]> git.proxmox.com Git - mirror_qemu.git/blame - accel/tcg/cputlb.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
accel/tcg: Add tlb_flush_range_by_mmuidx_all_cpus()
[mirror_qemu.git] / accel / tcg / cputlb.c
CommitLineData
0cac1b66
BS		 1/*
2 * Common CPU TLB handling
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
fb0343d5 9 * version 2.1 of the License, or (at your option) any later version.
0cac1b66
BS		 10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19
7b31bbc2 20#include "qemu/osdep.h"
8d04fb55 21#include "qemu/main-loop.h"
78271684 22#include "hw/core/tcg-cpu-ops.h"
022c62cb
PB		 23#include "exec/exec-all.h"
24#include "exec/memory.h"
f08b6170 25#include "exec/cpu_ldst.h"
022c62cb 26#include "exec/cputlb.h"
0f4abea8 27#include "exec/tb-hash.h"
022c62cb 28#include "exec/memory-internal.h"
220c3ebd 29#include "exec/ram_addr.h"
0f590e74 30#include "tcg/tcg.h"
d7f30403
PM		 31#include "qemu/error-report.h"
32#include "exec/log.h"
c482cb11
RH		 33#include "exec/helper-proto.h"
34#include "qemu/atomic.h"
e6cd4bb5 35#include "qemu/atomic128.h"
3b9bd3f4 36#include "exec/translate-all.h"
243af022 37#include "trace/trace-root.h"
d03f1408 38#include "trace/mem.h"
65269192 39#include "internal.h"
235537fa
AB		 40#ifdef CONFIG_PLUGIN
41#include "qemu/plugin-memory.h"
42#endif
0cac1b66 43
8526e1f4
AB		 44/* DEBUG defines, enable DEBUG_TLB_LOG to log to the CPU_LOG_MMU target */
45/* #define DEBUG_TLB */
46/* #define DEBUG_TLB_LOG */
47
48#ifdef DEBUG_TLB
49# define DEBUG_TLB_GATE 1
50# ifdef DEBUG_TLB_LOG
51# define DEBUG_TLB_LOG_GATE 1
52# else
53# define DEBUG_TLB_LOG_GATE 0
54# endif
55#else
56# define DEBUG_TLB_GATE 0
57# define DEBUG_TLB_LOG_GATE 0
58#endif
59
60#define tlb_debug(fmt, ...) do { \
61 if (DEBUG_TLB_LOG_GATE) { \
62 qemu_log_mask(CPU_LOG_MMU, "%s: " fmt, __func__, \
63 ## __VA_ARGS__); \
64 } else if (DEBUG_TLB_GATE) { \
65 fprintf(stderr, "%s: " fmt, __func__, ## __VA_ARGS__); \
66 } \
67} while (0)
0cac1b66 68
ea9025cb 69#define assert_cpu_is_self(cpu) do { \
f0aff0f1 70 if (DEBUG_TLB_GATE) { \
ea9025cb 71 g_assert(!(cpu)->created || qemu_cpu_is_self(cpu)); \
f0aff0f1
AB		 72 } \
73 } while (0)
74
e3b9ca81
FK		 75/* run_on_cpu_data.target_ptr should always be big enough for a
76 * target_ulong even on 32 bit builds */
77QEMU_BUILD_BUG_ON(sizeof(target_ulong) > sizeof(run_on_cpu_data));
78
e7218445
AB		 79/* We currently can't handle more than 16 bits in the MMUIDX bitmask.
80 */
81QEMU_BUILD_BUG_ON(NB_MMU_MODES > 16);
82#define ALL_MMUIDX_BITS ((1 << NB_MMU_MODES) - 1)
83
722a1c1e 84static inline size_t tlb_n_entries(CPUTLBDescFast *fast)
7a1efe1b 85{
722a1c1e 86 return (fast->mask >> CPU_TLB_ENTRY_BITS) + 1;
7a1efe1b
RH		 87}
88
722a1c1e 89static inline size_t sizeof_tlb(CPUTLBDescFast *fast)
86e1eff8 90{
722a1c1e 91 return fast->mask + (1 << CPU_TLB_ENTRY_BITS);
86e1eff8
EC		 92}
93
79e42085 94static void tlb_window_reset(CPUTLBDesc *desc, int64_t ns,
86e1eff8
EC		 95 size_t max_entries)
96{
79e42085
RH		 97 desc->window_begin_ns = ns;
98 desc->window_max_entries = max_entries;
86e1eff8
EC		 99}
100
0f4abea8
RH		 101static void tb_jmp_cache_clear_page(CPUState *cpu, target_ulong page_addr)
102{
103 unsigned int i, i0 = tb_jmp_cache_hash_page(page_addr);
104
105 for (i = 0; i < TB_JMP_PAGE_SIZE; i++) {
106 qatomic_set(&cpu->tb_jmp_cache[i0 + i], NULL);
107 }
108}
109
110static void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr)
111{
112 /* Discard jump cache entries for any tb which might potentially
113 overlap the flushed page. */
114 tb_jmp_cache_clear_page(cpu, addr - TARGET_PAGE_SIZE);
115 tb_jmp_cache_clear_page(cpu, addr);
116}
117
86e1eff8
EC		 118/**
119 * tlb_mmu_resize_locked() - perform TLB resize bookkeeping; resize if necessary
71ccd47b
RH		 120 * @desc: The CPUTLBDesc portion of the TLB
121 * @fast: The CPUTLBDescFast portion of the same TLB
86e1eff8
EC		 122 *
123 * Called with tlb_lock_held.
124 *
125 * We have two main constraints when resizing a TLB: (1) we only resize it
126 * on a TLB flush (otherwise we'd have to take a perf hit by either rehashing
127 * the array or unnecessarily flushing it), which means we do not control how
128 * frequently the resizing can occur; (2) we don't have access to the guest's
129 * future scheduling decisions, and therefore have to decide the magnitude of
130 * the resize based on past observations.
131 *
132 * In general, a memory-hungry process can benefit greatly from an appropriately
133 * sized TLB, since a guest TLB miss is very expensive. This doesn't mean that
134 * we just have to make the TLB as large as possible; while an oversized TLB
135 * results in minimal TLB miss rates, it also takes longer to be flushed
136 * (flushes can be _very_ frequent), and the reduced locality can also hurt
137 * performance.
138 *
139 * To achieve near-optimal performance for all kinds of workloads, we:
140 *
141 * 1. Aggressively increase the size of the TLB when the use rate of the
142 * TLB being flushed is high, since it is likely that in the near future this
143 * memory-hungry process will execute again, and its memory hungriness will
144 * probably be similar.
145 *
146 * 2. Slowly reduce the size of the TLB as the use rate declines over a
147 * reasonably large time window. The rationale is that if in such a time window
148 * we have not observed a high TLB use rate, it is likely that we won't observe
149 * it in the near future. In that case, once a time window expires we downsize
150 * the TLB to match the maximum use rate observed in the window.
151 *
152 * 3. Try to keep the maximum use rate in a time window in the 30-70% range,
153 * since in that range performance is likely near-optimal. Recall that the TLB
154 * is direct mapped, so we want the use rate to be low (or at least not too
155 * high), since otherwise we are likely to have a significant amount of
156 * conflict misses.
157 */
3c3959f2
RH		 158static void tlb_mmu_resize_locked(CPUTLBDesc *desc, CPUTLBDescFast *fast,
159 int64_t now)
86e1eff8 160{
71ccd47b 161 size_t old_size = tlb_n_entries(fast);
86e1eff8
EC		 162 size_t rate;
163 size_t new_size = old_size;
86e1eff8
EC		 164 int64_t window_len_ms = 100;
165 int64_t window_len_ns = window_len_ms * 1000 * 1000;
79e42085 166 bool window_expired = now > desc->window_begin_ns + window_len_ns;
86e1eff8 167
79e42085
RH		 168 if (desc->n_used_entries > desc->window_max_entries) {
169 desc->window_max_entries = desc->n_used_entries;
86e1eff8 170 }
79e42085 171 rate = desc->window_max_entries * 100 / old_size;
86e1eff8
EC		 172
173 if (rate > 70) {
174 new_size = MIN(old_size << 1, 1 << CPU_TLB_DYN_MAX_BITS);
175 } else if (rate < 30 && window_expired) {
79e42085
RH		 176 size_t ceil = pow2ceil(desc->window_max_entries);
177 size_t expected_rate = desc->window_max_entries * 100 / ceil;
86e1eff8
EC		 178
179 /*
180 * Avoid undersizing when the max number of entries seen is just below
181 * a pow2. For instance, if max_entries == 1025, the expected use rate
182 * would be 1025/2048==50%. However, if max_entries == 1023, we'd get
183 * 1023/1024==99.9% use rate, so we'd likely end up doubling the size
184 * later. Thus, make sure that the expected use rate remains below 70%.
185 * (and since we double the size, that means the lowest rate we'd
186 * expect to get is 35%, which is still in the 30-70% range where
187 * we consider that the size is appropriate.)
188 */
189 if (expected_rate > 70) {
190 ceil *= 2;
191 }
192 new_size = MAX(ceil, 1 << CPU_TLB_DYN_MIN_BITS);
193 }
194
195 if (new_size == old_size) {
196 if (window_expired) {
79e42085 197 tlb_window_reset(desc, now, desc->n_used_entries);
86e1eff8
EC		 198 }
199 return;
200 }
201
71ccd47b
RH		 202 g_free(fast->table);
203 g_free(desc->iotlb);
86e1eff8 204
79e42085 205 tlb_window_reset(desc, now, 0);
86e1eff8 206 /* desc->n_used_entries is cleared by the caller */
71ccd47b
RH		 207 fast->mask = (new_size - 1) << CPU_TLB_ENTRY_BITS;
208 fast->table = g_try_new(CPUTLBEntry, new_size);
209 desc->iotlb = g_try_new(CPUIOTLBEntry, new_size);
210
86e1eff8
EC		 211 /*
212 * If the allocations fail, try smaller sizes. We just freed some
213 * memory, so going back to half of new_size has a good chance of working.
214 * Increased memory pressure elsewhere in the system might cause the
215 * allocations to fail though, so we progressively reduce the allocation
216 * size, aborting if we cannot even allocate the smallest TLB we support.
217 */
71ccd47b 218 while (fast->table == NULL || desc->iotlb == NULL) {
86e1eff8
EC		 219 if (new_size == (1 << CPU_TLB_DYN_MIN_BITS)) {
220 error_report("%s: %s", __func__, strerror(errno));
221 abort();
222 }
223 new_size = MAX(new_size >> 1, 1 << CPU_TLB_DYN_MIN_BITS);
71ccd47b 224 fast->mask = (new_size - 1) << CPU_TLB_ENTRY_BITS;
86e1eff8 225
71ccd47b
RH		 226 g_free(fast->table);
227 g_free(desc->iotlb);
228 fast->table = g_try_new(CPUTLBEntry, new_size);
229 desc->iotlb = g_try_new(CPUIOTLBEntry, new_size);
86e1eff8
EC		 230 }
231}
232
bbf021b0 233static void tlb_mmu_flush_locked(CPUTLBDesc *desc, CPUTLBDescFast *fast)
86e1eff8 234{
5c948e31
RH		 235 desc->n_used_entries = 0;
236 desc->large_page_addr = -1;
237 desc->large_page_mask = -1;
238 desc->vindex = 0;
239 memset(fast->table, -1, sizeof_tlb(fast));
240 memset(desc->vtable, -1, sizeof(desc->vtable));
86e1eff8
EC		 241}
242
3c3959f2
RH		 243static void tlb_flush_one_mmuidx_locked(CPUArchState *env, int mmu_idx,
244 int64_t now)
bbf021b0
RH		 245{
246 CPUTLBDesc *desc = &env_tlb(env)->d[mmu_idx];
247 CPUTLBDescFast *fast = &env_tlb(env)->f[mmu_idx];
248
3c3959f2 249 tlb_mmu_resize_locked(desc, fast, now);
bbf021b0
RH		 250 tlb_mmu_flush_locked(desc, fast);
251}
252
56e89f76
RH		 253static void tlb_mmu_init(CPUTLBDesc *desc, CPUTLBDescFast *fast, int64_t now)
254{
255 size_t n_entries = 1 << CPU_TLB_DYN_DEFAULT_BITS;
256
257 tlb_window_reset(desc, now, 0);
258 desc->n_used_entries = 0;
259 fast->mask = (n_entries - 1) << CPU_TLB_ENTRY_BITS;
260 fast->table = g_new(CPUTLBEntry, n_entries);
261 desc->iotlb = g_new(CPUIOTLBEntry, n_entries);
3c16304a 262 tlb_mmu_flush_locked(desc, fast);
56e89f76
RH		 263}
264
86e1eff8
EC		 265static inline void tlb_n_used_entries_inc(CPUArchState *env, uintptr_t mmu_idx)
266{
a40ec84e 267 env_tlb(env)->d[mmu_idx].n_used_entries++;
86e1eff8
EC		 268}
269
270static inline void tlb_n_used_entries_dec(CPUArchState *env, uintptr_t mmu_idx)
271{
a40ec84e 272 env_tlb(env)->d[mmu_idx].n_used_entries--;
86e1eff8
EC		 273}
274
5005e253
EC		 275void tlb_init(CPUState *cpu)
276{
71aec354 277 CPUArchState *env = cpu->env_ptr;
56e89f76
RH		 278 int64_t now = get_clock_realtime();
279 int i;
71aec354 280
a40ec84e 281 qemu_spin_init(&env_tlb(env)->c.lock);
3d1523ce 282
3c16304a
RH		 283 /* All tlbs are initialized flushed. */
284 env_tlb(env)->c.dirty = 0;
86e1eff8 285
56e89f76
RH		 286 for (i = 0; i < NB_MMU_MODES; i++) {
287 tlb_mmu_init(&env_tlb(env)->d[i], &env_tlb(env)->f[i], now);
288 }
5005e253
EC		 289}
290
816d9be5
EC		 291void tlb_destroy(CPUState *cpu)
292{
293 CPUArchState *env = cpu->env_ptr;
294 int i;
295
296 qemu_spin_destroy(&env_tlb(env)->c.lock);
297 for (i = 0; i < NB_MMU_MODES; i++) {
298 CPUTLBDesc *desc = &env_tlb(env)->d[i];
299 CPUTLBDescFast *fast = &env_tlb(env)->f[i];
300
301 g_free(fast->table);
302 g_free(desc->iotlb);
303 }
304}
305
c3b9a07a
AB		 306/* flush_all_helper: run fn across all cpus
307 *
308 * If the wait flag is set then the src cpu's helper will be queued as
309 * "safe" work and the loop exited creating a synchronisation point
310 * where all queued work will be finished before execution starts
311 * again.
