goto error;
1075 }
1076
1077 if (mem_prealloc) {
1078 os_mem_prealloc(fd, area, memory);
1079 }
1080
1081 block->fd = fd;
1082 return area;
1083
1084 error:
1085 if (mem_prealloc) {
1086 exit(1);
1087 }
1088 return NULL;
1089 }
1090 #else
1091 static void *file_ram_alloc(RAMBlock *block,
1092 ram_addr_t memory,
1093 const char *path)
1094 {
1095 fprintf(stderr, "-mem-path not supported on this host\n");
1096 exit(1);
1097 }
1098 #endif
1099
1100 static ram_addr_t find_ram_offset(ram_addr_t size)
1101 {
1102 RAMBlock *block, *next_block;
1103 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1104
1105 assert(size != 0); /* it would hand out same offset multiple times */
1106
1107 if (QTAILQ_EMPTY(&ram_list.blocks))
1108 return 0;
1109
1110 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1111 ram_addr_t end, next = RAM_ADDR_MAX;
1112
1113 end = block->offset + block->length;
1114
1115 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1116 if (next_block->offset >= end) {
1117 next = MIN(next, next_block->offset);
1118 }
1119 }
1120 if (next - end >= size && next - end < mingap) {
1121 offset = end;
1122 mingap = next - end;
1123 }
1124 }
1125
1126 if (offset == RAM_ADDR_MAX) {
1127 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1128 (uint64_t)size);
1129 abort();
1130 }
1131
1132 return offset;
1133 }
1134
1135 ram_addr_t last_ram_offset(void)
1136 {
1137 RAMBlock *block;
1138 ram_addr_t last = 0;
1139
1140 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1141 last = MAX(last, block->offset + block->length);
1142
1143 return last;
1144 }
1145
1146 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1147 {
1148 int ret;
1149
1150 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1151 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1152 "dump-guest-core", true)) {
1153 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1154 if (ret) {
1155 perror("qemu_madvise");
1156 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1157 "but dump_guest_core=off specified\n");
1158 }
1159 }
1160 }
1161
1162 static RAMBlock *find_ram_block(ram_addr_t addr)
1163 {
1164 RAMBlock *block;
1165
1166 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1167 if (block->offset == addr) {
1168 return block;
1169 }
1170 }
1171
1172 return NULL;
1173 }
1174
1175 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1176 {
1177 RAMBlock *new_block = find_ram_block(addr);
1178 RAMBlock *block;
1179
1180 assert(new_block);
1181 assert(!new_block->idstr[0]);
1182
1183 if (dev) {
1184 char *id = qdev_get_dev_path(dev);
1185 if (id) {
1186 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1187 g_free(id);
1188 }
1189 }
1190 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1191
1192 /* This assumes the iothread lock is taken here too. */
1193 qemu_mutex_lock_ramlist();
1194 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1195 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1196 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1197 new_block->idstr);
1198 abort();
1199 }
1200 }
1201 qemu_mutex_unlock_ramlist();
1202 }
1203
1204 void qemu_ram_unset_idstr(ram_addr_t addr)
1205 {
1206 RAMBlock *block = find_ram_block(addr);
1207
1208 if (block) {
1209 memset(block->idstr, 0, sizeof(block->idstr));
1210 }
1211 }
1212
1213 static int memory_try_enable_merging(void *addr, size_t len)
1214 {
1215 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
1216 /* disabled by the user */
1217 return 0;
1218 }
1219
1220 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1221 }
1222
1223 static ram_addr_t ram_block_add(RAMBlock *new_block)
1224 {
1225 RAMBlock *block;
1226 ram_addr_t old_ram_size, new_ram_size;
1227
1228 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1229
1230 /* This assumes the iothread lock is taken here too. */
1231 qemu_mutex_lock_ramlist();
1232 new_block->offset = find_ram_offset(new_block->length);
1233
1234 if (!new_block->host) {
1235 if (xen_enabled()) {
1236 xen_ram_alloc(new_block->offset, new_block->length, new_block->mr);
1237 } else {
1238 new_block->host = phys_mem_alloc(new_block->length);
1239 if (!new_block->host) {
1240 fprintf(stderr, "Cannot set up guest memory '%s': %s\n",
1241 new_block->mr->name, strerror(errno));
1242 exit(1);
1243 }
1244 memory_try_enable_merging(new_block->host, new_block->length);
1245 }
1246 }
1247
1248 /* Keep the list sorted from biggest to smallest block. */
1249 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1250 if (block->length < new_block->length) {
1251 break;
1252 }
1253 }
1254 if (block) {
1255 QTAILQ_INSERT_BEFORE(block, new_block, next);
1256 } else {
1257 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1258 }
1259 ram_list.mru_block = NULL;
1260
1261 ram_list.version++;
1262 qemu_mutex_unlock_ramlist();
1263
1264 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1265
1266 if (new_ram_size > old_ram_size) {
1267 int i;
1268 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1269 ram_list.dirty_memory[i] =
1270 bitmap_zero_extend(ram_list.dirty_memory[i],
1271 old_ram_size, new_ram_size);
1272 }
1273 }
1274 cpu_physical_memory_set_dirty_range(new_block->offset, new_block->length);
1275
1276 qemu_ram_setup_dump(new_block->host, new_block->length);
1277 qemu_madvise(new_block->host, new_block->length, QEMU_MADV_HUGEPAGE);
1278 qemu_madvise(new_block->host, new_block->length, QEMU_MADV_DONTFORK);
1279
1280 if (kvm_enabled()) {
1281 kvm_setup_guest_memory(new_block->host, new_block->length);
1282 }
1283
1284 return new_block->offset;
1285 }
1286
1287 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1288 const char *mem_path)
1289 {
1290 RAMBlock *new_block;
1291
1292 if (xen_enabled()) {
1293 fprintf(stderr, "-mem-path not supported with Xen\n");
1294 exit(1);
1295 }
1296
1297 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1298 /*
1299 * file_ram_alloc() needs to allocate just like
1300 * phys_mem_alloc, but we haven't bothered to provide
1301 * a hook there.
