]> git.proxmox.com Git - mirror_qemu.git/blame - accel/tcg/cputlb.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Do not include cpu.h if it's not really necessary
[mirror_qemu.git] / accel / tcg / cputlb.c
CommitLineData
0cac1b66
BS		 1/*
2 * Common CPU TLB handling
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
fb0343d5 9 * version 2.1 of the License, or (at your option) any later version.
0cac1b66
BS		 10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19
7b31bbc2 20#include "qemu/osdep.h"
8d04fb55 21#include "qemu/main-loop.h"
78271684 22#include "hw/core/tcg-cpu-ops.h"
022c62cb
PB		 23#include "exec/exec-all.h"
24#include "exec/memory.h"
25#include "exec/address-spaces.h"
f08b6170 26#include "exec/cpu_ldst.h"
022c62cb 27#include "exec/cputlb.h"
0f4abea8 28#include "exec/tb-hash.h"
022c62cb 29#include "exec/memory-internal.h"
220c3ebd 30#include "exec/ram_addr.h"
0f590e74 31#include "tcg/tcg.h"
d7f30403
PM		 32#include "qemu/error-report.h"
33#include "exec/log.h"
c482cb11
RH		 34#include "exec/helper-proto.h"
35#include "qemu/atomic.h"
e6cd4bb5 36#include "qemu/atomic128.h"
3b9bd3f4 37#include "exec/translate-all.h"
243af022 38#include "trace/trace-root.h"
d03f1408 39#include "trace/mem.h"
65269192 40#include "internal.h"
235537fa
AB		 41#ifdef CONFIG_PLUGIN
42#include "qemu/plugin-memory.h"
43#endif
0cac1b66 44
8526e1f4
AB		 45/* DEBUG defines, enable DEBUG_TLB_LOG to log to the CPU_LOG_MMU target */
46/* #define DEBUG_TLB */
47/* #define DEBUG_TLB_LOG */
48
49#ifdef DEBUG_TLB
50# define DEBUG_TLB_GATE 1
51# ifdef DEBUG_TLB_LOG
52# define DEBUG_TLB_LOG_GATE 1
53# else
54# define DEBUG_TLB_LOG_GATE 0
55# endif
56#else
57# define DEBUG_TLB_GATE 0
58# define DEBUG_TLB_LOG_GATE 0
59#endif
60
61#define tlb_debug(fmt, ...) do { \
62 if (DEBUG_TLB_LOG_GATE) { \
63 qemu_log_mask(CPU_LOG_MMU, "%s: " fmt, __func__, \
64 ## __VA_ARGS__); \
65 } else if (DEBUG_TLB_GATE) { \
66 fprintf(stderr, "%s: " fmt, __func__, ## __VA_ARGS__); \
67 } \
68} while (0)
0cac1b66 69
ea9025cb 70#define assert_cpu_is_self(cpu) do { \
f0aff0f1 71 if (DEBUG_TLB_GATE) { \
ea9025cb 72 g_assert(!(cpu)->created || qemu_cpu_is_self(cpu)); \
f0aff0f1
AB		 73 } \
74 } while (0)
75
e3b9ca81
FK		 76/* run_on_cpu_data.target_ptr should always be big enough for a
77 * target_ulong even on 32 bit builds */
78QEMU_BUILD_BUG_ON(sizeof(target_ulong) > sizeof(run_on_cpu_data));
79
e7218445
AB		 80/* We currently can't handle more than 16 bits in the MMUIDX bitmask.
81 */
82QEMU_BUILD_BUG_ON(NB_MMU_MODES > 16);
83#define ALL_MMUIDX_BITS ((1 << NB_MMU_MODES) - 1)
84
722a1c1e 85static inline size_t tlb_n_entries(CPUTLBDescFast *fast)
7a1efe1b 86{
722a1c1e 87 return (fast->mask >> CPU_TLB_ENTRY_BITS) + 1;
7a1efe1b
RH		 88}
89
722a1c1e 90static inline size_t sizeof_tlb(CPUTLBDescFast *fast)
86e1eff8 91{
722a1c1e 92 return fast->mask + (1 << CPU_TLB_ENTRY_BITS);
86e1eff8
EC		 93}
94
79e42085 95static void tlb_window_reset(CPUTLBDesc *desc, int64_t ns,
86e1eff8
EC		 96 size_t max_entries)
97{
79e42085
RH		 98 desc->window_begin_ns = ns;
99 desc->window_max_entries = max_entries;
86e1eff8
EC		 100}
101
0f4abea8
RH		 102static void tb_jmp_cache_clear_page(CPUState *cpu, target_ulong page_addr)
103{
104 unsigned int i, i0 = tb_jmp_cache_hash_page(page_addr);
105
106 for (i = 0; i < TB_JMP_PAGE_SIZE; i++) {
107 qatomic_set(&cpu->tb_jmp_cache[i0 + i], NULL);
108 }
109}
110
111static void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr)
112{
113 /* Discard jump cache entries for any tb which might potentially
114 overlap the flushed page. */
115 tb_jmp_cache_clear_page(cpu, addr - TARGET_PAGE_SIZE);
116 tb_jmp_cache_clear_page(cpu, addr);
117}
118
86e1eff8
EC		 119/**
120 * tlb_mmu_resize_locked() - perform TLB resize bookkeeping; resize if necessary
71ccd47b
RH		 121 * @desc: The CPUTLBDesc portion of the TLB
122 * @fast: The CPUTLBDescFast portion of the same TLB
86e1eff8
EC		 123 *
124 * Called with tlb_lock_held.
125 *
126 * We have two main constraints when resizing a TLB: (1) we only resize it
127 * on a TLB flush (otherwise we'd have to take a perf hit by either rehashing
128 * the array or unnecessarily flushing it), which means we do not control how
129 * frequently the resizing can occur; (2) we don't have access to the guest's
130 * future scheduling decisions, and therefore have to decide the magnitude of
131 * the resize based on past observations.
132 *
133 * In general, a memory-hungry process can benefit greatly from an appropriately
134 * sized TLB, since a guest TLB miss is very expensive. This doesn't mean that
135 * we just have to make the TLB as large as possible; while an oversized TLB
136 * results in minimal TLB miss rates, it also takes longer to be flushed
137 * (flushes can be _very_ frequent), and the reduced locality can also hurt
138 * performance.
139 *
140 * To achieve near-optimal performance for all kinds of workloads, we:
141 *
142 * 1. Aggressively increase the size of the TLB when the use rate of the
143 * TLB being flushed is high, since it is likely that in the near future this
144 * memory-hungry process will execute again, and its memory hungriness will
145 * probably be similar.
146 *
147 * 2. Slowly reduce the size of the TLB as the use rate declines over a
148 * reasonably large time window. The rationale is that if in such a time window
149 * we have not observed a high TLB use rate, it is likely that we won't observe
150 * it in the near future. In that case, once a time window expires we downsize
151 * the TLB to match the maximum use rate observed in the window.
152 *
153 * 3. Try to keep the maximum use rate in a time window in the 30-70% range,
154 * since in that range performance is likely near-optimal. Recall that the TLB
155 * is direct mapped, so we want the use rate to be low (or at least not too
156 * high), since otherwise we are likely to have a significant amount of
157 * conflict misses.
158 */
3c3959f2
RH		 159static void tlb_mmu_resize_locked(CPUTLBDesc *desc, CPUTLBDescFast *fast,
160 int64_t now)
86e1eff8 161{
71ccd47b 162 size_t old_size = tlb_n_entries(fast);
86e1eff8
EC		 163 size_t rate;
164 size_t new_size = old_size;
86e1eff8
EC		 165 int64_t window_len_ms = 100;
166 int64_t window_len_ns = window_len_ms * 1000 * 1000;
79e42085 167 bool window_expired = now > desc->window_begin_ns + window_len_ns;
86e1eff8 168
79e42085
RH		 169 if (desc->n_used_entries > desc->window_max_entries) {
170 desc->window_max_entries = desc->n_used_entries;
86e1eff8 171 }
79e42085 172 rate = desc->window_max_entries * 100 / old_size;
86e1eff8
EC		 173
174 if (rate > 70) {
175 new_size = MIN(old_size << 1, 1 << CPU_TLB_DYN_MAX_BITS);
176 } else if (rate < 30 && window_expired) {
79e42085
RH		 177 size_t ceil = pow2ceil(desc->window_max_entries);
178 size_t expected_rate = desc->window_max_entries * 100 / ceil;
86e1eff8
EC		 179
180 /*
181 * Avoid undersizing when the max number of entries seen is just below
182 * a pow2. For instance, if max_entries == 1025, the expected use rate
183 * would be 1025/2048==50%. However, if max_entries == 1023, we'd get
184 * 1023/1024==99.9% use rate, so we'd likely end up doubling the size
185 * later. Thus, make sure that the expected use rate remains below 70%.
186 * (and since we double the size, that means the lowest rate we'd
187 * expect to get is 35%, which is still in the 30-70% range where
188 * we consider that the size is appropriate.)
189 */
190 if (expected_rate > 70) {
191 ceil *= 2;
192 }
193 new_size = MAX(ceil, 1 << CPU_TLB_DYN_MIN_BITS);
194 }
195
196 if (new_size == old_size) {
197 if (window_expired) {
79e42085 198 tlb_window_reset(desc, now, desc->n_used_entries);
86e1eff8
EC		 199 }
200 return;
201 }
202
71ccd47b
RH		 203 g_free(fast->table);
204 g_free(desc->iotlb);
86e1eff8 205
79e42085 206 tlb_window_reset(desc, now, 0);
86e1eff8 207 /* desc->n_used_entries is cleared by the caller */
71ccd47b
RH		 208 fast->mask = (new_size - 1) << CPU_TLB_ENTRY_BITS;
209 fast->table = g_try_new(CPUTLBEntry, new_size);
210 desc->iotlb = g_try_new(CPUIOTLBEntry, new_size);
211
86e1eff8
EC		 212 /*
213 * If the allocations fail, try smaller sizes. We just freed some
214 * memory, so going back to half of new_size has a good chance of working.
215 * Increased memory pressure elsewhere in the system might cause the
216 * allocations to fail though, so we progressively reduce the allocation
217 * size, aborting if we cannot even allocate the smallest TLB we support.
218 */
71ccd47b 219 while (fast->table == NULL || desc->iotlb == NULL) {
86e1eff8
EC		 220 if (new_size == (1 << CPU_TLB_DYN_MIN_BITS)) {
221 error_report("%s: %s", __func__, strerror(errno));
222 abort();
223 }
224 new_size = MAX(new_size >> 1, 1 << CPU_TLB_DYN_MIN_BITS);
71ccd47b 225 fast->mask = (new_size - 1) << CPU_TLB_ENTRY_BITS;
86e1eff8 226
71ccd47b
RH		 227 g_free(fast->table);
228 g_free(desc->iotlb);
229 fast->table = g_try_new(CPUTLBEntry, new_size);
230 desc->iotlb = g_try_new(CPUIOTLBEntry, new_size);
86e1eff8
EC		 231 }
232}
233
bbf021b0 234static void tlb_mmu_flush_locked(CPUTLBDesc *desc, CPUTLBDescFast *fast)
86e1eff8 235{
5c948e31
RH		 236 desc->n_used_entries = 0;
237 desc->large_page_addr = -1;
238 desc->large_page_mask = -1;
239 desc->vindex = 0;
240 memset(fast->table, -1, sizeof_tlb(fast));
241 memset(desc->vtable, -1, sizeof(desc->vtable));
86e1eff8
EC		 242}
243
3c3959f2
RH		 244static void tlb_flush_one_mmuidx_locked(CPUArchState *env, int mmu_idx,
245 int64_t now)
bbf021b0
RH		 246{
247 CPUTLBDesc *desc = &env_tlb(env)->d[mmu_idx];
248 CPUTLBDescFast *fast = &env_tlb(env)->f[mmu_idx];
249
3c3959f2 250 tlb_mmu_resize_locked(desc, fast, now);
bbf021b0
RH		 251 tlb_mmu_flush_locked(desc, fast);
252}
253
56e89f76
RH		 254static void tlb_mmu_init(CPUTLBDesc *desc, CPUTLBDescFast *fast, int64_t now)
255{
256 size_t n_entries = 1 << CPU_TLB_DYN_DEFAULT_BITS;
257
258 tlb_window_reset(desc, now, 0);
259 desc->n_used_entries = 0;
260 fast->mask = (n_entries - 1) << CPU_TLB_ENTRY_BITS;
261 fast->table = g_new(CPUTLBEntry, n_entries);
262 desc->iotlb = g_new(CPUIOTLBEntry, n_entries);
3c16304a 263 tlb_mmu_flush_locked(desc, fast);
56e89f76
RH		 264}
265
86e1eff8
EC		 266static inline void tlb_n_used_entries_inc(CPUArchState *env, uintptr_t mmu_idx)
267{
a40ec84e 268 env_tlb(env)->d[mmu_idx].n_used_entries++;
86e1eff8
EC		 269}
270
271static inline void tlb_n_used_entries_dec(CPUArchState *env, uintptr_t mmu_idx)
272{
a40ec84e 273 env_tlb(env)->d[mmu_idx].n_used_entries--;
86e1eff8
EC		 274}
275
5005e253
EC		 276void tlb_init(CPUState *cpu)
277{
71aec354 278 CPUArchState *env = cpu->env_ptr;
56e89f76
RH		 279 int64_t now = get_clock_realtime();
280 int i;
71aec354 281
a40ec84e 282 qemu_spin_init(&env_tlb(env)->c.lock);
3d1523ce 283
3c16304a
RH		 284 /* All tlbs are initialized flushed. */
285 env_tlb(env)->c.dirty = 0;
86e1eff8 286
56e89f76
RH		 287 for (i = 0; i < NB_MMU_MODES; i++) {
288 tlb_mmu_init(&env_tlb(env)->d[i], &env_tlb(env)->f[i], now);
289 }
5005e253
EC		 290}
291
816d9be5
EC		 292void tlb_destroy(CPUState *cpu)
293{
294 CPUArchState *env = cpu->env_ptr;
295 int i;
296
297 qemu_spin_destroy(&env_tlb(env)->c.lock);
298 for (i = 0; i < NB_MMU_MODES; i++) {
299 CPUTLBDesc *desc = &env_tlb(env)->d[i];
300 CPUTLBDescFast *fast = &env_tlb(env)->f[i];
301
302 g_free(fast->table);
303 g_free(desc->iotlb);
304 }
305}
306
c3b9a07a
AB		 307/* flush_all_helper: run fn across all cpus
308 *
309 * If the wait flag is set then the src cpu's helper will be queued as
310 * "safe" work and the loop exited creating a synchronisation point
311 * where all queued work will be finished before execution starts
312 * again.