312 */
313static void flush_all_helper(CPUState *src, run_on_cpu_func fn,
314 run_on_cpu_data d)
315{
316 CPUState *cpu;
317
318 CPU_FOREACH(cpu) {
319 if (cpu != src) {
320 async_run_on_cpu(cpu, fn, d);
321 }
322 }
323}
324
e09de0a2 325void tlb_flush_counts(size_t *pfull, size_t *ppart, size_t *pelide)
83974cf4
EC		 326{
327 CPUState *cpu;
e09de0a2 328 size_t full = 0, part = 0, elide = 0;
83974cf4
EC		 329
330 CPU_FOREACH(cpu) {
331 CPUArchState *env = cpu->env_ptr;
332
d73415a3
SH		 333 full += qatomic_read(&env_tlb(env)->c.full_flush_count);
334 part += qatomic_read(&env_tlb(env)->c.part_flush_count);
335 elide += qatomic_read(&env_tlb(env)->c.elide_flush_count);
83974cf4 336 }
e09de0a2
RH		 337 *pfull = full;
338 *ppart = part;
339 *pelide = elide;
83974cf4 340}
0cac1b66 341
e7218445 342static void tlb_flush_by_mmuidx_async_work(CPUState *cpu, run_on_cpu_data data)
d7a74a9d
PM		 343{
344 CPUArchState *env = cpu->env_ptr;
3d1523ce
RH		 345 uint16_t asked = data.host_int;
346 uint16_t all_dirty, work, to_clean;
3c3959f2 347 int64_t now = get_clock_realtime();
d7a74a9d 348
f0aff0f1 349 assert_cpu_is_self(cpu);
d7a74a9d 350
3d1523ce 351 tlb_debug("mmu_idx:0x%04" PRIx16 "\n", asked);
e7218445 352
a40ec84e 353 qemu_spin_lock(&env_tlb(env)->c.lock);
60a2ad7d 354
a40ec84e 355 all_dirty = env_tlb(env)->c.dirty;
3d1523ce
RH		 356 to_clean = asked & all_dirty;
357 all_dirty &= ~to_clean;
a40ec84e 358 env_tlb(env)->c.dirty = all_dirty;
3d1523ce
RH		 359
360 for (work = to_clean; work != 0; work &= work - 1) {
361 int mmu_idx = ctz32(work);
3c3959f2 362 tlb_flush_one_mmuidx_locked(env, mmu_idx, now);
d7a74a9d 363 }
3d1523ce 364
a40ec84e 365 qemu_spin_unlock(&env_tlb(env)->c.lock);
d7a74a9d 366
f3ced3c5 367 cpu_tb_jmp_cache_clear(cpu);
64f2674b 368
3d1523ce 369 if (to_clean == ALL_MMUIDX_BITS) {
d73415a3 370 qatomic_set(&env_tlb(env)->c.full_flush_count,
a40ec84e 371 env_tlb(env)->c.full_flush_count + 1);
e09de0a2 372 } else {
d73415a3 373 qatomic_set(&env_tlb(env)->c.part_flush_count,
a40ec84e 374 env_tlb(env)->c.part_flush_count + ctpop16(to_clean));
3d1523ce 375 if (to_clean != asked) {
d73415a3 376 qatomic_set(&env_tlb(env)->c.elide_flush_count,
a40ec84e 377 env_tlb(env)->c.elide_flush_count +
3d1523ce
RH		 378 ctpop16(asked & ~to_clean));
379 }
64f2674b 380 }
d7a74a9d
PM		 381}
382
0336cbf8 383void tlb_flush_by_mmuidx(CPUState *cpu, uint16_t idxmap)
d7a74a9d 384{
e7218445
AB		 385 tlb_debug("mmu_idx: 0x%" PRIx16 "\n", idxmap);
386
64f2674b 387 if (cpu->created && !qemu_cpu_is_self(cpu)) {
ab651105
RH		 388 async_run_on_cpu(cpu, tlb_flush_by_mmuidx_async_work,
389 RUN_ON_CPU_HOST_INT(idxmap));
e7218445 390 } else {
60a2ad7d 391 tlb_flush_by_mmuidx_async_work(cpu, RUN_ON_CPU_HOST_INT(idxmap));
e7218445 392 }
d7a74a9d
PM		 393}
394
64f2674b
RH		 395void tlb_flush(CPUState *cpu)
396{
397 tlb_flush_by_mmuidx(cpu, ALL_MMUIDX_BITS);
398}
399
c3b9a07a
AB		 400void tlb_flush_by_mmuidx_all_cpus(CPUState *src_cpu, uint16_t idxmap)
401{
402 const run_on_cpu_func fn = tlb_flush_by_mmuidx_async_work;
403
404 tlb_debug("mmu_idx: 0x%"PRIx16"\n", idxmap);
405
406 flush_all_helper(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap));
407 fn(src_cpu, RUN_ON_CPU_HOST_INT(idxmap));
408}
409
64f2674b
RH		 410void tlb_flush_all_cpus(CPUState *src_cpu)
411{
412 tlb_flush_by_mmuidx_all_cpus(src_cpu, ALL_MMUIDX_BITS);
413}
414
415void tlb_flush_by_mmuidx_all_cpus_synced(CPUState *src_cpu, uint16_t idxmap)
c3b9a07a
AB		 416{
417 const run_on_cpu_func fn = tlb_flush_by_mmuidx_async_work;
418
419 tlb_debug("mmu_idx: 0x%"PRIx16"\n", idxmap);
420
421 flush_all_helper(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap));
422 async_safe_run_on_cpu(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap));
423}
424
64f2674b
RH		 425void tlb_flush_all_cpus_synced(CPUState *src_cpu)
426{
427 tlb_flush_by_mmuidx_all_cpus_synced(src_cpu, ALL_MMUIDX_BITS);
428}
429
3ab6e68c
RH		 430static bool tlb_hit_page_mask_anyprot(CPUTLBEntry *tlb_entry,
431 target_ulong page, target_ulong mask)
432{
433 page &= mask;
434 mask &= TARGET_PAGE_MASK | TLB_INVALID_MASK;
435
436 return (page == (tlb_entry->addr_read & mask) ||
437 page == (tlb_addr_write(tlb_entry) & mask) ||
438 page == (tlb_entry->addr_code & mask));
439}
440
68fea038
RH		 441static inline bool tlb_hit_page_anyprot(CPUTLBEntry *tlb_entry,
442 target_ulong page)
443{
3ab6e68c 444 return tlb_hit_page_mask_anyprot(tlb_entry, page, -1);
68fea038 445}
c3b9a07a 446
3cea94bb
EC		 447/**
448 * tlb_entry_is_empty - return true if the entry is not in use
449 * @te: pointer to CPUTLBEntry
450 */
451static inline bool tlb_entry_is_empty(const CPUTLBEntry *te)
452{
453 return te->addr_read == -1 && te->addr_write == -1 && te->addr_code == -1;
454}
455
53d28455 456/* Called with tlb_c.lock held */
3ab6e68c
RH		 457static bool tlb_flush_entry_mask_locked(CPUTLBEntry *tlb_entry,
458 target_ulong page,
459 target_ulong mask)
0cac1b66 460{
3ab6e68c 461 if (tlb_hit_page_mask_anyprot(tlb_entry, page, mask)) {
4fadb3bb 462 memset(tlb_entry, -1, sizeof(*tlb_entry));
86e1eff8 463 return true;
0cac1b66 464 }
86e1eff8 465 return false;
0cac1b66
BS		 466}
467
3ab6e68c
RH		 468static inline bool tlb_flush_entry_locked(CPUTLBEntry *tlb_entry,
469 target_ulong page)
470{
471 return tlb_flush_entry_mask_locked(tlb_entry, page, -1);
472}
473
53d28455 474/* Called with tlb_c.lock held */
3ab6e68c
RH		 475static void tlb_flush_vtlb_page_mask_locked(CPUArchState *env, int mmu_idx,
476 target_ulong page,
477 target_ulong mask)
68fea038 478{
a40ec84e 479 CPUTLBDesc *d = &env_tlb(env)->d[mmu_idx];
68fea038 480 int k;
71aec354 481
29a0af61 482 assert_cpu_is_self(env_cpu(env));
68fea038 483 for (k = 0; k < CPU_VTLB_SIZE; k++) {
3ab6e68c 484 if (tlb_flush_entry_mask_locked(&d->vtable[k], page, mask)) {
86e1eff8
EC		 485 tlb_n_used_entries_dec(env, mmu_idx);
486 }
68fea038
RH		 487 }
488}
489
3ab6e68c
RH		 490static inline void tlb_flush_vtlb_page_locked(CPUArchState *env, int mmu_idx,
491 target_ulong page)
492{
493 tlb_flush_vtlb_page_mask_locked(env, mmu_idx, page, -1);
494}
495
1308e026
RH		 496static void tlb_flush_page_locked(CPUArchState *env, int midx,
497 target_ulong page)
498{
a40ec84e
RH		 499 target_ulong lp_addr = env_tlb(env)->d[midx].large_page_addr;
500 target_ulong lp_mask = env_tlb(env)->d[midx].large_page_mask;
1308e026
RH		 501
502 /* Check if we need to flush due to large pages. */
503 if ((page & lp_mask) == lp_addr) {
504 tlb_debug("forcing full flush midx %d ("
505 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
506 midx, lp_addr, lp_mask);
3c3959f2 507 tlb_flush_one_mmuidx_locked(env, midx, get_clock_realtime());
1308e026 508 } else {
86e1eff8
EC		 509 if (tlb_flush_entry_locked(tlb_entry(env, midx, page), page)) {
510 tlb_n_used_entries_dec(env, midx);
511 }
1308e026
RH		 512 tlb_flush_vtlb_page_locked(env, midx, page);
513 }
514}
515
7b7d00e0
RH		 516/**
517 * tlb_flush_page_by_mmuidx_async_0:
518 * @cpu: cpu on which to flush
519 * @addr: page of virtual address to flush
520 * @idxmap: set of mmu_idx to flush
521 *
522 * Helper for tlb_flush_page_by_mmuidx and friends, flush one page
523 * at @addr from the tlbs indicated by @idxmap from @cpu.
e7218445 524 */
7b7d00e0
RH		 525static void tlb_flush_page_by_mmuidx_async_0(CPUState *cpu,
526 target_ulong addr,
527 uint16_t idxmap)
d7a74a9d
PM		 528{
529 CPUArchState *env = cpu->env_ptr;
e7218445 530 int mmu_idx;
d7a74a9d 531
f0aff0f1 532 assert_cpu_is_self(cpu);
d7a74a9d 533
7b7d00e0 534 tlb_debug("page addr:" TARGET_FMT_lx " mmu_map:0x%x\n", addr, idxmap);
d7a74a9d 535
a40ec84e 536 qemu_spin_lock(&env_tlb(env)->c.lock);
0336cbf8 537 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
7b7d00e0 538 if ((idxmap >> mmu_idx) & 1) {
1308e026 539 tlb_flush_page_locked(env, mmu_idx, addr);
d7a74a9d
PM		 540 }
541 }
a40ec84e 542 qemu_spin_unlock(&env_tlb(env)->c.lock);
d7a74a9d 543
d7a74a9d
PM		 544 tb_flush_jmp_cache(cpu, addr);
545}
546
7b7d00e0
RH		 547/**
548 * tlb_flush_page_by_mmuidx_async_1:
549 * @cpu: cpu on which to flush
550 * @data: encoded addr + idxmap
551 *
552 * Helper for tlb_flush_page_by_mmuidx and friends, called through
553 * async_run_on_cpu. The idxmap parameter is encoded in the page
554 * offset of the target_ptr field. This limits the set of mmu_idx
555 * that can be passed via this method.
556 */
557static void tlb_flush_page_by_mmuidx_async_1(CPUState *cpu,
558 run_on_cpu_data data)
559{
560 target_ulong addr_and_idxmap = (target_ulong) data.target_ptr;
561 target_ulong addr = addr_and_idxmap & TARGET_PAGE_MASK;
562 uint16_t idxmap = addr_and_idxmap & ~TARGET_PAGE_MASK;
563
564 tlb_flush_page_by_mmuidx_async_0(cpu, addr, idxmap);
565}
566
567typedef struct {
568 target_ulong addr;
569 uint16_t idxmap;
570} TLBFlushPageByMMUIdxData;
571
572/**
573 * tlb_flush_page_by_mmuidx_async_2:
574 * @cpu: cpu on which to flush
575 * @data: allocated addr + idxmap
576 *
577 * Helper for tlb_flush_page_by_mmuidx and friends, called through
578 * async_run_on_cpu. The addr+idxmap parameters are stored in a
579 * TLBFlushPageByMMUIdxData structure that has been allocated
580 * specifically for this helper. Free the structure when done.
581 */
582static void tlb_flush_page_by_mmuidx_async_2(CPUState *cpu,
583 run_on_cpu_data data)
e7218445 584{
7b7d00e0
RH		 585 TLBFlushPageByMMUIdxData *d = data.host_ptr;
586
587 tlb_flush_page_by_mmuidx_async_0(cpu, d->addr, d->idxmap);
588 g_free(d);
589}
e7218445 590
7b7d00e0
RH		 591void tlb_flush_page_by_mmuidx(CPUState *cpu, target_ulong addr, uint16_t idxmap)
592{
e7218445
AB		 593 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%" PRIx16 "\n", addr, idxmap);
594
595 /* This should already be page aligned */
7b7d00e0 596 addr &= TARGET_PAGE_MASK;
e7218445 597
7b7d00e0
RH		 598 if (qemu_cpu_is_self(cpu)) {
599 tlb_flush_page_by_mmuidx_async_0(cpu, addr, idxmap);
600 } else if (idxmap < TARGET_PAGE_SIZE) {
601 /*
602 * Most targets have only a few mmu_idx. In the case where
603 * we can stuff idxmap into the low TARGET_PAGE_BITS, avoid
604 * allocating memory for this operation.
605 */
606 async_run_on_cpu(cpu, tlb_flush_page_by_mmuidx_async_1,
607 RUN_ON_CPU_TARGET_PTR(addr | idxmap));
e7218445 608 } else {
7b7d00e0
RH		 609 TLBFlushPageByMMUIdxData *d = g_new(TLBFlushPageByMMUIdxData, 1);
610
611 /* Otherwise allocate a structure, freed by the worker. */
612 d->addr = addr;
613 d->idxmap = idxmap;
614 async_run_on_cpu(cpu, tlb_flush_page_by_mmuidx_async_2,
615 RUN_ON_CPU_HOST_PTR(d));
e7218445
AB		 616 }
617}
618
f8144c6c
RH		 619void tlb_flush_page(CPUState *cpu, target_ulong addr)
620{
621 tlb_flush_page_by_mmuidx(cpu, addr, ALL_MMUIDX_BITS);
622}
623
c3b9a07a
AB		 624void tlb_flush_page_by_mmuidx_all_cpus(CPUState *src_cpu, target_ulong addr,
625 uint16_t idxmap)
e3b9ca81 626{
c3b9a07a
AB		 627 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%"PRIx16"\n", addr, idxmap);
628
629 /* This should already be page aligned */
7b7d00e0
RH		 630 addr &= TARGET_PAGE_MASK;
631
632 /*
633 * Allocate memory to hold addr+idxmap only when needed.
634 * See tlb_flush_page_by_mmuidx for details.
635 */
636 if (idxmap < TARGET_PAGE_SIZE) {
637 flush_all_helper(src_cpu, tlb_flush_page_by_mmuidx_async_1,
638 RUN_ON_CPU_TARGET_PTR(addr | idxmap));
639 } else {
640 CPUState *dst_cpu;
641
642 /* Allocate a separate data block for each destination cpu. */
643 CPU_FOREACH(dst_cpu) {
644 if (dst_cpu != src_cpu) {
645 TLBFlushPageByMMUIdxData *d
646 = g_new(TLBFlushPageByMMUIdxData, 1);
647
648 d->addr = addr;
649 d->idxmap = idxmap;
650 async_run_on_cpu(dst_cpu, tlb_flush_page_by_mmuidx_async_2,
651 RUN_ON_CPU_HOST_PTR(d));
652 }
653 }
654 }
c3b9a07a 655
7b7d00e0 656 tlb_flush_page_by_mmuidx_async_0(src_cpu, addr, idxmap);
c3b9a07a
AB		 657}
658
f8144c6c
RH		 659void tlb_flush_page_all_cpus(CPUState *src, target_ulong addr)
660{
661 tlb_flush_page_by_mmuidx_all_cpus(src, addr, ALL_MMUIDX_BITS);
662}
663
c3b9a07a 664void tlb_flush_page_by_mmuidx_all_cpus_synced(CPUState *src_cpu,
1308e026
RH		 665 target_ulong addr,
666 uint16_t idxmap)
c3b9a07a 667{
c3b9a07a
AB		 668 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%"PRIx16"\n", addr, idxmap);
669
670 /* This should already be page aligned */
7b7d00e0 671 addr &= TARGET_PAGE_MASK;
c3b9a07a 672
7b7d00e0
RH		 673 /*
674 * Allocate memory to hold addr+idxmap only when needed.
675 * See tlb_flush_page_by_mmuidx for details.