1302 */
1303 fprintf(stderr,
1304 "-mem-path not supported with this accelerator\n");
1305 exit(1);
1306 }
1307
1308 size = TARGET_PAGE_ALIGN(size);
1309 new_block = g_malloc0(sizeof(*new_block));
1310 new_block->mr = mr;
1311 new_block->length = size;
1312 new_block->host = file_ram_alloc(new_block, size, mem_path);
1313 return ram_block_add(new_block);
1314 }
1315
1316 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1317 MemoryRegion *mr)
1318 {
1319 RAMBlock *new_block;
1320
1321 size = TARGET_PAGE_ALIGN(size);
1322 new_block = g_malloc0(sizeof(*new_block));
1323 new_block->mr = mr;
1324 new_block->length = size;
1325 new_block->fd = -1;
1326 new_block->host = host;
1327 if (host) {
1328 new_block->flags |= RAM_PREALLOC_MASK;
1329 }
1330 return ram_block_add(new_block);
1331 }
1332
1333 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1334 {
1335 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1336 }
1337
1338 void qemu_ram_free_from_ptr(ram_addr_t addr)
1339 {
1340 RAMBlock *block;
1341
1342 /* This assumes the iothread lock is taken here too. */
1343 qemu_mutex_lock_ramlist();
1344 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1345 if (addr == block->offset) {
1346 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1347 ram_list.mru_block = NULL;
1348 ram_list.version++;
1349 g_free(block);
1350 break;
1351 }
1352 }
1353 qemu_mutex_unlock_ramlist();
1354 }
1355
1356 void qemu_ram_free(ram_addr_t addr)
1357 {
1358 RAMBlock *block;
1359
1360 /* This assumes the iothread lock is taken here too. */
1361 qemu_mutex_lock_ramlist();
1362 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1363 if (addr == block->offset) {
1364 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1365 ram_list.mru_block = NULL;
1366 ram_list.version++;
1367 if (block->flags & RAM_PREALLOC_MASK) {
1368 ;
1369 } else if (xen_enabled()) {
1370 xen_invalidate_map_cache_entry(block->host);
1371 #ifndef _WIN32
1372 } else if (block->fd >= 0) {
1373 munmap(block->host, block->length);
1374 close(block->fd);
1375 #endif
1376 } else {
1377 qemu_anon_ram_free(block->host, block->length);
1378 }
1379 g_free(block);
1380 break;
1381 }
1382 }
1383 qemu_mutex_unlock_ramlist();
1384
1385 }
1386
1387 #ifndef _WIN32
1388 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1389 {
1390 RAMBlock *block;
1391 ram_addr_t offset;
1392 int flags;
1393 void *area, *vaddr;
1394
1395 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1396 offset = addr - block->offset;
1397 if (offset < block->length) {
1398 vaddr = block->host + offset;
1399 if (block->flags & RAM_PREALLOC_MASK) {
1400 ;
1401 } else if (xen_enabled()) {
1402 abort();
1403 } else {
1404 flags = MAP_FIXED;
1405 munmap(vaddr, length);
1406 if (block->fd >= 0) {
1407 #ifdef MAP_POPULATE
1408 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1409 MAP_PRIVATE;
1410 #else
1411 flags |= MAP_PRIVATE;
1412 #endif
1413 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1414 flags, block->fd, offset);
1415 } else {
1416 /*
1417 * Remap needs to match alloc. Accelerators that
1418 * set phys_mem_alloc never remap. If they did,
1419 * we'd need a remap hook here.
1420 */
1421 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1422
1423 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1424 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1425 flags, -1, 0);
1426 }
1427 if (area != vaddr) {
1428 fprintf(stderr, "Could not remap addr: "
1429 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1430 length, addr);
1431 exit(1);
1432 }
1433 memory_try_enable_merging(vaddr, length);
1434 qemu_ram_setup_dump(vaddr, length);
1435 }
1436 return;
1437 }
1438 }
1439 }
1440 #endif /* !_WIN32 */
1441
1442 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1443 With the exception of the softmmu code in this file, this should
1444 only be used for local memory (e.g. video ram) that the device owns,
1445 and knows it isn't going to access beyond the end of the block.
1446
1447 It should not be used for general purpose DMA.
1448 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1449 */
1450 void *qemu_get_ram_ptr(ram_addr_t addr)
1451 {
1452 RAMBlock *block = qemu_get_ram_block(addr);
1453
1454 if (xen_enabled()) {
1455 /* We need to check if the requested address is in the RAM
1456 * because we don't want to map the entire memory in QEMU.
1457 * In that case just map until the end of the page.