313 */
314static void flush_all_helper(CPUState *src, run_on_cpu_func fn,
315 run_on_cpu_data d)
316{
317 CPUState *cpu;
318
319 CPU_FOREACH(cpu) {
320 if (cpu != src) {
321 async_run_on_cpu(cpu, fn, d);
322 }
323 }
324}
325
e09de0a2 326void tlb_flush_counts(size_t *pfull, size_t *ppart, size_t *pelide)
83974cf4
EC		 327{
328 CPUState *cpu;
e09de0a2 329 size_t full = 0, part = 0, elide = 0;
83974cf4
EC		 330
331 CPU_FOREACH(cpu) {
332 CPUArchState *env = cpu->env_ptr;
333
d73415a3
SH		 334 full += qatomic_read(&env_tlb(env)->c.full_flush_count);
335 part += qatomic_read(&env_tlb(env)->c.part_flush_count);
336 elide += qatomic_read(&env_tlb(env)->c.elide_flush_count);
83974cf4 337 }
e09de0a2
RH		 338 *pfull = full;
339 *ppart = part;
340 *pelide = elide;
83974cf4 341}
0cac1b66 342
e7218445 343static void tlb_flush_by_mmuidx_async_work(CPUState *cpu, run_on_cpu_data data)
d7a74a9d
PM		 344{
345 CPUArchState *env = cpu->env_ptr;
3d1523ce
RH		 346 uint16_t asked = data.host_int;
347 uint16_t all_dirty, work, to_clean;
3c3959f2 348 int64_t now = get_clock_realtime();
d7a74a9d 349
f0aff0f1 350 assert_cpu_is_self(cpu);
d7a74a9d 351
3d1523ce 352 tlb_debug("mmu_idx:0x%04" PRIx16 "\n", asked);
e7218445 353
a40ec84e 354 qemu_spin_lock(&env_tlb(env)->c.lock);
60a2ad7d 355
a40ec84e 356 all_dirty = env_tlb(env)->c.dirty;
3d1523ce
RH		 357 to_clean = asked & all_dirty;
358 all_dirty &= ~to_clean;
a40ec84e 359 env_tlb(env)->c.dirty = all_dirty;
3d1523ce
RH		 360
361 for (work = to_clean; work != 0; work &= work - 1) {
362 int mmu_idx = ctz32(work);
3c3959f2 363 tlb_flush_one_mmuidx_locked(env, mmu_idx, now);
d7a74a9d 364 }
3d1523ce 365
a40ec84e 366 qemu_spin_unlock(&env_tlb(env)->c.lock);
d7a74a9d 367
f3ced3c5 368 cpu_tb_jmp_cache_clear(cpu);
64f2674b 369
3d1523ce 370 if (to_clean == ALL_MMUIDX_BITS) {
d73415a3 371 qatomic_set(&env_tlb(env)->c.full_flush_count,
a40ec84e 372 env_tlb(env)->c.full_flush_count + 1);
e09de0a2 373 } else {
d73415a3 374 qatomic_set(&env_tlb(env)->c.part_flush_count,
a40ec84e 375 env_tlb(env)->c.part_flush_count + ctpop16(to_clean));
3d1523ce 376 if (to_clean != asked) {
d73415a3 377 qatomic_set(&env_tlb(env)->c.elide_flush_count,
a40ec84e 378 env_tlb(env)->c.elide_flush_count +
3d1523ce
RH		 379 ctpop16(asked & ~to_clean));
380 }
64f2674b 381 }
d7a74a9d
PM		 382}
383
0336cbf8 384void tlb_flush_by_mmuidx(CPUState *cpu, uint16_t idxmap)
d7a74a9d 385{
e7218445
AB		 386 tlb_debug("mmu_idx: 0x%" PRIx16 "\n", idxmap);
387
64f2674b 388 if (cpu->created && !qemu_cpu_is_self(cpu)) {
ab651105
RH		 389 async_run_on_cpu(cpu, tlb_flush_by_mmuidx_async_work,
390 RUN_ON_CPU_HOST_INT(idxmap));
e7218445 391 } else {
60a2ad7d 392 tlb_flush_by_mmuidx_async_work(cpu, RUN_ON_CPU_HOST_INT(idxmap));
e7218445 393 }
d7a74a9d
PM		 394}
395
64f2674b
RH		 396void tlb_flush(CPUState *cpu)
397{
398 tlb_flush_by_mmuidx(cpu, ALL_MMUIDX_BITS);
399}
400
c3b9a07a
AB		 401void tlb_flush_by_mmuidx_all_cpus(CPUState *src_cpu, uint16_t idxmap)
402{
403 const run_on_cpu_func fn = tlb_flush_by_mmuidx_async_work;
404
405 tlb_debug("mmu_idx: 0x%"PRIx16"\n", idxmap);
406
407 flush_all_helper(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap));
408 fn(src_cpu, RUN_ON_CPU_HOST_INT(idxmap));
409}
410
64f2674b
RH		 411void tlb_flush_all_cpus(CPUState *src_cpu)
412{
413 tlb_flush_by_mmuidx_all_cpus(src_cpu, ALL_MMUIDX_BITS);
414}
415
416void tlb_flush_by_mmuidx_all_cpus_synced(CPUState *src_cpu, uint16_t idxmap)
c3b9a07a
AB		 417{
418 const run_on_cpu_func fn = tlb_flush_by_mmuidx_async_work;
419
420 tlb_debug("mmu_idx: 0x%"PRIx16"\n", idxmap);
421
422 flush_all_helper(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap));
423 async_safe_run_on_cpu(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap));
424}
425
64f2674b
RH		 426void tlb_flush_all_cpus_synced(CPUState *src_cpu)
427{
428 tlb_flush_by_mmuidx_all_cpus_synced(src_cpu, ALL_MMUIDX_BITS);
429}
430
3ab6e68c
RH		 431static bool tlb_hit_page_mask_anyprot(CPUTLBEntry *tlb_entry,
432 target_ulong page, target_ulong mask)
433{
434 page &= mask;
435 mask &= TARGET_PAGE_MASK | TLB_INVALID_MASK;
436
437 return (page == (tlb_entry->addr_read & mask) ||
438 page == (tlb_addr_write(tlb_entry) & mask) ||
439 page == (tlb_entry->addr_code & mask));
440}
441
68fea038
RH		 442static inline bool tlb_hit_page_anyprot(CPUTLBEntry *tlb_entry,
443 target_ulong page)
444{
3ab6e68c 445 return tlb_hit_page_mask_anyprot(tlb_entry, page, -1);
68fea038 446}
c3b9a07a 447
3cea94bb
EC		 448/**
449 * tlb_entry_is_empty - return true if the entry is not in use
450 * @te: pointer to CPUTLBEntry
451 */
452static inline bool tlb_entry_is_empty(const CPUTLBEntry *te)
453{
454 return te->addr_read == -1 && te->addr_write == -1 && te->addr_code == -1;
455}
456
53d28455 457/* Called with tlb_c.lock held */
3ab6e68c
RH		 458static bool tlb_flush_entry_mask_locked(CPUTLBEntry *tlb_entry,
459 target_ulong page,
460 target_ulong mask)
0cac1b66 461{
3ab6e68c 462 if (tlb_hit_page_mask_anyprot(tlb_entry, page, mask)) {
4fadb3bb 463 memset(tlb_entry, -1, sizeof(*tlb_entry));
86e1eff8 464 return true;
0cac1b66 465 }
86e1eff8 466 return false;
0cac1b66
BS		 467}
468
3ab6e68c
RH		 469static inline bool tlb_flush_entry_locked(CPUTLBEntry *tlb_entry,
470 target_ulong page)
471{
472 return tlb_flush_entry_mask_locked(tlb_entry, page, -1);
473}
474
53d28455 475/* Called with tlb_c.lock held */
3ab6e68c
RH		 476static void tlb_flush_vtlb_page_mask_locked(CPUArchState *env, int mmu_idx,
477 target_ulong page,
478 target_ulong mask)
68fea038 479{
a40ec84e 480 CPUTLBDesc *d = &env_tlb(env)->d[mmu_idx];
68fea038 481 int k;
71aec354 482
29a0af61 483 assert_cpu_is_self(env_cpu(env));
68fea038 484 for (k = 0; k < CPU_VTLB_SIZE; k++) {
3ab6e68c 485 if (tlb_flush_entry_mask_locked(&d->vtable[k], page, mask)) {
86e1eff8
EC		 486 tlb_n_used_entries_dec(env, mmu_idx);
487 }
68fea038
RH		 488 }
489}
490
3ab6e68c
RH		 491static inline void tlb_flush_vtlb_page_locked(CPUArchState *env, int mmu_idx,
492 target_ulong page)
493{
494 tlb_flush_vtlb_page_mask_locked(env, mmu_idx, page, -1);
495}
496
1308e026
RH		 497static void tlb_flush_page_locked(CPUArchState *env, int midx,
498 target_ulong page)
499{
a40ec84e
RH		 500 target_ulong lp_addr = env_tlb(env)->d[midx].large_page_addr;
501 target_ulong lp_mask = env_tlb(env)->d[midx].large_page_mask;
1308e026
RH		 502
503 /* Check if we need to flush due to large pages. */
504 if ((page & lp_mask) == lp_addr) {
505 tlb_debug("forcing full flush midx %d ("
506 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
507 midx, lp_addr, lp_mask);
3c3959f2 508 tlb_flush_one_mmuidx_locked(env, midx, get_clock_realtime());
1308e026 509 } else {
86e1eff8
EC		 510 if (tlb_flush_entry_locked(tlb_entry(env, midx, page), page)) {
511 tlb_n_used_entries_dec(env, midx);
512 }
1308e026
RH		 513 tlb_flush_vtlb_page_locked(env, midx, page);
514 }
515}
516
7b7d00e0
RH		 517/**
518 * tlb_flush_page_by_mmuidx_async_0:
519 * @cpu: cpu on which to flush
520 * @addr: page of virtual address to flush
521 * @idxmap: set of mmu_idx to flush
522 *
523 * Helper for tlb_flush_page_by_mmuidx and friends, flush one page
524 * at @addr from the tlbs indicated by @idxmap from @cpu.
e7218445 525 */
7b7d00e0
RH		 526static void tlb_flush_page_by_mmuidx_async_0(CPUState *cpu,
527 target_ulong addr,
528 uint16_t idxmap)
d7a74a9d
PM		 529{
530 CPUArchState *env = cpu->env_ptr;
e7218445 531 int mmu_idx;
d7a74a9d 532
f0aff0f1 533 assert_cpu_is_self(cpu);
d7a74a9d 534
7b7d00e0 535 tlb_debug("page addr:" TARGET_FMT_lx " mmu_map:0x%x\n", addr, idxmap);
d7a74a9d 536
a40ec84e 537 qemu_spin_lock(&env_tlb(env)->c.lock);
0336cbf8 538 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
7b7d00e0 539 if ((idxmap >> mmu_idx) & 1) {
1308e026 540 tlb_flush_page_locked(env, mmu_idx, addr);
d7a74a9d
PM		 541 }
542 }
a40ec84e 543 qemu_spin_unlock(&env_tlb(env)->c.lock);
d7a74a9d 544
d7a74a9d
PM		 545 tb_flush_jmp_cache(cpu, addr);
546}
547
7b7d00e0
RH		 548/**
549 * tlb_flush_page_by_mmuidx_async_1:
550 * @cpu: cpu on which to flush
551 * @data: encoded addr + idxmap
552 *
553 * Helper for tlb_flush_page_by_mmuidx and friends, called through
554 * async_run_on_cpu. The idxmap parameter is encoded in the page
555 * offset of the target_ptr field. This limits the set of mmu_idx
556 * that can be passed via this method.
557 */
558static void tlb_flush_page_by_mmuidx_async_1(CPUState *cpu,
559 run_on_cpu_data data)
560{
561 target_ulong addr_and_idxmap = (target_ulong) data.target_ptr;
562 target_ulong addr = addr_and_idxmap & TARGET_PAGE_MASK;
563 uint16_t idxmap = addr_and_idxmap & ~TARGET_PAGE_MASK;
564
565 tlb_flush_page_by_mmuidx_async_0(cpu, addr, idxmap);
566}
567
568typedef struct {
569 target_ulong addr;
570 uint16_t idxmap;
571} TLBFlushPageByMMUIdxData;
572
573/**
574 * tlb_flush_page_by_mmuidx_async_2:
575 * @cpu: cpu on which to flush
576 * @data: allocated addr + idxmap
577 *
578 * Helper for tlb_flush_page_by_mmuidx and friends, called through
579 * async_run_on_cpu. The addr+idxmap parameters are stored in a
580 * TLBFlushPageByMMUIdxData structure that has been allocated
581 * specifically for this helper. Free the structure when done.
582 */
583static void tlb_flush_page_by_mmuidx_async_2(CPUState *cpu,
584 run_on_cpu_data data)
e7218445 585{
7b7d00e0
RH		 586 TLBFlushPageByMMUIdxData *d = data.host_ptr;
587
588 tlb_flush_page_by_mmuidx_async_0(cpu, d->addr, d->idxmap);
589 g_free(d);
590}
e7218445 591
7b7d00e0
RH		 592void tlb_flush_page_by_mmuidx(CPUState *cpu, target_ulong addr, uint16_t idxmap)
593{
e7218445
AB		 594 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%" PRIx16 "\n", addr, idxmap);
595
596 /* This should already be page aligned */
7b7d00e0 597 addr &= TARGET_PAGE_MASK;
e7218445 598
7b7d00e0
RH		 599 if (qemu_cpu_is_self(cpu)) {
600 tlb_flush_page_by_mmuidx_async_0(cpu, addr, idxmap);
601 } else if (idxmap < TARGET_PAGE_SIZE) {
602 /*
603 * Most targets have only a few mmu_idx. In the case where
604 * we can stuff idxmap into the low TARGET_PAGE_BITS, avoid
605 * allocating memory for this operation.
606 */
607 async_run_on_cpu(cpu, tlb_flush_page_by_mmuidx_async_1,
608 RUN_ON_CPU_TARGET_PTR(addr | idxmap));
e7218445 609 } else {
7b7d00e0
RH		 610 TLBFlushPageByMMUIdxData *d = g_new(TLBFlushPageByMMUIdxData, 1);
611
612 /* Otherwise allocate a structure, freed by the worker. */
613 d->addr = addr;
614 d->idxmap = idxmap;
615 async_run_on_cpu(cpu, tlb_flush_page_by_mmuidx_async_2,
616 RUN_ON_CPU_HOST_PTR(d));
e7218445
AB		 617 }
618}
619
f8144c6c
RH		 620void tlb_flush_page(CPUState *cpu, target_ulong addr)
621{
622 tlb_flush_page_by_mmuidx(cpu, addr, ALL_MMUIDX_BITS);
623}
624
c3b9a07a
AB		 625void tlb_flush_page_by_mmuidx_all_cpus(CPUState *src_cpu, target_ulong addr,
626 uint16_t idxmap)
e3b9ca81 627{
c3b9a07a
AB		 628 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%"PRIx16"\n", addr, idxmap);
629
630 /* This should already be page aligned */
7b7d00e0
RH		 631 addr &= TARGET_PAGE_MASK;
632
633 /*
634 * Allocate memory to hold addr+idxmap only when needed.
635 * See tlb_flush_page_by_mmuidx for details.
636 */
637 if (idxmap < TARGET_PAGE_SIZE) {
638 flush_all_helper(src_cpu, tlb_flush_page_by_mmuidx_async_1,
639 RUN_ON_CPU_TARGET_PTR(addr | idxmap));
640 } else {
641 CPUState *dst_cpu;
642
643 /* Allocate a separate data block for each destination cpu. */
644 CPU_FOREACH(dst_cpu) {
645 if (dst_cpu != src_cpu) {
646 TLBFlushPageByMMUIdxData *d
647 = g_new(TLBFlushPageByMMUIdxData, 1);
648
649 d->addr = addr;
650 d->idxmap = idxmap;
651 async_run_on_cpu(dst_cpu, tlb_flush_page_by_mmuidx_async_2,
652 RUN_ON_CPU_HOST_PTR(d));
653 }
654 }
655 }
c3b9a07a 656
7b7d00e0 657 tlb_flush_page_by_mmuidx_async_0(src_cpu, addr, idxmap);
c3b9a07a
AB		 658}
659
f8144c6c
RH		 660void tlb_flush_page_all_cpus(CPUState *src, target_ulong addr)
661{
662 tlb_flush_page_by_mmuidx_all_cpus(src, addr, ALL_MMUIDX_BITS);
663}
664
c3b9a07a 665void tlb_flush_page_by_mmuidx_all_cpus_synced(CPUState *src_cpu,
1308e026
RH		 666 target_ulong addr,
667 uint16_t idxmap)
c3b9a07a 668{
c3b9a07a
AB		 669 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%"PRIx16"\n", addr, idxmap);
670
671 /* This should already be page aligned */
7b7d00e0 672 addr &= TARGET_PAGE_MASK;
c3b9a07a 673
7b7d00e0
RH		 674 /*
675 * Allocate memory to hold addr+idxmap only when needed.