676 */
677 if (idxmap < TARGET_PAGE_SIZE) {
678 flush_all_helper(src_cpu, tlb_flush_page_by_mmuidx_async_1,
679 RUN_ON_CPU_TARGET_PTR(addr | idxmap));
680 async_safe_run_on_cpu(src_cpu, tlb_flush_page_by_mmuidx_async_1,
681 RUN_ON_CPU_TARGET_PTR(addr | idxmap));
682 } else {
683 CPUState *dst_cpu;
684 TLBFlushPageByMMUIdxData *d;
685
686 /* Allocate a separate data block for each destination cpu. */
687 CPU_FOREACH(dst_cpu) {
688 if (dst_cpu != src_cpu) {
689 d = g_new(TLBFlushPageByMMUIdxData, 1);
690 d->addr = addr;
691 d->idxmap = idxmap;
692 async_run_on_cpu(dst_cpu, tlb_flush_page_by_mmuidx_async_2,
693 RUN_ON_CPU_HOST_PTR(d));
694 }
695 }
696
697 d = g_new(TLBFlushPageByMMUIdxData, 1);
698 d->addr = addr;
699 d->idxmap = idxmap;
700 async_safe_run_on_cpu(src_cpu, tlb_flush_page_by_mmuidx_async_2,
701 RUN_ON_CPU_HOST_PTR(d));
702 }
c3b9a07a
AB		 703}
704
f8144c6c 705void tlb_flush_page_all_cpus_synced(CPUState *src, target_ulong addr)
c3b9a07a 706{
f8144c6c 707 tlb_flush_page_by_mmuidx_all_cpus_synced(src, addr, ALL_MMUIDX_BITS);
e3b9ca81
FK		 708}
709
3c4ddec1
RH		 710static void tlb_flush_range_locked(CPUArchState *env, int midx,
711 target_ulong addr, target_ulong len,
712 unsigned bits)
3ab6e68c
RH		 713{
714 CPUTLBDesc *d = &env_tlb(env)->d[midx];
715 CPUTLBDescFast *f = &env_tlb(env)->f[midx];
716 target_ulong mask = MAKE_64BIT_MASK(0, bits);
717
718 /*
719 * If @bits is smaller than the tlb size, there may be multiple entries
720 * within the TLB; otherwise all addresses that match under @mask hit
721 * the same TLB entry.
3ab6e68c
RH		 722 * TODO: Perhaps allow bits to be a few bits less than the size.
723 * For now, just flush the entire TLB.
3c4ddec1
RH		 724 *
725 * If @len is larger than the tlb size, then it will take longer to
726 * test all of the entries in the TLB than it will to flush it all.
3ab6e68c 727 */
3c4ddec1 728 if (mask < f->mask || len > f->mask) {
3ab6e68c 729 tlb_debug("forcing full flush midx %d ("
3c4ddec1
RH		 730 TARGET_FMT_lx "/" TARGET_FMT_lx "+" TARGET_FMT_lx ")\n",
731 midx, addr, mask, len);
3ab6e68c
RH		 732 tlb_flush_one_mmuidx_locked(env, midx, get_clock_realtime());
733 return;
734 }
735
3c4ddec1
RH		 736 /*
737 * Check if we need to flush due to large pages.
738 * Because large_page_mask contains all 1's from the msb,
739 * we only need to test the end of the range.
740 */
741 if (((addr + len - 1) & d->large_page_mask) == d->large_page_addr) {
3ab6e68c
RH		 742 tlb_debug("forcing full flush midx %d ("
743 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
744 midx, d->large_page_addr, d->large_page_mask);
745 tlb_flush_one_mmuidx_locked(env, midx, get_clock_realtime());
746 return;
747 }
748
3c4ddec1
RH		 749 for (target_ulong i = 0; i < len; i += TARGET_PAGE_SIZE) {
750 target_ulong page = addr + i;
751 CPUTLBEntry *entry = tlb_entry(env, midx, page);
752
753 if (tlb_flush_entry_mask_locked(entry, page, mask)) {
754 tlb_n_used_entries_dec(env, midx);
755 }
756 tlb_flush_vtlb_page_mask_locked(env, midx, page, mask);
3ab6e68c 757 }
3ab6e68c
RH		 758}
759
760typedef struct {
761 target_ulong addr;
3c4ddec1 762 target_ulong len;
3ab6e68c
RH		 763 uint16_t idxmap;
764 uint16_t bits;
3960a59f 765} TLBFlushRangeData;
3ab6e68c
RH		 766
767static void
768tlb_flush_page_bits_by_mmuidx_async_0(CPUState *cpu,
3960a59f 769 TLBFlushRangeData d)
3ab6e68c
RH		 770{
771 CPUArchState *env = cpu->env_ptr;
772 int mmu_idx;
773
774 assert_cpu_is_self(cpu);
775
3c4ddec1
RH		 776 tlb_debug("range:" TARGET_FMT_lx "/%u+" TARGET_FMT_lx " mmu_map:0x%x\n",
777 d.addr, d.bits, d.len, d.idxmap);
3ab6e68c
RH		 778
779 qemu_spin_lock(&env_tlb(env)->c.lock);
780 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
781 if ((d.idxmap >> mmu_idx) & 1) {
3c4ddec1 782 tlb_flush_range_locked(env, mmu_idx, d.addr, d.len, d.bits);
3ab6e68c
RH		 783 }
784 }
785 qemu_spin_unlock(&env_tlb(env)->c.lock);
786
3c4ddec1
RH		 787 for (target_ulong i = 0; i < d.len; i += TARGET_PAGE_SIZE) {
788 tb_flush_jmp_cache(cpu, d.addr + i);
789 }
3ab6e68c
RH		 790}
791
3ab6e68c
RH		 792static void tlb_flush_page_bits_by_mmuidx_async_2(CPUState *cpu,
793 run_on_cpu_data data)
794{
3960a59f 795 TLBFlushRangeData *d = data.host_ptr;
3ab6e68c
RH		 796 tlb_flush_page_bits_by_mmuidx_async_0(cpu, *d);
797 g_free(d);
798}
799
e5b1921b
RH		 800void tlb_flush_range_by_mmuidx(CPUState *cpu, target_ulong addr,
801 target_ulong len, uint16_t idxmap,
802 unsigned bits)
3ab6e68c 803{
3960a59f 804 TLBFlushRangeData d;
3ab6e68c 805
e5b1921b
RH		 806 /*
807 * If all bits are significant, and len is small,
808 * this devolves to tlb_flush_page.
809 */
810 if (bits >= TARGET_LONG_BITS && len <= TARGET_PAGE_SIZE) {
3ab6e68c
RH		 811 tlb_flush_page_by_mmuidx(cpu, addr, idxmap);
812 return;
813 }
814 /* If no page bits are significant, this devolves to tlb_flush. */
815 if (bits < TARGET_PAGE_BITS) {
816 tlb_flush_by_mmuidx(cpu, idxmap);
817 return;
818 }
819
820 /* This should already be page aligned */
821 d.addr = addr & TARGET_PAGE_MASK;
e5b1921b 822 d.len = len;
3ab6e68c
RH		 823 d.idxmap = idxmap;
824 d.bits = bits;
825
826 if (qemu_cpu_is_self(cpu)) {
827 tlb_flush_page_bits_by_mmuidx_async_0(cpu, d);
3ab6e68c 828 } else {
3ab6e68c 829 /* Otherwise allocate a structure, freed by the worker. */
3960a59f 830 TLBFlushRangeData *p = g_memdup(&d, sizeof(d));
3ab6e68c
RH		 831 async_run_on_cpu(cpu, tlb_flush_page_bits_by_mmuidx_async_2,
832 RUN_ON_CPU_HOST_PTR(p));
833 }
834}
835
e5b1921b
RH		 836void tlb_flush_page_bits_by_mmuidx(CPUState *cpu, target_ulong addr,
837 uint16_t idxmap, unsigned bits)
838{
839 tlb_flush_range_by_mmuidx(cpu, addr, TARGET_PAGE_SIZE, idxmap, bits);
840}
841
600b819f
RH		 842void tlb_flush_range_by_mmuidx_all_cpus(CPUState *src_cpu,
843 target_ulong addr, target_ulong len,
844 uint16_t idxmap, unsigned bits)
3ab6e68c 845{
3960a59f 846 TLBFlushRangeData d;
d34e4d1a 847 CPUState *dst_cpu;
3ab6e68c 848
600b819f
RH		 849 /*
850 * If all bits are significant, and len is small,
851 * this devolves to tlb_flush_page.
852 */
853 if (bits >= TARGET_LONG_BITS && len <= TARGET_PAGE_SIZE) {
3ab6e68c
RH		 854 tlb_flush_page_by_mmuidx_all_cpus(src_cpu, addr, idxmap);
855 return;
856 }
857 /* If no page bits are significant, this devolves to tlb_flush. */
858 if (bits < TARGET_PAGE_BITS) {
859 tlb_flush_by_mmuidx_all_cpus(src_cpu, idxmap);
860 return;
861 }
862
863 /* This should already be page aligned */
864 d.addr = addr & TARGET_PAGE_MASK;
600b819f 865 d.len = len;
3ab6e68c
RH		 866 d.idxmap = idxmap;
867 d.bits = bits;
868
d34e4d1a
RH		 869 /* Allocate a separate data block for each destination cpu. */
870 CPU_FOREACH(dst_cpu) {
871 if (dst_cpu != src_cpu) {
872 TLBFlushRangeData *p = g_memdup(&d, sizeof(d));
873 async_run_on_cpu(dst_cpu,
874 tlb_flush_page_bits_by_mmuidx_async_2,
875 RUN_ON_CPU_HOST_PTR(p));
3ab6e68c
RH		 876 }
877 }
878
879 tlb_flush_page_bits_by_mmuidx_async_0(src_cpu, d);
880}
881
600b819f
RH		 882void tlb_flush_page_bits_by_mmuidx_all_cpus(CPUState *src_cpu,
883 target_ulong addr,
884 uint16_t idxmap, unsigned bits)
885{
886 tlb_flush_range_by_mmuidx_all_cpus(src_cpu, addr, TARGET_PAGE_SIZE,
887 idxmap, bits);
888}
889
3ab6e68c
RH		 890void tlb_flush_page_bits_by_mmuidx_all_cpus_synced(CPUState *src_cpu,
891 target_ulong addr,
892 uint16_t idxmap,
893 unsigned bits)
894{
d34e4d1a
RH		 895 TLBFlushRangeData d, *p;
896 CPUState *dst_cpu;
3ab6e68c
RH		 897
898 /* If all bits are significant, this devolves to tlb_flush_page. */
899 if (bits >= TARGET_LONG_BITS) {
900 tlb_flush_page_by_mmuidx_all_cpus_synced(src_cpu, addr, idxmap);
901 return;
902 }
903 /* If no page bits are significant, this devolves to tlb_flush. */
904 if (bits < TARGET_PAGE_BITS) {
905 tlb_flush_by_mmuidx_all_cpus_synced(src_cpu, idxmap);
906 return;
907 }
908
909 /* This should already be page aligned */
910 d.addr = addr & TARGET_PAGE_MASK;
3c4ddec1 911 d.len = TARGET_PAGE_SIZE;
3ab6e68c
RH		 912 d.idxmap = idxmap;
913 d.bits = bits;
914
d34e4d1a
RH		 915 /* Allocate a separate data block for each destination cpu. */
916 CPU_FOREACH(dst_cpu) {
917 if (dst_cpu != src_cpu) {
918 p = g_memdup(&d, sizeof(d));
919 async_run_on_cpu(dst_cpu, tlb_flush_page_bits_by_mmuidx_async_2,
920 RUN_ON_CPU_HOST_PTR(p));
3ab6e68c 921 }
3ab6e68c 922 }
d34e4d1a
RH		 923
924 p = g_memdup(&d, sizeof(d));
925 async_safe_run_on_cpu(src_cpu, tlb_flush_page_bits_by_mmuidx_async_2,
926 RUN_ON_CPU_HOST_PTR(p));
3ab6e68c
RH		 927}
928
0cac1b66
BS		 929/* update the TLBs so that writes to code in the virtual page 'addr'
930 can be detected */
931void tlb_protect_code(ram_addr_t ram_addr)
932{
03eebc9e
SH		 933 cpu_physical_memory_test_and_clear_dirty(ram_addr, TARGET_PAGE_SIZE,
934 DIRTY_MEMORY_CODE);
0cac1b66
BS		 935}
936
937/* update the TLB so that writes in physical page 'phys_addr' are no longer
938 tested for self modifying code */
9564f52d 939void tlb_unprotect_code(ram_addr_t ram_addr)
0cac1b66 940{
52159192 941 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_CODE);
0cac1b66
BS		 942}
943
0cac1b66 944
b0706b71
AB		 945/*
946 * Dirty write flag handling
947 *
948 * When the TCG code writes to a location it looks up the address in
949 * the TLB and uses that data to compute the final address. If any of
950 * the lower bits of the address are set then the slow path is forced.
951 * There are a number of reasons to do this but for normal RAM the
952 * most usual is detecting writes to code regions which may invalidate
953 * generated code.
954 *
71aec354 955 * Other vCPUs might be reading their TLBs during guest execution, so we update
d73415a3 956 * te->addr_write with qatomic_set. We don't need to worry about this for
71aec354 957 * oversized guests as MTTCG is disabled for them.
b0706b71 958 *
53d28455 959 * Called with tlb_c.lock held.
b0706b71 960 */
71aec354
EC		 961static void tlb_reset_dirty_range_locked(CPUTLBEntry *tlb_entry,
962 uintptr_t start, uintptr_t length)
0cac1b66 963{
b0706b71 964 uintptr_t addr = tlb_entry->addr_write;
0cac1b66 965
7b0d792c
RH		 966 if ((addr & (TLB_INVALID_MASK | TLB_MMIO |
967 TLB_DISCARD_WRITE | TLB_NOTDIRTY)) == 0) {
b0706b71
AB		 968 addr &= TARGET_PAGE_MASK;
969 addr += tlb_entry->addend;
0cac1b66 970 if ((addr - start) < length) {
71aec354 971#if TCG_OVERSIZED_GUEST
0cac1b66 972 tlb_entry->addr_write |= TLB_NOTDIRTY;
b0706b71 973#else
d73415a3 974 qatomic_set(&tlb_entry->addr_write,
71aec354
EC		 975 tlb_entry->addr_write | TLB_NOTDIRTY);
976#endif
b0706b71
AB		 977 }
978 }
b0706b71
AB		 979}
980
71aec354 981/*
53d28455 982 * Called with tlb_c.lock held.
71aec354
EC		 983 * Called only from the vCPU context, i.e. the TLB's owner thread.
984 */
985static inline void copy_tlb_helper_locked(CPUTLBEntry *d, const CPUTLBEntry *s)
b0706b71 986{
b0706b71 987 *d = *s;
0cac1b66
BS		 988}
989
b0706b71 990/* This is a cross vCPU call (i.e. another vCPU resetting the flags of
71aec354 991 * the target vCPU).