1458 */
1459 if (block->offset == 0) {
1460 return xen_map_cache(addr, 0, 0);
1461 } else if (block->host == NULL) {
1462 block->host =
1463 xen_map_cache(block->offset, block->length, 1);
1464 }
1465 }
1466 return block->host + (addr - block->offset);
1467 }
1468
1469 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1470 * but takes a size argument */
1471 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1472 {
1473 if (*size == 0) {
1474 return NULL;
1475 }
1476 if (xen_enabled()) {
1477 return xen_map_cache(addr, *size, 1);
1478 } else {
1479 RAMBlock *block;
1480
1481 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1482 if (addr - block->offset < block->length) {
1483 if (addr - block->offset + *size > block->length)
1484 *size = block->length - addr + block->offset;
1485 return block->host + (addr - block->offset);
1486 }
1487 }
1488
1489 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1490 abort();
1491 }
1492 }
1493
1494 /* Some of the softmmu routines need to translate from a host pointer
1495 (typically a TLB entry) back to a ram offset. */
1496 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1497 {
1498 RAMBlock *block;
1499 uint8_t *host = ptr;
1500
1501 if (xen_enabled()) {
1502 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1503 return qemu_get_ram_block(*ram_addr)->mr;
1504 }
1505
1506 block = ram_list.mru_block;
1507 if (block && block->host && host - block->host < block->length) {
1508 goto found;
1509 }
1510
1511 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1512 /* This case append when the block is not mapped. */
1513 if (block->host == NULL) {
1514 continue;
1515 }
1516 if (host - block->host < block->length) {
1517 goto found;
1518 }
1519 }
1520
1521 return NULL;
1522
1523 found:
1524 *ram_addr = block->offset + (host - block->host);
1525 return block->mr;
1526 }
1527
1528 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1529 uint64_t val, unsigned size)
1530 {
1531 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1532 tb_invalidate_phys_page_fast(ram_addr, size);
1533 }
1534 switch (size) {
1535 case 1:
1536 stb_p(qemu_get_ram_ptr(ram_addr), val);
1537 break;
1538 case 2:
1539 stw_p(qemu_get_ram_ptr(ram_addr), val);
1540 break;
1541 case 4:
1542 stl_p(qemu_get_ram_ptr(ram_addr), val);
1543 break;
1544 default:
1545 abort();
1546 }
1547 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_MIGRATION);
1548 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_VGA);
1549 /* we remove the notdirty callback only if the code has been
1550 flushed */
1551 if (!cpu_physical_memory_is_clean(ram_addr)) {
1552 CPUArchState *env = current_cpu->env_ptr;
1553 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1554 }
1555 }
1556
1557 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1558 unsigned size, bool is_write)
1559 {
1560 return is_write;
1561 }
1562
1563 static const MemoryRegionOps notdirty_mem_ops = {
1564 .write = notdirty_mem_write,
1565 .valid.accepts = notdirty_mem_accepts,
1566 .endianness = DEVICE_NATIVE_ENDIAN,
1567 };
1568
1569 /* Generate a debug exception if a watchpoint has been hit. */
1570 static void check_watchpoint(int offset, int len_mask, int flags)
1571 {
1572 CPUState *cpu = current_cpu;
1573 CPUArchState *env = cpu->env_ptr;
1574 target_ulong pc, cs_base;
1575 target_ulong vaddr;
1576 CPUWatchpoint *wp;
1577 int cpu_flags;
1578
1579 if (cpu->watchpoint_hit) {
1580 /* We re-entered the check after replacing the TB. Now raise
1581 * the debug interrupt so that is will trigger after the
1582 * current instruction. */
1583 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1584 return;
1585 }
1586 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1587 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1588 if ((vaddr == (wp->vaddr & len_mask) ||
1589 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1590 wp->flags |= BP_WATCHPOINT_HIT;
1591 if (!cpu->watchpoint_hit) {
1592 cpu->watchpoint_hit = wp;
1593 tb_check_watchpoint(cpu);
1594 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1595 cpu->exception_index = EXCP_DEBUG;
1596 cpu_loop_exit(cpu);
1597 } else {
1598 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1599 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1600 cpu_resume_from_signal(cpu, NULL);
1601 }
1602 }
1603 } else {
1604 wp->flags &= ~BP_WATCHPOINT_HIT;
1605 }
1606 }
1607 }
1608
1609 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1610 so these check for a hit then pass through to the normal out-of-line
1611 phys routines. */
1612 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1613 unsigned size)
1614 {
1615 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1616 switch (size) {
1617 case 1: return ldub_phys(&address_space_memory, addr);
1618 case 2: return lduw_phys(&address_space_memory, addr);
1619 case 4: return ldl_phys(&address_space_memory, addr);
1620 default: abort();
1621 }
1622 }
1623
1624 static void watch_mem_write(void *opaque, hwaddr addr,
1625 uint64_t val, unsigned size)
1626 {
1627 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1628 switch (size) {
1629 case 1:
1630 stb_phys(&address_space_memory, addr, val);
1631 break;
1632 case 2:
1633 stw_phys(&address_space_memory, addr, val);
1634 break;
1635 case 4:
1636 stl_phys(&address_space_memory, addr, val);
1637 break;
1638 default: abort();
1639 }
1640 }
1641
1642 static const MemoryRegionOps watch_mem_ops = {
1643 .read = watch_mem_read,
1644 .write = watch_mem_write,
1645 .endianness = DEVICE_NATIVE_ENDIAN,
1646 };
1647
1648 static uint64_t subpage_read(void *opaque, hwaddr addr,
1649 unsigned len)
1650 {
1651 subpage_t *subpage = opaque;
1652 uint8_t buf[4];
1653
1654 #if defined(DEBUG_SUBPAGE)
1655 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1656 subpage, len, addr);
1657 #endif
1658 address_space_read(subpage->as, addr + subpage->base, buf, len);
1659 switch (len) {
1660 case 1:
1661 return ldub_p(buf);
1662 case 2:
1663 return lduw_p(buf);
1664 case 4:
1665 return ldl_p(buf);
1666 default:
1667 abort();
1668 }
1669 }
1670
1671 static void subpage_write(void *opaque, hwaddr addr,
1672 uint64_t value, unsigned len)
1673 {
1674 subpage_t *subpage = opaque;
1675 uint8_t buf[4];
1676
1677 #if defined(DEBUG_SUBPAGE)
1678 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1679 " value %"PRIx64"\n",