676 * See tlb_flush_page_by_mmuidx for details.
677 */
678 if (idxmap < TARGET_PAGE_SIZE) {
679 flush_all_helper(src_cpu, tlb_flush_page_by_mmuidx_async_1,
680 RUN_ON_CPU_TARGET_PTR(addr | idxmap));
681 async_safe_run_on_cpu(src_cpu, tlb_flush_page_by_mmuidx_async_1,
682 RUN_ON_CPU_TARGET_PTR(addr | idxmap));
683 } else {
684 CPUState *dst_cpu;
685 TLBFlushPageByMMUIdxData *d;
686
687 /* Allocate a separate data block for each destination cpu. */
688 CPU_FOREACH(dst_cpu) {
689 if (dst_cpu != src_cpu) {
690 d = g_new(TLBFlushPageByMMUIdxData, 1);
691 d->addr = addr;
692 d->idxmap = idxmap;
693 async_run_on_cpu(dst_cpu, tlb_flush_page_by_mmuidx_async_2,
694 RUN_ON_CPU_HOST_PTR(d));
695 }
696 }
697
698 d = g_new(TLBFlushPageByMMUIdxData, 1);
699 d->addr = addr;
700 d->idxmap = idxmap;
701 async_safe_run_on_cpu(src_cpu, tlb_flush_page_by_mmuidx_async_2,
702 RUN_ON_CPU_HOST_PTR(d));
703 }
c3b9a07a
AB		 704}
705
f8144c6c 706void tlb_flush_page_all_cpus_synced(CPUState *src, target_ulong addr)
c3b9a07a 707{
f8144c6c 708 tlb_flush_page_by_mmuidx_all_cpus_synced(src, addr, ALL_MMUIDX_BITS);
e3b9ca81
FK		 709}
710
3ab6e68c
RH		 711static void tlb_flush_page_bits_locked(CPUArchState *env, int midx,
712 target_ulong page, unsigned bits)
713{
714 CPUTLBDesc *d = &env_tlb(env)->d[midx];
715 CPUTLBDescFast *f = &env_tlb(env)->f[midx];
716 target_ulong mask = MAKE_64BIT_MASK(0, bits);
717
718 /*
719 * If @bits is smaller than the tlb size, there may be multiple entries
720 * within the TLB; otherwise all addresses that match under @mask hit
721 * the same TLB entry.
722 *
723 * TODO: Perhaps allow bits to be a few bits less than the size.
724 * For now, just flush the entire TLB.
725 */
726 if (mask < f->mask) {
727 tlb_debug("forcing full flush midx %d ("
728 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
729 midx, page, mask);
730 tlb_flush_one_mmuidx_locked(env, midx, get_clock_realtime());
731 return;
732 }
733
734 /* Check if we need to flush due to large pages. */
735 if ((page & d->large_page_mask) == d->large_page_addr) {
736 tlb_debug("forcing full flush midx %d ("
737 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
738 midx, d->large_page_addr, d->large_page_mask);
739 tlb_flush_one_mmuidx_locked(env, midx, get_clock_realtime());
740 return;
741 }
742
743 if (tlb_flush_entry_mask_locked(tlb_entry(env, midx, page), page, mask)) {
744 tlb_n_used_entries_dec(env, midx);
745 }
746 tlb_flush_vtlb_page_mask_locked(env, midx, page, mask);
747}
748
749typedef struct {
750 target_ulong addr;
751 uint16_t idxmap;
752 uint16_t bits;
753} TLBFlushPageBitsByMMUIdxData;
754
755static void
756tlb_flush_page_bits_by_mmuidx_async_0(CPUState *cpu,
757 TLBFlushPageBitsByMMUIdxData d)
758{
759 CPUArchState *env = cpu->env_ptr;
760 int mmu_idx;
761
762 assert_cpu_is_self(cpu);
763
764 tlb_debug("page addr:" TARGET_FMT_lx "/%u mmu_map:0x%x\n",
765 d.addr, d.bits, d.idxmap);
766
767 qemu_spin_lock(&env_tlb(env)->c.lock);
768 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
769 if ((d.idxmap >> mmu_idx) & 1) {
770 tlb_flush_page_bits_locked(env, mmu_idx, d.addr, d.bits);
771 }
772 }
773 qemu_spin_unlock(&env_tlb(env)->c.lock);
774
775 tb_flush_jmp_cache(cpu, d.addr);
776}
777
778static bool encode_pbm_to_runon(run_on_cpu_data *out,
779 TLBFlushPageBitsByMMUIdxData d)
780{
781 /* We need 6 bits to hold to hold @bits up to 63. */
782 if (d.idxmap <= MAKE_64BIT_MASK(0, TARGET_PAGE_BITS - 6)) {
783 *out = RUN_ON_CPU_TARGET_PTR(d.addr | (d.idxmap << 6) | d.bits);
784 return true;
785 }
786 return false;
787}
788
789static TLBFlushPageBitsByMMUIdxData
790decode_runon_to_pbm(run_on_cpu_data data)
791{
792 target_ulong addr_map_bits = (target_ulong) data.target_ptr;
793 return (TLBFlushPageBitsByMMUIdxData){
794 .addr = addr_map_bits & TARGET_PAGE_MASK,
795 .idxmap = (addr_map_bits & ~TARGET_PAGE_MASK) >> 6,
796 .bits = addr_map_bits & 0x3f
797 };
798}
799
800static void tlb_flush_page_bits_by_mmuidx_async_1(CPUState *cpu,
801 run_on_cpu_data runon)
802{
803 tlb_flush_page_bits_by_mmuidx_async_0(cpu, decode_runon_to_pbm(runon));
804}
805
806static void tlb_flush_page_bits_by_mmuidx_async_2(CPUState *cpu,
807 run_on_cpu_data data)
808{
809 TLBFlushPageBitsByMMUIdxData *d = data.host_ptr;
810 tlb_flush_page_bits_by_mmuidx_async_0(cpu, *d);
811 g_free(d);
812}
813
814void tlb_flush_page_bits_by_mmuidx(CPUState *cpu, target_ulong addr,
815 uint16_t idxmap, unsigned bits)
816{
817 TLBFlushPageBitsByMMUIdxData d;
818 run_on_cpu_data runon;
819
820 /* If all bits are significant, this devolves to tlb_flush_page. */
821 if (bits >= TARGET_LONG_BITS) {
822 tlb_flush_page_by_mmuidx(cpu, addr, idxmap);
823 return;
824 }
825 /* If no page bits are significant, this devolves to tlb_flush. */
826 if (bits < TARGET_PAGE_BITS) {
827 tlb_flush_by_mmuidx(cpu, idxmap);
828 return;
829 }
830
831 /* This should already be page aligned */
832 d.addr = addr & TARGET_PAGE_MASK;
833 d.idxmap = idxmap;
834 d.bits = bits;
835
836 if (qemu_cpu_is_self(cpu)) {
837 tlb_flush_page_bits_by_mmuidx_async_0(cpu, d);
838 } else if (encode_pbm_to_runon(&runon, d)) {
839 async_run_on_cpu(cpu, tlb_flush_page_bits_by_mmuidx_async_1, runon);
840 } else {
841 TLBFlushPageBitsByMMUIdxData *p
842 = g_new(TLBFlushPageBitsByMMUIdxData, 1);
843
844 /* Otherwise allocate a structure, freed by the worker. */
845 *p = d;
846 async_run_on_cpu(cpu, tlb_flush_page_bits_by_mmuidx_async_2,
847 RUN_ON_CPU_HOST_PTR(p));
848 }
849}
850
851void tlb_flush_page_bits_by_mmuidx_all_cpus(CPUState *src_cpu,
852 target_ulong addr,
853 uint16_t idxmap,
854 unsigned bits)
855{
856 TLBFlushPageBitsByMMUIdxData d;
857 run_on_cpu_data runon;
858
859 /* If all bits are significant, this devolves to tlb_flush_page. */
860 if (bits >= TARGET_LONG_BITS) {
861 tlb_flush_page_by_mmuidx_all_cpus(src_cpu, addr, idxmap);
862 return;
863 }
864 /* If no page bits are significant, this devolves to tlb_flush. */
865 if (bits < TARGET_PAGE_BITS) {
866 tlb_flush_by_mmuidx_all_cpus(src_cpu, idxmap);
867 return;
868 }
869
870 /* This should already be page aligned */
871 d.addr = addr & TARGET_PAGE_MASK;
872 d.idxmap = idxmap;
873 d.bits = bits;
874
875 if (encode_pbm_to_runon(&runon, d)) {
876 flush_all_helper(src_cpu, tlb_flush_page_bits_by_mmuidx_async_1, runon);
877 } else {
878 CPUState *dst_cpu;
879 TLBFlushPageBitsByMMUIdxData *p;
880
881 /* Allocate a separate data block for each destination cpu. */
882 CPU_FOREACH(dst_cpu) {
883 if (dst_cpu != src_cpu) {
884 p = g_new(TLBFlushPageBitsByMMUIdxData, 1);
885 *p = d;
886 async_run_on_cpu(dst_cpu,
887 tlb_flush_page_bits_by_mmuidx_async_2,
888 RUN_ON_CPU_HOST_PTR(p));
889 }
890 }
891 }
892
893 tlb_flush_page_bits_by_mmuidx_async_0(src_cpu, d);
894}
895
896void tlb_flush_page_bits_by_mmuidx_all_cpus_synced(CPUState *src_cpu,
897 target_ulong addr,
898 uint16_t idxmap,
899 unsigned bits)
900{
901 TLBFlushPageBitsByMMUIdxData d;
902 run_on_cpu_data runon;
903
904 /* If all bits are significant, this devolves to tlb_flush_page. */
905 if (bits >= TARGET_LONG_BITS) {
906 tlb_flush_page_by_mmuidx_all_cpus_synced(src_cpu, addr, idxmap);
907 return;
908 }
909 /* If no page bits are significant, this devolves to tlb_flush. */
910 if (bits < TARGET_PAGE_BITS) {
911 tlb_flush_by_mmuidx_all_cpus_synced(src_cpu, idxmap);
912 return;
913 }
914
915 /* This should already be page aligned */
916 d.addr = addr & TARGET_PAGE_MASK;
917 d.idxmap = idxmap;
918 d.bits = bits;
919
920 if (encode_pbm_to_runon(&runon, d)) {
921 flush_all_helper(src_cpu, tlb_flush_page_bits_by_mmuidx_async_1, runon);
922 async_safe_run_on_cpu(src_cpu, tlb_flush_page_bits_by_mmuidx_async_1,
923 runon);
924 } else {
925 CPUState *dst_cpu;
926 TLBFlushPageBitsByMMUIdxData *p;
927
928 /* Allocate a separate data block for each destination cpu. */
929 CPU_FOREACH(dst_cpu) {
930 if (dst_cpu != src_cpu) {
931 p = g_new(TLBFlushPageBitsByMMUIdxData, 1);
932 *p = d;
933 async_run_on_cpu(dst_cpu, tlb_flush_page_bits_by_mmuidx_async_2,
934 RUN_ON_CPU_HOST_PTR(p));
935 }
936 }
937
938 p = g_new(TLBFlushPageBitsByMMUIdxData, 1);
939 *p = d;
940 async_safe_run_on_cpu(src_cpu, tlb_flush_page_bits_by_mmuidx_async_2,
941 RUN_ON_CPU_HOST_PTR(p));
942 }
943}
944
0cac1b66
BS		 945/* update the TLBs so that writes to code in the virtual page 'addr'
946 can be detected */
947void tlb_protect_code(ram_addr_t ram_addr)
948{
03eebc9e
SH		 949 cpu_physical_memory_test_and_clear_dirty(ram_addr, TARGET_PAGE_SIZE,
950 DIRTY_MEMORY_CODE);
0cac1b66
BS		 951}
952
953/* update the TLB so that writes in physical page 'phys_addr' are no longer
954 tested for self modifying code */
9564f52d 955void tlb_unprotect_code(ram_addr_t ram_addr)
0cac1b66 956{
52159192 957 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_CODE);
0cac1b66
BS		 958}
959
0cac1b66 960
b0706b71
AB		 961/*
962 * Dirty write flag handling
963 *
964 * When the TCG code writes to a location it looks up the address in
965 * the TLB and uses that data to compute the final address. If any of
966 * the lower bits of the address are set then the slow path is forced.
967 * There are a number of reasons to do this but for normal RAM the
968 * most usual is detecting writes to code regions which may invalidate
969 * generated code.
970 *
71aec354 971 * Other vCPUs might be reading their TLBs during guest execution, so we update
d73415a3 972 * te->addr_write with qatomic_set. We don't need to worry about this for
71aec354 973 * oversized guests as MTTCG is disabled for them.
b0706b71 974 *
53d28455 975 * Called with tlb_c.lock held.
b0706b71 976 */
71aec354
EC		 977static void tlb_reset_dirty_range_locked(CPUTLBEntry *tlb_entry,
978 uintptr_t start, uintptr_t length)
0cac1b66 979{
b0706b71 980 uintptr_t addr = tlb_entry->addr_write;
0cac1b66 981
7b0d792c
RH		 982 if ((addr & (TLB_INVALID_MASK | TLB_MMIO |
983 TLB_DISCARD_WRITE | TLB_NOTDIRTY)) == 0) {
b0706b71
AB		 984 addr &= TARGET_PAGE_MASK;
985 addr += tlb_entry->addend;
0cac1b66 986 if ((addr - start) < length) {
71aec354 987#if TCG_OVERSIZED_GUEST
0cac1b66 988 tlb_entry->addr_write |= TLB_NOTDIRTY;
b0706b71 989#else
d73415a3 990 qatomic_set(&tlb_entry->addr_write,
71aec354
EC		 991 tlb_entry->addr_write | TLB_NOTDIRTY);
992#endif
b0706b71
AB		 993 }
994 }
b0706b71
AB		 995}
996
71aec354 997/*
53d28455 998 * Called with tlb_c.lock held.
71aec354
EC		 999 * Called only from the vCPU context, i.e. the TLB's owner thread.
1000 */
1001static inline void copy_tlb_helper_locked(CPUTLBEntry *d, const CPUTLBEntry *s)
b0706b71 1002{
b0706b71 1003 *d = *s;
0cac1b66
BS		 1004}
1005
b0706b71 1006/* This is a cross vCPU call (i.e. another vCPU resetting the flags of
71aec354 1007 * the target vCPU).