53d28455 992 * We must take tlb_c.lock to avoid racing with another vCPU update. The only
71aec354 993 * thing actually updated is the target TLB entry ->addr_write flags.
b0706b71 994 */
9a13565d 995void tlb_reset_dirty(CPUState *cpu, ram_addr_t start1, ram_addr_t length)
0cac1b66
BS		 996{
997 CPUArchState *env;
998
9a13565d 999 int mmu_idx;
0cac1b66 1000
9a13565d 1001 env = cpu->env_ptr;
a40ec84e 1002 qemu_spin_lock(&env_tlb(env)->c.lock);
9a13565d
PC		 1003 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1004 unsigned int i;
722a1c1e 1005 unsigned int n = tlb_n_entries(&env_tlb(env)->f[mmu_idx]);
0cac1b66 1006
86e1eff8 1007 for (i = 0; i < n; i++) {
a40ec84e
RH		 1008 tlb_reset_dirty_range_locked(&env_tlb(env)->f[mmu_idx].table[i],
1009 start1, length);
9a13565d 1010 }
88e89a57 1011
9a13565d 1012 for (i = 0; i < CPU_VTLB_SIZE; i++) {
a40ec84e
RH		 1013 tlb_reset_dirty_range_locked(&env_tlb(env)->d[mmu_idx].vtable[i],
1014 start1, length);
0cac1b66
BS		 1015 }
1016 }
a40ec84e 1017 qemu_spin_unlock(&env_tlb(env)->c.lock);
0cac1b66
BS		 1018}
1019
53d28455 1020/* Called with tlb_c.lock held */
71aec354
EC		 1021static inline void tlb_set_dirty1_locked(CPUTLBEntry *tlb_entry,
1022 target_ulong vaddr)
0cac1b66
BS		 1023{
1024 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY)) {
1025 tlb_entry->addr_write = vaddr;
1026 }
1027}
1028
1029/* update the TLB corresponding to virtual page vaddr
1030 so that it is no longer dirty */
bcae01e4 1031void tlb_set_dirty(CPUState *cpu, target_ulong vaddr)
0cac1b66 1032{
bcae01e4 1033 CPUArchState *env = cpu->env_ptr;
0cac1b66
BS		 1034 int mmu_idx;
1035
f0aff0f1
AB		 1036 assert_cpu_is_self(cpu);
1037
0cac1b66 1038 vaddr &= TARGET_PAGE_MASK;
a40ec84e 1039 qemu_spin_lock(&env_tlb(env)->c.lock);
0cac1b66 1040 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
383beda9 1041 tlb_set_dirty1_locked(tlb_entry(env, mmu_idx, vaddr), vaddr);
0cac1b66 1042 }
88e89a57
XT		 1043
1044 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
1045 int k;
1046 for (k = 0; k < CPU_VTLB_SIZE; k++) {
a40ec84e 1047 tlb_set_dirty1_locked(&env_tlb(env)->d[mmu_idx].vtable[k], vaddr);
88e89a57
XT		 1048 }
1049 }
a40ec84e 1050 qemu_spin_unlock(&env_tlb(env)->c.lock);
0cac1b66
BS		 1051}
1052
1053/* Our TLB does not support large pages, so remember the area covered by
1054 large pages and trigger a full TLB flush if these are invalidated. */
1308e026
RH		 1055static void tlb_add_large_page(CPUArchState *env, int mmu_idx,
1056 target_ulong vaddr, target_ulong size)
0cac1b66 1057{
a40ec84e 1058 target_ulong lp_addr = env_tlb(env)->d[mmu_idx].large_page_addr;
1308e026 1059 target_ulong lp_mask = ~(size - 1);
0cac1b66 1060
1308e026
RH		 1061 if (lp_addr == (target_ulong)-1) {
1062 /* No previous large page. */
1063 lp_addr = vaddr;
1064 } else {
1065 /* Extend the existing region to include the new page.
1066 This is a compromise between unnecessary flushes and
1067 the cost of maintaining a full variable size TLB. */
a40ec84e 1068 lp_mask &= env_tlb(env)->d[mmu_idx].large_page_mask;
1308e026
RH		 1069 while (((lp_addr ^ vaddr) & lp_mask) != 0) {
1070 lp_mask <<= 1;
1071 }
0cac1b66 1072 }
a40ec84e
RH		 1073 env_tlb(env)->d[mmu_idx].large_page_addr = lp_addr & lp_mask;
1074 env_tlb(env)->d[mmu_idx].large_page_mask = lp_mask;
0cac1b66
BS		 1075}
1076
1077/* Add a new TLB entry. At most one entry for a given virtual address
79e2b9ae
PB		 1078 * is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
1079 * supplied size is only used by tlb_flush_page.
1080 *
1081 * Called from TCG-generated code, which is under an RCU read-side
1082 * critical section.
1083 */
fadc1cbe
PM		 1084void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
1085 hwaddr paddr, MemTxAttrs attrs, int prot,
1086 int mmu_idx, target_ulong size)
0cac1b66 1087{
0c591eb0 1088 CPUArchState *env = cpu->env_ptr;
a40ec84e
RH		 1089 CPUTLB *tlb = env_tlb(env);
1090 CPUTLBDesc *desc = &tlb->d[mmu_idx];
0cac1b66
BS		 1091 MemoryRegionSection *section;
1092 unsigned int index;
1093 target_ulong address;
8f5db641 1094 target_ulong write_address;
0cac1b66 1095 uintptr_t addend;
68fea038 1096 CPUTLBEntry *te, tn;
55df6fcf
PM		 1097 hwaddr iotlb, xlat, sz, paddr_page;
1098 target_ulong vaddr_page;
d7898cda 1099 int asidx = cpu_asidx_from_attrs(cpu, attrs);
50b107c5 1100 int wp_flags;
8f5db641 1101 bool is_ram, is_romd;
0cac1b66 1102
f0aff0f1 1103 assert_cpu_is_self(cpu);
55df6fcf 1104
1308e026 1105 if (size <= TARGET_PAGE_SIZE) {
55df6fcf
PM		 1106 sz = TARGET_PAGE_SIZE;
1107 } else {
1308e026 1108 tlb_add_large_page(env, mmu_idx, vaddr, size);
55df6fcf 1109 sz = size;
0cac1b66 1110 }
55df6fcf
PM		 1111 vaddr_page = vaddr & TARGET_PAGE_MASK;
1112 paddr_page = paddr & TARGET_PAGE_MASK;
149f54b5 1113
55df6fcf
PM		 1114 section = address_space_translate_for_iotlb(cpu, asidx, paddr_page,
1115 &xlat, &sz, attrs, &prot);
149f54b5
PB		 1116 assert(sz >= TARGET_PAGE_SIZE);
1117
8526e1f4
AB		 1118 tlb_debug("vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
1119 " prot=%x idx=%d\n",
1120 vaddr, paddr, prot, mmu_idx);
0cac1b66 1121
55df6fcf
PM		 1122 address = vaddr_page;
1123 if (size < TARGET_PAGE_SIZE) {
30d7e098
RH		 1124 /* Repeat the MMU check and TLB fill on every access. */
1125 address |= TLB_INVALID_MASK;
55df6fcf 1126 }
a26fc6f5 1127 if (attrs.byte_swap) {
5b87b3e6 1128 address |= TLB_BSWAP;
a26fc6f5 1129 }
8f5db641
RH		 1130
1131 is_ram = memory_region_is_ram(section->mr);
1132 is_romd = memory_region_is_romd(section->mr);
1133
1134 if (is_ram || is_romd) {
1135 /* RAM and ROMD both have associated host memory. */
1136 addend = (uintptr_t)memory_region_get_ram_ptr(section->mr) + xlat;
1137 } else {
1138 /* I/O does not; force the host address to NULL. */
8f3e03cb 1139 addend = 0;
8f5db641
RH		 1140 }
1141
1142 write_address = address;
1143 if (is_ram) {
1144 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
1145 /*
1146 * Computing is_clean is expensive; avoid all that unless
1147 * the page is actually writable.
1148 */
1149 if (prot & PAGE_WRITE) {
1150 if (section->readonly) {
1151 write_address |= TLB_DISCARD_WRITE;
1152 } else if (cpu_physical_memory_is_clean(iotlb)) {
1153 write_address |= TLB_NOTDIRTY;
1154 }
1155 }
8f3e03cb 1156 } else {
8f5db641
RH		 1157 /* I/O or ROMD */
1158 iotlb = memory_region_section_get_iotlb(cpu, section) + xlat;
1159 /*
1160 * Writes to romd devices must go through MMIO to enable write.
1161 * Reads to romd devices go through the ram_ptr found above,
1162 * but of course reads to I/O must go through MMIO.
1163 */
1164 write_address |= TLB_MMIO;
1165 if (!is_romd) {
1166 address = write_address;
1167 }
0cac1b66 1168 }
0cac1b66 1169
50b107c5
RH		 1170 wp_flags = cpu_watchpoint_address_matches(cpu, vaddr_page,
1171 TARGET_PAGE_SIZE);
0cac1b66 1172
383beda9
RH		 1173 index = tlb_index(env, mmu_idx, vaddr_page);
1174 te = tlb_entry(env, mmu_idx, vaddr_page);
b0706b71 1175
71aec354
EC		 1176 /*
1177 * Hold the TLB lock for the rest of the function. We could acquire/release
1178 * the lock several times in the function, but it is faster to amortize the
1179 * acquisition cost by acquiring it just once. Note that this leads to
1180 * a longer critical section, but this is not a concern since the TLB lock
1181 * is unlikely to be contended.
1182 */
a40ec84e 1183 qemu_spin_lock(&tlb->c.lock);
71aec354 1184
3d1523ce 1185 /* Note that the tlb is no longer clean. */
a40ec84e 1186 tlb->c.dirty |= 1 << mmu_idx;
3d1523ce 1187
71aec354
EC		 1188 /* Make sure there's no cached translation for the new page. */
1189 tlb_flush_vtlb_page_locked(env, mmu_idx, vaddr_page);
1190
68fea038
RH		 1191 /*
1192 * Only evict the old entry to the victim tlb if it's for a
1193 * different page; otherwise just overwrite the stale data.
1194 */
3cea94bb 1195 if (!tlb_hit_page_anyprot(te, vaddr_page) && !tlb_entry_is_empty(te)) {
a40ec84e
RH		 1196 unsigned vidx = desc->vindex++ % CPU_VTLB_SIZE;
1197 CPUTLBEntry *tv = &desc->vtable[vidx];
b0706b71 1198
68fea038 1199 /* Evict the old entry into the victim tlb. */
71aec354 1200 copy_tlb_helper_locked(tv, te);
a40ec84e 1201 desc->viotlb[vidx] = desc->iotlb[index];
86e1eff8 1202 tlb_n_used_entries_dec(env, mmu_idx);
68fea038 1203 }
88e89a57
XT		 1204
1205 /* refill the tlb */
ace41090
PM		 1206 /*
1207 * At this point iotlb contains a physical section number in the lower
1208 * TARGET_PAGE_BITS, and either
8f5db641
RH		 1209 * + the ram_addr_t of the page base of the target RAM (RAM)
1210 * + the offset within section->mr of the page base (I/O, ROMD)
55df6fcf 1211 * We subtract the vaddr_page (which is page aligned and thus won't
ace41090
PM		 1212 * disturb the low bits) to give an offset which can be added to the
1213 * (non-page-aligned) vaddr of the eventual memory access to get
1214 * the MemoryRegion offset for the access. Note that the vaddr we
1215 * subtract here is that of the page base, and not the same as the
1216 * vaddr we add back in io_readx()/io_writex()/get_page_addr_code().
1217 */
a40ec84e
RH		 1218 desc->iotlb[index].addr = iotlb - vaddr_page;
1219 desc->iotlb[index].attrs = attrs;
b0706b71
AB		 1220
1221 /* Now calculate the new entry */
55df6fcf 1222 tn.addend = addend - vaddr_page;
0cac1b66 1223 if (prot & PAGE_READ) {
b0706b71 1224 tn.addr_read = address;
50b107c5
RH		 1225 if (wp_flags & BP_MEM_READ) {
1226 tn.addr_read |= TLB_WATCHPOINT;
1227 }
0cac1b66 1228 } else {
b0706b71 1229 tn.addr_read = -1;
0cac1b66
BS		 1230 }
1231
1232 if (prot & PAGE_EXEC) {
8f5db641 1233 tn.addr_code = address;
0cac1b66 1234 } else {
b0706b71 1235 tn.addr_code = -1;
0cac1b66 1236 }
b0706b71
AB		 1237
1238 tn.addr_write = -1;
0cac1b66 1239 if (prot & PAGE_WRITE) {
8f5db641 1240 tn.addr_write = write_address;
f52bfb12
DH		 1241 if (prot & PAGE_WRITE_INV) {
1242 tn.addr_write |= TLB_INVALID_MASK;
1243 }
50b107c5
RH		 1244 if (wp_flags & BP_MEM_WRITE) {
1245 tn.addr_write |= TLB_WATCHPOINT;
1246 }
0cac1b66 1247 }
b0706b71 1248
71aec354 1249 copy_tlb_helper_locked(te, &tn);
86e1eff8 1250 tlb_n_used_entries_inc(env, mmu_idx);
a40ec84e 1251 qemu_spin_unlock(&tlb->c.lock);
0cac1b66
BS		 1252}
1253
fadc1cbe
PM		 1254/* Add a new TLB entry, but without specifying the memory
1255 * transaction attributes to be used.
1256 */
1257void tlb_set_page(CPUState *cpu, target_ulong vaddr,
1258 hwaddr paddr, int prot,
1259 int mmu_idx, target_ulong size)
1260{
1261 tlb_set_page_with_attrs(cpu, vaddr, paddr, MEMTXATTRS_UNSPECIFIED,
1262 prot, mmu_idx, size);
1263}
1264
857baec1
AB		 1265static inline ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1266{
1267 ram_addr_t ram_addr;
1268
1269 ram_addr = qemu_ram_addr_from_host(ptr);
1270 if (ram_addr == RAM_ADDR_INVALID) {
1271 error_report("Bad ram pointer %p", ptr);
1272 abort();
1273 }
1274 return ram_addr;
1275}
1276
c319dc13
RH		 1277/*
1278 * Note: tlb_fill() can trigger a resize of the TLB. This means that all of the
1279 * caller's prior references to the TLB table (e.g. CPUTLBEntry pointers) must
1280 * be discarded and looked up again (e.g. via tlb_entry()).
1281 */
1282static void tlb_fill(CPUState *cpu, target_ulong addr, int size,
1283 MMUAccessType access_type, int mmu_idx, uintptr_t retaddr)
1284{
1285 CPUClass *cc = CPU_GET_CLASS(cpu);
1286 bool ok;
1287
1288 /*
1289 * This is not a probe, so only valid return is success; failure
1290 * should result in exception + longjmp to the cpu loop.
1291 */
78271684
CF		 1292 ok = cc->tcg_ops->tlb_fill(cpu, addr, size,
1293 access_type, mmu_idx, false, retaddr);
c319dc13
RH		 1294 assert(ok);
1295}
1296
78271684
CF		 1297static inline void cpu_unaligned_access(CPUState *cpu, vaddr addr,
1298 MMUAccessType access_type,
1299 int mmu_idx, uintptr_t retaddr)
1300{
1301 CPUClass *cc = CPU_GET_CLASS(cpu);
1302
1303 cc->tcg_ops->do_unaligned_access(cpu, addr, access_type, mmu_idx, retaddr);
1304}
1305
1306static inline void cpu_transaction_failed(CPUState *cpu, hwaddr physaddr,
1307 vaddr addr, unsigned size,
1308 MMUAccessType access_type,
1309 int mmu_idx, MemTxAttrs attrs,
1310 MemTxResult response,
1311 uintptr_t retaddr)
1312{
1313 CPUClass *cc = CPU_GET_CLASS(cpu);
1314
1315 if (!cpu->ignore_memory_transaction_failures &&
1316 cc->tcg_ops->do_transaction_failed) {
1317 cc->tcg_ops->do_transaction_failed(cpu, physaddr, addr, size,
1318 access_type, mmu_idx, attrs,
1319 response, retaddr);
1320 }
1321}
1322
82a45b96 1323static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
f1be3696 1324 int mmu_idx, target_ulong addr, uintptr_t retaddr,
be5c4787 1325 MMUAccessType access_type, MemOp op)
82a45b96 1326{
29a0af61 1327 CPUState *cpu = env_cpu(env);
2d54f194
PM		 1328 hwaddr mr_offset;
1329 MemoryRegionSection *section;
1330 MemoryRegion *mr;
82a45b96 1331 uint64_t val;
8d04fb55 1332 bool locked = false;
04e3aabd 1333 MemTxResult r;
82a45b96 1334
2d54f194
PM		 1335 section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
1336 mr = section->mr;
1337 mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
82a45b96 1338 cpu->mem_io_pc = retaddr;
08565552 1339 if (!cpu->can_do_io) {
82a45b96
RH		 1340 cpu_io_recompile(cpu, retaddr);
1341 }
1342
41744954 1343 if (!qemu_mutex_iothread_locked()) {
8d04fb55
JK		 1344 qemu_mutex_lock_iothread();
1345 locked = true;
1346 }
be5c4787 1347 r = memory_region_dispatch_read(mr, mr_offset, &val, op, iotlbentry->attrs);
04e3aabd 1348 if (r != MEMTX_OK) {
2d54f194
PM		 1349 hwaddr physaddr = mr_offset +
1350 section->offset_within_address_space -
1351 section->offset_within_region;
1352
be5c4787 1353 cpu_transaction_failed(cpu, physaddr, addr, memop_size(op), access_type,
04e3aabd
PM		 1354 mmu_idx, iotlbentry->attrs, r, retaddr);
1355 }
8d04fb55
JK		 1356 if (locked) {
1357 qemu_mutex_unlock_iothread();
1358 }
1359
82a45b96
RH		 1360 return val;
1361}
1362
2f3a57ee
AB		 1363/*
1364 * Save a potentially trashed IOTLB entry for later lookup by plugin.