1680 __func__, subpage, len, addr, value);
1681 #endif
1682 switch (len) {
1683 case 1:
1684 stb_p(buf, value);
1685 break;
1686 case 2:
1687 stw_p(buf, value);
1688 break;
1689 case 4:
1690 stl_p(buf, value);
1691 break;
1692 default:
1693 abort();
1694 }
1695 address_space_write(subpage->as, addr + subpage->base, buf, len);
1696 }
1697
1698 static bool subpage_accepts(void *opaque, hwaddr addr,
1699 unsigned len, bool is_write)
1700 {
1701 subpage_t *subpage = opaque;
1702 #if defined(DEBUG_SUBPAGE)
1703 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
1704 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1705 #endif
1706
1707 return address_space_access_valid(subpage->as, addr + subpage->base,
1708 len, is_write);
1709 }
1710
1711 static const MemoryRegionOps subpage_ops = {
1712 .read = subpage_read,
1713 .write = subpage_write,
1714 .valid.accepts = subpage_accepts,
1715 .endianness = DEVICE_NATIVE_ENDIAN,
1716 };
1717
1718 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1719 uint16_t section)
1720 {
1721 int idx, eidx;
1722
1723 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1724 return -1;
1725 idx = SUBPAGE_IDX(start);
1726 eidx = SUBPAGE_IDX(end);
1727 #if defined(DEBUG_SUBPAGE)
1728 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
1729 __func__, mmio, start, end, idx, eidx, section);
1730 #endif
1731 for (; idx <= eidx; idx++) {
1732 mmio->sub_section[idx] = section;
1733 }
1734
1735 return 0;
1736 }
1737
1738 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1739 {
1740 subpage_t *mmio;
1741
1742 mmio = g_malloc0(sizeof(subpage_t));
1743
1744 mmio->as = as;
1745 mmio->base = base;
1746 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
1747 "subpage", TARGET_PAGE_SIZE);
1748 mmio->iomem.subpage = true;
1749 #if defined(DEBUG_SUBPAGE)
1750 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
1751 mmio, base, TARGET_PAGE_SIZE);
1752 #endif
1753 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
1754
1755 return mmio;
1756 }
1757
1758 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
1759 MemoryRegion *mr)
1760 {
1761 assert(as);
1762 MemoryRegionSection section = {
1763 .address_space = as,
1764 .mr = mr,
1765 .offset_within_address_space = 0,
1766 .offset_within_region = 0,
1767 .size = int128_2_64(),
1768 };
1769
1770 return phys_section_add(map, &section);
1771 }
1772
1773 MemoryRegion *iotlb_to_region(AddressSpace *as, hwaddr index)
1774 {
1775 return as->dispatch->map.sections[index & ~TARGET_PAGE_MASK].mr;
1776 }
1777
1778 static void io_mem_init(void)
1779 {
1780 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1781 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1782 "unassigned", UINT64_MAX);
1783 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1784 "notdirty", UINT64_MAX);
1785 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1786 "watch", UINT64_MAX);
1787 }
1788
1789 static void mem_begin(MemoryListener *listener)
1790 {
1791 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1792 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
1793 uint16_t n;
1794
1795 n = dummy_section(&d->map, as, &io_mem_unassigned);
1796 assert(n == PHYS_SECTION_UNASSIGNED);
1797 n = dummy_section(&d->map, as, &io_mem_notdirty);
1798 assert(n == PHYS_SECTION_NOTDIRTY);
1799 n = dummy_section(&d->map, as, &io_mem_rom);
1800 assert(n == PHYS_SECTION_ROM);
1801 n = dummy_section(&d->map, as, &io_mem_watch);
1802 assert(n == PHYS_SECTION_WATCH);
1803
1804 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
1805 d->as = as;
1806 as->next_dispatch = d;
1807 }
1808
1809 static void mem_commit(MemoryListener *listener)
1810 {
1811 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1812 AddressSpaceDispatch *cur = as->dispatch;
1813 AddressSpaceDispatch *next = as->next_dispatch;
1814
1815 phys_page_compact_all(next, next->map.nodes_nb);
1816
1817 as->dispatch = next;
1818
1819 if (cur) {
1820 phys_sections_free(&cur->map);
1821 g_free(cur);
1822 }
1823 }
1824
1825 static void tcg_commit(MemoryListener *listener)
1826 {
1827 CPUState *cpu;
1828
1829 /* since each CPU stores ram addresses in its TLB cache, we must
1830 reset the modified entries */
1831 /* XXX: slow ! */
1832 CPU_FOREACH(cpu) {
1833 /* FIXME: Disentangle the cpu.h circular files deps so we can
1834 directly get the right CPU from listener. */
1835 if (cpu->tcg_as_listener != listener) {
1836 continue;
1837 }
1838 tlb_flush(cpu, 1);
1839 }
1840 }
1841
1842 static void core_log_global_start(MemoryListener *listener)
1843 {
1844 cpu_physical_memory_set_dirty_tracking(true);
1845 }
1846
1847 static void core_log_global_stop(MemoryListener *listener)
1848 {
1849 cpu_physical_memory_set_dirty_tracking(false);
1850 }
1851
1852 static MemoryListener core_memory_listener = {
1853 .log_global_start = core_log_global_start,
1854 .log_global_stop = core_log_global_stop,
1855 .priority = 1,
1856 };
1857
1858 void address_space_init_dispatch(AddressSpace *as)
1859 {
1860 as->dispatch = NULL;
1861 as->dispatch_listener = (MemoryListener) {
1862 .begin = mem_begin,
1863 .commit = mem_commit,
1864 .region_add = mem_add,
1865 .region_nop = mem_add,
1866 .priority = 0,
1867 };
1868 memory_listener_register(&as->dispatch_listener, as);
1869 }
1870
1871 void address_space_destroy_dispatch(AddressSpace *as)
1872 {
1873 AddressSpaceDispatch *d = as->dispatch;
1874
1875 memory_listener_unregister(&as->dispatch_listener);
1876 g_free(d);
1877 as->dispatch = NULL;
1878 }
1879
1880 static void memory_map_init(void)
1881 {
1882 system_memory = g_malloc(sizeof(*system_memory));
1883
1884 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
1885 address_space_init(&address_space_memory, system_memory, "memory");
1886
1887 system_io = g_malloc(sizeof(*system_io));
1888 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
1889 65536);
1890 address_space_init(&address_space_io, system_io, "I/O");
1891
1892 memory_listener_register(&core_memory_listener, &address_space_memory);
1893 }
1894
1895 MemoryRegion *get_system_memory(void)
1896 {
1897 return system_memory;
1898 }
1899
1900 MemoryRegion *get_system_io(void)
1901 {
1902 return system_io;
1903 }
1904
1905 #endif /* !defined(CONFIG_USER_ONLY) */
1906
1907 /* physical memory access (slow version, mainly for debug) */
1908 #if defined(CONFIG_USER_ONLY)