53d28455 1008 * We must take tlb_c.lock to avoid racing with another vCPU update. The only
71aec354 1009 * thing actually updated is the target TLB entry ->addr_write flags.
b0706b71 1010 */
9a13565d 1011void tlb_reset_dirty(CPUState *cpu, ram_addr_t start1, ram_addr_t length)
0cac1b66
BS		 1012{
1013 CPUArchState *env;
1014
9a13565d 1015 int mmu_idx;
0cac1b66 1016
9a13565d 1017 env = cpu->env_ptr;
a40ec84e 1018 qemu_spin_lock(&env_tlb(env)->c.lock);
9a13565d
PC		 1019 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1020 unsigned int i;
722a1c1e 1021 unsigned int n = tlb_n_entries(&env_tlb(env)->f[mmu_idx]);
0cac1b66 1022
86e1eff8 1023 for (i = 0; i < n; i++) {
a40ec84e
RH		 1024 tlb_reset_dirty_range_locked(&env_tlb(env)->f[mmu_idx].table[i],
1025 start1, length);
9a13565d 1026 }
88e89a57 1027
9a13565d 1028 for (i = 0; i < CPU_VTLB_SIZE; i++) {
a40ec84e
RH		 1029 tlb_reset_dirty_range_locked(&env_tlb(env)->d[mmu_idx].vtable[i],
1030 start1, length);
0cac1b66
BS		 1031 }
1032 }
a40ec84e 1033 qemu_spin_unlock(&env_tlb(env)->c.lock);
0cac1b66
BS		 1034}
1035
53d28455 1036/* Called with tlb_c.lock held */
71aec354
EC		 1037static inline void tlb_set_dirty1_locked(CPUTLBEntry *tlb_entry,
1038 target_ulong vaddr)
0cac1b66
BS		 1039{
1040 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY)) {
1041 tlb_entry->addr_write = vaddr;
1042 }
1043}
1044
1045/* update the TLB corresponding to virtual page vaddr
1046 so that it is no longer dirty */
bcae01e4 1047void tlb_set_dirty(CPUState *cpu, target_ulong vaddr)
0cac1b66 1048{
bcae01e4 1049 CPUArchState *env = cpu->env_ptr;
0cac1b66
BS		 1050 int mmu_idx;
1051
f0aff0f1
AB		 1052 assert_cpu_is_self(cpu);
1053
0cac1b66 1054 vaddr &= TARGET_PAGE_MASK;
a40ec84e 1055 qemu_spin_lock(&env_tlb(env)->c.lock);
0cac1b66 1056 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
383beda9 1057 tlb_set_dirty1_locked(tlb_entry(env, mmu_idx, vaddr), vaddr);
0cac1b66 1058 }
88e89a57
XT		 1059
1060 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1061 int k;
1062 for (k = 0; k < CPU_VTLB_SIZE; k++) {
a40ec84e 1063 tlb_set_dirty1_locked(&env_tlb(env)->d[mmu_idx].vtable[k], vaddr);
88e89a57
XT		 1064 }
1065 }
a40ec84e 1066 qemu_spin_unlock(&env_tlb(env)->c.lock);
0cac1b66
BS		 1067}
1068
1069/* Our TLB does not support large pages, so remember the area covered by
1070 large pages and trigger a full TLB flush if these are invalidated. */
1308e026
RH		 1071static void tlb_add_large_page(CPUArchState *env, int mmu_idx,
1072 target_ulong vaddr, target_ulong size)
0cac1b66 1073{
a40ec84e 1074 target_ulong lp_addr = env_tlb(env)->d[mmu_idx].large_page_addr;
1308e026 1075 target_ulong lp_mask = ~(size - 1);
0cac1b66 1076
1308e026
RH		 1077 if (lp_addr == (target_ulong)-1) {
1078 /* No previous large page. */
1079 lp_addr = vaddr;
1080 } else {
1081 /* Extend the existing region to include the new page.
1082 This is a compromise between unnecessary flushes and
1083 the cost of maintaining a full variable size TLB. */
a40ec84e 1084 lp_mask &= env_tlb(env)->d[mmu_idx].large_page_mask;
1308e026
RH		 1085 while (((lp_addr ^ vaddr) & lp_mask) != 0) {
1086 lp_mask <<= 1;
1087 }
0cac1b66 1088 }
a40ec84e
RH		 1089 env_tlb(env)->d[mmu_idx].large_page_addr = lp_addr & lp_mask;
1090 env_tlb(env)->d[mmu_idx].large_page_mask = lp_mask;
0cac1b66
BS		 1091}
1092
1093/* Add a new TLB entry. At most one entry for a given virtual address
79e2b9ae
PB		 1094 * is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
1095 * supplied size is only used by tlb_flush_page.
1096 *
1097 * Called from TCG-generated code, which is under an RCU read-side
1098 * critical section.
1099 */
fadc1cbe
PM		 1100void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
1101 hwaddr paddr, MemTxAttrs attrs, int prot,
1102 int mmu_idx, target_ulong size)
0cac1b66 1103{
0c591eb0 1104 CPUArchState *env = cpu->env_ptr;
a40ec84e
RH		 1105 CPUTLB *tlb = env_tlb(env);
1106 CPUTLBDesc *desc = &tlb->d[mmu_idx];
0cac1b66
BS		 1107 MemoryRegionSection *section;
1108 unsigned int index;
1109 target_ulong address;
8f5db641 1110 target_ulong write_address;
0cac1b66 1111 uintptr_t addend;
68fea038 1112 CPUTLBEntry *te, tn;
55df6fcf
PM		 1113 hwaddr iotlb, xlat, sz, paddr_page;
1114 target_ulong vaddr_page;
d7898cda 1115 int asidx = cpu_asidx_from_attrs(cpu, attrs);
50b107c5 1116 int wp_flags;
8f5db641 1117 bool is_ram, is_romd;
0cac1b66 1118
f0aff0f1 1119 assert_cpu_is_self(cpu);
55df6fcf 1120
1308e026 1121 if (size <= TARGET_PAGE_SIZE) {
55df6fcf
PM		 1122 sz = TARGET_PAGE_SIZE;
1123 } else {
1308e026 1124 tlb_add_large_page(env, mmu_idx, vaddr, size);
55df6fcf 1125 sz = size;
0cac1b66 1126 }
55df6fcf
PM		 1127 vaddr_page = vaddr & TARGET_PAGE_MASK;
1128 paddr_page = paddr & TARGET_PAGE_MASK;
149f54b5 1129
55df6fcf
PM		 1130 section = address_space_translate_for_iotlb(cpu, asidx, paddr_page,
1131 &xlat, &sz, attrs, &prot);
149f54b5
PB		 1132 assert(sz >= TARGET_PAGE_SIZE);
1133
8526e1f4
AB		 1134 tlb_debug("vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
1135 " prot=%x idx=%d\n",
1136 vaddr, paddr, prot, mmu_idx);
0cac1b66 1137
55df6fcf
PM		 1138 address = vaddr_page;
1139 if (size < TARGET_PAGE_SIZE) {
30d7e098
RH		 1140 /* Repeat the MMU check and TLB fill on every access. */
1141 address |= TLB_INVALID_MASK;
55df6fcf 1142 }
a26fc6f5 1143 if (attrs.byte_swap) {
5b87b3e6 1144 address |= TLB_BSWAP;
a26fc6f5 1145 }
8f5db641
RH		 1146
1147 is_ram = memory_region_is_ram(section->mr);
1148 is_romd = memory_region_is_romd(section->mr);
1149
1150 if (is_ram || is_romd) {
1151 /* RAM and ROMD both have associated host memory. */
1152 addend = (uintptr_t)memory_region_get_ram_ptr(section->mr) + xlat;
1153 } else {
1154 /* I/O does not; force the host address to NULL. */
8f3e03cb 1155 addend = 0;
8f5db641
RH		 1156 }
1157
1158 write_address = address;
1159 if (is_ram) {
1160 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
1161 /*
1162 * Computing is_clean is expensive; avoid all that unless
1163 * the page is actually writable.
1164 */
1165 if (prot & PAGE_WRITE) {
1166 if (section->readonly) {
1167 write_address |= TLB_DISCARD_WRITE;
1168 } else if (cpu_physical_memory_is_clean(iotlb)) {
1169 write_address |= TLB_NOTDIRTY;
1170 }
1171 }
8f3e03cb 1172 } else {
8f5db641
RH		 1173 /* I/O or ROMD */
1174 iotlb = memory_region_section_get_iotlb(cpu, section) + xlat;
1175 /*
1176 * Writes to romd devices must go through MMIO to enable write.
1177 * Reads to romd devices go through the ram_ptr found above,
1178 * but of course reads to I/O must go through MMIO.
1179 */
1180 write_address |= TLB_MMIO;
1181 if (!is_romd) {
1182 address = write_address;
1183 }
0cac1b66 1184 }
0cac1b66 1185
50b107c5
RH		 1186 wp_flags = cpu_watchpoint_address_matches(cpu, vaddr_page,
1187 TARGET_PAGE_SIZE);
0cac1b66 1188
383beda9
RH		 1189 index = tlb_index(env, mmu_idx, vaddr_page);
1190 te = tlb_entry(env, mmu_idx, vaddr_page);
b0706b71 1191
71aec354
EC		 1192 /*
1193 * Hold the TLB lock for the rest of the function. We could acquire/release
1194 * the lock several times in the function, but it is faster to amortize the
1195 * acquisition cost by acquiring it just once. Note that this leads to
1196 * a longer critical section, but this is not a concern since the TLB lock
1197 * is unlikely to be contended.
1198 */
a40ec84e 1199 qemu_spin_lock(&tlb->c.lock);
71aec354 1200
3d1523ce 1201 /* Note that the tlb is no longer clean. */
a40ec84e 1202 tlb->c.dirty |= 1 << mmu_idx;
3d1523ce 1203
71aec354
EC		 1204 /* Make sure there's no cached translation for the new page. */
1205 tlb_flush_vtlb_page_locked(env, mmu_idx, vaddr_page);
1206
68fea038
RH		 1207 /*
1208 * Only evict the old entry to the victim tlb if it's for a
1209 * different page; otherwise just overwrite the stale data.
1210 */
3cea94bb 1211 if (!tlb_hit_page_anyprot(te, vaddr_page) && !tlb_entry_is_empty(te)) {
a40ec84e
RH		 1212 unsigned vidx = desc->vindex++ % CPU_VTLB_SIZE;
1213 CPUTLBEntry *tv = &desc->vtable[vidx];
b0706b71 1214
68fea038 1215 /* Evict the old entry into the victim tlb. */
71aec354 1216 copy_tlb_helper_locked(tv, te);
a40ec84e 1217 desc->viotlb[vidx] = desc->iotlb[index];
86e1eff8 1218 tlb_n_used_entries_dec(env, mmu_idx);
68fea038 1219 }
88e89a57
XT		 1220
1221 /* refill the tlb */
ace41090
PM		 1222 /*
1223 * At this point iotlb contains a physical section number in the lower
1224 * TARGET_PAGE_BITS, and either
8f5db641
RH		 1225 * + the ram_addr_t of the page base of the target RAM (RAM)
1226 * + the offset within section->mr of the page base (I/O, ROMD)
55df6fcf 1227 * We subtract the vaddr_page (which is page aligned and thus won't
ace41090
PM		 1228 * disturb the low bits) to give an offset which can be added to the
1229 * (non-page-aligned) vaddr of the eventual memory access to get
1230 * the MemoryRegion offset for the access. Note that the vaddr we
1231 * subtract here is that of the page base, and not the same as the
1232 * vaddr we add back in io_readx()/io_writex()/get_page_addr_code().
1233 */
a40ec84e
RH		 1234 desc->iotlb[index].addr = iotlb - vaddr_page;
1235 desc->iotlb[index].attrs = attrs;
b0706b71
AB		 1236
1237 /* Now calculate the new entry */
55df6fcf 1238 tn.addend = addend - vaddr_page;
0cac1b66 1239 if (prot & PAGE_READ) {
b0706b71 1240 tn.addr_read = address;
50b107c5
RH		 1241 if (wp_flags & BP_MEM_READ) {
1242 tn.addr_read |= TLB_WATCHPOINT;
1243 }
0cac1b66 1244 } else {
b0706b71 1245 tn.addr_read = -1;
0cac1b66
BS		 1246 }
1247
1248 if (prot & PAGE_EXEC) {
8f5db641 1249 tn.addr_code = address;
0cac1b66 1250 } else {
b0706b71 1251 tn.addr_code = -1;
0cac1b66 1252 }
b0706b71
AB		 1253
1254 tn.addr_write = -1;
0cac1b66 1255 if (prot & PAGE_WRITE) {
8f5db641 1256 tn.addr_write = write_address;
f52bfb12
DH		 1257 if (prot & PAGE_WRITE_INV) {
1258 tn.addr_write |= TLB_INVALID_MASK;
1259 }
50b107c5
RH		 1260 if (wp_flags & BP_MEM_WRITE) {
1261 tn.addr_write |= TLB_WATCHPOINT;
1262 }
0cac1b66 1263 }
b0706b71 1264
71aec354 1265 copy_tlb_helper_locked(te, &tn);
86e1eff8 1266 tlb_n_used_entries_inc(env, mmu_idx);
a40ec84e 1267 qemu_spin_unlock(&tlb->c.lock);
0cac1b66
BS		 1268}
1269
fadc1cbe
PM		 1270/* Add a new TLB entry, but without specifying the memory
1271 * transaction attributes to be used.
1272 */
1273void tlb_set_page(CPUState *cpu, target_ulong vaddr,
1274 hwaddr paddr, int prot,
1275 int mmu_idx, target_ulong size)
1276{
1277 tlb_set_page_with_attrs(cpu, vaddr, paddr, MEMTXATTRS_UNSPECIFIED,
1278 prot, mmu_idx, size);
1279}
1280
857baec1
AB		 1281static inline ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1282{
1283 ram_addr_t ram_addr;
1284
1285 ram_addr = qemu_ram_addr_from_host(ptr);
1286 if (ram_addr == RAM_ADDR_INVALID) {
1287 error_report("Bad ram pointer %p", ptr);
1288 abort();
1289 }
1290 return ram_addr;
1291}
1292
c319dc13
RH		 1293/*
1294 * Note: tlb_fill() can trigger a resize of the TLB. This means that all of the
1295 * caller's prior references to the TLB table (e.g. CPUTLBEntry pointers) must
1296 * be discarded and looked up again (e.g. via tlb_entry()).
1297 */
1298static void tlb_fill(CPUState *cpu, target_ulong addr, int size,
1299 MMUAccessType access_type, int mmu_idx, uintptr_t retaddr)
1300{
1301 CPUClass *cc = CPU_GET_CLASS(cpu);
1302 bool ok;
1303
1304 /*
1305 * This is not a probe, so only valid return is success; failure
1306 * should result in exception + longjmp to the cpu loop.
1307 */
78271684
CF		 1308 ok = cc->tcg_ops->tlb_fill(cpu, addr, size,
1309 access_type, mmu_idx, false, retaddr);
c319dc13
RH		 1310 assert(ok);
1311}
1312
78271684
CF		 1313static inline void cpu_unaligned_access(CPUState *cpu, vaddr addr,
1314 MMUAccessType access_type,
1315 int mmu_idx, uintptr_t retaddr)
1316{
1317 CPUClass *cc = CPU_GET_CLASS(cpu);
1318
1319 cc->tcg_ops->do_unaligned_access(cpu, addr, access_type, mmu_idx, retaddr);
1320}
1321
1322static inline void cpu_transaction_failed(CPUState *cpu, hwaddr physaddr,
1323 vaddr addr, unsigned size,
1324 MMUAccessType access_type,
1325 int mmu_idx, MemTxAttrs attrs,
1326 MemTxResult response,
1327 uintptr_t retaddr)
1328{
1329 CPUClass *cc = CPU_GET_CLASS(cpu);
1330
1331 if (!cpu->ignore_memory_transaction_failures &&
1332 cc->tcg_ops->do_transaction_failed) {
1333 cc->tcg_ops->do_transaction_failed(cpu, physaddr, addr, size,
1334 access_type, mmu_idx, attrs,
1335 response, retaddr);
1336 }
1337}
1338
82a45b96 1339static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
f1be3696 1340 int mmu_idx, target_ulong addr, uintptr_t retaddr,
be5c4787 1341 MMUAccessType access_type, MemOp op)
82a45b96 1342{
29a0af61 1343 CPUState *cpu = env_cpu(env);
2d54f194
PM		 1344 hwaddr mr_offset;
1345 MemoryRegionSection *section;
1346 MemoryRegion *mr;
82a45b96 1347 uint64_t val;
8d04fb55 1348 bool locked = false;
04e3aabd 1349 MemTxResult r;
82a45b96 1350
2d54f194
PM		 1351 section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
1352 mr = section->mr;
1353 mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
82a45b96 1354 cpu->mem_io_pc = retaddr;
08565552 1355 if (!cpu->can_do_io) {
82a45b96
RH		 1356 cpu_io_recompile(cpu, retaddr);
1357 }
1358
41744954 1359 if (!qemu_mutex_iothread_locked()) {
8d04fb55
JK		 1360 qemu_mutex_lock_iothread();
1361 locked = true;
1362 }
be5c4787 1363 r = memory_region_dispatch_read(mr, mr_offset, &val, op, iotlbentry->attrs);
04e3aabd 1364 if (r != MEMTX_OK) {
2d54f194
PM		 1365 hwaddr physaddr = mr_offset +
1366 section->offset_within_address_space -
1367 section->offset_within_region;
1368
be5c4787 1369 cpu_transaction_failed(cpu, physaddr, addr, memop_size(op), access_type,
04e3aabd
PM		 1370 mmu_idx, iotlbentry->attrs, r, retaddr);
1371 }
8d04fb55
JK		 1372 if (locked) {
1373 qemu_mutex_unlock_iothread();
1374 }
1375
82a45b96
RH		 1376 return val;
1377}
1378
2f3a57ee
AB		 1379/*
1380 * Save a potentially trashed IOTLB entry for later lookup by plugin.