570ef309
AB		 1365 * This is read by tlb_plugin_lookup if the iotlb entry doesn't match
1366 * because of the side effect of io_writex changing memory layout.
2f3a57ee
AB		 1367 */
1368static void save_iotlb_data(CPUState *cs, hwaddr addr,
1369 MemoryRegionSection *section, hwaddr mr_offset)
1370{
1371#ifdef CONFIG_PLUGIN
1372 SavedIOTLB *saved = &cs->saved_iotlb;
1373 saved->addr = addr;
1374 saved->section = section;
1375 saved->mr_offset = mr_offset;
1376#endif
1377}
1378
82a45b96 1379static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
f1be3696 1380 int mmu_idx, uint64_t val, target_ulong addr,
be5c4787 1381 uintptr_t retaddr, MemOp op)
82a45b96 1382{
29a0af61 1383 CPUState *cpu = env_cpu(env);
2d54f194
PM		 1384 hwaddr mr_offset;
1385 MemoryRegionSection *section;
1386 MemoryRegion *mr;
8d04fb55 1387 bool locked = false;
04e3aabd 1388 MemTxResult r;
82a45b96 1389
2d54f194
PM		 1390 section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
1391 mr = section->mr;
1392 mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
08565552 1393 if (!cpu->can_do_io) {
82a45b96
RH		 1394 cpu_io_recompile(cpu, retaddr);
1395 }
82a45b96 1396 cpu->mem_io_pc = retaddr;
8d04fb55 1397
2f3a57ee
AB		 1398 /*
1399 * The memory_region_dispatch may trigger a flush/resize
1400 * so for plugins we save the iotlb_data just in case.
1401 */
1402 save_iotlb_data(cpu, iotlbentry->addr, section, mr_offset);
1403
41744954 1404 if (!qemu_mutex_iothread_locked()) {
8d04fb55
JK		 1405 qemu_mutex_lock_iothread();
1406 locked = true;
1407 }
be5c4787 1408 r = memory_region_dispatch_write(mr, mr_offset, val, op, iotlbentry->attrs);
04e3aabd 1409 if (r != MEMTX_OK) {
2d54f194
PM		 1410 hwaddr physaddr = mr_offset +
1411 section->offset_within_address_space -
1412 section->offset_within_region;
1413
be5c4787
TN		 1414 cpu_transaction_failed(cpu, physaddr, addr, memop_size(op),
1415 MMU_DATA_STORE, mmu_idx, iotlbentry->attrs, r,
1416 retaddr);
04e3aabd 1417 }
8d04fb55
JK		 1418 if (locked) {
1419 qemu_mutex_unlock_iothread();
1420 }
82a45b96
RH		 1421}
1422
4811e909
RH		 1423static inline target_ulong tlb_read_ofs(CPUTLBEntry *entry, size_t ofs)
1424{
1425#if TCG_OVERSIZED_GUEST
1426 return *(target_ulong *)((uintptr_t)entry + ofs);
1427#else
d73415a3
SH		 1428 /* ofs might correspond to .addr_write, so use qatomic_read */
1429 return qatomic_read((target_ulong *)((uintptr_t)entry + ofs));
4811e909
RH		 1430#endif
1431}
1432
7e9a7c50
RH		 1433/* Return true if ADDR is present in the victim tlb, and has been copied
1434 back to the main tlb. */
1435static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index,
1436 size_t elt_ofs, target_ulong page)
1437{
1438 size_t vidx;
71aec354 1439
29a0af61 1440 assert_cpu_is_self(env_cpu(env));
7e9a7c50 1441 for (vidx = 0; vidx < CPU_VTLB_SIZE; ++vidx) {
a40ec84e
RH		 1442 CPUTLBEntry *vtlb = &env_tlb(env)->d[mmu_idx].vtable[vidx];
1443 target_ulong cmp;
1444
d73415a3 1445 /* elt_ofs might correspond to .addr_write, so use qatomic_read */
a40ec84e
RH		 1446#if TCG_OVERSIZED_GUEST
1447 cmp = *(target_ulong *)((uintptr_t)vtlb + elt_ofs);
1448#else
d73415a3 1449 cmp = qatomic_read((target_ulong *)((uintptr_t)vtlb + elt_ofs));
a40ec84e 1450#endif
7e9a7c50
RH		 1451
1452 if (cmp == page) {
1453 /* Found entry in victim tlb, swap tlb and iotlb. */
a40ec84e 1454 CPUTLBEntry tmptlb, *tlb = &env_tlb(env)->f[mmu_idx].table[index];
b0706b71 1455
a40ec84e 1456 qemu_spin_lock(&env_tlb(env)->c.lock);
71aec354
EC		 1457 copy_tlb_helper_locked(&tmptlb, tlb);
1458 copy_tlb_helper_locked(tlb, vtlb);
1459 copy_tlb_helper_locked(vtlb, &tmptlb);
a40ec84e 1460 qemu_spin_unlock(&env_tlb(env)->c.lock);
b0706b71 1461
a40ec84e
RH		 1462 CPUIOTLBEntry tmpio, *io = &env_tlb(env)->d[mmu_idx].iotlb[index];
1463 CPUIOTLBEntry *vio = &env_tlb(env)->d[mmu_idx].viotlb[vidx];
7e9a7c50
RH		 1464 tmpio = *io; *io = *vio; *vio = tmpio;
1465 return true;
1466 }
1467 }
1468 return false;
1469}
1470
1471/* Macro to call the above, with local variables from the use context. */
a390284b 1472#define VICTIM_TLB_HIT(TY, ADDR) \
7e9a7c50 1473 victim_tlb_hit(env, mmu_idx, index, offsetof(CPUTLBEntry, TY), \
a390284b 1474 (ADDR) & TARGET_PAGE_MASK)
7e9a7c50 1475
30d7e098
RH		 1476/*
1477 * Return a ram_addr_t for the virtual address for execution.
1478 *
1479 * Return -1 if we can't translate and execute from an entire page
1480 * of RAM. This will force us to execute by loading and translating
1481 * one insn at a time, without caching.
1482 *
1483 * NOTE: This function will trigger an exception if the page is
1484 * not executable.
f2553f04 1485 */
4b2190da
EC		 1486tb_page_addr_t get_page_addr_code_hostp(CPUArchState *env, target_ulong addr,
1487 void **hostp)
f2553f04 1488{
383beda9
RH		 1489 uintptr_t mmu_idx = cpu_mmu_index(env, true);
1490 uintptr_t index = tlb_index(env, mmu_idx, addr);
1491 CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
f2553f04 1492 void *p;
f2553f04 1493
383beda9 1494 if (unlikely(!tlb_hit(entry->addr_code, addr))) {
b493ccf1 1495 if (!VICTIM_TLB_HIT(addr_code, addr)) {
29a0af61 1496 tlb_fill(env_cpu(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0);
6d967cb8
EC		 1497 index = tlb_index(env, mmu_idx, addr);
1498 entry = tlb_entry(env, mmu_idx, addr);
30d7e098
RH		 1499
1500 if (unlikely(entry->addr_code & TLB_INVALID_MASK)) {
1501 /*
1502 * The MMU protection covers a smaller range than a target
1503 * page, so we must redo the MMU check for every insn.
1504 */
1505 return -1;
1506 }
71b9a453 1507 }
383beda9 1508 assert(tlb_hit(entry->addr_code, addr));
f2553f04 1509 }
55df6fcf 1510
30d7e098
RH		 1511 if (unlikely(entry->addr_code & TLB_MMIO)) {
1512 /* The region is not backed by RAM. */
4b2190da
EC		 1513 if (hostp) {
1514 *hostp = NULL;
1515 }
20cb6ae4 1516 return -1;
55df6fcf
PM		 1517 }
1518
383beda9 1519 p = (void *)((uintptr_t)addr + entry->addend);
4b2190da
EC		 1520 if (hostp) {
1521 *hostp = p;
1522 }
f2553f04
FK		 1523 return qemu_ram_addr_from_host_nofail(p);
1524}
1525
4b2190da
EC		 1526tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
1527{
1528 return get_page_addr_code_hostp(env, addr, NULL);
1529}
1530
707526ad
RH		 1531static void notdirty_write(CPUState *cpu, vaddr mem_vaddr, unsigned size,
1532 CPUIOTLBEntry *iotlbentry, uintptr_t retaddr)
1533{
1534 ram_addr_t ram_addr = mem_vaddr + iotlbentry->addr;
1535
1536 trace_memory_notdirty_write_access(mem_vaddr, ram_addr, size);
1537
1538 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1539 struct page_collection *pages
1540 = page_collection_lock(ram_addr, ram_addr + size);
5a7c27bb 1541 tb_invalidate_phys_page_fast(pages, ram_addr, size, retaddr);
707526ad
RH		 1542 page_collection_unlock(pages);
1543 }
1544
1545 /*
1546 * Set both VGA and migration bits for simplicity and to remove
1547 * the notdirty callback faster.
1548 */
1549 cpu_physical_memory_set_dirty_range(ram_addr, size, DIRTY_CLIENTS_NOCODE);
1550
1551 /* We remove the notdirty callback only if the code has been flushed. */
1552 if (!cpu_physical_memory_is_clean(ram_addr)) {
1553 trace_memory_notdirty_set_dirty(mem_vaddr);
1554 tlb_set_dirty(cpu, mem_vaddr);
1555 }
1556}
1557
069cfe77
RH		 1558static int probe_access_internal(CPUArchState *env, target_ulong addr,
1559 int fault_size, MMUAccessType access_type,
1560 int mmu_idx, bool nonfault,
1561 void **phost, uintptr_t retaddr)
3b08f0a9 1562{
383beda9
RH		 1563 uintptr_t index = tlb_index(env, mmu_idx, addr);
1564 CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
069cfe77 1565 target_ulong tlb_addr, page_addr;
c25c283d 1566 size_t elt_ofs;
069cfe77 1567 int flags;
ca86cf32 1568
c25c283d
DH		 1569 switch (access_type) {
1570 case MMU_DATA_LOAD:
1571 elt_ofs = offsetof(CPUTLBEntry, addr_read);
c25c283d
DH		 1572 break;
1573 case MMU_DATA_STORE:
1574 elt_ofs = offsetof(CPUTLBEntry, addr_write);
c25c283d
DH		 1575 break;
1576 case MMU_INST_FETCH:
1577 elt_ofs = offsetof(CPUTLBEntry, addr_code);
c25c283d
DH		 1578 break;
1579 default:
1580 g_assert_not_reached();
1581 }
1582 tlb_addr = tlb_read_ofs(entry, elt_ofs);
1583
069cfe77
RH		 1584 page_addr = addr & TARGET_PAGE_MASK;
1585 if (!tlb_hit_page(tlb_addr, page_addr)) {
1586 if (!victim_tlb_hit(env, mmu_idx, index, elt_ofs, page_addr)) {
1587 CPUState *cs = env_cpu(env);
1588 CPUClass *cc = CPU_GET_CLASS(cs);
1589
78271684
CF		 1590 if (!cc->tcg_ops->tlb_fill(cs, addr, fault_size, access_type,
1591 mmu_idx, nonfault, retaddr)) {
069cfe77
RH		 1592 /* Non-faulting page table read failed. */
1593 *phost = NULL;
1594 return TLB_INVALID_MASK;
1595 }
1596
1597 /* TLB resize via tlb_fill may have moved the entry. */
03a98189 1598 entry = tlb_entry(env, mmu_idx, addr);
3b08f0a9 1599 }
c25c283d 1600 tlb_addr = tlb_read_ofs(entry, elt_ofs);
03a98189 1601 }
069cfe77 1602 flags = tlb_addr & TLB_FLAGS_MASK;
03a98189 1603
069cfe77
RH		 1604 /* Fold all "mmio-like" bits into TLB_MMIO. This is not RAM. */
1605 if (unlikely(flags & ~(TLB_WATCHPOINT | TLB_NOTDIRTY))) {
1606 *phost = NULL;
1607 return TLB_MMIO;
fef39ccd
DH		 1608 }
1609
069cfe77
RH		 1610 /* Everything else is RAM. */
1611 *phost = (void *)((uintptr_t)addr + entry->addend);
1612 return flags;
1613}
1614
1615int probe_access_flags(CPUArchState *env, target_ulong addr,
1616 MMUAccessType access_type, int mmu_idx,
1617 bool nonfault, void **phost, uintptr_t retaddr)
1618{
1619 int flags;
1620
1621 flags = probe_access_internal(env, addr, 0, access_type, mmu_idx,
1622 nonfault, phost, retaddr);
1623
1624 /* Handle clean RAM pages. */
1625 if (unlikely(flags & TLB_NOTDIRTY)) {
1626 uintptr_t index = tlb_index(env, mmu_idx, addr);
73bc0bd4 1627 CPUIOTLBEntry *iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
fef39ccd 1628
069cfe77
RH		 1629 notdirty_write(env_cpu(env), addr, 1, iotlbentry, retaddr);
1630 flags &= ~TLB_NOTDIRTY;
1631 }
1632
1633 return flags;
1634}
1635
1636void *probe_access(CPUArchState *env, target_ulong addr, int size,
1637 MMUAccessType access_type, int mmu_idx, uintptr_t retaddr)
1638{
1639 void *host;
1640 int flags;
1641
1642 g_assert(-(addr | TARGET_PAGE_MASK) >= size);
1643
1644 flags = probe_access_internal(env, addr, size, access_type, mmu_idx,
1645 false, &host, retaddr);
1646
1647 /* Per the interface, size == 0 merely faults the access. */
1648 if (size == 0) {
1649 return NULL;
1650 }
1651
1652 if (unlikely(flags & (TLB_NOTDIRTY | TLB_WATCHPOINT))) {
1653 uintptr_t index = tlb_index(env, mmu_idx, addr);
1654 CPUIOTLBEntry *iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
73bc0bd4
RH		 1655
1656 /* Handle watchpoints. */
069cfe77
RH		 1657 if (flags & TLB_WATCHPOINT) {
1658 int wp_access = (access_type == MMU_DATA_STORE
1659 ? BP_MEM_WRITE : BP_MEM_READ);
73bc0bd4
RH		 1660 cpu_check_watchpoint(env_cpu(env), addr, size,
1661 iotlbentry->attrs, wp_access, retaddr);
1662 }
1663
1664 /* Handle clean RAM pages. */
069cfe77
RH		 1665 if (flags & TLB_NOTDIRTY) {
1666 notdirty_write(env_cpu(env), addr, 1, iotlbentry, retaddr);
73bc0bd4 1667 }
fef39ccd
DH		 1668 }
1669
069cfe77 1670 return host;
3b08f0a9
RH		 1671}
1672
4811e909
RH		 1673void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr,
1674 MMUAccessType access_type, int mmu_idx)
1675{
069cfe77
RH		 1676 void *host;
1677 int flags;
4811e909 1678
069cfe77
RH		 1679 flags = probe_access_internal(env, addr, 0, access_type,
1680 mmu_idx, true, &host, 0);
4811e909 1681
069cfe77
RH		 1682 /* No combination of flags are expected by the caller. */
1683 return flags ? NULL : host;
4811e909
RH		 1684}
1685
235537fa
AB		 1686#ifdef CONFIG_PLUGIN
1687/*
1688 * Perform a TLB lookup and populate the qemu_plugin_hwaddr structure.
1689 * This should be a hot path as we will have just looked this path up
1690 * in the softmmu lookup code (or helper). We don't handle re-fills or
1691 * checking the victim table. This is purely informational.