1909 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
1910 uint8_t *buf, int len, int is_write)
1911 {
1912 int l, flags;
1913 target_ulong page;
1914 void * p;
1915
1916 while (len > 0) {
1917 page = addr & TARGET_PAGE_MASK;
1918 l = (page + TARGET_PAGE_SIZE) - addr;
1919 if (l > len)
1920 l = len;
1921 flags = page_get_flags(page);
1922 if (!(flags & PAGE_VALID))
1923 return -1;
1924 if (is_write) {
1925 if (!(flags & PAGE_WRITE))
1926 return -1;
1927 /* XXX: this code should not depend on lock_user */
1928 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1929 return -1;
1930 memcpy(p, buf, l);
1931 unlock_user(p, addr, l);
1932 } else {
1933 if (!(flags & PAGE_READ))
1934 return -1;
1935 /* XXX: this code should not depend on lock_user */
1936 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1937 return -1;
1938 memcpy(buf, p, l);
1939 unlock_user(p, addr, 0);
1940 }
1941 len -= l;
1942 buf += l;
1943 addr += l;
1944 }
1945 return 0;
1946 }
1947
1948 #else
1949
1950 static void invalidate_and_set_dirty(hwaddr addr,
1951 hwaddr length)
1952 {
1953 if (cpu_physical_memory_is_clean(addr)) {
1954 /* invalidate code */
1955 tb_invalidate_phys_page_range(addr, addr + length, 0);
1956 /* set dirty bit */
1957 cpu_physical_memory_set_dirty_flag(addr, DIRTY_MEMORY_VGA);
1958 cpu_physical_memory_set_dirty_flag(addr, DIRTY_MEMORY_MIGRATION);
1959 }
1960 xen_modified_memory(addr, length);
1961 }
1962
1963 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
1964 {
1965 unsigned access_size_max = mr->ops->valid.max_access_size;
1966
1967 /* Regions are assumed to support 1-4 byte accesses unless
1968 otherwise specified. */
1969 if (access_size_max == 0) {
1970 access_size_max = 4;
1971 }
1972
1973 /* Bound the maximum access by the alignment of the address. */
1974 if (!mr->ops->impl.unaligned) {
1975 unsigned align_size_max = addr & -addr;
1976 if (align_size_max != 0 && align_size_max < access_size_max) {
1977 access_size_max = align_size_max;
1978 }
1979 }
1980
1981 /* Don't attempt accesses larger than the maximum. */
1982 if (l > access_size_max) {
1983 l = access_size_max;
1984 }
1985 if (l & (l - 1)) {
1986 l = 1 << (qemu_fls(l) - 1);
1987 }
1988
1989 return l;
1990 }
1991
1992 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1993 int len, bool is_write)
1994 {
1995 hwaddr l;
1996 uint8_t *ptr;
1997 uint64_t val;
1998 hwaddr addr1;
1999 MemoryRegion *mr;
2000 bool error = false;
2001
2002 while (len > 0) {
2003 l = len;
2004 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2005
2006 if (is_write) {
2007 if (!memory_access_is_direct(mr, is_write)) {
2008 l = memory_access_size(mr, l, addr1);
2009 /* XXX: could force current_cpu to NULL to avoid
2010 potential bugs */
2011 switch (l) {
2012 case 8:
2013 /* 64 bit write access */
2014 val = ldq_p(buf);
2015 error |= io_mem_write(mr, addr1, val, 8);
2016 break;
2017 case 4:
2018 /* 32 bit write access */
2019 val = ldl_p(buf);
2020 error |= io_mem_write(mr, addr1, val, 4);
2021 break;
2022 case 2:
2023 /* 16 bit write access */
2024 val = lduw_p(buf);
2025 error |= io_mem_write(mr, addr1, val, 2);
2026 break;
2027 case 1:
2028 /* 8 bit write access */
2029 val = ldub_p(buf);
2030 error |= io_mem_write(mr, addr1, val, 1);
2031 break;
2032 default:
2033 abort();
2034 }
2035 } else {
2036 addr1 += memory_region_get_ram_addr(mr);
2037 /* RAM case */
2038 ptr = qemu_get_ram_ptr(addr1);
2039 memcpy(ptr, buf, l);
2040 invalidate_and_set_dirty(addr1, l);
2041 }
2042 } else {
2043 if (!memory_access_is_direct(mr, is_write)) {
2044 /* I/O case */
2045 l = memory_access_size(mr, l, addr1);
2046 switch (l) {
2047 case 8:
2048 /* 64 bit read access */
2049 error |= io_mem_read(mr, addr1, &val, 8);
2050 stq_p(buf, val);
2051 break;
2052 case 4:
2053 /* 32 bit read access */
2054 error |= io_mem_read(mr, addr1, &val, 4);
2055 stl_p(buf, val);
2056 break;
2057 case 2:
2058 /* 16 bit read access */
2059 error |= io_mem_read(mr, addr1, &val, 2);
2060 stw_p(buf, val);
2061 break;
2062 case 1:
2063 /* 8 bit read access */
2064 error |= io_mem_read(mr, addr1, &val, 1);
2065 stb_p(buf, val);
2066 break;
2067 default:
2068 abort();
2069 }
2070 } else {
2071 /* RAM case */
2072 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2073 memcpy(buf, ptr, l);
2074 }
2075 }
2076 len -= l;
2077 buf += l;
2078 addr += l;
2079 }
2080
2081 return error;
2082 }
2083
2084 bool address_space_write(AddressSpace *as, hwaddr addr,
2085 const uint8_t *buf, int len)
2086 {
2087 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
2088 }
2089
2090 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
2091 {
2092 return address_space_rw(as, addr, buf, len, false);
2093 }
2094
2095
2096 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2097 int len, int is_write)
2098 {
2099 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2100 }
2101
2102 enum write_rom_type {
2103 WRITE_DATA,
2104 FLUSH_CACHE,
2105 };
2106
2107 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2108 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2109 {
2110 hwaddr l;
2111 uint8_t *ptr;
2112 hwaddr addr1;
2113 MemoryRegion *mr;
2114
2115 while (len > 0) {
2116 l = len;
2117 mr = address_space_translate(as, addr, &addr1, &l, true);
2118
2119 if (!(memory_region_is_ram(mr) ||
2120 memory_region_is_romd(mr))) {
2121 /* do nothing */
2122 } else {
2123 addr1 += memory_region_get_ram_addr(mr);
2124 /* ROM/RAM case */
2125 ptr = qemu_get_ram_ptr(addr1);
2126 switch (type) {
2127 case WRITE_DATA:
2128 memcpy(ptr, buf, l);
2129 invalidate_and_set_dirty(addr1, l);
2130 break;
2131 case FLUSH_CACHE:
2132 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2133 break;
2134 }
2135 }
2136 len -= l;
2137 buf += l;
2138 addr += l;
2139 }
2140 }
2141
2142 /* used for ROM loading : can write in RAM and ROM */
2143 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2144 const uint8_t *buf, int len)
2145 {
2146 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2147 }
2148
2149 void cpu_flush_icache_range(hwaddr start, int len)
2150 {
2151 /*
2152 * This function should do the same thing as an icache flush that was
2153 * triggered from within the guest. For TCG we are always cache coherent,
2154 * so there is no need to flush anything. For KVM / Xen we need to flush
2155 * the host's instruction cache at least.