570ef309
AB		 1381 * This is read by tlb_plugin_lookup if the iotlb entry doesn't match
1382 * because of the side effect of io_writex changing memory layout.
2f3a57ee
AB		 1383 */
1384static void save_iotlb_data(CPUState *cs, hwaddr addr,
1385 MemoryRegionSection *section, hwaddr mr_offset)
1386{
1387#ifdef CONFIG_PLUGIN
1388 SavedIOTLB *saved = &cs->saved_iotlb;
1389 saved->addr = addr;
1390 saved->section = section;
1391 saved->mr_offset = mr_offset;
1392#endif
1393}
1394
82a45b96 1395static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
f1be3696 1396 int mmu_idx, uint64_t val, target_ulong addr,
be5c4787 1397 uintptr_t retaddr, MemOp op)
82a45b96 1398{
29a0af61 1399 CPUState *cpu = env_cpu(env);
2d54f194
PM		 1400 hwaddr mr_offset;
1401 MemoryRegionSection *section;
1402 MemoryRegion *mr;
8d04fb55 1403 bool locked = false;
04e3aabd 1404 MemTxResult r;
82a45b96 1405
2d54f194
PM		 1406 section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
1407 mr = section->mr;
1408 mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
08565552 1409 if (!cpu->can_do_io) {
82a45b96
RH		 1410 cpu_io_recompile(cpu, retaddr);
1411 }
82a45b96 1412 cpu->mem_io_pc = retaddr;
8d04fb55 1413
2f3a57ee
AB		 1414 /*
1415 * The memory_region_dispatch may trigger a flush/resize
1416 * so for plugins we save the iotlb_data just in case.
1417 */
1418 save_iotlb_data(cpu, iotlbentry->addr, section, mr_offset);
1419
41744954 1420 if (!qemu_mutex_iothread_locked()) {
8d04fb55
JK		 1421 qemu_mutex_lock_iothread();
1422 locked = true;
1423 }
be5c4787 1424 r = memory_region_dispatch_write(mr, mr_offset, val, op, iotlbentry->attrs);
04e3aabd 1425 if (r != MEMTX_OK) {
2d54f194
PM		 1426 hwaddr physaddr = mr_offset +
1427 section->offset_within_address_space -
1428 section->offset_within_region;
1429
be5c4787
TN		 1430 cpu_transaction_failed(cpu, physaddr, addr, memop_size(op),
1431 MMU_DATA_STORE, mmu_idx, iotlbentry->attrs, r,
1432 retaddr);
04e3aabd 1433 }
8d04fb55
JK		 1434 if (locked) {
1435 qemu_mutex_unlock_iothread();
1436 }
82a45b96
RH		 1437}
1438
4811e909
RH		 1439static inline target_ulong tlb_read_ofs(CPUTLBEntry *entry, size_t ofs)
1440{
1441#if TCG_OVERSIZED_GUEST
1442 return *(target_ulong *)((uintptr_t)entry + ofs);
1443#else
d73415a3
SH		 1444 /* ofs might correspond to .addr_write, so use qatomic_read */
1445 return qatomic_read((target_ulong *)((uintptr_t)entry + ofs));
4811e909
RH		 1446#endif
1447}
1448
7e9a7c50
RH		 1449/* Return true if ADDR is present in the victim tlb, and has been copied
1450 back to the main tlb. */
1451static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index,
1452 size_t elt_ofs, target_ulong page)
1453{
1454 size_t vidx;
71aec354 1455
29a0af61 1456 assert_cpu_is_self(env_cpu(env));
7e9a7c50 1457 for (vidx = 0; vidx < CPU_VTLB_SIZE; ++vidx) {
a40ec84e
RH		 1458 CPUTLBEntry *vtlb = &env_tlb(env)->d[mmu_idx].vtable[vidx];
1459 target_ulong cmp;
1460
d73415a3 1461 /* elt_ofs might correspond to .addr_write, so use qatomic_read */
a40ec84e
RH		 1462#if TCG_OVERSIZED_GUEST
1463 cmp = *(target_ulong *)((uintptr_t)vtlb + elt_ofs);
1464#else
d73415a3 1465 cmp = qatomic_read((target_ulong *)((uintptr_t)vtlb + elt_ofs));
a40ec84e 1466#endif
7e9a7c50
RH		 1467
1468 if (cmp == page) {
1469 /* Found entry in victim tlb, swap tlb and iotlb. */
a40ec84e 1470 CPUTLBEntry tmptlb, *tlb = &env_tlb(env)->f[mmu_idx].table[index];
b0706b71 1471
a40ec84e 1472 qemu_spin_lock(&env_tlb(env)->c.lock);
71aec354
EC		 1473 copy_tlb_helper_locked(&tmptlb, tlb);
1474 copy_tlb_helper_locked(tlb, vtlb);
1475 copy_tlb_helper_locked(vtlb, &tmptlb);
a40ec84e 1476 qemu_spin_unlock(&env_tlb(env)->c.lock);
b0706b71 1477
a40ec84e
RH		 1478 CPUIOTLBEntry tmpio, *io = &env_tlb(env)->d[mmu_idx].iotlb[index];
1479 CPUIOTLBEntry *vio = &env_tlb(env)->d[mmu_idx].viotlb[vidx];
7e9a7c50
RH		 1480 tmpio = *io; *io = *vio; *vio = tmpio;
1481 return true;
1482 }
1483 }
1484 return false;
1485}
1486
1487/* Macro to call the above, with local variables from the use context. */
a390284b 1488#define VICTIM_TLB_HIT(TY, ADDR) \
7e9a7c50 1489 victim_tlb_hit(env, mmu_idx, index, offsetof(CPUTLBEntry, TY), \
a390284b 1490 (ADDR) & TARGET_PAGE_MASK)
7e9a7c50 1491
30d7e098
RH		 1492/*
1493 * Return a ram_addr_t for the virtual address for execution.
1494 *
1495 * Return -1 if we can't translate and execute from an entire page
1496 * of RAM. This will force us to execute by loading and translating
1497 * one insn at a time, without caching.
1498 *
1499 * NOTE: This function will trigger an exception if the page is
1500 * not executable.
f2553f04 1501 */
4b2190da
EC		 1502tb_page_addr_t get_page_addr_code_hostp(CPUArchState *env, target_ulong addr,
1503 void **hostp)
f2553f04 1504{
383beda9
RH		 1505 uintptr_t mmu_idx = cpu_mmu_index(env, true);
1506 uintptr_t index = tlb_index(env, mmu_idx, addr);
1507 CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
f2553f04 1508 void *p;
f2553f04 1509
383beda9 1510 if (unlikely(!tlb_hit(entry->addr_code, addr))) {
b493ccf1 1511 if (!VICTIM_TLB_HIT(addr_code, addr)) {
29a0af61 1512 tlb_fill(env_cpu(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0);
6d967cb8
EC		 1513 index = tlb_index(env, mmu_idx, addr);
1514 entry = tlb_entry(env, mmu_idx, addr);
30d7e098
RH		 1515
1516 if (unlikely(entry->addr_code & TLB_INVALID_MASK)) {
1517 /*
1518 * The MMU protection covers a smaller range than a target
1519 * page, so we must redo the MMU check for every insn.
1520 */
1521 return -1;
1522 }
71b9a453 1523 }
383beda9 1524 assert(tlb_hit(entry->addr_code, addr));
f2553f04 1525 }
55df6fcf 1526
30d7e098
RH		 1527 if (unlikely(entry->addr_code & TLB_MMIO)) {
1528 /* The region is not backed by RAM. */
4b2190da
EC		 1529 if (hostp) {
1530 *hostp = NULL;
1531 }
20cb6ae4 1532 return -1;
55df6fcf
PM		 1533 }
1534
383beda9 1535 p = (void *)((uintptr_t)addr + entry->addend);
4b2190da
EC		 1536 if (hostp) {
1537 *hostp = p;
1538 }
f2553f04
FK		 1539 return qemu_ram_addr_from_host_nofail(p);
1540}
1541
4b2190da
EC		 1542tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
1543{
1544 return get_page_addr_code_hostp(env, addr, NULL);
1545}
1546
707526ad
RH		 1547static void notdirty_write(CPUState *cpu, vaddr mem_vaddr, unsigned size,
1548 CPUIOTLBEntry *iotlbentry, uintptr_t retaddr)
1549{
1550 ram_addr_t ram_addr = mem_vaddr + iotlbentry->addr;
1551
1552 trace_memory_notdirty_write_access(mem_vaddr, ram_addr, size);
1553
1554 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1555 struct page_collection *pages
1556 = page_collection_lock(ram_addr, ram_addr + size);
5a7c27bb 1557 tb_invalidate_phys_page_fast(pages, ram_addr, size, retaddr);
707526ad
RH		 1558 page_collection_unlock(pages);
1559 }
1560
1561 /*
1562 * Set both VGA and migration bits for simplicity and to remove
1563 * the notdirty callback faster.
1564 */
1565 cpu_physical_memory_set_dirty_range(ram_addr, size, DIRTY_CLIENTS_NOCODE);
1566
1567 /* We remove the notdirty callback only if the code has been flushed. */
1568 if (!cpu_physical_memory_is_clean(ram_addr)) {
1569 trace_memory_notdirty_set_dirty(mem_vaddr);
1570 tlb_set_dirty(cpu, mem_vaddr);
1571 }
1572}
1573
069cfe77
RH		 1574static int probe_access_internal(CPUArchState *env, target_ulong addr,
1575 int fault_size, MMUAccessType access_type,
1576 int mmu_idx, bool nonfault,
1577 void **phost, uintptr_t retaddr)
3b08f0a9 1578{
383beda9
RH		 1579 uintptr_t index = tlb_index(env, mmu_idx, addr);
1580 CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
069cfe77 1581 target_ulong tlb_addr, page_addr;
c25c283d 1582 size_t elt_ofs;
069cfe77 1583 int flags;
ca86cf32 1584
c25c283d
DH		 1585 switch (access_type) {
1586 case MMU_DATA_LOAD:
1587 elt_ofs = offsetof(CPUTLBEntry, addr_read);
c25c283d
DH		 1588 break;
1589 case MMU_DATA_STORE:
1590 elt_ofs = offsetof(CPUTLBEntry, addr_write);
c25c283d
DH		 1591 break;
1592 case MMU_INST_FETCH:
1593 elt_ofs = offsetof(CPUTLBEntry, addr_code);
c25c283d
DH		 1594 break;
1595 default:
1596 g_assert_not_reached();
1597 }
1598 tlb_addr = tlb_read_ofs(entry, elt_ofs);
1599
069cfe77
RH		 1600 page_addr = addr & TARGET_PAGE_MASK;
1601 if (!tlb_hit_page(tlb_addr, page_addr)) {
1602 if (!victim_tlb_hit(env, mmu_idx, index, elt_ofs, page_addr)) {
1603 CPUState *cs = env_cpu(env);
1604 CPUClass *cc = CPU_GET_CLASS(cs);
1605
78271684
CF		 1606 if (!cc->tcg_ops->tlb_fill(cs, addr, fault_size, access_type,
1607 mmu_idx, nonfault, retaddr)) {
069cfe77
RH		 1608 /* Non-faulting page table read failed. */
1609 *phost = NULL;
1610 return TLB_INVALID_MASK;
1611 }
1612
1613 /* TLB resize via tlb_fill may have moved the entry. */
03a98189 1614 entry = tlb_entry(env, mmu_idx, addr);
3b08f0a9 1615 }
c25c283d 1616 tlb_addr = tlb_read_ofs(entry, elt_ofs);
03a98189 1617 }
069cfe77 1618 flags = tlb_addr & TLB_FLAGS_MASK;
03a98189 1619
069cfe77
RH		 1620 /* Fold all "mmio-like" bits into TLB_MMIO. This is not RAM. */
1621 if (unlikely(flags & ~(TLB_WATCHPOINT | TLB_NOTDIRTY))) {
1622 *phost = NULL;
1623 return TLB_MMIO;
fef39ccd
DH		 1624 }
1625
069cfe77
RH		 1626 /* Everything else is RAM. */
1627 *phost = (void *)((uintptr_t)addr + entry->addend);
1628 return flags;
1629}
1630
1631int probe_access_flags(CPUArchState *env, target_ulong addr,
1632 MMUAccessType access_type, int mmu_idx,
1633 bool nonfault, void **phost, uintptr_t retaddr)
1634{
1635 int flags;
1636
1637 flags = probe_access_internal(env, addr, 0, access_type, mmu_idx,
1638 nonfault, phost, retaddr);
1639
1640 /* Handle clean RAM pages. */
1641 if (unlikely(flags & TLB_NOTDIRTY)) {
1642 uintptr_t index = tlb_index(env, mmu_idx, addr);
73bc0bd4 1643 CPUIOTLBEntry *iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
fef39ccd 1644
069cfe77
RH		 1645 notdirty_write(env_cpu(env), addr, 1, iotlbentry, retaddr);
1646 flags &= ~TLB_NOTDIRTY;
1647 }
1648
1649 return flags;
1650}
1651
1652void *probe_access(CPUArchState *env, target_ulong addr, int size,
1653 MMUAccessType access_type, int mmu_idx, uintptr_t retaddr)
1654{
1655 void *host;
1656 int flags;
1657
1658 g_assert(-(addr | TARGET_PAGE_MASK) >= size);
1659
1660 flags = probe_access_internal(env, addr, size, access_type, mmu_idx,
1661 false, &host, retaddr);
1662
1663 /* Per the interface, size == 0 merely faults the access. */
1664 if (size == 0) {
1665 return NULL;
1666 }
1667
1668 if (unlikely(flags & (TLB_NOTDIRTY | TLB_WATCHPOINT))) {
1669 uintptr_t index = tlb_index(env, mmu_idx, addr);
1670 CPUIOTLBEntry *iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
73bc0bd4
RH		 1671
1672 /* Handle watchpoints. */
069cfe77
RH		 1673 if (flags & TLB_WATCHPOINT) {
1674 int wp_access = (access_type == MMU_DATA_STORE
1675 ? BP_MEM_WRITE : BP_MEM_READ);
73bc0bd4
RH		 1676 cpu_check_watchpoint(env_cpu(env), addr, size,
1677 iotlbentry->attrs, wp_access, retaddr);
1678 }
1679
1680 /* Handle clean RAM pages. */
069cfe77
RH		 1681 if (flags & TLB_NOTDIRTY) {
1682 notdirty_write(env_cpu(env), addr, 1, iotlbentry, retaddr);
73bc0bd4 1683 }
fef39ccd
DH		 1684 }
1685
069cfe77 1686 return host;
3b08f0a9
RH		 1687}
1688
4811e909
RH		 1689void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr,
1690 MMUAccessType access_type, int mmu_idx)
1691{
069cfe77
RH		 1692 void *host;
1693 int flags;
4811e909 1694
069cfe77
RH		 1695 flags = probe_access_internal(env, addr, 0, access_type,
1696 mmu_idx, true, &host, 0);
4811e909 1697
069cfe77
RH		 1698 /* No combination of flags are expected by the caller. */
1699 return flags ? NULL : host;
4811e909
RH		 1700}
1701
235537fa
AB		 1702#ifdef CONFIG_PLUGIN
1703/*
1704 * Perform a TLB lookup and populate the qemu_plugin_hwaddr structure.