1692 *
2f3a57ee
AB		 1693 * This almost never fails as the memory access being instrumented
1694 * should have just filled the TLB. The one corner case is io_writex
1695 * which can cause TLB flushes and potential resizing of the TLBs
570ef309
AB		 1696 * losing the information we need. In those cases we need to recover
1697 * data from a copy of the iotlbentry. As long as this always occurs
1698 * from the same thread (which a mem callback will be) this is safe.
235537fa
AB		 1699 */
1700
1701bool tlb_plugin_lookup(CPUState *cpu, target_ulong addr, int mmu_idx,
1702 bool is_store, struct qemu_plugin_hwaddr *data)
1703{
1704 CPUArchState *env = cpu->env_ptr;
1705 CPUTLBEntry *tlbe = tlb_entry(env, mmu_idx, addr);
1706 uintptr_t index = tlb_index(env, mmu_idx, addr);
1707 target_ulong tlb_addr = is_store ? tlb_addr_write(tlbe) : tlbe->addr_read;
1708
1709 if (likely(tlb_hit(tlb_addr, addr))) {
1710 /* We must have an iotlb entry for MMIO */
1711 if (tlb_addr & TLB_MMIO) {
1712 CPUIOTLBEntry *iotlbentry;
1713 iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
1714 data->is_io = true;
1715 data->v.io.section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
1716 data->v.io.offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
1717 } else {
1718 data->is_io = false;
1719 data->v.ram.hostaddr = addr + tlbe->addend;
1720 }
1721 return true;
2f3a57ee
AB		 1722 } else {
1723 SavedIOTLB *saved = &cpu->saved_iotlb;
1724 data->is_io = true;
1725 data->v.io.section = saved->section;
1726 data->v.io.offset = saved->mr_offset;
1727 return true;
235537fa 1728 }
235537fa
AB		 1729}
1730
1731#endif
1732
c482cb11
RH		 1733/* Probe for a read-modify-write atomic operation. Do not allow unaligned
1734 * operations, or io operations to proceed. Return the host address. */
1735static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
707526ad 1736 TCGMemOpIdx oi, uintptr_t retaddr)
c482cb11
RH		 1737{
1738 size_t mmu_idx = get_mmuidx(oi);
383beda9
RH		 1739 uintptr_t index = tlb_index(env, mmu_idx, addr);
1740 CPUTLBEntry *tlbe = tlb_entry(env, mmu_idx, addr);
403f290c 1741 target_ulong tlb_addr = tlb_addr_write(tlbe);
14776ab5 1742 MemOp mop = get_memop(oi);
c482cb11
RH		 1743 int a_bits = get_alignment_bits(mop);
1744 int s_bits = mop & MO_SIZE;
34d49937 1745 void *hostaddr;
c482cb11
RH		 1746
1747 /* Adjust the given return address. */
1748 retaddr -= GETPC_ADJ;
1749
1750 /* Enforce guest required alignment. */
1751 if (unlikely(a_bits > 0 && (addr & ((1 << a_bits) - 1)))) {
1752 /* ??? Maybe indicate atomic op to cpu_unaligned_access */
29a0af61 1753 cpu_unaligned_access(env_cpu(env), addr, MMU_DATA_STORE,
c482cb11
RH		 1754 mmu_idx, retaddr);
1755 }
1756
1757 /* Enforce qemu required alignment. */
1758 if (unlikely(addr & ((1 << s_bits) - 1))) {
1759 /* We get here if guest alignment was not requested,
1760 or was not enforced by cpu_unaligned_access above.
1761 We might widen the access and emulate, but for now
1762 mark an exception and exit the cpu loop. */
1763 goto stop_the_world;
1764 }
1765
1766 /* Check TLB entry and enforce page permissions. */
334692bc 1767 if (!tlb_hit(tlb_addr, addr)) {
c482cb11 1768 if (!VICTIM_TLB_HIT(addr_write, addr)) {
29a0af61 1769 tlb_fill(env_cpu(env), addr, 1 << s_bits, MMU_DATA_STORE,
98670d47 1770 mmu_idx, retaddr);
6d967cb8
EC		 1771 index = tlb_index(env, mmu_idx, addr);
1772 tlbe = tlb_entry(env, mmu_idx, addr);
c482cb11 1773 }
403f290c 1774 tlb_addr = tlb_addr_write(tlbe) & ~TLB_INVALID_MASK;
c482cb11
RH		 1775 }
1776
55df6fcf 1777 /* Notice an IO access or a needs-MMU-lookup access */
30d7e098 1778 if (unlikely(tlb_addr & TLB_MMIO)) {
c482cb11
RH		 1779 /* There's really nothing that can be done to
1780 support this apart from stop-the-world. */
1781 goto stop_the_world;
1782 }
1783
1784 /* Let the guest notice RMW on a write-only page. */
34d49937 1785 if (unlikely(tlbe->addr_read != (tlb_addr & ~TLB_NOTDIRTY))) {
29a0af61 1786 tlb_fill(env_cpu(env), addr, 1 << s_bits, MMU_DATA_LOAD,
98670d47 1787 mmu_idx, retaddr);
c482cb11
RH		 1788 /* Since we don't support reads and writes to different addresses,
1789 and we do have the proper page loaded for write, this shouldn't
1790 ever return. But just in case, handle via stop-the-world. */
1791 goto stop_the_world;
1792 }
1793
34d49937
PM		 1794 hostaddr = (void *)((uintptr_t)addr + tlbe->addend);
1795
34d49937 1796 if (unlikely(tlb_addr & TLB_NOTDIRTY)) {
707526ad
RH		 1797 notdirty_write(env_cpu(env), addr, 1 << s_bits,
1798 &env_tlb(env)->d[mmu_idx].iotlb[index], retaddr);
34d49937
PM		 1799 }
1800
1801 return hostaddr;
c482cb11
RH		 1802
1803 stop_the_world:
29a0af61 1804 cpu_loop_exit_atomic(env_cpu(env), retaddr);
c482cb11
RH		 1805}
1806
eed56642
AB		 1807/*
1808 * Load Helpers
1809 *
1810 * We support two different access types. SOFTMMU_CODE_ACCESS is
1811 * specifically for reading instructions from system memory. It is
1812 * called by the translation loop and in some helpers where the code
1813 * is disassembled. It shouldn't be called directly by guest code.
1814 */
0f590e74 1815
2dd92606
RH		 1816typedef uint64_t FullLoadHelper(CPUArchState *env, target_ulong addr,
1817 TCGMemOpIdx oi, uintptr_t retaddr);
1818
80d9d1c6
RH		 1819static inline uint64_t QEMU_ALWAYS_INLINE
1820load_memop(const void *haddr, MemOp op)
1821{
1822 switch (op) {
1823 case MO_UB:
1824 return ldub_p(haddr);
1825 case MO_BEUW:
1826 return lduw_be_p(haddr);
1827 case MO_LEUW:
1828 return lduw_le_p(haddr);
1829 case MO_BEUL:
1830 return (uint32_t)ldl_be_p(haddr);
1831 case MO_LEUL:
1832 return (uint32_t)ldl_le_p(haddr);
1833 case MO_BEQ:
1834 return ldq_be_p(haddr);
1835 case MO_LEQ:
1836 return ldq_le_p(haddr);
1837 default:
1838 qemu_build_not_reached();
1839 }
1840}
1841
c6b716cd 1842static inline uint64_t QEMU_ALWAYS_INLINE
2dd92606 1843load_helper(CPUArchState *env, target_ulong addr, TCGMemOpIdx oi,
be5c4787 1844 uintptr_t retaddr, MemOp op, bool code_read,
2dd92606 1845 FullLoadHelper *full_load)
eed56642
AB		 1846{
1847 uintptr_t mmu_idx = get_mmuidx(oi);
1848 uintptr_t index = tlb_index(env, mmu_idx, addr);
1849 CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
1850 target_ulong tlb_addr = code_read ? entry->addr_code : entry->addr_read;
1851 const size_t tlb_off = code_read ?
1852 offsetof(CPUTLBEntry, addr_code) : offsetof(CPUTLBEntry, addr_read);
f1be3696
RH		 1853 const MMUAccessType access_type =
1854 code_read ? MMU_INST_FETCH : MMU_DATA_LOAD;
eed56642
AB		 1855 unsigned a_bits = get_alignment_bits(get_memop(oi));
1856 void *haddr;
1857 uint64_t res;
be5c4787 1858 size_t size = memop_size(op);
eed56642
AB		 1859
1860 /* Handle CPU specific unaligned behaviour */
1861 if (addr & ((1 << a_bits) - 1)) {
29a0af61 1862 cpu_unaligned_access(env_cpu(env), addr, access_type,
eed56642
AB		 1863 mmu_idx, retaddr);
1864 }
0f590e74 1865
eed56642
AB		 1866 /* If the TLB entry is for a different page, reload and try again. */
1867 if (!tlb_hit(tlb_addr, addr)) {
1868 if (!victim_tlb_hit(env, mmu_idx, index, tlb_off,
1869 addr & TARGET_PAGE_MASK)) {
29a0af61 1870 tlb_fill(env_cpu(env), addr, size,
f1be3696 1871 access_type, mmu_idx, retaddr);
eed56642
AB		 1872 index = tlb_index(env, mmu_idx, addr);
1873 entry = tlb_entry(env, mmu_idx, addr);
1874 }
1875 tlb_addr = code_read ? entry->addr_code : entry->addr_read;
30d7e098 1876 tlb_addr &= ~TLB_INVALID_MASK;
eed56642
AB		 1877 }
1878
50b107c5 1879 /* Handle anything that isn't just a straight memory access. */
eed56642 1880 if (unlikely(tlb_addr & ~TARGET_PAGE_MASK)) {
50b107c5 1881 CPUIOTLBEntry *iotlbentry;
5b87b3e6 1882 bool need_swap;
50b107c5
RH		 1883
1884 /* For anything that is unaligned, recurse through full_load. */
eed56642
AB		 1885 if ((addr & (size - 1)) != 0) {
1886 goto do_unaligned_access;
1887 }
50b107c5
RH		 1888
1889 iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
1890
1891 /* Handle watchpoints. */
1892 if (unlikely(tlb_addr & TLB_WATCHPOINT)) {
1893 /* On watchpoint hit, this will longjmp out. */
1894 cpu_check_watchpoint(env_cpu(env), addr, size,
1895 iotlbentry->attrs, BP_MEM_READ, retaddr);
50b107c5
RH		 1896 }
1897
5b87b3e6
RH		 1898 need_swap = size > 1 && (tlb_addr & TLB_BSWAP);
1899
50b107c5 1900 /* Handle I/O access. */
5b87b3e6
RH		 1901 if (likely(tlb_addr & TLB_MMIO)) {
1902 return io_readx(env, iotlbentry, mmu_idx, addr, retaddr,
1903 access_type, op ^ (need_swap * MO_BSWAP));
1904 }
1905
1906 haddr = (void *)((uintptr_t)addr + entry->addend);
1907
1908 /*
1909 * Keep these two load_memop separate to ensure that the compiler
1910 * is able to fold the entire function to a single instruction.
1911 * There is a build-time assert inside to remind you of this. ;-)
1912 */
1913 if (unlikely(need_swap)) {
1914 return load_memop(haddr, op ^ MO_BSWAP);
1915 }
1916 return load_memop(haddr, op);
eed56642
AB		 1917 }
1918
1919 /* Handle slow unaligned access (it spans two pages or IO). */
1920 if (size > 1
1921 && unlikely((addr & ~TARGET_PAGE_MASK) + size - 1
1922 >= TARGET_PAGE_SIZE)) {
1923 target_ulong addr1, addr2;
8c79b288 1924 uint64_t r1, r2;
eed56642
AB		 1925 unsigned shift;
1926 do_unaligned_access:
ab7a2009 1927 addr1 = addr & ~((target_ulong)size - 1);
eed56642 1928 addr2 = addr1 + size;
2dd92606
RH		 1929 r1 = full_load(env, addr1, oi, retaddr);
1930 r2 = full_load(env, addr2, oi, retaddr);
eed56642
AB		 1931 shift = (addr & (size - 1)) * 8;
1932
be5c4787 1933 if (memop_big_endian(op)) {
eed56642
AB		 1934 /* Big-endian combine. */
1935 res = (r1 << shift) | (r2 >> ((size * 8) - shift));
1936 } else {
1937 /* Little-endian combine. */
1938 res = (r1 >> shift) | (r2 << ((size * 8) - shift));
1939 }
1940 return res & MAKE_64BIT_MASK(0, size * 8);
1941 }
1942
1943 haddr = (void *)((uintptr_t)addr + entry->addend);
80d9d1c6 1944 return load_memop(haddr, op);
eed56642
AB		 1945}
1946
1947/*
1948 * For the benefit of TCG generated code, we want to avoid the
1949 * complication of ABI-specific return type promotion and always
1950 * return a value extended to the register size of the host. This is
1951 * tcg_target_long, except in the case of a 32-bit host and 64-bit
1952 * data, and for that we always have uint64_t.
1953 *
1954 * We don't bother with this widened value for SOFTMMU_CODE_ACCESS.
1955 */
1956
2dd92606
RH		 1957static uint64_t full_ldub_mmu(CPUArchState *env, target_ulong addr,
1958 TCGMemOpIdx oi, uintptr_t retaddr)
1959{
be5c4787 1960 return load_helper(env, addr, oi, retaddr, MO_UB, false, full_ldub_mmu);
2dd92606
RH		 1961}
1962
fc1bc777
RH		 1963tcg_target_ulong helper_ret_ldub_mmu(CPUArchState *env, target_ulong addr,
1964 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 1965{
2dd92606
RH		 1966 return full_ldub_mmu(env, addr, oi, retaddr);
1967}
1968
1969static uint64_t full_le_lduw_mmu(CPUArchState *env, target_ulong addr,
1970 TCGMemOpIdx oi, uintptr_t retaddr)
1971{
be5c4787 1972 return load_helper(env, addr, oi, retaddr, MO_LEUW, false,
2dd92606 1973 full_le_lduw_mmu);
eed56642
AB		 1974}
1975
fc1bc777
RH		 1976tcg_target_ulong helper_le_lduw_mmu(CPUArchState *env, target_ulong addr,
1977 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 1978{
2dd92606
RH		 1979 return full_le_lduw_mmu(env, addr, oi, retaddr);
1980}
1981
1982static uint64_t full_be_lduw_mmu(CPUArchState *env, target_ulong addr,
1983 TCGMemOpIdx oi, uintptr_t retaddr)
1984{
be5c4787 1985 return load_helper(env, addr, oi, retaddr, MO_BEUW, false,
2dd92606 1986 full_be_lduw_mmu);
eed56642
AB		 1987}
1988
fc1bc777
RH		 1989tcg_target_ulong helper_be_lduw_mmu(CPUArchState *env, target_ulong addr,
1990 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 1991{
2dd92606
RH		 1992 return full_be_lduw_mmu(env, addr, oi, retaddr);
1993}
1994
1995static uint64_t full_le_ldul_mmu(CPUArchState *env, target_ulong addr,
1996 TCGMemOpIdx oi, uintptr_t retaddr)
1997{
be5c4787 1998 return load_helper(env, addr, oi, retaddr, MO_LEUL, false,
2dd92606 1999 full_le_ldul_mmu);
eed56642
AB		 2000}
2001
fc1bc777
RH		 2002tcg_target_ulong helper_le_ldul_mmu(CPUArchState *env, target_ulong addr,
2003 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2004{
2dd92606
RH		 2005 return full_le_ldul_mmu(env, addr, oi, retaddr);
2006}
2007
2008static uint64_t full_be_ldul_mmu(CPUArchState *env, target_ulong addr,
2009 TCGMemOpIdx oi, uintptr_t retaddr)
2010{
be5c4787 2011 return load_helper(env, addr, oi, retaddr, MO_BEUL, false,
2dd92606 2012 full_be_ldul_mmu);
eed56642
AB		 2013}
2014
fc1bc777
RH		 2015tcg_target_ulong helper_be_ldul_mmu(CPUArchState *env, target_ulong addr,
2016 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2017{
2dd92606 2018 return full_be_ldul_mmu(env, addr, oi, retaddr);
eed56642
AB		 2019}
2020
fc1bc777
RH		 2021uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
2022 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2023{
be5c4787 2024 return load_helper(env, addr, oi, retaddr, MO_LEQ, false,
2dd92606 2025 helper_le_ldq_mmu);
eed56642
AB		 2026}
2027
fc1bc777
RH		 2028uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
2029 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2030{
be5c4787 2031 return load_helper(env, addr, oi, retaddr, MO_BEQ, false,
2dd92606 2032 helper_be_ldq_mmu);
eed56642
AB		 2033}
2034
2035/*
2036 * Provide signed versions of the load routines as well. We can of course
2037 * avoid this for 64-bit data, or for 32-bit data on 32-bit host.