2156 */
2157 if (tcg_enabled()) {
2158 return;
2159 }
2160
2161 cpu_physical_memory_write_rom_internal(&address_space_memory,
2162 start, NULL, len, FLUSH_CACHE);
2163 }
2164
2165 typedef struct {
2166 MemoryRegion *mr;
2167 void *buffer;
2168 hwaddr addr;
2169 hwaddr len;
2170 } BounceBuffer;
2171
2172 static BounceBuffer bounce;
2173
2174 typedef struct MapClient {
2175 void *opaque;
2176 void (*callback)(void *opaque);
2177 QLIST_ENTRY(MapClient) link;
2178 } MapClient;
2179
2180 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2181 = QLIST_HEAD_INITIALIZER(map_client_list);
2182
2183 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2184 {
2185 MapClient *client = g_malloc(sizeof(*client));
2186
2187 client->opaque = opaque;
2188 client->callback = callback;
2189 QLIST_INSERT_HEAD(&map_client_list, client, link);
2190 return client;
2191 }
2192
2193 static void cpu_unregister_map_client(void *_client)
2194 {
2195 MapClient *client = (MapClient *)_client;
2196
2197 QLIST_REMOVE(client, link);
2198 g_free(client);
2199 }
2200
2201 static void cpu_notify_map_clients(void)
2202 {
2203 MapClient *client;
2204
2205 while (!QLIST_EMPTY(&map_client_list)) {
2206 client = QLIST_FIRST(&map_client_list);
2207 client->callback(client->opaque);
2208 cpu_unregister_map_client(client);
2209 }
2210 }
2211
2212 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2213 {
2214 MemoryRegion *mr;
2215 hwaddr l, xlat;
2216
2217 while (len > 0) {
2218 l = len;
2219 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2220 if (!memory_access_is_direct(mr, is_write)) {
2221 l = memory_access_size(mr, l, addr);
2222 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2223 return false;
2224 }
2225 }
2226
2227 len -= l;
2228 addr += l;
2229 }
2230 return true;
2231 }
2232
2233 /* Map a physical memory region into a host virtual address.
2234 * May map a subset of the requested range, given by and returned in *plen.
2235 * May return NULL if resources needed to perform the mapping are exhausted.
2236 * Use only for reads OR writes - not for read-modify-write operations.
2237 * Use cpu_register_map_client() to know when retrying the map operation is
2238 * likely to succeed.
2239 */
2240 void *address_space_map(AddressSpace *as,
2241 hwaddr addr,
2242 hwaddr *plen,
2243 bool is_write)
2244 {
2245 hwaddr len = *plen;
2246 hwaddr done = 0;
2247 hwaddr l, xlat, base;
2248 MemoryRegion *mr, *this_mr;
2249 ram_addr_t raddr;
2250
2251 if (len == 0) {
2252 return NULL;
2253 }
2254
2255 l = len;
2256 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2257 if (!memory_access_is_direct(mr, is_write)) {
2258 if (bounce.buffer) {
2259 return NULL;
2260 }
2261 /* Avoid unbounded allocations */
2262 l = MIN(l, TARGET_PAGE_SIZE);
2263 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2264 bounce.addr = addr;
2265 bounce.len = l;
2266
2267 memory_region_ref(mr);
2268 bounce.mr = mr;
2269 if (!is_write) {
2270 address_space_read(as, addr, bounce.buffer, l);
2271 }
2272
2273 *plen = l;
2274 return bounce.buffer;
2275 }
2276
2277 base = xlat;
2278 raddr = memory_region_get_ram_addr(mr);
2279
2280 for (;;) {
2281 len -= l;
2282 addr += l;
2283 done += l;
2284 if (len == 0) {
2285 break;
2286 }
2287
2288 l = len;
2289 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2290 if (this_mr != mr || xlat != base + done) {
2291 break;
2292 }
2293 }
2294
2295 memory_region_ref(mr);
2296 *plen = done;
2297 return qemu_ram_ptr_length(raddr + base, plen);
2298 }
2299
2300 /* Unmaps a memory region previously mapped by address_space_map().
2301 * Will also mark the memory as dirty if is_write == 1. access_len gives
2302 * the amount of memory that was actually read or written by the caller.