1705 * This should be a hot path as we will have just looked this path up
1706 * in the softmmu lookup code (or helper). We don't handle re-fills or
1707 * checking the victim table. This is purely informational.
1708 *
2f3a57ee
AB		 1709 * This almost never fails as the memory access being instrumented
1710 * should have just filled the TLB. The one corner case is io_writex
1711 * which can cause TLB flushes and potential resizing of the TLBs
570ef309
AB		 1712 * losing the information we need. In those cases we need to recover
1713 * data from a copy of the iotlbentry. As long as this always occurs
1714 * from the same thread (which a mem callback will be) this is safe.
235537fa
AB		 1715 */
1716
1717bool tlb_plugin_lookup(CPUState *cpu, target_ulong addr, int mmu_idx,
1718 bool is_store, struct qemu_plugin_hwaddr *data)
1719{
1720 CPUArchState *env = cpu->env_ptr;
1721 CPUTLBEntry *tlbe = tlb_entry(env, mmu_idx, addr);
1722 uintptr_t index = tlb_index(env, mmu_idx, addr);
1723 target_ulong tlb_addr = is_store ? tlb_addr_write(tlbe) : tlbe->addr_read;
1724
1725 if (likely(tlb_hit(tlb_addr, addr))) {
1726 /* We must have an iotlb entry for MMIO */
1727 if (tlb_addr & TLB_MMIO) {
1728 CPUIOTLBEntry *iotlbentry;
1729 iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
1730 data->is_io = true;
1731 data->v.io.section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
1732 data->v.io.offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
1733 } else {
1734 data->is_io = false;
1735 data->v.ram.hostaddr = addr + tlbe->addend;
1736 }
1737 return true;
2f3a57ee
AB		 1738 } else {
1739 SavedIOTLB *saved = &cpu->saved_iotlb;
1740 data->is_io = true;
1741 data->v.io.section = saved->section;
1742 data->v.io.offset = saved->mr_offset;
1743 return true;
235537fa 1744 }
235537fa
AB		 1745}
1746
1747#endif
1748
c482cb11
RH		 1749/* Probe for a read-modify-write atomic operation. Do not allow unaligned
1750 * operations, or io operations to proceed. Return the host address. */
1751static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
707526ad 1752 TCGMemOpIdx oi, uintptr_t retaddr)
c482cb11
RH		 1753{
1754 size_t mmu_idx = get_mmuidx(oi);
383beda9
RH		 1755 uintptr_t index = tlb_index(env, mmu_idx, addr);
1756 CPUTLBEntry *tlbe = tlb_entry(env, mmu_idx, addr);
403f290c 1757 target_ulong tlb_addr = tlb_addr_write(tlbe);
14776ab5 1758 MemOp mop = get_memop(oi);
c482cb11
RH		 1759 int a_bits = get_alignment_bits(mop);
1760 int s_bits = mop & MO_SIZE;
34d49937 1761 void *hostaddr;
c482cb11
RH		 1762
1763 /* Adjust the given return address. */
1764 retaddr -= GETPC_ADJ;
1765
1766 /* Enforce guest required alignment. */
1767 if (unlikely(a_bits > 0 && (addr & ((1 << a_bits) - 1)))) {
1768 /* ??? Maybe indicate atomic op to cpu_unaligned_access */
29a0af61 1769 cpu_unaligned_access(env_cpu(env), addr, MMU_DATA_STORE,
c482cb11
RH		 1770 mmu_idx, retaddr);
1771 }
1772
1773 /* Enforce qemu required alignment. */
1774 if (unlikely(addr & ((1 << s_bits) - 1))) {
1775 /* We get here if guest alignment was not requested,
1776 or was not enforced by cpu_unaligned_access above.
1777 We might widen the access and emulate, but for now
1778 mark an exception and exit the cpu loop. */
1779 goto stop_the_world;
1780 }
1781
1782 /* Check TLB entry and enforce page permissions. */
334692bc 1783 if (!tlb_hit(tlb_addr, addr)) {
c482cb11 1784 if (!VICTIM_TLB_HIT(addr_write, addr)) {
29a0af61 1785 tlb_fill(env_cpu(env), addr, 1 << s_bits, MMU_DATA_STORE,
98670d47 1786 mmu_idx, retaddr);
6d967cb8
EC		 1787 index = tlb_index(env, mmu_idx, addr);
1788 tlbe = tlb_entry(env, mmu_idx, addr);
c482cb11 1789 }
403f290c 1790 tlb_addr = tlb_addr_write(tlbe) & ~TLB_INVALID_MASK;
c482cb11
RH		 1791 }
1792
55df6fcf 1793 /* Notice an IO access or a needs-MMU-lookup access */
30d7e098 1794 if (unlikely(tlb_addr & TLB_MMIO)) {
c482cb11
RH		 1795 /* There's really nothing that can be done to
1796 support this apart from stop-the-world. */
1797 goto stop_the_world;
1798 }
1799
1800 /* Let the guest notice RMW on a write-only page. */
34d49937 1801 if (unlikely(tlbe->addr_read != (tlb_addr & ~TLB_NOTDIRTY))) {
29a0af61 1802 tlb_fill(env_cpu(env), addr, 1 << s_bits, MMU_DATA_LOAD,
98670d47 1803 mmu_idx, retaddr);
c482cb11
RH		 1804 /* Since we don't support reads and writes to different addresses,
1805 and we do have the proper page loaded for write, this shouldn't
1806 ever return. But just in case, handle via stop-the-world. */
1807 goto stop_the_world;
1808 }
1809
34d49937
PM		 1810 hostaddr = (void *)((uintptr_t)addr + tlbe->addend);
1811
34d49937 1812 if (unlikely(tlb_addr & TLB_NOTDIRTY)) {
707526ad
RH		 1813 notdirty_write(env_cpu(env), addr, 1 << s_bits,
1814 &env_tlb(env)->d[mmu_idx].iotlb[index], retaddr);
34d49937
PM		 1815 }
1816
1817 return hostaddr;
c482cb11
RH		 1818
1819 stop_the_world:
29a0af61 1820 cpu_loop_exit_atomic(env_cpu(env), retaddr);
c482cb11
RH		 1821}
1822
eed56642
AB		 1823/*
1824 * Load Helpers
1825 *
1826 * We support two different access types. SOFTMMU_CODE_ACCESS is
1827 * specifically for reading instructions from system memory. It is
1828 * called by the translation loop and in some helpers where the code
1829 * is disassembled. It shouldn't be called directly by guest code.
1830 */
0f590e74 1831
2dd92606
RH		 1832typedef uint64_t FullLoadHelper(CPUArchState *env, target_ulong addr,
1833 TCGMemOpIdx oi, uintptr_t retaddr);
1834
80d9d1c6
RH		 1835static inline uint64_t QEMU_ALWAYS_INLINE
1836load_memop(const void *haddr, MemOp op)
1837{
1838 switch (op) {
1839 case MO_UB:
1840 return ldub_p(haddr);
1841 case MO_BEUW:
1842 return lduw_be_p(haddr);
1843 case MO_LEUW:
1844 return lduw_le_p(haddr);
1845 case MO_BEUL:
1846 return (uint32_t)ldl_be_p(haddr);
1847 case MO_LEUL:
1848 return (uint32_t)ldl_le_p(haddr);
1849 case MO_BEQ:
1850 return ldq_be_p(haddr);
1851 case MO_LEQ:
1852 return ldq_le_p(haddr);
1853 default:
1854 qemu_build_not_reached();
1855 }
1856}
1857
c6b716cd 1858static inline uint64_t QEMU_ALWAYS_INLINE
2dd92606 1859load_helper(CPUArchState *env, target_ulong addr, TCGMemOpIdx oi,
be5c4787 1860 uintptr_t retaddr, MemOp op, bool code_read,
2dd92606 1861 FullLoadHelper *full_load)
eed56642
AB		 1862{
1863 uintptr_t mmu_idx = get_mmuidx(oi);
1864 uintptr_t index = tlb_index(env, mmu_idx, addr);
1865 CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
1866 target_ulong tlb_addr = code_read ? entry->addr_code : entry->addr_read;
1867 const size_t tlb_off = code_read ?
1868 offsetof(CPUTLBEntry, addr_code) : offsetof(CPUTLBEntry, addr_read);
f1be3696
RH		 1869 const MMUAccessType access_type =
1870 code_read ? MMU_INST_FETCH : MMU_DATA_LOAD;
eed56642
AB		 1871 unsigned a_bits = get_alignment_bits(get_memop(oi));
1872 void *haddr;
1873 uint64_t res;
be5c4787 1874 size_t size = memop_size(op);
eed56642
AB		 1875
1876 /* Handle CPU specific unaligned behaviour */
1877 if (addr & ((1 << a_bits) - 1)) {
29a0af61 1878 cpu_unaligned_access(env_cpu(env), addr, access_type,
eed56642
AB		 1879 mmu_idx, retaddr);
1880 }
0f590e74 1881
eed56642
AB		 1882 /* If the TLB entry is for a different page, reload and try again. */
1883 if (!tlb_hit(tlb_addr, addr)) {
1884 if (!victim_tlb_hit(env, mmu_idx, index, tlb_off,
1885 addr & TARGET_PAGE_MASK)) {
29a0af61 1886 tlb_fill(env_cpu(env), addr, size,
f1be3696 1887 access_type, mmu_idx, retaddr);
eed56642
AB		 1888 index = tlb_index(env, mmu_idx, addr);
1889 entry = tlb_entry(env, mmu_idx, addr);
1890 }
1891 tlb_addr = code_read ? entry->addr_code : entry->addr_read;
30d7e098 1892 tlb_addr &= ~TLB_INVALID_MASK;
eed56642
AB		 1893 }
1894
50b107c5 1895 /* Handle anything that isn't just a straight memory access. */
eed56642 1896 if (unlikely(tlb_addr & ~TARGET_PAGE_MASK)) {
50b107c5 1897 CPUIOTLBEntry *iotlbentry;
5b87b3e6 1898 bool need_swap;
50b107c5
RH		 1899
1900 /* For anything that is unaligned, recurse through full_load. */
eed56642
AB		 1901 if ((addr & (size - 1)) != 0) {
1902 goto do_unaligned_access;
1903 }
50b107c5
RH		 1904
1905 iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
1906
1907 /* Handle watchpoints. */
1908 if (unlikely(tlb_addr & TLB_WATCHPOINT)) {
1909 /* On watchpoint hit, this will longjmp out. */
1910 cpu_check_watchpoint(env_cpu(env), addr, size,
1911 iotlbentry->attrs, BP_MEM_READ, retaddr);
50b107c5
RH		 1912 }
1913
5b87b3e6
RH		 1914 need_swap = size > 1 && (tlb_addr & TLB_BSWAP);
1915
50b107c5 1916 /* Handle I/O access. */
5b87b3e6
RH		 1917 if (likely(tlb_addr & TLB_MMIO)) {
1918 return io_readx(env, iotlbentry, mmu_idx, addr, retaddr,
1919 access_type, op ^ (need_swap * MO_BSWAP));
1920 }
1921
1922 haddr = (void *)((uintptr_t)addr + entry->addend);
1923
1924 /*
1925 * Keep these two load_memop separate to ensure that the compiler
1926 * is able to fold the entire function to a single instruction.
1927 * There is a build-time assert inside to remind you of this. ;-)
1928 */
1929 if (unlikely(need_swap)) {
1930 return load_memop(haddr, op ^ MO_BSWAP);
1931 }
1932 return load_memop(haddr, op);
eed56642
AB		 1933 }
1934
1935 /* Handle slow unaligned access (it spans two pages or IO). */
1936 if (size > 1
1937 && unlikely((addr & ~TARGET_PAGE_MASK) + size - 1
1938 >= TARGET_PAGE_SIZE)) {
1939 target_ulong addr1, addr2;
8c79b288 1940 uint64_t r1, r2;
eed56642
AB		 1941 unsigned shift;
1942 do_unaligned_access:
ab7a2009 1943 addr1 = addr & ~((target_ulong)size - 1);
eed56642 1944 addr2 = addr1 + size;
2dd92606
RH		 1945 r1 = full_load(env, addr1, oi, retaddr);
1946 r2 = full_load(env, addr2, oi, retaddr);
eed56642
AB		 1947 shift = (addr & (size - 1)) * 8;
1948
be5c4787 1949 if (memop_big_endian(op)) {
eed56642
AB		 1950 /* Big-endian combine. */
1951 res = (r1 << shift) | (r2 >> ((size * 8) - shift));
1952 } else {
1953 /* Little-endian combine. */
1954 res = (r1 >> shift) | (r2 << ((size * 8) - shift));
1955 }
1956 return res & MAKE_64BIT_MASK(0, size * 8);
1957 }
1958
1959 haddr = (void *)((uintptr_t)addr + entry->addend);
80d9d1c6 1960 return load_memop(haddr, op);
eed56642
AB		 1961}
1962
1963/*
1964 * For the benefit of TCG generated code, we want to avoid the
1965 * complication of ABI-specific return type promotion and always
1966 * return a value extended to the register size of the host. This is
1967 * tcg_target_long, except in the case of a 32-bit host and 64-bit
1968 * data, and for that we always have uint64_t.
1969 *
1970 * We don't bother with this widened value for SOFTMMU_CODE_ACCESS.
1971 */
1972
2dd92606
RH		 1973static uint64_t full_ldub_mmu(CPUArchState *env, target_ulong addr,
1974 TCGMemOpIdx oi, uintptr_t retaddr)
1975{
be5c4787 1976 return load_helper(env, addr, oi, retaddr, MO_UB, false, full_ldub_mmu);
2dd92606
RH		 1977}
1978
fc1bc777
RH		 1979tcg_target_ulong helper_ret_ldub_mmu(CPUArchState *env, target_ulong addr,
1980 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 1981{
2dd92606
RH		 1982 return full_ldub_mmu(env, addr, oi, retaddr);
1983}
1984
1985static uint64_t full_le_lduw_mmu(CPUArchState *env, target_ulong addr,
1986 TCGMemOpIdx oi, uintptr_t retaddr)
1987{
be5c4787 1988 return load_helper(env, addr, oi, retaddr, MO_LEUW, false,
2dd92606 1989 full_le_lduw_mmu);
eed56642
AB		 1990}
1991
fc1bc777
RH		 1992tcg_target_ulong helper_le_lduw_mmu(CPUArchState *env, target_ulong addr,
1993 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 1994{
2dd92606
RH		 1995 return full_le_lduw_mmu(env, addr, oi, retaddr);
1996}
1997
1998static uint64_t full_be_lduw_mmu(CPUArchState *env, target_ulong addr,
1999 TCGMemOpIdx oi, uintptr_t retaddr)
2000{
be5c4787 2001 return load_helper(env, addr, oi, retaddr, MO_BEUW, false,
2dd92606 2002 full_be_lduw_mmu);
eed56642
AB		 2003}
2004
fc1bc777
RH		 2005tcg_target_ulong helper_be_lduw_mmu(CPUArchState *env, target_ulong addr,
2006 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2007{
2dd92606
RH		 2008 return full_be_lduw_mmu(env, addr, oi, retaddr);
2009}
2010
2011static uint64_t full_le_ldul_mmu(CPUArchState *env, target_ulong addr,
2012 TCGMemOpIdx oi, uintptr_t retaddr)
2013{
be5c4787 2014 return load_helper(env, addr, oi, retaddr, MO_LEUL, false,
2dd92606 2015 full_le_ldul_mmu);
eed56642
AB		 2016}
2017
fc1bc777
RH		 2018tcg_target_ulong helper_le_ldul_mmu(CPUArchState *env, target_ulong addr,
2019 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2020{
2dd92606
RH		 2021 return full_le_ldul_mmu(env, addr, oi, retaddr);
2022}
2023
2024static uint64_t full_be_ldul_mmu(CPUArchState *env, target_ulong addr,
2025 TCGMemOpIdx oi, uintptr_t retaddr)
2026{
be5c4787 2027 return load_helper(env, addr, oi, retaddr, MO_BEUL, false,
2dd92606 2028 full_be_ldul_mmu);
eed56642
AB		 2029}
2030
fc1bc777
RH		 2031tcg_target_ulong helper_be_ldul_mmu(CPUArchState *env, target_ulong addr,
2032 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2033{
2dd92606 2034 return full_be_ldul_mmu(env, addr, oi, retaddr);
eed56642
AB		 2035}
2036
fc1bc777
RH		 2037uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
2038 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2039{
be5c4787 2040 return load_helper(env, addr, oi, retaddr, MO_LEQ, false,
2dd92606 2041 helper_le_ldq_mmu);
eed56642
AB		 2042}
2043
fc1bc777
RH		 2044uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
2045 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2046{
be5c4787 2047 return load_helper(env, addr, oi, retaddr, MO_BEQ, false,
2dd92606 2048 helper_be_ldq_mmu);
eed56642
AB		 2049}
2050
2051/*
2052 * Provide signed versions of the load routines as well. We can of course
2053 * avoid this for 64-bit data, or for 32-bit data on 32-bit host.