2038 */
2039
2040
2041tcg_target_ulong helper_ret_ldsb_mmu(CPUArchState *env, target_ulong addr,
2042 TCGMemOpIdx oi, uintptr_t retaddr)
2043{
2044 return (int8_t)helper_ret_ldub_mmu(env, addr, oi, retaddr);
2045}
2046
2047tcg_target_ulong helper_le_ldsw_mmu(CPUArchState *env, target_ulong addr,
2048 TCGMemOpIdx oi, uintptr_t retaddr)
2049{
2050 return (int16_t)helper_le_lduw_mmu(env, addr, oi, retaddr);
2051}
2052
2053tcg_target_ulong helper_be_ldsw_mmu(CPUArchState *env, target_ulong addr,
2054 TCGMemOpIdx oi, uintptr_t retaddr)
2055{
2056 return (int16_t)helper_be_lduw_mmu(env, addr, oi, retaddr);
2057}
2058
2059tcg_target_ulong helper_le_ldsl_mmu(CPUArchState *env, target_ulong addr,
2060 TCGMemOpIdx oi, uintptr_t retaddr)
2061{
2062 return (int32_t)helper_le_ldul_mmu(env, addr, oi, retaddr);
2063}
2064
2065tcg_target_ulong helper_be_ldsl_mmu(CPUArchState *env, target_ulong addr,
2066 TCGMemOpIdx oi, uintptr_t retaddr)
2067{
2068 return (int32_t)helper_be_ldul_mmu(env, addr, oi, retaddr);
2069}
2070
d03f1408
RH		 2071/*
2072 * Load helpers for cpu_ldst.h.
2073 */
2074
2075static inline uint64_t cpu_load_helper(CPUArchState *env, abi_ptr addr,
2076 int mmu_idx, uintptr_t retaddr,
2077 MemOp op, FullLoadHelper *full_load)
2078{
2079 uint16_t meminfo;
2080 TCGMemOpIdx oi;
2081 uint64_t ret;
2082
2083 meminfo = trace_mem_get_info(op, mmu_idx, false);
2084 trace_guest_mem_before_exec(env_cpu(env), addr, meminfo);
2085
2086 op &= ~MO_SIGN;
2087 oi = make_memop_idx(op, mmu_idx);
2088 ret = full_load(env, addr, oi, retaddr);
2089
2090 qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, meminfo);
2091
2092 return ret;
2093}
2094
2095uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr,
2096 int mmu_idx, uintptr_t ra)
2097{
2098 return cpu_load_helper(env, addr, mmu_idx, ra, MO_UB, full_ldub_mmu);
2099}
2100
2101int cpu_ldsb_mmuidx_ra(CPUArchState *env, abi_ptr addr,
2102 int mmu_idx, uintptr_t ra)
2103{
2104 return (int8_t)cpu_load_helper(env, addr, mmu_idx, ra, MO_SB,
2105 full_ldub_mmu);
2106}
2107
b9e60257
RH		 2108uint32_t cpu_lduw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
2109 int mmu_idx, uintptr_t ra)
d03f1408 2110{
b9e60257 2111 return cpu_load_helper(env, addr, mmu_idx, ra, MO_BEUW, full_be_lduw_mmu);
d03f1408
RH		 2112}
2113
b9e60257
RH		 2114int cpu_ldsw_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
2115 int mmu_idx, uintptr_t ra)
2116{
2117 return (int16_t)cpu_load_helper(env, addr, mmu_idx, ra, MO_BESW,
2118 full_be_lduw_mmu);
2119}
2120
2121uint32_t cpu_ldl_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
2122 int mmu_idx, uintptr_t ra)
2123{
2124 return cpu_load_helper(env, addr, mmu_idx, ra, MO_BEUL, full_be_ldul_mmu);
2125}
2126
2127uint64_t cpu_ldq_be_mmuidx_ra(CPUArchState *env, abi_ptr addr,
2128 int mmu_idx, uintptr_t ra)
2129{
2130 return cpu_load_helper(env, addr, mmu_idx, ra, MO_BEQ, helper_be_ldq_mmu);
2131}
2132
2133uint32_t cpu_lduw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
2134 int mmu_idx, uintptr_t ra)
2135{
2136 return cpu_load_helper(env, addr, mmu_idx, ra, MO_LEUW, full_le_lduw_mmu);
2137}
2138
2139int cpu_ldsw_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
2140 int mmu_idx, uintptr_t ra)
d03f1408 2141{
b9e60257
RH		 2142 return (int16_t)cpu_load_helper(env, addr, mmu_idx, ra, MO_LESW,
2143 full_le_lduw_mmu);
d03f1408
RH		 2144}
2145
b9e60257
RH		 2146uint32_t cpu_ldl_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
2147 int mmu_idx, uintptr_t ra)
d03f1408 2148{
b9e60257 2149 return cpu_load_helper(env, addr, mmu_idx, ra, MO_LEUL, full_le_ldul_mmu);
d03f1408
RH		 2150}
2151
b9e60257
RH		 2152uint64_t cpu_ldq_le_mmuidx_ra(CPUArchState *env, abi_ptr addr,
2153 int mmu_idx, uintptr_t ra)
d03f1408 2154{
b9e60257 2155 return cpu_load_helper(env, addr, mmu_idx, ra, MO_LEQ, helper_le_ldq_mmu);
d03f1408
RH		 2156}
2157
cfe04a4b
RH		 2158uint32_t cpu_ldub_data_ra(CPUArchState *env, target_ulong ptr,
2159 uintptr_t retaddr)
2160{
2161 return cpu_ldub_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
2162}
2163
2164int cpu_ldsb_data_ra(CPUArchState *env, target_ulong ptr, uintptr_t retaddr)
2165{
2166 return cpu_ldsb_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
2167}
2168
b9e60257
RH		 2169uint32_t cpu_lduw_be_data_ra(CPUArchState *env, target_ulong ptr,
2170 uintptr_t retaddr)
2171{
2172 return cpu_lduw_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
2173}
2174
2175int cpu_ldsw_be_data_ra(CPUArchState *env, target_ulong ptr, uintptr_t retaddr)
cfe04a4b 2176{
b9e60257 2177 return cpu_ldsw_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
cfe04a4b
RH		 2178}
2179
b9e60257
RH		 2180uint32_t cpu_ldl_be_data_ra(CPUArchState *env, target_ulong ptr,
2181 uintptr_t retaddr)
cfe04a4b 2182{
b9e60257 2183 return cpu_ldl_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
cfe04a4b
RH		 2184}
2185
b9e60257
RH		 2186uint64_t cpu_ldq_be_data_ra(CPUArchState *env, target_ulong ptr,
2187 uintptr_t retaddr)
cfe04a4b 2188{
b9e60257 2189 return cpu_ldq_be_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
cfe04a4b
RH		 2190}
2191
b9e60257
RH		 2192uint32_t cpu_lduw_le_data_ra(CPUArchState *env, target_ulong ptr,
2193 uintptr_t retaddr)
cfe04a4b 2194{
b9e60257
RH		 2195 return cpu_lduw_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
2196}
2197
2198int cpu_ldsw_le_data_ra(CPUArchState *env, target_ulong ptr, uintptr_t retaddr)
2199{
2200 return cpu_ldsw_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
2201}
2202
2203uint32_t cpu_ldl_le_data_ra(CPUArchState *env, target_ulong ptr,
2204 uintptr_t retaddr)
2205{
2206 return cpu_ldl_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
2207}
2208
2209uint64_t cpu_ldq_le_data_ra(CPUArchState *env, target_ulong ptr,
2210 uintptr_t retaddr)
2211{
2212 return cpu_ldq_le_mmuidx_ra(env, ptr, cpu_mmu_index(env, false), retaddr);
cfe04a4b
RH		 2213}
2214
2215uint32_t cpu_ldub_data(CPUArchState *env, target_ulong ptr)
2216{
2217 return cpu_ldub_data_ra(env, ptr, 0);
2218}
2219
2220int cpu_ldsb_data(CPUArchState *env, target_ulong ptr)
2221{
2222 return cpu_ldsb_data_ra(env, ptr, 0);
2223}
2224
b9e60257
RH		 2225uint32_t cpu_lduw_be_data(CPUArchState *env, target_ulong ptr)
2226{
2227 return cpu_lduw_be_data_ra(env, ptr, 0);
2228}
2229
2230int cpu_ldsw_be_data(CPUArchState *env, target_ulong ptr)
2231{
2232 return cpu_ldsw_be_data_ra(env, ptr, 0);
2233}
2234
2235uint32_t cpu_ldl_be_data(CPUArchState *env, target_ulong ptr)
2236{
2237 return cpu_ldl_be_data_ra(env, ptr, 0);
2238}
2239
2240uint64_t cpu_ldq_be_data(CPUArchState *env, target_ulong ptr)
cfe04a4b 2241{
b9e60257 2242 return cpu_ldq_be_data_ra(env, ptr, 0);
cfe04a4b
RH		 2243}
2244
b9e60257 2245uint32_t cpu_lduw_le_data(CPUArchState *env, target_ulong ptr)
cfe04a4b 2246{
b9e60257 2247 return cpu_lduw_le_data_ra(env, ptr, 0);
cfe04a4b
RH		 2248}
2249
b9e60257 2250int cpu_ldsw_le_data(CPUArchState *env, target_ulong ptr)
cfe04a4b 2251{
b9e60257 2252 return cpu_ldsw_le_data_ra(env, ptr, 0);
cfe04a4b
RH		 2253}
2254
b9e60257 2255uint32_t cpu_ldl_le_data(CPUArchState *env, target_ulong ptr)
cfe04a4b 2256{
b9e60257
RH		 2257 return cpu_ldl_le_data_ra(env, ptr, 0);
2258}
2259
2260uint64_t cpu_ldq_le_data(CPUArchState *env, target_ulong ptr)
2261{
2262 return cpu_ldq_le_data_ra(env, ptr, 0);
cfe04a4b
RH		 2263}
2264
eed56642
AB		 2265/*
2266 * Store Helpers
2267 */
2268
80d9d1c6
RH		 2269static inline void QEMU_ALWAYS_INLINE
2270store_memop(void *haddr, uint64_t val, MemOp op)
2271{
2272 switch (op) {
2273 case MO_UB:
2274 stb_p(haddr, val);
2275 break;
2276 case MO_BEUW:
2277 stw_be_p(haddr, val);
2278 break;
2279 case MO_LEUW:
2280 stw_le_p(haddr, val);
2281 break;
2282 case MO_BEUL:
2283 stl_be_p(haddr, val);
2284 break;
2285 case MO_LEUL:
2286 stl_le_p(haddr, val);
2287 break;
2288 case MO_BEQ:
2289 stq_be_p(haddr, val);
2290 break;
2291 case MO_LEQ:
2292 stq_le_p(haddr, val);
2293 break;
2294 default:
2295 qemu_build_not_reached();
2296 }
2297}
2298
6b8b622e
RH		 2299static void __attribute__((noinline))
2300store_helper_unaligned(CPUArchState *env, target_ulong addr, uint64_t val,
2301 uintptr_t retaddr, size_t size, uintptr_t mmu_idx,
2302 bool big_endian)
2303{
2304 const size_t tlb_off = offsetof(CPUTLBEntry, addr_write);
2305 uintptr_t index, index2;
2306 CPUTLBEntry *entry, *entry2;
2307 target_ulong page2, tlb_addr, tlb_addr2;
2308 TCGMemOpIdx oi;
2309 size_t size2;
2310 int i;
2311
2312 /*
2313 * Ensure the second page is in the TLB. Note that the first page
2314 * is already guaranteed to be filled, and that the second page
2315 * cannot evict the first.
2316 */
2317 page2 = (addr + size) & TARGET_PAGE_MASK;
2318 size2 = (addr + size) & ~TARGET_PAGE_MASK;
2319 index2 = tlb_index(env, mmu_idx, page2);
2320 entry2 = tlb_entry(env, mmu_idx, page2);
2321
2322 tlb_addr2 = tlb_addr_write(entry2);
2323 if (!tlb_hit_page(tlb_addr2, page2)) {
2324 if (!victim_tlb_hit(env, mmu_idx, index2, tlb_off, page2)) {
2325 tlb_fill(env_cpu(env), page2, size2, MMU_DATA_STORE,
2326 mmu_idx, retaddr);
2327 index2 = tlb_index(env, mmu_idx, page2);
2328 entry2 = tlb_entry(env, mmu_idx, page2);
2329 }
2330 tlb_addr2 = tlb_addr_write(entry2);
2331 }
2332
2333 index = tlb_index(env, mmu_idx, addr);
2334 entry = tlb_entry(env, mmu_idx, addr);
2335 tlb_addr = tlb_addr_write(entry);
2336
2337 /*
2338 * Handle watchpoints. Since this may trap, all checks
2339 * must happen before any store.
2340 */
2341 if (unlikely(tlb_addr & TLB_WATCHPOINT)) {
2342 cpu_check_watchpoint(env_cpu(env), addr, size - size2,
2343 env_tlb(env)->d[mmu_idx].iotlb[index].attrs,
2344 BP_MEM_WRITE, retaddr);
2345 }
2346 if (unlikely(tlb_addr2 & TLB_WATCHPOINT)) {
2347 cpu_check_watchpoint(env_cpu(env), page2, size2,
2348 env_tlb(env)->d[mmu_idx].iotlb[index2].attrs,
2349 BP_MEM_WRITE, retaddr);
2350 }
2351
2352 /*
2353 * XXX: not efficient, but simple.
2354 * This loop must go in the forward direction to avoid issues
2355 * with self-modifying code in Windows 64-bit.