2303 */
2304 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2305 int is_write, hwaddr access_len)
2306 {
2307 if (buffer != bounce.buffer) {
2308 MemoryRegion *mr;
2309 ram_addr_t addr1;
2310
2311 mr = qemu_ram_addr_from_host(buffer, &addr1);
2312 assert(mr != NULL);
2313 if (is_write) {
2314 while (access_len) {
2315 unsigned l;
2316 l = TARGET_PAGE_SIZE;
2317 if (l > access_len)
2318 l = access_len;
2319 invalidate_and_set_dirty(addr1, l);
2320 addr1 += l;
2321 access_len -= l;
2322 }
2323 }
2324 if (xen_enabled()) {
2325 xen_invalidate_map_cache_entry(buffer);
2326 }
2327 memory_region_unref(mr);
2328 return;
2329 }
2330 if (is_write) {
2331 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2332 }
2333 qemu_vfree(bounce.buffer);
2334 bounce.buffer = NULL;
2335 memory_region_unref(bounce.mr);
2336 cpu_notify_map_clients();
2337 }
2338
2339 void *cpu_physical_memory_map(hwaddr addr,
2340 hwaddr *plen,
2341 int is_write)
2342 {
2343 return address_space_map(&address_space_memory, addr, plen, is_write);
2344 }
2345
2346 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2347 int is_write, hwaddr access_len)
2348 {
2349 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2350 }
2351
2352 /* warning: addr must be aligned */
2353 static inline uint32_t ldl_phys_internal(AddressSpace *as, hwaddr addr,
2354 enum device_endian endian)
2355 {
2356 uint8_t *ptr;
2357 uint64_t val;
2358 MemoryRegion *mr;
2359 hwaddr l = 4;
2360 hwaddr addr1;
2361
2362 mr = address_space_translate(as, addr, &addr1, &l, false);
2363 if (l < 4 || !memory_access_is_direct(mr, false)) {
2364 /* I/O case */
2365 io_mem_read(mr, addr1, &val, 4);
2366 #if defined(TARGET_WORDS_BIGENDIAN)
2367 if (endian == DEVICE_LITTLE_ENDIAN) {
2368 val = bswap32(val);
2369 }
2370 #else
2371 if (endian == DEVICE_BIG_ENDIAN) {
2372 val = bswap32(val);
2373 }
2374 #endif
2375 } else {
2376 /* RAM case */
2377 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2378 & TARGET_PAGE_MASK)
2379 + addr1);
2380 switch (endian) {
2381 case DEVICE_LITTLE_ENDIAN:
2382 val = ldl_le_p(ptr);
2383 break;
2384 case DEVICE_BIG_ENDIAN:
2385 val = ldl_be_p(ptr);
2386 break;
2387 default:
2388 val = ldl_p(ptr);
2389 break;
2390 }
2391 }
2392 return val;
2393 }
2394
2395 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2396 {
2397 return ldl_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2398 }
2399
2400 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2401 {
2402 return ldl_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2403 }
2404
2405 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2406 {
2407 return ldl_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2408 }
2409
2410 /* warning: addr must be aligned */
2411 static inline uint64_t ldq_phys_internal(AddressSpace *as, hwaddr addr,
2412 enum device_endian endian)
2413 {
2414 uint8_t *ptr;
2415 uint64_t val;
2416 MemoryRegion *mr;
2417 hwaddr l = 8;
2418 hwaddr addr1;
2419
2420 mr = address_space_translate(as, addr, &addr1, &l,
2421 false);
2422 if (l < 8 || !memory_access_is_direct(mr, false)) {
2423 /* I/O case */
2424 io_mem_read(mr, addr1, &val, 8);
2425 #if defined(TARGET_WORDS_BIGENDIAN)
2426 if (endian == DEVICE_LITTLE_ENDIAN) {
2427 val = bswap64(val);
2428 }
2429 #else
2430 if (endian == DEVICE_BIG_ENDIAN) {
2431 val = bswap64(val);
2432 }
2433 #endif
2434 } else {
2435 /* RAM case */
2436 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2437 & TARGET_PAGE_MASK)
2438 + addr1);
2439 switch (endian) {
2440 case DEVICE_LITTLE_ENDIAN:
2441 val = ldq_le_p(ptr);
2442 break;
2443 case DEVICE_BIG_ENDIAN:
2444 val = ldq_be_p(ptr);
2445 break;
2446 default:
2447 val = ldq_p(ptr);
2448 break;
2449 }
2450 }
2451 return val;
2452 }
2453
2454 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
2455 {
2456 return ldq_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2457 }
2458
2459 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
2460 {
2461 return ldq_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2462 }
2463
2464 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
2465 {
2466 return ldq_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2467 }
2468
2469 /* XXX: optimize */
2470 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
2471 {
2472 uint8_t val;
2473 address_space_rw(as, addr, &val, 1, 0);
2474 return val;
2475 }
2476
2477 /* warning: addr must be aligned */
2478 static inline uint32_t lduw_phys_internal(AddressSpace *as, hwaddr addr,
2479 enum device_endian endian)
2480 {
2481 uint8_t *ptr;
2482 uint64_t val;
2483 MemoryRegion *mr;
2484 hwaddr l = 2;
2485 hwaddr addr1;
2486
2487 mr = address_space_translate(as, addr, &addr1, &l,
2488 false);
2489 if (l < 2 || !memory_access_is_direct(mr, false)) {
2490 /* I/O case */
2491 io_mem_read(mr, addr1, &val, 2);
2492 #if defined(TARGET_WORDS_BIGENDIAN)
2493 if (endian == DEVICE_LITTLE_ENDIAN) {
2494 val = bswap16(val);
2495 }
2496 #else
2497 if (endian == DEVICE_BIG_ENDIAN) {
2498 val = bswap16(val);
2499 }
2500 #endif
2501 } else {
2502 /* RAM case */
2503 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2504 & TARGET_PAGE_MASK)
2505 + addr1);
2506 switch (endian) {
2507 case DEVICE_LITTLE_ENDIAN:
2508 val = lduw_le_p(ptr);
2509 break;
2510 case DEVICE_BIG_ENDIAN:
2511 val = lduw_be_p(ptr);
2512 break;
2513 default:
2514 val = lduw_p(ptr);
2515 break;
2516 }
2517 }
2518 return val;
2519 }
2520
2521 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
2522 {
2523 return lduw_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2524 }
2525
2526 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
2527 {
2528 return lduw_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2529 }
2530
2531 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
2532 {
2533 return lduw_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2534 }
2535
2536 /* warning: addr must be aligned. The ram page is not masked as dirty
2537 and the code inside is not invalidated. It is useful if the dirty
2538 bits are used to track modified PTEs */
2539 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
2540 {
2541 uint8_t *ptr;