2054 */
2055
2056
2057tcg_target_ulong helper_ret_ldsb_mmu(CPUArchState *env, target_ulong addr,
2058 TCGMemOpIdx oi, uintptr_t retaddr)
2059{
2060 return (int8_t)helper_ret_ldub_mmu(env, addr, oi, retaddr);
2061}
2062
2063tcg_target_ulong helper_le_ldsw_mmu(CPUArchState *env, target_ulong addr,
2064 TCGMemOpIdx oi, uintptr_t retaddr)
2065{
2066 return (int16_t)helper_le_lduw_mmu(env, addr, oi, retaddr);
2067}
2068
2069tcg_target_ulong helper_be_ldsw_mmu(CPUArchState *env, target_ulong addr,
2070 TCGMemOpIdx oi, uintptr_t retaddr)
2071{
2072 return (int16_t)helper_be_lduw_mmu(env, addr, oi, retaddr);
2073}
2074
2075tcg_target_ulong helper_le_ldsl_mmu(CPUArchState *env, target_ulong addr,
2076 TCGMemOpIdx oi, uintptr_t retaddr)
2077{
2078 return (int32_t)helper_le_ldul_mmu(env, addr, oi, retaddr);
2079}
2080
2081tcg_target_ulong helper_be_ldsl_mmu(CPUArchState *env, target_ulong addr,
2082 TCGMemOpIdx oi, uintptr_t retaddr)
2083{
2084 return (int32_t)helper_be_ldul_mmu(env, addr, oi, retaddr);
2085}
2086
d03f1408
RH		 2087/*
2088 * Load helpers for cpu_ldst.h.
2089 */
2090
2091static inline uint64_t cpu_load_helper(CPUArchState *env, abi_ptr addr,
2092 int mmu_idx, uintptr_t retaddr,
2093 MemOp op, FullLoadHelper *full_load)
2094{
2095 uint16_t meminfo;
2096 TCGMemOpIdx oi;
2097 uint64_t ret;
2098
2099 meminfo = trace_mem_get_info(op, mmu_idx, false);
2100 trace_guest_mem_before_exec(env_cpu(env), addr, meminfo);
2101
2102 op &= ~MO_SIGN;
2103 oi = make_memop_idx(op, mmu_idx);
2104 ret = full_load(env, addr, oi, retaddr);
2105
2106 qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, meminfo);
2107
2108 return ret;
2109}
2110
2111uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
2112 int mmu_idx, uintptr_t ra)
2113{
2114 return cpu_load_helper(env, addr, mmu_idx, ra, MO_UB, full_ldub_mmu);
2115}
2116
2117int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
2118 int mmu_idx, uintptr_t ra)
2119{
2120 return (int8_t)cpu_load_helper(env, addr, mmu_idx, ra, MO_SB,
2121 full_ldub_mmu);
2122}
2123
b9e60257
RH		 2124uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
2125 int mmu_idx, uintptr_t ra)
d03f1408 2126{
b9e60257 2127 return cpu_load_helper(env, addr, mmu_idx, ra, MO_BEUW, full_be_lduw_mmu);
d03f1408
RH		 2128}
2129
b9e60257
RH		 2130int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
2131 int mmu_idx, uintptr_t ra)
2132{
2133 return (int16_t)cpu_load_helper(env, addr, mmu_idx, ra, MO_BESW,
2134 full_be_lduw_mmu);
2135}
2136
2137uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
2138 int mmu_idx, uintptr_t ra)
2139{
2140 return cpu_load_helper(env, addr, mmu_idx, ra, MO_BEUL, full_be_ldul_mmu);
2141}
2142
2143uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
2144 int mmu_idx, uintptr_t ra)
2145{
2146 return cpu_load_helper(env, addr, mmu_idx, ra, MO_BEQ, helper_be_ldq_mmu);
2147}
2148
2149uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
2150 int mmu_idx, uintptr_t ra)
2151{
2152 return cpu_load_helper(env, addr, mmu_idx, ra, MO_LEUW, full_le_lduw_mmu);
2153}
2154
2155int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
2156 int mmu_idx, uintptr_t ra)
d03f1408 2157{
b9e60257
RH		 2158 return (int16_t)cpu_load_helper(env, addr, mmu_idx, ra, MO_LESW,
2159 full_le_lduw_mmu);
d03f1408
RH		 2160}
2161
b9e60257
RH		 2162uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
2163 int mmu_idx, uintptr_t ra)
d03f1408 2164{
b9e60257 2165 return cpu_load_helper(env, addr, mmu_idx, ra, MO_LEUL, full_le_ldul_mmu);
d03f1408
RH		 2166}
2167
b9e60257
RH		 2168uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
2169 int mmu_idx, uintptr_t ra)
d03f1408 2170{
b9e60257 2171 return cpu_load_helper(env, addr, mmu_idx, ra, MO_LEQ, helper_le_ldq_mmu);
d03f1408
RH		 2172}
2173
cfe04a4b
RH		 2174uint32_t cpu_ldub_data_ra(CPUArchState *env, target_ulong ptr,
2175 uintptr_t retaddr)
2176{
2177 return cpu_ldub_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
2178}
2179
2180int cpu_ldsb_data_ra(CPUArchState *env, target_ulong ptr, uintptr_t retaddr)
2181{
2182 return cpu_ldsb_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
2183}
2184
b9e60257
RH		 2185uint32_t cpu_lduw_be_data_ra(CPUArchState *env, target_ulong ptr,
2186 uintptr_t retaddr)
2187{
2188 return cpu_lduw_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
2189}
2190
2191int cpu_ldsw_be_data_ra(CPUArchState *env, target_ulong ptr, uintptr_t retaddr)
cfe04a4b 2192{
b9e60257 2193 return cpu_ldsw_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
cfe04a4b
RH		 2194}
2195
b9e60257
RH		 2196uint32_t cpu_ldl_be_data_ra(CPUArchState *env, target_ulong ptr,
2197 uintptr_t retaddr)
cfe04a4b 2198{
b9e60257 2199 return cpu_ldl_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
cfe04a4b
RH		 2200}
2201
b9e60257
RH		 2202uint64_t cpu_ldq_be_data_ra(CPUArchState *env, target_ulong ptr,
2203 uintptr_t retaddr)
cfe04a4b 2204{
b9e60257 2205 return cpu_ldq_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
cfe04a4b
RH		 2206}
2207
b9e60257
RH		 2208uint32_t cpu_lduw_le_data_ra(CPUArchState *env, target_ulong ptr,
2209 uintptr_t retaddr)
cfe04a4b 2210{
b9e60257
RH		 2211 return cpu_lduw_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
2212}
2213
2214int cpu_ldsw_le_data_ra(CPUArchState *env, target_ulong ptr, uintptr_t retaddr)
2215{
2216 return cpu_ldsw_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
2217}
2218
2219uint32_t cpu_ldl_le_data_ra(CPUArchState *env, target_ulong ptr,
2220 uintptr_t retaddr)
2221{
2222 return cpu_ldl_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
2223}
2224
2225uint64_t cpu_ldq_le_data_ra(CPUArchState *env, target_ulong ptr,
2226 uintptr_t retaddr)
2227{
2228 return cpu_ldq_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
cfe04a4b
RH		 2229}
2230
2231uint32_t cpu_ldub_data(CPUArchState *env, target_ulong ptr)
2232{
2233 return cpu_ldub_data_ra(env, ptr, 0);
2234}
2235
2236int cpu_ldsb_data(CPUArchState *env, target_ulong ptr)
2237{
2238 return cpu_ldsb_data_ra(env, ptr, 0);
2239}
2240
b9e60257
RH		 2241uint32_t cpu_lduw_be_data(CPUArchState *env, target_ulong ptr)
2242{
2243 return cpu_lduw_be_data_ra(env, ptr, 0);
2244}
2245
2246int cpu_ldsw_be_data(CPUArchState *env, target_ulong ptr)
2247{
2248 return cpu_ldsw_be_data_ra(env, ptr, 0);
2249}
2250
2251uint32_t cpu_ldl_be_data(CPUArchState *env, target_ulong ptr)
2252{
2253 return cpu_ldl_be_data_ra(env, ptr, 0);
2254}
2255
2256uint64_t cpu_ldq_be_data(CPUArchState *env, target_ulong ptr)
cfe04a4b 2257{
b9e60257 2258 return cpu_ldq_be_data_ra(env, ptr, 0);
cfe04a4b
RH		 2259}
2260
b9e60257 2261uint32_t cpu_lduw_le_data(CPUArchState *env, target_ulong ptr)
cfe04a4b 2262{
b9e60257 2263 return cpu_lduw_le_data_ra(env, ptr, 0);
cfe04a4b
RH		 2264}
2265
b9e60257 2266int cpu_ldsw_le_data(CPUArchState *env, target_ulong ptr)
cfe04a4b 2267{
b9e60257 2268 return cpu_ldsw_le_data_ra(env, ptr, 0);
cfe04a4b
RH		 2269}
2270
b9e60257 2271uint32_t cpu_ldl_le_data(CPUArchState *env, target_ulong ptr)
cfe04a4b 2272{
b9e60257
RH		 2273 return cpu_ldl_le_data_ra(env, ptr, 0);
2274}
2275
2276uint64_t cpu_ldq_le_data(CPUArchState *env, target_ulong ptr)
2277{
2278 return cpu_ldq_le_data_ra(env, ptr, 0);
cfe04a4b
RH		 2279}
2280
eed56642
AB		 2281/*
2282 * Store Helpers
2283 */
2284
80d9d1c6
RH		 2285static inline void QEMU_ALWAYS_INLINE
2286store_memop(void *haddr, uint64_t val, MemOp op)
2287{
2288 switch (op) {
2289 case MO_UB:
2290 stb_p(haddr, val);
2291 break;
2292 case MO_BEUW:
2293 stw_be_p(haddr, val);
2294 break;
2295 case MO_LEUW:
2296 stw_le_p(haddr, val);
2297 break;
2298 case MO_BEUL:
2299 stl_be_p(haddr, val);
2300 break;
2301 case MO_LEUL:
2302 stl_le_p(haddr, val);
2303 break;
2304 case MO_BEQ:
2305 stq_be_p(haddr, val);
2306 break;
2307 case MO_LEQ:
2308 stq_le_p(haddr, val);
2309 break;
2310 default:
2311 qemu_build_not_reached();
2312 }
2313}
2314
6b8b622e
RH		 2315static void __attribute__((noinline))
2316store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
2317 uintptr_t retaddr, size_t size, uintptr_t mmu_idx,
2318 bool big_endian)
2319{
2320 const size_t tlb_off = offsetof(CPUTLBEntry, addr_write);
2321 uintptr_t index, index2;
2322 CPUTLBEntry *entry, *entry2;
2323 target_ulong page2, tlb_addr, tlb_addr2;
2324 TCGMemOpIdx oi;
2325 size_t size2;
2326 int i;
2327
2328 /*
2329 * Ensure the second page is in the TLB. Note that the first page
2330 * is already guaranteed to be filled, and that the second page
2331 * cannot evict the first.
2332 */
2333 page2 = (addr + size) & TARGET_PAGE_MASK;
2334 size2 = (addr + size) & ~TARGET_PAGE_MASK;
2335 index2 = tlb_index(env, mmu_idx, page2);
2336 entry2 = tlb_entry(env, mmu_idx, page2);
2337
2338 tlb_addr2 = tlb_addr_write(entry2);
2339 if (!tlb_hit_page(tlb_addr2, page2)) {
2340 if (!victim_tlb_hit(env, mmu_idx, index2, tlb_off, page2)) {
2341 tlb_fill(env_cpu(env), page2, size2, MMU_DATA_STORE,
2342 mmu_idx, retaddr);
2343 index2 = tlb_index(env, mmu_idx, page2);
2344 entry2 = tlb_entry(env, mmu_idx, page2);
2345 }
2346 tlb_addr2 = tlb_addr_write(entry2);
2347 }
2348
2349 index = tlb_index(env, mmu_idx, addr);
2350 entry = tlb_entry(env, mmu_idx, addr);
2351 tlb_addr = tlb_addr_write(entry);
2352
2353 /*
2354 * Handle watchpoints. Since this may trap, all checks
2355 * must happen before any store.
2356 */
2357 if (unlikely(tlb_addr & TLB_WATCHPOINT)) {
2358 cpu_check_watchpoint(env_cpu(env), addr, size - size2,
2359 env_tlb(env)->d[mmu_idx].iotlb[index].attrs,
2360 BP_MEM_WRITE, retaddr);
2361 }
2362 if (unlikely(tlb_addr2 & TLB_WATCHPOINT)) {
2363 cpu_check_watchpoint(env_cpu(env), page2, size2,
2364 env_tlb(env)->d[mmu_idx].iotlb[index2].attrs,
2365 BP_MEM_WRITE, retaddr);
2366 }
2367
2368 /*
2369 * XXX: not efficient, but simple.
2370 * This loop must go in the forward direction to avoid issues
2371 * with self-modifying code in Windows 64-bit.