2356 */
2357 oi = make_memop_idx(MO_UB, mmu_idx);
2358 if (big_endian) {
2359 for (i = 0; i < size; ++i) {
2360 /* Big-endian extract. */
2361 uint8_t val8 = val >> (((size - 1) * 8) - (i * 8));
2362 helper_ret_stb_mmu(env, addr + i, val8, oi, retaddr);
2363 }
2364 } else {
2365 for (i = 0; i < size; ++i) {
2366 /* Little-endian extract. */
2367 uint8_t val8 = val >> (i * 8);
2368 helper_ret_stb_mmu(env, addr + i, val8, oi, retaddr);
2369 }
2370 }
2371}
2372
c6b716cd 2373static inline void QEMU_ALWAYS_INLINE
4601f8d1 2374store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
be5c4787 2375 TCGMemOpIdx oi, uintptr_t retaddr, MemOp op)
eed56642
AB		 2376{
2377 uintptr_t mmu_idx = get_mmuidx(oi);
2378 uintptr_t index = tlb_index(env, mmu_idx, addr);
2379 CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
2380 target_ulong tlb_addr = tlb_addr_write(entry);
2381 const size_t tlb_off = offsetof(CPUTLBEntry, addr_write);
2382 unsigned a_bits = get_alignment_bits(get_memop(oi));
2383 void *haddr;
be5c4787 2384 size_t size = memop_size(op);
eed56642
AB		 2385
2386 /* Handle CPU specific unaligned behaviour */
2387 if (addr & ((1 << a_bits) - 1)) {
29a0af61 2388 cpu_unaligned_access(env_cpu(env), addr, MMU_DATA_STORE,
eed56642
AB		 2389 mmu_idx, retaddr);
2390 }
2391
2392 /* If the TLB entry is for a different page, reload and try again. */
2393 if (!tlb_hit(tlb_addr, addr)) {
2394 if (!victim_tlb_hit(env, mmu_idx, index, tlb_off,
2395 addr & TARGET_PAGE_MASK)) {
29a0af61 2396 tlb_fill(env_cpu(env), addr, size, MMU_DATA_STORE,
eed56642
AB		 2397 mmu_idx, retaddr);
2398 index = tlb_index(env, mmu_idx, addr);
2399 entry = tlb_entry(env, mmu_idx, addr);
2400 }
2401 tlb_addr = tlb_addr_write(entry) & ~TLB_INVALID_MASK;
2402 }
2403
50b107c5 2404 /* Handle anything that isn't just a straight memory access. */
eed56642 2405 if (unlikely(tlb_addr & ~TARGET_PAGE_MASK)) {
50b107c5 2406 CPUIOTLBEntry *iotlbentry;
5b87b3e6 2407 bool need_swap;
50b107c5
RH		 2408
2409 /* For anything that is unaligned, recurse through byte stores. */
eed56642
AB		 2410 if ((addr & (size - 1)) != 0) {
2411 goto do_unaligned_access;
2412 }
50b107c5
RH		 2413
2414 iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
2415
2416 /* Handle watchpoints. */
2417 if (unlikely(tlb_addr & TLB_WATCHPOINT)) {
2418 /* On watchpoint hit, this will longjmp out. */
2419 cpu_check_watchpoint(env_cpu(env), addr, size,
2420 iotlbentry->attrs, BP_MEM_WRITE, retaddr);
50b107c5
RH		 2421 }
2422
5b87b3e6
RH		 2423 need_swap = size > 1 && (tlb_addr & TLB_BSWAP);
2424
50b107c5 2425 /* Handle I/O access. */
08565552 2426 if (tlb_addr & TLB_MMIO) {
5b87b3e6
RH		 2427 io_writex(env, iotlbentry, mmu_idx, val, addr, retaddr,
2428 op ^ (need_swap * MO_BSWAP));
2429 return;
2430 }
2431
7b0d792c
RH		 2432 /* Ignore writes to ROM. */
2433 if (unlikely(tlb_addr & TLB_DISCARD_WRITE)) {
2434 return;
2435 }
2436
08565552
RH		 2437 /* Handle clean RAM pages. */
2438 if (tlb_addr & TLB_NOTDIRTY) {
707526ad 2439 notdirty_write(env_cpu(env), addr, size, iotlbentry, retaddr);
08565552
RH		 2440 }
2441
707526ad
RH		 2442 haddr = (void *)((uintptr_t)addr + entry->addend);
2443
5b87b3e6
RH		 2444 /*
2445 * Keep these two store_memop separate to ensure that the compiler
2446 * is able to fold the entire function to a single instruction.
2447 * There is a build-time assert inside to remind you of this. ;-)
2448 */
2449 if (unlikely(need_swap)) {
2450 store_memop(haddr, val, op ^ MO_BSWAP);
2451 } else {
2452 store_memop(haddr, val, op);
2453 }
eed56642
AB		 2454 return;
2455 }
2456
2457 /* Handle slow unaligned access (it spans two pages or IO). */
2458 if (size > 1
2459 && unlikely((addr & ~TARGET_PAGE_MASK) + size - 1
2460 >= TARGET_PAGE_SIZE)) {
eed56642 2461 do_unaligned_access:
6b8b622e
RH		 2462 store_helper_unaligned(env, addr, val, retaddr, size,
2463 mmu_idx, memop_big_endian(op));
eed56642
AB		 2464 return;
2465 }
2466
2467 haddr = (void *)((uintptr_t)addr + entry->addend);
80d9d1c6 2468 store_memop(haddr, val, op);
eed56642
AB		 2469}
2470
6b8b622e
RH		 2471void __attribute__((noinline))
2472helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
2473 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2474{
be5c4787 2475 store_helper(env, addr, val, oi, retaddr, MO_UB);
eed56642
AB		 2476}
2477
fc1bc777
RH		 2478void helper_le_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
2479 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2480{
be5c4787 2481 store_helper(env, addr, val, oi, retaddr, MO_LEUW);
eed56642
AB		 2482}
2483
fc1bc777
RH		 2484void helper_be_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
2485 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2486{
be5c4787 2487 store_helper(env, addr, val, oi, retaddr, MO_BEUW);
eed56642
AB		 2488}
2489
fc1bc777
RH		 2490void helper_le_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
2491 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2492{
be5c4787 2493 store_helper(env, addr, val, oi, retaddr, MO_LEUL);
eed56642
AB		 2494}
2495
fc1bc777
RH		 2496void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
2497 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2498{
be5c4787 2499 store_helper(env, addr, val, oi, retaddr, MO_BEUL);
eed56642
AB		 2500}
2501
fc1bc777
RH		 2502void helper_le_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
2503 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2504{
be5c4787 2505 store_helper(env, addr, val, oi, retaddr, MO_LEQ);
eed56642
AB		 2506}
2507
fc1bc777
RH		 2508void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
2509 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2510{
be5c4787 2511 store_helper(env, addr, val, oi, retaddr, MO_BEQ);
eed56642 2512}
0f590e74 2513
d03f1408
RH		 2514/*
2515 * Store Helpers for cpu_ldst.h
2516 */
2517
2518static inline void QEMU_ALWAYS_INLINE
2519cpu_store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
2520 int mmu_idx, uintptr_t retaddr, MemOp op)
2521{
2522 TCGMemOpIdx oi;
2523 uint16_t meminfo;
2524
2525 meminfo = trace_mem_get_info(op, mmu_idx, true);
2526 trace_guest_mem_before_exec(env_cpu(env), addr, meminfo);
2527
2528 oi = make_memop_idx(op, mmu_idx);
2529 store_helper(env, addr, val, oi, retaddr, op);
2530
2531 qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, meminfo);
2532}
2533
2534void cpu_stb_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
2535 int mmu_idx, uintptr_t retaddr)
2536{
2537 cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_UB);
2538}
2539
b9e60257
RH		 2540void cpu_stw_be_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
2541 int mmu_idx, uintptr_t retaddr)
d03f1408 2542{
b9e60257 2543 cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_BEUW);
d03f1408
RH		 2544}
2545
b9e60257
RH		 2546void cpu_stl_be_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
2547 int mmu_idx, uintptr_t retaddr)
d03f1408 2548{
b9e60257 2549 cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_BEUL);
d03f1408
RH		 2550}
2551
b9e60257
RH		 2552void cpu_stq_be_mmuidx_ra(CPUArchState *env, target_ulong addr, uint64_t val,
2553 int mmu_idx, uintptr_t retaddr)
2554{
2555 cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_BEQ);
2556}
2557
2558void cpu_stw_le_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
2559 int mmu_idx, uintptr_t retaddr)
d03f1408 2560{
b9e60257
RH		 2561 cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_LEUW);
2562}
2563
2564void cpu_stl_le_mmuidx_ra(CPUArchState *env, target_ulong addr, uint32_t val,
2565 int mmu_idx, uintptr_t retaddr)
2566{
2567 cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_LEUL);
2568}
2569
2570void cpu_stq_le_mmuidx_ra(CPUArchState *env, target_ulong addr, uint64_t val,
2571 int mmu_idx, uintptr_t retaddr)
2572{
2573 cpu_store_helper(env, addr, val, mmu_idx, retaddr, MO_LEQ);
d03f1408
RH		 2574}
2575
cfe04a4b
RH		 2576void cpu_stb_data_ra(CPUArchState *env, target_ulong ptr,
2577 uint32_t val, uintptr_t retaddr)
2578{
2579 cpu_stb_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
2580}
2581
b9e60257
RH		 2582void cpu_stw_be_data_ra(CPUArchState *env, target_ulong ptr,
2583 uint32_t val, uintptr_t retaddr)
cfe04a4b 2584{
b9e60257 2585 cpu_stw_be_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
cfe04a4b
RH		 2586}
2587
b9e60257
RH		 2588void cpu_stl_be_data_ra(CPUArchState *env, target_ulong ptr,
2589 uint32_t val, uintptr_t retaddr)
cfe04a4b 2590{
b9e60257 2591 cpu_stl_be_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
cfe04a4b
RH		 2592}
2593
b9e60257
RH		 2594void cpu_stq_be_data_ra(CPUArchState *env, target_ulong ptr,
2595 uint64_t val, uintptr_t retaddr)
cfe04a4b 2596{
b9e60257
RH		 2597 cpu_stq_be_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
2598}
2599
2600void cpu_stw_le_data_ra(CPUArchState *env, target_ulong ptr,
2601 uint32_t val, uintptr_t retaddr)
2602{
2603 cpu_stw_le_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
2604}
2605
2606void cpu_stl_le_data_ra(CPUArchState *env, target_ulong ptr,
2607 uint32_t val, uintptr_t retaddr)
2608{
2609 cpu_stl_le_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
2610}
2611
2612void cpu_stq_le_data_ra(CPUArchState *env, target_ulong ptr,
2613 uint64_t val, uintptr_t retaddr)
2614{
2615 cpu_stq_le_mmuidx_ra(env, ptr, val, cpu_mmu_index(env, false), retaddr);
cfe04a4b
RH		 2616}
2617
2618void cpu_stb_data(CPUArchState *env, target_ulong ptr, uint32_t val)
2619{
2620 cpu_stb_data_ra(env, ptr, val, 0);
2621}
2622
b9e60257
RH		 2623void cpu_stw_be_data(CPUArchState *env, target_ulong ptr, uint32_t val)
2624{
2625 cpu_stw_be_data_ra(env, ptr, val, 0);
2626}
2627
2628void cpu_stl_be_data(CPUArchState *env, target_ulong ptr, uint32_t val)
2629{
2630 cpu_stl_be_data_ra(env, ptr, val, 0);
2631}
2632
2633void cpu_stq_be_data(CPUArchState *env, target_ulong ptr, uint64_t val)
2634{
2635 cpu_stq_be_data_ra(env, ptr, val, 0);
2636}
2637
2638void cpu_stw_le_data(CPUArchState *env, target_ulong ptr, uint32_t val)
cfe04a4b 2639{
b9e60257 2640 cpu_stw_le_data_ra(env, ptr, val, 0);
cfe04a4b
RH		 2641}
2642
b9e60257 2643void cpu_stl_le_data(CPUArchState *env, target_ulong ptr, uint32_t val)
cfe04a4b 2644{
b9e60257 2645 cpu_stl_le_data_ra(env, ptr, val, 0);
cfe04a4b
RH		 2646}
2647
b9e60257 2648void cpu_stq_le_data(CPUArchState *env, target_ulong ptr, uint64_t val)
cfe04a4b 2649{
b9e60257 2650 cpu_stq_le_data_ra(env, ptr, val, 0);
cfe04a4b
RH		 2651}
2652
c482cb11
RH		 2653/* First set of helpers allows passing in of OI and RETADDR. This makes
2654 them callable from other helpers. */
2655
2656#define EXTRA_ARGS , TCGMemOpIdx oi, uintptr_t retaddr
2657#define ATOMIC_NAME(X) \
2658 HELPER(glue(glue(glue(atomic_ ## X, SUFFIX), END), _mmu))
707526ad
RH		 2659#define ATOMIC_MMU_DECLS
2660#define ATOMIC_MMU_LOOKUP atomic_mmu_lookup(env, addr, oi, retaddr)
2661#define ATOMIC_MMU_CLEANUP
504f73f7 2662#define ATOMIC_MMU_IDX get_mmuidx(oi)
c482cb11 2663
139c1837 2664#include "atomic_common.c.inc"
c482cb11
RH		 2665
2666#define DATA_SIZE 1
2667#include "atomic_template.h"
2668
2669#define DATA_SIZE 2
2670#include "atomic_template.h"
2671
2672#define DATA_SIZE 4
2673#include "atomic_template.h"
2674
df79b996 2675#ifdef CONFIG_ATOMIC64
c482cb11
RH		 2676#define DATA_SIZE 8
2677#include "atomic_template.h"
df79b996 2678#endif
c482cb11 2679
e6cd4bb5 2680#if HAVE_CMPXCHG128 || HAVE_ATOMIC128
7ebee43e
RH		 2681#define DATA_SIZE 16
2682#include "atomic_template.h"
2683#endif
2684
c482cb11
RH		 2685/* Second set of helpers are directly callable from TCG as helpers. */
2686
2687#undef EXTRA_ARGS
2688#undef ATOMIC_NAME
2689#undef ATOMIC_MMU_LOOKUP
2690#define EXTRA_ARGS , TCGMemOpIdx oi
2691#define ATOMIC_NAME(X) HELPER(glue(glue(atomic_ ## X, SUFFIX), END))
707526ad 2692#define ATOMIC_MMU_LOOKUP atomic_mmu_lookup(env, addr, oi, GETPC())
c482cb11
RH		 2693
2694#define DATA_SIZE 1
2695#include "atomic_template.h"
2696
2697#define DATA_SIZE 2
2698#include "atomic_template.h"
2699
2700#define DATA_SIZE 4
2701#include "atomic_template.h"
2702
df79b996 2703#ifdef CONFIG_ATOMIC64
c482cb11
RH		 2704#define DATA_SIZE 8
2705#include "atomic_template.h"
df79b996 2706#endif
504f73f7 2707#undef ATOMIC_MMU_IDX
c482cb11
RH		 2708
2709/* Code access functions. */
2710
fc4120a3 2711static uint64_t full_ldub_code(CPUArchState *env, target_ulong addr,
2dd92606
RH		 2712 TCGMemOpIdx oi, uintptr_t retaddr)
2713{
fc4120a3 2714 return load_helper(env, addr, oi, retaddr, MO_8, true, full_ldub_code);
2dd92606
RH		 2715}
2716
fc4120a3 2717uint32_t cpu_ldub_code(CPUArchState *env, abi_ptr addr)
eed56642 2718{
fc4120a3
RH		 2719 TCGMemOpIdx oi = make_memop_idx(MO_UB, cpu_mmu_index(env, true));
2720 return full_ldub_code(env, addr, oi, 0);
2dd92606
RH		 2721}
2722
fc4120a3
RH		 2723static uint64_t full_lduw_code(CPUArchState *env, target_ulong addr,
2724 TCGMemOpIdx oi, uintptr_t retaddr)
2dd92606 2725{
fc4120a3 2726 return load_helper(env, addr, oi, retaddr, MO_TEUW, true, full_lduw_code);
eed56642 2727}
0cac1b66 2728
fc4120a3 2729uint32_t cpu_lduw_code(CPUArchState *env, abi_ptr addr)
eed56642 2730{
fc4120a3
RH		 2731 TCGMemOpIdx oi = make_memop_idx(MO_TEUW, cpu_mmu_index(env, true));
2732 return full_lduw_code(env, addr, oi, 0);
2dd92606
RH		 2733}
2734
fc4120a3
RH		 2735static uint64_t full_ldl_code(CPUArchState *env, target_ulong addr,
2736 TCGMemOpIdx oi, uintptr_t retaddr)
2dd92606 2737{
fc4120a3 2738 return load_helper(env, addr, oi, retaddr, MO_TEUL, true, full_ldl_code);
eed56642 2739}
0cac1b66 2740
fc4120a3 2741uint32_t cpu_ldl_code(CPUArchState *env, abi_ptr addr)
eed56642 2742{
fc4120a3
RH		 2743 TCGMemOpIdx oi = make_memop_idx(MO_TEUL, cpu_mmu_index(env, true));
2744 return full_ldl_code(env, addr, oi, 0);
eed56642
AB		 2745}
2746
fc4120a3
RH		 2747static uint64_t full_ldq_code(CPUArchState *env, target_ulong addr,
2748 TCGMemOpIdx oi, uintptr_t retaddr)
eed56642 2749{
fc4120a3 2750 return load_helper(env, addr, oi, retaddr, MO_TEQ, true, full_ldq_code);
eed56642
AB		 2751}
2752
fc4120a3 2753uint64_t cpu_ldq_code(CPUArchState *env, abi_ptr addr)
eed56642 2754{
fc4120a3
RH		 2755 TCGMemOpIdx oi = make_memop_idx(MO_TEQ, cpu_mmu_index(env, true));
2756 return full_ldq_code(env, addr, oi, 0);
eed56642 2757}
QEMU mirror