2542 MemoryRegion *mr;
2543 hwaddr l = 4;
2544 hwaddr addr1;
2545
2546 mr = address_space_translate(as, addr, &addr1, &l,
2547 true);
2548 if (l < 4 || !memory_access_is_direct(mr, true)) {
2549 io_mem_write(mr, addr1, val, 4);
2550 } else {
2551 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2552 ptr = qemu_get_ram_ptr(addr1);
2553 stl_p(ptr, val);
2554
2555 if (unlikely(in_migration)) {
2556 if (cpu_physical_memory_is_clean(addr1)) {
2557 /* invalidate code */
2558 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2559 /* set dirty bit */
2560 cpu_physical_memory_set_dirty_flag(addr1,
2561 DIRTY_MEMORY_MIGRATION);
2562 cpu_physical_memory_set_dirty_flag(addr1, DIRTY_MEMORY_VGA);
2563 }
2564 }
2565 }
2566 }
2567
2568 /* warning: addr must be aligned */
2569 static inline void stl_phys_internal(AddressSpace *as,
2570 hwaddr addr, uint32_t val,
2571 enum device_endian endian)
2572 {
2573 uint8_t *ptr;
2574 MemoryRegion *mr;
2575 hwaddr l = 4;
2576 hwaddr addr1;
2577
2578 mr = address_space_translate(as, addr, &addr1, &l,
2579 true);
2580 if (l < 4 || !memory_access_is_direct(mr, true)) {
2581 #if defined(TARGET_WORDS_BIGENDIAN)
2582 if (endian == DEVICE_LITTLE_ENDIAN) {
2583 val = bswap32(val);
2584 }
2585 #else
2586 if (endian == DEVICE_BIG_ENDIAN) {
2587 val = bswap32(val);
2588 }
2589 #endif
2590 io_mem_write(mr, addr1, val, 4);
2591 } else {
2592 /* RAM case */
2593 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2594 ptr = qemu_get_ram_ptr(addr1);
2595 switch (endian) {
2596 case DEVICE_LITTLE_ENDIAN:
2597 stl_le_p(ptr, val);
2598 break;
2599 case DEVICE_BIG_ENDIAN:
2600 stl_be_p(ptr, val);
2601 break;
2602 default:
2603 stl_p(ptr, val);
2604 break;
2605 }
2606 invalidate_and_set_dirty(addr1, 4);
2607 }
2608 }
2609
2610 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2611 {
2612 stl_phys_internal(as, addr, val, DEVICE_NATIVE_ENDIAN);
2613 }
2614
2615 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2616 {
2617 stl_phys_internal(as, addr, val, DEVICE_LITTLE_ENDIAN);
2618 }
2619
2620 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2621 {
2622 stl_phys_internal(as, addr, val, DEVICE_BIG_ENDIAN);
2623 }
2624
2625 /* XXX: optimize */
2626 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2627 {
2628 uint8_t v = val;
2629 address_space_rw(as, addr, &v, 1, 1);
2630 }
2631
2632 /* warning: addr must be aligned */
2633 static inline void stw_phys_internal(AddressSpace *as,
2634 hwaddr addr, uint32_t val,
2635 enum device_endian endian)
2636 {
2637 uint8_t *ptr;
2638 MemoryRegion *mr;
2639 hwaddr l = 2;
2640 hwaddr addr1;
2641
2642 mr = address_space_translate(as, addr, &addr1, &l, true);
2643 if (l < 2 || !memory_access_is_direct(mr, true)) {
2644 #if defined(TARGET_WORDS_BIGENDIAN)
2645 if (endian == DEVICE_LITTLE_ENDIAN) {
2646 val = bswap16(val);
2647 }
2648 #else
2649 if (endian == DEVICE_BIG_ENDIAN) {
2650 val = bswap16(val);
2651 }
2652 #endif
2653 io_mem_write(mr, addr1, val, 2);
2654 } else {
2655 /* RAM case */
2656 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2657 ptr = qemu_get_ram_ptr(addr1);
2658 switch (endian) {
2659 case DEVICE_LITTLE_ENDIAN:
2660 stw_le_p(ptr, val);
2661 break;
2662 case DEVICE_BIG_ENDIAN:
2663 stw_be_p(ptr, val);
2664 break;
2665 default:
2666 stw_p(ptr, val);
2667 break;
2668 }
2669 invalidate_and_set_dirty(addr1, 2);
2670 }
2671 }
2672
2673 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2674 {
2675 stw_phys_internal(as, addr, val, DEVICE_NATIVE_ENDIAN);
2676 }
2677
2678 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2679 {
2680 stw_phys_internal(as, addr, val, DEVICE_LITTLE_ENDIAN);
2681 }
2682
2683 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2684 {
2685 stw_phys_internal(as, addr, val, DEVICE_BIG_ENDIAN);
2686 }
2687
2688 /* XXX: optimize */
2689 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
2690 {
2691 val = tswap64(val);
2692 address_space_rw(as, addr, (void *) &val, 8, 1);
2693 }
2694
2695 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
2696 {
2697 val = cpu_to_le64(val);
2698 address_space_rw(as, addr, (void *) &val, 8, 1);
2699 }
2700
2701 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
2702 {
2703 val = cpu_to_be64(val);
2704 address_space_rw(as, addr, (void *) &val, 8, 1);
2705 }
2706
2707 /* virtual memory access for debug (includes writing to ROM) */
2708 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2709 uint8_t *buf, int len, int is_write)
2710 {
2711 int l;
2712 hwaddr phys_addr;
2713 target_ulong page;
2714
2715 while (len > 0) {
2716 page = addr & TARGET_PAGE_MASK;
2717 phys_addr = cpu_get_phys_page_debug(cpu, page);
2718 /* if no physical page mapped, return an error */
2719 if (phys_addr == -1)
2720 return -1;
2721 l = (page + TARGET_PAGE_SIZE) - addr;
2722 if (l > len)
2723 l = len;
2724 phys_addr += (addr & ~TARGET_PAGE_MASK);
2725 if (is_write) {
2726 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
2727 } else {
2728 address_space_rw(cpu->as, phys_addr, buf, l, 0);
2729 }
2730 len -= l;
2731 buf += l;
2732 addr += l;
2733 }
2734 return 0;
2735 }
2736 #endif
2737
2738 #if !defined(CONFIG_USER_ONLY)
2739
2740 /*
2741 * A helper function for the _utterly broken_ virtio device model to find out if
2742 * it's running on a big endian machine. Don't do this at home kids!
2743 */
2744 bool virtio_is_big_endian(void);
2745 bool virtio_is_big_endian(void)
2746 {
2747 #if defined(TARGET_WORDS_BIGENDIAN)
2748 return true;
2749 #else
2750 return false;
2751 #endif
2752 }
2753
2754 #endif
2755
2756 #ifndef CONFIG_USER_ONLY
2757 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2758 {
2759 MemoryRegion*mr;
2760 hwaddr l = 1;
2761
2762 mr = address_space_translate(&address_space_memory,
2763 phys_addr, &phys_addr, &l, false);
2764
2765 return !(memory_region_is_ram(mr) ||
2766 memory_region_is_romd(mr));
2767 }
2768
2769 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2770 {
2771 RAMBlock *block;
2772
2773 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2774 func(block->host, block->offset, block->length, opaque);
2775 }
2776 }
2777 #endif
Ray Wang's QEMU Repository