2372 */
2373 oi = make_memop_idx(MO_UB, mmu_idx);
2374 if (big_endian) {
2375 for (i = 0; i < size; ++i) {
2376 /* Big-endian extract. */
2377 uint8_t val8 = val >> (((size - 1) * 8) - (i * 8));
2378 helper_ret_stb_mmu(env, addr + i, val8, oi, retaddr);
2379 }
2380 } else {
2381 for (i = 0; i < size; ++i) {
2382 /* Little-endian extract. */
2383 uint8_t val8 = val >> (i * 8);
2384 helper_ret_stb_mmu(env, addr + i, val8, oi, retaddr);
2385 }
2386 }
2387}
2388
c6b716cd 2389static inline void QEMU_ALWAYS_INLINE
4601f8d1 2390store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
be5c4787 2391 TCGMemOpIdx oi, uintptr_t retaddr, MemOp op)
eed56642
AB		 2392{
2393 uintptr_t mmu_idx = get_mmuidx(oi);
2394 uintptr_t index = tlb_index(env, mmu_idx, addr);
2395 CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
2396 target_ulong tlb_addr = tlb_addr_write(entry);
2397 const size_t tlb_off = offsetof(CPUTLBEntry, addr_write);
2398 unsigned a_bits = get_alignment_bits(get_memop(oi));
2399 void *haddr;
be5c4787 2400 size_t size = memop_size(op);
eed56642
AB		 2401
2402 /* Handle CPU specific unaligned behaviour */
2403 if (addr & ((1 << a_bits) - 1)) {
29a0af61 2404 cpu_unaligned_access(env_cpu(env), addr, MMU_DATA_STORE,
eed56642
AB		 2405 mmu_idx, retaddr);
2406 }
2407
2408 /* If the TLB entry is for a different page, reload and try again. */
2409 if (!tlb_hit(tlb_addr, addr)) {
2410 if (!victim_tlb_hit(env, mmu_idx, index, tlb_off,
2411 addr & TARGET_PAGE_MASK)) {
29a0af61 2412 tlb_fill(env_cpu(env), addr, size, MMU_DATA_STORE,
eed56642
AB		 2413 mmu_idx, retaddr);
2414 index = tlb_index(env, mmu_idx, addr);
2415 entry = tlb_entry(env, mmu_idx, addr);
2416 }
2417 tlb_addr = tlb_addr_write(entry) & ~TLB_INVALID_MASK;
2418 }
2419
50b107c5 2420 /* Handle anything that isn't just a straight memory access. */
eed56642 2421 if (unlikely(tlb_addr & ~TARGET_PAGE_MASK)) {
50b107c5 2422 CPUIOTLBEntry *iotlbentry;
5b87b3e6 2423 bool need_swap;
50b107c5
RH		 2424
2425 /* For anything that is unaligned, recurse through byte stores. */
eed56642
AB		 2426 if ((addr & (size - 1)) != 0) {
2427 goto do_unaligned_access;
2428 }
50b107c5
RH		 2429
2430 iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
2431
2432 /* Handle watchpoints. */
2433 if (unlikely(tlb_addr & TLB_WATCHPOINT)) {
2434 /* On watchpoint hit, this will longjmp out. */
2435 cpu_check_watchpoint(env_cpu(env), addr, size,
2436 iotlbentry->attrs, BP_MEM_WRITE, retaddr);
50b107c5
RH		 2437 }
2438
5b87b3e6
RH		 2439 need_swap = size > 1 && (tlb_addr & TLB_BSWAP);
2440
50b107c5 2441 /* Handle I/O access. */
08565552 2442 if (tlb_addr & TLB_MMIO) {
5b87b3e6
RH		 2443 io_writex(env, iotlbentry, mmu_idx, val, addr, retaddr,
2444 op ^ (need_swap * MO_BSWAP));
2445 return;
2446 }
2447
7b0d792c
RH		 2448 /* Ignore writes to ROM. */
2449 if (unlikely(tlb_addr & TLB_DISCARD_WRITE)) {
2450 return;
2451 }
2452
08565552
RH		 2453 /* Handle clean RAM pages. */
2454 if (tlb_addr & TLB_NOTDIRTY) {
707526ad 2455 notdirty_write(env_cpu(env), addr, size, iotlbentry, retaddr);
08565552
RH		 2456 }
2457
707526ad
RH		 2458 haddr = (void *)((uintptr_t)addr + entry->addend);
2459
5b87b3e6
RH		 2460 /*
2461 * Keep these two store_memop separate to ensure that the compiler
2462 * is able to fold the entire function to a single instruction.
2463 * There is a build-time assert inside to remind you of this. ;-)
2464 */
2465 if (unlikely(need_swap)) {
2466 store_memop(haddr, val, op ^ MO_BSWAP);
2467 } else {
2468 store_memop(haddr, val, op);
2469 }
eed56642
AB		 2470 return;
2471 }
2472
2473 /* Handle slow unaligned access (it spans two pages or IO). */
2474 if (size > 1
2475 && unlikely((addr & ~TARGET_PAGE_MASK) + size - 1
2476 >= TARGET_PAGE_SIZE)) {
eed56642 2477 do_unaligned_access:
6b8b622e
RH		 2478 store_helper_unaligned(env, addr, val, retaddr, size,
2479 mmu_idx, memop_big_endian(op));
eed56642
AB		 2480 return;
2481 }
2482
2483 haddr = (void *)((uintptr_t)addr + entry->addend);
80d9d1c6 2484 store_memop(haddr, val, op);
eed56642
AB		 2485}
2486
6b8b622e
RH		 2487void __attribute__((noinline))
2488helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
2489 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2490{
be5c4787 2491 store_helper(env, addr, val, oi, retaddr, MO_UB);
eed56642
AB		 2492}
2493
fc1bc777
RH		 2494void helper_le_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
2495 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2496{
be5c4787 2497 store_helper(env, addr, val, oi, retaddr, MO_LEUW);
eed56642
AB		 2498}
2499
fc1bc777
RH		 2500void helper_be_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
2501 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2502{
be5c4787 2503 store_helper(env, addr, val, oi, retaddr, MO_BEUW);
eed56642
AB		 2504}
2505
fc1bc777
RH		 2506void helper_le_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
2507 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2508{
be5c4787 2509 store_helper(env, addr, val, oi, retaddr, MO_LEUL);
eed56642
AB		 2510}
2511
fc1bc777
RH		 2512void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
2513 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2514{
be5c4787 2515 store_helper(env, addr, val, oi, retaddr, MO_BEUL);
eed56642
AB		 2516}
2517
fc1bc777
RH		 2518void helper_le_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
2519 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2520{
be5c4787 2521 store_helper(env, addr, val, oi, retaddr, MO_LEQ);
eed56642
AB		 2522}
2523
fc1bc777
RH		 2524void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
2525 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2526{
be5c4787 2527 store_helper(env, addr, val, oi, retaddr, MO_BEQ);
eed56642 2528}
0f590e74 2529
d03f1408
RH		 2530/*
2531 * Store Helpers for cpu_ldst.h
2532 */
2533
2534static inline void QEMU_ALWAYS_INLINE
2535cpu_store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
2536 int mmu_idx, uintptr_t retaddr, MemOp op)
2537{
2538 TCGMemOpIdx oi;
2539 uint16_t meminfo;
2540
2541 meminfo = trace_mem_get_info(op, mmu_idx, true);
2542 trace_guest_mem_before_exec(env_cpu(env), addr, meminfo);
2543
2544 oi = make_memop_idx(op, mmu_idx);
2545 store_helper(env, addr, val, oi, retaddr, op);
2546
2547 qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, meminfo);
2548}
2549
2550void cpu_stb_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
2551 int mmu_idx, uintptr_t retaddr)
2552{
2553 cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_UB);
2554}
2555
b9e60257
RH		 2556void cpu_stw_be_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
2557 int mmu_idx, uintptr_t retaddr)
d03f1408 2558{
b9e60257 2559 cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_BEUW);
d03f1408
RH		 2560}
2561
b9e60257
RH		 2562void cpu_stl_be_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
2563 int mmu_idx, uintptr_t retaddr)
d03f1408 2564{
b9e60257 2565 cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_BEUL);
d03f1408
RH		 2566}
2567
b9e60257
RH		 2568void cpu_stq_be_mmuidx_ra(CPUArchState *env, target_ulong addr, uint64_t val,
2569 int mmu_idx, uintptr_t retaddr)
2570{
2571 cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_BEQ);
2572}
2573
2574void cpu_stw_le_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
2575 int mmu_idx, uintptr_t retaddr)
d03f1408 2576{
b9e60257
RH		 2577 cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_LEUW);
2578}
2579
2580void cpu_stl_le_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
2581 int mmu_idx, uintptr_t retaddr)
2582{
2583 cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_LEUL);
2584}
2585
2586void cpu_stq_le_mmuidx_ra(CPUArchState *env, target_ulong addr, uint64_t val,
2587 int mmu_idx, uintptr_t retaddr)
2588{
2589 cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_LEQ);
d03f1408
RH		 2590}
2591
cfe04a4b
RH		 2592void cpu_stb_data_ra(CPUArchState *env, target_ulong ptr,
2593 uint32_t val, uintptr_t retaddr)
2594{
2595 cpu_stb_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
2596}
2597
b9e60257
RH		 2598void cpu_stw_be_data_ra(CPUArchState *env, target_ulong ptr,
2599 uint32_t val, uintptr_t retaddr)
cfe04a4b 2600{
b9e60257 2601 cpu_stw_be_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
cfe04a4b
RH		 2602}
2603
b9e60257
RH		 2604void cpu_stl_be_data_ra(CPUArchState *env, target_ulong ptr,
2605 uint32_t val, uintptr_t retaddr)
cfe04a4b 2606{
b9e60257 2607 cpu_stl_be_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
cfe04a4b
RH		 2608}
2609
b9e60257
RH		 2610void cpu_stq_be_data_ra(CPUArchState *env, target_ulong ptr,
2611 uint64_t val, uintptr_t retaddr)
cfe04a4b 2612{
b9e60257
RH		 2613 cpu_stq_be_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
2614}
2615
2616void cpu_stw_le_data_ra(CPUArchState *env, target_ulong ptr,
2617 uint32_t val, uintptr_t retaddr)
2618{
2619 cpu_stw_le_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
2620}
2621
2622void cpu_stl_le_data_ra(CPUArchState *env, target_ulong ptr,
2623 uint32_t val, uintptr_t retaddr)
2624{
2625 cpu_stl_le_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
2626}
2627
2628void cpu_stq_le_data_ra(CPUArchState *env, target_ulong ptr,
2629 uint64_t val, uintptr_t retaddr)
2630{
2631 cpu_stq_le_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
cfe04a4b
RH		 2632}
2633
2634void cpu_stb_data(CPUArchState *env, target_ulong ptr, uint32_t val)
2635{
2636 cpu_stb_data_ra(env, ptr, val, 0);
2637}
2638
b9e60257
RH		 2639void cpu_stw_be_data(CPUArchState *env, target_ulong ptr, uint32_t val)
2640{
2641 cpu_stw_be_data_ra(env, ptr, val, 0);
2642}
2643
2644void cpu_stl_be_data(CPUArchState *env, target_ulong ptr, uint32_t val)
2645{
2646 cpu_stl_be_data_ra(env, ptr, val, 0);
2647}
2648
2649void cpu_stq_be_data(CPUArchState *env, target_ulong ptr, uint64_t val)
2650{
2651 cpu_stq_be_data_ra(env, ptr, val, 0);
2652}
2653
2654void cpu_stw_le_data(CPUArchState *env, target_ulong ptr, uint32_t val)
cfe04a4b 2655{
b9e60257 2656 cpu_stw_le_data_ra(env, ptr, val, 0);
cfe04a4b
RH		 2657}
2658
b9e60257 2659void cpu_stl_le_data(CPUArchState *env, target_ulong ptr, uint32_t val)
cfe04a4b 2660{
b9e60257 2661 cpu_stl_le_data_ra(env, ptr, val, 0);
cfe04a4b
RH		 2662}
2663
b9e60257 2664void cpu_stq_le_data(CPUArchState *env, target_ulong ptr, uint64_t val)
cfe04a4b 2665{
b9e60257 2666 cpu_stq_le_data_ra(env, ptr, val, 0);
cfe04a4b
RH		 2667}
2668
c482cb11
RH		 2669/* First set of helpers allows passing in of OI and RETADDR. This makes
2670 them callable from other helpers. */
2671
2672#define EXTRA_ARGS , TCGMemOpIdx oi, uintptr_t retaddr
2673#define ATOMIC_NAME(X) \
2674 HELPER(glue(glue(glue(atomic_ ## X, SUFFIX), END), _mmu))
707526ad
RH		 2675#define ATOMIC_MMU_DECLS
2676#define ATOMIC_MMU_LOOKUP atomic_mmu_lookup(env, addr, oi, retaddr)
2677#define ATOMIC_MMU_CLEANUP
504f73f7 2678#define ATOMIC_MMU_IDX get_mmuidx(oi)
c482cb11 2679
139c1837 2680#include "atomic_common.c.inc"
c482cb11
RH		 2681
2682#define DATA_SIZE 1
2683#include "atomic_template.h"
2684
2685#define DATA_SIZE 2
2686#include "atomic_template.h"
2687
2688#define DATA_SIZE 4
2689#include "atomic_template.h"
2690
df79b996 2691#ifdef CONFIG_ATOMIC64
c482cb11
RH		 2692#define DATA_SIZE 8
2693#include "atomic_template.h"
df79b996 2694#endif
c482cb11 2695
e6cd4bb5 2696#if HAVE_CMPXCHG128 || HAVE_ATOMIC128
7ebee43e
RH		 2697#define DATA_SIZE 16
2698#include "atomic_template.h"
2699#endif
2700
c482cb11
RH		 2701/* Second set of helpers are directly callable from TCG as helpers. */
2702
2703#undef EXTRA_ARGS
2704#undef ATOMIC_NAME
2705#undef ATOMIC_MMU_LOOKUP
2706#define EXTRA_ARGS , TCGMemOpIdx oi
2707#define ATOMIC_NAME(X) HELPER(glue(glue(atomic_ ## X, SUFFIX), END))
707526ad 2708#define ATOMIC_MMU_LOOKUP atomic_mmu_lookup(env, addr, oi, GETPC())
c482cb11
RH		 2709
2710#define DATA_SIZE 1
2711#include "atomic_template.h"
2712
2713#define DATA_SIZE 2
2714#include "atomic_template.h"
2715
2716#define DATA_SIZE 4
2717#include "atomic_template.h"
2718
df79b996 2719#ifdef CONFIG_ATOMIC64
c482cb11
RH		 2720#define DATA_SIZE 8
2721#include "atomic_template.h"
df79b996 2722#endif
504f73f7 2723#undef ATOMIC_MMU_IDX
c482cb11
RH		 2724
2725/* Code access functions. */
2726
fc4120a3 2727static uint64_t full_ldub_code(CPUArchState *env, target_ulong addr,
2dd92606
RH		 2728 TCGMemOpIdx oi, uintptr_t retaddr)
2729{
fc4120a3 2730 return load_helper(env, addr, oi, retaddr, MO_8, true, full_ldub_code);
2dd92606
RH		 2731}
2732
fc4120a3 2733uint32_t cpu_ldub_code(CPUArchState *env, abi_ptr addr)
eed56642 2734{
fc4120a3
RH		 2735 TCGMemOpIdx oi = make_memop_idx(MO_UB, cpu_mmu_index(env, true));
2736 return full_ldub_code(env, addr, oi, 0);
2dd92606
RH		 2737}
2738
fc4120a3
RH		 2739static uint64_t full_lduw_code(CPUArchState *env, target_ulong addr,
2740 TCGMemOpIdx oi, uintptr_t retaddr)
2dd92606 2741{
fc4120a3 2742 return load_helper(env, addr, oi, retaddr, MO_TEUW, true, full_lduw_code);
eed56642 2743}
0cac1b66 2744
fc4120a3 2745uint32_t cpu_lduw_code(CPUArchState *env, abi_ptr addr)
eed56642 2746{
fc4120a3
RH		 2747 TCGMemOpIdx oi = make_memop_idx(MO_TEUW, cpu_mmu_index(env, true));
2748 return full_lduw_code(env, addr, oi, 0);
2dd92606
RH		 2749}
2750
fc4120a3
RH		 2751static uint64_t full_ldl_code(CPUArchState *env, target_ulong addr,
2752 TCGMemOpIdx oi, uintptr_t retaddr)
2dd92606 2753{
fc4120a3 2754 return load_helper(env, addr, oi, retaddr, MO_TEUL, true, full_ldl_code);
eed56642 2755}
0cac1b66 2756
fc4120a3 2757uint32_t cpu_ldl_code(CPUArchState *env, abi_ptr addr)
eed56642 2758{
fc4120a3
RH		 2759 TCGMemOpIdx oi = make_memop_idx(MO_TEUL, cpu_mmu_index(env, true));
2760 return full_ldl_code(env, addr, oi, 0);
eed56642
AB		 2761}
2762
fc4120a3
RH		 2763static uint64_t full_ldq_code(CPUArchState *env, target_ulong addr,
2764 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2765{
fc4120a3 2766 return load_helper(env, addr, oi, retaddr, MO_TEQ, true, full_ldq_code);
eed56642
AB		 2767}
2768
fc4120a3 2769uint64_t cpu_ldq_code(CPUArchState *env, abi_ptr addr)
eed56642 2770{
fc4120a3
RH		 2771 TCGMemOpIdx oi = make_memop_idx(MO_TEQ, cpu_mmu_index(env, true));
2772 return full_ldq_code(env, addr, oi, 0);
eed56642 2773}
QEMU mirror